diff --git a/.gitignore b/.gitignore
index f5dae2e..98eebcb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/qemu-6.2.0.tar.xz
+SOURCES/qemu-7.0.0.tar.xz
diff --git a/.qemu-kvm.metadata b/.qemu-kvm.metadata
index 6f39e05..75efcde 100644
--- a/.qemu-kvm.metadata
+++ b/.qemu-kvm.metadata
@@ -1 +1 @@
-68cd61a466170115b88817e2d52db2cd7a92f43a SOURCES/qemu-6.2.0.tar.xz
+c3fd2403106c33d0470bc9ba4fb4b946c0402248 SOURCES/qemu-7.0.0.tar.xz
diff --git a/SOURCES/0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch b/SOURCES/0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch
deleted file mode 100644
index 5dcba33..0000000
--- a/SOURCES/0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From cc2f3e2ce9e2a9ab9e52e8f44bee4876e69843da Mon Sep 17 00:00:00 2001
-From: John Snow <jsnow@redhat.com>
-Date: Wed, 17 Nov 2021 09:51:46 -0500
-Subject: ui/clipboard: Don't use g_autoptr just to free a variable
-
-Clang doesn't recognize that the variable is being "used" and will emit
-a warning:
-
- ../ui/clipboard.c:47:34: error: variable 'old' set but not used [-Werror,-Wunused-but-set-variable]
- g_autoptr(QemuClipboardInfo) old = NULL;
- ^
- 1 error generated.
-
-OK, fine. Just do things the old way.
-
-Signed-off-by: John Snow <jsnow@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
-
----
-
-This is temporary commit from upstream submission necessary for build to pass.
-We expect proper fix included upstream later.
----
- ui/clipboard.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ui/clipboard.c b/ui/clipboard.c
-index d7b008d62a..d53576b0f6 100644
---- a/ui/clipboard.c
-+++ b/ui/clipboard.c
-@@ -44,13 +44,14 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer,
-
- void qemu_clipboard_update(QemuClipboardInfo *info)
- {
-- g_autoptr(QemuClipboardInfo) old = NULL;
-+ QemuClipboardInfo *old = NULL;
- assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT);
-
- notifier_list_notify(&clipboard_notifiers, info);
-
- old = cbinfo[info->selection];
- cbinfo[info->selection] = qemu_clipboard_info_ref(info);
-+ g_free(old);
- }
-
- QemuClipboardInfo *qemu_clipboard_info(QemuClipboardSelection selection)
---
-2.27.0
-
diff --git a/SOURCES/0004-Initial-redhat-build.patch b/SOURCES/0004-Initial-redhat-build.patch
new file mode 100644
index 0000000..94cf91c
--- /dev/null
+++ b/SOURCES/0004-Initial-redhat-build.patch
@@ -0,0 +1,313 @@
+From fc113ecd7c99646a7ced0b99570b5927ae6d595f Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Wed, 26 May 2021 10:56:02 +0200
+Subject: Initial redhat build
+
+This patch introduces redhat build structure in redhat subdirectory. In addition,
+several issues are fixed in QEMU tree:
+
+- Change of app name for sasl_server_init in VNC code from qemu to qemu-kvm
+ - As we use qemu-kvm as name in all places, this is updated to be consistent
+- Man page renamed from qemu to qemu-kvm
+ - man page is installed using make install so we have to fix it in qemu tree
+
+We disable make check due to issues with some of the tests.
+
+This rebase is based on qemu-kvm-6.2.0-13.el9
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+--
+Rebase changes (6.1.0):
+- Move build to .distro
+- Move changes for support file to related commit
+- Added dependency for python3-sphinx-rtd_theme
+- Removed --disable-sheepdog configure option
+- Added new hw-display modules
+- SASL initialization moved to ui/vnc-auth-sasl.c
+- Add accel-qtest-<arch> and accel-tcg-x86_64 libraries
+- Added hw-usb-host module
+- Disable new configure options (bpf, nvmm, slirp-smbd)
+- Use -pie for ksmctl build (annocheck complain fix)
+
+Rebase changes (6.2.0):
+- removed --disable-jemalloc and --disable-tcmalloc configure options
+- added audio-oss.so
+- added fdt requirement for x86_64
+- tests/acceptance renamed to tests/avocado
+- added multiboot_dma.bin
+- Add -Wno-string-plus-int to extra flags
+- Updated configure options
+
+Rebase changes (7.0.0):
+- Do not use -mlittle CFLAG on ppc64le
+- Used upstream handling issue with ui/clipboard.c
+- Use -mlittle-endian on ppc64le instead of deleteing it in configure
+- Drop --disable-libxml2 option for configure (upstream)
+- Remove vof roms
+- Disable AVX2 support
+- Use internal meson
+- Disable new configure options (dbus-display and qga-vss)
+- Change permissions on installing tests/Makefile.include
+- Remove ssh block driver
+
+Merged patches (6.0.0):
+ - 605758c902 Limit build on Power to qemu-img and qemu-ga only
+
+Merged patches (6.1.0):
+- f04f91751f Use cached tarballs
+- 6581165c65 Remove message with running VM count
+- 03c3cac9fc spec-file: build qemu-kvm without SPICE and QXL
+- e0ae6c1f6c spec-file: Obsolete qemu-kvm-ui-spice
+- 9d2e9f9ecf spec: Do not build qemu-kvm-block-gluster
+- cf470b4234 spec: Do not link pcnet and ne2k_pci roms
+- e981284a6b redhat: Install the s390-netboot.img that we've built
+- 24ef557f33 spec: Remove usage of Group: tag
+- c40d69b4f4 spec: Drop %defattr usage
+- f8e98798ce spec: Clean up BuildRequires
+- 47246b43ee spec: Remove iasl BuildRequires
+- 170dc1cbe0 spec: Remove redundant 0 in conditionals
+- 8718f6fa11 spec: Add more have_XXX conditionals
+- a001269ce9 spec: Remove binutils versioned Requires
+- 34545ee641 spec: Remove diffutils BuildRequires
+- c2c82beac9 spec: Remove redundant Requires:
+- 9314c231f4 spec: Add XXX_version macros
+- c43db0bf0f spec: Add have_block_rbd
+- 3ecb0c0319 qga: drop StandardError=syslog
+- 018049dc80 Remove iscsi support
+- a2edf18777 redhat: Replace the kvm-setup.service with a /etc/modules-load.d config file
+- 387b5fbcfe redhat: Move qemu-kvm-docs dependency to qemu-kvm
+- 4ead693178 redhat: introducting qemu-kvm-hw-usbredir
+- 4dc6fc3035 redhat: use the standard vhost-user JSON path
+- 84757178b4 Fix local build
+- 8c394227dd spec: Restrict block drivers in tools
+- b6aa7c1fae Move tools to separate package
+- eafd82e509 Split qemu-pr-helper to separate package
+- 2c0182e2aa spec: RPM_BUILD_ROOT -> %{buildroot}
+- 91bd55ca13 spec: More use of %{name} instead of 'qemu-kvm'
+- 50ba299c61 spec: Use qemu-pr-helper.service from qemu.git (partial)
+- ee08d4e0a3 spec: Use %{_sourcedir} for referencing sources
+- 039e7f7d02 spec: Add tools_only
+- 884ba71617 spec: %build: Add run_configure helper
+- 8ebd864d65 spec: %build: Disable more bits with %{disable_everything} (partial)
+- f23fdb53f5 spec: %build: Add macros for some 'configure' parameters
+- fe951a8bd8 spec: %files: Move qemu-guest-agent and qemu-img earlier
+- 353b632e37 spec: %install: Remove redundant bits
+- 9d2015b752 spec: %install: Add %{modprobe_kvm_conf} macro
+- 6d05134e8c spec: %install: Remove qemu-guest-agent /etc/qemu-kvm usage
+- 985b226467 spec: %install: clean up qemu-ga section
+- dfaf9c600d spec: %install: Use a single %{tools_only} section
+- f6978ddb46 spec: Make tools_only not cross spec sections
+- 071c211098 spec: %install: Limit time spent in %{qemu_kvm_build}
+- 1b65c674be spec: misc syntactic merges with Fedora
+- 4da16294cf spec: Use Fedora's pattern for specifying rc version
+- d7ee259a79 spec: %files: don't use fine grained -docs file list
+- 64cad0c60f spec: %files: Add licenses to qemu-common too
+- c3de4f080a spec: %install: Drop python3 shebang fixup
+- 46fc216115 Update local build to work with spec file improvements
+- bab9531548 spec: Remove buildldflags
+- c8360ab6a9 spec: Use %make_build macro
+- f6966c66e9 spec: Drop make install sharedir and datadir usage
+- 86982421bc spec: use %make_install macro
+- 191c405d22 spec: parallelize `make check`
+- 251a1fb958 spec: Drop explicit --build-id
+- 44c7dda6c3 spec: use %{build_ldflags}
+- 0009a34354 Move virtiofsd to separate package
+- 34d1b200b3 Utilize --firmware configure option
+- 2800e1dd03 spec: Switch toolchain to Clang/LLVM (except process-patches.sh)
+- e8a70f500f spec: Use safe-stack for x86_64
+- e29445d50d spec: Reenable write support for VMDK etc. in tools
+- a4fe2a3e16 redhat: Disable LTO on non-x86 architectures
+
+Merged patches (6.2.0):
+- 333452440b remove sgabios dependency
+- 7d3633f184 enable pulseaudio
+- bd898709b0 spec: disable use of gcrypt for crypto backends in favour of gnutls
+- e4f0c6dee6 spec: Remove block-curl and block-ssh dependency
+- 4dc13bfe63 spec: Build the VDI block driver
+- d2f2ff3c74 spec: Explicitly include compress filter
+- a7d047f9c2 Move ksmtuned files to separate package
+
+Merged patches (7.0.0):
+- 098d4d08d0 spec: Rename qemu-kvm-hw-usbredir to qemu-kvm-device-usb-redirect
+- c2bd0d6834 spec: Split qemu-kvm-ui-opengl
+- 2c9cda805d spec: Introduce packages for virtio-gpu-* modules (changed as rhel device tree not set)
+- d0414a3e0b spec: Introduce device-display-virtio-vga* packages
+- 3534ec46d4 spec: Move usb-host module to separate package
+- ddc14d4737 spec: Move qtest accel module to tests package
+- 6f2c4befa6 spec: Extend qemu-kvm-core description
+- 6f11866e4e (rhel/rhel-9.0.0) Update to qemu-kvm-6.2.0-6.el9
+- da0a28758f ui/clipboard: fix use-after-free regression
+- 895d4d52eb spec: Remove qemu-virtiofsd
+- c8c8c8bd84 spec: Fix obsolete for spice subpackages
+- d46d2710b2 spec: Obsolete old usb redir subpackage
+- 6f52a50b68 spec: Obsolete ssh driver
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ .distro/85-kvm.preset | 5 -
+ .distro/Makefile | 100 +
+ .distro/Makefile.common | 40 +
+ .distro/README.tests | 39 +
+ .distro/ksm.service | 13 -
+ .distro/ksm.sysconfig | 4 -
+ .distro/ksmctl.c | 77 -
+ .distro/ksmtuned | 139 -
+ .distro/ksmtuned.conf | 21 -
+ .distro/ksmtuned.service | 12 -
+ .distro/kvm-setup | 49 -
+ .distro/kvm-setup.service | 14 -
+ .distro/modules-load.conf | 4 +
+ .distro/qemu-guest-agent.service | 1 -
+ .distro/qemu-kvm.spec.template | 4034 +++++++++++++++++++++++
+ .distro/rpminspect.yaml | 6 +-
+ .distro/scripts/extract_build_cmd.py | 12 +
+ .gitignore | 1 +
+ README.systemtap | 43 +
+ meson.build | 4 +-
+ scripts/qemu-guest-agent/fsfreeze-hook | 2 +-
+ scripts/systemtap/conf.d/qemu_kvm.conf | 4 +
+ scripts/systemtap/script.d/qemu_kvm.stp | 1 +
+ tests/check-block.sh | 2 +
+ ui/vnc-auth-sasl.c | 2 +-
+ 25 files changed, 4290 insertions(+), 339 deletions(-)
+ delete mode 100644 .distro/85-kvm.preset
+ create mode 100644 .distro/Makefile
+ create mode 100644 .distro/Makefile.common
+ create mode 100644 .distro/README.tests
+ delete mode 100644 .distro/ksm.service
+ delete mode 100644 .distro/ksm.sysconfig
+ delete mode 100644 .distro/ksmctl.c
+ delete mode 100644 .distro/ksmtuned
+ delete mode 100644 .distro/ksmtuned.conf
+ delete mode 100644 .distro/ksmtuned.service
+ delete mode 100644 .distro/kvm-setup
+ delete mode 100644 .distro/kvm-setup.service
+ create mode 100644 .distro/modules-load.conf
+ create mode 100644 .distro/qemu-kvm.spec.template
+ create mode 100644 README.systemtap
+ create mode 100644 scripts/systemtap/conf.d/qemu_kvm.conf
+ create mode 100644 scripts/systemtap/script.d/qemu_kvm.stp
+
+diff --git a/README.systemtap b/README.systemtap
+new file mode 100644
+index 0000000000..ad913fc990
+--- /dev/null
++++ b/README.systemtap
+@@ -0,0 +1,43 @@
++QEMU tracing using systemtap-initscript
++---------------------------------------
++
++You can capture QEMU trace data all the time using systemtap-initscript. This
++uses SystemTap's flight recorder mode to trace all running guests to a
++fixed-size buffer on the host. Old trace entries are overwritten by new
++entries when the buffer size wraps.
++
++1. Install the systemtap-initscript package:
++ # yum install systemtap-initscript
++
++2. Install the systemtap scripts and the conf file:
++ # cp /usr/share/qemu-kvm/systemtap/script.d/qemu_kvm.stp /etc/systemtap/script.d/
++ # cp /usr/share/qemu-kvm/systemtap/conf.d/qemu_kvm.conf /etc/systemtap/conf.d/
++
++The set of trace events to enable is given in qemu_kvm.stp. This SystemTap
++script can be customized to add or remove trace events provided in
++/usr/share/systemtap/tapset/qemu-kvm-simpletrace.stp.
++
++SystemTap customizations can be made to qemu_kvm.conf to control the flight
++recorder buffer size and whether to store traces in memory only or disk too.
++See stap(1) for option documentation.
++
++3. Start the systemtap service.
++ # service systemtap start qemu_kvm
++
++4. Make the service start at boot time.
++ # chkconfig systemtap on
++
++5. Confirm that the service works.
++ # service systemtap status qemu_kvm
++ qemu_kvm is running...
++
++When you want to inspect the trace buffer, perform the following steps:
++
++1. Dump the trace buffer.
++ # staprun -A qemu_kvm >/tmp/trace.log
++
++2. Start the systemtap service because the preceding step stops the service.
++ # service systemtap start qemu_kvm
++
++3. Translate the trace record to readable format.
++ # /usr/share/qemu-kvm/simpletrace.py --no-header /usr/share/qemu-kvm/trace-events /tmp/trace.log
+diff --git a/meson.build b/meson.build
+index 861de93c4f..6f7e430f0f 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2394,7 +2394,9 @@ if capstone_opt == 'internal'
+ # Include all configuration defines via a header file, which will wind up
+ # as a dependency on the object file, and thus changes here will result
+ # in a rebuild.
+- '-include', 'capstone-defs.h'
++ '-include', 'capstone-defs.h',
++
++ '-Wp,-D_GLIBCXX_ASSERTIONS',
+ ]
+
+ libcapstone = static_library('capstone',
+diff --git a/scripts/qemu-guest-agent/fsfreeze-hook b/scripts/qemu-guest-agent/fsfreeze-hook
+index 13aafd4845..e9b84ec028 100755
+--- a/scripts/qemu-guest-agent/fsfreeze-hook
++++ b/scripts/qemu-guest-agent/fsfreeze-hook
+@@ -8,7 +8,7 @@
+ # request, it is issued with "thaw" argument after filesystem is thawed.
+
+ LOGFILE=/var/log/qga-fsfreeze-hook.log
+-FSFREEZE_D=$(dirname -- "$0")/fsfreeze-hook.d
++FSFREEZE_D=$(dirname -- "$(realpath $0)")/fsfreeze-hook.d
+
+ # Check whether file $1 is a backup or rpm-generated file and should be ignored
+ is_ignored_file() {
+diff --git a/scripts/systemtap/conf.d/qemu_kvm.conf b/scripts/systemtap/conf.d/qemu_kvm.conf
+new file mode 100644
+index 0000000000..372d8160a4
+--- /dev/null
++++ b/scripts/systemtap/conf.d/qemu_kvm.conf
+@@ -0,0 +1,4 @@
++# Force load uprobes (see BZ#1118352)
++stap -e 'probe process("/usr/libexec/qemu-kvm").function("main") { printf("") }' -c true
++
++qemu_kvm_OPT="-s4" # per-CPU buffer size, in megabytes
+diff --git a/scripts/systemtap/script.d/qemu_kvm.stp b/scripts/systemtap/script.d/qemu_kvm.stp
+new file mode 100644
+index 0000000000..c04abf9449
+--- /dev/null
++++ b/scripts/systemtap/script.d/qemu_kvm.stp
+@@ -0,0 +1 @@
++probe qemu.kvm.simpletrace.handle_qmp_command,qemu.kvm.simpletrace.monitor_protocol_*,qemu.kvm.simpletrace.migrate_set_state {}
+diff --git a/tests/check-block.sh b/tests/check-block.sh
+index f59496396c..d900d8b35e 100755
+--- a/tests/check-block.sh
++++ b/tests/check-block.sh
+@@ -48,6 +48,8 @@ if LANG=C bash --version | grep -q 'GNU bash, version [123]' ; then
+ skip "bash version too old ==> Not running the qemu-iotests."
+ fi
+
++exit 0
++
+ cd tests/qemu-iotests
+
+ # QEMU_CHECK_BLOCK_AUTO is used to disable some unstable sub-tests
+diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
+index 47fdae5b21..2a950caa2a 100644
+--- a/ui/vnc-auth-sasl.c
++++ b/ui/vnc-auth-sasl.c
+@@ -42,7 +42,7 @@
+
+ bool vnc_sasl_server_init(Error **errp)
+ {
+- int saslErr = sasl_server_init(NULL, "qemu");
++ int saslErr = sasl_server_init(NULL, "qemu-kvm");
+
+ if (saslErr != SASL_OK) {
+ error_setg(errp, "Failed to initialize SASL auth: %s",
+--
+2.31.1
+
diff --git a/SOURCES/0005-Enable-disable-devices-for-RHEL.patch b/SOURCES/0005-Enable-disable-devices-for-RHEL.patch
new file mode 100644
index 0000000..1ffbe97
--- /dev/null
+++ b/SOURCES/0005-Enable-disable-devices-for-RHEL.patch
@@ -0,0 +1,642 @@
+From 51ec7495d69fe4b4d0b61642ca6c0e7fd7a1032d Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Thu, 15 Jul 2021 03:22:36 -0400
+Subject: Enable/disable devices for RHEL
+
+This commit adds all changes related to changes in supported devices.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+--
+Rebase notes (6.1.0):
+- Added CONFIG_TPM (except s390x)
+- default-configs moved to configs
+- Use --with-device-<ARCH> configure option to use rhel configs
+
+Rebase notes (6.2.0):
+- Add CONFIG_ISA_FDC
+- Do not remove -no-hpet documentation
+
+Rebase notes (7.0.0):
+- Added CONFIG_ARM_GIC_TCG option for aarch64
+- Fixes necessary for layout change fixes
+- Renamed CONFIG_ARM_GIC_TCG to CONFIG_ARM_GICV3_TCG
+- Removed upstream devices
+
+Merged patches (6.1.0):
+- c51bf45304 Remove SPICE and QXL from x86_64-rh-devices.mak
+- 02fc745601 aarch64-rh-devices: add CONFIG_PVPANIC_PCI
+- f2fe835153 aarch64-rh-devices: add CONFIG_PXB
+- b5431733ad disable CONFIG_USB_STORAGE_BOT
+- 478ba0cdf6 Disable TPM passthrough
+- 2504d68a7c aarch64: Add USB storage devices
+- 51c2a3253c disable ac97 audio
+
+Merged patches (6.2.0):
+- 9f2f9fa2ba disable sga device
+
+Merged patches (7.0.0):
+- fd7c45a5a8 redhat: Enable virtio-mem as tech-preview on x86-64
+- c9e68ea451 Enable SGX -- RH Only
+---
+ .distro/qemu-kvm.spec.template | 18 +--
+ .../aarch64-softmmu/aarch64-rh-devices.mak | 34 ++++++
+ .../ppc64-softmmu/ppc64-rh-devices.mak | 35 ++++++
+ configs/devices/rh-virtio.mak | 10 ++
+ .../s390x-softmmu/s390x-rh-devices.mak | 15 +++
+ .../x86_64-softmmu/x86_64-rh-devices.mak | 103 ++++++++++++++++++
+ hw/acpi/ich9.c | 4 +-
+ hw/arm/meson.build | 2 +-
+ hw/block/fdc.c | 10 ++
+ hw/cpu/meson.build | 5 +-
+ hw/display/cirrus_vga.c | 5 +-
+ hw/ide/piix.c | 5 +-
+ hw/input/pckbd.c | 2 +
+ hw/net/e1000.c | 2 +
+ hw/ppc/spapr_cpu_core.c | 2 +
+ hw/usb/meson.build | 2 +-
+ target/arm/cpu_tcg.c | 10 ++
+ target/ppc/cpu-models.c | 9 ++
+ target/s390x/cpu_models_sysemu.c | 3 +
+ target/s390x/kvm/kvm.c | 8 ++
+ 20 files changed, 269 insertions(+), 15 deletions(-)
+ create mode 100644 configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+ create mode 100644 configs/devices/ppc64-softmmu/ppc64-rh-devices.mak
+ create mode 100644 configs/devices/rh-virtio.mak
+ create mode 100644 configs/devices/s390x-softmmu/s390x-rh-devices.mak
+ create mode 100644 configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
+
+diff --git a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+new file mode 100644
+index 0000000000..5f6ee1de5b
+--- /dev/null
++++ b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+@@ -0,0 +1,34 @@
++include ../rh-virtio.mak
++
++CONFIG_ARM_GIC_KVM=y
++CONFIG_ARM_GICV3_TCG=y
++CONFIG_ARM_GIC=y
++CONFIG_ARM_SMMUV3=y
++CONFIG_ARM_V7M=y
++CONFIG_ARM_VIRT=y
++CONFIG_EDID=y
++CONFIG_PCIE_PORT=y
++CONFIG_PCI_DEVICES=y
++CONFIG_PCI_TESTDEV=y
++CONFIG_PFLASH_CFI01=y
++CONFIG_SCSI=y
++CONFIG_SEMIHOSTING=y
++CONFIG_USB=y
++CONFIG_USB_XHCI=y
++CONFIG_USB_XHCI_PCI=y
++CONFIG_USB_STORAGE_CORE=y
++CONFIG_USB_STORAGE_CLASSIC=y
++CONFIG_VFIO=y
++CONFIG_VFIO_PCI=y
++CONFIG_VIRTIO_MMIO=y
++CONFIG_VIRTIO_PCI=y
++CONFIG_XIO3130=y
++CONFIG_NVDIMM=y
++CONFIG_ACPI_APEI=y
++CONFIG_TPM=y
++CONFIG_TPM_EMULATOR=y
++CONFIG_TPM_TIS_SYSBUS=y
++CONFIG_PTIMER=y
++CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
++CONFIG_PVPANIC_PCI=y
++CONFIG_PXB=y
+diff --git a/configs/devices/ppc64-softmmu/ppc64-rh-devices.mak b/configs/devices/ppc64-softmmu/ppc64-rh-devices.mak
+new file mode 100644
+index 0000000000..6a3e3f0227
+--- /dev/null
++++ b/configs/devices/ppc64-softmmu/ppc64-rh-devices.mak
+@@ -0,0 +1,35 @@
++include ../rh-virtio.mak
++
++CONFIG_DIMM=y
++CONFIG_MEM_DEVICE=y
++CONFIG_NVDIMM=y
++CONFIG_PCI=y
++CONFIG_PCI_DEVICES=y
++CONFIG_PCI_TESTDEV=y
++CONFIG_PCI_EXPRESS=y
++CONFIG_PSERIES=y
++CONFIG_SCSI=y
++CONFIG_SPAPR_VSCSI=y
++CONFIG_TEST_DEVICES=y
++CONFIG_USB=y
++CONFIG_USB_OHCI=y
++CONFIG_USB_OHCI_PCI=y
++CONFIG_USB_SMARTCARD=y
++CONFIG_USB_STORAGE_CORE=y
++CONFIG_USB_STORAGE_CLASSIC=y
++CONFIG_USB_XHCI=y
++CONFIG_USB_XHCI_NEC=y
++CONFIG_USB_XHCI_PCI=y
++CONFIG_VFIO=y
++CONFIG_VFIO_PCI=y
++CONFIG_VGA=y
++CONFIG_VGA_PCI=y
++CONFIG_VHOST_USER=y
++CONFIG_VIRTIO_PCI=y
++CONFIG_VIRTIO_VGA=y
++CONFIG_WDT_IB6300ESB=y
++CONFIG_XICS=y
++CONFIG_XIVE=y
++CONFIG_TPM=y
++CONFIG_TPM_SPAPR=y
++CONFIG_TPM_EMULATOR=y
+diff --git a/configs/devices/rh-virtio.mak b/configs/devices/rh-virtio.mak
+new file mode 100644
+index 0000000000..94ede1b5f6
+--- /dev/null
++++ b/configs/devices/rh-virtio.mak
+@@ -0,0 +1,10 @@
++CONFIG_VIRTIO=y
++CONFIG_VIRTIO_BALLOON=y
++CONFIG_VIRTIO_BLK=y
++CONFIG_VIRTIO_GPU=y
++CONFIG_VIRTIO_INPUT=y
++CONFIG_VIRTIO_INPUT_HOST=y
++CONFIG_VIRTIO_NET=y
++CONFIG_VIRTIO_RNG=y
++CONFIG_VIRTIO_SCSI=y
++CONFIG_VIRTIO_SERIAL=y
+diff --git a/configs/devices/s390x-softmmu/s390x-rh-devices.mak b/configs/devices/s390x-softmmu/s390x-rh-devices.mak
+new file mode 100644
+index 0000000000..d3b38312e1
+--- /dev/null
++++ b/configs/devices/s390x-softmmu/s390x-rh-devices.mak
+@@ -0,0 +1,15 @@
++include ../rh-virtio.mak
++
++CONFIG_PCI=y
++CONFIG_S390_CCW_VIRTIO=y
++CONFIG_S390_FLIC=y
++CONFIG_S390_FLIC_KVM=y
++CONFIG_SCLPCONSOLE=y
++CONFIG_SCSI=y
++CONFIG_VFIO=y
++CONFIG_VFIO_AP=y
++CONFIG_VFIO_CCW=y
++CONFIG_VFIO_PCI=y
++CONFIG_VHOST_USER=y
++CONFIG_VIRTIO_CCW=y
++CONFIG_WDT_DIAG288=y
+diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
+new file mode 100644
+index 0000000000..d0c9e66641
+--- /dev/null
++++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
+@@ -0,0 +1,103 @@
++include ../rh-virtio.mak
++
++CONFIG_ACPI=y
++CONFIG_ACPI_PCI=y
++CONFIG_ACPI_CPU_HOTPLUG=y
++CONFIG_ACPI_MEMORY_HOTPLUG=y
++CONFIG_ACPI_NVDIMM=y
++CONFIG_ACPI_SMBUS=y
++CONFIG_ACPI_VMGENID=y
++CONFIG_ACPI_X86=y
++CONFIG_ACPI_X86_ICH=y
++CONFIG_AHCI=y
++CONFIG_APIC=y
++CONFIG_APM=y
++CONFIG_BOCHS_DISPLAY=y
++CONFIG_DIMM=y
++CONFIG_E1000E_PCI_EXPRESS=y
++CONFIG_E1000_PCI=y
++CONFIG_EDU=y
++CONFIG_FDC=y
++CONFIG_FDC_SYSBUS=y
++CONFIG_FDC_ISA=y
++CONFIG_FW_CFG_DMA=y
++CONFIG_HDA=y
++CONFIG_HYPERV=y
++CONFIG_HYPERV_TESTDEV=y
++CONFIG_I2C=y
++CONFIG_I440FX=y
++CONFIG_I8254=y
++CONFIG_I8257=y
++CONFIG_I8259=y
++CONFIG_I82801B11=y
++CONFIG_IDE_CORE=y
++CONFIG_IDE_PCI=y
++CONFIG_IDE_PIIX=y
++CONFIG_IDE_QDEV=y
++CONFIG_IOAPIC=y
++CONFIG_IOH3420=y
++CONFIG_ISA_BUS=y
++CONFIG_ISA_DEBUG=y
++CONFIG_ISA_TESTDEV=y
++CONFIG_LPC_ICH9=y
++CONFIG_MC146818RTC=y
++CONFIG_MEM_DEVICE=y
++CONFIG_NVDIMM=y
++CONFIG_OPENGL=y
++CONFIG_PAM=y
++CONFIG_PC=y
++CONFIG_PCI=y
++CONFIG_PCIE_PORT=y
++CONFIG_PCI_DEVICES=y
++CONFIG_PCI_EXPRESS=y
++CONFIG_PCI_EXPRESS_Q35=y
++CONFIG_PCI_I440FX=y
++CONFIG_PCI_TESTDEV=y
++CONFIG_PCKBD=y
++CONFIG_PCSPK=y
++CONFIG_PC_ACPI=y
++CONFIG_PC_PCI=y
++CONFIG_PFLASH_CFI01=y
++CONFIG_PVPANIC_ISA=y
++CONFIG_PXB=y
++CONFIG_Q35=y
++CONFIG_RTL8139_PCI=y
++CONFIG_SCSI=y
++CONFIG_SERIAL=y
++CONFIG_SERIAL_ISA=y
++CONFIG_SERIAL_PCI=y
++CONFIG_SEV=y
++CONFIG_SMBIOS=y
++CONFIG_SMBUS_EEPROM=y
++CONFIG_TEST_DEVICES=y
++CONFIG_USB=y
++CONFIG_USB_EHCI=y
++CONFIG_USB_EHCI_PCI=y
++CONFIG_USB_SMARTCARD=y
++CONFIG_USB_STORAGE_CORE=y
++CONFIG_USB_STORAGE_CLASSIC=y
++CONFIG_USB_UHCI=y
++CONFIG_USB_XHCI=y
++CONFIG_USB_XHCI_NEC=y
++CONFIG_USB_XHCI_PCI=y
++CONFIG_VFIO=y
++CONFIG_VFIO_PCI=y
++CONFIG_VGA=y
++CONFIG_VGA_CIRRUS=y
++CONFIG_VGA_PCI=y
++CONFIG_VHOST_USER=y
++CONFIG_VHOST_USER_BLK=y
++CONFIG_VIRTIO_MEM=y
++CONFIG_VIRTIO_PCI=y
++CONFIG_VIRTIO_VGA=y
++CONFIG_VMMOUSE=y
++CONFIG_VMPORT=y
++CONFIG_VTD=y
++CONFIG_WDT_IB6300ESB=y
++CONFIG_WDT_IB700=y
++CONFIG_XIO3130=y
++CONFIG_TPM=y
++CONFIG_TPM_CRB=y
++CONFIG_TPM_TIS_ISA=y
++CONFIG_TPM_EMULATOR=y
++CONFIG_SGX=y
+diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
+index bd9bbade70..de1e401cdf 100644
+--- a/hw/acpi/ich9.c
++++ b/hw/acpi/ich9.c
+@@ -435,8 +435,8 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
+ static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
+ pm->acpi_memory_hotplug.is_enabled = true;
+ pm->cpu_hotplug_legacy = true;
+- pm->disable_s3 = 0;
+- pm->disable_s4 = 0;
++ pm->disable_s3 = 1;
++ pm->disable_s4 = 1;
+ pm->s4_val = 2;
+ pm->use_acpi_hotplug_bridge = true;
+ pm->keep_pci_slot_hpc = true;
+diff --git a/hw/arm/meson.build b/hw/arm/meson.build
+index 721a8eb8be..87ed4dd914 100644
+--- a/hw/arm/meson.build
++++ b/hw/arm/meson.build
+@@ -31,7 +31,7 @@ arm_ss.add(when: 'CONFIG_VEXPRESS', if_true: files('vexpress.c'))
+ arm_ss.add(when: 'CONFIG_ZYNQ', if_true: files('xilinx_zynq.c'))
+ arm_ss.add(when: 'CONFIG_SABRELITE', if_true: files('sabrelite.c'))
+
+-arm_ss.add(when: 'CONFIG_ARM_V7M', if_true: files('armv7m.c'))
++#arm_ss.add(when: 'CONFIG_ARM_V7M', if_true: files('armv7m.c'))
+ arm_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4210.c'))
+ arm_ss.add(when: 'CONFIG_PXA2XX', if_true: files('pxa2xx.c', 'pxa2xx_gpio.c', 'pxa2xx_pic.c'))
+ arm_ss.add(when: 'CONFIG_DIGIC', if_true: files('digic.c'))
+diff --git a/hw/block/fdc.c b/hw/block/fdc.c
+index 347875a0cd..ca1776121f 100644
+--- a/hw/block/fdc.c
++++ b/hw/block/fdc.c
+@@ -49,6 +49,8 @@
+ #include "qom/object.h"
+ #include "fdc-internal.h"
+
++#include "hw/boards.h"
++
+ /********************************************************/
+ /* debug Floppy devices */
+
+@@ -2338,6 +2340,14 @@ void fdctrl_realize_common(DeviceState *dev, FDCtrl *fdctrl, Error **errp)
+ FDrive *drive;
+ static int command_tables_inited = 0;
+
++ /* Restricted for Red Hat Enterprise Linux: */
++ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
++ if (!strstr(mc->name, "-rhel7.")) {
++ error_setg(errp, "Device %s is not supported with machine type %s",
++ object_get_typename(OBJECT(dev)), mc->name);
++ return;
++ }
++
+ if (fdctrl->fallback == FLOPPY_DRIVE_TYPE_AUTO) {
+ error_setg(errp, "Cannot choose a fallback FDrive type of 'auto'");
+ return;
+diff --git a/hw/cpu/meson.build b/hw/cpu/meson.build
+index 9e52fee9e7..bb71c9f3e7 100644
+--- a/hw/cpu/meson.build
++++ b/hw/cpu/meson.build
+@@ -1,6 +1,7 @@
+-softmmu_ss.add(files('core.c', 'cluster.c'))
++#softmmu_ss.add(files('core.c', 'cluster.c'))
++softmmu_ss.add(files('core.c'))
+
+ specific_ss.add(when: 'CONFIG_ARM11MPCORE', if_true: files('arm11mpcore.c'))
+ specific_ss.add(when: 'CONFIG_REALVIEW', if_true: files('realview_mpcore.c'))
+ specific_ss.add(when: 'CONFIG_A9MPCORE', if_true: files('a9mpcore.c'))
+-specific_ss.add(when: 'CONFIG_A15MPCORE', if_true: files('a15mpcore.c'))
++#specific_ss.add(when: 'CONFIG_A15MPCORE', if_true: files('a15mpcore.c'))
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 3bb6a58698..6447fdb02e 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -2945,7 +2945,10 @@ static void pci_cirrus_vga_realize(PCIDevice *dev, Error **errp)
+ PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+ int16_t device_id = pc->device_id;
+
+- /*
++ warn_report("'cirrus-vga' is deprecated, "
++ "please use a different VGA card instead");
++
++ /*
+ * Follow real hardware, cirrus card emulated has 4 MB video memory.
+ * Also accept 8 MB/16 MB for backward compatibility.
+ */
+diff --git a/hw/ide/piix.c b/hw/ide/piix.c
+index ce89fd0aa3..fbcf802b13 100644
+--- a/hw/ide/piix.c
++++ b/hw/ide/piix.c
+@@ -232,7 +232,8 @@ static void piix3_ide_class_init(ObjectClass *klass, void *data)
+ k->device_id = PCI_DEVICE_ID_INTEL_82371SB_1;
+ k->class_id = PCI_CLASS_STORAGE_IDE;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+- dc->hotpluggable = false;
++ /* Disabled for Red Hat Enterprise Linux: */
++ dc->user_creatable = false;
+ }
+
+ static const TypeInfo piix3_ide_info = {
+@@ -261,6 +262,8 @@ static void piix4_ide_class_init(ObjectClass *klass, void *data)
+ k->class_id = PCI_CLASS_STORAGE_IDE;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ dc->hotpluggable = false;
++ /* Disabled for Red Hat Enterprise Linux: */
++ dc->user_creatable = false;
+ }
+
+ static const TypeInfo piix4_ide_info = {
+diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
+index 4efdf75620..5143ebaa27 100644
+--- a/hw/input/pckbd.c
++++ b/hw/input/pckbd.c
+@@ -814,6 +814,8 @@ static void i8042_class_initfn(ObjectClass *klass, void *data)
+ dc->vmsd = &vmstate_kbd_isa;
+ isa->build_aml = i8042_build_aml;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
++ /* Disabled for Red Hat Enterprise Linux: */
++ dc->user_creatable = false;
+ }
+
+ static const TypeInfo i8042_info = {
+diff --git a/hw/net/e1000.c b/hw/net/e1000.c
+index f5bc81296d..282d01e374 100644
+--- a/hw/net/e1000.c
++++ b/hw/net/e1000.c
+@@ -1821,6 +1821,7 @@ static const E1000Info e1000_devices[] = {
+ .revision = 0x03,
+ .phy_id2 = E1000_PHY_ID2_8254xx_DEFAULT,
+ },
++#if 0 /* Disabled for Red Hat Enterprise Linux 7 */
+ {
+ .name = "e1000-82544gc",
+ .device_id = E1000_DEV_ID_82544GC_COPPER,
+@@ -1833,6 +1834,7 @@ static const E1000Info e1000_devices[] = {
+ .revision = 0x03,
+ .phy_id2 = E1000_PHY_ID2_8254xx_DEFAULT,
+ },
++#endif
+ };
+
+ static void e1000_register_types(void)
+diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
+index 8a4861f45a..fcb5dfe792 100644
+--- a/hw/ppc/spapr_cpu_core.c
++++ b/hw/ppc/spapr_cpu_core.c
+@@ -379,10 +379,12 @@ static const TypeInfo spapr_cpu_core_type_infos[] = {
+ .instance_size = sizeof(SpaprCpuCore),
+ .class_size = sizeof(SpaprCpuCoreClass),
+ },
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ DEFINE_SPAPR_CPU_CORE_TYPE("970_v2.2"),
+ DEFINE_SPAPR_CPU_CORE_TYPE("970mp_v1.0"),
+ DEFINE_SPAPR_CPU_CORE_TYPE("970mp_v1.1"),
+ DEFINE_SPAPR_CPU_CORE_TYPE("power5+_v2.1"),
++#endif
+ DEFINE_SPAPR_CPU_CORE_TYPE("power7_v2.3"),
+ DEFINE_SPAPR_CPU_CORE_TYPE("power7+_v2.1"),
+ DEFINE_SPAPR_CPU_CORE_TYPE("power8_v2.0"),
+diff --git a/hw/usb/meson.build b/hw/usb/meson.build
+index de853d780d..0776ae6a20 100644
+--- a/hw/usb/meson.build
++++ b/hw/usb/meson.build
+@@ -52,7 +52,7 @@ softmmu_ss.add(when: 'CONFIG_USB_SMARTCARD', if_true: files('dev-smartcard-reade
+ if cacard.found()
+ usbsmartcard_ss = ss.source_set()
+ usbsmartcard_ss.add(when: 'CONFIG_USB_SMARTCARD',
+- if_true: [cacard, files('ccid-card-emulated.c', 'ccid-card-passthru.c')])
++ if_true: [cacard, files('ccid-card-passthru.c')])
+ hw_usb_modules += {'smartcard': usbsmartcard_ss}
+ endif
+
+diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
+index 13d0e9b195..3826fa5122 100644
+--- a/target/arm/cpu_tcg.c
++++ b/target/arm/cpu_tcg.c
+@@ -22,6 +22,7 @@
+ /* CPU models. These are not needed for the AArch64 linux-user build. */
+ #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ #if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
+ static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+ {
+@@ -375,6 +376,7 @@ static void cortex_a9_initfn(Object *obj)
+ cpu->ccsidr[1] = 0x200fe019; /* 16k L1 icache. */
+ define_arm_cp_regs(cpu, cortexa9_cp_reginfo);
+ }
++#endif /* disabled for RHEL */
+
+ #ifndef CONFIG_USER_ONLY
+ static uint64_t a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
+@@ -400,6 +402,7 @@ static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
+ REGINFO_SENTINEL
+ };
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void cortex_a7_initfn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+@@ -445,6 +448,7 @@ static void cortex_a7_initfn(Object *obj)
+ cpu->ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
+ define_arm_cp_regs(cpu, cortexa15_cp_reginfo); /* Same as A15 */
+ }
++#endif /* disabled for RHEL */
+
+ static void cortex_a15_initfn(Object *obj)
+ {
+@@ -488,6 +492,7 @@ static void cortex_a15_initfn(Object *obj)
+ define_arm_cp_regs(cpu, cortexa15_cp_reginfo);
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void cortex_m0_initfn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+@@ -928,6 +933,7 @@ static void arm_v7m_class_init(ObjectClass *oc, void *data)
+
+ cc->gdb_core_xml_file = "arm-m-profile.xml";
+ }
++#endif /* disabled for RHEL */
+
+ #ifndef TARGET_AARCH64
+ /*
+@@ -1007,6 +1013,7 @@ static void arm_max_initfn(Object *obj)
+ #endif /* !TARGET_AARCH64 */
+
+ static const ARMCPUInfo arm_tcg_cpus[] = {
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { .name = "arm926", .initfn = arm926_initfn },
+ { .name = "arm946", .initfn = arm946_initfn },
+ { .name = "arm1026", .initfn = arm1026_initfn },
+@@ -1022,7 +1029,9 @@ static const ARMCPUInfo arm_tcg_cpus[] = {
+ { .name = "cortex-a7", .initfn = cortex_a7_initfn },
+ { .name = "cortex-a8", .initfn = cortex_a8_initfn },
+ { .name = "cortex-a9", .initfn = cortex_a9_initfn },
++#endif /* disabled for RHEL */
+ { .name = "cortex-a15", .initfn = cortex_a15_initfn },
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { .name = "cortex-m0", .initfn = cortex_m0_initfn,
+ .class_init = arm_v7m_class_init },
+ { .name = "cortex-m3", .initfn = cortex_m3_initfn,
+@@ -1053,6 +1062,7 @@ static const ARMCPUInfo arm_tcg_cpus[] = {
+ { .name = "pxa270-b1", .initfn = pxa270b1_initfn },
+ { .name = "pxa270-c0", .initfn = pxa270c0_initfn },
+ { .name = "pxa270-c5", .initfn = pxa270c5_initfn },
++#endif /* disabled for RHEL */
+ #ifndef TARGET_AARCH64
+ { .name = "max", .initfn = arm_max_initfn },
+ #endif
+diff --git a/target/ppc/cpu-models.c b/target/ppc/cpu-models.c
+index 976be5e0d1..dd78883410 100644
+--- a/target/ppc/cpu-models.c
++++ b/target/ppc/cpu-models.c
+@@ -66,6 +66,7 @@
+ #define POWERPC_DEF(_name, _pvr, _type, _desc) \
+ POWERPC_DEF_SVR(_name, _desc, _pvr, POWERPC_SVR_NONE, _type)
+
++#if 0 /* Embedded and 32-bit CPUs disabled for Red Hat Enterprise Linux */
+ /* Embedded PowerPC */
+ /* PowerPC 405 family */
+ /* PowerPC 405 cores */
+@@ -698,8 +699,10 @@
+ "PowerPC 7447A v1.2 (G4)")
+ POWERPC_DEF("7457a_v1.2", CPU_POWERPC_74x7A_v12, 7455,
+ "PowerPC 7457A v1.2 (G4)")
++#endif
+ /* 64 bits PowerPC */
+ #if defined(TARGET_PPC64)
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ POWERPC_DEF("970_v2.2", CPU_POWERPC_970_v22, 970,
+ "PowerPC 970 v2.2")
+ POWERPC_DEF("970fx_v1.0", CPU_POWERPC_970FX_v10, 970,
+@@ -718,6 +721,7 @@
+ "PowerPC 970MP v1.1")
+ POWERPC_DEF("power5+_v2.1", CPU_POWERPC_POWER5P_v21, POWER5P,
+ "POWER5+ v2.1")
++#endif
+ POWERPC_DEF("power7_v2.3", CPU_POWERPC_POWER7_v23, POWER7,
+ "POWER7 v2.3")
+ POWERPC_DEF("power7+_v2.1", CPU_POWERPC_POWER7P_v21, POWER7,
+@@ -897,12 +901,15 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
+ { "7447a", "7447a_v1.2" },
+ { "7457a", "7457a_v1.2" },
+ { "apollo7pm", "7457a_v1.0" },
++#endif
+ #if defined(TARGET_PPC64)
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { "970", "970_v2.2" },
+ { "970fx", "970fx_v3.1" },
+ { "970mp", "970mp_v1.1" },
+ { "power5+", "power5+_v2.1" },
+ { "power5gs", "power5+_v2.1" },
++#endif
+ { "power7", "power7_v2.3" },
+ { "power7+", "power7+_v2.1" },
+ { "power8e", "power8e_v2.1" },
+@@ -912,6 +919,7 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
+ { "power10", "power10_v2.0" },
+ #endif
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ /* Generic PowerPCs */
+ #if defined(TARGET_PPC64)
+ { "ppc64", "970fx_v3.1" },
+@@ -919,5 +927,6 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
+ { "ppc32", "604" },
+ { "ppc", "604" },
+ { "default", "604" },
++#endif
+ { NULL, NULL }
+ };
+diff --git a/target/s390x/cpu_models_sysemu.c b/target/s390x/cpu_models_sysemu.c
+index 05c3ccaaff..6a04ccab1b 100644
+--- a/target/s390x/cpu_models_sysemu.c
++++ b/target/s390x/cpu_models_sysemu.c
+@@ -36,6 +36,9 @@ static void check_unavailable_features(const S390CPUModel *max_model,
+ (max_model->def->gen == model->def->gen &&
+ max_model->def->ec_ga < model->def->ec_ga)) {
+ list_add_feat("type", unavailable);
++ } else if (model->def->gen < 11 && kvm_enabled()) {
++ /* Older CPU models are not supported on Red Hat Enterprise Linux */
++ list_add_feat("type", unavailable);
+ }
+
+ /* detect missing features if any to properly report them */
+diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
+index 6acf14d5ec..74f089d87f 100644
+--- a/target/s390x/kvm/kvm.c
++++ b/target/s390x/kvm/kvm.c
+@@ -2512,6 +2512,14 @@ void kvm_s390_apply_cpu_model(const S390CPUModel *model, Error **errp)
+ error_setg(errp, "KVM doesn't support CPU models");
+ return;
+ }
++
++ /* Older CPU models are not supported on Red Hat Enterprise Linux */
++ if (model->def->gen < 11) {
++ error_setg(errp, "KVM: Unsupported CPU type specified: %s",
++ MACHINE(qdev_get_machine())->cpu_type);
++ return;
++ }
++
+ prop.cpuid = s390_cpuid_from_cpu_model(model);
+ prop.ibc = s390_ibc_from_cpu_model(model);
+ /* configure cpu features indicated via STFL(e) */
+--
+2.31.1
+
diff --git a/SOURCES/0005-Initial-redhat-build.patch b/SOURCES/0005-Initial-redhat-build.patch
deleted file mode 100644
index 3ff2dce..0000000
--- a/SOURCES/0005-Initial-redhat-build.patch
+++ /dev/null
@@ -1,301 +0,0 @@
-From 3308eb892f03c7169f712fe88e74dacd6f05b1fe Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Wed, 26 May 2021 10:56:02 +0200
-Subject: Initial redhat build
-
-This patch introduces redhat build structure in redhat subdirectory. In addition,
-several issues are fixed in QEMU tree:
-
-- Change of app name for sasl_server_init in VNC code from qemu to qemu-kvm
- - As we use qemu-kvm as name in all places, this is updated to be consistent
-- Man page renamed from qemu to qemu-kvm
- - man page is installed using make install so we have to fix it in qemu tree
-
-We disable make check due to issues with some of the tests.
-
-This rebase is based on qemu-kvm-6.1.0-8.el9
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
-Rebase changes (6.1.0):
-- Move build to .distro
-- Move changes for support file to related commit
-- Added dependency for python3-sphinx-rtd_theme
-- Removed --disable-sheepdog configure option
-- Added new hw-display modules
-- SASL initialization moved to ui/vnc-auth-sasl.c
-- Add accel-qtest-<arch> and accel-tcg-x86_64 libraries
-- Added hw-usb-host module
-- Disable new configure options (bpf, nvmm, slirp-smbd)
-- Use -pie for ksmctl build (annocheck complain fix)
-
-Rebase changes (6.2.0):
-- removed --disable-jemalloc and --disable-tcmalloc configure options
-- added audio-oss.so
-- added fdt requirement for x86_64
-- tests/acceptance renamed to tests/avocado
-- added multiboot_dma.bin
-- Add -Wno-string-plus-int to extra flags
-- Updated configure options
-
-Merged patches (6.0.0):
- - 605758c902 Limit build on Power to qemu-img and qemu-ga only
-
-Merged patches (6.1.0):
-- f04f91751f Use cached tarballs
-- 6581165c65 Remove message with running VM count
-- 03c3cac9fc spec-file: build qemu-kvm without SPICE and QXL
-- e0ae6c1f6c spec-file: Obsolete qemu-kvm-ui-spice
-- 9d2e9f9ecf spec: Do not build qemu-kvm-block-gluster
-- cf470b4234 spec: Do not link pcnet and ne2k_pci roms
-- e981284a6b redhat: Install the s390-netboot.img that we've built
-- 24ef557f33 spec: Remove usage of Group: tag
-- c40d69b4f4 spec: Drop %defattr usage
-- f8e98798ce spec: Clean up BuildRequires
-- 47246b43ee spec: Remove iasl BuildRequires
-- 170dc1cbe0 spec: Remove redundant 0 in conditionals
-- 8718f6fa11 spec: Add more have_XXX conditionals
-- a001269ce9 spec: Remove binutils versioned Requires
-- 34545ee641 spec: Remove diffutils BuildRequires
-- c2c82beac9 spec: Remove redundant Requires:
-- 9314c231f4 spec: Add XXX_version macros
-- c43db0bf0f spec: Add have_block_rbd
-- 3ecb0c0319 qga: drop StandardError=syslog
-- 018049dc80 Remove iscsi support
-- a2edf18777 redhat: Replace the kvm-setup.service with a /etc/modules-load.d config file
-- 387b5fbcfe redhat: Move qemu-kvm-docs dependency to qemu-kvm
-- 4ead693178 redhat: introducting qemu-kvm-hw-usbredir
-- 4dc6fc3035 redhat: use the standard vhost-user JSON path
-- 84757178b4 Fix local build
-- 8c394227dd spec: Restrict block drivers in tools
-- b6aa7c1fae Move tools to separate package
-- eafd82e509 Split qemu-pr-helper to separate package
-- 2c0182e2aa spec: RPM_BUILD_ROOT -> %{buildroot}
-- 91bd55ca13 spec: More use of %{name} instead of 'qemu-kvm'
-- 50ba299c61 spec: Use qemu-pr-helper.service from qemu.git (partial)
-- ee08d4e0a3 spec: Use %{_sourcedir} for referencing sources
-- 039e7f7d02 spec: Add tools_only
-- 884ba71617 spec: %build: Add run_configure helper
-- 8ebd864d65 spec: %build: Disable more bits with %{disable_everything} (partial)
-- f23fdb53f5 spec: %build: Add macros for some 'configure' parameters
-- fe951a8bd8 spec: %files: Move qemu-guest-agent and qemu-img earlier
-- 353b632e37 spec: %install: Remove redundant bits
-- 9d2015b752 spec: %install: Add %{modprobe_kvm_conf} macro
-- 6d05134e8c spec: %install: Remove qemu-guest-agent /etc/qemu-kvm usage
-- 985b226467 spec: %install: clean up qemu-ga section
-- dfaf9c600d spec: %install: Use a single %{tools_only} section
-- f6978ddb46 spec: Make tools_only not cross spec sections
-- 071c211098 spec: %install: Limit time spent in %{qemu_kvm_build}
-- 1b65c674be spec: misc syntactic merges with Fedora
-- 4da16294cf spec: Use Fedora's pattern for specifying rc version
-- d7ee259a79 spec: %files: don't use fine grained -docs file list
-- 64cad0c60f spec: %files: Add licenses to qemu-common too
-- c3de4f080a spec: %install: Drop python3 shebang fixup
-- 46fc216115 Update local build to work with spec file improvements
-- bab9531548 spec: Remove buildldflags
-- c8360ab6a9 spec: Use %make_build macro
-- f6966c66e9 spec: Drop make install sharedir and datadir usage
-- 86982421bc spec: use %make_install macro
-- 191c405d22 spec: parallelize `make check`
-- 251a1fb958 spec: Drop explicit --build-id
-- 44c7dda6c3 spec: use %{build_ldflags}
-- 0009a34354 Move virtiofsd to separate package
-- 34d1b200b3 Utilize --firmware configure option
-- 2800e1dd03 spec: Switch toolchain to Clang/LLVM (except process-patches.sh)
-- e8a70f500f spec: Use safe-stack for x86_64
-- e29445d50d spec: Reenable write support for VMDK etc. in tools
-- a4fe2a3e16 redhat: Disable LTO on non-x86 architectures
-
-Merged patches (6.2.0):
-- 333452440b remove sgabios dependency
-- 7d3633f184 enable pulseaudio
-- bd898709b0 spec: disable use of gcrypt for crypto backends in favour of gnutls
-- e4f0c6dee6 spec: Remove block-curl and block-ssh dependency
-- 4dc13bfe63 spec: Build the VDI block driver
-- d2f2ff3c74 spec: Explicitly include compress filter
-- a7d047f9c2 Move ksmtuned files to separate package
-
-With rebase new configure options are introducesed. We use two steps
-configuration - first we disable all options and then enable supported
-options.
-
-With 6.2.0, following changes are done:
-- disabled all audiodev and enable only pa
- - not use audio-drv-list anymore
- - disabling oss driver removes oss module (added during rebase to 6.2.0)
-- disable gettext
-- disable l2tpv3
-- enable selinux
-- enable spice-protocol
- - added needed BuildRequire
-- specify used capstone version
-- specify used fdt version
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
- .distro/85-kvm.preset | 5 -
- .distro/Makefile | 100 +
- .distro/Makefile.common | 38 +
- .distro/README.tests | 39 +
- .distro/ksm.service | 13 -
- .distro/ksm.sysconfig | 4 -
- .distro/ksmctl.c | 77 -
- .distro/ksmtuned | 139 -
- .distro/ksmtuned.conf | 21 -
- .distro/ksmtuned.service | 12 -
- .distro/kvm-setup | 49 -
- .distro/kvm-setup.service | 14 -
- .distro/modules-load.conf | 4 +
- .distro/qemu-guest-agent.service | 1 -
- .distro/qemu-kvm.spec.template | 3817 +++++++++++++++++++++++
- .distro/scripts/extract_build_cmd.py | 12 +
- .gitignore | 1 +
- README.systemtap | 43 +
- meson.build | 4 +-
- scripts/qemu-guest-agent/fsfreeze-hook | 2 +-
- scripts/systemtap/conf.d/qemu_kvm.conf | 4 +
- scripts/systemtap/script.d/qemu_kvm.stp | 1 +
- tests/check-block.sh | 2 +
- ui/vnc-auth-sasl.c | 2 +-
- 24 files changed, 4066 insertions(+), 338 deletions(-)
- delete mode 100644 .distro/85-kvm.preset
- create mode 100644 .distro/Makefile
- create mode 100644 .distro/Makefile.common
- create mode 100644 .distro/README.tests
- delete mode 100644 .distro/ksm.service
- delete mode 100644 .distro/ksm.sysconfig
- delete mode 100644 .distro/ksmctl.c
- delete mode 100644 .distro/ksmtuned
- delete mode 100644 .distro/ksmtuned.conf
- delete mode 100644 .distro/ksmtuned.service
- delete mode 100644 .distro/kvm-setup
- delete mode 100644 .distro/kvm-setup.service
- create mode 100644 .distro/modules-load.conf
- create mode 100644 .distro/qemu-kvm.spec.template
- create mode 100644 README.systemtap
- create mode 100644 scripts/systemtap/conf.d/qemu_kvm.conf
- create mode 100644 scripts/systemtap/script.d/qemu_kvm.stp
-
-diff --git a/README.systemtap b/README.systemtap
-new file mode 100644
-index 0000000000..ad913fc990
---- /dev/null
-+++ b/README.systemtap
-@@ -0,0 +1,43 @@
-+QEMU tracing using systemtap-initscript
-+---------------------------------------
-+
-+You can capture QEMU trace data all the time using systemtap-initscript. This
-+uses SystemTap's flight recorder mode to trace all running guests to a
-+fixed-size buffer on the host. Old trace entries are overwritten by new
-+entries when the buffer size wraps.
-+
-+1. Install the systemtap-initscript package:
-+ # yum install systemtap-initscript
-+
-+2. Install the systemtap scripts and the conf file:
-+ # cp /usr/share/qemu-kvm/systemtap/script.d/qemu_kvm.stp /etc/systemtap/script.d/
-+ # cp /usr/share/qemu-kvm/systemtap/conf.d/qemu_kvm.conf /etc/systemtap/conf.d/
-+
-+The set of trace events to enable is given in qemu_kvm.stp. This SystemTap
-+script can be customized to add or remove trace events provided in
-+/usr/share/systemtap/tapset/qemu-kvm-simpletrace.stp.
-+
-+SystemTap customizations can be made to qemu_kvm.conf to control the flight
-+recorder buffer size and whether to store traces in memory only or disk too.
-+See stap(1) for option documentation.
-+
-+3. Start the systemtap service.
-+ # service systemtap start qemu_kvm
-+
-+4. Make the service start at boot time.
-+ # chkconfig systemtap on
-+
-+5. Confirm that the service works.
-+ # service systemtap status qemu_kvm
-+ qemu_kvm is running...
-+
-+When you want to inspect the trace buffer, perform the following steps:
-+
-+1. Dump the trace buffer.
-+ # staprun -A qemu_kvm >/tmp/trace.log
-+
-+2. Start the systemtap service because the preceding step stops the service.
-+ # service systemtap start qemu_kvm
-+
-+3. Translate the trace record to readable format.
-+ # /usr/share/qemu-kvm/simpletrace.py --no-header /usr/share/qemu-kvm/trace-events /tmp/trace.log
-diff --git a/meson.build b/meson.build
-index 96de1a6ef9..5f6ba86dbb 100644
---- a/meson.build
-+++ b/meson.build
-@@ -2108,7 +2108,9 @@ if capstone_opt == 'internal'
- # Include all configuration defines via a header file, which will wind up
- # as a dependency on the object file, and thus changes here will result
- # in a rebuild.
-- '-include', 'capstone-defs.h'
-+ '-include', 'capstone-defs.h',
-+
-+ '-Wp,-D_GLIBCXX_ASSERTIONS',
- ]
-
- libcapstone = static_library('capstone',
-diff --git a/scripts/qemu-guest-agent/fsfreeze-hook b/scripts/qemu-guest-agent/fsfreeze-hook
-index 13aafd4845..e9b84ec028 100755
---- a/scripts/qemu-guest-agent/fsfreeze-hook
-+++ b/scripts/qemu-guest-agent/fsfreeze-hook
-@@ -8,7 +8,7 @@
- # request, it is issued with "thaw" argument after filesystem is thawed.
-
- LOGFILE=/var/log/qga-fsfreeze-hook.log
--FSFREEZE_D=$(dirname -- "$0")/fsfreeze-hook.d
-+FSFREEZE_D=$(dirname -- "$(realpath $0)")/fsfreeze-hook.d
-
- # Check whether file $1 is a backup or rpm-generated file and should be ignored
- is_ignored_file() {
-diff --git a/scripts/systemtap/conf.d/qemu_kvm.conf b/scripts/systemtap/conf.d/qemu_kvm.conf
-new file mode 100644
-index 0000000000..372d8160a4
---- /dev/null
-+++ b/scripts/systemtap/conf.d/qemu_kvm.conf
-@@ -0,0 +1,4 @@
-+# Force load uprobes (see BZ#1118352)
-+stap -e 'probe process("/usr/libexec/qemu-kvm").function("main") { printf("") }' -c true
-+
-+qemu_kvm_OPT="-s4" # per-CPU buffer size, in megabytes
-diff --git a/scripts/systemtap/script.d/qemu_kvm.stp b/scripts/systemtap/script.d/qemu_kvm.stp
-new file mode 100644
-index 0000000000..c04abf9449
---- /dev/null
-+++ b/scripts/systemtap/script.d/qemu_kvm.stp
-@@ -0,0 +1 @@
-+probe qemu.kvm.simpletrace.handle_qmp_command,qemu.kvm.simpletrace.monitor_protocol_*,qemu.kvm.simpletrace.migrate_set_state {}
-diff --git a/tests/check-block.sh b/tests/check-block.sh
-index f86cb863de..6d38340d49 100755
---- a/tests/check-block.sh
-+++ b/tests/check-block.sh
-@@ -69,6 +69,8 @@ else
- fi
- fi
-
-+exit 0
-+
- cd tests/qemu-iotests
-
- # QEMU_CHECK_BLOCK_AUTO is used to disable some unstable sub-tests
-diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
-index 47fdae5b21..2a950caa2a 100644
---- a/ui/vnc-auth-sasl.c
-+++ b/ui/vnc-auth-sasl.c
-@@ -42,7 +42,7 @@
-
- bool vnc_sasl_server_init(Error **errp)
- {
-- int saslErr = sasl_server_init(NULL, "qemu");
-+ int saslErr = sasl_server_init(NULL, "qemu-kvm");
-
- if (saslErr != SASL_OK) {
- error_setg(errp, "Failed to initialize SASL auth: %s",
---
-2.27.0
-
diff --git a/SOURCES/0006-Enable-disable-devices-for-RHEL.patch b/SOURCES/0006-Enable-disable-devices-for-RHEL.patch
deleted file mode 100644
index 345bd20..0000000
--- a/SOURCES/0006-Enable-disable-devices-for-RHEL.patch
+++ /dev/null
@@ -1,698 +0,0 @@
-From af4c83ed637bfda003ae86133413d53cefda3654 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Thu, 15 Jul 2021 03:22:36 -0400
-Subject: Enable/disable devices for RHEL
-
-This commit adds all changes related to changes in supported devices.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
-Rebase notes (6.1.0):
-- Added CONFIG_TPM (except s390x)
-- default-configs moved to configs
-- Use --with-device-<ARCH> configure option to use rhel configs
-
-Rebase notes (6.2.0 RC0):
-- Add CONFIG_ISA_FDC
-
-Rebase notes (6.2.0 RC3):
-- Do not remove -no-hpet documentation
-
-Merged patches (6.1.0):
-- c51bf45304 Remove SPICE and QXL from x86_64-rh-devices.mak
-- 02fc745601 aarch64-rh-devices: add CONFIG_PVPANIC_PCI
-- f2fe835153 aarch64-rh-devices: add CONFIG_PXB
-- b5431733ad disable CONFIG_USB_STORAGE_BOT
-- 478ba0cdf6 Disable TPM passthrough
-- 2504d68a7c aarch64: Add USB storage devices
-- 51c2a3253c disable ac97 audio
-
-Merged patches (6.2.0 RC0):
-- 9f2f9fa2ba disable sga device
----
- .distro/qemu-kvm.spec.template | 9 +-
- .../aarch64-softmmu/aarch64-rh-devices.mak | 33 ++++++
- .../ppc64-softmmu/ppc64-rh-devices.mak | 35 ++++++
- configs/devices/rh-virtio.mak | 10 ++
- .../s390x-softmmu/s390x-rh-devices.mak | 15 +++
- .../x86_64-softmmu/x86_64-rh-devices.mak | 102 ++++++++++++++++++
- .../x86_64-upstream-devices.mak | 4 +
- hw/acpi/ich9.c | 4 +-
- hw/arm/meson.build | 2 +-
- hw/block/fdc.c | 10 ++
- hw/char/parallel.c | 9 ++
- hw/cpu/meson.build | 5 +-
- hw/display/cirrus_vga.c | 3 +
- hw/ide/piix.c | 5 +-
- hw/input/pckbd.c | 2 +
- hw/net/e1000.c | 2 +
- hw/ppc/spapr_cpu_core.c | 2 +
- hw/timer/hpet.c | 8 ++
- hw/usb/meson.build | 2 +-
- target/arm/cpu_tcg.c | 10 ++
- target/ppc/cpu-models.c | 10 ++
- target/s390x/cpu_models_sysemu.c | 3 +
- target/s390x/kvm/kvm.c | 8 ++
- 23 files changed, 283 insertions(+), 10 deletions(-)
- create mode 100644 configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
- create mode 100644 configs/devices/ppc64-softmmu/ppc64-rh-devices.mak
- create mode 100644 configs/devices/rh-virtio.mak
- create mode 100644 configs/devices/s390x-softmmu/s390x-rh-devices.mak
- create mode 100644 configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
- create mode 100644 configs/devices/x86_64-softmmu/x86_64-upstream-devices.mak
-
-diff --git a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
-new file mode 100644
-index 0000000000..cd9c7c5127
---- /dev/null
-+++ b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
-@@ -0,0 +1,33 @@
-+include ../rh-virtio.mak
-+
-+CONFIG_ARM_GIC_KVM=y
-+CONFIG_ARM_GIC=y
-+CONFIG_ARM_SMMUV3=y
-+CONFIG_ARM_V7M=y
-+CONFIG_ARM_VIRT=y
-+CONFIG_EDID=y
-+CONFIG_PCIE_PORT=y
-+CONFIG_PCI_DEVICES=y
-+CONFIG_PCI_TESTDEV=y
-+CONFIG_PFLASH_CFI01=y
-+CONFIG_SCSI=y
-+CONFIG_SEMIHOSTING=y
-+CONFIG_USB=y
-+CONFIG_USB_XHCI=y
-+CONFIG_USB_XHCI_PCI=y
-+CONFIG_USB_STORAGE_CORE=y
-+CONFIG_USB_STORAGE_CLASSIC=y
-+CONFIG_VFIO=y
-+CONFIG_VFIO_PCI=y
-+CONFIG_VIRTIO_MMIO=y
-+CONFIG_VIRTIO_PCI=y
-+CONFIG_XIO3130=y
-+CONFIG_NVDIMM=y
-+CONFIG_ACPI_APEI=y
-+CONFIG_TPM=y
-+CONFIG_TPM_EMULATOR=y
-+CONFIG_TPM_TIS_SYSBUS=y
-+CONFIG_PTIMER=y
-+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
-+CONFIG_PVPANIC_PCI=y
-+CONFIG_PXB=y
-diff --git a/configs/devices/ppc64-softmmu/ppc64-rh-devices.mak b/configs/devices/ppc64-softmmu/ppc64-rh-devices.mak
-new file mode 100644
-index 0000000000..6a3e3f0227
---- /dev/null
-+++ b/configs/devices/ppc64-softmmu/ppc64-rh-devices.mak
-@@ -0,0 +1,35 @@
-+include ../rh-virtio.mak
-+
-+CONFIG_DIMM=y
-+CONFIG_MEM_DEVICE=y
-+CONFIG_NVDIMM=y
-+CONFIG_PCI=y
-+CONFIG_PCI_DEVICES=y
-+CONFIG_PCI_TESTDEV=y
-+CONFIG_PCI_EXPRESS=y
-+CONFIG_PSERIES=y
-+CONFIG_SCSI=y
-+CONFIG_SPAPR_VSCSI=y
-+CONFIG_TEST_DEVICES=y
-+CONFIG_USB=y
-+CONFIG_USB_OHCI=y
-+CONFIG_USB_OHCI_PCI=y
-+CONFIG_USB_SMARTCARD=y
-+CONFIG_USB_STORAGE_CORE=y
-+CONFIG_USB_STORAGE_CLASSIC=y
-+CONFIG_USB_XHCI=y
-+CONFIG_USB_XHCI_NEC=y
-+CONFIG_USB_XHCI_PCI=y
-+CONFIG_VFIO=y
-+CONFIG_VFIO_PCI=y
-+CONFIG_VGA=y
-+CONFIG_VGA_PCI=y
-+CONFIG_VHOST_USER=y
-+CONFIG_VIRTIO_PCI=y
-+CONFIG_VIRTIO_VGA=y
-+CONFIG_WDT_IB6300ESB=y
-+CONFIG_XICS=y
-+CONFIG_XIVE=y
-+CONFIG_TPM=y
-+CONFIG_TPM_SPAPR=y
-+CONFIG_TPM_EMULATOR=y
-diff --git a/configs/devices/rh-virtio.mak b/configs/devices/rh-virtio.mak
-new file mode 100644
-index 0000000000..94ede1b5f6
---- /dev/null
-+++ b/configs/devices/rh-virtio.mak
-@@ -0,0 +1,10 @@
-+CONFIG_VIRTIO=y
-+CONFIG_VIRTIO_BALLOON=y
-+CONFIG_VIRTIO_BLK=y
-+CONFIG_VIRTIO_GPU=y
-+CONFIG_VIRTIO_INPUT=y
-+CONFIG_VIRTIO_INPUT_HOST=y
-+CONFIG_VIRTIO_NET=y
-+CONFIG_VIRTIO_RNG=y
-+CONFIG_VIRTIO_SCSI=y
-+CONFIG_VIRTIO_SERIAL=y
-diff --git a/configs/devices/s390x-softmmu/s390x-rh-devices.mak b/configs/devices/s390x-softmmu/s390x-rh-devices.mak
-new file mode 100644
-index 0000000000..d3b38312e1
---- /dev/null
-+++ b/configs/devices/s390x-softmmu/s390x-rh-devices.mak
-@@ -0,0 +1,15 @@
-+include ../rh-virtio.mak
-+
-+CONFIG_PCI=y
-+CONFIG_S390_CCW_VIRTIO=y
-+CONFIG_S390_FLIC=y
-+CONFIG_S390_FLIC_KVM=y
-+CONFIG_SCLPCONSOLE=y
-+CONFIG_SCSI=y
-+CONFIG_VFIO=y
-+CONFIG_VFIO_AP=y
-+CONFIG_VFIO_CCW=y
-+CONFIG_VFIO_PCI=y
-+CONFIG_VHOST_USER=y
-+CONFIG_VIRTIO_CCW=y
-+CONFIG_WDT_DIAG288=y
-diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-new file mode 100644
-index 0000000000..1f7a9ab024
---- /dev/null
-+++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-@@ -0,0 +1,102 @@
-+include ../rh-virtio.mak
-+include x86_64-upstream-devices.mak
-+
-+CONFIG_ACPI=y
-+CONFIG_ACPI_PCI=y
-+CONFIG_ACPI_CPU_HOTPLUG=y
-+CONFIG_ACPI_MEMORY_HOTPLUG=y
-+CONFIG_ACPI_NVDIMM=y
-+CONFIG_ACPI_SMBUS=y
-+CONFIG_ACPI_VMGENID=y
-+CONFIG_ACPI_X86=y
-+CONFIG_ACPI_X86_ICH=y
-+CONFIG_AHCI=y
-+CONFIG_APIC=y
-+CONFIG_APM=y
-+CONFIG_BOCHS_DISPLAY=y
-+CONFIG_DIMM=y
-+CONFIG_E1000E_PCI_EXPRESS=y
-+CONFIG_E1000_PCI=y
-+CONFIG_EDU=y
-+CONFIG_FDC=y
-+CONFIG_FDC_SYSBUS=y
-+CONFIG_FDC_ISA=y
-+CONFIG_FW_CFG_DMA=y
-+CONFIG_HDA=y
-+CONFIG_HYPERV=y
-+CONFIG_HYPERV_TESTDEV=y
-+CONFIG_I2C=y
-+CONFIG_I440FX=y
-+CONFIG_I8254=y
-+CONFIG_I8257=y
-+CONFIG_I8259=y
-+CONFIG_I82801B11=y
-+CONFIG_IDE_CORE=y
-+CONFIG_IDE_PCI=y
-+CONFIG_IDE_PIIX=y
-+CONFIG_IDE_QDEV=y
-+CONFIG_IOAPIC=y
-+CONFIG_IOH3420=y
-+CONFIG_ISA_BUS=y
-+CONFIG_ISA_DEBUG=y
-+CONFIG_ISA_TESTDEV=y
-+CONFIG_LPC_ICH9=y
-+CONFIG_MC146818RTC=y
-+CONFIG_MEM_DEVICE=y
-+CONFIG_NVDIMM=y
-+CONFIG_OPENGL=y
-+CONFIG_PAM=y
-+CONFIG_PC=y
-+CONFIG_PCI=y
-+CONFIG_PCIE_PORT=y
-+CONFIG_PCI_DEVICES=y
-+CONFIG_PCI_EXPRESS=y
-+CONFIG_PCI_EXPRESS_Q35=y
-+CONFIG_PCI_I440FX=y
-+CONFIG_PCI_TESTDEV=y
-+CONFIG_PCKBD=y
-+CONFIG_PCSPK=y
-+CONFIG_PC_ACPI=y
-+CONFIG_PC_PCI=y
-+CONFIG_PFLASH_CFI01=y
-+CONFIG_PVPANIC_ISA=y
-+CONFIG_PXB=y
-+CONFIG_Q35=y
-+CONFIG_RTL8139_PCI=y
-+CONFIG_SCSI=y
-+CONFIG_SERIAL=y
-+CONFIG_SERIAL_ISA=y
-+CONFIG_SERIAL_PCI=y
-+CONFIG_SEV=y
-+CONFIG_SMBIOS=y
-+CONFIG_SMBUS_EEPROM=y
-+CONFIG_TEST_DEVICES=y
-+CONFIG_USB=y
-+CONFIG_USB_EHCI=y
-+CONFIG_USB_EHCI_PCI=y
-+CONFIG_USB_SMARTCARD=y
-+CONFIG_USB_STORAGE_CORE=y
-+CONFIG_USB_STORAGE_CLASSIC=y
-+CONFIG_USB_UHCI=y
-+CONFIG_USB_XHCI=y
-+CONFIG_USB_XHCI_NEC=y
-+CONFIG_USB_XHCI_PCI=y
-+CONFIG_VFIO=y
-+CONFIG_VFIO_PCI=y
-+CONFIG_VGA=y
-+CONFIG_VGA_CIRRUS=y
-+CONFIG_VGA_PCI=y
-+CONFIG_VHOST_USER=y
-+CONFIG_VHOST_USER_BLK=y
-+CONFIG_VIRTIO_PCI=y
-+CONFIG_VIRTIO_VGA=y
-+CONFIG_VMMOUSE=y
-+CONFIG_VMPORT=y
-+CONFIG_VTD=y
-+CONFIG_WDT_IB6300ESB=y
-+CONFIG_WDT_IB700=y
-+CONFIG_XIO3130=y
-+CONFIG_TPM=y
-+CONFIG_TPM_CRB=y
-+CONFIG_TPM_TIS_ISA=y
-+CONFIG_TPM_EMULATOR=y
-diff --git a/configs/devices/x86_64-softmmu/x86_64-upstream-devices.mak b/configs/devices/x86_64-softmmu/x86_64-upstream-devices.mak
-new file mode 100644
-index 0000000000..2cd20f54d2
---- /dev/null
-+++ b/configs/devices/x86_64-softmmu/x86_64-upstream-devices.mak
-@@ -0,0 +1,4 @@
-+# We need "isa-parallel"
-+CONFIG_PARALLEL=y
-+# We need "hpet"
-+CONFIG_HPET=y
-diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
-index ebe08ed831..381ef2ddcf 100644
---- a/hw/acpi/ich9.c
-+++ b/hw/acpi/ich9.c
-@@ -438,8 +438,8 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
- static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
- pm->acpi_memory_hotplug.is_enabled = true;
- pm->cpu_hotplug_legacy = true;
-- pm->disable_s3 = 0;
-- pm->disable_s4 = 0;
-+ pm->disable_s3 = 1;
-+ pm->disable_s4 = 1;
- pm->s4_val = 2;
- pm->use_acpi_hotplug_bridge = true;
- pm->keep_pci_slot_hpc = true;
-diff --git a/hw/arm/meson.build b/hw/arm/meson.build
-index 721a8eb8be..87ed4dd914 100644
---- a/hw/arm/meson.build
-+++ b/hw/arm/meson.build
-@@ -31,7 +31,7 @@ arm_ss.add(when: 'CONFIG_VEXPRESS', if_true: files('vexpress.c'))
- arm_ss.add(when: 'CONFIG_ZYNQ', if_true: files('xilinx_zynq.c'))
- arm_ss.add(when: 'CONFIG_SABRELITE', if_true: files('sabrelite.c'))
-
--arm_ss.add(when: 'CONFIG_ARM_V7M', if_true: files('armv7m.c'))
-+#arm_ss.add(when: 'CONFIG_ARM_V7M', if_true: files('armv7m.c'))
- arm_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4210.c'))
- arm_ss.add(when: 'CONFIG_PXA2XX', if_true: files('pxa2xx.c', 'pxa2xx_gpio.c', 'pxa2xx_pic.c'))
- arm_ss.add(when: 'CONFIG_DIGIC', if_true: files('digic.c'))
-diff --git a/hw/block/fdc.c b/hw/block/fdc.c
-index 21d18ac2e3..97fa6de423 100644
---- a/hw/block/fdc.c
-+++ b/hw/block/fdc.c
-@@ -48,6 +48,8 @@
- #include "qom/object.h"
- #include "fdc-internal.h"
-
-+#include "hw/boards.h"
-+
- /********************************************************/
- /* debug Floppy devices */
-
-@@ -2337,6 +2339,14 @@ void fdctrl_realize_common(DeviceState *dev, FDCtrl *fdctrl, Error **errp)
- FDrive *drive;
- static int command_tables_inited = 0;
-
-+ /* Restricted for Red Hat Enterprise Linux: */
-+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
-+ if (!strstr(mc->name, "-rhel7.")) {
-+ error_setg(errp, "Device %s is not supported with machine type %s",
-+ object_get_typename(OBJECT(dev)), mc->name);
-+ return;
-+ }
-+
- if (fdctrl->fallback == FLOPPY_DRIVE_TYPE_AUTO) {
- error_setg(errp, "Cannot choose a fallback FDrive type of 'auto'");
- return;
-diff --git a/hw/char/parallel.c b/hw/char/parallel.c
-index b45e67bfbb..e5f108211b 100644
---- a/hw/char/parallel.c
-+++ b/hw/char/parallel.c
-@@ -29,6 +29,7 @@
- #include "chardev/char-parallel.h"
- #include "chardev/char-fe.h"
- #include "hw/acpi/aml-build.h"
-+#include "hw/boards.h"
- #include "hw/irq.h"
- #include "hw/isa/isa.h"
- #include "hw/qdev-properties.h"
-@@ -534,6 +535,14 @@ static void parallel_isa_realizefn(DeviceState *dev, Error **errp)
- int base;
- uint8_t dummy;
-
-+ /* Restricted for Red Hat Enterprise Linux */
-+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
-+ if (strstr(mc->name, "rhel")) {
-+ error_setg(errp, "Device %s is not supported with machine type %s",
-+ object_get_typename(OBJECT(dev)), mc->name);
-+ return;
-+ }
-+
- if (!qemu_chr_fe_backend_connected(&s->chr)) {
- error_setg(errp, "Can't create parallel device, empty char device");
- return;
-diff --git a/hw/cpu/meson.build b/hw/cpu/meson.build
-index 9e52fee9e7..bb71c9f3e7 100644
---- a/hw/cpu/meson.build
-+++ b/hw/cpu/meson.build
-@@ -1,6 +1,7 @@
--softmmu_ss.add(files('core.c', 'cluster.c'))
-+#softmmu_ss.add(files('core.c', 'cluster.c'))
-+softmmu_ss.add(files('core.c'))
-
- specific_ss.add(when: 'CONFIG_ARM11MPCORE', if_true: files('arm11mpcore.c'))
- specific_ss.add(when: 'CONFIG_REALVIEW', if_true: files('realview_mpcore.c'))
- specific_ss.add(when: 'CONFIG_A9MPCORE', if_true: files('a9mpcore.c'))
--specific_ss.add(when: 'CONFIG_A15MPCORE', if_true: files('a15mpcore.c'))
-+#specific_ss.add(when: 'CONFIG_A15MPCORE', if_true: files('a15mpcore.c'))
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index fdca6ca659..fa1a7eee51 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -2945,6 +2945,9 @@ static void pci_cirrus_vga_realize(PCIDevice *dev, Error **errp)
- PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
- int16_t device_id = pc->device_id;
-
-+ warn_report("'cirrus-vga' is deprecated, "
-+ "please use a different VGA card instead");
-+
- /* follow real hardware, cirrus card emulated has 4 MB video memory.
- Also accept 8 MB/16 MB for backward compatibility. */
- if (s->vga.vram_size_mb != 4 && s->vga.vram_size_mb != 8 &&
-diff --git a/hw/ide/piix.c b/hw/ide/piix.c
-index ce89fd0aa3..fbcf802b13 100644
---- a/hw/ide/piix.c
-+++ b/hw/ide/piix.c
-@@ -232,7 +232,8 @@ static void piix3_ide_class_init(ObjectClass *klass, void *data)
- k->device_id = PCI_DEVICE_ID_INTEL_82371SB_1;
- k->class_id = PCI_CLASS_STORAGE_IDE;
- set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
-- dc->hotpluggable = false;
-+ /* Disabled for Red Hat Enterprise Linux: */
-+ dc->user_creatable = false;
- }
-
- static const TypeInfo piix3_ide_info = {
-@@ -261,6 +262,8 @@ static void piix4_ide_class_init(ObjectClass *klass, void *data)
- k->class_id = PCI_CLASS_STORAGE_IDE;
- set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
- dc->hotpluggable = false;
-+ /* Disabled for Red Hat Enterprise Linux: */
-+ dc->user_creatable = false;
- }
-
- static const TypeInfo piix4_ide_info = {
-diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
-index baba62f357..bc360347ea 100644
---- a/hw/input/pckbd.c
-+++ b/hw/input/pckbd.c
-@@ -796,6 +796,8 @@ static void i8042_class_initfn(ObjectClass *klass, void *data)
- dc->vmsd = &vmstate_kbd_isa;
- isa->build_aml = i8042_build_aml;
- set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
-+ /* Disabled for Red Hat Enterprise Linux: */
-+ dc->user_creatable = false;
- }
-
- static const TypeInfo i8042_info = {
-diff --git a/hw/net/e1000.c b/hw/net/e1000.c
-index f5bc81296d..282d01e374 100644
---- a/hw/net/e1000.c
-+++ b/hw/net/e1000.c
-@@ -1821,6 +1821,7 @@ static const E1000Info e1000_devices[] = {
- .revision = 0x03,
- .phy_id2 = E1000_PHY_ID2_8254xx_DEFAULT,
- },
-+#if 0 /* Disabled for Red Hat Enterprise Linux 7 */
- {
- .name = "e1000-82544gc",
- .device_id = E1000_DEV_ID_82544GC_COPPER,
-@@ -1833,6 +1834,7 @@ static const E1000Info e1000_devices[] = {
- .revision = 0x03,
- .phy_id2 = E1000_PHY_ID2_8254xx_DEFAULT,
- },
-+#endif
- };
-
- static void e1000_register_types(void)
-diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
-index 58e7341cb7..8ba34f6a1d 100644
---- a/hw/ppc/spapr_cpu_core.c
-+++ b/hw/ppc/spapr_cpu_core.c
-@@ -370,10 +370,12 @@ static const TypeInfo spapr_cpu_core_type_infos[] = {
- .instance_size = sizeof(SpaprCpuCore),
- .class_size = sizeof(SpaprCpuCoreClass),
- },
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- DEFINE_SPAPR_CPU_CORE_TYPE("970_v2.2"),
- DEFINE_SPAPR_CPU_CORE_TYPE("970mp_v1.0"),
- DEFINE_SPAPR_CPU_CORE_TYPE("970mp_v1.1"),
- DEFINE_SPAPR_CPU_CORE_TYPE("power5+_v2.1"),
-+#endif
- DEFINE_SPAPR_CPU_CORE_TYPE("power7_v2.3"),
- DEFINE_SPAPR_CPU_CORE_TYPE("power7+_v2.1"),
- DEFINE_SPAPR_CPU_CORE_TYPE("power8_v2.0"),
-diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
-index 9520471be2..202e032524 100644
---- a/hw/timer/hpet.c
-+++ b/hw/timer/hpet.c
-@@ -733,6 +733,14 @@ static void hpet_realize(DeviceState *dev, Error **errp)
- int i;
- HPETTimer *timer;
-
-+ /* Restricted for Red Hat Enterprise Linux */
-+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
-+ if (strstr(mc->name, "rhel")) {
-+ error_setg(errp, "Device %s is not supported with machine type %s",
-+ object_get_typename(OBJECT(dev)), mc->name);
-+ return;
-+ }
-+
- if (!s->intcap) {
- warn_report("Hpet's intcap not initialized");
- }
-diff --git a/hw/usb/meson.build b/hw/usb/meson.build
-index de853d780d..0776ae6a20 100644
---- a/hw/usb/meson.build
-+++ b/hw/usb/meson.build
-@@ -52,7 +52,7 @@ softmmu_ss.add(when: 'CONFIG_USB_SMARTCARD', if_true: files('dev-smartcard-reade
- if cacard.found()
- usbsmartcard_ss = ss.source_set()
- usbsmartcard_ss.add(when: 'CONFIG_USB_SMARTCARD',
-- if_true: [cacard, files('ccid-card-emulated.c', 'ccid-card-passthru.c')])
-+ if_true: [cacard, files('ccid-card-passthru.c')])
- hw_usb_modules += {'smartcard': usbsmartcard_ss}
- endif
-
-diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
-index 13d0e9b195..3826fa5122 100644
---- a/target/arm/cpu_tcg.c
-+++ b/target/arm/cpu_tcg.c
-@@ -22,6 +22,7 @@
- /* CPU models. These are not needed for the AArch64 linux-user build. */
- #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- #if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
- static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
- {
-@@ -375,6 +376,7 @@ static void cortex_a9_initfn(Object *obj)
- cpu->ccsidr[1] = 0x200fe019; /* 16k L1 icache. */
- define_arm_cp_regs(cpu, cortexa9_cp_reginfo);
- }
-+#endif /* disabled for RHEL */
-
- #ifndef CONFIG_USER_ONLY
- static uint64_t a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
-@@ -400,6 +402,7 @@ static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
- REGINFO_SENTINEL
- };
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void cortex_a7_initfn(Object *obj)
- {
- ARMCPU *cpu = ARM_CPU(obj);
-@@ -445,6 +448,7 @@ static void cortex_a7_initfn(Object *obj)
- cpu->ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
- define_arm_cp_regs(cpu, cortexa15_cp_reginfo); /* Same as A15 */
- }
-+#endif /* disabled for RHEL */
-
- static void cortex_a15_initfn(Object *obj)
- {
-@@ -488,6 +492,7 @@ static void cortex_a15_initfn(Object *obj)
- define_arm_cp_regs(cpu, cortexa15_cp_reginfo);
- }
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void cortex_m0_initfn(Object *obj)
- {
- ARMCPU *cpu = ARM_CPU(obj);
-@@ -928,6 +933,7 @@ static void arm_v7m_class_init(ObjectClass *oc, void *data)
-
- cc->gdb_core_xml_file = "arm-m-profile.xml";
- }
-+#endif /* disabled for RHEL */
-
- #ifndef TARGET_AARCH64
- /*
-@@ -1007,6 +1013,7 @@ static void arm_max_initfn(Object *obj)
- #endif /* !TARGET_AARCH64 */
-
- static const ARMCPUInfo arm_tcg_cpus[] = {
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- { .name = "arm926", .initfn = arm926_initfn },
- { .name = "arm946", .initfn = arm946_initfn },
- { .name = "arm1026", .initfn = arm1026_initfn },
-@@ -1022,7 +1029,9 @@ static const ARMCPUInfo arm_tcg_cpus[] = {
- { .name = "cortex-a7", .initfn = cortex_a7_initfn },
- { .name = "cortex-a8", .initfn = cortex_a8_initfn },
- { .name = "cortex-a9", .initfn = cortex_a9_initfn },
-+#endif /* disabled for RHEL */
- { .name = "cortex-a15", .initfn = cortex_a15_initfn },
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- { .name = "cortex-m0", .initfn = cortex_m0_initfn,
- .class_init = arm_v7m_class_init },
- { .name = "cortex-m3", .initfn = cortex_m3_initfn,
-@@ -1053,6 +1062,7 @@ static const ARMCPUInfo arm_tcg_cpus[] = {
- { .name = "pxa270-b1", .initfn = pxa270b1_initfn },
- { .name = "pxa270-c0", .initfn = pxa270c0_initfn },
- { .name = "pxa270-c5", .initfn = pxa270c5_initfn },
-+#endif /* disabled for RHEL */
- #ifndef TARGET_AARCH64
- { .name = "max", .initfn = arm_max_initfn },
- #endif
-diff --git a/target/ppc/cpu-models.c b/target/ppc/cpu-models.c
-index 4baa111713..d779c4d1d5 100644
---- a/target/ppc/cpu-models.c
-+++ b/target/ppc/cpu-models.c
-@@ -66,6 +66,7 @@
- #define POWERPC_DEF(_name, _pvr, _type, _desc) \
- POWERPC_DEF_SVR(_name, _desc, _pvr, POWERPC_SVR_NONE, _type)
-
-+#if 0 /* Embedded and 32-bit CPUs disabled for Red Hat Enterprise Linux */
- /* Embedded PowerPC */
- /* PowerPC 401 family */
- POWERPC_DEF("401", CPU_POWERPC_401, 401,
-@@ -740,8 +741,10 @@
- "PowerPC 7447A v1.2 (G4)")
- POWERPC_DEF("7457a_v1.2", CPU_POWERPC_74x7A_v12, 7455,
- "PowerPC 7457A v1.2 (G4)")
-+#endif
- /* 64 bits PowerPC */
- #if defined(TARGET_PPC64)
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- POWERPC_DEF("970_v2.2", CPU_POWERPC_970_v22, 970,
- "PowerPC 970 v2.2")
- POWERPC_DEF("970fx_v1.0", CPU_POWERPC_970FX_v10, 970,
-@@ -760,6 +763,7 @@
- "PowerPC 970MP v1.1")
- POWERPC_DEF("power5+_v2.1", CPU_POWERPC_POWER5P_v21, POWER5P,
- "POWER5+ v2.1")
-+#endif
- POWERPC_DEF("power7_v2.3", CPU_POWERPC_POWER7_v23, POWER7,
- "POWER7 v2.3")
- POWERPC_DEF("power7+_v2.1", CPU_POWERPC_POWER7P_v21, POWER7,
-@@ -784,6 +788,7 @@
- /* PowerPC CPU aliases */
-
- PowerPCCPUAlias ppc_cpu_aliases[] = {
-+#if 0 /* Embedded and 32-bit CPUs disabled for Red Hat Enterprise Linux */
- { "403", "403gc" },
- { "405", "405d4" },
- { "405cr", "405crc" },
-@@ -942,12 +947,15 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
- { "7447a", "7447a_v1.2" },
- { "7457a", "7457a_v1.2" },
- { "apollo7pm", "7457a_v1.0" },
-+#endif
- #if defined(TARGET_PPC64)
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- { "970", "970_v2.2" },
- { "970fx", "970fx_v3.1" },
- { "970mp", "970mp_v1.1" },
- { "power5+", "power5+_v2.1" },
- { "power5gs", "power5+_v2.1" },
-+#endif
- { "power7", "power7_v2.3" },
- { "power7+", "power7+_v2.1" },
- { "power8e", "power8e_v2.1" },
-@@ -957,6 +965,7 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
- { "power10", "power10_v2.0" },
- #endif
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- /* Generic PowerPCs */
- #if defined(TARGET_PPC64)
- { "ppc64", "970fx_v3.1" },
-@@ -964,5 +973,6 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
- { "ppc32", "604" },
- { "ppc", "604" },
- { "default", "604" },
-+#endif
- { NULL, NULL }
- };
-diff --git a/target/s390x/cpu_models_sysemu.c b/target/s390x/cpu_models_sysemu.c
-index 05c3ccaaff..6a04ccab1b 100644
---- a/target/s390x/cpu_models_sysemu.c
-+++ b/target/s390x/cpu_models_sysemu.c
-@@ -36,6 +36,9 @@ static void check_unavailable_features(const S390CPUModel *max_model,
- (max_model->def->gen == model->def->gen &&
- max_model->def->ec_ga < model->def->ec_ga)) {
- list_add_feat("type", unavailable);
-+ } else if (model->def->gen < 11 && kvm_enabled()) {
-+ /* Older CPU models are not supported on Red Hat Enterprise Linux */
-+ list_add_feat("type", unavailable);
- }
-
- /* detect missing features if any to properly report them */
-diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
-index 5b1fdb55c4..c52434985b 100644
---- a/target/s390x/kvm/kvm.c
-+++ b/target/s390x/kvm/kvm.c
-@@ -2508,6 +2508,14 @@ void kvm_s390_apply_cpu_model(const S390CPUModel *model, Error **errp)
- error_setg(errp, "KVM doesn't support CPU models");
- return;
- }
-+
-+ /* Older CPU models are not supported on Red Hat Enterprise Linux */
-+ if (model->def->gen < 11) {
-+ error_setg(errp, "KVM: Unsupported CPU type specified: %s",
-+ MACHINE(qdev_get_machine())->cpu_type);
-+ return;
-+ }
-+
- prop.cpuid = s390_cpuid_from_cpu_model(model);
- prop.ibc = s390_ibc_from_cpu_model(model);
- /* configure cpu features indicated via STFL(e) */
---
-2.27.0
-
diff --git a/SOURCES/0006-Machine-type-related-general-changes.patch b/SOURCES/0006-Machine-type-related-general-changes.patch
new file mode 100644
index 0000000..c3b08a4
--- /dev/null
+++ b/SOURCES/0006-Machine-type-related-general-changes.patch
@@ -0,0 +1,619 @@
+From a525db3951dc68c469d1f51bdc69ab6e75e72c37 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Fri, 11 Jan 2019 09:54:45 +0100
+Subject: Machine type related general changes
+
+This patch is first part of original "Add RHEL machine types" patch we
+split to allow easier review. It contains changes not related to any
+architecture.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+--
+Rebase notes (6.2.0):
+- Do not duplicate minimal_version_id for piix4_pm
+- Remove empty line chunks in serial.c
+- Remove migration.h include in serial.c
+- Update hw_compat_rhel_8_5 (from MR 66)
+
+Rebase notes (7.0.0):
+- Remove downstream changes leftovers in hw/rtc/mc146818rtc.c
+- Remove unnecessary change in hw/usb/hcd-uhci.c
+
+Merged patches (6.1.0):
+- f2fb42a3c6 redhat: add missing entries in hw_compat_rhel_8_4
+- 1949ec258e hw/arm/virt: Disable PL011 clock migration through hw_compat_rhel_8_3
+- a3995e2eff Remove RHEL 7.0.0 machine type (only generic changes)
+- ad3190a79b Remove RHEL 7.1.0 machine type (only generic changes)
+- 84bbe15d4e Remove RHEL 7.2.0 machine type (only generic changes)
+- 0215eb3356 Remove RHEL 7.3.0 machine types (only generic changes)
+- af69d1ca6e Remove RHEL 7.4.0 machine types (only generic changes)
+- 8f7a74ab78 Remove RHEL 7.5.0 machine types (only generic changes)
+
+Merged patches (6.2.0):
+- d687ac13d2 redhat: Define hw_compat_rhel_8_5
+
+Merged patches (7.0.0):
+- ef5afcc86d Fix virtio-net-pci* "vectors" compat
+- 168f0d56e3 compat: Update hw_compat_rhel_8_5 with 6.2.0 RC2 changes
+---
+ hw/acpi/piix4.c | 6 +-
+ hw/arm/virt.c | 2 +-
+ hw/core/machine.c | 186 +++++++++++++++++++++++++++++++++++
+ hw/display/vga-isa.c | 2 +-
+ hw/i386/pc_piix.c | 2 +
+ hw/i386/pc_q35.c | 2 +
+ hw/net/rtl8139.c | 4 +-
+ hw/smbios/smbios.c | 46 ++++++++-
+ hw/timer/i8254_common.c | 2 +-
+ hw/usb/hcd-xhci-pci.c | 59 ++++++++---
+ hw/usb/hcd-xhci-pci.h | 1 +
+ include/hw/boards.h | 21 ++++
+ include/hw/firmware/smbios.h | 5 +-
+ include/hw/i386/pc.h | 3 +
+ 14 files changed, 316 insertions(+), 25 deletions(-)
+
+diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
+index fe5625d07a..28544e78c3 100644
+--- a/hw/acpi/piix4.c
++++ b/hw/acpi/piix4.c
+@@ -287,7 +287,7 @@ static bool vmstate_test_migrate_acpi_index(void *opaque, int version_id)
+ static const VMStateDescription vmstate_acpi = {
+ .name = "piix4_pm",
+ .version_id = 3,
+- .minimum_version_id = 3,
++ .minimum_version_id = 2,
+ .post_load = vmstate_acpi_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(parent_obj, PIIX4PMState),
+@@ -653,8 +653,8 @@ static void piix4_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
+
+ static Property piix4_pm_properties[] = {
+ DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
+- DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 0),
+- DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
++ DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 1),
++ DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 1),
+ DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
+ DEFINE_PROP_BOOL(ACPI_PM_PROP_ACPI_PCIHP_BRIDGE, PIIX4PMState,
+ use_acpi_hotplug_bridge, true),
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index d2e5ecd234..6a84031fd7 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -1596,7 +1596,7 @@ static void virt_build_smbios(VirtMachineState *vms)
+
+ smbios_set_defaults("QEMU", product,
+ vmc->smbios_old_sys_ver ? "1.0" : mc->name, false,
+- true, SMBIOS_ENTRY_POINT_TYPE_64);
++ true, NULL, NULL, SMBIOS_ENTRY_POINT_TYPE_64);
+
+ smbios_get_tables(MACHINE(vms), NULL, 0,
+ &smbios_tables, &smbios_tables_len,
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index 1e23fdc14b..ea430d844e 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -37,6 +37,192 @@
+ #include "hw/virtio/virtio.h"
+ #include "hw/virtio/virtio-pci.h"
+
++/*
++ * Mostly the same as hw_compat_6_0 and hw_compat_6_1
++ */
++GlobalProperty hw_compat_rhel_8_5[] = {
++ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
++ { "gpex-pcihost", "allow-unmapped-accesses", "false" },
++ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
++ { "i8042", "extended-state", "false"},
++ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
++ { "nvme-ns", "eui64-default", "off"},
++ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
++ { "e1000", "init-vet", "off" },
++ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
++ { "e1000e", "init-vet", "off" },
++ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
++ { "vhost-vsock-device", "seqpacket", "off" },
++ /* hw_compat_rhel_8_5 from hw_compat_6_1 */
++ { "vhost-user-vsock-device", "seqpacket", "off" },
++ /* hw_compat_rhel_8_5 from hw_compat_6_1 */
++ { "nvme-ns", "shared", "off" },
++};
++const size_t hw_compat_rhel_8_5_len = G_N_ELEMENTS(hw_compat_rhel_8_5);
++
++/*
++ * Mostly the same as hw_compat_5_2
++ */
++GlobalProperty hw_compat_rhel_8_4[] = {
++ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
++ { "ICH9-LPC", "smm-compat", "on"},
++ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
++ { "PIIX4_PM", "smm-compat", "on"},
++ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
++ { "virtio-blk-device", "report-discard-granularity", "off" },
++ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
++ /*
++ * Upstream incorrectly had "virtio-net-pci" instead of "virtio-net-pci-base",
++ * (https://bugzilla.redhat.com/show_bug.cgi?id=1999141)
++ */
++ { "virtio-net-pci-base", "vectors", "3"},
++};
++const size_t hw_compat_rhel_8_4_len = G_N_ELEMENTS(hw_compat_rhel_8_4);
++
++/*
++ * Mostly the same as hw_compat_5_1
++ */
++GlobalProperty hw_compat_rhel_8_3[] = {
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "vhost-scsi", "num_queues", "1"},
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "vhost-user-blk", "num-queues", "1"},
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "vhost-user-scsi", "num_queues", "1"},
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "virtio-blk-device", "num-queues", "1"},
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "virtio-scsi-device", "num_queues", "1"},
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "nvme", "use-intel-id", "on"},
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "pl011", "migrate-clk", "off" },
++ /* hw_compat_rhel_8_3 bz 1912846 */
++ { "pci-xhci", "x-rh-late-msi-cap", "off" },
++ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
++ { "virtio-pci", "x-ats-page-aligned", "off"},
++};
++const size_t hw_compat_rhel_8_3_len = G_N_ELEMENTS(hw_compat_rhel_8_3);
++
++/*
++ * The same as hw_compat_4_2 + hw_compat_5_0
++ */
++GlobalProperty hw_compat_rhel_8_2[] = {
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "virtio-blk-device", "queue-size", "128"},
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "virtio-scsi-device", "virtqueue_size", "128"},
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "virtio-blk-device", "x-enable-wce-if-config-wce", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "virtio-blk-device", "seg-max-adjust", "off"},
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "virtio-scsi-device", "seg_max_adjust", "off"},
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "vhost-blk-device", "seg_max_adjust", "off"},
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "usb-host", "suppress-remote-wake", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "usb-redir", "suppress-remote-wake", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "qxl", "revision", "4" },
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "qxl-vga", "revision", "4" },
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "fw_cfg", "acpi-mr-restore", "false" },
++ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
++ { "virtio-device", "use-disabled-flag", "false" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "pci-host-bridge", "x-config-reg-migration-enabled", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "virtio-balloon-device", "page-poison", "false" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "vmport", "x-read-set-eax", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "vmport", "x-signal-unsupported-cmd", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "vmport", "x-report-vmx-type", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "vmport", "x-cmds-v2", "off" },
++ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
++ { "virtio-device", "x-disable-legacy-check", "true" },
++};
++const size_t hw_compat_rhel_8_2_len = G_N_ELEMENTS(hw_compat_rhel_8_2);
++
++/*
++ * The same as hw_compat_4_1
++ */
++GlobalProperty hw_compat_rhel_8_1[] = {
++ /* hw_compat_rhel_8_1 from hw_compat_4_1 */
++ { "virtio-pci", "x-pcie-flr-init", "off" },
++};
++const size_t hw_compat_rhel_8_1_len = G_N_ELEMENTS(hw_compat_rhel_8_1);
++
++/* The same as hw_compat_3_1
++ * format of array has been changed by:
++ * 6c36bddf5340 ("machine: Use shorter format for GlobalProperty arrays")
++ */
++GlobalProperty hw_compat_rhel_8_0[] = {
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "pcie-root-port", "x-speed", "2_5" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "pcie-root-port", "x-width", "1" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "memory-backend-file", "x-use-canonical-path-for-ramblock-id", "true" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "memory-backend-memfd", "x-use-canonical-path-for-ramblock-id", "true" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "tpm-crb", "ppi", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "tpm-tis", "ppi", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "usb-kbd", "serial", "42" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "usb-mouse", "serial", "42" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "usb-tablet", "serial", "42" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "virtio-blk-device", "discard", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
++ { "virtio-blk-device", "write-zeroes", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
++ { "VGA", "edid", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
++ { "secondary-vga", "edid", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
++ { "bochs-display", "edid", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
++ { "virtio-vga", "edid", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
++ { "virtio-gpu-device", "edid", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
++ { "virtio-device", "use-started", "false" },
++ /* hw_compat_rhel_8_0 from hw_compat_3_1 - that was added in 4.1 */
++ { "pcie-root-port-base", "disable-acs", "true" },
++};
++const size_t hw_compat_rhel_8_0_len = G_N_ELEMENTS(hw_compat_rhel_8_0);
++
++/* The same as hw_compat_3_0 + hw_compat_2_12
++ * except that
++ * there's nothing in 3_0
++ * migration.decompress-error-check=off was in 7.5 from bz 1584139
++ */
++GlobalProperty hw_compat_rhel_7_6[] = {
++ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
++ { "hda-audio", "use-timer", "false" },
++ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
++ { "cirrus-vga", "global-vmstate", "true" },
++ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
++ { "VGA", "global-vmstate", "true" },
++ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
++ { "vmware-svga", "global-vmstate", "true" },
++ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
++ { "qxl-vga", "global-vmstate", "true" },
++};
++const size_t hw_compat_rhel_7_6_len = G_N_ELEMENTS(hw_compat_rhel_7_6);
++
+ GlobalProperty hw_compat_6_2[] = {
+ { "PIIX4_PM", "x-not-migrate-acpi-index", "on"},
+ };
+diff --git a/hw/display/vga-isa.c b/hw/display/vga-isa.c
+index 46abbc5653..505467059b 100644
+--- a/hw/display/vga-isa.c
++++ b/hw/display/vga-isa.c
+@@ -88,7 +88,7 @@ static void vga_isa_realizefn(DeviceState *dev, Error **errp)
+ }
+
+ static Property vga_isa_properties[] = {
+- DEFINE_PROP_UINT32("vgamem_mb", ISAVGAState, state.vram_size_mb, 8),
++ DEFINE_PROP_UINT32("vgamem_mb", ISAVGAState, state.vram_size_mb, 16),
+ DEFINE_PROP_END_OF_LIST(),
+ };
+
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index b72c03d0a6..c797e98312 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -177,6 +177,8 @@ static void pc_init1(MachineState *machine,
+ smbios_set_defaults("QEMU", "Standard PC (i440FX + PIIX, 1996)",
+ mc->name, pcmc->smbios_legacy_mode,
+ pcmc->smbios_uuid_encoded,
++ pcmc->smbios_stream_product,
++ pcmc->smbios_stream_version,
+ pcms->smbios_entry_point_type);
+ }
+
+diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
+index 1780f79bc1..b695f88c45 100644
+--- a/hw/i386/pc_q35.c
++++ b/hw/i386/pc_q35.c
+@@ -200,6 +200,8 @@ static void pc_q35_init(MachineState *machine)
+ smbios_set_defaults("QEMU", "Standard PC (Q35 + ICH9, 2009)",
+ mc->name, pcmc->smbios_legacy_mode,
+ pcmc->smbios_uuid_encoded,
++ pcmc->smbios_stream_product,
++ pcmc->smbios_stream_version,
+ pcms->smbios_entry_point_type);
+ }
+
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
+index 6b65823b4b..75dacabc43 100644
+--- a/hw/net/rtl8139.c
++++ b/hw/net/rtl8139.c
+@@ -3179,7 +3179,7 @@ static int rtl8139_pre_save(void *opaque)
+
+ static const VMStateDescription vmstate_rtl8139 = {
+ .name = "rtl8139",
+- .version_id = 5,
++ .version_id = 4,
+ .minimum_version_id = 3,
+ .post_load = rtl8139_post_load,
+ .pre_save = rtl8139_pre_save,
+@@ -3260,7 +3260,9 @@ static const VMStateDescription vmstate_rtl8139 = {
+ VMSTATE_UINT32(tally_counters.TxMCol, RTL8139State),
+ VMSTATE_UINT64(tally_counters.RxOkPhy, RTL8139State),
+ VMSTATE_UINT64(tally_counters.RxOkBrd, RTL8139State),
++#if 0 /* Disabled for Red Hat Enterprise Linux bz 1420195 */
+ VMSTATE_UINT32_V(tally_counters.RxOkMul, RTL8139State, 5),
++#endif
+ VMSTATE_UINT16(tally_counters.TxAbt, RTL8139State),
+ VMSTATE_UINT16(tally_counters.TxUndrn, RTL8139State),
+
+diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
+index 60349ee402..0edcc98434 100644
+--- a/hw/smbios/smbios.c
++++ b/hw/smbios/smbios.c
+@@ -57,6 +57,9 @@ static bool smbios_legacy = true;
+ static bool smbios_uuid_encoded = true;
+ /* end: legacy structures & constants for <= 2.0 machines */
+
++/* Set to true for modern Windows 10 HardwareID-6 compat */
++static bool smbios_type2_required;
++
+
+ uint8_t *smbios_tables;
+ size_t smbios_tables_len;
+@@ -639,7 +642,7 @@ static void smbios_build_type_1_table(void)
+
+ static void smbios_build_type_2_table(void)
+ {
+- SMBIOS_BUILD_TABLE_PRE(2, T2_BASE, false); /* optional */
++ SMBIOS_BUILD_TABLE_PRE(2, T2_BASE, smbios_type2_required);
+
+ SMBIOS_TABLE_SET_STR(2, manufacturer_str, type2.manufacturer);
+ SMBIOS_TABLE_SET_STR(2, product_str, type2.product);
+@@ -914,7 +917,10 @@ void smbios_set_cpuid(uint32_t version, uint32_t features)
+
+ void smbios_set_defaults(const char *manufacturer, const char *product,
+ const char *version, bool legacy_mode,
+- bool uuid_encoded, SmbiosEntryPointType ep_type)
++ bool uuid_encoded,
++ const char *stream_product,
++ const char *stream_version,
++ SmbiosEntryPointType ep_type)
+ {
+ smbios_have_defaults = true;
+ smbios_legacy = legacy_mode;
+@@ -935,11 +941,45 @@ void smbios_set_defaults(const char *manufacturer, const char *product,
+ g_free(smbios_entries);
+ }
+
++ /*
++ * If @stream_product & @stream_version are non-NULL, then
++ * we're following rules for new Windows driver support.
++ * The data we have to report is defined in this doc:
++ *
++ * https://docs.microsoft.com/en-us/windows-hardware/drivers/install/specifying-hardware-ids-for-a-computer
++ *
++ * The Windows drivers are written to expect use of the
++ * scheme documented as "HardwareID-6" against Windows 10,
++ * which uses SMBIOS System (Type 1) and Base Board (Type 2)
++ * tables and will match on
++ *
++ * System Manufacturer = Red Hat (@manufacturer)
++ * System SKU Number = 8.2.0 (@stream_version)
++ * Baseboard Manufacturer = Red Hat (@manufacturer)
++ * Baseboard Product = RHEL-AV (@stream_product)
++ *
++ * NB, SKU must be changed with each RHEL-AV release
++ *
++ * Other fields can be freely used by applications using
++ * QEMU. For example apps can use the "System product"
++ * and "System version" to identify themselves.
++ *
++ * We get 'System Manufacturer' and 'Baseboard Manufacturer'
++ */
+ SMBIOS_SET_DEFAULT(type1.manufacturer, manufacturer);
+ SMBIOS_SET_DEFAULT(type1.product, product);
+ SMBIOS_SET_DEFAULT(type1.version, version);
++ SMBIOS_SET_DEFAULT(type1.family, "Red Hat Enterprise Linux");
++ if (stream_version != NULL) {
++ SMBIOS_SET_DEFAULT(type1.sku, stream_version);
++ }
+ SMBIOS_SET_DEFAULT(type2.manufacturer, manufacturer);
+- SMBIOS_SET_DEFAULT(type2.product, product);
++ if (stream_product != NULL) {
++ SMBIOS_SET_DEFAULT(type2.product, stream_product);
++ smbios_type2_required = true;
++ } else {
++ SMBIOS_SET_DEFAULT(type2.product, product);
++ }
+ SMBIOS_SET_DEFAULT(type2.version, version);
+ SMBIOS_SET_DEFAULT(type3.manufacturer, manufacturer);
+ SMBIOS_SET_DEFAULT(type3.version, version);
+diff --git a/hw/timer/i8254_common.c b/hw/timer/i8254_common.c
+index 050875b497..32935da46c 100644
+--- a/hw/timer/i8254_common.c
++++ b/hw/timer/i8254_common.c
+@@ -231,7 +231,7 @@ static const VMStateDescription vmstate_pit_common = {
+ .pre_save = pit_dispatch_pre_save,
+ .post_load = pit_dispatch_post_load,
+ .fields = (VMStateField[]) {
+- VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
++ VMSTATE_UINT32(channels[0].irq_disabled, PITCommonState), /* qemu-kvm's v2 had 'flags' here */
+ VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
+ vmstate_pit_channel, PITChannelState),
+ VMSTATE_INT64(channels[0].next_transition_time,
+diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c
+index e934b1a5b1..e18b05e528 100644
+--- a/hw/usb/hcd-xhci-pci.c
++++ b/hw/usb/hcd-xhci-pci.c
+@@ -104,6 +104,33 @@ static int xhci_pci_vmstate_post_load(void *opaque, int version_id)
+ return 0;
+ }
+
++/* RH bz 1912846 */
++static bool usb_xhci_pci_add_msi(struct PCIDevice *dev, Error **errp)
++{
++ int ret;
++ Error *err = NULL;
++ XHCIPciState *s = XHCI_PCI(dev);
++
++ ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err);
++ /*
++ * Any error other than -ENOTSUP(board's MSI support is broken)
++ * is a programming error
++ */
++ assert(!ret || ret == -ENOTSUP);
++ if (ret && s->msi == ON_OFF_AUTO_ON) {
++ /* Can't satisfy user's explicit msi=on request, fail */
++ error_append_hint(&err, "You have to use msi=auto (default) or "
++ "msi=off with this machine type.\n");
++ error_propagate(errp, err);
++ return true;
++ }
++ assert(!err || s->msi == ON_OFF_AUTO_AUTO);
++ /* With msi=auto, we fall back to MSI off silently */
++ error_free(err);
++
++ return false;
++}
++
+ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
+ {
+ int ret;
+@@ -125,23 +152,12 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
+ s->xhci.nec_quirks = true;
+ }
+
+- if (s->msi != ON_OFF_AUTO_OFF) {
+- ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err);
+- /*
+- * Any error other than -ENOTSUP(board's MSI support is broken)
+- * is a programming error
+- */
+- assert(!ret || ret == -ENOTSUP);
+- if (ret && s->msi == ON_OFF_AUTO_ON) {
+- /* Can't satisfy user's explicit msi=on request, fail */
+- error_append_hint(&err, "You have to use msi=auto (default) or "
+- "msi=off with this machine type.\n");
++ if (s->msi != ON_OFF_AUTO_OFF && s->rh_late_msi_cap) {
++ /* This gives the behaviour from 5.2.0 onwards, lspci shows 90,a0,70 */
++ if (usb_xhci_pci_add_msi(dev, &err)) {
+ error_propagate(errp, err);
+ return;
+ }
+- assert(!err || s->msi == ON_OFF_AUTO_AUTO);
+- /* With msi=auto, we fall back to MSI off silently */
+- error_free(err);
+ }
+ pci_register_bar(dev, 0,
+ PCI_BASE_ADDRESS_SPACE_MEMORY |
+@@ -154,6 +170,14 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
+ assert(ret > 0);
+ }
+
++ /* RH bz 1912846 */
++ if (s->msi != ON_OFF_AUTO_OFF && !s->rh_late_msi_cap) {
++ /* This gives the older RH machine behaviour, lspci shows 90,70,a0 */
++ if (usb_xhci_pci_add_msi(dev, &err)) {
++ error_propagate(errp, err);
++ return;
++ }
++ }
+ if (s->msix != ON_OFF_AUTO_OFF) {
+ /* TODO check for errors, and should fail when msix=on */
+ msix_init(dev, s->xhci.numintrs,
+@@ -198,11 +222,18 @@ static void xhci_instance_init(Object *obj)
+ qdev_alias_all_properties(DEVICE(&s->xhci), obj);
+ }
+
++static Property xhci_pci_properties[] = {
++ /* RH bz 1912846 */
++ DEFINE_PROP_BOOL("x-rh-late-msi-cap", XHCIPciState, rh_late_msi_cap, true),
++ DEFINE_PROP_END_OF_LIST()
++};
++
+ static void xhci_class_init(ObjectClass *klass, void *data)
+ {
+ PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
++ device_class_set_props(dc, xhci_pci_properties);
+ dc->reset = xhci_pci_reset;
+ dc->vmsd = &vmstate_xhci_pci;
+ set_bit(DEVICE_CATEGORY_USB, dc->categories);
+diff --git a/hw/usb/hcd-xhci-pci.h b/hw/usb/hcd-xhci-pci.h
+index c193f79443..086a1feb1e 100644
+--- a/hw/usb/hcd-xhci-pci.h
++++ b/hw/usb/hcd-xhci-pci.h
+@@ -39,6 +39,7 @@ typedef struct XHCIPciState {
+ XHCIState xhci;
+ OnOffAuto msi;
+ OnOffAuto msix;
++ bool rh_late_msi_cap; /* bz 1912846 */
+ } XHCIPciState;
+
+ #endif
+diff --git a/include/hw/boards.h b/include/hw/boards.h
+index c92ac8815c..c90a19b4d1 100644
+--- a/include/hw/boards.h
++++ b/include/hw/boards.h
+@@ -449,4 +449,25 @@ extern const size_t hw_compat_2_2_len;
+ extern GlobalProperty hw_compat_2_1[];
+ extern const size_t hw_compat_2_1_len;
+
++extern GlobalProperty hw_compat_rhel_8_5[];
++extern const size_t hw_compat_rhel_8_5_len;
++
++extern GlobalProperty hw_compat_rhel_8_4[];
++extern const size_t hw_compat_rhel_8_4_len;
++
++extern GlobalProperty hw_compat_rhel_8_3[];
++extern const size_t hw_compat_rhel_8_3_len;
++
++extern GlobalProperty hw_compat_rhel_8_2[];
++extern const size_t hw_compat_rhel_8_2_len;
++
++extern GlobalProperty hw_compat_rhel_8_1[];
++extern const size_t hw_compat_rhel_8_1_len;
++
++extern GlobalProperty hw_compat_rhel_8_0[];
++extern const size_t hw_compat_rhel_8_0_len;
++
++extern GlobalProperty hw_compat_rhel_7_6[];
++extern const size_t hw_compat_rhel_7_6_len;
++
+ #endif
+diff --git a/include/hw/firmware/smbios.h b/include/hw/firmware/smbios.h
+index 4b7ad77a44..9acff96a86 100644
+--- a/include/hw/firmware/smbios.h
++++ b/include/hw/firmware/smbios.h
+@@ -272,7 +272,10 @@ void smbios_entry_add(QemuOpts *opts, Error **errp);
+ void smbios_set_cpuid(uint32_t version, uint32_t features);
+ void smbios_set_defaults(const char *manufacturer, const char *product,
+ const char *version, bool legacy_mode,
+- bool uuid_encoded, SmbiosEntryPointType ep_type);
++ bool uuid_encoded,
++ const char *stream_product,
++ const char *stream_version,
++ SmbiosEntryPointType ep_type);
+ uint8_t *smbios_get_table_legacy(MachineState *ms, size_t *length);
+ void smbios_get_tables(MachineState *ms,
+ const struct smbios_phys_mem_area *mem_array,
+diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
+index 1a27de9c8b..91331059d9 100644
+--- a/include/hw/i386/pc.h
++++ b/include/hw/i386/pc.h
+@@ -113,6 +113,9 @@ struct PCMachineClass {
+ bool smbios_defaults;
+ bool smbios_legacy_mode;
+ bool smbios_uuid_encoded;
++ /* New fields needed for Windows HardwareID-6 matching */
++ const char *smbios_stream_product;
++ const char *smbios_stream_version;
+
+ /* RAM / address space compat: */
+ bool gigabyte_align;
+--
+2.31.1
+
diff --git a/SOURCES/0007-Add-aarch64-machine-types.patch b/SOURCES/0007-Add-aarch64-machine-types.patch
new file mode 100644
index 0000000..3c44b11
--- /dev/null
+++ b/SOURCES/0007-Add-aarch64-machine-types.patch
@@ -0,0 +1,352 @@
+From 697aaa43e3c0f20fc312f06be6c1093f1ba907e1 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Fri, 19 Oct 2018 12:53:31 +0200
+Subject: Add aarch64 machine types
+
+Adding changes to add RHEL machine types for aarch64 architecture.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+Rebase notes (6.1.0):
+- Use CONFIG_TPM check when using TPM structures
+- Add support for default_bus_bypass_iommu
+- ea4c0b32d9 arm/virt: Register highmem and gic-version as class properties
+- 895e1fa86a hw/arm/virt: Add 8.5 and 9.0 machine types and remove older ones
+
+Rebase notes (7.0.0):
+- Added dtb-kaslr-seed option
+- Set no_tcg_lpa2 to true
+
+Merged patches (6.2.0):
+- 9a3d4fde0e hw/arm/virt: Remove 9.0 machine type
+- f7d04d6695 hw: arm: virt: Add hw_compat_rhel_8_5 to 8.5 machine type
+
+Merged patches (7.0.0):
+- 3b82be3dd3 redhat: virt-rhel8.5.0: Update machine type compatibility for QEMU 6.2.0 update
+- c354a86c9b hw/arm/virt: Register "iommu" as a class property
+- c1a2630dc9 hw/arm/virt: Register "its" as a class property
+- 9d8c61dc93 hw/arm/virt: Rename default_bus_bypass_iommu
+- a1d1b6eeb6 hw/arm/virt: Expose the 'RAS' option
+- 47f8fe1b82 hw/arm/virt: Add 9.0 machine type and remove 8.5 one
+- ed2346788f hw/arm/virt: Check no_tcg_its and minor style changes
+---
+ hw/arm/virt.c | 234 +++++++++++++++++++++++++++++++++++++++++-
+ include/hw/arm/virt.h | 8 ++
+ 2 files changed, 241 insertions(+), 1 deletion(-)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 6a84031fd7..e06862d22a 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -80,6 +80,7 @@
+ #include "hw/char/pl011.h"
+ #include "qemu/guest-random.h"
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
+ static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
+ void *data) \
+@@ -106,7 +107,48 @@
+ DEFINE_VIRT_MACHINE_LATEST(major, minor, true)
+ #define DEFINE_VIRT_MACHINE(major, minor) \
+ DEFINE_VIRT_MACHINE_LATEST(major, minor, false)
+-
++#endif /* disabled for RHEL */
++
++#define DEFINE_RHEL_MACHINE_LATEST(m, n, s, latest) \
++ static void rhel##m##n##s##_virt_class_init(ObjectClass *oc, \
++ void *data) \
++ { \
++ MachineClass *mc = MACHINE_CLASS(oc); \
++ rhel##m##n##s##_virt_options(mc); \
++ mc->desc = "RHEL " # m "." # n "." # s " ARM Virtual Machine"; \
++ if (latest) { \
++ mc->alias = "virt"; \
++ mc->is_default = 1; \
++ } \
++ } \
++ static const TypeInfo rhel##m##n##s##_machvirt_info = { \
++ .name = MACHINE_TYPE_NAME("virt-rhel" # m "." # n "." # s), \
++ .parent = TYPE_RHEL_MACHINE, \
++ .class_init = rhel##m##n##s##_virt_class_init, \
++ }; \
++ static void rhel##m##n##s##_machvirt_init(void) \
++ { \
++ type_register_static(&rhel##m##n##s##_machvirt_info); \
++ } \
++ type_init(rhel##m##n##s##_machvirt_init);
++
++#define DEFINE_RHEL_MACHINE_AS_LATEST(major, minor, subminor) \
++ DEFINE_RHEL_MACHINE_LATEST(major, minor, subminor, true)
++#define DEFINE_RHEL_MACHINE(major, minor, subminor) \
++ DEFINE_RHEL_MACHINE_LATEST(major, minor, subminor, false)
++
++/* This variable is for changes to properties that are RHEL specific,
++ * different to the current upstream and to be applied to the latest
++ * machine type.
++ */
++GlobalProperty arm_rhel_compat[] = {
++ {
++ .driver = "virtio-net-pci",
++ .property = "romfile",
++ .value = "",
++ },
++};
++const size_t arm_rhel_compat_len = G_N_ELEMENTS(arm_rhel_compat);
+
+ /* Number of external interrupt lines to configure the GIC with */
+ #define NUM_IRQS 256
+@@ -2250,6 +2292,7 @@ static void machvirt_init(MachineState *machine)
+ qemu_add_machine_init_done_notifier(&vms->machine_done);
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static bool virt_get_secure(Object *obj, Error **errp)
+ {
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+@@ -2277,6 +2320,7 @@ static void virt_set_virt(Object *obj, bool value, Error **errp)
+
+ vms->virt = value;
+ }
++#endif /* disabled for RHEL */
+
+ static bool virt_get_highmem(Object *obj, Error **errp)
+ {
+@@ -2402,6 +2446,7 @@ static void virt_set_ras(Object *obj, bool value, Error **errp)
+ vms->ras = value;
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static bool virt_get_mte(Object *obj, Error **errp)
+ {
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+@@ -2415,6 +2460,7 @@ static void virt_set_mte(Object *obj, bool value, Error **errp)
+
+ vms->mte = value;
+ }
++#endif /* disabled for RHEL */
+
+ static char *virt_get_gic_version(Object *obj, Error **errp)
+ {
+@@ -2818,6 +2864,7 @@ static int virt_kvm_type(MachineState *ms, const char *type_str)
+ return fixed_ipa ? 0 : requested_pa_size;
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void virt_machine_class_init(ObjectClass *oc, void *data)
+ {
+ MachineClass *mc = MACHINE_CLASS(oc);
+@@ -3206,3 +3253,188 @@ static void virt_machine_2_6_options(MachineClass *mc)
+ vmc->no_pmu = true;
+ }
+ DEFINE_VIRT_MACHINE(2, 6)
++#endif /* disabled for RHEL */
++
++static void rhel_machine_class_init(ObjectClass *oc, void *data)
++{
++ MachineClass *mc = MACHINE_CLASS(oc);
++ HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
++
++ mc->family = "virt-rhel-Z";
++ mc->init = machvirt_init;
++ /* Maximum supported VCPU count for all virt-rhel* machines */
++ mc->max_cpus = 384;
++#ifdef CONFIG_TPM
++ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
++#endif
++ mc->block_default_type = IF_VIRTIO;
++ mc->no_cdrom = 1;
++ mc->pci_allow_0_address = true;
++ /* We know we will never create a pre-ARMv7 CPU which needs 1K pages */
++ mc->minimum_page_bits = 12;
++ mc->possible_cpu_arch_ids = virt_possible_cpu_arch_ids;
++ mc->cpu_index_to_instance_props = virt_cpu_index_to_props;
++ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a57");
++ mc->get_default_cpu_node_id = virt_get_default_cpu_node_id;
++ mc->kvm_type = virt_kvm_type;
++ assert(!mc->get_hotplug_handler);
++ mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
++ hc->pre_plug = virt_machine_device_pre_plug_cb;
++ hc->plug = virt_machine_device_plug_cb;
++ hc->unplug_request = virt_machine_device_unplug_request_cb;
++ hc->unplug = virt_machine_device_unplug_cb;
++ mc->nvdimm_supported = true;
++ mc->auto_enable_numa_with_memhp = true;
++ mc->auto_enable_numa_with_memdev = true;
++ mc->default_ram_id = "mach-virt.ram";
++
++ object_class_property_add(oc, "acpi", "OnOffAuto",
++ virt_get_acpi, virt_set_acpi,
++ NULL, NULL);
++ object_class_property_set_description(oc, "acpi",
++ "Enable ACPI");
++
++ object_class_property_add_bool(oc, "highmem", virt_get_highmem,
++ virt_set_highmem);
++ object_class_property_set_description(oc, "highmem",
++ "Set on/off to enable/disable using "
++ "physical address space above 32 bits");
++
++ object_class_property_add_str(oc, "gic-version", virt_get_gic_version,
++ virt_set_gic_version);
++ object_class_property_set_description(oc, "gic-version",
++ "Set GIC version. "
++ "Valid values are 2, 3, host and max");
++
++ object_class_property_add_str(oc, "iommu", virt_get_iommu, virt_set_iommu);
++ object_class_property_set_description(oc, "iommu",
++ "Set the IOMMU type. "
++ "Valid values are none and smmuv3");
++
++ object_class_property_add_bool(oc, "default-bus-bypass-iommu",
++ virt_get_default_bus_bypass_iommu,
++ virt_set_default_bus_bypass_iommu);
++ object_class_property_set_description(oc, "default-bus-bypass-iommu",
++ "Set on/off to enable/disable "
++ "bypass_iommu for default root bus");
++
++ object_class_property_add_bool(oc, "ras", virt_get_ras,
++ virt_set_ras);
++ object_class_property_set_description(oc, "ras",
++ "Set on/off to enable/disable reporting host memory errors "
++ "to a KVM guest using ACPI and guest external abort exceptions");
++
++ object_class_property_add_bool(oc, "its", virt_get_its,
++ virt_set_its);
++ object_class_property_set_description(oc, "its",
++ "Set on/off to enable/disable "
++ "ITS instantiation");
++
++ object_class_property_add_str(oc, "x-oem-id",
++ virt_get_oem_id,
++ virt_set_oem_id);
++ object_class_property_set_description(oc, "x-oem-id",
++ "Override the default value of field OEMID "
++ "in ACPI table header."
++ "The string may be up to 6 bytes in size");
++
++
++ object_class_property_add_str(oc, "x-oem-table-id",
++ virt_get_oem_table_id,
++ virt_set_oem_table_id);
++ object_class_property_set_description(oc, "x-oem-table-id",
++ "Override the default value of field OEM Table ID "
++ "in ACPI table header."
++ "The string may be up to 8 bytes in size");
++
++ object_class_property_add_bool(oc, "dtb-kaslr-seed",
++ virt_get_dtb_kaslr_seed,
++ virt_set_dtb_kaslr_seed);
++ object_class_property_set_description(oc, "dtb-kaslr-seed",
++ "Set off to disable passing of kaslr-seed "
++ "dtb node to guest");
++}
++
++static void rhel_virt_instance_init(Object *obj)
++{
++ VirtMachineState *vms = VIRT_MACHINE(obj);
++ VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
++
++ /* EL3 is disabled by default and non-configurable for RHEL */
++ vms->secure = false;
++
++ /* EL2 is disabled by default and non-configurable for RHEL */
++ vms->virt = false;
++
++ /* High memory is enabled by default */
++ vms->highmem = true;
++ vms->gic_version = VIRT_GIC_VERSION_NOSEL;
++
++ vms->highmem_ecam = !vmc->no_highmem_ecam;
++
++ if (vmc->no_its) {
++ vms->its = false;
++ } else {
++ /* Default allows ITS instantiation */
++ vms->its = true;
++
++ if (vmc->no_tcg_its) {
++ vms->tcg_its = false;
++ } else {
++ vms->tcg_its = true;
++ }
++ }
++
++ /* Default disallows iommu instantiation */
++ vms->iommu = VIRT_IOMMU_NONE;
++
++ /* The default root bus is attached to iommu by default */
++ vms->default_bus_bypass_iommu = false;
++
++ /* Default disallows RAS instantiation and is non-configurable for RHEL */
++ vms->ras = false;
++
++ /* MTE is disabled by default and non-configurable for RHEL */
++ vms->mte = false;
++
++ /* Supply a kaslr-seed by default */
++ vms->dtb_kaslr_seed = true;
++
++ vms->irqmap = a15irqmap;
++
++ virt_flash_create(vms);
++
++ vms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
++ vms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
++}
++
++static const TypeInfo rhel_machine_info = {
++ .name = TYPE_RHEL_MACHINE,
++ .parent = TYPE_MACHINE,
++ .abstract = true,
++ .instance_size = sizeof(VirtMachineState),
++ .class_size = sizeof(VirtMachineClass),
++ .class_init = rhel_machine_class_init,
++ .instance_init = rhel_virt_instance_init,
++ .interfaces = (InterfaceInfo[]) {
++ { TYPE_HOTPLUG_HANDLER },
++ { }
++ },
++};
++
++static void rhel_machine_init(void)
++{
++ type_register_static(&rhel_machine_info);
++}
++type_init(rhel_machine_init);
++
++static void rhel900_virt_options(MachineClass *mc)
++{
++ VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
++
++ compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len);
++
++ /* Disable FEAT_LPA2 since old kernels (<= v5.12) don't boot with that feature */
++ vmc->no_tcg_lpa2 = true;
++}
++DEFINE_RHEL_MACHINE_AS_LATEST(9, 0, 0)
+diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
+index 7e76ee2619..9b1efe8f0e 100644
+--- a/include/hw/arm/virt.h
++++ b/include/hw/arm/virt.h
+@@ -179,9 +179,17 @@ struct VirtMachineState {
+
+ #define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM)
+
++#if 0 /* disabled for Red Hat Enterprise Linux */
+ #define TYPE_VIRT_MACHINE MACHINE_TYPE_NAME("virt")
+ OBJECT_DECLARE_TYPE(VirtMachineState, VirtMachineClass, VIRT_MACHINE)
+
++#else
++#define TYPE_RHEL_MACHINE MACHINE_TYPE_NAME("virt-rhel")
++typedef struct VirtMachineClass VirtMachineClass;
++typedef struct VirtMachineState VirtMachineState;
++DECLARE_OBJ_CHECKERS(VirtMachineState, VirtMachineClass, VIRT_MACHINE, TYPE_RHEL_MACHINE)
++#endif
++
+ void virt_acpi_setup(VirtMachineState *vms);
+ bool virt_is_acpi_enabled(VirtMachineState *vms);
+
+--
+2.31.1
+
diff --git a/SOURCES/0007-Machine-type-related-general-changes.patch b/SOURCES/0007-Machine-type-related-general-changes.patch
deleted file mode 100644
index 9baf215..0000000
--- a/SOURCES/0007-Machine-type-related-general-changes.patch
+++ /dev/null
@@ -1,648 +0,0 @@
-From ef9b78c3f2810541eac453a3f8a8753763b1378d Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Fri, 11 Jan 2019 09:54:45 +0100
-Subject: Machine type related general changes
-
-This patch is first part of original "Add RHEL machine types" patch we
-split to allow easier review. It contains changes not related to any
-architecture.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
-Rebase notes (6.2.0 RC0):
-- Do not duplicate minimal_version_id for piix4_pm
-- Remove empty line chunks in serial.c
-- Remove migration.h include in serial.c
-
-Rebase notes (6.2.0 RC1):
-- Update hw_compat_rhel_8_5 (from MR 66)
-
-Merged patches (6.1.0):
-- f2fb42a3c6 redhat: add missing entries in hw_compat_rhel_8_4
-- 1949ec258e hw/arm/virt: Disable PL011 clock migration through hw_compat_rhel_8_3
-- a3995e2eff Remove RHEL 7.0.0 machine type (only generic changes)
-- ad3190a79b Remove RHEL 7.1.0 machine type (only generic changes)
-- 84bbe15d4e Remove RHEL 7.2.0 machine type (only generic changes)
-- 0215eb3356 Remove RHEL 7.3.0 machine types (only generic changes)
-- af69d1ca6e Remove RHEL 7.4.0 machine types (only generic changes)
-- 8f7a74ab78 Remove RHEL 7.5.0 machine types (only generic changes)
-
-Merged patches (6.2.0 RC0):
-- d687ac13d2 redhat: Define hw_compat_rhel_8_5
----
- hw/acpi/piix4.c | 6 +-
- hw/arm/virt.c | 2 +-
- hw/core/machine.c | 180 +++++++++++++++++++++++++++++++++++
- hw/display/vga-isa.c | 2 +-
- hw/i386/pc_piix.c | 2 +
- hw/i386/pc_q35.c | 2 +
- hw/net/rtl8139.c | 4 +-
- hw/rtc/mc146818rtc.c | 2 +
- hw/smbios/smbios.c | 46 ++++++++-
- hw/timer/i8254_common.c | 2 +-
- hw/usb/hcd-uhci.c | 4 +-
- hw/usb/hcd-xhci-pci.c | 59 +++++++++---
- hw/usb/hcd-xhci-pci.h | 1 +
- include/hw/boards.h | 21 ++++
- include/hw/firmware/smbios.h | 5 +-
- include/hw/i386/pc.h | 3 +
- 16 files changed, 315 insertions(+), 26 deletions(-)
-
-diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
-index f0b5fac44a..8d6011c0a3 100644
---- a/hw/acpi/piix4.c
-+++ b/hw/acpi/piix4.c
-@@ -278,7 +278,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
- static const VMStateDescription vmstate_acpi = {
- .name = "piix4_pm",
- .version_id = 3,
-- .minimum_version_id = 3,
-+ .minimum_version_id = 2,
- .post_load = vmstate_acpi_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_PCI_DEVICE(parent_obj, PIIX4PMState),
-@@ -644,8 +644,8 @@ static void piix4_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
-
- static Property piix4_pm_properties[] = {
- DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
-- DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 0),
-- DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
-+ DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 1),
-+ DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 1),
- DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
- DEFINE_PROP_BOOL(ACPI_PM_PROP_ACPI_PCIHP_BRIDGE, PIIX4PMState,
- use_acpi_hotplug_bridge, true),
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index 30da05dfe0..5de4d9d73b 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -1590,7 +1590,7 @@ static void virt_build_smbios(VirtMachineState *vms)
-
- smbios_set_defaults("QEMU", product,
- vmc->smbios_old_sys_ver ? "1.0" : mc->name, false,
-- true, SMBIOS_ENTRY_POINT_30);
-+ true, NULL, NULL, SMBIOS_ENTRY_POINT_30);
-
- smbios_get_tables(MACHINE(vms), NULL, 0,
- &smbios_tables, &smbios_tables_len,
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 53a99abc56..53a3caf4fb 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -37,6 +37,186 @@
- #include "hw/virtio/virtio.h"
- #include "hw/virtio/virtio-pci.h"
-
-+/*
-+ * Mostly the same as hw_compat_6_0 and hw_compat_6_1
-+ */
-+GlobalProperty hw_compat_rhel_8_5[] = {
-+ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
-+ { "gpex-pcihost", "allow-unmapped-accesses", "false" },
-+ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
-+ { "i8042", "extended-state", "false"},
-+ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
-+ { "nvme-ns", "eui64-default", "off"},
-+ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
-+ { "e1000", "init-vet", "off" },
-+ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
-+ { "e1000e", "init-vet", "off" },
-+ /* hw_compat_rhel_8_5 from hw_compat_6_0 */
-+ { "vhost-vsock-device", "seqpacket", "off" },
-+ /* hw_compat_rhel_8_5 from hw_compat_6_1 */
-+ { "vhost-user-vsock-device", "seqpacket", "off" },
-+};
-+const size_t hw_compat_rhel_8_5_len = G_N_ELEMENTS(hw_compat_rhel_8_5);
-+
-+/*
-+ * Mostly the same as hw_compat_5_2
-+ */
-+GlobalProperty hw_compat_rhel_8_4[] = {
-+ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
-+ { "ICH9-LPC", "smm-compat", "on"},
-+ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
-+ { "PIIX4_PM", "smm-compat", "on"},
-+ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
-+ { "virtio-blk-device", "report-discard-granularity", "off" },
-+ /* hw_compat_rhel_8_4 from hw_compat_5_2 */
-+ { "virtio-net-pci", "vectors", "3"},
-+};
-+const size_t hw_compat_rhel_8_4_len = G_N_ELEMENTS(hw_compat_rhel_8_4);
-+
-+/*
-+ * Mostly the same as hw_compat_5_1
-+ */
-+GlobalProperty hw_compat_rhel_8_3[] = {
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "vhost-scsi", "num_queues", "1"},
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "vhost-user-blk", "num-queues", "1"},
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "vhost-user-scsi", "num_queues", "1"},
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "virtio-blk-device", "num-queues", "1"},
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "virtio-scsi-device", "num_queues", "1"},
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "nvme", "use-intel-id", "on"},
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "pl011", "migrate-clk", "off" },
-+ /* hw_compat_rhel_8_3 bz 1912846 */
-+ { "pci-xhci", "x-rh-late-msi-cap", "off" },
-+ /* hw_compat_rhel_8_3 from hw_compat_5_1 */
-+ { "virtio-pci", "x-ats-page-aligned", "off"},
-+};
-+const size_t hw_compat_rhel_8_3_len = G_N_ELEMENTS(hw_compat_rhel_8_3);
-+
-+/*
-+ * The same as hw_compat_4_2 + hw_compat_5_0
-+ */
-+GlobalProperty hw_compat_rhel_8_2[] = {
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "virtio-blk-device", "queue-size", "128"},
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "virtio-scsi-device", "virtqueue_size", "128"},
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "virtio-blk-device", "x-enable-wce-if-config-wce", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "virtio-blk-device", "seg-max-adjust", "off"},
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "virtio-scsi-device", "seg_max_adjust", "off"},
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "vhost-blk-device", "seg_max_adjust", "off"},
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "usb-host", "suppress-remote-wake", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "usb-redir", "suppress-remote-wake", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "qxl", "revision", "4" },
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "qxl-vga", "revision", "4" },
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "fw_cfg", "acpi-mr-restore", "false" },
-+ /* hw_compat_rhel_8_2 from hw_compat_4_2 */
-+ { "virtio-device", "use-disabled-flag", "false" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "pci-host-bridge", "x-config-reg-migration-enabled", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "virtio-balloon-device", "page-poison", "false" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "vmport", "x-read-set-eax", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "vmport", "x-signal-unsupported-cmd", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "vmport", "x-report-vmx-type", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "vmport", "x-cmds-v2", "off" },
-+ /* hw_compat_rhel_8_2 from hw_compat_5_0 */
-+ { "virtio-device", "x-disable-legacy-check", "true" },
-+};
-+const size_t hw_compat_rhel_8_2_len = G_N_ELEMENTS(hw_compat_rhel_8_2);
-+
-+/*
-+ * The same as hw_compat_4_1
-+ */
-+GlobalProperty hw_compat_rhel_8_1[] = {
-+ /* hw_compat_rhel_8_1 from hw_compat_4_1 */
-+ { "virtio-pci", "x-pcie-flr-init", "off" },
-+};
-+const size_t hw_compat_rhel_8_1_len = G_N_ELEMENTS(hw_compat_rhel_8_1);
-+
-+/* The same as hw_compat_3_1
-+ * format of array has been changed by:
-+ * 6c36bddf5340 ("machine: Use shorter format for GlobalProperty arrays")
-+ */
-+GlobalProperty hw_compat_rhel_8_0[] = {
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "pcie-root-port", "x-speed", "2_5" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "pcie-root-port", "x-width", "1" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "memory-backend-file", "x-use-canonical-path-for-ramblock-id", "true" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "memory-backend-memfd", "x-use-canonical-path-for-ramblock-id", "true" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "tpm-crb", "ppi", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "tpm-tis", "ppi", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "usb-kbd", "serial", "42" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "usb-mouse", "serial", "42" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "usb-tablet", "serial", "42" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "virtio-blk-device", "discard", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 */
-+ { "virtio-blk-device", "write-zeroes", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
-+ { "VGA", "edid", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
-+ { "secondary-vga", "edid", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
-+ { "bochs-display", "edid", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
-+ { "virtio-vga", "edid", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
-+ { "virtio-gpu-device", "edid", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_4_0 */
-+ { "virtio-device", "use-started", "false" },
-+ /* hw_compat_rhel_8_0 from hw_compat_3_1 - that was added in 4.1 */
-+ { "pcie-root-port-base", "disable-acs", "true" },
-+};
-+const size_t hw_compat_rhel_8_0_len = G_N_ELEMENTS(hw_compat_rhel_8_0);
-+
-+/* The same as hw_compat_3_0 + hw_compat_2_12
-+ * except that
-+ * there's nothing in 3_0
-+ * migration.decompress-error-check=off was in 7.5 from bz 1584139
-+ */
-+GlobalProperty hw_compat_rhel_7_6[] = {
-+ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
-+ { "hda-audio", "use-timer", "false" },
-+ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
-+ { "cirrus-vga", "global-vmstate", "true" },
-+ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
-+ { "VGA", "global-vmstate", "true" },
-+ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
-+ { "vmware-svga", "global-vmstate", "true" },
-+ /* hw_compat_rhel_7_6 from hw_compat_2_12 */
-+ { "qxl-vga", "global-vmstate", "true" },
-+};
-+const size_t hw_compat_rhel_7_6_len = G_N_ELEMENTS(hw_compat_rhel_7_6);
-+
- GlobalProperty hw_compat_6_1[] = {
- { "vhost-user-vsock-device", "seqpacket", "off" },
- { "nvme-ns", "shared", "off" },
-diff --git a/hw/display/vga-isa.c b/hw/display/vga-isa.c
-index 90851e730b..a91c5d7467 100644
---- a/hw/display/vga-isa.c
-+++ b/hw/display/vga-isa.c
-@@ -85,7 +85,7 @@ static void vga_isa_realizefn(DeviceState *dev, Error **errp)
- }
-
- static Property vga_isa_properties[] = {
-- DEFINE_PROP_UINT32("vgamem_mb", ISAVGAState, state.vram_size_mb, 8),
-+ DEFINE_PROP_UINT32("vgamem_mb", ISAVGAState, state.vram_size_mb, 16),
- DEFINE_PROP_END_OF_LIST(),
- };
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index 223dd3e05d..dda3f64f19 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -177,6 +177,8 @@ static void pc_init1(MachineState *machine,
- smbios_set_defaults("QEMU", "Standard PC (i440FX + PIIX, 1996)",
- mc->name, pcmc->smbios_legacy_mode,
- pcmc->smbios_uuid_encoded,
-+ pcmc->smbios_stream_product,
-+ pcmc->smbios_stream_version,
- SMBIOS_ENTRY_POINT_21);
- }
-
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index e1e100316d..235054a643 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -200,6 +200,8 @@ static void pc_q35_init(MachineState *machine)
- smbios_set_defaults("QEMU", "Standard PC (Q35 + ICH9, 2009)",
- mc->name, pcmc->smbios_legacy_mode,
- pcmc->smbios_uuid_encoded,
-+ pcmc->smbios_stream_product,
-+ pcmc->smbios_stream_version,
- SMBIOS_ENTRY_POINT_21);
- }
-
-diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
-index 90b4fc63ce..3ffb9dd22c 100644
---- a/hw/net/rtl8139.c
-+++ b/hw/net/rtl8139.c
-@@ -3179,7 +3179,7 @@ static int rtl8139_pre_save(void *opaque)
-
- static const VMStateDescription vmstate_rtl8139 = {
- .name = "rtl8139",
-- .version_id = 5,
-+ .version_id = 4,
- .minimum_version_id = 3,
- .post_load = rtl8139_post_load,
- .pre_save = rtl8139_pre_save,
-@@ -3260,7 +3260,9 @@ static const VMStateDescription vmstate_rtl8139 = {
- VMSTATE_UINT32(tally_counters.TxMCol, RTL8139State),
- VMSTATE_UINT64(tally_counters.RxOkPhy, RTL8139State),
- VMSTATE_UINT64(tally_counters.RxOkBrd, RTL8139State),
-+#if 0 /* Disabled for Red Hat Enterprise Linux bz 1420195 */
- VMSTATE_UINT32_V(tally_counters.RxOkMul, RTL8139State, 5),
-+#endif
- VMSTATE_UINT16(tally_counters.TxAbt, RTL8139State),
- VMSTATE_UINT16(tally_counters.TxUndrn, RTL8139State),
-
-diff --git a/hw/rtc/mc146818rtc.c b/hw/rtc/mc146818rtc.c
-index 4fbafddb22..6c42cc22cd 100644
---- a/hw/rtc/mc146818rtc.c
-+++ b/hw/rtc/mc146818rtc.c
-@@ -43,6 +43,7 @@
- #include "qapi/qapi-events-misc-target.h"
- #include "qapi/visitor.h"
- #include "hw/rtc/mc146818rtc_regs.h"
-+#include "migration/migration.h"
-
- #ifdef TARGET_I386
- #include "qapi/qapi-commands-misc-target.h"
-@@ -821,6 +822,7 @@ static int rtc_post_load(void *opaque, int version_id)
- static bool rtc_irq_reinject_on_ack_count_needed(void *opaque)
- {
- RTCState *s = (RTCState *)opaque;
-+
- return s->irq_reinject_on_ack_count != 0;
- }
-
-diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
-index 7397e56737..3a4bb894ba 100644
---- a/hw/smbios/smbios.c
-+++ b/hw/smbios/smbios.c
-@@ -57,6 +57,9 @@ static bool smbios_legacy = true;
- static bool smbios_uuid_encoded = true;
- /* end: legacy structures & constants for <= 2.0 machines */
-
-+/* Set to true for modern Windows 10 HardwareID-6 compat */
-+static bool smbios_type2_required;
-+
-
- uint8_t *smbios_tables;
- size_t smbios_tables_len;
-@@ -619,7 +622,7 @@ static void smbios_build_type_1_table(void)
-
- static void smbios_build_type_2_table(void)
- {
-- SMBIOS_BUILD_TABLE_PRE(2, 0x200, false); /* optional */
-+ SMBIOS_BUILD_TABLE_PRE(2, 0x200, smbios_type2_required);
-
- SMBIOS_TABLE_SET_STR(2, manufacturer_str, type2.manufacturer);
- SMBIOS_TABLE_SET_STR(2, product_str, type2.product);
-@@ -888,7 +891,10 @@ void smbios_set_cpuid(uint32_t version, uint32_t features)
-
- void smbios_set_defaults(const char *manufacturer, const char *product,
- const char *version, bool legacy_mode,
-- bool uuid_encoded, SmbiosEntryPointType ep_type)
-+ bool uuid_encoded,
-+ const char *stream_product,
-+ const char *stream_version,
-+ SmbiosEntryPointType ep_type)
- {
- smbios_have_defaults = true;
- smbios_legacy = legacy_mode;
-@@ -909,11 +915,45 @@ void smbios_set_defaults(const char *manufacturer, const char *product,
- g_free(smbios_entries);
- }
-
-+ /*
-+ * If @stream_product & @stream_version are non-NULL, then
-+ * we're following rules for new Windows driver support.
-+ * The data we have to report is defined in this doc:
-+ *
-+ * https://docs.microsoft.com/en-us/windows-hardware/drivers/install/specifying-hardware-ids-for-a-computer
-+ *
-+ * The Windows drivers are written to expect use of the
-+ * scheme documented as "HardwareID-6" against Windows 10,
-+ * which uses SMBIOS System (Type 1) and Base Board (Type 2)
-+ * tables and will match on
-+ *
-+ * System Manufacturer = Red Hat (@manufacturer)
-+ * System SKU Number = 8.2.0 (@stream_version)
-+ * Baseboard Manufacturer = Red Hat (@manufacturer)
-+ * Baseboard Product = RHEL-AV (@stream_product)
-+ *
-+ * NB, SKU must be changed with each RHEL-AV release
-+ *
-+ * Other fields can be freely used by applications using
-+ * QEMU. For example apps can use the "System product"
-+ * and "System version" to identify themselves.
-+ *
-+ * We get 'System Manufacturer' and 'Baseboard Manufacturer'
-+ */
- SMBIOS_SET_DEFAULT(type1.manufacturer, manufacturer);
- SMBIOS_SET_DEFAULT(type1.product, product);
- SMBIOS_SET_DEFAULT(type1.version, version);
-+ SMBIOS_SET_DEFAULT(type1.family, "Red Hat Enterprise Linux");
-+ if (stream_version != NULL) {
-+ SMBIOS_SET_DEFAULT(type1.sku, stream_version);
-+ }
- SMBIOS_SET_DEFAULT(type2.manufacturer, manufacturer);
-- SMBIOS_SET_DEFAULT(type2.product, product);
-+ if (stream_product != NULL) {
-+ SMBIOS_SET_DEFAULT(type2.product, stream_product);
-+ smbios_type2_required = true;
-+ } else {
-+ SMBIOS_SET_DEFAULT(type2.product, product);
-+ }
- SMBIOS_SET_DEFAULT(type2.version, version);
- SMBIOS_SET_DEFAULT(type3.manufacturer, manufacturer);
- SMBIOS_SET_DEFAULT(type3.version, version);
-diff --git a/hw/timer/i8254_common.c b/hw/timer/i8254_common.c
-index 050875b497..32935da46c 100644
---- a/hw/timer/i8254_common.c
-+++ b/hw/timer/i8254_common.c
-@@ -231,7 +231,7 @@ static const VMStateDescription vmstate_pit_common = {
- .pre_save = pit_dispatch_pre_save,
- .post_load = pit_dispatch_post_load,
- .fields = (VMStateField[]) {
-- VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
-+ VMSTATE_UINT32(channels[0].irq_disabled, PITCommonState), /* qemu-kvm's v2 had 'flags' here */
- VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
- vmstate_pit_channel, PITChannelState),
- VMSTATE_INT64(channels[0].next_transition_time,
-diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
-index d1b5657d72..7930b868fa 100644
---- a/hw/usb/hcd-uhci.c
-+++ b/hw/usb/hcd-uhci.c
-@@ -1166,11 +1166,13 @@ void usb_uhci_common_realize(PCIDevice *dev, Error **errp)
- UHCIState *s = UHCI(dev);
- uint8_t *pci_conf = s->dev.config;
- int i;
-+ int irq_pin;
-
- pci_conf[PCI_CLASS_PROG] = 0x00;
- /* TODO: reset value should be 0. */
- pci_conf[USB_SBRN] = USB_RELEASE_1; /* release number */
-- pci_config_set_interrupt_pin(pci_conf, u->info.irq_pin + 1);
-+ irq_pin = u->info.irq_pin;
-+ pci_config_set_interrupt_pin(pci_conf, irq_pin + 1);
- s->irq = pci_allocate_irq(dev);
-
- if (s->masterbus) {
-diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c
-index e934b1a5b1..e18b05e528 100644
---- a/hw/usb/hcd-xhci-pci.c
-+++ b/hw/usb/hcd-xhci-pci.c
-@@ -104,6 +104,33 @@ static int xhci_pci_vmstate_post_load(void *opaque, int version_id)
- return 0;
- }
-
-+/* RH bz 1912846 */
-+static bool usb_xhci_pci_add_msi(struct PCIDevice *dev, Error **errp)
-+{
-+ int ret;
-+ Error *err = NULL;
-+ XHCIPciState *s = XHCI_PCI(dev);
-+
-+ ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err);
-+ /*
-+ * Any error other than -ENOTSUP(board's MSI support is broken)
-+ * is a programming error
-+ */
-+ assert(!ret || ret == -ENOTSUP);
-+ if (ret && s->msi == ON_OFF_AUTO_ON) {
-+ /* Can't satisfy user's explicit msi=on request, fail */
-+ error_append_hint(&err, "You have to use msi=auto (default) or "
-+ "msi=off with this machine type.\n");
-+ error_propagate(errp, err);
-+ return true;
-+ }
-+ assert(!err || s->msi == ON_OFF_AUTO_AUTO);
-+ /* With msi=auto, we fall back to MSI off silently */
-+ error_free(err);
-+
-+ return false;
-+}
-+
- static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
- {
- int ret;
-@@ -125,23 +152,12 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
- s->xhci.nec_quirks = true;
- }
-
-- if (s->msi != ON_OFF_AUTO_OFF) {
-- ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err);
-- /*
-- * Any error other than -ENOTSUP(board's MSI support is broken)
-- * is a programming error
-- */
-- assert(!ret || ret == -ENOTSUP);
-- if (ret && s->msi == ON_OFF_AUTO_ON) {
-- /* Can't satisfy user's explicit msi=on request, fail */
-- error_append_hint(&err, "You have to use msi=auto (default) or "
-- "msi=off with this machine type.\n");
-+ if (s->msi != ON_OFF_AUTO_OFF && s->rh_late_msi_cap) {
-+ /* This gives the behaviour from 5.2.0 onwards, lspci shows 90,a0,70 */
-+ if (usb_xhci_pci_add_msi(dev, &err)) {
- error_propagate(errp, err);
- return;
- }
-- assert(!err || s->msi == ON_OFF_AUTO_AUTO);
-- /* With msi=auto, we fall back to MSI off silently */
-- error_free(err);
- }
- pci_register_bar(dev, 0,
- PCI_BASE_ADDRESS_SPACE_MEMORY |
-@@ -154,6 +170,14 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
- assert(ret > 0);
- }
-
-+ /* RH bz 1912846 */
-+ if (s->msi != ON_OFF_AUTO_OFF && !s->rh_late_msi_cap) {
-+ /* This gives the older RH machine behaviour, lspci shows 90,70,a0 */
-+ if (usb_xhci_pci_add_msi(dev, &err)) {
-+ error_propagate(errp, err);
-+ return;
-+ }
-+ }
- if (s->msix != ON_OFF_AUTO_OFF) {
- /* TODO check for errors, and should fail when msix=on */
- msix_init(dev, s->xhci.numintrs,
-@@ -198,11 +222,18 @@ static void xhci_instance_init(Object *obj)
- qdev_alias_all_properties(DEVICE(&s->xhci), obj);
- }
-
-+static Property xhci_pci_properties[] = {
-+ /* RH bz 1912846 */
-+ DEFINE_PROP_BOOL("x-rh-late-msi-cap", XHCIPciState, rh_late_msi_cap, true),
-+ DEFINE_PROP_END_OF_LIST()
-+};
-+
- static void xhci_class_init(ObjectClass *klass, void *data)
- {
- PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
- DeviceClass *dc = DEVICE_CLASS(klass);
-
-+ device_class_set_props(dc, xhci_pci_properties);
- dc->reset = xhci_pci_reset;
- dc->vmsd = &vmstate_xhci_pci;
- set_bit(DEVICE_CATEGORY_USB, dc->categories);
-diff --git a/hw/usb/hcd-xhci-pci.h b/hw/usb/hcd-xhci-pci.h
-index c193f79443..086a1feb1e 100644
---- a/hw/usb/hcd-xhci-pci.h
-+++ b/hw/usb/hcd-xhci-pci.h
-@@ -39,6 +39,7 @@ typedef struct XHCIPciState {
- XHCIState xhci;
- OnOffAuto msi;
- OnOffAuto msix;
-+ bool rh_late_msi_cap; /* bz 1912846 */
- } XHCIPciState;
-
- #endif
-diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 9c1c190104..b0a6e05b48 100644
---- a/include/hw/boards.h
-+++ b/include/hw/boards.h
-@@ -441,4 +441,25 @@ extern const size_t hw_compat_2_2_len;
- extern GlobalProperty hw_compat_2_1[];
- extern const size_t hw_compat_2_1_len;
-
-+extern GlobalProperty hw_compat_rhel_8_5[];
-+extern const size_t hw_compat_rhel_8_5_len;
-+
-+extern GlobalProperty hw_compat_rhel_8_4[];
-+extern const size_t hw_compat_rhel_8_4_len;
-+
-+extern GlobalProperty hw_compat_rhel_8_3[];
-+extern const size_t hw_compat_rhel_8_3_len;
-+
-+extern GlobalProperty hw_compat_rhel_8_2[];
-+extern const size_t hw_compat_rhel_8_2_len;
-+
-+extern GlobalProperty hw_compat_rhel_8_1[];
-+extern const size_t hw_compat_rhel_8_1_len;
-+
-+extern GlobalProperty hw_compat_rhel_8_0[];
-+extern const size_t hw_compat_rhel_8_0_len;
-+
-+extern GlobalProperty hw_compat_rhel_7_6[];
-+extern const size_t hw_compat_rhel_7_6_len;
-+
- #endif
-diff --git a/include/hw/firmware/smbios.h b/include/hw/firmware/smbios.h
-index 5a0dd0c8cf..2cb1ec2bab 100644
---- a/include/hw/firmware/smbios.h
-+++ b/include/hw/firmware/smbios.h
-@@ -278,7 +278,10 @@ void smbios_entry_add(QemuOpts *opts, Error **errp);
- void smbios_set_cpuid(uint32_t version, uint32_t features);
- void smbios_set_defaults(const char *manufacturer, const char *product,
- const char *version, bool legacy_mode,
-- bool uuid_encoded, SmbiosEntryPointType ep_type);
-+ bool uuid_encoded,
-+ const char *stream_product,
-+ const char *stream_version,
-+ SmbiosEntryPointType ep_type);
- uint8_t *smbios_get_table_legacy(MachineState *ms, size_t *length);
- void smbios_get_tables(MachineState *ms,
- const struct smbios_phys_mem_area *mem_array,
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index 9ab39e428f..7ccc9a1a07 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -107,6 +107,9 @@ struct PCMachineClass {
- bool smbios_defaults;
- bool smbios_legacy_mode;
- bool smbios_uuid_encoded;
-+ /* New fields needed for Windows HardwareID-6 matching */
-+ const char *smbios_stream_product;
-+ const char *smbios_stream_version;
-
- /* RAM / address space compat: */
- bool gigabyte_align;
---
-2.27.0
-
diff --git a/SOURCES/0008-Add-aarch64-machine-types.patch b/SOURCES/0008-Add-aarch64-machine-types.patch
deleted file mode 100644
index 07beb75..0000000
--- a/SOURCES/0008-Add-aarch64-machine-types.patch
+++ /dev/null
@@ -1,310 +0,0 @@
-From 19d36c4519a1a560cce60b212e3afdf7eb026e45 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Fri, 19 Oct 2018 12:53:31 +0200
-Subject: Add aarch64 machine types
-
-Adding changes to add RHEL machine types for aarch64 architecture.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
-Rebase notes (6.1.0):
-- Use CONFIG_TPM check when using TPM structures
-- Add support for default_bus_bypass_iommu
-- ea4c0b32d9 arm/virt: Register highmem and gic-version as class properties
-- 895e1fa86a hw/arm/virt: Add 8.5 and 9.0 machine types and remove older ones
-
-Merged patches (6.2.0 RC0):
-- 9a3d4fde0e hw/arm/virt: Remove 9.0 machine type
-- f7d04d6695 hw: arm: virt: Add hw_compat_rhel_8_5 to 8.5 machine type
----
- hw/arm/virt.c | 205 +++++++++++++++++++++++++++++++++++++++++-
- include/hw/arm/virt.h | 8 ++
- 2 files changed, 212 insertions(+), 1 deletion(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index 5de4d9d73b..7d51824263 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -79,6 +79,7 @@
- #include "hw/char/pl011.h"
- #include "qemu/guest-random.h"
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
- static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
- void *data) \
-@@ -105,7 +106,48 @@
- DEFINE_VIRT_MACHINE_LATEST(major, minor, true)
- #define DEFINE_VIRT_MACHINE(major, minor) \
- DEFINE_VIRT_MACHINE_LATEST(major, minor, false)
--
-+#endif /* disabled for RHEL */
-+
-+#define DEFINE_RHEL_MACHINE_LATEST(m, n, s, latest) \
-+ static void rhel##m##n##s##_virt_class_init(ObjectClass *oc, \
-+ void *data) \
-+ { \
-+ MachineClass *mc = MACHINE_CLASS(oc); \
-+ rhel##m##n##s##_virt_options(mc); \
-+ mc->desc = "RHEL " # m "." # n "." # s " ARM Virtual Machine"; \
-+ if (latest) { \
-+ mc->alias = "virt"; \
-+ mc->is_default = 1; \
-+ } \
-+ } \
-+ static const TypeInfo rhel##m##n##s##_machvirt_info = { \
-+ .name = MACHINE_TYPE_NAME("virt-rhel" # m "." # n "." # s), \
-+ .parent = TYPE_RHEL_MACHINE, \
-+ .class_init = rhel##m##n##s##_virt_class_init, \
-+ }; \
-+ static void rhel##m##n##s##_machvirt_init(void) \
-+ { \
-+ type_register_static(&rhel##m##n##s##_machvirt_info); \
-+ } \
-+ type_init(rhel##m##n##s##_machvirt_init);
-+
-+#define DEFINE_RHEL_MACHINE_AS_LATEST(major, minor, subminor) \
-+ DEFINE_RHEL_MACHINE_LATEST(major, minor, subminor, true)
-+#define DEFINE_RHEL_MACHINE(major, minor, subminor) \
-+ DEFINE_RHEL_MACHINE_LATEST(major, minor, subminor, false)
-+
-+/* This variable is for changes to properties that are RHEL specific,
-+ * different to the current upstream and to be applied to the latest
-+ * machine type.
-+ */
-+GlobalProperty arm_rhel_compat[] = {
-+ {
-+ .driver = "virtio-net-pci",
-+ .property = "romfile",
-+ .value = "",
-+ },
-+};
-+const size_t arm_rhel_compat_len = G_N_ELEMENTS(arm_rhel_compat);
-
- /* Number of external interrupt lines to configure the GIC with */
- #define NUM_IRQS 256
-@@ -2180,6 +2222,7 @@ static void machvirt_init(MachineState *machine)
- qemu_add_machine_init_done_notifier(&vms->machine_done);
- }
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static bool virt_get_secure(Object *obj, Error **errp)
- {
- VirtMachineState *vms = VIRT_MACHINE(obj);
-@@ -2207,6 +2250,7 @@ static void virt_set_virt(Object *obj, bool value, Error **errp)
-
- vms->virt = value;
- }
-+#endif /* disabled for RHEL */
-
- static bool virt_get_highmem(Object *obj, Error **errp)
- {
-@@ -2304,6 +2348,7 @@ static void virt_set_acpi(Object *obj, Visitor *v, const char *name,
- visit_type_OnOffAuto(v, name, &vms->acpi, errp);
- }
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static bool virt_get_ras(Object *obj, Error **errp)
- {
- VirtMachineState *vms = VIRT_MACHINE(obj);
-@@ -2331,6 +2376,7 @@ static void virt_set_mte(Object *obj, bool value, Error **errp)
-
- vms->mte = value;
- }
-+#endif /* disabled for RHEL */
-
- static char *virt_get_gic_version(Object *obj, Error **errp)
- {
-@@ -2666,6 +2712,7 @@ static int virt_kvm_type(MachineState *ms, const char *type_str)
- return fixed_ipa ? 0 : requested_pa_size;
- }
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void virt_machine_class_init(ObjectClass *oc, void *data)
- {
- MachineClass *mc = MACHINE_CLASS(oc);
-@@ -3031,3 +3078,159 @@ static void virt_machine_2_6_options(MachineClass *mc)
- vmc->no_pmu = true;
- }
- DEFINE_VIRT_MACHINE(2, 6)
-+#endif /* disabled for RHEL */
-+
-+static void rhel_machine_class_init(ObjectClass *oc, void *data)
-+{
-+ MachineClass *mc = MACHINE_CLASS(oc);
-+ HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
-+
-+ mc->family = "virt-rhel-Z";
-+ mc->init = machvirt_init;
-+ /* Maximum supported VCPU count for all virt-rhel* machines */
-+ mc->max_cpus = 384;
-+#ifdef CONFIG_TPM
-+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_TPM_TIS_SYSBUS);
-+#endif
-+ mc->block_default_type = IF_VIRTIO;
-+ mc->no_cdrom = 1;
-+ mc->pci_allow_0_address = true;
-+ /* We know we will never create a pre-ARMv7 CPU which needs 1K pages */
-+ mc->minimum_page_bits = 12;
-+ mc->possible_cpu_arch_ids = virt_possible_cpu_arch_ids;
-+ mc->cpu_index_to_instance_props = virt_cpu_index_to_props;
-+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a57");
-+ mc->get_default_cpu_node_id = virt_get_default_cpu_node_id;
-+ mc->kvm_type = virt_kvm_type;
-+ assert(!mc->get_hotplug_handler);
-+ mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
-+ hc->pre_plug = virt_machine_device_pre_plug_cb;
-+ hc->plug = virt_machine_device_plug_cb;
-+ hc->unplug_request = virt_machine_device_unplug_request_cb;
-+ hc->unplug = virt_machine_device_unplug_cb;
-+ mc->nvdimm_supported = true;
-+ mc->auto_enable_numa_with_memhp = true;
-+ mc->auto_enable_numa_with_memdev = true;
-+ mc->default_ram_id = "mach-virt.ram";
-+
-+ object_class_property_add(oc, "acpi", "OnOffAuto",
-+ virt_get_acpi, virt_set_acpi,
-+ NULL, NULL);
-+ object_class_property_set_description(oc, "acpi",
-+ "Enable ACPI");
-+
-+ object_class_property_add_bool(oc, "highmem", virt_get_highmem,
-+ virt_set_highmem);
-+ object_class_property_set_description(oc, "highmem",
-+ "Set on/off to enable/disable using "
-+ "physical address space above 32 bits");
-+
-+ object_class_property_add_str(oc, "gic-version", virt_get_gic_version,
-+ virt_set_gic_version);
-+ object_class_property_set_description(oc, "gic-version",
-+ "Set GIC version. "
-+ "Valid values are 2, 3, host and max");
-+
-+ object_class_property_add_str(oc, "x-oem-id",
-+ virt_get_oem_id,
-+ virt_set_oem_id);
-+ object_class_property_set_description(oc, "x-oem-id",
-+ "Override the default value of field OEMID "
-+ "in ACPI table header."
-+ "The string may be up to 6 bytes in size");
-+
-+ object_class_property_add_str(oc, "x-oem-table-id",
-+ virt_get_oem_table_id,
-+ virt_set_oem_table_id);
-+ object_class_property_set_description(oc, "x-oem-table-id",
-+ "Override the default value of field OEM Table ID "
-+ "in ACPI table header."
-+ "The string may be up to 8 bytes in size");
-+ object_class_property_add_bool(oc, "default_bus_bypass_iommu",
-+ virt_get_default_bus_bypass_iommu,
-+ virt_set_default_bus_bypass_iommu);
-+ object_class_property_set_description(oc, "default_bus_bypass_iommu",
-+ "Set on/off to enable/disable "
-+ "bypass_iommu for default root bus");
-+
-+}
-+
-+static void rhel_virt_instance_init(Object *obj)
-+{
-+ VirtMachineState *vms = VIRT_MACHINE(obj);
-+ VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
-+
-+ /* EL3 is disabled by default and non-configurable for RHEL */
-+ vms->secure = false;
-+
-+ /* EL2 is disabled by default and non-configurable for RHEL */
-+ vms->virt = false;
-+
-+ /* High memory is enabled by default */
-+ vms->highmem = true;
-+ vms->gic_version = VIRT_GIC_VERSION_NOSEL;
-+
-+ vms->highmem_ecam = !vmc->no_highmem_ecam;
-+
-+ if (vmc->no_its) {
-+ vms->its = false;
-+ } else {
-+ /* Default allows ITS instantiation */
-+ vms->its = true;
-+ object_property_add_bool(obj, "its", virt_get_its,
-+ virt_set_its);
-+ object_property_set_description(obj, "its",
-+ "Set on/off to enable/disable "
-+ "ITS instantiation");
-+ }
-+
-+ /* Default disallows iommu instantiation */
-+ vms->iommu = VIRT_IOMMU_NONE;
-+ object_property_add_str(obj, "iommu", virt_get_iommu, virt_set_iommu);
-+ object_property_set_description(obj, "iommu",
-+ "Set the IOMMU type. "
-+ "Valid values are none and smmuv3");
-+
-+ /* Default disallows RAS instantiation and is non-configurable for RHEL */
-+ vms->ras = false;
-+
-+ /* MTE is disabled by default and non-configurable for RHEL */
-+ vms->mte = false;
-+
-+ /* The default root bus is attached to iommu by default */
-+ vms->default_bus_bypass_iommu = false;
-+
-+ vms->irqmap = a15irqmap;
-+
-+ virt_flash_create(vms);
-+ vms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
-+ vms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
-+
-+}
-+
-+static const TypeInfo rhel_machine_info = {
-+ .name = TYPE_RHEL_MACHINE,
-+ .parent = TYPE_MACHINE,
-+ .abstract = true,
-+ .instance_size = sizeof(VirtMachineState),
-+ .class_size = sizeof(VirtMachineClass),
-+ .class_init = rhel_machine_class_init,
-+ .instance_init = rhel_virt_instance_init,
-+ .interfaces = (InterfaceInfo[]) {
-+ { TYPE_HOTPLUG_HANDLER },
-+ { }
-+ },
-+};
-+
-+static void rhel_machine_init(void)
-+{
-+ type_register_static(&rhel_machine_info);
-+}
-+type_init(rhel_machine_init);
-+
-+static void rhel850_virt_options(MachineClass *mc)
-+{
-+ compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
-+}
-+DEFINE_RHEL_MACHINE_AS_LATEST(8, 5, 0)
-diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
-index dc6b66ffc8..9364628847 100644
---- a/include/hw/arm/virt.h
-+++ b/include/hw/arm/virt.h
-@@ -175,9 +175,17 @@ struct VirtMachineState {
-
- #define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM)
-
-+#if 0 /* disabled for Red Hat Enterprise Linux */
- #define TYPE_VIRT_MACHINE MACHINE_TYPE_NAME("virt")
- OBJECT_DECLARE_TYPE(VirtMachineState, VirtMachineClass, VIRT_MACHINE)
-
-+#else
-+#define TYPE_RHEL_MACHINE MACHINE_TYPE_NAME("virt-rhel")
-+typedef struct VirtMachineClass VirtMachineClass;
-+typedef struct VirtMachineState VirtMachineState;
-+DECLARE_OBJ_CHECKERS(VirtMachineState, VirtMachineClass, VIRT_MACHINE, TYPE_RHEL_MACHINE)
-+#endif
-+
- void virt_acpi_setup(VirtMachineState *vms);
- bool virt_is_acpi_enabled(VirtMachineState *vms);
-
---
-2.27.0
-
diff --git a/SOURCES/0008-Add-ppc64-machine-types.patch b/SOURCES/0008-Add-ppc64-machine-types.patch
new file mode 100644
index 0000000..860e803
--- /dev/null
+++ b/SOURCES/0008-Add-ppc64-machine-types.patch
@@ -0,0 +1,528 @@
+From f61b3d7dc000886e23943457ee9baf1d4cae43b4 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Fri, 19 Oct 2018 13:27:13 +0200
+Subject: Add ppc64 machine types
+
+Adding changes to add RHEL machine types for ppc64 architecture.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+Rebase notes (6.2.0):
+- Fixed rebase conflict relicts
+- Update machine type compat for 6.2 (from MR 66)
+
+Merged patches (6.1.0):
+- c438c25ac3 redhat: Define pseries-rhel8.5.0 machine type
+- a3995e2eff Remove RHEL 7.0.0 machine type (only ppc64 changes)
+- ad3190a79b Remove RHEL 7.1.0 machine type (only ppc64 changes)
+- 84bbe15d4e Remove RHEL 7.2.0 machine type (only ppc64 changes)
+- 0215eb3356 Remove RHEL 7.3.0 machine types (only ppc64 changes)
+- af69d1ca6e Remove RHEL 7.4.0 machine types (only ppc64 changes)
+- 8f7a74ab78 Remove RHEL 7.5.0 machine types (only ppc64 changes)
+---
+ hw/ppc/spapr.c | 243 ++++++++++++++++++++++++++++++++++++++++
+ hw/ppc/spapr_cpu_core.c | 13 +++
+ include/hw/ppc/spapr.h | 4 +
+ target/ppc/compat.c | 13 ++-
+ target/ppc/cpu.h | 1 +
+ target/ppc/kvm.c | 27 +++++
+ target/ppc/kvm_ppc.h | 13 +++
+ 7 files changed, 313 insertions(+), 1 deletion(-)
+
+diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
+index a4372ba189..5fdf8b506d 100644
+--- a/hw/ppc/spapr.c
++++ b/hw/ppc/spapr.c
+@@ -1622,6 +1622,9 @@ static void spapr_machine_reset(MachineState *machine)
+
+ pef_kvm_reset(machine->cgs, &error_fatal);
+ spapr_caps_apply(spapr);
++ if (spapr->svm_allowed) {
++ kvmppc_svm_allow(&error_fatal);
++ }
+
+ first_ppc_cpu = POWERPC_CPU(first_cpu);
+ if (kvm_enabled() && kvmppc_has_cap_mmu_radix() &&
+@@ -3317,6 +3320,20 @@ static void spapr_set_host_serial(Object *obj, const char *value, Error **errp)
+ spapr->host_serial = g_strdup(value);
+ }
+
++static bool spapr_get_svm_allowed(Object *obj, Error **errp)
++{
++ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
++
++ return spapr->svm_allowed;
++}
++
++static void spapr_set_svm_allowed(Object *obj, bool value, Error **errp)
++{
++ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
++
++ spapr->svm_allowed = value;
++}
++
+ static void spapr_instance_init(Object *obj)
+ {
+ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
+@@ -3395,6 +3412,12 @@ static void spapr_instance_init(Object *obj)
+ spapr_get_host_serial, spapr_set_host_serial);
+ object_property_set_description(obj, "host-serial",
+ "Host serial number to advertise in guest device tree");
++ object_property_add_bool(obj, "x-svm-allowed",
++ spapr_get_svm_allowed,
++ spapr_set_svm_allowed);
++ object_property_set_description(obj, "x-svm-allowed",
++ "Allow the guest to become a Secure Guest"
++ " (experimental only)");
+ }
+
+ static void spapr_machine_finalizefn(Object *obj)
+@@ -4652,6 +4675,7 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
+ vmc->client_architecture_support = spapr_vof_client_architecture_support;
+ vmc->quiesce = spapr_vof_quiesce;
+ vmc->setprop = spapr_vof_setprop;
++ smc->has_power9_support = true;
+ }
+
+ static const TypeInfo spapr_machine_info = {
+@@ -4703,6 +4727,7 @@ static void spapr_machine_latest_class_options(MachineClass *mc)
+ } \
+ type_init(spapr_machine_register_##suffix)
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ /*
+ * pseries-7.0
+ */
+@@ -4830,6 +4855,7 @@ static void spapr_machine_4_1_class_options(MachineClass *mc)
+ }
+
+ DEFINE_SPAPR_MACHINE(4_1, "4.1", false);
++#endif
+
+ /*
+ * pseries-4.0
+@@ -4849,6 +4875,8 @@ static bool phb_placement_4_0(SpaprMachineState *spapr, uint32_t index,
+ *nv2atsd = 0;
+ return true;
+ }
++
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void spapr_machine_4_0_class_options(MachineClass *mc)
+ {
+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+@@ -5176,6 +5204,221 @@ static void spapr_machine_2_1_class_options(MachineClass *mc)
+ compat_props_add(mc->compat_props, hw_compat_2_1, hw_compat_2_1_len);
+ }
+ DEFINE_SPAPR_MACHINE(2_1, "2.1", false);
++#endif
++
++static void spapr_machine_rhel_default_class_options(MachineClass *mc)
++{
++ /*
++ * Defaults for the latest behaviour inherited from the base class
++ * can be overriden here for all pseries-rhel* machines.
++ */
++
++ /* Maximum supported VCPU count */
++ mc->max_cpus = 384;
++}
++
++/*
++ * pseries-rhel8.5.0
++ * like pseries-6.0
++ */
++
++static void spapr_machine_rhel850_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++
++ /* The default machine type must apply the RHEL specific defaults */
++ spapr_machine_rhel_default_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_5,
++ hw_compat_rhel_8_5_len);
++ smc->pre_6_2_numa_affinity = true;
++ mc->smp_props.prefer_sockets = true;
++}
++
++DEFINE_SPAPR_MACHINE(rhel850, "rhel8.5.0", true);
++
++/*
++ * pseries-rhel8.4.0
++ * like pseries-5.2
++ */
++
++static void spapr_machine_rhel840_class_options(MachineClass *mc)
++{
++ spapr_machine_rhel850_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_4,
++ hw_compat_rhel_8_4_len);
++}
++
++DEFINE_SPAPR_MACHINE(rhel840, "rhel8.4.0", false);
++
++/*
++ * pseries-rhel8.3.0
++ * like pseries-5.1
++ */
++
++static void spapr_machine_rhel830_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++
++ spapr_machine_rhel840_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_3,
++ hw_compat_rhel_8_3_len);
++
++ /* from pseries-5.1 */
++ smc->pre_5_2_numa_associativity = true;
++}
++
++DEFINE_SPAPR_MACHINE(rhel830, "rhel8.3.0", false);
++
++/*
++ * pseries-rhel8.2.0
++ * like pseries-4.2 + pseries-5.0
++ * except SPAPR_CAP_CCF_ASSIST that has been backported to pseries-rhel8.1.0
++ */
++
++static void spapr_machine_rhel820_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++ /* from pseries-5.0 */
++ static GlobalProperty compat[] = {
++ { TYPE_SPAPR_PCI_HOST_BRIDGE, "pre-5.1-associativity", "on" },
++ };
++
++ spapr_machine_rhel830_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_2,
++ hw_compat_rhel_8_2_len);
++ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
++
++ /* from pseries-4.2 */
++ smc->default_caps.caps[SPAPR_CAP_FWNMI] = SPAPR_CAP_OFF;
++ smc->rma_limit = 16 * GiB;
++ mc->nvdimm_supported = false;
++
++ /* from pseries-5.0 */
++ mc->numa_mem_supported = true;
++ smc->pre_5_1_assoc_refpoints = true;
++}
++
++DEFINE_SPAPR_MACHINE(rhel820, "rhel8.2.0", false);
++
++/*
++ * pseries-rhel8.1.0
++ * like pseries-4.1
++ */
++
++static void spapr_machine_rhel810_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++ static GlobalProperty compat[] = {
++ /* Only allow 4kiB and 64kiB IOMMU pagesizes */
++ { TYPE_SPAPR_PCI_HOST_BRIDGE, "pgsz", "0x11000" },
++ };
++
++ spapr_machine_rhel820_class_options(mc);
++
++ /* from pseries-4.1 */
++ smc->linux_pci_probe = false;
++ smc->smp_threads_vsmt = false;
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_1,
++ hw_compat_rhel_8_1_len);
++ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
++
++ /* from pseries-4.2 */
++ smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
++}
++
++DEFINE_SPAPR_MACHINE(rhel810, "rhel8.1.0", false);
++
++/*
++ * pseries-rhel8.0.0
++ * like pseries-3.1 and pseries-4.0
++ * except SPAPR_CAP_CFPC, SPAPR_CAP_SBBC and SPAPR_CAP_IBS
++ * that have been backported to pseries-rhel8.0.0
++ */
++
++static void spapr_machine_rhel800_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++
++ spapr_machine_rhel810_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_0,
++ hw_compat_rhel_8_0_len);
++
++ /* pseries-4.0 */
++ smc->phb_placement = phb_placement_4_0;
++ smc->irq = &spapr_irq_xics;
++ smc->pre_4_1_migration = true;
++
++ /* pseries-3.1 */
++ mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
++ smc->update_dt_enabled = false;
++ smc->dr_phb_enabled = false;
++ smc->broken_host_serial_model = true;
++ smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
++}
++
++DEFINE_SPAPR_MACHINE(rhel800, "rhel8.0.0", false);
++
++/*
++ * pseries-rhel7.6.0
++ * like spapr_compat_2_12 and spapr_compat_3_0
++ * spapr_compat_0 is empty
++ */
++GlobalProperty spapr_compat_rhel7_6[] = {
++ { TYPE_POWERPC_CPU, "pre-3.0-migration", "on" },
++ { TYPE_SPAPR_CPU_CORE, "pre-3.0-migration", "on" },
++};
++const size_t spapr_compat_rhel7_6_len = G_N_ELEMENTS(spapr_compat_rhel7_6);
++
++
++static void spapr_machine_rhel760_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++
++ spapr_machine_rhel800_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
++ compat_props_add(mc->compat_props, spapr_compat_rhel7_6, spapr_compat_rhel7_6_len);
++
++ /* from spapr_machine_3_0_class_options() */
++ smc->legacy_irq_allocation = true;
++ smc->nr_xirqs = 0x400;
++ smc->irq = &spapr_irq_xics_legacy;
++
++ /* from spapr_machine_2_12_class_options() */
++ /* We depend on kvm_enabled() to choose a default value for the
++ * hpt-max-page-size capability. Of course we can't do it here
++ * because this is too early and the HW accelerator isn't initialzed
++ * yet. Postpone this to machine init (see default_caps_with_cpu()).
++ */
++ smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 0;
++
++ /* SPAPR_CAP_WORKAROUND enabled in pseries-rhel800 by
++ * f21757edc554
++ * "Enable mitigations by default for pseries-4.0 machine type")
++ */
++ smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
++ smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
++ smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
++}
++
++DEFINE_SPAPR_MACHINE(rhel760, "rhel7.6.0", false);
++
++/*
++ * pseries-rhel7.6.0-sxxm
++ *
++ * pseries-rhel7.6.0 with speculative execution exploit mitigations enabled by default
++ */
++
++static void spapr_machine_rhel760sxxm_class_options(MachineClass *mc)
++{
++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
++
++ spapr_machine_rhel760_class_options(mc);
++ smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
++ smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
++ smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD;
++}
++
++DEFINE_SPAPR_MACHINE(rhel760sxxm, "rhel7.6.0-sxxm", false);
+
+ static void spapr_machine_register_types(void)
+ {
+diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
+index fcb5dfe792..ab8fb5bf62 100644
+--- a/hw/ppc/spapr_cpu_core.c
++++ b/hw/ppc/spapr_cpu_core.c
+@@ -25,6 +25,7 @@
+ #include "sysemu/reset.h"
+ #include "sysemu/hw_accel.h"
+ #include "qemu/error-report.h"
++#include "cpu-models.h"
+
+ static void spapr_reset_vcpu(PowerPCCPU *cpu)
+ {
+@@ -259,6 +260,7 @@ static bool spapr_realize_vcpu(PowerPCCPU *cpu, SpaprMachineState *spapr,
+ {
+ CPUPPCState *env = &cpu->env;
+ CPUState *cs = CPU(cpu);
++ SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
+
+ if (!qdev_realize(DEVICE(cpu), NULL, errp)) {
+ return false;
+@@ -270,6 +272,17 @@ static bool spapr_realize_vcpu(PowerPCCPU *cpu, SpaprMachineState *spapr,
+ /* Set time-base frequency to 512 MHz. vhyp must be set first. */
+ cpu_ppc_tb_init(env, SPAPR_TIMEBASE_FREQ);
+
++ if (!smc->has_power9_support &&
++ (((spapr->max_compat_pvr &&
++ ppc_compat_cmp(spapr->max_compat_pvr,
++ CPU_POWERPC_LOGICAL_3_00) >= 0)) ||
++ (!spapr->max_compat_pvr &&
++ ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_3_00, 0, 0)))) {
++ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
++ "POWER9 CPU is not supported by this machine class");
++ return false;
++ }
++
+ if (spapr_irq_cpu_intc_create(spapr, cpu, errp) < 0) {
+ qdev_unrealize(DEVICE(cpu));
+ return false;
+diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
+index f5c33dcc86..4a68e0a901 100644
+--- a/include/hw/ppc/spapr.h
++++ b/include/hw/ppc/spapr.h
+@@ -154,6 +154,7 @@ struct SpaprMachineClass {
+ bool pre_5_2_numa_associativity;
+ bool pre_6_2_numa_affinity;
+
++ bool has_power9_support;
+ bool (*phb_placement)(SpaprMachineState *spapr, uint32_t index,
+ uint64_t *buid, hwaddr *pio,
+ hwaddr *mmio32, hwaddr *mmio64,
+@@ -241,6 +242,9 @@ struct SpaprMachineState {
+ /* Set by -boot */
+ char *boot_device;
+
++ /* Secure Guest support via x-svm-allowed */
++ bool svm_allowed;
++
+ /*< public >*/
+ char *kvm_type;
+ char *host_model;
+diff --git a/target/ppc/compat.c b/target/ppc/compat.c
+index 7949a24f5a..f207a9ba01 100644
+--- a/target/ppc/compat.c
++++ b/target/ppc/compat.c
+@@ -114,8 +114,19 @@ static const CompatInfo *compat_by_pvr(uint32_t pvr)
+ return NULL;
+ }
+
++long ppc_compat_cmp(uint32_t pvr1, uint32_t pvr2)
++{
++ const CompatInfo *compat1 = compat_by_pvr(pvr1);
++ const CompatInfo *compat2 = compat_by_pvr(pvr2);
++
++ g_assert(compat1);
++ g_assert(compat2);
++
++ return compat1 - compat2;
++}
++
+ static bool pcc_compat(PowerPCCPUClass *pcc, uint32_t compat_pvr,
+- uint32_t min_compat_pvr, uint32_t max_compat_pvr)
++ uint32_t min_compat_pvr, uint32_t max_compat_pvr)
+ {
+ const CompatInfo *compat = compat_by_pvr(compat_pvr);
+ const CompatInfo *min = compat_by_pvr(min_compat_pvr);
+diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
+index 047b24ba50..79c5ac50b9 100644
+--- a/target/ppc/cpu.h
++++ b/target/ppc/cpu.h
+@@ -1462,6 +1462,7 @@ static inline int cpu_mmu_index(CPUPPCState *env, bool ifetch)
+
+ /* Compatibility modes */
+ #if defined(TARGET_PPC64)
++long ppc_compat_cmp(uint32_t pvr1, uint32_t pvr2);
+ bool ppc_check_compat(PowerPCCPU *cpu, uint32_t compat_pvr,
+ uint32_t min_compat_pvr, uint32_t max_compat_pvr);
+ bool ppc_type_check_compat(const char *cputype, uint32_t compat_pvr,
+diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
+index dc93b99189..154888cce5 100644
+--- a/target/ppc/kvm.c
++++ b/target/ppc/kvm.c
+@@ -90,6 +90,7 @@ static int cap_ppc_nested_kvm_hv;
+ static int cap_large_decr;
+ static int cap_fwnmi;
+ static int cap_rpt_invalidate;
++static int cap_ppc_secure_guest;
+
+ static uint32_t debug_inst_opcode;
+
+@@ -137,6 +138,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
+ cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
+ kvmppc_get_cpu_characteristics(s);
+ cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV);
++ cap_ppc_secure_guest = kvm_vm_check_extension(s, KVM_CAP_PPC_SECURE_GUEST);
+ cap_large_decr = kvmppc_get_dec_bits();
+ cap_fwnmi = kvm_vm_check_extension(s, KVM_CAP_PPC_FWNMI);
+ /*
+@@ -2563,6 +2565,16 @@ int kvmppc_has_cap_rpt_invalidate(void)
+ return cap_rpt_invalidate;
+ }
+
++bool kvmppc_has_cap_secure_guest(void)
++{
++ return !!cap_ppc_secure_guest;
++}
++
++int kvmppc_enable_cap_secure_guest(void)
++{
++ return kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
++}
++
+ PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void)
+ {
+ uint32_t host_pvr = mfpvr();
+@@ -2959,3 +2971,18 @@ bool kvm_arch_cpu_check_are_resettable(void)
+ {
+ return true;
+ }
++
++void kvmppc_svm_allow(Error **errp)
++{
++ if (!kvm_enabled()) {
++ error_setg(errp, "No PEF support in tcg, try x-svm-allowed=off");
++ return;
++ }
++
++ if (!kvmppc_has_cap_secure_guest()) {
++ error_setg(errp, "KVM implementation does not support secure guests, "
++ "try x-svm-allowed=off");
++ } else if (kvmppc_enable_cap_secure_guest() < 0) {
++ error_setg(errp, "Error enabling x-svm-allowed, try x-svm-allowed=off");
++ }
++}
+diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
+index ee9325bf9a..20dbb95989 100644
+--- a/target/ppc/kvm_ppc.h
++++ b/target/ppc/kvm_ppc.h
+@@ -40,6 +40,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
+ target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
+ bool radix, bool gtse,
+ uint64_t proc_tbl);
++void kvmppc_svm_allow(Error **errp);
+ #ifndef CONFIG_USER_ONLY
+ bool kvmppc_spapr_use_multitce(void);
+ int kvmppc_spapr_enable_inkernel_multitce(void);
+@@ -74,6 +75,8 @@ int kvmppc_get_cap_large_decr(void);
+ int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable);
+ int kvmppc_has_cap_rpt_invalidate(void);
+ int kvmppc_enable_hwrng(void);
++bool kvmppc_has_cap_secure_guest(void);
++int kvmppc_enable_cap_secure_guest(void);
+ int kvmppc_put_books_sregs(PowerPCCPU *cpu);
+ PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void);
+ void kvmppc_check_papr_resize_hpt(Error **errp);
+@@ -393,6 +396,16 @@ static inline int kvmppc_has_cap_rpt_invalidate(void)
+ return false;
+ }
+
++static inline bool kvmppc_has_cap_secure_guest(void)
++{
++ return false;
++}
++
++static inline int kvmppc_enable_cap_secure_guest(void)
++{
++ return -1;
++}
++
+ static inline int kvmppc_enable_hwrng(void)
+ {
+ return -1;
+--
+2.31.1
+
diff --git a/SOURCES/0009-Add-ppc64-machine-types.patch b/SOURCES/0009-Add-ppc64-machine-types.patch
deleted file mode 100644
index 90a6ff4..0000000
--- a/SOURCES/0009-Add-ppc64-machine-types.patch
+++ /dev/null
@@ -1,528 +0,0 @@
-From 2d595bc1744fc764ef506fd6ed6555f267d01ea4 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Fri, 19 Oct 2018 13:27:13 +0200
-Subject: Add ppc64 machine types
-
-Adding changes to add RHEL machine types for ppc64 architecture.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-Rebase notes (6.2.0 rc1):
-- Fixed rebase conflict relicts
-- Update machine type compat for 6.2 (from MR 66)
-
-Merged patches (6.1.0):
-- c438c25ac3 redhat: Define pseries-rhel8.5.0 machine type
-- a3995e2eff Remove RHEL 7.0.0 machine type (only ppc64 changes)
-- ad3190a79b Remove RHEL 7.1.0 machine type (only ppc64 changes)
-- 84bbe15d4e Remove RHEL 7.2.0 machine type (only ppc64 changes)
-- 0215eb3356 Remove RHEL 7.3.0 machine types (only ppc64 changes)
-- af69d1ca6e Remove RHEL 7.4.0 machine types (only ppc64 changes)
-- 8f7a74ab78 Remove RHEL 7.5.0 machine types (only ppc64 changes)
----
- hw/ppc/spapr.c | 243 ++++++++++++++++++++++++++++++++++++++++
- hw/ppc/spapr_cpu_core.c | 13 +++
- include/hw/ppc/spapr.h | 4 +
- target/ppc/compat.c | 13 ++-
- target/ppc/cpu.h | 1 +
- target/ppc/kvm.c | 27 +++++
- target/ppc/kvm_ppc.h | 13 +++
- 7 files changed, 313 insertions(+), 1 deletion(-)
-
-diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
-index 3b5fd749be..f4bb5f15f0 100644
---- a/hw/ppc/spapr.c
-+++ b/hw/ppc/spapr.c
-@@ -1593,6 +1593,9 @@ static void spapr_machine_reset(MachineState *machine)
-
- pef_kvm_reset(machine->cgs, &error_fatal);
- spapr_caps_apply(spapr);
-+ if (spapr->svm_allowed) {
-+ kvmppc_svm_allow(&error_fatal);
-+ }
-
- first_ppc_cpu = POWERPC_CPU(first_cpu);
- if (kvm_enabled() && kvmppc_has_cap_mmu_radix() &&
-@@ -3288,6 +3291,20 @@ static void spapr_set_host_serial(Object *obj, const char *value, Error **errp)
- spapr->host_serial = g_strdup(value);
- }
-
-+static bool spapr_get_svm_allowed(Object *obj, Error **errp)
-+{
-+ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+ return spapr->svm_allowed;
-+}
-+
-+static void spapr_set_svm_allowed(Object *obj, bool value, Error **errp)
-+{
-+ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
-+
-+ spapr->svm_allowed = value;
-+}
-+
- static void spapr_instance_init(Object *obj)
- {
- SpaprMachineState *spapr = SPAPR_MACHINE(obj);
-@@ -3366,6 +3383,12 @@ static void spapr_instance_init(Object *obj)
- spapr_get_host_serial, spapr_set_host_serial);
- object_property_set_description(obj, "host-serial",
- "Host serial number to advertise in guest device tree");
-+ object_property_add_bool(obj, "x-svm-allowed",
-+ spapr_get_svm_allowed,
-+ spapr_set_svm_allowed);
-+ object_property_set_description(obj, "x-svm-allowed",
-+ "Allow the guest to become a Secure Guest"
-+ " (experimental only)");
- }
-
- static void spapr_machine_finalizefn(Object *obj)
-@@ -4614,6 +4637,7 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
- vmc->client_architecture_support = spapr_vof_client_architecture_support;
- vmc->quiesce = spapr_vof_quiesce;
- vmc->setprop = spapr_vof_setprop;
-+ smc->has_power9_support = true;
- }
-
- static const TypeInfo spapr_machine_info = {
-@@ -4665,6 +4689,7 @@ static void spapr_machine_latest_class_options(MachineClass *mc)
- } \
- type_init(spapr_machine_register_##suffix)
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- /*
- * pseries-6.2
- */
-@@ -4781,6 +4806,7 @@ static void spapr_machine_4_1_class_options(MachineClass *mc)
- }
-
- DEFINE_SPAPR_MACHINE(4_1, "4.1", false);
-+#endif
-
- /*
- * pseries-4.0
-@@ -4800,6 +4826,8 @@ static bool phb_placement_4_0(SpaprMachineState *spapr, uint32_t index,
- *nv2atsd = 0;
- return true;
- }
-+
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void spapr_machine_4_0_class_options(MachineClass *mc)
- {
- SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-@@ -5127,6 +5155,221 @@ static void spapr_machine_2_1_class_options(MachineClass *mc)
- compat_props_add(mc->compat_props, hw_compat_2_1, hw_compat_2_1_len);
- }
- DEFINE_SPAPR_MACHINE(2_1, "2.1", false);
-+#endif
-+
-+static void spapr_machine_rhel_default_class_options(MachineClass *mc)
-+{
-+ /*
-+ * Defaults for the latest behaviour inherited from the base class
-+ * can be overriden here for all pseries-rhel* machines.
-+ */
-+
-+ /* Maximum supported VCPU count */
-+ mc->max_cpus = 384;
-+}
-+
-+/*
-+ * pseries-rhel8.5.0
-+ * like pseries-6.0
-+ */
-+
-+static void spapr_machine_rhel850_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+
-+ /* The default machine type must apply the RHEL specific defaults */
-+ spapr_machine_rhel_default_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_5,
-+ hw_compat_rhel_8_5_len);
-+ smc->pre_6_2_numa_affinity = true;
-+ mc->smp_props.prefer_sockets = true;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel850, "rhel8.5.0", true);
-+
-+/*
-+ * pseries-rhel8.4.0
-+ * like pseries-5.2
-+ */
-+
-+static void spapr_machine_rhel840_class_options(MachineClass *mc)
-+{
-+ spapr_machine_rhel850_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_4,
-+ hw_compat_rhel_8_4_len);
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel840, "rhel8.4.0", false);
-+
-+/*
-+ * pseries-rhel8.3.0
-+ * like pseries-5.1
-+ */
-+
-+static void spapr_machine_rhel830_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+
-+ spapr_machine_rhel840_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_3,
-+ hw_compat_rhel_8_3_len);
-+
-+ /* from pseries-5.1 */
-+ smc->pre_5_2_numa_associativity = true;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel830, "rhel8.3.0", false);
-+
-+/*
-+ * pseries-rhel8.2.0
-+ * like pseries-4.2 + pseries-5.0
-+ * except SPAPR_CAP_CCF_ASSIST that has been backported to pseries-rhel8.1.0
-+ */
-+
-+static void spapr_machine_rhel820_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+ /* from pseries-5.0 */
-+ static GlobalProperty compat[] = {
-+ { TYPE_SPAPR_PCI_HOST_BRIDGE, "pre-5.1-associativity", "on" },
-+ };
-+
-+ spapr_machine_rhel830_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_2,
-+ hw_compat_rhel_8_2_len);
-+ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
-+
-+ /* from pseries-4.2 */
-+ smc->default_caps.caps[SPAPR_CAP_FWNMI] = SPAPR_CAP_OFF;
-+ smc->rma_limit = 16 * GiB;
-+ mc->nvdimm_supported = false;
-+
-+ /* from pseries-5.0 */
-+ mc->numa_mem_supported = true;
-+ smc->pre_5_1_assoc_refpoints = true;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel820, "rhel8.2.0", false);
-+
-+/*
-+ * pseries-rhel8.1.0
-+ * like pseries-4.1
-+ */
-+
-+static void spapr_machine_rhel810_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+ static GlobalProperty compat[] = {
-+ /* Only allow 4kiB and 64kiB IOMMU pagesizes */
-+ { TYPE_SPAPR_PCI_HOST_BRIDGE, "pgsz", "0x11000" },
-+ };
-+
-+ spapr_machine_rhel820_class_options(mc);
-+
-+ /* from pseries-4.1 */
-+ smc->linux_pci_probe = false;
-+ smc->smp_threads_vsmt = false;
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_1,
-+ hw_compat_rhel_8_1_len);
-+ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
-+
-+ /* from pseries-4.2 */
-+ smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel810, "rhel8.1.0", false);
-+
-+/*
-+ * pseries-rhel8.0.0
-+ * like pseries-3.1 and pseries-4.0
-+ * except SPAPR_CAP_CFPC, SPAPR_CAP_SBBC and SPAPR_CAP_IBS
-+ * that have been backported to pseries-rhel8.0.0
-+ */
-+
-+static void spapr_machine_rhel800_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+
-+ spapr_machine_rhel810_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_0,
-+ hw_compat_rhel_8_0_len);
-+
-+ /* pseries-4.0 */
-+ smc->phb_placement = phb_placement_4_0;
-+ smc->irq = &spapr_irq_xics;
-+ smc->pre_4_1_migration = true;
-+
-+ /* pseries-3.1 */
-+ mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
-+ smc->update_dt_enabled = false;
-+ smc->dr_phb_enabled = false;
-+ smc->broken_host_serial_model = true;
-+ smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel800, "rhel8.0.0", false);
-+
-+/*
-+ * pseries-rhel7.6.0
-+ * like spapr_compat_2_12 and spapr_compat_3_0
-+ * spapr_compat_0 is empty
-+ */
-+GlobalProperty spapr_compat_rhel7_6[] = {
-+ { TYPE_POWERPC_CPU, "pre-3.0-migration", "on" },
-+ { TYPE_SPAPR_CPU_CORE, "pre-3.0-migration", "on" },
-+};
-+const size_t spapr_compat_rhel7_6_len = G_N_ELEMENTS(spapr_compat_rhel7_6);
-+
-+
-+static void spapr_machine_rhel760_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+
-+ spapr_machine_rhel800_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
-+ compat_props_add(mc->compat_props, spapr_compat_rhel7_6, spapr_compat_rhel7_6_len);
-+
-+ /* from spapr_machine_3_0_class_options() */
-+ smc->legacy_irq_allocation = true;
-+ smc->nr_xirqs = 0x400;
-+ smc->irq = &spapr_irq_xics_legacy;
-+
-+ /* from spapr_machine_2_12_class_options() */
-+ /* We depend on kvm_enabled() to choose a default value for the
-+ * hpt-max-page-size capability. Of course we can't do it here
-+ * because this is too early and the HW accelerator isn't initialzed
-+ * yet. Postpone this to machine init (see default_caps_with_cpu()).
-+ */
-+ smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 0;
-+
-+ /* SPAPR_CAP_WORKAROUND enabled in pseries-rhel800 by
-+ * f21757edc554
-+ * "Enable mitigations by default for pseries-4.0 machine type")
-+ */
-+ smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
-+ smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
-+ smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel760, "rhel7.6.0", false);
-+
-+/*
-+ * pseries-rhel7.6.0-sxxm
-+ *
-+ * pseries-rhel7.6.0 with speculative execution exploit mitigations enabled by default
-+ */
-+
-+static void spapr_machine_rhel760sxxm_class_options(MachineClass *mc)
-+{
-+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-+
-+ spapr_machine_rhel760_class_options(mc);
-+ smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
-+ smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
-+ smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD;
-+}
-+
-+DEFINE_SPAPR_MACHINE(rhel760sxxm, "rhel7.6.0-sxxm", false);
-
- static void spapr_machine_register_types(void)
- {
-diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
-index 8ba34f6a1d..78eca1c04a 100644
---- a/hw/ppc/spapr_cpu_core.c
-+++ b/hw/ppc/spapr_cpu_core.c
-@@ -24,6 +24,7 @@
- #include "sysemu/reset.h"
- #include "sysemu/hw_accel.h"
- #include "qemu/error-report.h"
-+#include "cpu-models.h"
-
- static void spapr_reset_vcpu(PowerPCCPU *cpu)
- {
-@@ -250,6 +251,7 @@ static bool spapr_realize_vcpu(PowerPCCPU *cpu, SpaprMachineState *spapr,
- {
- CPUPPCState *env = &cpu->env;
- CPUState *cs = CPU(cpu);
-+ SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
-
- if (!qdev_realize(DEVICE(cpu), NULL, errp)) {
- return false;
-@@ -261,6 +263,17 @@ static bool spapr_realize_vcpu(PowerPCCPU *cpu, SpaprMachineState *spapr,
- cpu_ppc_set_vhyp(cpu, PPC_VIRTUAL_HYPERVISOR(spapr));
- kvmppc_set_papr(cpu);
-
-+ if (!smc->has_power9_support &&
-+ (((spapr->max_compat_pvr &&
-+ ppc_compat_cmp(spapr->max_compat_pvr,
-+ CPU_POWERPC_LOGICAL_3_00) >= 0)) ||
-+ (!spapr->max_compat_pvr &&
-+ ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_3_00, 0, 0)))) {
-+ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
-+ "POWER9 CPU is not supported by this machine class");
-+ return false;
-+ }
-+
- if (spapr_irq_cpu_intc_create(spapr, cpu, errp) < 0) {
- qdev_unrealize(DEVICE(cpu));
- return false;
-diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
-index ee7504b976..fcd5bf9302 100644
---- a/include/hw/ppc/spapr.h
-+++ b/include/hw/ppc/spapr.h
-@@ -154,6 +154,7 @@ struct SpaprMachineClass {
- bool pre_5_2_numa_associativity;
- bool pre_6_2_numa_affinity;
-
-+ bool has_power9_support;
- bool (*phb_placement)(SpaprMachineState *spapr, uint32_t index,
- uint64_t *buid, hwaddr *pio,
- hwaddr *mmio32, hwaddr *mmio64,
-@@ -238,6 +239,9 @@ struct SpaprMachineState {
- /* Set by -boot */
- char *boot_device;
-
-+ /* Secure Guest support via x-svm-allowed */
-+ bool svm_allowed;
-+
- /*< public >*/
- char *kvm_type;
- char *host_model;
-diff --git a/target/ppc/compat.c b/target/ppc/compat.c
-index 7949a24f5a..f207a9ba01 100644
---- a/target/ppc/compat.c
-+++ b/target/ppc/compat.c
-@@ -114,8 +114,19 @@ static const CompatInfo *compat_by_pvr(uint32_t pvr)
- return NULL;
- }
-
-+long ppc_compat_cmp(uint32_t pvr1, uint32_t pvr2)
-+{
-+ const CompatInfo *compat1 = compat_by_pvr(pvr1);
-+ const CompatInfo *compat2 = compat_by_pvr(pvr2);
-+
-+ g_assert(compat1);
-+ g_assert(compat2);
-+
-+ return compat1 - compat2;
-+}
-+
- static bool pcc_compat(PowerPCCPUClass *pcc, uint32_t compat_pvr,
-- uint32_t min_compat_pvr, uint32_t max_compat_pvr)
-+ uint32_t min_compat_pvr, uint32_t max_compat_pvr)
- {
- const CompatInfo *compat = compat_by_pvr(compat_pvr);
- const CompatInfo *min = compat_by_pvr(min_compat_pvr);
-diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
-index e946da5f3a..23e8b76c85 100644
---- a/target/ppc/cpu.h
-+++ b/target/ppc/cpu.h
-@@ -1401,6 +1401,7 @@ static inline int cpu_mmu_index(CPUPPCState *env, bool ifetch)
-
- /* Compatibility modes */
- #if defined(TARGET_PPC64)
-+long ppc_compat_cmp(uint32_t pvr1, uint32_t pvr2);
- bool ppc_check_compat(PowerPCCPU *cpu, uint32_t compat_pvr,
- uint32_t min_compat_pvr, uint32_t max_compat_pvr);
- bool ppc_type_check_compat(const char *cputype, uint32_t compat_pvr,
-diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
-index dc93b99189..154888cce5 100644
---- a/target/ppc/kvm.c
-+++ b/target/ppc/kvm.c
-@@ -90,6 +90,7 @@ static int cap_ppc_nested_kvm_hv;
- static int cap_large_decr;
- static int cap_fwnmi;
- static int cap_rpt_invalidate;
-+static int cap_ppc_secure_guest;
-
- static uint32_t debug_inst_opcode;
-
-@@ -137,6 +138,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
- cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
- kvmppc_get_cpu_characteristics(s);
- cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV);
-+ cap_ppc_secure_guest = kvm_vm_check_extension(s, KVM_CAP_PPC_SECURE_GUEST);
- cap_large_decr = kvmppc_get_dec_bits();
- cap_fwnmi = kvm_vm_check_extension(s, KVM_CAP_PPC_FWNMI);
- /*
-@@ -2563,6 +2565,16 @@ int kvmppc_has_cap_rpt_invalidate(void)
- return cap_rpt_invalidate;
- }
-
-+bool kvmppc_has_cap_secure_guest(void)
-+{
-+ return !!cap_ppc_secure_guest;
-+}
-+
-+int kvmppc_enable_cap_secure_guest(void)
-+{
-+ return kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
-+}
-+
- PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void)
- {
- uint32_t host_pvr = mfpvr();
-@@ -2959,3 +2971,18 @@ bool kvm_arch_cpu_check_are_resettable(void)
- {
- return true;
- }
-+
-+void kvmppc_svm_allow(Error **errp)
-+{
-+ if (!kvm_enabled()) {
-+ error_setg(errp, "No PEF support in tcg, try x-svm-allowed=off");
-+ return;
-+ }
-+
-+ if (!kvmppc_has_cap_secure_guest()) {
-+ error_setg(errp, "KVM implementation does not support secure guests, "
-+ "try x-svm-allowed=off");
-+ } else if (kvmppc_enable_cap_secure_guest() < 0) {
-+ error_setg(errp, "Error enabling x-svm-allowed, try x-svm-allowed=off");
-+ }
-+}
-diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
-index ee9325bf9a..20dbb95989 100644
---- a/target/ppc/kvm_ppc.h
-+++ b/target/ppc/kvm_ppc.h
-@@ -40,6 +40,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
- target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
- bool radix, bool gtse,
- uint64_t proc_tbl);
-+void kvmppc_svm_allow(Error **errp);
- #ifndef CONFIG_USER_ONLY
- bool kvmppc_spapr_use_multitce(void);
- int kvmppc_spapr_enable_inkernel_multitce(void);
-@@ -74,6 +75,8 @@ int kvmppc_get_cap_large_decr(void);
- int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable);
- int kvmppc_has_cap_rpt_invalidate(void);
- int kvmppc_enable_hwrng(void);
-+bool kvmppc_has_cap_secure_guest(void);
-+int kvmppc_enable_cap_secure_guest(void);
- int kvmppc_put_books_sregs(PowerPCCPU *cpu);
- PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void);
- void kvmppc_check_papr_resize_hpt(Error **errp);
-@@ -393,6 +396,16 @@ static inline int kvmppc_has_cap_rpt_invalidate(void)
- return false;
- }
-
-+static inline bool kvmppc_has_cap_secure_guest(void)
-+{
-+ return false;
-+}
-+
-+static inline int kvmppc_enable_cap_secure_guest(void)
-+{
-+ return -1;
-+}
-+
- static inline int kvmppc_enable_hwrng(void)
- {
- return -1;
---
-2.27.0
-
diff --git a/SOURCES/0009-Add-s390x-machine-types.patch b/SOURCES/0009-Add-s390x-machine-types.patch
new file mode 100644
index 0000000..2d8b554
--- /dev/null
+++ b/SOURCES/0009-Add-s390x-machine-types.patch
@@ -0,0 +1,186 @@
+From 680f343e58a50a99d17bc7dedd3ee90980912023 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Fri, 19 Oct 2018 13:47:32 +0200
+Subject: Add s390x machine types
+
+Adding changes to add RHEL machine types for s390x architecture.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+--
+Merged patches (6.1.0):
+- 64a9a5c971 hw/s390x: Remove the RHEL7-only machine type
+- 395516d62b redhat: s390x: add rhel-8.5.0 compat machine
+
+Merged patches (6.2.0):
+- 3bf66f4520 redhat: Add s390x machine type compatibility update for 6.1 rebase
+
+Merged patches (7.0.0):
+- e6ff4de4f7 redhat: Add s390x machine type compatibility handling for the rebase to v6.2
+- 4b0efa7e21 redhat: Add rhel8.6.0 and rhel9.0.0 machine types for s390x
+- dcc64971bf RHEL: mark old machine types as deprecated (partialy)
+---
+ hw/core/machine.c | 6 +++
+ hw/s390x/s390-virtio-ccw.c | 104 ++++++++++++++++++++++++++++++++++++-
+ include/hw/boards.h | 2 +
+ 3 files changed, 111 insertions(+), 1 deletion(-)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index ea430d844e..77202a3570 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -37,6 +37,12 @@
+ #include "hw/virtio/virtio.h"
+ #include "hw/virtio/virtio-pci.h"
+
++/*
++ * RHEL only: machine types for previous major releases are deprecated
++ */
++const char *rhel_old_machine_deprecation =
++ "machine types for previous major releases are deprecated";
++
+ /*
+ * Mostly the same as hw_compat_6_0 and hw_compat_6_1
+ */
+diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
+index 90480e7cf9..ec4176a1e0 100644
+--- a/hw/s390x/s390-virtio-ccw.c
++++ b/hw/s390x/s390-virtio-ccw.c
+@@ -767,7 +767,7 @@ bool css_migration_enabled(void)
+ { \
+ MachineClass *mc = MACHINE_CLASS(oc); \
+ ccw_machine_##suffix##_class_options(mc); \
+- mc->desc = "VirtIO-ccw based S390 machine v" verstr; \
++ mc->desc = "VirtIO-ccw based S390 machine " verstr; \
+ if (latest) { \
+ mc->alias = "s390-ccw-virtio"; \
+ mc->is_default = true; \
+@@ -791,6 +791,7 @@ bool css_migration_enabled(void)
+ } \
+ type_init(ccw_machine_register_##suffix)
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void ccw_machine_7_0_instance_options(MachineState *machine)
+ {
+ }
+@@ -1115,6 +1116,107 @@ static void ccw_machine_2_4_class_options(MachineClass *mc)
+ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
+ }
+ DEFINE_CCW_MACHINE(2_4, "2.4", false);
++#endif
++
++static void ccw_machine_rhel900_instance_options(MachineState *machine)
++{
++}
++
++static void ccw_machine_rhel900_class_options(MachineClass *mc)
++{
++}
++DEFINE_CCW_MACHINE(rhel900, "rhel9.0.0", true);
++
++static void ccw_machine_rhel860_instance_options(MachineState *machine)
++{
++ /* Note: The -rhel8.6.0 and -rhel9.0.0 machines are technically identical */
++ ccw_machine_rhel900_instance_options(machine);
++}
++
++static void ccw_machine_rhel860_class_options(MachineClass *mc)
++{
++ ccw_machine_rhel900_class_options(mc);
++
++ /* All RHEL machines for prior major releases are deprecated */
++ mc->deprecation_reason = rhel_old_machine_deprecation;
++}
++DEFINE_CCW_MACHINE(rhel860, "rhel8.6.0", false);
++
++static void ccw_machine_rhel850_instance_options(MachineState *machine)
++{
++ static const S390FeatInit qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V6_0 };
++
++ ccw_machine_rhel860_instance_options(machine);
++
++ s390_set_qemu_cpu_model(0x2964, 13, 2, qemu_cpu_feat);
++
++ s390_cpudef_featoff_greater(16, 1, S390_FEAT_NNPA);
++ s390_cpudef_featoff_greater(16, 1, S390_FEAT_VECTOR_PACKED_DECIMAL_ENH2);
++ s390_cpudef_featoff_greater(16, 1, S390_FEAT_BEAR_ENH);
++ s390_cpudef_featoff_greater(16, 1, S390_FEAT_RDP);
++ s390_cpudef_featoff_greater(16, 1, S390_FEAT_PAI);
++}
++
++static void ccw_machine_rhel850_class_options(MachineClass *mc)
++{
++ ccw_machine_rhel860_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
++ mc->smp_props.prefer_sockets = true;
++}
++DEFINE_CCW_MACHINE(rhel850, "rhel8.5.0", false);
++
++static void ccw_machine_rhel840_instance_options(MachineState *machine)
++{
++ ccw_machine_rhel850_instance_options(machine);
++}
++
++static void ccw_machine_rhel840_class_options(MachineClass *mc)
++{
++ ccw_machine_rhel850_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_4, hw_compat_rhel_8_4_len);
++}
++DEFINE_CCW_MACHINE(rhel840, "rhel8.4.0", false);
++
++static void ccw_machine_rhel820_instance_options(MachineState *machine)
++{
++ ccw_machine_rhel840_instance_options(machine);
++}
++
++static void ccw_machine_rhel820_class_options(MachineClass *mc)
++{
++ ccw_machine_rhel840_class_options(mc);
++ mc->fixup_ram_size = s390_fixup_ram_size;
++ /* we did not publish a rhel8.3.0 machine */
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_3, hw_compat_rhel_8_3_len);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_2, hw_compat_rhel_8_2_len);
++}
++DEFINE_CCW_MACHINE(rhel820, "rhel8.2.0", false);
++
++static void ccw_machine_rhel760_instance_options(MachineState *machine)
++{
++ static const S390FeatInit qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V3_1 };
++
++ ccw_machine_rhel820_instance_options(machine);
++
++ s390_set_qemu_cpu_model(0x2827, 12, 2, qemu_cpu_feat);
++
++ /* The multiple-epoch facility was not available with rhel7.6.0 on z14GA1 */
++ s390_cpudef_featoff(14, 1, S390_FEAT_MULTIPLE_EPOCH);
++ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_QSIE);
++ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_QTOUE);
++ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_STOE);
++ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_STOUE);
++}
++
++static void ccw_machine_rhel760_class_options(MachineClass *mc)
++{
++ ccw_machine_rhel820_class_options(mc);
++ /* We never published the s390x version of RHEL-AV 8.0 and 8.1, so add this here */
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_1, hw_compat_rhel_8_1_len);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_0, hw_compat_rhel_8_0_len);
++ compat_props_add(mc->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
++}
++DEFINE_CCW_MACHINE(rhel760, "rhel7.6.0", false);
+
+ static void ccw_machine_register_types(void)
+ {
+diff --git a/include/hw/boards.h b/include/hw/boards.h
+index c90a19b4d1..bf59275f18 100644
+--- a/include/hw/boards.h
++++ b/include/hw/boards.h
+@@ -470,4 +470,6 @@ extern const size_t hw_compat_rhel_8_0_len;
+ extern GlobalProperty hw_compat_rhel_7_6[];
+ extern const size_t hw_compat_rhel_7_6_len;
+
++extern const char *rhel_old_machine_deprecation;
++
+ #endif
+--
+2.31.1
+
diff --git a/SOURCES/0010-Add-s390x-machine-types.patch b/SOURCES/0010-Add-s390x-machine-types.patch
deleted file mode 100644
index 1095f3a..0000000
--- a/SOURCES/0010-Add-s390x-machine-types.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From ea22b5ae0a89ef53f31f67bb6845fd6c45d4f412 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Fri, 19 Oct 2018 13:47:32 +0200
-Subject: Add s390x machine types
-
-Adding changes to add RHEL machine types for s390x architecture.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
-Merged patches (6.1.0):
-- 64a9a5c971 hw/s390x: Remove the RHEL7-only machine type
-- 395516d62b redhat: s390x: add rhel-8.5.0 compat machine
-
-Merged patches (6.2.0 RC0):
-- 3bf66f4520 redhat: Add s390x machine type compatibility update for 6.1 rebase
----
- hw/s390x/s390-virtio-ccw.c | 67 +++++++++++++++++++++++++++++++++++++-
- 1 file changed, 66 insertions(+), 1 deletion(-)
-
-diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
-index 653587ea62..4af14cb9ca 100644
---- a/hw/s390x/s390-virtio-ccw.c
-+++ b/hw/s390x/s390-virtio-ccw.c
-@@ -767,7 +767,7 @@ bool css_migration_enabled(void)
- { \
- MachineClass *mc = MACHINE_CLASS(oc); \
- ccw_machine_##suffix##_class_options(mc); \
-- mc->desc = "VirtIO-ccw based S390 machine v" verstr; \
-+ mc->desc = "VirtIO-ccw based S390 machine " verstr; \
- if (latest) { \
- mc->alias = "s390-ccw-virtio"; \
- mc->is_default = true; \
-@@ -791,6 +791,7 @@ bool css_migration_enabled(void)
- } \
- type_init(ccw_machine_register_##suffix)
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void ccw_machine_6_2_instance_options(MachineState *machine)
- {
- }
-@@ -1100,6 +1101,70 @@ static void ccw_machine_2_4_class_options(MachineClass *mc)
- compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
- }
- DEFINE_CCW_MACHINE(2_4, "2.4", false);
-+#endif
-+
-+static void ccw_machine_rhel850_instance_options(MachineState *machine)
-+{
-+}
-+
-+static void ccw_machine_rhel850_class_options(MachineClass *mc)
-+{
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
-+}
-+DEFINE_CCW_MACHINE(rhel850, "rhel8.5.0", true);
-+
-+static void ccw_machine_rhel840_instance_options(MachineState *machine)
-+{
-+ ccw_machine_rhel850_instance_options(machine);
-+}
-+
-+static void ccw_machine_rhel840_class_options(MachineClass *mc)
-+{
-+ ccw_machine_rhel850_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_4, hw_compat_rhel_8_4_len);
-+}
-+DEFINE_CCW_MACHINE(rhel840, "rhel8.4.0", false);
-+
-+static void ccw_machine_rhel820_instance_options(MachineState *machine)
-+{
-+ ccw_machine_rhel840_instance_options(machine);
-+}
-+
-+static void ccw_machine_rhel820_class_options(MachineClass *mc)
-+{
-+ ccw_machine_rhel840_class_options(mc);
-+ mc->fixup_ram_size = s390_fixup_ram_size;
-+ /* we did not publish a rhel8.3.0 machine */
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_3, hw_compat_rhel_8_3_len);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_2, hw_compat_rhel_8_2_len);
-+}
-+DEFINE_CCW_MACHINE(rhel820, "rhel8.2.0", false);
-+
-+static void ccw_machine_rhel760_instance_options(MachineState *machine)
-+{
-+ static const S390FeatInit qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V3_1 };
-+
-+ ccw_machine_rhel820_instance_options(machine);
-+
-+ s390_set_qemu_cpu_model(0x2827, 12, 2, qemu_cpu_feat);
-+
-+ /* The multiple-epoch facility was not available with rhel7.6.0 on z14GA1 */
-+ s390_cpudef_featoff(14, 1, S390_FEAT_MULTIPLE_EPOCH);
-+ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_QSIE);
-+ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_QTOUE);
-+ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_STOE);
-+ s390_cpudef_featoff(14, 1, S390_FEAT_PTFF_STOUE);
-+}
-+
-+static void ccw_machine_rhel760_class_options(MachineClass *mc)
-+{
-+ ccw_machine_rhel820_class_options(mc);
-+ /* We never published the s390x version of RHEL-AV 8.0 and 8.1, so add this here */
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_1, hw_compat_rhel_8_1_len);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_0, hw_compat_rhel_8_0_len);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
-+}
-+DEFINE_CCW_MACHINE(rhel760, "rhel7.6.0", false);
-
- static void ccw_machine_register_types(void)
- {
---
-2.27.0
-
diff --git a/SOURCES/0010-Add-x86_64-machine-types.patch b/SOURCES/0010-Add-x86_64-machine-types.patch
new file mode 100644
index 0000000..7c48967
--- /dev/null
+++ b/SOURCES/0010-Add-x86_64-machine-types.patch
@@ -0,0 +1,714 @@
+From 427a575ca57966bc72e1ebf218081da530d435d7 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Fri, 19 Oct 2018 13:10:31 +0200
+Subject: Add x86_64 machine types
+
+Adding changes to add RHEL machine types for x86_64 architecture.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+Rebase notes (6.1.0):
+- Update qemu64 cpu spec
+
+Rebase notes (7.0.0):
+- Reset alias for all machine-types except latest one
+
+Merged patches (6.1.0):
+- 59c284ad3b x86: Add x86 rhel8.5 machine types
+- a8868b42fe redhat: x86: Enable 'kvm-asyncpf-int' by default
+- a3995e2eff Remove RHEL 7.0.0 machine type (only x86_64 changes)
+- ad3190a79b Remove RHEL 7.1.0 machine type (only x86_64 changes)
+- 84bbe15d4e Remove RHEL 7.2.0 machine type (only x86_64 changes)
+- 0215eb3356 Remove RHEL 7.3.0 machine types (only x86_64 changes)
+- af69d1ca6e Remove RHEL 7.4.0 machine types (only x86_64 changes)
+- 8f7a74ab78 Remove RHEL 7.5.0 machine types (only x86_64 changes)
+
+Merged patches (7.0.0):
+- eae7d8dd3c x86/rhel machine types: Add pc_rhel_8_5_compat
+- 6762f56469 x86/rhel machine types: Wire compat into q35 and i440fx
+- 5762101438 rhel machine types/x86: set prefer_sockets
+- 9ba9ddc632 x86: Add q35 RHEL 8.6.0 machine type
+- 6110d865e5 x86: Add q35 RHEL 9.0.0 machine type
+- dcc64971bf RHEL: mark old machine types as deprecated (partialy)
+- 6b396f182b RHEL: disable "seqpacket" for "vhost-vsock-device" in rhel8.6.0
+---
+ hw/core/machine.c | 10 ++
+ hw/i386/pc.c | 135 +++++++++++++++++++++-
+ hw/i386/pc_piix.c | 79 ++++++++++++-
+ hw/i386/pc_q35.c | 227 ++++++++++++++++++++++++++++++++++++-
+ hw/s390x/s390-virtio-ccw.c | 1 +
+ include/hw/boards.h | 5 +
+ include/hw/i386/pc.h | 24 ++++
+ target/i386/kvm/kvm-cpu.c | 1 +
+ target/i386/kvm/kvm.c | 4 +
+ tests/qtest/pvpanic-test.c | 5 +-
+ 10 files changed, 484 insertions(+), 7 deletions(-)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index 77202a3570..28989b6e7b 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -43,6 +43,16 @@
+ const char *rhel_old_machine_deprecation =
+ "machine types for previous major releases are deprecated";
+
++GlobalProperty hw_compat_rhel_8_6[] = {
++ /* hw_compat_rhel_8_6 bz 2065589 */
++ /*
++ * vhost-vsock device in RHEL 8 kernels doesn't support seqpacket, so
++ * we need do disable it downstream on the latest hw_compat_rhel_8.
++ */
++ { "vhost-vsock-device", "seqpacket", "off" },
++};
++const size_t hw_compat_rhel_8_6_len = G_N_ELEMENTS(hw_compat_rhel_8_6);
++
+ /*
+ * Mostly the same as hw_compat_6_0 and hw_compat_6_1
+ */
+diff --git a/hw/i386/pc.c b/hw/i386/pc.c
+index fd55fc725c..263d882af6 100644
+--- a/hw/i386/pc.c
++++ b/hw/i386/pc.c
+@@ -375,6 +375,137 @@ GlobalProperty pc_compat_1_4[] = {
+ };
+ const size_t pc_compat_1_4_len = G_N_ELEMENTS(pc_compat_1_4);
+
++/* This macro is for changes to properties that are RHEL specific,
++ * different to the current upstream and to be applied to the latest
++ * machine type.
++ */
++GlobalProperty pc_rhel_compat[] = {
++ { TYPE_X86_CPU, "host-phys-bits", "on" },
++ { TYPE_X86_CPU, "host-phys-bits-limit", "48" },
++ { TYPE_X86_CPU, "vmx-entry-load-perf-global-ctrl", "off" },
++ { TYPE_X86_CPU, "vmx-exit-load-perf-global-ctrl", "off" },
++ /* bz 1508330 */
++ { "vfio-pci", "x-no-geforce-quirks", "on" },
++ /* bz 1941397 */
++ { TYPE_X86_CPU, "kvm-asyncpf-int", "on" },
++};
++const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
++
++GlobalProperty pc_rhel_8_5_compat[] = {
++ /* pc_rhel_8_5_compat from pc_compat_6_0 */
++ { "qemu64" "-" TYPE_X86_CPU, "family", "6" },
++ /* pc_rhel_8_5_compat from pc_compat_6_0 */
++ { "qemu64" "-" TYPE_X86_CPU, "model", "6" },
++ /* pc_rhel_8_5_compat from pc_compat_6_0 */
++ { "qemu64" "-" TYPE_X86_CPU, "stepping", "3" },
++ /* pc_rhel_8_5_compat from pc_compat_6_0 */
++ { TYPE_X86_CPU, "x-vendor-cpuid-only", "off" },
++ /* pc_rhel_8_5_compat from pc_compat_6_0 */
++ { "ICH9-LPC", ACPI_PM_PROP_ACPI_PCIHP_BRIDGE, "off" },
++
++ /* pc_rhel_8_5_compat from pc_compat_6_1 */
++ { TYPE_X86_CPU, "hv-version-id-build", "0x1bbc" },
++ /* pc_rhel_8_5_compat from pc_compat_6_1 */
++ { TYPE_X86_CPU, "hv-version-id-major", "0x0006" },
++ /* pc_rhel_8_5_compat from pc_compat_6_1 */
++ { TYPE_X86_CPU, "hv-version-id-minor", "0x0001" },
++};
++const size_t pc_rhel_8_5_compat_len = G_N_ELEMENTS(pc_rhel_8_5_compat);
++
++GlobalProperty pc_rhel_8_4_compat[] = {
++ /* pc_rhel_8_4_compat from pc_compat_5_2 */
++ { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
++ { TYPE_X86_CPU, "kvm-asyncpf-int", "off" },
++};
++const size_t pc_rhel_8_4_compat_len = G_N_ELEMENTS(pc_rhel_8_4_compat);
++
++GlobalProperty pc_rhel_8_3_compat[] = {
++ /* pc_rhel_8_3_compat from pc_compat_5_1 */
++ { "ICH9-LPC", "x-smi-cpu-hotplug", "off" },
++};
++const size_t pc_rhel_8_3_compat_len = G_N_ELEMENTS(pc_rhel_8_3_compat);
++
++GlobalProperty pc_rhel_8_2_compat[] = {
++ /* pc_rhel_8_2_compat from pc_compat_4_2 */
++ { "mch", "smbase-smram", "off" },
++};
++const size_t pc_rhel_8_2_compat_len = G_N_ELEMENTS(pc_rhel_8_2_compat);
++
++/* pc_rhel_8_1_compat is empty since pc_4_1_compat is */
++GlobalProperty pc_rhel_8_1_compat[] = { };
++const size_t pc_rhel_8_1_compat_len = G_N_ELEMENTS(pc_rhel_8_1_compat);
++
++GlobalProperty pc_rhel_8_0_compat[] = {
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "intel-iommu", "dma-drain", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G3" "-" TYPE_X86_CPU, "rdtscp", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G4" "-" TYPE_X86_CPU, "rdtscp", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G4" "-" TYPE_X86_CPU, "npt", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G4" "-" TYPE_X86_CPU, "nrip-save", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G5" "-" TYPE_X86_CPU, "rdtscp", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G5" "-" TYPE_X86_CPU, "npt", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Opteron_G5" "-" TYPE_X86_CPU, "nrip-save", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "EPYC" "-" TYPE_X86_CPU, "npt", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "EPYC" "-" TYPE_X86_CPU, "nrip-save", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "EPYC-IBPB" "-" TYPE_X86_CPU, "npt", "off" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "EPYC-IBPB" "-" TYPE_X86_CPU, "nrip-save", "off" },
++ /** The mpx=on entries from pc_compat_3_1 are in pc_rhel_7_6_compat **/
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { "Cascadelake-Server" "-" TYPE_X86_CPU, "stepping", "5" },
++ /* pc_rhel_8_0_compat from pc_compat_3_1 */
++ { TYPE_X86_CPU, "x-intel-pt-auto-level", "off" },
++};
++const size_t pc_rhel_8_0_compat_len = G_N_ELEMENTS(pc_rhel_8_0_compat);
++
++/* Similar to PC_COMPAT_3_0 + PC_COMPAT_2_12, but:
++ * all of the 2_12 stuff was already in 7.6 from bz 1481253
++ * x-migrate-smi-count comes from PC_COMPAT_2_11 but
++ * is really tied to kernel version so keep it off on 7.x
++ * machine types irrespective of host.
++ */
++GlobalProperty pc_rhel_7_6_compat[] = {
++ /* pc_rhel_7_6_compat from pc_compat_3_0 */
++ { TYPE_X86_CPU, "x-hv-synic-kvm-only", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_3_0 */
++ { "Skylake-Server" "-" TYPE_X86_CPU, "pku", "off" },
++ /* pc_rhel_7_6_compat from pc_compat_3_0 */
++ { "Skylake-Server-IBRS" "-" TYPE_X86_CPU, "pku", "off" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { TYPE_X86_CPU, "x-migrate-smi-count", "off" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Skylake-Client" "-" TYPE_X86_CPU, "mpx", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Skylake-Client-IBRS" "-" TYPE_X86_CPU, "mpx", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Skylake-Server" "-" TYPE_X86_CPU, "mpx", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Skylake-Server-IBRS" "-" TYPE_X86_CPU, "mpx", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Cascadelake-Server" "-" TYPE_X86_CPU, "mpx", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Icelake-Client" "-" TYPE_X86_CPU, "mpx", "on" },
++ /* pc_rhel_7_6_compat from pc_compat_2_11 */
++ { "Icelake-Server" "-" TYPE_X86_CPU, "mpx", "on" },
++};
++const size_t pc_rhel_7_6_compat_len = G_N_ELEMENTS(pc_rhel_7_6_compat);
++
++/*
++ * The PC_RHEL_*_COMPAT serve the same purpose for RHEL-7 machine
++ * types as the PC_COMPAT_* do for upstream types.
++ * PC_RHEL_7_*_COMPAT apply both to i440fx and q35 types.
++ */
++
+ GSIState *pc_gsi_create(qemu_irq **irqs, bool pci_enabled)
+ {
+ GSIState *s;
+@@ -1738,6 +1869,7 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
+ pcmc->pvh_enabled = true;
+ pcmc->kvmclock_create_always = true;
+ assert(!mc->get_hotplug_handler);
++ mc->async_pf_vmexit_disable = false;
+ mc->get_hotplug_handler = pc_get_hotplug_handler;
+ mc->hotplug_allowed = pc_hotplug_allowed;
+ mc->cpu_index_to_instance_props = x86_cpu_index_to_props;
+@@ -1748,7 +1880,8 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
+ mc->has_hotpluggable_cpus = true;
+ mc->default_boot_order = "cad";
+ mc->block_default_type = IF_IDE;
+- mc->max_cpus = 255;
++ /* 240: max CPU count for RHEL */
++ mc->max_cpus = 240;
+ mc->reset = pc_machine_reset;
+ mc->wakeup = pc_machine_wakeup;
+ hc->pre_plug = pc_machine_device_pre_plug_cb;
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index c797e98312..0cacc0d623 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -50,6 +50,7 @@
+ #include "qapi/error.h"
+ #include "qemu/error-report.h"
+ #include "sysemu/xen.h"
++#include "migration/migration.h"
+ #ifdef CONFIG_XEN
+ #include <xen/hvm/hvm_info_table.h>
+ #include "hw/xen/xen_pt.h"
+@@ -174,8 +175,8 @@ static void pc_init1(MachineState *machine,
+ if (pcmc->smbios_defaults) {
+ MachineClass *mc = MACHINE_GET_CLASS(machine);
+ /* These values are guest ABI, do not change */
+- smbios_set_defaults("QEMU", "Standard PC (i440FX + PIIX, 1996)",
+- mc->name, pcmc->smbios_legacy_mode,
++ smbios_set_defaults("Red Hat", "KVM",
++ mc->desc, pcmc->smbios_legacy_mode,
+ pcmc->smbios_uuid_encoded,
+ pcmc->smbios_stream_product,
+ pcmc->smbios_stream_version,
+@@ -314,6 +315,7 @@ static void pc_init1(MachineState *machine,
+ * hw_compat_*, pc_compat_*, or * pc_*_machine_options().
+ */
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void pc_compat_2_3_fn(MachineState *machine)
+ {
+ X86MachineState *x86ms = X86_MACHINE(machine);
+@@ -967,3 +969,76 @@ static void xenfv_3_1_machine_options(MachineClass *m)
+ DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init,
+ xenfv_3_1_machine_options);
+ #endif
++#endif /* Disabled for Red Hat Enterprise Linux */
++
++/* Red Hat Enterprise Linux machine types */
++
++/* Options for the latest rhel7 machine type */
++static void pc_machine_rhel7_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ m->family = "pc_piix_Y";
++ m->default_machine_opts = "firmware=bios-256k.bin,hpet=off";
++ pcmc->default_nic_model = "e1000";
++ pcmc->pci_root_uid = 0;
++ m->default_display = "std";
++ m->no_parallel = 1;
++ m->numa_mem_supported = true;
++ m->auto_enable_numa_with_memdev = false;
++ machine_class_allow_dynamic_sysbus_dev(m, TYPE_RAMFB_DEVICE);
++ compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
++ m->alias = "pc";
++ m->is_default = 1;
++ m->smp_props.prefer_sockets = true;
++}
++
++static void pc_init_rhel760(MachineState *machine)
++{
++ pc_init1(machine, TYPE_I440FX_PCI_HOST_BRIDGE, \
++ TYPE_I440FX_PCI_DEVICE);
++}
++
++static void pc_machine_rhel760_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_machine_rhel7_options(m);
++ m->desc = "RHEL 7.6.0 PC (i440FX + PIIX, 1996)";
++ m->async_pf_vmexit_disable = true;
++ m->smbus_no_migration_support = true;
++
++ /* All RHEL machines for prior major releases are deprecated */
++ m->deprecation_reason = rhel_old_machine_deprecation;
++
++ pcmc->pvh_enabled = false;
++ pcmc->default_cpu_version = CPU_VERSION_LEGACY;
++ pcmc->kvmclock_create_always = false;
++ /* From pc_i440fx_5_1_machine_options() */
++ pcmc->pci_root_uid = 1;
++ compat_props_add(m->compat_props, hw_compat_rhel_8_6,
++ hw_compat_rhel_8_6_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_8_5,
++ hw_compat_rhel_8_5_len);
++ compat_props_add(m->compat_props, pc_rhel_8_5_compat,
++ pc_rhel_8_5_compat_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_8_4,
++ hw_compat_rhel_8_4_len);
++ compat_props_add(m->compat_props, pc_rhel_8_4_compat,
++ pc_rhel_8_4_compat_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_8_3,
++ hw_compat_rhel_8_3_len);
++ compat_props_add(m->compat_props, pc_rhel_8_3_compat,
++ pc_rhel_8_3_compat_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_8_2,
++ hw_compat_rhel_8_2_len);
++ compat_props_add(m->compat_props, pc_rhel_8_2_compat,
++ pc_rhel_8_2_compat_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_8_1, hw_compat_rhel_8_1_len);
++ compat_props_add(m->compat_props, pc_rhel_8_1_compat, pc_rhel_8_1_compat_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_8_0, hw_compat_rhel_8_0_len);
++ compat_props_add(m->compat_props, pc_rhel_8_0_compat, pc_rhel_8_0_compat_len);
++ compat_props_add(m->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
++ compat_props_add(m->compat_props, pc_rhel_7_6_compat, pc_rhel_7_6_compat_len);
++}
++
++DEFINE_PC_MACHINE(rhel760, "pc-i440fx-rhel7.6.0", pc_init_rhel760,
++ pc_machine_rhel760_options);
+diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
+index b695f88c45..157160e069 100644
+--- a/hw/i386/pc_q35.c
++++ b/hw/i386/pc_q35.c
+@@ -197,8 +197,8 @@ static void pc_q35_init(MachineState *machine)
+
+ if (pcmc->smbios_defaults) {
+ /* These values are guest ABI, do not change */
+- smbios_set_defaults("QEMU", "Standard PC (Q35 + ICH9, 2009)",
+- mc->name, pcmc->smbios_legacy_mode,
++ smbios_set_defaults("Red Hat", "KVM",
++ mc->desc, pcmc->smbios_legacy_mode,
+ pcmc->smbios_uuid_encoded,
+ pcmc->smbios_stream_product,
+ pcmc->smbios_stream_version,
+@@ -342,6 +342,7 @@ static void pc_q35_init(MachineState *machine)
+ DEFINE_PC_MACHINE(suffix, name, pc_init_##suffix, optionfn)
+
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void pc_q35_machine_options(MachineClass *m)
+ {
+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+@@ -631,3 +632,225 @@ static void pc_q35_2_4_machine_options(MachineClass *m)
+
+ DEFINE_Q35_MACHINE(v2_4, "pc-q35-2.4", NULL,
+ pc_q35_2_4_machine_options);
++#endif /* Disabled for Red Hat Enterprise Linux */
++
++/* Red Hat Enterprise Linux machine types */
++
++/* Options for the latest rhel q35 machine type */
++static void pc_q35_machine_rhel_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pcmc->default_nic_model = "e1000e";
++ pcmc->pci_root_uid = 0;
++ m->family = "pc_q35_Z";
++ m->units_per_default_bus = 1;
++ m->default_machine_opts = "firmware=bios-256k.bin,hpet=off";
++ m->default_display = "std";
++ m->no_floppy = 1;
++ m->no_parallel = 1;
++ pcmc->default_cpu_version = 1;
++ machine_class_allow_dynamic_sysbus_dev(m, TYPE_AMD_IOMMU_DEVICE);
++ machine_class_allow_dynamic_sysbus_dev(m, TYPE_INTEL_IOMMU_DEVICE);
++ machine_class_allow_dynamic_sysbus_dev(m, TYPE_RAMFB_DEVICE);
++ m->alias = "q35";
++ m->max_cpus = 710;
++ compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
++}
++
++static void pc_q35_init_rhel900(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel900_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel_options(m);
++ m->desc = "RHEL-9.0.0 PC (Q35 + ICH9, 2009)";
++ pcmc->smbios_stream_product = "RHEL";
++ pcmc->smbios_stream_version = "9.0.0";
++}
++
++DEFINE_PC_MACHINE(q35_rhel900, "pc-q35-rhel9.0.0", pc_q35_init_rhel900,
++ pc_q35_machine_rhel900_options);
++
++static void pc_q35_init_rhel860(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel860_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel900_options(m);
++ m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)";
++ m->alias = NULL;
++
++ /* All RHEL machines for prior major releases are deprecated */
++ m->deprecation_reason = rhel_old_machine_deprecation;
++
++ pcmc->smbios_stream_product = "RHEL-AV";
++ pcmc->smbios_stream_version = "8.6.0";
++ compat_props_add(m->compat_props, hw_compat_rhel_8_6,
++ hw_compat_rhel_8_6_len);
++}
++
++DEFINE_PC_MACHINE(q35_rhel860, "pc-q35-rhel8.6.0", pc_q35_init_rhel860,
++ pc_q35_machine_rhel860_options);
++
++
++static void pc_q35_init_rhel850(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel850_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel860_options(m);
++ m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
++ m->alias = NULL;
++ pcmc->smbios_stream_product = "RHEL-AV";
++ pcmc->smbios_stream_version = "8.5.0";
++ compat_props_add(m->compat_props, hw_compat_rhel_8_5,
++ hw_compat_rhel_8_5_len);
++ compat_props_add(m->compat_props, pc_rhel_8_5_compat,
++ pc_rhel_8_5_compat_len);
++ m->smp_props.prefer_sockets = true;
++}
++
++DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
++ pc_q35_machine_rhel850_options);
++
++
++static void pc_q35_init_rhel840(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel840_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel850_options(m);
++ m->desc = "RHEL-8.4.0 PC (Q35 + ICH9, 2009)";
++ m->alias = NULL;
++ pcmc->smbios_stream_product = "RHEL-AV";
++ pcmc->smbios_stream_version = "8.4.0";
++ compat_props_add(m->compat_props, hw_compat_rhel_8_4,
++ hw_compat_rhel_8_4_len);
++ compat_props_add(m->compat_props, pc_rhel_8_4_compat,
++ pc_rhel_8_4_compat_len);
++}
++
++DEFINE_PC_MACHINE(q35_rhel840, "pc-q35-rhel8.4.0", pc_q35_init_rhel840,
++ pc_q35_machine_rhel840_options);
++
++
++static void pc_q35_init_rhel830(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel830_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel840_options(m);
++ m->desc = "RHEL-8.3.0 PC (Q35 + ICH9, 2009)";
++ m->alias = NULL;
++ pcmc->smbios_stream_product = "RHEL-AV";
++ pcmc->smbios_stream_version = "8.3.0";
++ compat_props_add(m->compat_props, hw_compat_rhel_8_3,
++ hw_compat_rhel_8_3_len);
++ compat_props_add(m->compat_props, pc_rhel_8_3_compat,
++ pc_rhel_8_3_compat_len);
++ /* From pc_q35_5_1_machine_options() */
++ pcmc->kvmclock_create_always = false;
++ /* From pc_q35_5_1_machine_options() */
++ pcmc->pci_root_uid = 1;
++}
++
++DEFINE_PC_MACHINE(q35_rhel830, "pc-q35-rhel8.3.0", pc_q35_init_rhel830,
++ pc_q35_machine_rhel830_options);
++
++static void pc_q35_init_rhel820(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel820_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel830_options(m);
++ m->desc = "RHEL-8.2.0 PC (Q35 + ICH9, 2009)";
++ m->alias = NULL;
++ m->numa_mem_supported = true;
++ m->auto_enable_numa_with_memdev = false;
++ pcmc->smbios_stream_product = "RHEL-AV";
++ pcmc->smbios_stream_version = "8.2.0";
++ compat_props_add(m->compat_props, hw_compat_rhel_8_2,
++ hw_compat_rhel_8_2_len);
++ compat_props_add(m->compat_props, pc_rhel_8_2_compat,
++ pc_rhel_8_2_compat_len);
++}
++
++DEFINE_PC_MACHINE(q35_rhel820, "pc-q35-rhel8.2.0", pc_q35_init_rhel820,
++ pc_q35_machine_rhel820_options);
++
++static void pc_q35_init_rhel810(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel810_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel820_options(m);
++ m->desc = "RHEL-8.1.0 PC (Q35 + ICH9, 2009)";
++ m->alias = NULL;
++ pcmc->smbios_stream_product = NULL;
++ pcmc->smbios_stream_version = NULL;
++ compat_props_add(m->compat_props, hw_compat_rhel_8_1, hw_compat_rhel_8_1_len);
++ compat_props_add(m->compat_props, pc_rhel_8_1_compat, pc_rhel_8_1_compat_len);
++}
++
++DEFINE_PC_MACHINE(q35_rhel810, "pc-q35-rhel8.1.0", pc_q35_init_rhel810,
++ pc_q35_machine_rhel810_options);
++
++static void pc_q35_init_rhel800(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel800_options(MachineClass *m)
++{
++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
++ pc_q35_machine_rhel810_options(m);
++ m->desc = "RHEL-8.0.0 PC (Q35 + ICH9, 2009)";
++ m->smbus_no_migration_support = true;
++ m->alias = NULL;
++ pcmc->pvh_enabled = false;
++ pcmc->default_cpu_version = CPU_VERSION_LEGACY;
++ compat_props_add(m->compat_props, hw_compat_rhel_8_0, hw_compat_rhel_8_0_len);
++ compat_props_add(m->compat_props, pc_rhel_8_0_compat, pc_rhel_8_0_compat_len);
++}
++
++DEFINE_PC_MACHINE(q35_rhel800, "pc-q35-rhel8.0.0", pc_q35_init_rhel800,
++ pc_q35_machine_rhel800_options);
++
++static void pc_q35_init_rhel760(MachineState *machine)
++{
++ pc_q35_init(machine);
++}
++
++static void pc_q35_machine_rhel760_options(MachineClass *m)
++{
++ pc_q35_machine_rhel800_options(m);
++ m->alias = NULL;
++ m->desc = "RHEL-7.6.0 PC (Q35 + ICH9, 2009)";
++ m->async_pf_vmexit_disable = true;
++ compat_props_add(m->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
++ compat_props_add(m->compat_props, pc_rhel_7_6_compat, pc_rhel_7_6_compat_len);
++}
++
++DEFINE_PC_MACHINE(q35_rhel760, "pc-q35-rhel7.6.0", pc_q35_init_rhel760,
++ pc_q35_machine_rhel760_options);
+diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
+index ec4176a1e0..465a2a09d2 100644
+--- a/hw/s390x/s390-virtio-ccw.c
++++ b/hw/s390x/s390-virtio-ccw.c
+@@ -1136,6 +1136,7 @@ static void ccw_machine_rhel860_instance_options(MachineState *machine)
+ static void ccw_machine_rhel860_class_options(MachineClass *mc)
+ {
+ ccw_machine_rhel900_class_options(mc);
++ compat_props_add(mc->compat_props, hw_compat_rhel_8_6, hw_compat_rhel_8_6_len);
+
+ /* All RHEL machines for prior major releases are deprecated */
+ mc->deprecation_reason = rhel_old_machine_deprecation;
+diff --git a/include/hw/boards.h b/include/hw/boards.h
+index bf59275f18..d1555665df 100644
+--- a/include/hw/boards.h
++++ b/include/hw/boards.h
+@@ -266,6 +266,8 @@ struct MachineClass {
+ strList *allowed_dynamic_sysbus_devices;
+ bool auto_enable_numa_with_memhp;
+ bool auto_enable_numa_with_memdev;
++ /* RHEL only */
++ bool async_pf_vmexit_disable;
+ bool ignore_boot_device_suffixes;
+ bool smbus_no_migration_support;
+ bool nvdimm_supported;
+@@ -449,6 +451,9 @@ extern const size_t hw_compat_2_2_len;
+ extern GlobalProperty hw_compat_2_1[];
+ extern const size_t hw_compat_2_1_len;
+
++extern GlobalProperty hw_compat_rhel_8_6[];
++extern const size_t hw_compat_rhel_8_6_len;
++
+ extern GlobalProperty hw_compat_rhel_8_5[];
+ extern const size_t hw_compat_rhel_8_5_len;
+
+diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
+index 91331059d9..419a6ec24b 100644
+--- a/include/hw/i386/pc.h
++++ b/include/hw/i386/pc.h
+@@ -289,6 +289,30 @@ extern const size_t pc_compat_1_5_len;
+ extern GlobalProperty pc_compat_1_4[];
+ extern const size_t pc_compat_1_4_len;
+
++extern GlobalProperty pc_rhel_compat[];
++extern const size_t pc_rhel_compat_len;
++
++extern GlobalProperty pc_rhel_8_5_compat[];
++extern const size_t pc_rhel_8_5_compat_len;
++
++extern GlobalProperty pc_rhel_8_4_compat[];
++extern const size_t pc_rhel_8_4_compat_len;
++
++extern GlobalProperty pc_rhel_8_3_compat[];
++extern const size_t pc_rhel_8_3_compat_len;
++
++extern GlobalProperty pc_rhel_8_2_compat[];
++extern const size_t pc_rhel_8_2_compat_len;
++
++extern GlobalProperty pc_rhel_8_1_compat[];
++extern const size_t pc_rhel_8_1_compat_len;
++
++extern GlobalProperty pc_rhel_8_0_compat[];
++extern const size_t pc_rhel_8_0_compat_len;
++
++extern GlobalProperty pc_rhel_7_6_compat[];
++extern const size_t pc_rhel_7_6_compat_len;
++
+ /* Helper for setting model-id for CPU models that changed model-id
+ * depending on QEMU versions up to QEMU 2.4.
+ */
+diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c
+index 5eb955ce9a..74c1396a93 100644
+--- a/target/i386/kvm/kvm-cpu.c
++++ b/target/i386/kvm/kvm-cpu.c
+@@ -137,6 +137,7 @@ static PropValue kvm_default_props[] = {
+ { "acpi", "off" },
+ { "monitor", "off" },
+ { "svm", "off" },
++ { "kvm-pv-unhalt", "on" },
+ { NULL, NULL },
+ };
+
+diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
+index 9cf8e03669..6d1e009443 100644
+--- a/target/i386/kvm/kvm.c
++++ b/target/i386/kvm/kvm.c
+@@ -3488,6 +3488,7 @@ static int kvm_get_msrs(X86CPU *cpu)
+ struct kvm_msr_entry *msrs = cpu->kvm_msr_buf->entries;
+ int ret, i;
+ uint64_t mtrr_top_bits;
++ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
+
+ kvm_msr_buf_reset(cpu);
+
+@@ -3822,6 +3823,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+ break;
+ case MSR_KVM_ASYNC_PF_EN:
+ env->async_pf_en_msr = msrs[i].data;
++ if (mc->async_pf_vmexit_disable) {
++ env->async_pf_en_msr &= ~(1ULL << 2);
++ }
+ break;
+ case MSR_KVM_ASYNC_PF_INT:
+ env->async_pf_int_msr = msrs[i].data;
+diff --git a/tests/qtest/pvpanic-test.c b/tests/qtest/pvpanic-test.c
+index 6dcad2db49..580c2c43d2 100644
+--- a/tests/qtest/pvpanic-test.c
++++ b/tests/qtest/pvpanic-test.c
+@@ -17,7 +17,7 @@ static void test_panic_nopause(void)
+ QDict *response, *data;
+ QTestState *qts;
+
+- qts = qtest_init("-device pvpanic -action panic=none");
++ qts = qtest_init("-M q35 -device pvpanic -action panic=none");
+
+ val = qtest_inb(qts, 0x505);
+ g_assert_cmpuint(val, ==, 3);
+@@ -40,7 +40,8 @@ static void test_panic(void)
+ QDict *response, *data;
+ QTestState *qts;
+
+- qts = qtest_init("-device pvpanic -action panic=pause");
++ /* RHEL: Use q35 */
++ qts = qtest_init("-M q35 -device pvpanic -action panic=pause");
+
+ val = qtest_inb(qts, 0x505);
+ g_assert_cmpuint(val, ==, 3);
+--
+2.31.1
+
diff --git a/SOURCES/0011-Add-x86_64-machine-types.patch b/SOURCES/0011-Add-x86_64-machine-types.patch
deleted file mode 100644
index aecc3fb..0000000
--- a/SOURCES/0011-Add-x86_64-machine-types.patch
+++ /dev/null
@@ -1,572 +0,0 @@
-From afe0cbc5cdb98998b37cf48e9a1c87a110d9fbb3 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Fri, 19 Oct 2018 13:10:31 +0200
-Subject: Add x86_64 machine types
-
-Adding changes to add RHEL machine types for x86_64 architecture.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-Rebase notes (6.1.0):
-- Update qemu64 cpu spec
-
-Merged patches (6.1.0):
-- 59c284ad3b x86: Add x86 rhel8.5 machine types
-- a8868b42fe redhat: x86: Enable 'kvm-asyncpf-int' by default
-- a3995e2eff Remove RHEL 7.0.0 machine type (only x86_64 changes)
-- ad3190a79b Remove RHEL 7.1.0 machine type (only x86_64 changes)
-- 84bbe15d4e Remove RHEL 7.2.0 machine type (only x86_64 changes)
-- 0215eb3356 Remove RHEL 7.3.0 machine types (only x86_64 changes)
-- af69d1ca6e Remove RHEL 7.4.0 machine types (only x86_64 changes)
-- 8f7a74ab78 Remove RHEL 7.5.0 machine types (only x86_64 changes)
----
- hw/i386/pc.c | 114 +++++++++++++++++++++++-
- hw/i386/pc_piix.c | 68 +++++++++++++-
- hw/i386/pc_q35.c | 177 ++++++++++++++++++++++++++++++++++++-
- include/hw/boards.h | 2 +
- include/hw/i386/pc.h | 21 +++++
- target/i386/kvm/kvm-cpu.c | 1 +
- target/i386/kvm/kvm.c | 4 +
- tests/qtest/pvpanic-test.c | 5 +-
- 8 files changed, 385 insertions(+), 7 deletions(-)
-
-diff --git a/hw/i386/pc.c b/hw/i386/pc.c
-index a2ef40ecbc..b6d2db8d04 100644
---- a/hw/i386/pc.c
-+++ b/hw/i386/pc.c
-@@ -371,6 +371,116 @@ GlobalProperty pc_compat_1_4[] = {
- };
- const size_t pc_compat_1_4_len = G_N_ELEMENTS(pc_compat_1_4);
-
-+/* This macro is for changes to properties that are RHEL specific,
-+ * different to the current upstream and to be applied to the latest
-+ * machine type.
-+ */
-+GlobalProperty pc_rhel_compat[] = {
-+ { TYPE_X86_CPU, "host-phys-bits", "on" },
-+ { TYPE_X86_CPU, "host-phys-bits-limit", "48" },
-+ { TYPE_X86_CPU, "vmx-entry-load-perf-global-ctrl", "off" },
-+ { TYPE_X86_CPU, "vmx-exit-load-perf-global-ctrl", "off" },
-+ /* bz 1508330 */
-+ { "vfio-pci", "x-no-geforce-quirks", "on" },
-+ /* bz 1941397 */
-+ { TYPE_X86_CPU, "kvm-asyncpf-int", "on" },
-+};
-+const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
-+
-+GlobalProperty pc_rhel_8_4_compat[] = {
-+ /* pc_rhel_8_4_compat from pc_compat_5_2 */
-+ { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
-+ { TYPE_X86_CPU, "kvm-asyncpf-int", "off" },
-+};
-+const size_t pc_rhel_8_4_compat_len = G_N_ELEMENTS(pc_rhel_8_4_compat);
-+
-+GlobalProperty pc_rhel_8_3_compat[] = {
-+ /* pc_rhel_8_3_compat from pc_compat_5_1 */
-+ { "ICH9-LPC", "x-smi-cpu-hotplug", "off" },
-+};
-+const size_t pc_rhel_8_3_compat_len = G_N_ELEMENTS(pc_rhel_8_3_compat);
-+
-+GlobalProperty pc_rhel_8_2_compat[] = {
-+ /* pc_rhel_8_2_compat from pc_compat_4_2 */
-+ { "mch", "smbase-smram", "off" },
-+};
-+const size_t pc_rhel_8_2_compat_len = G_N_ELEMENTS(pc_rhel_8_2_compat);
-+
-+/* pc_rhel_8_1_compat is empty since pc_4_1_compat is */
-+GlobalProperty pc_rhel_8_1_compat[] = { };
-+const size_t pc_rhel_8_1_compat_len = G_N_ELEMENTS(pc_rhel_8_1_compat);
-+
-+GlobalProperty pc_rhel_8_0_compat[] = {
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "intel-iommu", "dma-drain", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G3" "-" TYPE_X86_CPU, "rdtscp", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G4" "-" TYPE_X86_CPU, "rdtscp", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G4" "-" TYPE_X86_CPU, "npt", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G4" "-" TYPE_X86_CPU, "nrip-save", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G5" "-" TYPE_X86_CPU, "rdtscp", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G5" "-" TYPE_X86_CPU, "npt", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Opteron_G5" "-" TYPE_X86_CPU, "nrip-save", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "EPYC" "-" TYPE_X86_CPU, "npt", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "EPYC" "-" TYPE_X86_CPU, "nrip-save", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "EPYC-IBPB" "-" TYPE_X86_CPU, "npt", "off" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "EPYC-IBPB" "-" TYPE_X86_CPU, "nrip-save", "off" },
-+ /** The mpx=on entries from pc_compat_3_1 are in pc_rhel_7_6_compat **/
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { "Cascadelake-Server" "-" TYPE_X86_CPU, "stepping", "5" },
-+ /* pc_rhel_8_0_compat from pc_compat_3_1 */
-+ { TYPE_X86_CPU, "x-intel-pt-auto-level", "off" },
-+};
-+const size_t pc_rhel_8_0_compat_len = G_N_ELEMENTS(pc_rhel_8_0_compat);
-+
-+/* Similar to PC_COMPAT_3_0 + PC_COMPAT_2_12, but:
-+ * all of the 2_12 stuff was already in 7.6 from bz 1481253
-+ * x-migrate-smi-count comes from PC_COMPAT_2_11 but
-+ * is really tied to kernel version so keep it off on 7.x
-+ * machine types irrespective of host.
-+ */
-+GlobalProperty pc_rhel_7_6_compat[] = {
-+ /* pc_rhel_7_6_compat from pc_compat_3_0 */
-+ { TYPE_X86_CPU, "x-hv-synic-kvm-only", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_3_0 */
-+ { "Skylake-Server" "-" TYPE_X86_CPU, "pku", "off" },
-+ /* pc_rhel_7_6_compat from pc_compat_3_0 */
-+ { "Skylake-Server-IBRS" "-" TYPE_X86_CPU, "pku", "off" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { TYPE_X86_CPU, "x-migrate-smi-count", "off" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Skylake-Client" "-" TYPE_X86_CPU, "mpx", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Skylake-Client-IBRS" "-" TYPE_X86_CPU, "mpx", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Skylake-Server" "-" TYPE_X86_CPU, "mpx", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Skylake-Server-IBRS" "-" TYPE_X86_CPU, "mpx", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Cascadelake-Server" "-" TYPE_X86_CPU, "mpx", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Icelake-Client" "-" TYPE_X86_CPU, "mpx", "on" },
-+ /* pc_rhel_7_6_compat from pc_compat_2_11 */
-+ { "Icelake-Server" "-" TYPE_X86_CPU, "mpx", "on" },
-+};
-+const size_t pc_rhel_7_6_compat_len = G_N_ELEMENTS(pc_rhel_7_6_compat);
-+
-+/*
-+ * The PC_RHEL_*_COMPAT serve the same purpose for RHEL-7 machine
-+ * types as the PC_COMPAT_* do for upstream types.
-+ * PC_RHEL_7_*_COMPAT apply both to i440fx and q35 types.
-+ */
-+
- GSIState *pc_gsi_create(qemu_irq **irqs, bool pci_enabled)
- {
- GSIState *s;
-@@ -1694,6 +1804,7 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
- pcmc->pvh_enabled = true;
- pcmc->kvmclock_create_always = true;
- assert(!mc->get_hotplug_handler);
-+ mc->async_pf_vmexit_disable = false;
- mc->get_hotplug_handler = pc_get_hotplug_handler;
- mc->hotplug_allowed = pc_hotplug_allowed;
- mc->cpu_index_to_instance_props = x86_cpu_index_to_props;
-@@ -1704,7 +1815,8 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
- mc->has_hotpluggable_cpus = true;
- mc->default_boot_order = "cad";
- mc->block_default_type = IF_IDE;
-- mc->max_cpus = 255;
-+ /* 240: max CPU count for RHEL */
-+ mc->max_cpus = 240;
- mc->reset = pc_machine_reset;
- mc->wakeup = pc_machine_wakeup;
- hc->pre_plug = pc_machine_device_pre_plug_cb;
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index dda3f64f19..dabc6c1933 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -50,6 +50,7 @@
- #include "qapi/error.h"
- #include "qemu/error-report.h"
- #include "sysemu/xen.h"
-+#include "migration/migration.h"
- #ifdef CONFIG_XEN
- #include <xen/hvm/hvm_info_table.h>
- #include "hw/xen/xen_pt.h"
-@@ -174,8 +175,8 @@ static void pc_init1(MachineState *machine,
- if (pcmc->smbios_defaults) {
- MachineClass *mc = MACHINE_GET_CLASS(machine);
- /* These values are guest ABI, do not change */
-- smbios_set_defaults("QEMU", "Standard PC (i440FX + PIIX, 1996)",
-- mc->name, pcmc->smbios_legacy_mode,
-+ smbios_set_defaults("Red Hat", "KVM",
-+ mc->desc, pcmc->smbios_legacy_mode,
- pcmc->smbios_uuid_encoded,
- pcmc->smbios_stream_product,
- pcmc->smbios_stream_version,
-@@ -314,6 +315,7 @@ static void pc_init1(MachineState *machine,
- * hw_compat_*, pc_compat_*, or * pc_*_machine_options().
- */
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void pc_compat_2_3_fn(MachineState *machine)
- {
- X86MachineState *x86ms = X86_MACHINE(machine);
-@@ -951,3 +953,65 @@ static void xenfv_3_1_machine_options(MachineClass *m)
- DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init,
- xenfv_3_1_machine_options);
- #endif
-+#endif /* Disabled for Red Hat Enterprise Linux */
-+
-+/* Red Hat Enterprise Linux machine types */
-+
-+/* Options for the latest rhel7 machine type */
-+static void pc_machine_rhel7_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ m->family = "pc_piix_Y";
-+ m->default_machine_opts = "firmware=bios-256k.bin,hpet=off";
-+ pcmc->default_nic_model = "e1000";
-+ pcmc->pci_root_uid = 0;
-+ m->default_display = "std";
-+ m->no_parallel = 1;
-+ m->numa_mem_supported = true;
-+ m->auto_enable_numa_with_memdev = false;
-+ machine_class_allow_dynamic_sysbus_dev(m, TYPE_RAMFB_DEVICE);
-+ compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
-+ m->alias = "pc";
-+ m->is_default = 1;
-+}
-+
-+static void pc_init_rhel760(MachineState *machine)
-+{
-+ pc_init1(machine, TYPE_I440FX_PCI_HOST_BRIDGE, \
-+ TYPE_I440FX_PCI_DEVICE);
-+}
-+
-+static void pc_machine_rhel760_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_machine_rhel7_options(m);
-+ m->desc = "RHEL 7.6.0 PC (i440FX + PIIX, 1996)";
-+ m->async_pf_vmexit_disable = true;
-+ m->smbus_no_migration_support = true;
-+ pcmc->pvh_enabled = false;
-+ pcmc->default_cpu_version = CPU_VERSION_LEGACY;
-+ pcmc->kvmclock_create_always = false;
-+ /* From pc_i440fx_5_1_machine_options() */
-+ pcmc->pci_root_uid = 1;
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_4,
-+ hw_compat_rhel_8_4_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_4_compat,
-+ pc_rhel_8_4_compat_len);
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_3,
-+ hw_compat_rhel_8_3_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_3_compat,
-+ pc_rhel_8_3_compat_len);
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_2,
-+ hw_compat_rhel_8_2_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_2_compat,
-+ pc_rhel_8_2_compat_len);
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_1, hw_compat_rhel_8_1_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_1_compat, pc_rhel_8_1_compat_len);
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_0, hw_compat_rhel_8_0_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_0_compat, pc_rhel_8_0_compat_len);
-+ compat_props_add(m->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
-+ compat_props_add(m->compat_props, pc_rhel_7_6_compat, pc_rhel_7_6_compat_len);
-+}
-+
-+DEFINE_PC_MACHINE(rhel760, "pc-i440fx-rhel7.6.0", pc_init_rhel760,
-+ pc_machine_rhel760_options);
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 235054a643..04c911da18 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -197,8 +197,8 @@ static void pc_q35_init(MachineState *machine)
-
- if (pcmc->smbios_defaults) {
- /* These values are guest ABI, do not change */
-- smbios_set_defaults("QEMU", "Standard PC (Q35 + ICH9, 2009)",
-- mc->name, pcmc->smbios_legacy_mode,
-+ smbios_set_defaults("Red Hat", "KVM",
-+ mc->desc, pcmc->smbios_legacy_mode,
- pcmc->smbios_uuid_encoded,
- pcmc->smbios_stream_product,
- pcmc->smbios_stream_version,
-@@ -342,6 +342,7 @@ static void pc_q35_init(MachineState *machine)
- DEFINE_PC_MACHINE(suffix, name, pc_init_##suffix, optionfn)
-
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void pc_q35_machine_options(MachineClass *m)
- {
- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-@@ -620,3 +621,175 @@ static void pc_q35_2_4_machine_options(MachineClass *m)
-
- DEFINE_Q35_MACHINE(v2_4, "pc-q35-2.4", NULL,
- pc_q35_2_4_machine_options);
-+#endif /* Disabled for Red Hat Enterprise Linux */
-+
-+/* Red Hat Enterprise Linux machine types */
-+
-+/* Options for the latest rhel q35 machine type */
-+static void pc_q35_machine_rhel_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pcmc->default_nic_model = "e1000e";
-+ pcmc->pci_root_uid = 0;
-+ m->family = "pc_q35_Z";
-+ m->units_per_default_bus = 1;
-+ m->default_machine_opts = "firmware=bios-256k.bin,hpet=off";
-+ m->default_display = "std";
-+ m->no_floppy = 1;
-+ m->no_parallel = 1;
-+ pcmc->default_cpu_version = 1;
-+ machine_class_allow_dynamic_sysbus_dev(m, TYPE_AMD_IOMMU_DEVICE);
-+ machine_class_allow_dynamic_sysbus_dev(m, TYPE_INTEL_IOMMU_DEVICE);
-+ machine_class_allow_dynamic_sysbus_dev(m, TYPE_RAMFB_DEVICE);
-+ m->alias = "q35";
-+ m->max_cpus = 710;
-+ compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
-+}
-+
-+static void pc_q35_init_rhel850(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel850_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel_options(m);
-+ m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
-+ pcmc->smbios_stream_product = "RHEL-AV";
-+ pcmc->smbios_stream_version = "8.5.0";
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
-+ pc_q35_machine_rhel850_options);
-+
-+
-+static void pc_q35_init_rhel840(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel840_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel850_options(m);
-+ m->desc = "RHEL-8.4.0 PC (Q35 + ICH9, 2009)";
-+ m->alias = NULL;
-+ pcmc->smbios_stream_product = "RHEL-AV";
-+ pcmc->smbios_stream_version = "8.4.0";
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_4,
-+ hw_compat_rhel_8_4_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_4_compat,
-+ pc_rhel_8_4_compat_len);
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel840, "pc-q35-rhel8.4.0", pc_q35_init_rhel840,
-+ pc_q35_machine_rhel840_options);
-+
-+
-+static void pc_q35_init_rhel830(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel830_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel840_options(m);
-+ m->desc = "RHEL-8.3.0 PC (Q35 + ICH9, 2009)";
-+ pcmc->smbios_stream_product = "RHEL-AV";
-+ pcmc->smbios_stream_version = "8.3.0";
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_3,
-+ hw_compat_rhel_8_3_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_3_compat,
-+ pc_rhel_8_3_compat_len);
-+ /* From pc_q35_5_1_machine_options() */
-+ pcmc->kvmclock_create_always = false;
-+ /* From pc_q35_5_1_machine_options() */
-+ pcmc->pci_root_uid = 1;
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel830, "pc-q35-rhel8.3.0", pc_q35_init_rhel830,
-+ pc_q35_machine_rhel830_options);
-+
-+static void pc_q35_init_rhel820(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel820_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel830_options(m);
-+ m->desc = "RHEL-8.2.0 PC (Q35 + ICH9, 2009)";
-+ m->numa_mem_supported = true;
-+ m->auto_enable_numa_with_memdev = false;
-+ pcmc->smbios_stream_product = "RHEL-AV";
-+ pcmc->smbios_stream_version = "8.2.0";
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_2,
-+ hw_compat_rhel_8_2_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_2_compat,
-+ pc_rhel_8_2_compat_len);
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel820, "pc-q35-rhel8.2.0", pc_q35_init_rhel820,
-+ pc_q35_machine_rhel820_options);
-+
-+static void pc_q35_init_rhel810(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel810_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel820_options(m);
-+ m->desc = "RHEL-8.1.0 PC (Q35 + ICH9, 2009)";
-+ m->alias = NULL;
-+ pcmc->smbios_stream_product = NULL;
-+ pcmc->smbios_stream_version = NULL;
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_1, hw_compat_rhel_8_1_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_1_compat, pc_rhel_8_1_compat_len);
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel810, "pc-q35-rhel8.1.0", pc_q35_init_rhel810,
-+ pc_q35_machine_rhel810_options);
-+
-+static void pc_q35_init_rhel800(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel800_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel810_options(m);
-+ m->desc = "RHEL-8.0.0 PC (Q35 + ICH9, 2009)";
-+ m->smbus_no_migration_support = true;
-+ m->alias = NULL;
-+ pcmc->pvh_enabled = false;
-+ pcmc->default_cpu_version = CPU_VERSION_LEGACY;
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_0, hw_compat_rhel_8_0_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_0_compat, pc_rhel_8_0_compat_len);
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel800, "pc-q35-rhel8.0.0", pc_q35_init_rhel800,
-+ pc_q35_machine_rhel800_options);
-+
-+static void pc_q35_init_rhel760(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel760_options(MachineClass *m)
-+{
-+ pc_q35_machine_rhel800_options(m);
-+ m->alias = NULL;
-+ m->desc = "RHEL-7.6.0 PC (Q35 + ICH9, 2009)";
-+ m->async_pf_vmexit_disable = true;
-+ compat_props_add(m->compat_props, hw_compat_rhel_7_6, hw_compat_rhel_7_6_len);
-+ compat_props_add(m->compat_props, pc_rhel_7_6_compat, pc_rhel_7_6_compat_len);
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel760, "pc-q35-rhel7.6.0", pc_q35_init_rhel760,
-+ pc_q35_machine_rhel760_options);
-diff --git a/include/hw/boards.h b/include/hw/boards.h
-index b0a6e05b48..3c3d2ad450 100644
---- a/include/hw/boards.h
-+++ b/include/hw/boards.h
-@@ -263,6 +263,8 @@ struct MachineClass {
- strList *allowed_dynamic_sysbus_devices;
- bool auto_enable_numa_with_memhp;
- bool auto_enable_numa_with_memdev;
-+ /* RHEL only */
-+ bool async_pf_vmexit_disable;
- bool ignore_boot_device_suffixes;
- bool smbus_no_migration_support;
- bool nvdimm_supported;
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index 7ccc9a1a07..9689a58b14 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -280,6 +280,27 @@ extern const size_t pc_compat_1_5_len;
- extern GlobalProperty pc_compat_1_4[];
- extern const size_t pc_compat_1_4_len;
-
-+extern GlobalProperty pc_rhel_compat[];
-+extern const size_t pc_rhel_compat_len;
-+
-+extern GlobalProperty pc_rhel_8_4_compat[];
-+extern const size_t pc_rhel_8_4_compat_len;
-+
-+extern GlobalProperty pc_rhel_8_3_compat[];
-+extern const size_t pc_rhel_8_3_compat_len;
-+
-+extern GlobalProperty pc_rhel_8_2_compat[];
-+extern const size_t pc_rhel_8_2_compat_len;
-+
-+extern GlobalProperty pc_rhel_8_1_compat[];
-+extern const size_t pc_rhel_8_1_compat_len;
-+
-+extern GlobalProperty pc_rhel_8_0_compat[];
-+extern const size_t pc_rhel_8_0_compat_len;
-+
-+extern GlobalProperty pc_rhel_7_6_compat[];
-+extern const size_t pc_rhel_7_6_compat_len;
-+
- /* Helper for setting model-id for CPU models that changed model-id
- * depending on QEMU versions up to QEMU 2.4.
- */
-diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c
-index d95028018e..7b004065ae 100644
---- a/target/i386/kvm/kvm-cpu.c
-+++ b/target/i386/kvm/kvm-cpu.c
-@@ -131,6 +131,7 @@ static PropValue kvm_default_props[] = {
- { "acpi", "off" },
- { "monitor", "off" },
- { "svm", "off" },
-+ { "kvm-pv-unhalt", "on" },
- { NULL, NULL },
- };
-
-diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
-index 5a698bde19..a668f521ac 100644
---- a/target/i386/kvm/kvm.c
-+++ b/target/i386/kvm/kvm.c
-@@ -3336,6 +3336,7 @@ static int kvm_get_msrs(X86CPU *cpu)
- struct kvm_msr_entry *msrs = cpu->kvm_msr_buf->entries;
- int ret, i;
- uint64_t mtrr_top_bits;
-+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
-
- kvm_msr_buf_reset(cpu);
-
-@@ -3665,6 +3666,9 @@ static int kvm_get_msrs(X86CPU *cpu)
- break;
- case MSR_KVM_ASYNC_PF_EN:
- env->async_pf_en_msr = msrs[i].data;
-+ if (mc->async_pf_vmexit_disable) {
-+ env->async_pf_en_msr &= ~(1ULL << 2);
-+ }
- break;
- case MSR_KVM_ASYNC_PF_INT:
- env->async_pf_int_msr = msrs[i].data;
-diff --git a/tests/qtest/pvpanic-test.c b/tests/qtest/pvpanic-test.c
-index 6dcad2db49..580c2c43d2 100644
---- a/tests/qtest/pvpanic-test.c
-+++ b/tests/qtest/pvpanic-test.c
-@@ -17,7 +17,7 @@ static void test_panic_nopause(void)
- QDict *response, *data;
- QTestState *qts;
-
-- qts = qtest_init("-device pvpanic -action panic=none");
-+ qts = qtest_init("-M q35 -device pvpanic -action panic=none");
-
- val = qtest_inb(qts, 0x505);
- g_assert_cmpuint(val, ==, 3);
-@@ -40,7 +40,8 @@ static void test_panic(void)
- QDict *response, *data;
- QTestState *qts;
-
-- qts = qtest_init("-device pvpanic -action panic=pause");
-+ /* RHEL: Use q35 */
-+ qts = qtest_init("-M q35 -device pvpanic -action panic=pause");
-
- val = qtest_inb(qts, 0x505);
- g_assert_cmpuint(val, ==, 3);
---
-2.27.0
-
diff --git a/SOURCES/0011-Enable-make-check.patch b/SOURCES/0011-Enable-make-check.patch
new file mode 100644
index 0000000..832b38d
--- /dev/null
+++ b/SOURCES/0011-Enable-make-check.patch
@@ -0,0 +1,186 @@
+From 5e419e5e0a721bdbbfa6d9b82c8be5c5b3d26a01 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Wed, 2 Sep 2020 09:39:41 +0200
+Subject: Enable make check
+
+Fixing tests after device disabling and machine types changes and enabling
+make check run during build.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+Rebase changes (6.1.0):
+- removed unnecessary test changes
+
+Rebase changes (6.2.0):
+- new way of disabling bios-table-test
+
+Rebase changes (7.0.0):
+- Disable testing virtio-iommu-pci
+- Rename default_bus_bypass_iommu property to default-bus-bypass-iommu
+- Disable qtest-bios-table for aarch64
+- Removed redhat chunks for boot-serial-test.c, cdrom-test.c and cpu-plug-test.c qtests
+- Do not disable boot-order-test, prom-env-test and boot-serial-test qtests
+- Use rhel machine type for new intel hda qtest
+- Remove unnecessary changes in iotest 051
+- Remove changes in bios-tables-test.c and prom-env-test.c qtests
+
+Merged patches (6.1.0):
+- 2f129df7d3 redhat: Enable the 'test-block-iothread' test again
+---
+ .distro/qemu-kvm.spec.template | 5 ++---
+ tests/qtest/fuzz-e1000e-test.c | 2 +-
+ tests/qtest/fuzz-virtio-scsi-test.c | 2 +-
+ tests/qtest/intel-hda-test.c | 2 +-
+ tests/qtest/libqos/meson.build | 2 +-
+ tests/qtest/lpc-ich9-test.c | 2 +-
+ tests/qtest/meson.build | 4 ----
+ tests/qtest/usb-hcd-xhci-test.c | 4 ++++
+ tests/qtest/virtio-net-failover.c | 1 +
+ 9 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/tests/qtest/fuzz-e1000e-test.c b/tests/qtest/fuzz-e1000e-test.c
+index 66229e6096..947fba73b7 100644
+--- a/tests/qtest/fuzz-e1000e-test.c
++++ b/tests/qtest/fuzz-e1000e-test.c
+@@ -17,7 +17,7 @@ static void test_lp1879531_eth_get_rss_ex_dst_addr(void)
+ {
+ QTestState *s;
+
+- s = qtest_init("-nographic -monitor none -serial none -M pc-q35-5.0");
++ s = qtest_init("-nographic -monitor none -serial none -M pc-q35-rhel8.4.0");
+
+ qtest_outl(s, 0xcf8, 0x80001010);
+ qtest_outl(s, 0xcfc, 0xe1020000);
+diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c
+index aaf6d10e18..43727d62ac 100644
+--- a/tests/qtest/fuzz-virtio-scsi-test.c
++++ b/tests/qtest/fuzz-virtio-scsi-test.c
+@@ -19,7 +19,7 @@ static void test_mmio_oob_from_memory_region_cache(void)
+ {
+ QTestState *s;
+
+- s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
++ s = qtest_init("-M pc-q35-rhel8.4.0 -display none -m 512M "
+ "-device virtio-scsi,num_queues=8,addr=03.0 ");
+
+ qtest_outl(s, 0xcf8, 0x80001811);
+diff --git a/tests/qtest/intel-hda-test.c b/tests/qtest/intel-hda-test.c
+index a58c98e4d1..c8387e39ce 100644
+--- a/tests/qtest/intel-hda-test.c
++++ b/tests/qtest/intel-hda-test.c
+@@ -38,7 +38,7 @@ static void test_issue542_ich6(void)
+ {
+ QTestState *s;
+
+- s = qtest_init("-nographic -nodefaults -M pc-q35-6.2 "
++ s = qtest_init("-nographic -nodefaults -M pc-q35-rhel9.0.0 "
+ "-device intel-hda,id=" HDA_ID CODEC_DEVICES);
+
+ qtest_outl(s, 0xcf8, 0x80000804);
+diff --git a/tests/qtest/libqos/meson.build b/tests/qtest/libqos/meson.build
+index e988d15791..46f7dcb81a 100644
+--- a/tests/qtest/libqos/meson.build
++++ b/tests/qtest/libqos/meson.build
+@@ -41,7 +41,7 @@ libqos_srcs = files('../libqtest.c',
+ 'virtio-rng.c',
+ 'virtio-scsi.c',
+ 'virtio-serial.c',
+- 'virtio-iommu.c',
++# 'virtio-iommu.c',
+
+ # qgraph machines:
+ 'aarch64-xlnx-zcu102-machine.c',
+diff --git a/tests/qtest/lpc-ich9-test.c b/tests/qtest/lpc-ich9-test.c
+index fe0bef9980..7a9d51579b 100644
+--- a/tests/qtest/lpc-ich9-test.c
++++ b/tests/qtest/lpc-ich9-test.c
+@@ -15,7 +15,7 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void)
+ {
+ QTestState *s;
+
+- s = qtest_init("-M pc-q35-5.0 "
++ s = qtest_init("-M pc-q35-rhel8.4.0 "
+ "-nographic -monitor none -serial none");
+
+ qtest_outl(s, 0xcf8, 0x8000f840); /* PMBASE */
+diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
+index d25f82bb5a..67cd32def1 100644
+--- a/tests/qtest/meson.build
++++ b/tests/qtest/meson.build
+@@ -73,7 +73,6 @@ qtests_i386 = \
+ config_all_devices.has_key('CONFIG_Q35') and \
+ config_all_devices.has_key('CONFIG_VIRTIO_PCI') and \
+ slirp.found() ? ['virtio-net-failover'] : []) + \
+- (unpack_edk2_blobs ? ['bios-tables-test'] : []) + \
+ qtests_pci + \
+ ['fdc-test',
+ 'ide-test',
+@@ -86,7 +85,6 @@ qtests_i386 = \
+ 'drive_del-test',
+ 'tco-test',
+ 'cpu-plug-test',
+- 'q35-test',
+ 'vmgenid-test',
+ 'migration-test',
+ 'test-x86-cpuid-compat',
+@@ -216,7 +214,6 @@ qtests_arm = \
+
+ # TODO: once aarch64 TCG is fixed on ARM 32 bit host, make bios-tables-test unconditional
+ qtests_aarch64 = \
+- (cpu != 'arm' and unpack_edk2_blobs ? ['bios-tables-test'] : []) + \
+ (config_all_devices.has_key('CONFIG_TPM_TIS_SYSBUS') ? ['tpm-tis-device-test'] : []) + \
+ (config_all_devices.has_key('CONFIG_TPM_TIS_SYSBUS') ? ['tpm-tis-device-swtpm-test'] : []) + \
+ (config_all_devices.has_key('CONFIG_XLNX_ZYNQMP_ARM') ? ['xlnx-can-test', 'fuzz-xlnx-dp-test'] : []) + \
+@@ -231,7 +228,6 @@ qtests_s390x = \
+ (config_host.has_key('CONFIG_POSIX') ? ['test-filter-redirector'] : []) + \
+ ['boot-serial-test',
+ 'drive_del-test',
+- 'device-plug-test',
+ 'virtio-ccw-test',
+ 'cpu-plug-test',
+ 'migration-test']
+diff --git a/tests/qtest/usb-hcd-xhci-test.c b/tests/qtest/usb-hcd-xhci-test.c
+index 10ef9d2a91..3855873050 100644
+--- a/tests/qtest/usb-hcd-xhci-test.c
++++ b/tests/qtest/usb-hcd-xhci-test.c
+@@ -21,6 +21,7 @@ static void test_xhci_hotplug(void)
+ usb_test_hotplug(global_qtest, "xhci", "1", NULL);
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void test_usb_uas_hotplug(void)
+ {
+ QTestState *qts = global_qtest;
+@@ -36,6 +37,7 @@ static void test_usb_uas_hotplug(void)
+ qtest_qmp_device_del(qts, "scsihd");
+ qtest_qmp_device_del(qts, "uas");
+ }
++#endif
+
+ static void test_usb_ccid_hotplug(void)
+ {
+@@ -56,7 +58,9 @@ int main(int argc, char **argv)
+
+ qtest_add_func("/xhci/pci/init", test_xhci_init);
+ qtest_add_func("/xhci/pci/hotplug", test_xhci_hotplug);
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ qtest_add_func("/xhci/pci/hotplug/usb-uas", test_usb_uas_hotplug);
++#endif
+ qtest_add_func("/xhci/pci/hotplug/usb-ccid", test_usb_ccid_hotplug);
+
+ qtest_start("-device nec-usb-xhci,id=xhci"
+diff --git a/tests/qtest/virtio-net-failover.c b/tests/qtest/virtio-net-failover.c
+index 78811f1c92..44de8af00c 100644
+--- a/tests/qtest/virtio-net-failover.c
++++ b/tests/qtest/virtio-net-failover.c
+@@ -25,6 +25,7 @@
+ #define PCI_SEL_BASE 0x0010
+
+ #define BASE_MACHINE "-M q35 -nodefaults " \
++ "-global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=on " \
+ "-device pcie-root-port,id=root0,addr=0x1,bus=pcie.0,chassis=1 " \
+ "-device pcie-root-port,id=root1,addr=0x2,bus=pcie.0,chassis=2 "
+
+--
+2.31.1
+
diff --git a/SOURCES/0012-Enable-make-check.patch b/SOURCES/0012-Enable-make-check.patch
deleted file mode 100644
index 4cd1ecc..0000000
--- a/SOURCES/0012-Enable-make-check.patch
+++ /dev/null
@@ -1,376 +0,0 @@
-From b071f3eaa77dde1567d70b43d0b2975efe380da2 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Wed, 2 Sep 2020 09:39:41 +0200
-Subject: Enable make check
-
-Fixing tests after device disabling and machine types changes and enabling
-make check run during build.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
-Rebase changes (6.1.0):
-- removed unnecessary test changes
-
-Rebase changes (6.2.0 RC0):
-- new way of disabling bios-table-test
-
-Merged patches (6.1.0):
-- 2f129df7d3 redhat: Enable the 'test-block-iothread' test again
----
- .distro/qemu-kvm.spec.template | 5 ++---
- tests/qemu-iotests/051 | 8 ++++----
- tests/qtest/bios-tables-test.c | 6 +++---
- tests/qtest/boot-serial-test.c | 6 +++++-
- tests/qtest/cdrom-test.c | 4 ++++
- tests/qtest/cpu-plug-test.c | 4 ++--
- tests/qtest/fuzz-e1000e-test.c | 2 +-
- tests/qtest/fuzz-virtio-scsi-test.c | 2 +-
- tests/qtest/hd-geo-test.c | 4 ++++
- tests/qtest/lpc-ich9-test.c | 2 +-
- tests/qtest/meson.build | 13 ++++---------
- tests/qtest/prom-env-test.c | 4 ++++
- tests/qtest/test-x86-cpuid-compat.c | 2 ++
- tests/qtest/usb-hcd-xhci-test.c | 4 ++++
- 14 files changed, 41 insertions(+), 25 deletions(-)
-
-diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
-index 1d2fa93a11..c8a2815f54 100755
---- a/tests/qemu-iotests/051
-+++ b/tests/qemu-iotests/051
-@@ -174,9 +174,9 @@ run_qemu -drive if=virtio
- case "$QEMU_DEFAULT_MACHINE" in
- pc)
- run_qemu -drive if=none,id=disk -device ide-cd,drive=disk
-- run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-cd,drive=disk
-+# run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-cd,drive=disk
- run_qemu -drive if=none,id=disk -device ide-hd,drive=disk
-- run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-hd,drive=disk
-+# run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-hd,drive=disk
- ;;
- *)
- ;;
-@@ -225,9 +225,9 @@ run_qemu -drive file="$TEST_IMG",if=virtio,readonly=on
- case "$QEMU_DEFAULT_MACHINE" in
- pc)
- run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device ide-cd,drive=disk
-- run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-cd,drive=disk
-+# run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-cd,drive=disk
- run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device ide-hd,drive=disk
-- run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-hd,drive=disk
-+# run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device lsi53c895a -device scsi-hd,drive=disk
- ;;
- *)
- ;;
-diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
-index 258874167e..62745181a8 100644
---- a/tests/qtest/bios-tables-test.c
-+++ b/tests/qtest/bios-tables-test.c
-@@ -1371,7 +1371,7 @@ static void test_acpi_virt_tcg_numamem(void)
- free_test_data(&data);
-
- }
--
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void test_acpi_virt_tcg_pxb(void)
- {
- test_data data = {
-@@ -1403,7 +1403,7 @@ static void test_acpi_virt_tcg_pxb(void)
-
- free_test_data(&data);
- }
--
-+#endif
- static void test_acpi_tcg_acpi_hmat(const char *machine)
- {
- test_data data;
-@@ -1644,7 +1644,7 @@ int main(int argc, char *argv[])
- qtest_add_func("acpi/virt", test_acpi_virt_tcg);
- qtest_add_func("acpi/virt/numamem", test_acpi_virt_tcg_numamem);
- qtest_add_func("acpi/virt/memhp", test_acpi_virt_tcg_memhp);
-- qtest_add_func("acpi/virt/pxb", test_acpi_virt_tcg_pxb);
-+/* qtest_add_func("acpi/virt/pxb", test_acpi_virt_tcg_pxb); */
- qtest_add_func("acpi/virt/oem-fields", test_acpi_oem_fields_virt);
- }
- }
-diff --git a/tests/qtest/boot-serial-test.c b/tests/qtest/boot-serial-test.c
-index 83828ba270..294476b959 100644
---- a/tests/qtest/boot-serial-test.c
-+++ b/tests/qtest/boot-serial-test.c
-@@ -148,19 +148,23 @@ static testdef_t tests[] = {
- { "ppc", "g3beige", "", "PowerPC,750" },
- { "ppc", "mac99", "", "PowerPC,G4" },
- { "ppc", "sam460ex", "-m 256", "DRAM: 256 MiB" },
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- { "ppc64", "ppce500", "", "U-Boot" },
- { "ppc64", "40p", "-m 192", "Memory: 192M" },
- { "ppc64", "mac99", "", "PowerPC,970FX" },
-+#endif
- { "ppc64", "pseries",
- "-machine " PSERIES_DEFAULT_CAPABILITIES,
- "Open Firmware" },
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- { "ppc64", "powernv8", "", "OPAL" },
- { "ppc64", "powernv9", "", "OPAL" },
- { "ppc64", "sam460ex", "-device e1000", "8086 100e" },
-+#endif
- { "i386", "isapc", "-cpu qemu32 -device sga", "SGABIOS" },
- { "i386", "pc", "-device sga", "SGABIOS" },
- { "i386", "q35", "-device sga", "SGABIOS" },
-- { "x86_64", "isapc", "-cpu qemu32 -device sga", "SGABIOS" },
-+ { "x86_64", "pc", "-cpu qemu32 -device sga", "SGABIOS" },
- { "x86_64", "q35", "-device sga", "SGABIOS" },
- { "sparc", "LX", "", "TMS390S10" },
- { "sparc", "SS-4", "", "MB86904" },
-diff --git a/tests/qtest/cdrom-test.c b/tests/qtest/cdrom-test.c
-index 5af944a5fb..69d9bac38a 100644
---- a/tests/qtest/cdrom-test.c
-+++ b/tests/qtest/cdrom-test.c
-@@ -140,6 +140,7 @@ static void add_x86_tests(void)
- qtest_add_data_func("cdrom/boot/isapc", "-M isapc "
- "-drive if=ide,media=cdrom,file=", test_cdboot);
- }
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- qtest_add_data_func("cdrom/boot/am53c974",
- "-device am53c974 -device scsi-cd,drive=cd1 "
- "-drive if=none,id=cd1,format=raw,file=", test_cdboot);
-@@ -155,6 +156,7 @@ static void add_x86_tests(void)
- qtest_add_data_func("cdrom/boot/megasas-gen2", "-M q35 "
- "-device megasas-gen2 -device scsi-cd,drive=cd1 "
- "-blockdev file,node-name=cd1,filename=", test_cdboot);
-+#endif
- }
-
- static void add_s390x_tests(void)
-@@ -220,6 +222,7 @@ int main(int argc, char **argv)
- "magnum", "malta", "pica61", NULL
- };
- add_cdrom_param_tests(mips64machines);
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- } else if (g_str_equal(arch, "arm") || g_str_equal(arch, "aarch64")) {
- const char *armmachines[] = {
- "realview-eb", "realview-eb-mpcore", "realview-pb-a8",
-@@ -227,6 +230,7 @@ int main(int argc, char **argv)
- "vexpress-a9", "virt", NULL
- };
- add_cdrom_param_tests(armmachines);
-+#endif
- } else {
- const char *nonemachine[] = { "none", NULL };
- add_cdrom_param_tests(nonemachine);
-diff --git a/tests/qtest/cpu-plug-test.c b/tests/qtest/cpu-plug-test.c
-index a1c689414b..a8f076711c 100644
---- a/tests/qtest/cpu-plug-test.c
-+++ b/tests/qtest/cpu-plug-test.c
-@@ -110,8 +110,8 @@ static void add_pseries_test_case(const char *mname)
- char *path;
- PlugTestData *data;
-
-- if (!g_str_has_prefix(mname, "pseries-") ||
-- (g_str_has_prefix(mname, "pseries-2.") && atoi(&mname[10]) < 7)) {
-+ if (!g_str_has_prefix(mname, "pseries-rhel") ||
-+ (g_str_has_prefix(mname, "pseries-rhel7.") && atoi(&mname[14]) < 4)) {
- return;
- }
- data = g_new(PlugTestData, 1);
-diff --git a/tests/qtest/fuzz-e1000e-test.c b/tests/qtest/fuzz-e1000e-test.c
-index 66229e6096..947fba73b7 100644
---- a/tests/qtest/fuzz-e1000e-test.c
-+++ b/tests/qtest/fuzz-e1000e-test.c
-@@ -17,7 +17,7 @@ static void test_lp1879531_eth_get_rss_ex_dst_addr(void)
- {
- QTestState *s;
-
-- s = qtest_init("-nographic -monitor none -serial none -M pc-q35-5.0");
-+ s = qtest_init("-nographic -monitor none -serial none -M pc-q35-rhel8.4.0");
-
- qtest_outl(s, 0xcf8, 0x80001010);
- qtest_outl(s, 0xcfc, 0xe1020000);
-diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c
-index aaf6d10e18..43727d62ac 100644
---- a/tests/qtest/fuzz-virtio-scsi-test.c
-+++ b/tests/qtest/fuzz-virtio-scsi-test.c
-@@ -19,7 +19,7 @@ static void test_mmio_oob_from_memory_region_cache(void)
- {
- QTestState *s;
-
-- s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
-+ s = qtest_init("-M pc-q35-rhel8.4.0 -display none -m 512M "
- "-device virtio-scsi,num_queues=8,addr=03.0 ");
-
- qtest_outl(s, 0xcf8, 0x80001811);
-diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c
-index 113126ae06..999ef2aace 100644
---- a/tests/qtest/hd-geo-test.c
-+++ b/tests/qtest/hd-geo-test.c
-@@ -737,6 +737,7 @@ static void test_override_ide(void)
- test_override(args, expected);
- }
-
-+#if 0 /* Require lsi53c895a - not supported on RHEL */
- static void test_override_scsi(void)
- {
- TestArgs *args = create_args();
-@@ -781,6 +782,7 @@ static void test_override_scsi_2_controllers(void)
- add_scsi_disk(args, 3, 1, 0, 1, 2, 0, 1, 0);
- test_override(args, expected);
- }
-+#endif
-
- static void test_override_virtio_blk(void)
- {
-@@ -960,9 +962,11 @@ int main(int argc, char **argv)
- qtest_add_func("hd-geo/ide/device/user/chst", test_ide_device_user_chst);
- if (have_qemu_img()) {
- qtest_add_func("hd-geo/override/ide", test_override_ide);
-+#if 0 /* Require lsi53c895a - not supported on RHEL */
- qtest_add_func("hd-geo/override/scsi", test_override_scsi);
- qtest_add_func("hd-geo/override/scsi_2_controllers",
- test_override_scsi_2_controllers);
-+#endif
- qtest_add_func("hd-geo/override/virtio_blk", test_override_virtio_blk);
- qtest_add_func("hd-geo/override/zero_chs", test_override_zero_chs);
- qtest_add_func("hd-geo/override/scsi_hot_unplug",
-diff --git a/tests/qtest/lpc-ich9-test.c b/tests/qtest/lpc-ich9-test.c
-index fe0bef9980..7a9d51579b 100644
---- a/tests/qtest/lpc-ich9-test.c
-+++ b/tests/qtest/lpc-ich9-test.c
-@@ -15,7 +15,7 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void)
- {
- QTestState *s;
-
-- s = qtest_init("-M pc-q35-5.0 "
-+ s = qtest_init("-M pc-q35-rhel8.4.0 "
- "-nographic -monitor none -serial none");
-
- qtest_outl(s, 0xcf8, 0x8000f840); /* PMBASE */
-diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
-index c9d8458062..049e06c057 100644
---- a/tests/qtest/meson.build
-+++ b/tests/qtest/meson.build
-@@ -68,7 +68,6 @@ qtests_i386 = \
- (config_all_devices.has_key('CONFIG_RTL8139_PCI') ? ['rtl8139-test'] : []) + \
- (config_all_devices.has_key('CONFIG_E1000E_PCI_EXPRESS') ? ['fuzz-e1000e-test'] : []) + \
- (config_all_devices.has_key('CONFIG_ESP_PCI') ? ['am53c974-test'] : []) + \
-- (unpack_edk2_blobs ? ['bios-tables-test'] : []) + \
- qtests_pci + \
- ['fdc-test',
- 'ide-test',
-@@ -81,7 +80,6 @@ qtests_i386 = \
- 'drive_del-test',
- 'tco-test',
- 'cpu-plug-test',
-- 'q35-test',
- 'vmgenid-test',
- 'migration-test',
- 'test-x86-cpuid-compat',
-@@ -130,17 +128,15 @@ qtests_mips64el = \
-
- qtests_ppc = \
- (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : []) + \
-- (config_all_devices.has_key('CONFIG_M48T59') ? ['m48t59-test'] : []) + \
-- ['boot-order-test', 'prom-env-test', 'boot-serial-test'] \
-+ (config_all_devices.has_key('CONFIG_M48T59') ? ['m48t59-test'] : [])
-
- qtests_ppc64 = \
- (config_all_devices.has_key('CONFIG_PSERIES') ? ['device-plug-test'] : []) + \
- (config_all_devices.has_key('CONFIG_POWERNV') ? ['pnv-xscom-test'] : []) + \
- (config_all_devices.has_key('CONFIG_PSERIES') ? ['rtas-test'] : []) + \
-- (slirp.found() ? ['pxe-test', 'test-netfilter'] : []) + \
-+ (slirp.found() ? ['pxe-test'] : []) + \
- (config_all_devices.has_key('CONFIG_USB_UHCI') ? ['usb-hcd-uhci-test'] : []) + \
- (config_all_devices.has_key('CONFIG_USB_XHCI_NEC') ? ['usb-hcd-xhci-test'] : []) + \
-- (config_host.has_key('CONFIG_POSIX') ? ['test-filter-mirror'] : []) + \
- qtests_pci + ['migration-test', 'numa-test', 'cpu-plug-test', 'drive_del-test']
-
- qtests_sh4 = (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : [])
-@@ -186,8 +182,8 @@ qtests_aarch64 = \
- ['arm-cpu-features',
- 'numa-test',
- 'boot-serial-test',
-- 'xlnx-can-test',
-- 'fuzz-xlnx-dp-test',
-+# 'xlnx-can-test',
-+# 'fuzz-xlnx-dp-test',
- 'migration-test']
-
- qtests_s390x = \
-@@ -196,7 +192,6 @@ qtests_s390x = \
- (config_host.has_key('CONFIG_POSIX') ? ['test-filter-redirector'] : []) + \
- ['boot-serial-test',
- 'drive_del-test',
-- 'device-plug-test',
- 'virtio-ccw-test',
- 'cpu-plug-test',
- 'migration-test']
-diff --git a/tests/qtest/prom-env-test.c b/tests/qtest/prom-env-test.c
-index f41d80154a..f8dc478ce8 100644
---- a/tests/qtest/prom-env-test.c
-+++ b/tests/qtest/prom-env-test.c
-@@ -89,10 +89,14 @@ int main(int argc, char *argv[])
- if (!strcmp(arch, "ppc")) {
- add_tests(ppc_machines);
- } else if (!strcmp(arch, "ppc64")) {
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- add_tests(ppc_machines);
- if (g_test_slow()) {
-+#endif
- qtest_add_data_func("prom-env/pseries", "pseries", test_machine);
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- }
-+#endif
- } else if (!strcmp(arch, "sparc")) {
- add_tests(sparc_machines);
- } else if (!strcmp(arch, "sparc64")) {
-diff --git a/tests/qtest/test-x86-cpuid-compat.c b/tests/qtest/test-x86-cpuid-compat.c
-index f28848e06e..6b2fd398a2 100644
---- a/tests/qtest/test-x86-cpuid-compat.c
-+++ b/tests/qtest/test-x86-cpuid-compat.c
-@@ -300,6 +300,7 @@ int main(int argc, char **argv)
- "-cpu 486,xlevel2=0xC0000002,xstore=on",
- "xlevel2", 0xC0000002);
-
-+#if 0 /* Disabled in Red Hat Enterprise Linux */
- /* Check compatibility of old machine-types that didn't
- * auto-increase level/xlevel/xlevel2: */
-
-@@ -350,6 +351,7 @@ int main(int argc, char **argv)
- add_cpuid_test("x86/cpuid/xlevel-compat/pc-i440fx-2.4/npt-on",
- "-machine pc-i440fx-2.4 -cpu SandyBridge,svm=on,npt=on",
- "xlevel", 0x80000008);
-+#endif
-
- /* Test feature parsing */
- add_feature_test("x86/cpuid/features/plus",
-diff --git a/tests/qtest/usb-hcd-xhci-test.c b/tests/qtest/usb-hcd-xhci-test.c
-index 10ef9d2a91..3855873050 100644
---- a/tests/qtest/usb-hcd-xhci-test.c
-+++ b/tests/qtest/usb-hcd-xhci-test.c
-@@ -21,6 +21,7 @@ static void test_xhci_hotplug(void)
- usb_test_hotplug(global_qtest, "xhci", "1", NULL);
- }
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static void test_usb_uas_hotplug(void)
- {
- QTestState *qts = global_qtest;
-@@ -36,6 +37,7 @@ static void test_usb_uas_hotplug(void)
- qtest_qmp_device_del(qts, "scsihd");
- qtest_qmp_device_del(qts, "uas");
- }
-+#endif
-
- static void test_usb_ccid_hotplug(void)
- {
-@@ -56,7 +58,9 @@ int main(int argc, char **argv)
-
- qtest_add_func("/xhci/pci/init", test_xhci_init);
- qtest_add_func("/xhci/pci/hotplug", test_xhci_hotplug);
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- qtest_add_func("/xhci/pci/hotplug/usb-uas", test_usb_uas_hotplug);
-+#endif
- qtest_add_func("/xhci/pci/hotplug/usb-ccid", test_usb_ccid_hotplug);
-
- qtest_start("-device nec-usb-xhci,id=xhci"
---
-2.27.0
-
diff --git a/SOURCES/0012-vfio-cap-number-of-devices-that-can-be-assigned.patch b/SOURCES/0012-vfio-cap-number-of-devices-that-can-be-assigned.patch
new file mode 100644
index 0000000..c9e42b2
--- /dev/null
+++ b/SOURCES/0012-vfio-cap-number-of-devices-that-can-be-assigned.patch
@@ -0,0 +1,104 @@
+From c358fd4c224a9c3f64b4a8fff34cc6b1dc201fa0 Mon Sep 17 00:00:00 2001
+From: Bandan Das <bsd@redhat.com>
+Date: Tue, 3 Dec 2013 20:05:13 +0100
+Subject: vfio: cap number of devices that can be assigned
+
+RH-Author: Bandan Das <bsd@redhat.com>
+Message-id: <1386101113-31560-3-git-send-email-bsd@redhat.com>
+Patchwork-id: 55984
+O-Subject: [PATCH RHEL7 qemu-kvm v2 2/2] vfio: cap number of devices that can be assigned
+Bugzilla: 678368
+RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
+RH-Acked-by: Marcelo Tosatti <mtosatti@redhat.com>
+RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
+
+Go through all groups to get count of total number of devices
+active to enforce limit
+
+Reasoning from Alex for the limit(32) - Assuming 3 slots per
+device, with 125 slots (number of memory slots for RHEL 7),
+we can support almost 40 devices and still have few slots left
+for other uses. Stepping down a bit, the number 32 arbitrarily
+matches the number of slots on a PCI bus and is also a nice power
+of two.
+
+Count of slots increased to 509 later so we could increase limit
+to 64 as some usecases require more than 32 devices.
+
+Signed-off-by: Bandan Das <bsd@redhat.com>
+---
+ hw/vfio/pci.c | 29 ++++++++++++++++++++++++++++-
+ hw/vfio/pci.h | 1 +
+ 2 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 67a183f17b..1e20f9fd59 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -45,6 +45,9 @@
+
+ #define TYPE_VFIO_PCI_NOHOTPLUG "vfio-pci-nohotplug"
+
++/* RHEL only: Set once for the first assigned dev */
++static uint16_t device_limit;
++
+ static void vfio_disable_interrupts(VFIOPCIDevice *vdev);
+ static void vfio_mmap_set_enabled(VFIOPCIDevice *vdev, bool enabled);
+
+@@ -2810,9 +2813,30 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
+ ssize_t len;
+ struct stat st;
+ int groupid;
+- int i, ret;
++ int ret, i = 0;
+ bool is_mdev;
+
++ if (device_limit && device_limit != vdev->assigned_device_limit) {
++ error_setg(errp, "Assigned device limit has been redefined. "
++ "Old:%d, New:%d",
++ device_limit, vdev->assigned_device_limit);
++ return;
++ } else {
++ device_limit = vdev->assigned_device_limit;
++ }
++
++ QLIST_FOREACH(group, &vfio_group_list, next) {
++ QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
++ i++;
++ }
++ }
++
++ if (i >= vdev->assigned_device_limit) {
++ error_setg(errp, "Maximum supported vfio devices (%d) "
++ "already attached", vdev->assigned_device_limit);
++ return;
++ }
++
+ if (!vdev->vbasedev.sysfsdev) {
+ if (!(~vdev->host.domain || ~vdev->host.bus ||
+ ~vdev->host.slot || ~vdev->host.function)) {
+@@ -3249,6 +3273,9 @@ static Property vfio_pci_dev_properties[] = {
+ DEFINE_PROP_BOOL("x-no-kvm-msix", VFIOPCIDevice, no_kvm_msix, false),
+ DEFINE_PROP_BOOL("x-no-geforce-quirks", VFIOPCIDevice,
+ no_geforce_quirks, false),
++ /* RHEL only */
++ DEFINE_PROP_UINT16("x-assigned-device-limit", VFIOPCIDevice,
++ assigned_device_limit, 64),
+ DEFINE_PROP_BOOL("x-no-kvm-ioeventfd", VFIOPCIDevice, no_kvm_ioeventfd,
+ false),
+ DEFINE_PROP_BOOL("x-no-vfio-ioeventfd", VFIOPCIDevice, no_vfio_ioeventfd,
+diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
+index 64777516d1..e0fe6ca97e 100644
+--- a/hw/vfio/pci.h
++++ b/hw/vfio/pci.h
+@@ -139,6 +139,7 @@ struct VFIOPCIDevice {
+ EventNotifier err_notifier;
+ EventNotifier req_notifier;
+ int (*resetfn)(struct VFIOPCIDevice *);
++ uint16_t assigned_device_limit;
+ uint32_t vendor_id;
+ uint32_t device_id;
+ uint32_t sub_vendor_id;
+--
+2.31.1
+
diff --git a/SOURCES/0013-Add-support-statement-to-help-output.patch b/SOURCES/0013-Add-support-statement-to-help-output.patch
new file mode 100644
index 0000000..4826ea4
--- /dev/null
+++ b/SOURCES/0013-Add-support-statement-to-help-output.patch
@@ -0,0 +1,55 @@
+From ba0c7a5f6b9a1f75666db6b3b795ddf03695dc26 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 4 Dec 2013 18:53:17 +0100
+Subject: Add support statement to -help output
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <1386183197-27761-1-git-send-email-ehabkost@redhat.com>
+Patchwork-id: 55994
+O-Subject: [qemu-kvm RHEL7 PATCH] Add support statement to -help output
+Bugzilla: 972773
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: knoel@redhat.com
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Add support statement to -help output, reporting direct qemu-kvm usage
+as unsupported by Red Hat, and advising users to use libvirt instead.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+ softmmu/vl.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/softmmu/vl.c b/softmmu/vl.c
+index 6f646531a0..9d5dab43d2 100644
+--- a/softmmu/vl.c
++++ b/softmmu/vl.c
+@@ -831,9 +831,17 @@ static void version(void)
+ QEMU_COPYRIGHT "\n");
+ }
+
++static void print_rh_warning(void)
++{
++ printf("\nWARNING: Direct use of qemu-kvm from the command line is not supported by Red Hat.\n"
++ "WARNING: Use libvirt as the stable management interface.\n"
++ "WARNING: Some command line options listed here may not be available in future releases.\n\n");
++}
++
+ static void help(int exitcode)
+ {
+ version();
++ print_rh_warning();
+ printf("usage: %s [options] [disk_image]\n\n"
+ "'disk_image' is a raw hard disk image for IDE hard disk 0\n\n",
+ g_get_prgname());
+@@ -859,6 +867,7 @@ static void help(int exitcode)
+ "\n"
+ QEMU_HELP_BOTTOM "\n");
+
++ print_rh_warning();
+ exit(exitcode);
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch b/SOURCES/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch
deleted file mode 100644
index 44db7e1..0000000
--- a/SOURCES/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 55dcef9d806aa530f10e3ca42eb24d52f850d674 Mon Sep 17 00:00:00 2001
-From: Bandan Das <bsd@redhat.com>
-Date: Tue, 3 Dec 2013 20:05:13 +0100
-Subject: vfio: cap number of devices that can be assigned
-
-RH-Author: Bandan Das <bsd@redhat.com>
-Message-id: <1386101113-31560-3-git-send-email-bsd@redhat.com>
-Patchwork-id: 55984
-O-Subject: [PATCH RHEL7 qemu-kvm v2 2/2] vfio: cap number of devices that can be assigned
-Bugzilla: 678368
-RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
-RH-Acked-by: Marcelo Tosatti <mtosatti@redhat.com>
-RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-
-Go through all groups to get count of total number of devices
-active to enforce limit
-
-Reasoning from Alex for the limit(32) - Assuming 3 slots per
-device, with 125 slots (number of memory slots for RHEL 7),
-we can support almost 40 devices and still have few slots left
-for other uses. Stepping down a bit, the number 32 arbitrarily
-matches the number of slots on a PCI bus and is also a nice power
-of two.
-
-Count of slots increased to 509 later so we could increase limit
-to 64 as some usecases require more than 32 devices.
-
-Signed-off-by: Bandan Das <bsd@redhat.com>
----
- hw/vfio/pci.c | 29 ++++++++++++++++++++++++++++-
- hw/vfio/pci.h | 1 +
- 2 files changed, 29 insertions(+), 1 deletion(-)
-
-diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
-index 7b45353ce2..eb725a3aee 100644
---- a/hw/vfio/pci.c
-+++ b/hw/vfio/pci.c
-@@ -45,6 +45,9 @@
-
- #define TYPE_VFIO_PCI_NOHOTPLUG "vfio-pci-nohotplug"
-
-+/* RHEL only: Set once for the first assigned dev */
-+static uint16_t device_limit;
-+
- static void vfio_disable_interrupts(VFIOPCIDevice *vdev);
- static void vfio_mmap_set_enabled(VFIOPCIDevice *vdev, bool enabled);
-
-@@ -2807,9 +2810,30 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
- ssize_t len;
- struct stat st;
- int groupid;
-- int i, ret;
-+ int ret, i = 0;
- bool is_mdev;
-
-+ if (device_limit && device_limit != vdev->assigned_device_limit) {
-+ error_setg(errp, "Assigned device limit has been redefined. "
-+ "Old:%d, New:%d",
-+ device_limit, vdev->assigned_device_limit);
-+ return;
-+ } else {
-+ device_limit = vdev->assigned_device_limit;
-+ }
-+
-+ QLIST_FOREACH(group, &vfio_group_list, next) {
-+ QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
-+ i++;
-+ }
-+ }
-+
-+ if (i >= vdev->assigned_device_limit) {
-+ error_setg(errp, "Maximum supported vfio devices (%d) "
-+ "already attached", vdev->assigned_device_limit);
-+ return;
-+ }
-+
- if (!vdev->vbasedev.sysfsdev) {
- if (!(~vdev->host.domain || ~vdev->host.bus ||
- ~vdev->host.slot || ~vdev->host.function)) {
-@@ -3246,6 +3270,9 @@ static Property vfio_pci_dev_properties[] = {
- DEFINE_PROP_BOOL("x-no-kvm-msix", VFIOPCIDevice, no_kvm_msix, false),
- DEFINE_PROP_BOOL("x-no-geforce-quirks", VFIOPCIDevice,
- no_geforce_quirks, false),
-+ /* RHEL only */
-+ DEFINE_PROP_UINT16("x-assigned-device-limit", VFIOPCIDevice,
-+ assigned_device_limit, 64),
- DEFINE_PROP_BOOL("x-no-kvm-ioeventfd", VFIOPCIDevice, no_kvm_ioeventfd,
- false),
- DEFINE_PROP_BOOL("x-no-vfio-ioeventfd", VFIOPCIDevice, no_vfio_ioeventfd,
-diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
-index 64777516d1..e0fe6ca97e 100644
---- a/hw/vfio/pci.h
-+++ b/hw/vfio/pci.h
-@@ -139,6 +139,7 @@ struct VFIOPCIDevice {
- EventNotifier err_notifier;
- EventNotifier req_notifier;
- int (*resetfn)(struct VFIOPCIDevice *);
-+ uint16_t assigned_device_limit;
- uint32_t vendor_id;
- uint32_t device_id;
- uint32_t sub_vendor_id;
---
-2.27.0
-
diff --git a/SOURCES/0014-Add-support-statement-to-help-output.patch b/SOURCES/0014-Add-support-statement-to-help-output.patch
deleted file mode 100644
index 095b9db..0000000
--- a/SOURCES/0014-Add-support-statement-to-help-output.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From fcccb5c061b8bbae29de59637c5ad4cf4416281b Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 4 Dec 2013 18:53:17 +0100
-Subject: Add support statement to -help output
-
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <1386183197-27761-1-git-send-email-ehabkost@redhat.com>
-Patchwork-id: 55994
-O-Subject: [qemu-kvm RHEL7 PATCH] Add support statement to -help output
-Bugzilla: 972773
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: knoel@redhat.com
-RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-
-Add support statement to -help output, reporting direct qemu-kvm usage
-as unsupported by Red Hat, and advising users to use libvirt instead.
-
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
----
- softmmu/vl.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/softmmu/vl.c b/softmmu/vl.c
-index 620a1f1367..d46b8fb4ab 100644
---- a/softmmu/vl.c
-+++ b/softmmu/vl.c
-@@ -827,9 +827,17 @@ static void version(void)
- QEMU_COPYRIGHT "\n");
- }
-
-+static void print_rh_warning(void)
-+{
-+ printf("\nWARNING: Direct use of qemu-kvm from the command line is not supported by Red Hat.\n"
-+ "WARNING: Use libvirt as the stable management interface.\n"
-+ "WARNING: Some command line options listed here may not be available in future releases.\n\n");
-+}
-+
- static void help(int exitcode)
- {
- version();
-+ print_rh_warning();
- printf("usage: %s [options] [disk_image]\n\n"
- "'disk_image' is a raw hard disk image for IDE hard disk 0\n\n",
- error_get_progname());
-@@ -855,6 +863,7 @@ static void help(int exitcode)
- "\n"
- QEMU_HELP_BOTTOM "\n");
-
-+ print_rh_warning();
- exit(exitcode);
- }
-
---
-2.27.0
-
diff --git a/SOURCES/0014-globally-limit-the-maximum-number-of-CPUs.patch b/SOURCES/0014-globally-limit-the-maximum-number-of-CPUs.patch
new file mode 100644
index 0000000..6764a84
--- /dev/null
+++ b/SOURCES/0014-globally-limit-the-maximum-number-of-CPUs.patch
@@ -0,0 +1,45 @@
+From 9ebfd2f6cfa8e79c92e58fd169f90cc768fb865a Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones@redhat.com>
+Date: Tue, 21 Jan 2014 10:46:52 +0100
+Subject: globally limit the maximum number of CPUs
+
+We now globally limit the number of VCPUs.
+Especially, there is no way one can specify more than
+max_cpus VCPUs for a VM.
+
+This allows us the restore the ppc max_cpus limitation to the upstream
+default and minimize the ppc hack in kvm-all.c.
+
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo Cesar Lemes de Paula <ddepaula@redhat.com>
+---
+ accel/kvm/kvm-all.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
+index 5f1377ca04..fdf0e4d429 100644
+--- a/accel/kvm/kvm-all.c
++++ b/accel/kvm/kvm-all.c
+@@ -2430,6 +2430,18 @@ static int kvm_init(MachineState *ms)
+ soft_vcpus_limit = kvm_recommended_vcpus(s);
+ hard_vcpus_limit = kvm_max_vcpus(s);
+
++#ifdef HOST_PPC64
++ /*
++ * On POWER, the kernel advertises a soft limit based on the
++ * number of CPU threads on the host. We want to allow exceeding
++ * this for testing purposes, so we don't want to set hard limit
++ * to soft limit as on x86.
++ */
++#else
++ /* RHEL doesn't support nr_vcpus > soft_vcpus_limit */
++ hard_vcpus_limit = soft_vcpus_limit;
++#endif
++
+ while (nc->name) {
+ if (nc->num > soft_vcpus_limit) {
+ warn_report("Number of %s cpus requested (%d) exceeds "
+--
+2.31.1
+
diff --git a/SOURCES/0015-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch b/SOURCES/0015-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
new file mode 100644
index 0000000..722484d
--- /dev/null
+++ b/SOURCES/0015-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
@@ -0,0 +1,61 @@
+From 4b6c8cdc52fdf94d4098d278defb3833dce1d189 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Wed, 8 Jul 2020 08:35:50 +0200
+Subject: Use qemu-kvm in documentation instead of qemu-system-<arch>
+
+Patchwork-id: 62380
+O-Subject: [RHEV-7.1 qemu-kvm-rhev PATCHv4] Use qemu-kvm in documentation instead of qemu-system-i386
+Bugzilla: 1140620
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Acked-by: Markus Armbruster <armbru@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+From: Miroslav Rezanina <mrezanin@redhat.com>
+
+We change the name and location of qemu-kvm binaries. Update documentation
+to reflect this change. Only architectures available in RHEL are updated.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ docs/defs.rst.inc | 4 ++--
+ qemu-options.hx | 10 +++++-----
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/docs/defs.rst.inc b/docs/defs.rst.inc
+index 52d6454b93..d74dbdeca9 100644
+--- a/docs/defs.rst.inc
++++ b/docs/defs.rst.inc
+@@ -9,7 +9,7 @@
+ but the manpages will end up misrendered with following normal text
+ incorrectly in boldface.
+
+-.. |qemu_system| replace:: qemu-system-x86_64
+-.. |qemu_system_x86| replace:: qemu-system-x86_64
++.. |qemu_system| replace:: qemu-kvm
++.. |qemu_system_x86| replace:: qemu-kvm
+ .. |I2C| replace:: I\ :sup:`2`\ C
+ .. |I2S| replace:: I\ :sup:`2`\ S
+diff --git a/qemu-options.hx b/qemu-options.hx
+index 34e9b32a5c..924f61ab6d 100644
+--- a/qemu-options.hx
++++ b/qemu-options.hx
+@@ -3233,11 +3233,11 @@ SRST
+
+ ::
+
+- qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
+- -numa node,memdev=mem \
+- -chardev socket,id=chr0,path=/path/to/socket \
+- -netdev type=vhost-user,id=net0,chardev=chr0 \
+- -device virtio-net-pci,netdev=net0
++ qemu-kvm -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
++ -numa node,memdev=mem \
++ -chardev socket,id=chr0,path=/path/to/socket \
++ -netdev type=vhost-user,id=net0,chardev=chr0 \
++ -device virtio-net-pci,netdev=net0
+
+ ``-netdev vhost-vdpa,vhostdev=/path/to/dev``
+ Establish a vhost-vdpa netdev.
+--
+2.31.1
+
diff --git a/SOURCES/0015-globally-limit-the-maximum-number-of-CPUs.patch b/SOURCES/0015-globally-limit-the-maximum-number-of-CPUs.patch
deleted file mode 100644
index 50c1e79..0000000
--- a/SOURCES/0015-globally-limit-the-maximum-number-of-CPUs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 354c9ce982e566ddb3c724a57252986dcb7c36db Mon Sep 17 00:00:00 2001
-From: Andrew Jones <drjones@redhat.com>
-Date: Tue, 21 Jan 2014 10:46:52 +0100
-Subject: globally limit the maximum number of CPUs
-
-We now globally limit the number of VCPUs.
-Especially, there is no way one can specify more than
-max_cpus VCPUs for a VM.
-
-This allows us the restore the ppc max_cpus limitation to the upstream
-default and minimize the ppc hack in kvm-all.c.
-
-Signed-off-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
-Signed-off-by: Danilo Cesar Lemes de Paula <ddepaula@redhat.com>
----
- accel/kvm/kvm-all.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
-index eecd8031cf..8f2a53438f 100644
---- a/accel/kvm/kvm-all.c
-+++ b/accel/kvm/kvm-all.c
-@@ -2423,6 +2423,18 @@ static int kvm_init(MachineState *ms)
- soft_vcpus_limit = kvm_recommended_vcpus(s);
- hard_vcpus_limit = kvm_max_vcpus(s);
-
-+#ifdef HOST_PPC64
-+ /*
-+ * On POWER, the kernel advertises a soft limit based on the
-+ * number of CPU threads on the host. We want to allow exceeding
-+ * this for testing purposes, so we don't want to set hard limit
-+ * to soft limit as on x86.
-+ */
-+#else
-+ /* RHEL doesn't support nr_vcpus > soft_vcpus_limit */
-+ hard_vcpus_limit = soft_vcpus_limit;
-+#endif
-+
- while (nc->name) {
- if (nc->num > soft_vcpus_limit) {
- warn_report("Number of %s cpus requested (%d) exceeds "
---
-2.27.0
-
diff --git a/SOURCES/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch b/SOURCES/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
deleted file mode 100644
index 415bcc2..0000000
--- a/SOURCES/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From b057b4ebec0f87f21ba4a15adbb2a1bde7240ed5 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Wed, 8 Jul 2020 08:35:50 +0200
-Subject: Use qemu-kvm in documentation instead of qemu-system-<arch>
-
-Patchwork-id: 62380
-O-Subject: [RHEV-7.1 qemu-kvm-rhev PATCHv4] Use qemu-kvm in documentation instead of qemu-system-i386
-Bugzilla: 1140620
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Acked-by: Markus Armbruster <armbru@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-From: Miroslav Rezanina <mrezanin@redhat.com>
-
-We change the name and location of qemu-kvm binaries. Update documentation
-to reflect this change. Only architectures available in RHEL are updated.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
- docs/defs.rst.inc | 4 ++--
- docs/tools/qemu-trace-stap.rst | 14 +++++++-------
- qemu-options.hx | 10 +++++-----
- 3 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/docs/defs.rst.inc b/docs/defs.rst.inc
-index 52d6454b93..d74dbdeca9 100644
---- a/docs/defs.rst.inc
-+++ b/docs/defs.rst.inc
-@@ -9,7 +9,7 @@
- but the manpages will end up misrendered with following normal text
- incorrectly in boldface.
-
--.. |qemu_system| replace:: qemu-system-x86_64
--.. |qemu_system_x86| replace:: qemu-system-x86_64
-+.. |qemu_system| replace:: qemu-kvm
-+.. |qemu_system_x86| replace:: qemu-kvm
- .. |I2C| replace:: I\ :sup:`2`\ C
- .. |I2S| replace:: I\ :sup:`2`\ S
-diff --git a/docs/tools/qemu-trace-stap.rst b/docs/tools/qemu-trace-stap.rst
-index d53073b52b..9e93df084f 100644
---- a/docs/tools/qemu-trace-stap.rst
-+++ b/docs/tools/qemu-trace-stap.rst
-@@ -46,19 +46,19 @@ The following commands are valid:
- any of the listed names. If no *PATTERN* is given, the all possible
- probes will be listed.
-
-- For example, to list all probes available in the ``qemu-system-x86_64``
-+ For example, to list all probes available in the ``qemu-kvm``
- binary:
-
- ::
-
-- $ qemu-trace-stap list qemu-system-x86_64
-+ $ qemu-trace-stap list qemu-kvm
-
- To filter the list to only cover probes related to QEMU's cryptographic
- subsystem, in a binary outside ``$PATH``
-
- ::
-
-- $ qemu-trace-stap list /opt/qemu/4.0.0/bin/qemu-system-x86_64 'qcrypto*'
-+ $ qemu-trace-stap list /opt/qemu/4.0.0/bin/qemu-kvm 'qcrypto*'
-
- .. option:: run OPTIONS BINARY PATTERN...
-
-@@ -90,18 +90,18 @@ The following commands are valid:
- Restrict the tracing session so that it only triggers for the process
- identified by *PID*.
-
-- For example, to monitor all processes executing ``qemu-system-x86_64``
-+ For example, to monitor all processes executing ``qemu-kvm``
- as found on ``$PATH``, displaying all I/O related probes:
-
- ::
-
-- $ qemu-trace-stap run qemu-system-x86_64 'qio*'
-+ $ qemu-trace-stap run qemu-kvm 'qio*'
-
- To monitor only the QEMU process with PID 1732
-
- ::
-
-- $ qemu-trace-stap run --pid=1732 qemu-system-x86_64 'qio*'
-+ $ qemu-trace-stap run --pid=1732 qemu-kvm 'qio*'
-
- To monitor QEMU processes running an alternative binary outside of
- ``$PATH``, displaying verbose information about setup of the
-@@ -109,7 +109,7 @@ The following commands are valid:
-
- ::
-
-- $ qemu-trace-stap -v run /opt/qemu/4.0.0/qemu-system-x86_64 'qio*'
-+ $ qemu-trace-stap -v run /opt/qemu/4.0.0/qemu-kvm 'qio*'
-
- See also
- --------
-diff --git a/qemu-options.hx b/qemu-options.hx
-index ae2c6dbbfc..94c4a8dbaf 100644
---- a/qemu-options.hx
-+++ b/qemu-options.hx
-@@ -3150,11 +3150,11 @@ SRST
-
- ::
-
-- qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
-- -numa node,memdev=mem \
-- -chardev socket,id=chr0,path=/path/to/socket \
-- -netdev type=vhost-user,id=net0,chardev=chr0 \
-- -device virtio-net-pci,netdev=net0
-+ qemu-kvm -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
-+ -numa node,memdev=mem \
-+ -chardev socket,id=chr0,path=/path/to/socket \
-+ -netdev type=vhost-user,id=net0,chardev=chr0 \
-+ -device virtio-net-pci,netdev=net0
-
- ``-netdev vhost-vdpa,vhostdev=/path/to/dev``
- Establish a vhost-vdpa netdev.
---
-2.27.0
-
diff --git a/SOURCES/0016-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch b/SOURCES/0016-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
new file mode 100644
index 0000000..9f08024
--- /dev/null
+++ b/SOURCES/0016-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
@@ -0,0 +1,66 @@
+From b72e04cb7e417d9e1c973223747ab3a27abda8b4 Mon Sep 17 00:00:00 2001
+From: Fam Zheng <famz@redhat.com>
+Date: Wed, 14 Jun 2017 15:37:01 +0200
+Subject: virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]
+
+RH-Author: Fam Zheng <famz@redhat.com>
+Message-id: <20170614153701.14757-1-famz@redhat.com>
+Patchwork-id: 75613
+O-Subject: [RHV-7.4 qemu-kvm-rhev PATCH v3] virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]
+Bugzilla: 1378816
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Max Reitz <mreitz@redhat.com>
+
+We need a fix for RHEL 7.4 and 7.3.z, but unfortunately upstream isn't
+ready. If it were, the changes will be too invasive. To have an idea:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg05400.html
+
+is an incomplete attempt to fix part of the issue, and the remaining
+work unfortunately involve even more complex changes.
+
+As a band-aid, this partially reverts the effect of ef8875b
+(virtio-scsi: Remove op blocker for dataplane, since v2.7). We cannot
+simply revert that commit as a whole because we already shipped it in
+qemu-kvm-rhev 7.3, since when, block jobs has been possible. We should
+only block what has been broken. Also, faithfully reverting the above
+commit means adding back the removed op blocker, but that is not enough,
+because it still crashes when inserting media into an initially empty
+scsi-cd.
+
+All in all, scsi-cd on virtio-scsi-dataplane has basically been unusable
+unless the scsi-cd never enters an empty state, so, disable it
+altogether. Otherwise it would be much more difficult to avoid
+crashing.
+
+Signed-off-by: Fam Zheng <famz@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 34a968ecfb..7f6da33a8a 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -896,6 +896,15 @@ static void virtio_scsi_hotplug(HotplugHandler *hotplug_dev, DeviceState *dev,
+ AioContext *old_context;
+ int ret;
+
++ /* XXX: Remove this check once block backend is capable of handling
++ * AioContext change upon eject/insert.
++ * s->ctx is NULL if ioeventfd is off, s->ctx is qemu_get_aio_context() if
++ * data plane is not used, both cases are safe for scsi-cd. */
++ if (s->ctx && s->ctx != qemu_get_aio_context() &&
++ object_dynamic_cast(OBJECT(dev), "scsi-cd")) {
++ error_setg(errp, "scsi-cd is not supported by data plane");
++ return;
++ }
+ if (s->ctx && !s->dataplane_fenced) {
+ if (blk_op_is_blocked(sd->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) {
+ return;
+--
+2.31.1
+
diff --git a/SOURCES/0017-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch b/SOURCES/0017-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
new file mode 100644
index 0000000..2bc687c
--- /dev/null
+++ b/SOURCES/0017-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
@@ -0,0 +1,60 @@
+From 64a06662cdea0ff62efb122be4eab506b2a842d9 Mon Sep 17 00:00:00 2001
+From: David Gibson <dgibson@redhat.com>
+Date: Wed, 6 Feb 2019 03:58:56 +0000
+Subject: BZ1653590: Require at least 64kiB pages for downstream guests & hosts
+
+RH-Author: David Gibson <dgibson@redhat.com>
+Message-id: <20190206035856.19058-1-dgibson@redhat.com>
+Patchwork-id: 84246
+O-Subject: [RHELAV-8.0/rhel qemu-kvm PATCH] BZ1653590: Require at least 64kiB pages for downstream guests & hosts
+Bugzilla: 1653590
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Serhii Popovych <spopovyc@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+Most current POWER guests require 64kiB page support, so that's the default
+for the cap-hpt-max-pagesize option in qemu which limits available guest
+page sizes. We warn if the value is set smaller than that, but don't
+outright fail upstream, because we need to allow for the possibility of
+guest (and/or host) kernels configured for 4kiB page sizes.
+
+Downstream, however, we simply don't support 4kiB pagesize configured
+kernels in guest or host, so we can have qemu simply error out in this
+situation.
+
+Testing: Attempted to start a guest with cap-hpt-max-page-size=4k and verified
+ it failed immediately with a qemu error
+
+Signed-off-by: David Gibson <dgibson@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/ppc/spapr_caps.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
+index 655ab856a0..6aa7f93df9 100644
+--- a/hw/ppc/spapr_caps.c
++++ b/hw/ppc/spapr_caps.c
+@@ -329,12 +329,19 @@ bool spapr_check_pagesize(SpaprMachineState *spapr, hwaddr pagesize,
+ static void cap_hpt_maxpagesize_apply(SpaprMachineState *spapr,
+ uint8_t val, Error **errp)
+ {
++#if 0 /* disabled for RHEL */
+ if (val < 12) {
+ error_setg(errp, "Require at least 4kiB hpt-max-page-size");
+ return;
+ } else if (val < 16) {
+ warn_report("Many guests require at least 64kiB hpt-max-page-size");
+ }
++#else /* Only page sizes >=64kiB supported for RHEL */
++ if (val < 16) {
++ error_setg(errp, "Require at least 64kiB hpt-max-page-size");
++ return;
++ }
++#endif
+
+ spapr_check_pagesize(spapr, qemu_minrampagesize(), errp);
+ }
+--
+2.31.1
+
diff --git a/SOURCES/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch b/SOURCES/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
deleted file mode 100644
index 031b551..0000000
--- a/SOURCES/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 41fe05330d095f69f12973b0540466439e030047 Mon Sep 17 00:00:00 2001
-From: Fam Zheng <famz@redhat.com>
-Date: Wed, 14 Jun 2017 15:37:01 +0200
-Subject: virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]
-
-RH-Author: Fam Zheng <famz@redhat.com>
-Message-id: <20170614153701.14757-1-famz@redhat.com>
-Patchwork-id: 75613
-O-Subject: [RHV-7.4 qemu-kvm-rhev PATCH v3] virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]
-Bugzilla: 1378816
-RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Max Reitz <mreitz@redhat.com>
-
-We need a fix for RHEL 7.4 and 7.3.z, but unfortunately upstream isn't
-ready. If it were, the changes will be too invasive. To have an idea:
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg05400.html
-
-is an incomplete attempt to fix part of the issue, and the remaining
-work unfortunately involve even more complex changes.
-
-As a band-aid, this partially reverts the effect of ef8875b
-(virtio-scsi: Remove op blocker for dataplane, since v2.7). We cannot
-simply revert that commit as a whole because we already shipped it in
-qemu-kvm-rhev 7.3, since when, block jobs has been possible. We should
-only block what has been broken. Also, faithfully reverting the above
-commit means adding back the removed op blocker, but that is not enough,
-because it still crashes when inserting media into an initially empty
-scsi-cd.
-
-All in all, scsi-cd on virtio-scsi-dataplane has basically been unusable
-unless the scsi-cd never enters an empty state, so, disable it
-altogether. Otherwise it would be much more difficult to avoid
-crashing.
-
-Signed-off-by: Fam Zheng <famz@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- hw/scsi/virtio-scsi.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
-index 51fd09522a..a35257c35a 100644
---- a/hw/scsi/virtio-scsi.c
-+++ b/hw/scsi/virtio-scsi.c
-@@ -896,6 +896,15 @@ static void virtio_scsi_hotplug(HotplugHandler *hotplug_dev, DeviceState *dev,
- AioContext *old_context;
- int ret;
-
-+ /* XXX: Remove this check once block backend is capable of handling
-+ * AioContext change upon eject/insert.
-+ * s->ctx is NULL if ioeventfd is off, s->ctx is qemu_get_aio_context() if
-+ * data plane is not used, both cases are safe for scsi-cd. */
-+ if (s->ctx && s->ctx != qemu_get_aio_context() &&
-+ object_dynamic_cast(OBJECT(dev), "scsi-cd")) {
-+ error_setg(errp, "scsi-cd is not supported by data plane");
-+ return;
-+ }
- if (s->ctx && !s->dataplane_fenced) {
- if (blk_op_is_blocked(sd->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) {
- return;
---
-2.27.0
-
diff --git a/SOURCES/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch b/SOURCES/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
deleted file mode 100644
index 7f161e8..0000000
--- a/SOURCES/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 295ee942608d48ab167aa76adabf3697c28e6910 Mon Sep 17 00:00:00 2001
-From: David Gibson <dgibson@redhat.com>
-Date: Wed, 6 Feb 2019 03:58:56 +0000
-Subject: BZ1653590: Require at least 64kiB pages for downstream guests & hosts
-
-RH-Author: David Gibson <dgibson@redhat.com>
-Message-id: <20190206035856.19058-1-dgibson@redhat.com>
-Patchwork-id: 84246
-O-Subject: [RHELAV-8.0/rhel qemu-kvm PATCH] BZ1653590: Require at least 64kiB pages for downstream guests & hosts
-Bugzilla: 1653590
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-RH-Acked-by: Serhii Popovych <spopovyc@redhat.com>
-RH-Acked-by: Thomas Huth <thuth@redhat.com>
-
-Most current POWER guests require 64kiB page support, so that's the default
-for the cap-hpt-max-pagesize option in qemu which limits available guest
-page sizes. We warn if the value is set smaller than that, but don't
-outright fail upstream, because we need to allow for the possibility of
-guest (and/or host) kernels configured for 4kiB page sizes.
-
-Downstream, however, we simply don't support 4kiB pagesize configured
-kernels in guest or host, so we can have qemu simply error out in this
-situation.
-
-Testing: Attempted to start a guest with cap-hpt-max-page-size=4k and verified
- it failed immediately with a qemu error
-
-Signed-off-by: David Gibson <dgibson@redhat.com>
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- hw/ppc/spapr_caps.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
-index ed7c077a0d..48a8efe678 100644
---- a/hw/ppc/spapr_caps.c
-+++ b/hw/ppc/spapr_caps.c
-@@ -332,12 +332,19 @@ bool spapr_check_pagesize(SpaprMachineState *spapr, hwaddr pagesize,
- static void cap_hpt_maxpagesize_apply(SpaprMachineState *spapr,
- uint8_t val, Error **errp)
- {
-+#if 0 /* disabled for RHEL */
- if (val < 12) {
- error_setg(errp, "Require at least 4kiB hpt-max-page-size");
- return;
- } else if (val < 16) {
- warn_report("Many guests require at least 64kiB hpt-max-page-size");
- }
-+#else /* Only page sizes >=64kiB supported for RHEL */
-+ if (val < 16) {
-+ error_setg(errp, "Require at least 64kiB hpt-max-page-size");
-+ return;
-+ }
-+#endif
-
- spapr_check_pagesize(spapr, qemu_minrampagesize(), errp);
- }
---
-2.27.0
-
diff --git a/SOURCES/0018-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch b/SOURCES/0018-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
new file mode 100644
index 0000000..d7401d5
--- /dev/null
+++ b/SOURCES/0018-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
@@ -0,0 +1,77 @@
+From 54f9157a918e1404f2f17ce89a9c8b9088c1bc06 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Fri, 20 Aug 2021 18:25:12 +0200
+Subject: qcow2: Deprecation warning when opening v2 images rw
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Kevin Wolf <kwolf@redhat.com>
+RH-MergeRequest: 37: qcow2: Deprecation warning when opening v2 images rw
+RH-Commit: [1/1] f450d0ae32d35063b28c72c4f2d2ebb9e6d8db3e (kmwolf/centos-qemu-kvm)
+RH-Bugzilla: 1951814
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+qcow2 v3 has been around for a long time (since QEMU 1.1/RHEL 7), so
+there is no real reason any more to use it. People still using it might
+do so unintentionally. Warn about it and suggest upgrading during the
+RHEL 9 timeframe so that the code can possibly be disabled in RHEL 10.
+
+The warning is restricted to read-write mode and the system emulator.
+The primary motivation for not having it in qemu-img is that 'qemu-img
+amend' for upgrades would warn otherwise. It also avoids having to make
+too many changes to the test suite.
+
+bdrv_uses_whitelist() is used as a proxy for deciding whether we are
+running in a tool or the system emulator. This is not entirely clean,
+but it's what is available and the same function qcow2_do_open() already
+uses it this way for another warning.
+
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+
+patch_name: kvm-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
+present_in_specfile: true
+location_in_specfile: 116
+---
+Rebase notes (6.1.0):
+- Replace bs->read_only with bdrv_is_read_only
+---
+ block/qcow2.c | 6 ++++++
+ tests/qemu-iotests/common.filter | 1 +
+ 2 files changed, 7 insertions(+)
+
+diff --git a/block/qcow2.c b/block/qcow2.c
+index b5c47931ef..a795e457ac 100644
+--- a/block/qcow2.c
++++ b/block/qcow2.c
+@@ -1337,6 +1337,12 @@ static int coroutine_fn qcow2_do_open(BlockDriverState *bs, QDict *options,
+ ret = -ENOTSUP;
+ goto fail;
+ }
++ if (header.version < 3 && !bdrv_is_read_only(bs) && bdrv_uses_whitelist()) {
++ warn_report_once("qcow2 v2 images are deprecated and may not be "
++ "supported in future versions. Please consider "
++ "upgrading the image with 'qemu-img amend "
++ "-o compat=v3'.");
++ }
+
+ s->qcow_version = header.version;
+
+diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
+index cc9f1a5891..6a13757177 100644
+--- a/tests/qemu-iotests/common.filter
++++ b/tests/qemu-iotests/common.filter
+@@ -83,6 +83,7 @@ _filter_qemu()
+ {
+ gsed -e "s#\\(^\\|(qemu) \\)$(basename $QEMU_PROG):#\1QEMU_PROG:#" \
+ -e 's#^QEMU [0-9]\+\.[0-9]\+\.[0-9]\+ monitor#QEMU X.Y.Z monitor#' \
++ -e "/qcow2 v2 images are deprecated/d" \
+ -e $'s#\r##' # QEMU monitor uses \r\n line endings
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/0019-WRB-Introduce-RHEL-9.0.0-hw-compat-structure.patch b/SOURCES/0019-WRB-Introduce-RHEL-9.0.0-hw-compat-structure.patch
new file mode 100644
index 0000000..285cd6b
--- /dev/null
+++ b/SOURCES/0019-WRB-Introduce-RHEL-9.0.0-hw-compat-structure.patch
@@ -0,0 +1,135 @@
+From 1d6439527aa6ccabb58208c94417778ccc19de39 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Wed, 9 Feb 2022 04:16:25 -0500
+Subject: WRB: Introduce RHEL 9.0.0 hw compat structure
+
+General compatibility structure for post RHEL 9.0.0 rebase.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ hw/core/machine.c | 9 +++++++++
+ hw/i386/pc.c | 6 ++++++
+ hw/i386/pc_piix.c | 4 ++++
+ hw/i386/pc_q35.c | 4 ++++
+ hw/s390x/s390-virtio-ccw.c | 2 ++
+ include/hw/boards.h | 3 +++
+ include/hw/i386/pc.h | 3 +++
+ 7 files changed, 31 insertions(+)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index 28989b6e7b..dffc3ef4ab 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -53,6 +53,15 @@ GlobalProperty hw_compat_rhel_8_6[] = {
+ };
+ const size_t hw_compat_rhel_8_6_len = G_N_ELEMENTS(hw_compat_rhel_8_6);
+
++/*
++ * Mostly the same as hw_compat_6_2
++ */
++GlobalProperty hw_compat_rhel_9_0[] = {
++ /* hw_compat_rhel_9_0 from hw_compat_6_2 */
++ { "PIIX4_PM", "x-not-migrate-acpi-index", "on"},
++};
++const size_t hw_compat_rhel_9_0_len = G_N_ELEMENTS(hw_compat_rhel_9_0);
++
+ /*
+ * Mostly the same as hw_compat_6_0 and hw_compat_6_1
+ */
+diff --git a/hw/i386/pc.c b/hw/i386/pc.c
+index 263d882af6..0886cfe3fe 100644
+--- a/hw/i386/pc.c
++++ b/hw/i386/pc.c
+@@ -391,6 +391,12 @@ GlobalProperty pc_rhel_compat[] = {
+ };
+ const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
+
++GlobalProperty pc_rhel_9_0_compat[] = {
++ /* pc_rhel_9_0_compat from pc_compat_6_2 */
++ { "virtio-mem", "unplugged-inaccessible", "off" },
++};
++const size_t pc_rhel_9_0_compat_len = G_N_ELEMENTS(pc_rhel_9_0_compat);
++
+ GlobalProperty pc_rhel_8_5_compat[] = {
+ /* pc_rhel_8_5_compat from pc_compat_6_0 */
+ { "qemu64" "-" TYPE_X86_CPU, "family", "6" },
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index 0cacc0d623..dc987fe93b 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -1014,6 +1014,10 @@ static void pc_machine_rhel760_options(MachineClass *m)
+ pcmc->kvmclock_create_always = false;
+ /* From pc_i440fx_5_1_machine_options() */
+ pcmc->pci_root_uid = 1;
++ compat_props_add(m->compat_props, hw_compat_rhel_9_0,
++ hw_compat_rhel_9_0_len);
++ compat_props_add(m->compat_props, pc_rhel_9_0_compat,
++ pc_rhel_9_0_compat_len);
+ compat_props_add(m->compat_props, hw_compat_rhel_8_6,
+ hw_compat_rhel_8_6_len);
+ compat_props_add(m->compat_props, hw_compat_rhel_8_5,
+diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
+index 157160e069..52c253c570 100644
+--- a/hw/i386/pc_q35.c
++++ b/hw/i386/pc_q35.c
+@@ -669,6 +669,10 @@ static void pc_q35_machine_rhel900_options(MachineClass *m)
+ m->desc = "RHEL-9.0.0 PC (Q35 + ICH9, 2009)";
+ pcmc->smbios_stream_product = "RHEL";
+ pcmc->smbios_stream_version = "9.0.0";
++ compat_props_add(m->compat_props, hw_compat_rhel_9_0,
++ hw_compat_rhel_9_0_len);
++ compat_props_add(m->compat_props, pc_rhel_9_0_compat,
++ pc_rhel_9_0_compat_len);
+ }
+
+ DEFINE_PC_MACHINE(q35_rhel900, "pc-q35-rhel9.0.0", pc_q35_init_rhel900,
+diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
+index 465a2a09d2..08e0f6a79b 100644
+--- a/hw/s390x/s390-virtio-ccw.c
++++ b/hw/s390x/s390-virtio-ccw.c
+@@ -1118,12 +1118,14 @@ static void ccw_machine_2_4_class_options(MachineClass *mc)
+ DEFINE_CCW_MACHINE(2_4, "2.4", false);
+ #endif
+
++
+ static void ccw_machine_rhel900_instance_options(MachineState *machine)
+ {
+ }
+
+ static void ccw_machine_rhel900_class_options(MachineClass *mc)
+ {
++ compat_props_add(mc->compat_props, hw_compat_rhel_9_0, hw_compat_rhel_9_0_len);
+ }
+ DEFINE_CCW_MACHINE(rhel900, "rhel9.0.0", true);
+
+diff --git a/include/hw/boards.h b/include/hw/boards.h
+index d1555665df..635e45dd71 100644
+--- a/include/hw/boards.h
++++ b/include/hw/boards.h
+@@ -451,6 +451,9 @@ extern const size_t hw_compat_2_2_len;
+ extern GlobalProperty hw_compat_2_1[];
+ extern const size_t hw_compat_2_1_len;
+
++extern GlobalProperty hw_compat_rhel_9_0[];
++extern const size_t hw_compat_rhel_9_0_len;
++
+ extern GlobalProperty hw_compat_rhel_8_6[];
+ extern const size_t hw_compat_rhel_8_6_len;
+
+diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
+index 419a6ec24b..a492c420b5 100644
+--- a/include/hw/i386/pc.h
++++ b/include/hw/i386/pc.h
+@@ -292,6 +292,9 @@ extern const size_t pc_compat_1_4_len;
+ extern GlobalProperty pc_rhel_compat[];
+ extern const size_t pc_rhel_compat_len;
+
++extern GlobalProperty pc_rhel_9_0_compat[];
++extern const size_t pc_rhel_9_0_compat_len;
++
+ extern GlobalProperty pc_rhel_8_5_compat[];
+ extern const size_t pc_rhel_8_5_compat_len;
+
+--
+2.31.1
+
diff --git a/SOURCES/0019-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch b/SOURCES/0019-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
deleted file mode 100644
index 7ff46fd..0000000
--- a/SOURCES/0019-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From a3bb2330bbf68faabc57b768cdf3ae2f4f4d86f3 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 20 Aug 2021 18:25:12 +0200
-Subject: qcow2: Deprecation warning when opening v2 images rw
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 37: qcow2: Deprecation warning when opening v2 images rw
-RH-Commit: [1/1] f450d0ae32d35063b28c72c4f2d2ebb9e6d8db3e (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 1951814
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-RH-Acked-by: Thomas Huth <thuth@redhat.com>
-RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-
-qcow2 v3 has been around for a long time (since QEMU 1.1/RHEL 7), so
-there is no real reason any more to use it. People still using it might
-do so unintentionally. Warn about it and suggest upgrading during the
-RHEL 9 timeframe so that the code can possibly be disabled in RHEL 10.
-
-The warning is restricted to read-write mode and the system emulator.
-The primary motivation for not having it in qemu-img is that 'qemu-img
-amend' for upgrades would warn otherwise. It also avoids having to make
-too many changes to the test suite.
-
-bdrv_uses_whitelist() is used as a proxy for deciding whether we are
-running in a tool or the system emulator. This is not entirely clean,
-but it's what is available and the same function qcow2_do_open() already
-uses it this way for another warning.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-
-patch_name: kvm-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
-present_in_specfile: true
-location_in_specfile: 116
----
-Rebase notes (6.1.0):
-- Replace bs->read_only with bdrv_is_read_only
----
- block/qcow2.c | 6 ++++++
- tests/qemu-iotests/common.filter | 1 +
- 2 files changed, 7 insertions(+)
-
-diff --git a/block/qcow2.c b/block/qcow2.c
-index d509016756..37d1c26a71 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -1336,6 +1336,12 @@ static int coroutine_fn qcow2_do_open(BlockDriverState *bs, QDict *options,
- ret = -ENOTSUP;
- goto fail;
- }
-+ if (header.version < 3 && !bdrv_is_read_only(bs) && bdrv_uses_whitelist()) {
-+ warn_report_once("qcow2 v2 images are deprecated and may not be "
-+ "supported in future versions. Please consider "
-+ "upgrading the image with 'qemu-img amend "
-+ "-o compat=v3'.");
-+ }
-
- s->qcow_version = header.version;
-
-diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
-index 2b2b53946c..c5c2dc39bd 100644
---- a/tests/qemu-iotests/common.filter
-+++ b/tests/qemu-iotests/common.filter
-@@ -82,6 +82,7 @@ _filter_qemu()
- {
- $SED -e "s#\\(^\\|(qemu) \\)$(basename $QEMU_PROG):#\1QEMU_PROG:#" \
- -e 's#^QEMU [0-9]\+\.[0-9]\+\.[0-9]\+ monitor#QEMU X.Y.Z monitor#' \
-+ -e "/qcow2 v2 images are deprecated/d" \
- -e $'s#\r##' # QEMU monitor uses \r\n line endings
- }
-
---
-2.27.0
-
diff --git a/SOURCES/0020-Fix-virtio-net-pci-vectors-compat.patch b/SOURCES/0020-Fix-virtio-net-pci-vectors-compat.patch
deleted file mode 100644
index 6caad1d..0000000
--- a/SOURCES/0020-Fix-virtio-net-pci-vectors-compat.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From ef5afcc86dc44d1c9d3030a8ceca2018df86c6ec Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Tue, 19 Oct 2021 13:17:06 -0400
-Subject: Fix virtio-net-pci* "vectors" compat
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 76: 9.0/6.2.0-rc1 x86 machine type fixes
-RH-Commit: [20/22] ebb570f053f96d3558bac49962dc7dc88296c207
-RH-Bugzilla: 2025468
-RH-Acked-by: quintela1 <quintela@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-hw_compat_rhel_8_4 has an issue: it affects only "virtio-net-pci"
-but not "virtio-net-pci-transitional" and
-"virtio-net-pci-non-transitional". The solution is to use the
-"virtio-net-pci-base" type in compat_props.
-
-An equivalent fix will be submitted for hw_compat_5_2 upstream.
-
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-(cherry picked from commit d45823ab0d0138b2fbaf2ed1e1896d2052f3ccb3)
----
- hw/core/machine.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 53a3caf4fb..448a8dd127 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -69,7 +69,11 @@ GlobalProperty hw_compat_rhel_8_4[] = {
- /* hw_compat_rhel_8_4 from hw_compat_5_2 */
- { "virtio-blk-device", "report-discard-granularity", "off" },
- /* hw_compat_rhel_8_4 from hw_compat_5_2 */
-- { "virtio-net-pci", "vectors", "3"},
-+ /*
-+ * Upstream incorrectly had "virtio-net-pci" instead of "virtio-net-pci-base",
-+ * (https://bugzilla.redhat.com/show_bug.cgi?id=1999141)
-+ */
-+ { "virtio-net-pci-base", "vectors", "3"},
- };
- const size_t hw_compat_rhel_8_4_len = G_N_ELEMENTS(hw_compat_rhel_8_4);
-
---
-2.27.0
-
diff --git a/SOURCES/0020-redhat-Update-s390x-machine-type-compatibility-for-r.patch b/SOURCES/0020-redhat-Update-s390x-machine-type-compatibility-for-r.patch
new file mode 100644
index 0000000..d3b91d0
--- /dev/null
+++ b/SOURCES/0020-redhat-Update-s390x-machine-type-compatibility-for-r.patch
@@ -0,0 +1,38 @@
+From c8ad21ca31892f8798cf82508c2b2c61bf3b9895 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Mon, 4 Apr 2022 12:15:50 +0200
+Subject: redhat: Update s390x machine type compatibility for rebase to QEMU
+ 7.0.0
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 143: Update machine type compatibility for QEMU 7.0.0 update [s390x]
+RH-Commit: [23/23] 0ecf97d7bdddc50565b5779c64744b353f715cbd
+RH-Bugzilla: 2064782
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+
+No s390x-specific machine class property updates required this time,
+only an update to the default qemu cpu model.
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ hw/s390x/s390-virtio-ccw.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
+index 08e0f6a79b..4a491d4988 100644
+--- a/hw/s390x/s390-virtio-ccw.c
++++ b/hw/s390x/s390-virtio-ccw.c
+@@ -1121,6 +1121,9 @@ DEFINE_CCW_MACHINE(2_4, "2.4", false);
+
+ static void ccw_machine_rhel900_instance_options(MachineState *machine)
+ {
++ static const S390FeatInit qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V6_2 };
++
++ s390_set_qemu_cpu_model(0x3906, 14, 2, qemu_cpu_feat);
+ }
+
+ static void ccw_machine_rhel900_class_options(MachineClass *mc)
+--
+2.31.1
+
diff --git a/SOURCES/0021-pc-Move-s3-s4-suspend-disabling-to-compat.patch b/SOURCES/0021-pc-Move-s3-s4-suspend-disabling-to-compat.patch
new file mode 100644
index 0000000..f9535a8
--- /dev/null
+++ b/SOURCES/0021-pc-Move-s3-s4-suspend-disabling-to-compat.patch
@@ -0,0 +1,70 @@
+From 38b89dc24551258b630f09d1c654b6c72b265c79 Mon Sep 17 00:00:00 2001
+From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
+Date: Thu, 14 Apr 2022 14:58:43 +0100
+Subject: pc: Move s3/s4 suspend disabling to compat
+
+RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-MergeRequest: 155: 7.0 machine type fixes (x86)
+RH-Commit: [26/26] 7d666032d5f5dab1444ebba085f92f2de4e86699
+RH-Bugzilla: 2064771
+
+Our downstream patches currently have tweaks in the C code to disable
+s3/s4; Thomas pointed out we can just set the property.
+
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+---
+ hw/acpi/ich9.c | 4 ++--
+ hw/acpi/piix4.c | 4 ++--
+ hw/i386/pc.c | 6 ++++++
+ 3 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
+index de1e401cdf..bd9bbade70 100644
+--- a/hw/acpi/ich9.c
++++ b/hw/acpi/ich9.c
+@@ -435,8 +435,8 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
+ static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
+ pm->acpi_memory_hotplug.is_enabled = true;
+ pm->cpu_hotplug_legacy = true;
+- pm->disable_s3 = 1;
+- pm->disable_s4 = 1;
++ pm->disable_s3 = 0;
++ pm->disable_s4 = 0;
+ pm->s4_val = 2;
+ pm->use_acpi_hotplug_bridge = true;
+ pm->keep_pci_slot_hpc = true;
+diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
+index 28544e78c3..2fb2b43248 100644
+--- a/hw/acpi/piix4.c
++++ b/hw/acpi/piix4.c
+@@ -653,8 +653,8 @@ static void piix4_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
+
+ static Property piix4_pm_properties[] = {
+ DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
+- DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 1),
+- DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 1),
++ DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 0),
++ DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
+ DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
+ DEFINE_PROP_BOOL(ACPI_PM_PROP_ACPI_PCIHP_BRIDGE, PIIX4PMState,
+ use_acpi_hotplug_bridge, true),
+diff --git a/hw/i386/pc.c b/hw/i386/pc.c
+index 0886cfe3fe..f98f842f80 100644
+--- a/hw/i386/pc.c
++++ b/hw/i386/pc.c
+@@ -380,6 +380,12 @@ const size_t pc_compat_1_4_len = G_N_ELEMENTS(pc_compat_1_4);
+ * machine type.
+ */
+ GlobalProperty pc_rhel_compat[] = {
++ /* we don't support s3/s4 suspend */
++ { "PIIX4_PM", "disable_s3", "1" },
++ { "PIIX4_PM", "disable_s4", "1" },
++ { "ICH9-LPC", "disable_s3", "1" },
++ { "ICH9-LPC", "disable_s4", "1" },
++
+ { TYPE_X86_CPU, "host-phys-bits", "on" },
+ { TYPE_X86_CPU, "host-phys-bits-limit", "48" },
+ { TYPE_X86_CPU, "vmx-entry-load-perf-global-ctrl", "off" },
+--
+2.31.1
+
diff --git a/SOURCES/0021-x86-rhel-machine-types-Add-pc_rhel_8_5_compat.patch b/SOURCES/0021-x86-rhel-machine-types-Add-pc_rhel_8_5_compat.patch
deleted file mode 100644
index 8ef276d..0000000
--- a/SOURCES/0021-x86-rhel-machine-types-Add-pc_rhel_8_5_compat.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From eae7d8dd3c3b9aa859a619933f52a4759a42bf66 Mon Sep 17 00:00:00 2001
-From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Date: Tue, 23 Nov 2021 17:57:42 +0000
-Subject: x86/rhel machine types: Add pc_rhel_8_5_compat
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 76: 9.0/6.2.0-rc1 x86 machine type fixes
-RH-Commit: [21/22] dd23060695bc0ad892bbfa51d93afe31f5d745c7
-RH-Bugzilla: 2025468
-RH-Acked-by: quintela1 <quintela@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Add pc_rhel_8_5_compat as the merge of pc_compat_6_1 and pc_compat_6_0
-(since 8.5 was based on 6.0).
-
-Note, x-keep-pci-slot-hpc flipped back and forward, leaving it out
-looks like it leaves us with the original.
-
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
- hw/i386/pc.c | 21 +++++++++++++++++++++
- include/hw/i386/pc.h | 3 +++
- 2 files changed, 24 insertions(+)
-
-diff --git a/hw/i386/pc.c b/hw/i386/pc.c
-index b6d2db8d04..4661473d2a 100644
---- a/hw/i386/pc.c
-+++ b/hw/i386/pc.c
-@@ -387,6 +387,27 @@ GlobalProperty pc_rhel_compat[] = {
- };
- const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
-
-+GlobalProperty pc_rhel_8_5_compat[] = {
-+ /* pc_rhel_8_5_compat from pc_compat_6_0 */
-+ { "qemu64" "-" TYPE_X86_CPU, "family", "6" },
-+ /* pc_rhel_8_5_compat from pc_compat_6_0 */
-+ { "qemu64" "-" TYPE_X86_CPU, "model", "6" },
-+ /* pc_rhel_8_5_compat from pc_compat_6_0 */
-+ { "qemu64" "-" TYPE_X86_CPU, "stepping", "3" },
-+ /* pc_rhel_8_5_compat from pc_compat_6_0 */
-+ { TYPE_X86_CPU, "x-vendor-cpuid-only", "off" },
-+ /* pc_rhel_8_5_compat from pc_compat_6_0 */
-+ { "ICH9-LPC", ACPI_PM_PROP_ACPI_PCIHP_BRIDGE, "off" },
-+
-+ /* pc_rhel_8_5_compat from pc_compat_6_1 */
-+ { TYPE_X86_CPU, "hv-version-id-build", "0x1bbc" },
-+ /* pc_rhel_8_5_compat from pc_compat_6_1 */
-+ { TYPE_X86_CPU, "hv-version-id-major", "0x0006" },
-+ /* pc_rhel_8_5_compat from pc_compat_6_1 */
-+ { TYPE_X86_CPU, "hv-version-id-minor", "0x0001" },
-+};
-+const size_t pc_rhel_8_5_compat_len = G_N_ELEMENTS(pc_rhel_8_5_compat);
-+
- GlobalProperty pc_rhel_8_4_compat[] = {
- /* pc_rhel_8_4_compat from pc_compat_5_2 */
- { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index 9689a58b14..afb570ba14 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -283,6 +283,9 @@ extern const size_t pc_compat_1_4_len;
- extern GlobalProperty pc_rhel_compat[];
- extern const size_t pc_rhel_compat_len;
-
-+extern GlobalProperty pc_rhel_8_5_compat[];
-+extern const size_t pc_rhel_8_5_compat_len;
-+
- extern GlobalProperty pc_rhel_8_4_compat[];
- extern const size_t pc_rhel_8_4_compat_len;
-
---
-2.27.0
-
diff --git a/SOURCES/0022-x86-rhel-machine-types-Wire-compat-into-q35-and-i440.patch b/SOURCES/0022-x86-rhel-machine-types-Wire-compat-into-q35-and-i440.patch
deleted file mode 100644
index 85c6b26..0000000
--- a/SOURCES/0022-x86-rhel-machine-types-Wire-compat-into-q35-and-i440.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 6762f5646943c759ece5972f08eb88364cf0a8ad Mon Sep 17 00:00:00 2001
-From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Date: Tue, 23 Nov 2021 18:07:49 +0000
-Subject: x86/rhel machine types: Wire compat into q35 and i440fx
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 76: 9.0/6.2.0-rc1 x86 machine type fixes
-RH-Commit: [22/22] e2767df0d920773057cb52d346e0106a76cb0a28
-RH-Bugzilla: 2025468
-RH-Acked-by: quintela1 <quintela@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-Wire the pc_rhel_8_5 compat data into both piix and q35
-to keep the existing machine types compatible.
-
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
- hw/i386/pc_piix.c | 4 ++++
- hw/i386/pc_q35.c | 4 ++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index dabc6c1933..183b5d5464 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -993,6 +993,10 @@ static void pc_machine_rhel760_options(MachineClass *m)
- pcmc->kvmclock_create_always = false;
- /* From pc_i440fx_5_1_machine_options() */
- pcmc->pci_root_uid = 1;
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_5,
-+ hw_compat_rhel_8_5_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_5_compat,
-+ pc_rhel_8_5_compat_len);
- compat_props_add(m->compat_props, hw_compat_rhel_8_4,
- hw_compat_rhel_8_4_len);
- compat_props_add(m->compat_props, pc_rhel_8_4_compat,
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 04c911da18..0e7e885e78 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -658,6 +658,10 @@ static void pc_q35_machine_rhel850_options(MachineClass *m)
- m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
- pcmc->smbios_stream_product = "RHEL-AV";
- pcmc->smbios_stream_version = "8.5.0";
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_5,
-+ hw_compat_rhel_8_5_len);
-+ compat_props_add(m->compat_props, pc_rhel_8_5_compat,
-+ pc_rhel_8_5_compat_len);
- }
-
- DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
---
-2.27.0
-
diff --git a/SOURCES/0023-redhat-virt-rhel8.5.0-Update-machine-type-compatibil.patch b/SOURCES/0023-redhat-virt-rhel8.5.0-Update-machine-type-compatibil.patch
deleted file mode 100644
index 293854f..0000000
--- a/SOURCES/0023-redhat-virt-rhel8.5.0-Update-machine-type-compatibil.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 3b82be3dd3d5254baedf82ba2a6cf0412e84a991 Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Tue, 16 Nov 2021 17:03:07 +0100
-Subject: redhat: virt-rhel8.5.0: Update machine type compatibility for QEMU
- 6.2.0 update
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 75: redhat: virt-rhel8.5.0: Update machine type compatibility for QEMU 6.2.0 update
-RH-Commit: [21/21] f027d13654944e3d34e3356affe7af952eec2bed
-RH-Bugzilla: 2022607
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-
-To keep compatibility with 8.5-AV machine type we need to
-turn few new options on by default:
-smp_props.prefer_sockets, no_cpu_topology, no_tcg_its
-
-TESTED: migrate from rhel-av-8.5.0 to rhel-8.6.0 and vice-versa
-with upstream fix: 33a0c404fb hw/intc/arm_gicv3_its: Revert version
-increments in vmstate_its
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
- hw/arm/virt.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index 7d51824263..6ba9a2c2e1 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -3230,7 +3230,12 @@ type_init(rhel_machine_init);
-
- static void rhel850_virt_options(MachineClass *mc)
- {
-+ VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
-+
- compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len);
- compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
-+ mc->smp_props.prefer_sockets = true;
-+ vmc->no_cpu_topology = true;
-+ vmc->no_tcg_its = true;
- }
- DEFINE_RHEL_MACHINE_AS_LATEST(8, 5, 0)
---
-2.27.0
-
diff --git a/SOURCES/0024-redhat-Add-s390x-machine-type-compatibility-handling.patch b/SOURCES/0024-redhat-Add-s390x-machine-type-compatibility-handling.patch
deleted file mode 100644
index 9762048..0000000
--- a/SOURCES/0024-redhat-Add-s390x-machine-type-compatibility-handling.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From e6ff4de4f7036f88ee63adad6de5ee5dd74f1d99 Mon Sep 17 00:00:00 2001
-From: Thomas Huth <thuth@redhat.com>
-Date: Fri, 26 Nov 2021 09:37:11 +0100
-Subject: redhat: Add s390x machine type compatibility handling for the rebase
- to v6.2
-
-RH-Author: Thomas Huth <thuth@redhat.com>
-RH-MergeRequest: 80: Add s390x machine type compatibility handling for the rebase to v6.2
-RH-Commit: [26/26] c45cf594604f6dd23954696b9c84d2025e328d11
-RH-Bugzilla: 2022602
-RH-Acked-by: David Hildenbrand <david@redhat.com>
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Add compatibility handling for the rhel8.5.0 machine type (and
-recursively older, of course).
-
-Based on the following upstream commits:
-
- 463e50da8b - s390x/cpumodel: Bump up QEMU model to a stripped-down IBM z14 GA2
- 30e398f796 - s390x/cpumodel: Add more feature to gen16 default model
- 4a0af2930a - machine: Prefer cores over sockets in smp parsing since 6.2
- 2b52619994 - machine: Move smp_prefer_sockets to struct SMPCompatProps
-
-Signed-off-by: Thomas Huth <thuth@redhat.com>
----
- hw/s390x/s390-virtio-ccw.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
-index 4af14cb9ca..c654045964 100644
---- a/hw/s390x/s390-virtio-ccw.c
-+++ b/hw/s390x/s390-virtio-ccw.c
-@@ -1105,11 +1105,21 @@ DEFINE_CCW_MACHINE(2_4, "2.4", false);
-
- static void ccw_machine_rhel850_instance_options(MachineState *machine)
- {
-+ static const S390FeatInit qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V6_0 };
-+
-+ s390_set_qemu_cpu_model(0x2964, 13, 2, qemu_cpu_feat);
-+
-+ s390_cpudef_featoff_greater(16, 1, S390_FEAT_NNPA);
-+ s390_cpudef_featoff_greater(16, 1, S390_FEAT_VECTOR_PACKED_DECIMAL_ENH2);
-+ s390_cpudef_featoff_greater(16, 1, S390_FEAT_BEAR_ENH);
-+ s390_cpudef_featoff_greater(16, 1, S390_FEAT_RDP);
-+ s390_cpudef_featoff_greater(16, 1, S390_FEAT_PAI);
- }
-
- static void ccw_machine_rhel850_class_options(MachineClass *mc)
- {
- compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
-+ mc->smp_props.prefer_sockets = true;
- }
- DEFINE_CCW_MACHINE(rhel850, "rhel8.5.0", true);
-
---
-2.27.0
-
diff --git a/SOURCES/0025-compat-Update-hw_compat_rhel_8_5-with-6.2.0-RC2-chan.patch b/SOURCES/0025-compat-Update-hw_compat_rhel_8_5-with-6.2.0-RC2-chan.patch
deleted file mode 100644
index 1fdd794..0000000
--- a/SOURCES/0025-compat-Update-hw_compat_rhel_8_5-with-6.2.0-RC2-chan.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 168f0d56e3a37a7d5fcc59483e2b1181824a23d2 Mon Sep 17 00:00:00 2001
-From: Miroslav Rezanina <mrezanin@redhat.com>
-Date: Wed, 24 Nov 2021 23:51:52 -0500
-Subject: compat: Update hw_compat_rhel_8_5 with 6.2.0 RC2 changes
-
-In RC2 nvme-ns 'shared' default was changed (commit 916b0f0b52).
-
-Adding compat record for RHEL 8.5.0 so we keep it off for downstream
-machinetypes.
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
----
- hw/core/machine.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 448a8dd127..669d3d8b91 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -55,6 +55,8 @@ GlobalProperty hw_compat_rhel_8_5[] = {
- { "vhost-vsock-device", "seqpacket", "off" },
- /* hw_compat_rhel_8_5 from hw_compat_6_1 */
- { "vhost-user-vsock-device", "seqpacket", "off" },
-+ /* hw_compat_rhel_8_5 from hw_compat_6_1 */
-+ { "nvme-ns", "shared", "off" },
- };
- const size_t hw_compat_rhel_8_5_len = G_N_ELEMENTS(hw_compat_rhel_8_5);
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch b/SOURCES/kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch
new file mode 100644
index 0000000..30c28f7
--- /dev/null
+++ b/SOURCES/kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch
@@ -0,0 +1,87 @@
+From ac346634c5731407baa9de709dbd4d5cc6f45301 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 11 Jul 2022 18:11:12 -0300
+Subject: [PATCH 02/11] Add dirty-sync-missed-zero-copy migration stat
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 111: zero-copy-send fixes & improvements
+RH-Commit: [2/6] 115035fd0a4e4b9439c91fb0f5d1a2f9244ba369 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 2107466
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Acked-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-Id: <20220711211112.18951-3-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit cf20c897338067ab4b70a4596fdccaf90c7e29a1)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/migration.c | 2 ++
+ monitor/hmp-cmds.c | 5 +++++
+ qapi/migration.json | 7 ++++++-
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 8fb3eae910..3a3a7a4a50 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -1017,6 +1017,8 @@ static void populate_ram_info(MigrationInfo *info, MigrationState *s)
+ info->ram->normal_bytes = ram_counters.normal * page_size;
+ info->ram->mbps = s->mbps;
+ info->ram->dirty_sync_count = ram_counters.dirty_sync_count;
++ info->ram->dirty_sync_missed_zero_copy =
++ ram_counters.dirty_sync_missed_zero_copy;
+ info->ram->postcopy_requests = ram_counters.postcopy_requests;
+ info->ram->page_size = page_size;
+ info->ram->multifd_bytes = ram_counters.multifd_bytes;
+diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
+index 634968498b..9cec01de38 100644
+--- a/monitor/hmp-cmds.c
++++ b/monitor/hmp-cmds.c
+@@ -305,6 +305,11 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
+ monitor_printf(mon, "postcopy ram: %" PRIu64 " kbytes\n",
+ info->ram->postcopy_bytes >> 10);
+ }
++ if (info->ram->dirty_sync_missed_zero_copy) {
++ monitor_printf(mon,
++ "Zero-copy-send fallbacks happened: %" PRIu64 " times\n",
++ info->ram->dirty_sync_missed_zero_copy);
++ }
+ }
+
+ if (info->has_disk) {
+diff --git a/qapi/migration.json b/qapi/migration.json
+index 5105790cd0..9b38b3c21c 100644
+--- a/qapi/migration.json
++++ b/qapi/migration.json
+@@ -55,6 +55,10 @@
+ # @postcopy-bytes: The number of bytes sent during the post-copy phase
+ # (since 7.0).
+ #
++# @dirty-sync-missed-zero-copy: Number of times dirty RAM synchronization could
++# not avoid copying dirty pages. This is between
++# 0 and @dirty-sync-count * @multifd-channels.
++# (since 7.1)
+ # Since: 0.14
+ ##
+ { 'struct': 'MigrationStats',
+@@ -65,7 +69,8 @@
+ 'postcopy-requests' : 'int', 'page-size' : 'int',
+ 'multifd-bytes' : 'uint64', 'pages-per-second' : 'uint64',
+ 'precopy-bytes' : 'uint64', 'downtime-bytes' : 'uint64',
+- 'postcopy-bytes' : 'uint64' } }
++ 'postcopy-bytes' : 'uint64',
++ 'dirty-sync-missed-zero-copy' : 'uint64' } }
+
+ ##
+ # @XBZRLECacheStats:
+--
+2.31.1
+
diff --git a/SOURCES/kvm-Enable-SGX-RH-Only.patch b/SOURCES/kvm-Enable-SGX-RH-Only.patch
deleted file mode 100644
index 63f335b..0000000
--- a/SOURCES/kvm-Enable-SGX-RH-Only.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From f4f7c62a4658a570d3ad694b64463665fa4b80a7 Mon Sep 17 00:00:00 2001
-From: Paul Lai <plai@redhat.com>
-Date: Fri, 21 Jan 2022 13:14:42 -0500
-Subject: [PATCH 04/12] Enable SGX -- RH Only
-
-RH-Author: Paul Lai <plai@redhat.com>
-RH-MergeRequest: 65: Enable SGX and add SGX Numa support
-RH-Commit: [4/5] 2cd4ee4a429f5e7b1c32e83a10bf488503603795
-RH-Bugzilla: 2033708
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: Bandan Das <None>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
----
- configs/devices/x86_64-softmmu/x86_64-rh-devices.mak | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-index dc03fbb671..327b1bee62 100644
---- a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-+++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-@@ -101,3 +101,4 @@ CONFIG_TPM=y
- CONFIG_TPM_CRB=y
- CONFIG_TPM_TIS_ISA=y
- CONFIG_TPM_EMULATOR=y
-+CONFIG_SGX=y
---
-2.27.0
-
diff --git a/SOURCES/kvm-Enable-virtio-iommu-pci-on-aarch64.patch b/SOURCES/kvm-Enable-virtio-iommu-pci-on-aarch64.patch
new file mode 100644
index 0000000..3aafd3c
--- /dev/null
+++ b/SOURCES/kvm-Enable-virtio-iommu-pci-on-aarch64.patch
@@ -0,0 +1,41 @@
+From 85781b8745fa1581a66f64011d61a4f0c4e103dc Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 May 2022 17:03:11 +0200
+Subject: [PATCH 3/5] Enable virtio-iommu-pci on aarch64
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 83: Enable virtio-iommu-pci on aarch64
+RH-Commit: [1/1] 23e5c0832e52c66adf5fd6daccdc3edddc7ecb8b (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 1477099
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477099
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45128798
+Upstream Status: RHEL-only
+Tested: With virtio-net-pci and virtio-block-pci
+
+let's enable the virtio-iommu-pci device on aarch64 by
+turning CONFIG_VIRTIO_IOMMU on.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ configs/devices/aarch64-softmmu/aarch64-rh-devices.mak | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+index 187938573f..1618d31b89 100644
+--- a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
++++ b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+@@ -23,6 +23,7 @@ CONFIG_VFIO_PCI=y
+ CONFIG_VIRTIO_MMIO=y
+ CONFIG_VIRTIO_PCI=y
+ CONFIG_VIRTIO_MEM=y
++CONFIG_VIRTIO_IOMMU=y
+ CONFIG_XIO3130=y
+ CONFIG_NVDIMM=y
+ CONFIG_ACPI_APEI=y
+--
+2.31.1
+
diff --git a/SOURCES/kvm-Enable-virtio-iommu-pci-on-x86_64.patch b/SOURCES/kvm-Enable-virtio-iommu-pci-on-x86_64.patch
new file mode 100644
index 0000000..2eb24df
--- /dev/null
+++ b/SOURCES/kvm-Enable-virtio-iommu-pci-on-x86_64.patch
@@ -0,0 +1,41 @@
+From c531a39171201f8a1d063e6af752e5d629c1b4bf Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Thu, 9 Jun 2022 11:35:18 +0200
+Subject: [PATCH 4/6] Enable virtio-iommu-pci on x86_64
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 100: Enable virtio-iommu-pci on x86_64
+RH-Commit: [1/1] a164af477efc7cb9d3d76a0e644f198f7c9fb2b5 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2094252
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: MST <mst@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2094252
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45871185
+Upstream Status: RHEL-only
+Tested: With virtio-net-pci and virtio-block-pci
+
+let's enable the virtio-iommu-pci device on x86_64 by
+turning CONFIG_VIRTIO_IOMMU on.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ configs/devices/x86_64-softmmu/x86_64-rh-devices.mak | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
+index d0c9e66641..3850b9de72 100644
+--- a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
++++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
+@@ -90,6 +90,7 @@ CONFIG_VHOST_USER_BLK=y
+ CONFIG_VIRTIO_MEM=y
+ CONFIG_VIRTIO_PCI=y
+ CONFIG_VIRTIO_VGA=y
++CONFIG_VIRTIO_IOMMU=y
+ CONFIG_VMMOUSE=y
+ CONFIG_VMPORT=y
+ CONFIG_VTD=y
+--
+2.31.1
+
diff --git a/SOURCES/kvm-Introduce-event-loop-base-abstract-class.patch b/SOURCES/kvm-Introduce-event-loop-base-abstract-class.patch
new file mode 100644
index 0000000..9f987ea
--- /dev/null
+++ b/SOURCES/kvm-Introduce-event-loop-base-abstract-class.patch
@@ -0,0 +1,503 @@
+From 1163da281c178359dd7e1cf1ced5c98caa600f8e Mon Sep 17 00:00:00 2001
+From: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Date: Mon, 25 Apr 2022 09:57:21 +0200
+Subject: [PATCH 01/16] Introduce event-loop-base abstract class
+
+RH-Author: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+RH-MergeRequest: 93: util/thread-pool: Expose minimum and maximum size
+RH-Commit: [1/3] 5817205d8f56cc4aa98bd5963ecac54a59bad990
+RH-Bugzilla: 2031024
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+Introduce the 'event-loop-base' abstract class, it'll hold the
+properties common to all event loops and provide the necessary hooks for
+their creation and maintenance. Then have iothread inherit from it.
+
+EventLoopBaseClass is defined as user creatable and provides a hook for
+its children to attach themselves to the user creatable class 'complete'
+function. It also provides an update_params() callback to propagate
+property changes onto its children.
+
+The new 'event-loop-base' class will live in the root directory. It is
+built on its own using the 'link_whole' option (there are no direct
+function dependencies between the class and its children, it all happens
+trough 'constructor' magic). And also imposes new compilation
+dependencies:
+
+ qom <- event-loop-base <- blockdev (iothread.c)
+
+And in subsequent patches:
+
+ qom <- event-loop-base <- qemuutil (util/main-loop.c)
+
+All this forced some amount of reordering in meson.build:
+
+ - Moved qom build definition before qemuutil. Doing it the other way
+ around (i.e. moving qemuutil after qom) isn't possible as a lot of
+ core libraries that live in between the two depend on it.
+
+ - Process the 'hw' subdir earlier, as it introduces files into the
+ 'qom' source set.
+
+No functional changes intended.
+
+Signed-off-by: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Message-id: 20220425075723.20019-2-nsaenzju@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 7d5983e3c8c40b1d0668faba31d79905c4fadd7d)
+---
+ event-loop-base.c | 104 +++++++++++++++++++++++++++++++
+ include/sysemu/event-loop-base.h | 36 +++++++++++
+ include/sysemu/iothread.h | 6 +-
+ iothread.c | 65 ++++++-------------
+ meson.build | 23 ++++---
+ qapi/qom.json | 22 +++++--
+ 6 files changed, 192 insertions(+), 64 deletions(-)
+ create mode 100644 event-loop-base.c
+ create mode 100644 include/sysemu/event-loop-base.h
+
+diff --git a/event-loop-base.c b/event-loop-base.c
+new file mode 100644
+index 0000000000..a924c73a7c
+--- /dev/null
++++ b/event-loop-base.c
+@@ -0,0 +1,104 @@
++/*
++ * QEMU event-loop base
++ *
++ * Copyright (C) 2022 Red Hat Inc
++ *
++ * Authors:
++ * Stefan Hajnoczi <stefanha@redhat.com>
++ * Nicolas Saenz Julienne <nsaenzju@redhat.com>
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ */
++
++#include "qemu/osdep.h"
++#include "qom/object_interfaces.h"
++#include "qapi/error.h"
++#include "sysemu/event-loop-base.h"
++
++typedef struct {
++ const char *name;
++ ptrdiff_t offset; /* field's byte offset in EventLoopBase struct */
++} EventLoopBaseParamInfo;
++
++static EventLoopBaseParamInfo aio_max_batch_info = {
++ "aio-max-batch", offsetof(EventLoopBase, aio_max_batch),
++};
++
++static void event_loop_base_get_param(Object *obj, Visitor *v,
++ const char *name, void *opaque, Error **errp)
++{
++ EventLoopBase *event_loop_base = EVENT_LOOP_BASE(obj);
++ EventLoopBaseParamInfo *info = opaque;
++ int64_t *field = (void *)event_loop_base + info->offset;
++
++ visit_type_int64(v, name, field, errp);
++}
++
++static void event_loop_base_set_param(Object *obj, Visitor *v,
++ const char *name, void *opaque, Error **errp)
++{
++ EventLoopBaseClass *bc = EVENT_LOOP_BASE_GET_CLASS(obj);
++ EventLoopBase *base = EVENT_LOOP_BASE(obj);
++ EventLoopBaseParamInfo *info = opaque;
++ int64_t *field = (void *)base + info->offset;
++ int64_t value;
++
++ if (!visit_type_int64(v, name, &value, errp)) {
++ return;
++ }
++
++ if (value < 0) {
++ error_setg(errp, "%s value must be in range [0, %" PRId64 "]",
++ info->name, INT64_MAX);
++ return;
++ }
++
++ *field = value;
++
++ if (bc->update_params) {
++ bc->update_params(base, errp);
++ }
++
++ return;
++}
++
++static void event_loop_base_complete(UserCreatable *uc, Error **errp)
++{
++ EventLoopBaseClass *bc = EVENT_LOOP_BASE_GET_CLASS(uc);
++ EventLoopBase *base = EVENT_LOOP_BASE(uc);
++
++ if (bc->init) {
++ bc->init(base, errp);
++ }
++}
++
++static void event_loop_base_class_init(ObjectClass *klass, void *class_data)
++{
++ UserCreatableClass *ucc = USER_CREATABLE_CLASS(klass);
++ ucc->complete = event_loop_base_complete;
++
++ object_class_property_add(klass, "aio-max-batch", "int",
++ event_loop_base_get_param,
++ event_loop_base_set_param,
++ NULL, &aio_max_batch_info);
++}
++
++static const TypeInfo event_loop_base_info = {
++ .name = TYPE_EVENT_LOOP_BASE,
++ .parent = TYPE_OBJECT,
++ .instance_size = sizeof(EventLoopBase),
++ .class_size = sizeof(EventLoopBaseClass),
++ .class_init = event_loop_base_class_init,
++ .abstract = true,
++ .interfaces = (InterfaceInfo[]) {
++ { TYPE_USER_CREATABLE },
++ { }
++ }
++};
++
++static void register_types(void)
++{
++ type_register_static(&event_loop_base_info);
++}
++type_init(register_types);
+diff --git a/include/sysemu/event-loop-base.h b/include/sysemu/event-loop-base.h
+new file mode 100644
+index 0000000000..8e77d8b69f
+--- /dev/null
++++ b/include/sysemu/event-loop-base.h
+@@ -0,0 +1,36 @@
++/*
++ * QEMU event-loop backend
++ *
++ * Copyright (C) 2022 Red Hat Inc
++ *
++ * Authors:
++ * Nicolas Saenz Julienne <nsaenzju@redhat.com>
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ */
++#ifndef QEMU_EVENT_LOOP_BASE_H
++#define QEMU_EVENT_LOOP_BASE_H
++
++#include "qom/object.h"
++#include "block/aio.h"
++#include "qemu/typedefs.h"
++
++#define TYPE_EVENT_LOOP_BASE "event-loop-base"
++OBJECT_DECLARE_TYPE(EventLoopBase, EventLoopBaseClass,
++ EVENT_LOOP_BASE)
++
++struct EventLoopBaseClass {
++ ObjectClass parent_class;
++
++ void (*init)(EventLoopBase *base, Error **errp);
++ void (*update_params)(EventLoopBase *base, Error **errp);
++};
++
++struct EventLoopBase {
++ Object parent;
++
++ /* AioContext AIO engine parameters */
++ int64_t aio_max_batch;
++};
++#endif
+diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
+index 7f714bd136..8f8601d6ab 100644
+--- a/include/sysemu/iothread.h
++++ b/include/sysemu/iothread.h
+@@ -17,11 +17,12 @@
+ #include "block/aio.h"
+ #include "qemu/thread.h"
+ #include "qom/object.h"
++#include "sysemu/event-loop-base.h"
+
+ #define TYPE_IOTHREAD "iothread"
+
+ struct IOThread {
+- Object parent_obj;
++ EventLoopBase parent_obj;
+
+ QemuThread thread;
+ AioContext *ctx;
+@@ -37,9 +38,6 @@ struct IOThread {
+ int64_t poll_max_ns;
+ int64_t poll_grow;
+ int64_t poll_shrink;
+-
+- /* AioContext AIO engine parameters */
+- int64_t aio_max_batch;
+ };
+ typedef struct IOThread IOThread;
+
+diff --git a/iothread.c b/iothread.c
+index 0f98af0f2a..8fa2f3bfb8 100644
+--- a/iothread.c
++++ b/iothread.c
+@@ -17,6 +17,7 @@
+ #include "qemu/module.h"
+ #include "block/aio.h"
+ #include "block/block.h"
++#include "sysemu/event-loop-base.h"
+ #include "sysemu/iothread.h"
+ #include "qapi/error.h"
+ #include "qapi/qapi-commands-misc.h"
+@@ -152,10 +153,15 @@ static void iothread_init_gcontext(IOThread *iothread)
+ iothread->main_loop = g_main_loop_new(iothread->worker_context, TRUE);
+ }
+
+-static void iothread_set_aio_context_params(IOThread *iothread, Error **errp)
++static void iothread_set_aio_context_params(EventLoopBase *base, Error **errp)
+ {
++ IOThread *iothread = IOTHREAD(base);
+ ERRP_GUARD();
+
++ if (!iothread->ctx) {
++ return;
++ }
++
+ aio_context_set_poll_params(iothread->ctx,
+ iothread->poll_max_ns,
+ iothread->poll_grow,
+@@ -166,14 +172,15 @@ static void iothread_set_aio_context_params(IOThread *iothread, Error **errp)
+ }
+
+ aio_context_set_aio_params(iothread->ctx,
+- iothread->aio_max_batch,
++ iothread->parent_obj.aio_max_batch,
+ errp);
+ }
+
+-static void iothread_complete(UserCreatable *obj, Error **errp)
++
++static void iothread_init(EventLoopBase *base, Error **errp)
+ {
+ Error *local_error = NULL;
+- IOThread *iothread = IOTHREAD(obj);
++ IOThread *iothread = IOTHREAD(base);
+ char *thread_name;
+
+ iothread->stopping = false;
+@@ -189,7 +196,7 @@ static void iothread_complete(UserCreatable *obj, Error **errp)
+ */
+ iothread_init_gcontext(iothread);
+
+- iothread_set_aio_context_params(iothread, &local_error);
++ iothread_set_aio_context_params(base, &local_error);
+ if (local_error) {
+ error_propagate(errp, local_error);
+ aio_context_unref(iothread->ctx);
+@@ -201,7 +208,7 @@ static void iothread_complete(UserCreatable *obj, Error **errp)
+ * to inherit.
+ */
+ thread_name = g_strdup_printf("IO %s",
+- object_get_canonical_path_component(OBJECT(obj)));
++ object_get_canonical_path_component(OBJECT(base)));
+ qemu_thread_create(&iothread->thread, thread_name, iothread_run,
+ iothread, QEMU_THREAD_JOINABLE);
+ g_free(thread_name);
+@@ -226,9 +233,6 @@ static IOThreadParamInfo poll_grow_info = {
+ static IOThreadParamInfo poll_shrink_info = {
+ "poll-shrink", offsetof(IOThread, poll_shrink),
+ };
+-static IOThreadParamInfo aio_max_batch_info = {
+- "aio-max-batch", offsetof(IOThread, aio_max_batch),
+-};
+
+ static void iothread_get_param(Object *obj, Visitor *v,
+ const char *name, IOThreadParamInfo *info, Error **errp)
+@@ -288,35 +292,12 @@ static void iothread_set_poll_param(Object *obj, Visitor *v,
+ }
+ }
+
+-static void iothread_get_aio_param(Object *obj, Visitor *v,
+- const char *name, void *opaque, Error **errp)
+-{
+- IOThreadParamInfo *info = opaque;
+-
+- iothread_get_param(obj, v, name, info, errp);
+-}
+-
+-static void iothread_set_aio_param(Object *obj, Visitor *v,
+- const char *name, void *opaque, Error **errp)
+-{
+- IOThread *iothread = IOTHREAD(obj);
+- IOThreadParamInfo *info = opaque;
+-
+- if (!iothread_set_param(obj, v, name, info, errp)) {
+- return;
+- }
+-
+- if (iothread->ctx) {
+- aio_context_set_aio_params(iothread->ctx,
+- iothread->aio_max_batch,
+- errp);
+- }
+-}
+-
+ static void iothread_class_init(ObjectClass *klass, void *class_data)
+ {
+- UserCreatableClass *ucc = USER_CREATABLE_CLASS(klass);
+- ucc->complete = iothread_complete;
++ EventLoopBaseClass *bc = EVENT_LOOP_BASE_CLASS(klass);
++
++ bc->init = iothread_init;
++ bc->update_params = iothread_set_aio_context_params;
+
+ object_class_property_add(klass, "poll-max-ns", "int",
+ iothread_get_poll_param,
+@@ -330,23 +311,15 @@ static void iothread_class_init(ObjectClass *klass, void *class_data)
+ iothread_get_poll_param,
+ iothread_set_poll_param,
+ NULL, &poll_shrink_info);
+- object_class_property_add(klass, "aio-max-batch", "int",
+- iothread_get_aio_param,
+- iothread_set_aio_param,
+- NULL, &aio_max_batch_info);
+ }
+
+ static const TypeInfo iothread_info = {
+ .name = TYPE_IOTHREAD,
+- .parent = TYPE_OBJECT,
++ .parent = TYPE_EVENT_LOOP_BASE,
+ .class_init = iothread_class_init,
+ .instance_size = sizeof(IOThread),
+ .instance_init = iothread_instance_init,
+ .instance_finalize = iothread_instance_finalize,
+- .interfaces = (InterfaceInfo[]) {
+- {TYPE_USER_CREATABLE},
+- {}
+- },
+ };
+
+ static void iothread_register_types(void)
+@@ -383,7 +356,7 @@ static int query_one_iothread(Object *object, void *opaque)
+ info->poll_max_ns = iothread->poll_max_ns;
+ info->poll_grow = iothread->poll_grow;
+ info->poll_shrink = iothread->poll_shrink;
+- info->aio_max_batch = iothread->aio_max_batch;
++ info->aio_max_batch = iothread->parent_obj.aio_max_batch;
+
+ QAPI_LIST_APPEND(*tail, info);
+ return 0;
+diff --git a/meson.build b/meson.build
+index 6f7e430f0f..b9c919a55e 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2804,6 +2804,7 @@ subdir('qom')
+ subdir('authz')
+ subdir('crypto')
+ subdir('ui')
++subdir('hw')
+
+
+ if enable_modules
+@@ -2811,6 +2812,18 @@ if enable_modules
+ modulecommon = declare_dependency(link_whole: libmodulecommon, compile_args: '-DBUILD_DSO')
+ endif
+
++qom_ss = qom_ss.apply(config_host, strict: false)
++libqom = static_library('qom', qom_ss.sources() + genh,
++ dependencies: [qom_ss.dependencies()],
++ name_suffix: 'fa')
++qom = declare_dependency(link_whole: libqom)
++
++event_loop_base = files('event-loop-base.c')
++event_loop_base = static_library('event-loop-base', sources: event_loop_base + genh,
++ build_by_default: true)
++event_loop_base = declare_dependency(link_whole: event_loop_base,
++ dependencies: [qom])
++
+ stub_ss = stub_ss.apply(config_all, strict: false)
+
+ util_ss.add_all(trace_ss)
+@@ -2897,7 +2910,6 @@ subdir('monitor')
+ subdir('net')
+ subdir('replay')
+ subdir('semihosting')
+-subdir('hw')
+ subdir('tcg')
+ subdir('fpu')
+ subdir('accel')
+@@ -3022,13 +3034,6 @@ qemu_syms = custom_target('qemu.syms', output: 'qemu.syms',
+ capture: true,
+ command: [undefsym, nm, '@INPUT@'])
+
+-qom_ss = qom_ss.apply(config_host, strict: false)
+-libqom = static_library('qom', qom_ss.sources() + genh,
+- dependencies: [qom_ss.dependencies()],
+- name_suffix: 'fa')
+-
+-qom = declare_dependency(link_whole: libqom)
+-
+ authz_ss = authz_ss.apply(config_host, strict: false)
+ libauthz = static_library('authz', authz_ss.sources() + genh,
+ dependencies: [authz_ss.dependencies()],
+@@ -3081,7 +3086,7 @@ libblockdev = static_library('blockdev', blockdev_ss.sources() + genh,
+ build_by_default: false)
+
+ blockdev = declare_dependency(link_whole: [libblockdev],
+- dependencies: [block])
++ dependencies: [block, event_loop_base])
+
+ qmp_ss = qmp_ss.apply(config_host, strict: false)
+ libqmp = static_library('qmp', qmp_ss.sources() + genh,
+diff --git a/qapi/qom.json b/qapi/qom.json
+index eeb5395ff3..a2439533c5 100644
+--- a/qapi/qom.json
++++ b/qapi/qom.json
+@@ -499,6 +499,20 @@
+ '*repeat': 'bool',
+ '*grab-toggle': 'GrabToggleKeys' } }
+
++##
++# @EventLoopBaseProperties:
++#
++# Common properties for event loops
++#
++# @aio-max-batch: maximum number of requests in a batch for the AIO engine,
++# 0 means that the engine will use its default.
++# (default: 0)
++#
++# Since: 7.1
++##
++{ 'struct': 'EventLoopBaseProperties',
++ 'data': { '*aio-max-batch': 'int' } }
++
+ ##
+ # @IothreadProperties:
+ #
+@@ -516,17 +530,15 @@
+ # algorithm detects it is spending too long polling without
+ # encountering events. 0 selects a default behaviour (default: 0)
+ #
+-# @aio-max-batch: maximum number of requests in a batch for the AIO engine,
+-# 0 means that the engine will use its default
+-# (default:0, since 6.1)
++# The @aio-max-batch option is available since 6.1.
+ #
+ # Since: 2.0
+ ##
+ { 'struct': 'IothreadProperties',
++ 'base': 'EventLoopBaseProperties',
+ 'data': { '*poll-max-ns': 'int',
+ '*poll-grow': 'int',
+- '*poll-shrink': 'int',
+- '*aio-max-batch': 'int' } }
++ '*poll-shrink': 'int' } }
+
+ ##
+ # @MemoryBackendProperties:
+--
+2.31.1
+
diff --git a/SOURCES/kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch b/SOURCES/kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch
new file mode 100644
index 0000000..c7b8898
--- /dev/null
+++ b/SOURCES/kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch
@@ -0,0 +1,420 @@
+From cda3fcf14f2883fea633e25256f6c14a71271adf Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:31 -0300
+Subject: [PATCH 08/18] QIOChannel: Add flags on io_writev and introduce
+ io_flush callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [2/11] 06acfb6b0cb2c25733c2eb198011f7623b5a7024 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Add flags to io_writev and introduce io_flush as optional callback to
+QIOChannelClass, allowing the implementation of zero copy writes by
+subclasses.
+
+How to use them:
+- Write data using qio_channel_writev*(...,QIO_CHANNEL_WRITE_FLAG_ZERO_COPY),
+- Wait write completion with qio_channel_flush().
+
+Notes:
+As some zero copy write implementations work asynchronously, it's
+recommended to keep the write buffer untouched until the return of
+qio_channel_flush(), to avoid the risk of sending an updated buffer
+instead of the buffer state during write.
+
+As io_flush callback is optional, if a subclass does not implement it, then:
+- io_flush will return 0 without changing anything.
+
+Also, some functions like qio_channel_writev_full_all() were adapted to
+receive a flag parameter. That allows shared code between zero copy and
+non-zero copy writev, and also an easier implementation on new flags.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Message-Id: <20220513062836.965425-3-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit b88651cb4d4fa416fdbb6afaf5b26ec8c035eaad)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ chardev/char-io.c | 2 +-
+ hw/remote/mpqemu-link.c | 2 +-
+ include/io/channel.h | 38 +++++++++++++++++++++-
+ io/channel-buffer.c | 1 +
+ io/channel-command.c | 1 +
+ io/channel-file.c | 1 +
+ io/channel-socket.c | 2 ++
+ io/channel-tls.c | 1 +
+ io/channel-websock.c | 1 +
+ io/channel.c | 49 +++++++++++++++++++++++------
+ migration/rdma.c | 1 +
+ scsi/pr-manager-helper.c | 2 +-
+ tests/unit/test-io-channel-socket.c | 1 +
+ 13 files changed, 88 insertions(+), 14 deletions(-)
+
+diff --git a/chardev/char-io.c b/chardev/char-io.c
+index 8ced184160..4451128cba 100644
+--- a/chardev/char-io.c
++++ b/chardev/char-io.c
+@@ -122,7 +122,7 @@ int io_channel_send_full(QIOChannel *ioc,
+
+ ret = qio_channel_writev_full(
+ ioc, &iov, 1,
+- fds, nfds, NULL);
++ fds, nfds, 0, NULL);
+ if (ret == QIO_CHANNEL_ERR_BLOCK) {
+ if (offset) {
+ return offset;
+diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
+index 7e841820e5..e8f556bd27 100644
+--- a/hw/remote/mpqemu-link.c
++++ b/hw/remote/mpqemu-link.c
+@@ -69,7 +69,7 @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
+ }
+
+ if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
+- fds, nfds, errp)) {
++ fds, nfds, 0, errp)) {
+ ret = true;
+ } else {
+ trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
+diff --git a/include/io/channel.h b/include/io/channel.h
+index 88988979f8..c680ee7480 100644
+--- a/include/io/channel.h
++++ b/include/io/channel.h
+@@ -32,12 +32,15 @@ OBJECT_DECLARE_TYPE(QIOChannel, QIOChannelClass,
+
+ #define QIO_CHANNEL_ERR_BLOCK -2
+
++#define QIO_CHANNEL_WRITE_FLAG_ZERO_COPY 0x1
++
+ typedef enum QIOChannelFeature QIOChannelFeature;
+
+ enum QIOChannelFeature {
+ QIO_CHANNEL_FEATURE_FD_PASS,
+ QIO_CHANNEL_FEATURE_SHUTDOWN,
+ QIO_CHANNEL_FEATURE_LISTEN,
++ QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY,
+ };
+
+
+@@ -104,6 +107,7 @@ struct QIOChannelClass {
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp);
+ ssize_t (*io_readv)(QIOChannel *ioc,
+ const struct iovec *iov,
+@@ -136,6 +140,8 @@ struct QIOChannelClass {
+ IOHandler *io_read,
+ IOHandler *io_write,
+ void *opaque);
++ int (*io_flush)(QIOChannel *ioc,
++ Error **errp);
+ };
+
+ /* General I/O handling functions */
+@@ -228,6 +234,7 @@ ssize_t qio_channel_readv_full(QIOChannel *ioc,
+ * @niov: the length of the @iov array
+ * @fds: an array of file handles to send
+ * @nfds: number of file handles in @fds
++ * @flags: write flags (QIO_CHANNEL_WRITE_FLAG_*)
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Write data to the IO channel, reading it from the
+@@ -260,6 +267,7 @@ ssize_t qio_channel_writev_full(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp);
+
+ /**
+@@ -837,6 +845,7 @@ int qio_channel_readv_full_all(QIOChannel *ioc,
+ * @niov: the length of the @iov array
+ * @fds: an array of file handles to send
+ * @nfds: number of file handles in @fds
++ * @flags: write flags (QIO_CHANNEL_WRITE_FLAG_*)
+ * @errp: pointer to a NULL-initialized error object
+ *
+ *
+@@ -846,6 +855,14 @@ int qio_channel_readv_full_all(QIOChannel *ioc,
+ * to be written, yielding from the current coroutine
+ * if required.
+ *
++ * If QIO_CHANNEL_WRITE_FLAG_ZERO_COPY is passed in flags,
++ * instead of waiting for all requested data to be written,
++ * this function will wait until it's all queued for writing.
++ * In this case, if the buffer gets changed between queueing and
++ * sending, the updated buffer will be sent. If this is not a
++ * desired behavior, it's suggested to call qio_channel_flush()
++ * before reusing the buffer.
++ *
+ * Returns: 0 if all bytes were written, or -1 on error
+ */
+
+@@ -853,6 +870,25 @@ int qio_channel_writev_full_all(QIOChannel *ioc,
+ const struct iovec *iov,
+ size_t niov,
+ int *fds, size_t nfds,
+- Error **errp);
++ int flags, Error **errp);
++
++/**
++ * qio_channel_flush:
++ * @ioc: the channel object
++ * @errp: pointer to a NULL-initialized error object
++ *
++ * Will block until every packet queued with
++ * qio_channel_writev_full() + QIO_CHANNEL_WRITE_FLAG_ZERO_COPY
++ * is sent, or return in case of any error.
++ *
++ * If not implemented, acts as a no-op, and returns 0.
++ *
++ * Returns -1 if any error is found,
++ * 1 if every send failed to use zero copy.
++ * 0 otherwise.
++ */
++
++int qio_channel_flush(QIOChannel *ioc,
++ Error **errp);
+
+ #endif /* QIO_CHANNEL_H */
+diff --git a/io/channel-buffer.c b/io/channel-buffer.c
+index baa4e2b089..bf52011be2 100644
+--- a/io/channel-buffer.c
++++ b/io/channel-buffer.c
+@@ -81,6 +81,7 @@ static ssize_t qio_channel_buffer_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc);
+diff --git a/io/channel-command.c b/io/channel-command.c
+index 338da73ade..54560464ae 100644
+--- a/io/channel-command.c
++++ b/io/channel-command.c
+@@ -258,6 +258,7 @@ static ssize_t qio_channel_command_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelCommand *cioc = QIO_CHANNEL_COMMAND(ioc);
+diff --git a/io/channel-file.c b/io/channel-file.c
+index d7cf6d278f..ef6807a6be 100644
+--- a/io/channel-file.c
++++ b/io/channel-file.c
+@@ -114,6 +114,7 @@ static ssize_t qio_channel_file_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelFile *fioc = QIO_CHANNEL_FILE(ioc);
+diff --git a/io/channel-socket.c b/io/channel-socket.c
+index 7a8d9f69c9..a1be2197ca 100644
+--- a/io/channel-socket.c
++++ b/io/channel-socket.c
+@@ -525,6 +525,7 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
+@@ -620,6 +621,7 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
+diff --git a/io/channel-tls.c b/io/channel-tls.c
+index 2ae1b92fc0..4ce890a538 100644
+--- a/io/channel-tls.c
++++ b/io/channel-tls.c
+@@ -301,6 +301,7 @@ static ssize_t qio_channel_tls_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
+diff --git a/io/channel-websock.c b/io/channel-websock.c
+index 55145a6a8c..9619906ac3 100644
+--- a/io/channel-websock.c
++++ b/io/channel-websock.c
+@@ -1127,6 +1127,7 @@ static ssize_t qio_channel_websock_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(ioc);
+diff --git a/io/channel.c b/io/channel.c
+index e8b019dc36..0640941ac5 100644
+--- a/io/channel.c
++++ b/io/channel.c
+@@ -72,18 +72,32 @@ ssize_t qio_channel_writev_full(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc);
+
+- if ((fds || nfds) &&
+- !qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_FD_PASS)) {
++ if (fds || nfds) {
++ if (!qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_FD_PASS)) {
++ error_setg_errno(errp, EINVAL,
++ "Channel does not support file descriptor passing");
++ return -1;
++ }
++ if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
++ error_setg_errno(errp, EINVAL,
++ "Zero Copy does not support file descriptor passing");
++ return -1;
++ }
++ }
++
++ if ((flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) &&
++ !qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY)) {
+ error_setg_errno(errp, EINVAL,
+- "Channel does not support file descriptor passing");
++ "Requested Zero Copy feature is not available");
+ return -1;
+ }
+
+- return klass->io_writev(ioc, iov, niov, fds, nfds, errp);
++ return klass->io_writev(ioc, iov, niov, fds, nfds, flags, errp);
+ }
+
+
+@@ -217,14 +231,14 @@ int qio_channel_writev_all(QIOChannel *ioc,
+ size_t niov,
+ Error **errp)
+ {
+- return qio_channel_writev_full_all(ioc, iov, niov, NULL, 0, errp);
++ return qio_channel_writev_full_all(ioc, iov, niov, NULL, 0, 0, errp);
+ }
+
+ int qio_channel_writev_full_all(QIOChannel *ioc,
+ const struct iovec *iov,
+ size_t niov,
+ int *fds, size_t nfds,
+- Error **errp)
++ int flags, Error **errp)
+ {
+ int ret = -1;
+ struct iovec *local_iov = g_new(struct iovec, niov);
+@@ -237,8 +251,10 @@ int qio_channel_writev_full_all(QIOChannel *ioc,
+
+ while (nlocal_iov > 0) {
+ ssize_t len;
+- len = qio_channel_writev_full(ioc, local_iov, nlocal_iov, fds, nfds,
+- errp);
++
++ len = qio_channel_writev_full(ioc, local_iov, nlocal_iov, fds,
++ nfds, flags, errp);
++
+ if (len == QIO_CHANNEL_ERR_BLOCK) {
+ if (qemu_in_coroutine()) {
+ qio_channel_yield(ioc, G_IO_OUT);
+@@ -277,7 +293,7 @@ ssize_t qio_channel_writev(QIOChannel *ioc,
+ size_t niov,
+ Error **errp)
+ {
+- return qio_channel_writev_full(ioc, iov, niov, NULL, 0, errp);
++ return qio_channel_writev_full(ioc, iov, niov, NULL, 0, 0, errp);
+ }
+
+
+@@ -297,7 +313,7 @@ ssize_t qio_channel_write(QIOChannel *ioc,
+ Error **errp)
+ {
+ struct iovec iov = { .iov_base = (char *)buf, .iov_len = buflen };
+- return qio_channel_writev_full(ioc, &iov, 1, NULL, 0, errp);
++ return qio_channel_writev_full(ioc, &iov, 1, NULL, 0, 0, errp);
+ }
+
+
+@@ -473,6 +489,19 @@ off_t qio_channel_io_seek(QIOChannel *ioc,
+ return klass->io_seek(ioc, offset, whence, errp);
+ }
+
++int qio_channel_flush(QIOChannel *ioc,
++ Error **errp)
++{
++ QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc);
++
++ if (!klass->io_flush ||
++ !qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY)) {
++ return 0;
++ }
++
++ return klass->io_flush(ioc, errp);
++}
++
+
+ static void qio_channel_restart_read(void *opaque)
+ {
+diff --git a/migration/rdma.c b/migration/rdma.c
+index ef1e65ec36..672d1958a9 100644
+--- a/migration/rdma.c
++++ b/migration/rdma.c
+@@ -2840,6 +2840,7 @@ static ssize_t qio_channel_rdma_writev(QIOChannel *ioc,
+ size_t niov,
+ int *fds,
+ size_t nfds,
++ int flags,
+ Error **errp)
+ {
+ QIOChannelRDMA *rioc = QIO_CHANNEL_RDMA(ioc);
+diff --git a/scsi/pr-manager-helper.c b/scsi/pr-manager-helper.c
+index 451c7631b7..3be52a98d5 100644
+--- a/scsi/pr-manager-helper.c
++++ b/scsi/pr-manager-helper.c
+@@ -77,7 +77,7 @@ static int pr_manager_helper_write(PRManagerHelper *pr_mgr,
+ iov.iov_base = (void *)buf;
+ iov.iov_len = sz;
+ n_written = qio_channel_writev_full(QIO_CHANNEL(pr_mgr->ioc), &iov, 1,
+- nfds ? &fd : NULL, nfds, errp);
++ nfds ? &fd : NULL, nfds, 0, errp);
+
+ if (n_written <= 0) {
+ assert(n_written != QIO_CHANNEL_ERR_BLOCK);
+diff --git a/tests/unit/test-io-channel-socket.c b/tests/unit/test-io-channel-socket.c
+index c49eec1f03..6713886d02 100644
+--- a/tests/unit/test-io-channel-socket.c
++++ b/tests/unit/test-io-channel-socket.c
+@@ -444,6 +444,7 @@ static void test_io_channel_unix_fd_pass(void)
+ G_N_ELEMENTS(iosend),
+ fdsend,
+ G_N_ELEMENTS(fdsend),
++ 0,
+ &error_abort);
+
+ qio_channel_readv_full(dst,
+--
+2.35.3
+
diff --git a/SOURCES/kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch b/SOURCES/kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch
new file mode 100644
index 0000000..0fd4b6c
--- /dev/null
+++ b/SOURCES/kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch
@@ -0,0 +1,56 @@
+From cb6dc39a5e5d2d981b4b1e983042b3fbb529d5d1 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Thu, 4 Aug 2022 04:10:43 -0300
+Subject: [PATCH 06/11] QIOChannelSocket: Add support for MSG_ZEROCOPY + IPV6
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 111: zero-copy-send fixes & improvements
+RH-Commit: [6/6] 2eb1aba8ebf267a6f67cfba2e489dc88619c7fd4 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 2107466
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+For using MSG_ZEROCOPY, there are two steps:
+1 - io_writev() the packet, which enqueues the packet for sending, and
+2 - io_flush(), which gets confirmation that all packets got correctly sent
+
+Currently, if MSG_ZEROCOPY is used to send packets over IPV6, no error will
+be reported in (1), but it will fail in the first time (2) happens.
+
+This happens because (2) currently checks for cmsg_level & cmsg_type
+associated with IPV4 only, before reporting any error.
+
+Add checks for cmsg_level & cmsg_type associated with IPV6, and thus enable
+support for MSG_ZEROCOPY + IPV6
+
+Fixes: 2bc58ffc29 ("QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX")
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 5258a7e2c0677d16e9e1d06845f60171adf0b290)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ io/channel-socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/io/channel-socket.c b/io/channel-socket.c
+index eb7baa2184..efd5f60808 100644
+--- a/io/channel-socket.c
++++ b/io/channel-socket.c
+@@ -747,8 +747,8 @@ static int qio_channel_socket_flush(QIOChannel *ioc,
+ }
+
+ cm = CMSG_FIRSTHDR(&msg);
+- if (cm->cmsg_level != SOL_IP &&
+- cm->cmsg_type != IP_RECVERR) {
++ if (cm->cmsg_level != SOL_IP && cm->cmsg_type != IP_RECVERR &&
++ cm->cmsg_level != SOL_IPV6 && cm->cmsg_type != IPV6_RECVERR) {
+ error_setg_errno(errp, EPROTOTYPE,
+ "Wrong cmsg in errqueue");
+ return -1;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch b/SOURCES/kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch
new file mode 100644
index 0000000..b382a59
--- /dev/null
+++ b/SOURCES/kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch
@@ -0,0 +1,65 @@
+From 678981c6bb7c964e1591f6f8aba49e9602f64852 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 11 Jul 2022 18:11:11 -0300
+Subject: [PATCH 01/11] QIOChannelSocket: Fix zero-copy flush returning code 1
+ when nothing sent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 111: zero-copy-send fixes & improvements
+RH-Commit: [1/6] cebc887cb61de1572d8ae3232cde45e80c339404 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 2107466
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+If flush is called when no buffer was sent with MSG_ZEROCOPY, it currently
+returns 1. This return code should be used only when Linux fails to use
+MSG_ZEROCOPY on a lot of sendmsg().
+
+Fix this by returning early from flush if no sendmsg(...,MSG_ZEROCOPY)
+was attempted.
+
+Fixes: 2bc58ffc2926 ("QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX")
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Acked-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Message-Id: <20220711211112.18951-2-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 927f93e099c4f9184e60a1bc61624ac2d04d0223)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ io/channel-socket.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/io/channel-socket.c b/io/channel-socket.c
+index 8ae8b212cf..eb7baa2184 100644
+--- a/io/channel-socket.c
++++ b/io/channel-socket.c
+@@ -717,12 +717,18 @@ static int qio_channel_socket_flush(QIOChannel *ioc,
+ struct cmsghdr *cm;
+ char control[CMSG_SPACE(sizeof(*serr))];
+ int received;
+- int ret = 1;
++ int ret;
++
++ if (sioc->zero_copy_queued == sioc->zero_copy_sent) {
++ return 0;
++ }
+
+ msg.msg_control = control;
+ msg.msg_controllen = sizeof(control);
+ memset(control, 0, sizeof(control));
+
++ ret = 1;
++
+ while (sioc->zero_copy_sent < sioc->zero_copy_queued) {
+ received = recvmsg(sioc->fd, &msg, MSG_ERRQUEUE);
+ if (received < 0) {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch b/SOURCES/kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch
new file mode 100644
index 0000000..9d134e6
--- /dev/null
+++ b/SOURCES/kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch
@@ -0,0 +1,58 @@
+From e70f01749addd7d0b7aa7fa4fdedb664f98e6b9b Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 20 Jun 2022 02:39:43 -0300
+Subject: [PATCH 16/18] QIOChannelSocket: Fix zero-copy send so socket flush
+ works
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [10/11] a2dfac987e24026b1a78e90b86234ca206b6401f (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Somewhere between v6 and v7 the of the zero-copy-send patchset a crucial
+part of the flushing mechanism got missing: incrementing zero_copy_queued.
+
+Without that, the flushing interface becomes a no-op, and there is no
+guarantee the buffer is really sent.
+
+This can go as bad as causing a corruption in RAM during migration.
+
+Fixes: 2bc58ffc2926 ("QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX")
+Reported-by: 徐闯 <xuchuangxclwt@bytedance.com>
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Signed-off-by: Juan Quintela <quintela@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 4f5a09714c983a3471fd12e3c7f3196e95c650c1)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ io/channel-socket.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/io/channel-socket.c b/io/channel-socket.c
+index 7490e5943d..8ae8b212cf 100644
+--- a/io/channel-socket.c
++++ b/io/channel-socket.c
+@@ -612,6 +612,11 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ "Unable to write to socket");
+ return -1;
+ }
++
++ if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
++ sioc->zero_copy_queued++;
++ }
++
+ return ret;
+ }
+ #else /* WIN32 */
+--
+2.35.3
+
diff --git a/SOURCES/kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch b/SOURCES/kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch
new file mode 100644
index 0000000..89aa806
--- /dev/null
+++ b/SOURCES/kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch
@@ -0,0 +1,249 @@
+From 4aeba0365d30dabe2e70dc172683f0878a4a9621 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:32 -0300
+Subject: [PATCH 09/18] QIOChannelSocket: Implement io_writev zero copy flag &
+ io_flush for CONFIG_LINUX
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [3/11] 9afeac1f5ac7675624660a0281726c09c8321180 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+For CONFIG_LINUX, implement the new zero copy flag and the optional callback
+io_flush on QIOChannelSocket, but enables it only when MSG_ZEROCOPY
+feature is available in the host kernel, which is checked on
+qio_channel_socket_connect_sync()
+
+qio_channel_socket_flush() was implemented by counting how many times
+sendmsg(...,MSG_ZEROCOPY) was successfully called, and then reading the
+socket's error queue, in order to find how many of them finished sending.
+Flush will loop until those counters are the same, or until some error occurs.
+
+Notes on using writev() with QIO_CHANNEL_WRITE_FLAG_ZERO_COPY:
+1: Buffer
+- As MSG_ZEROCOPY tells the kernel to use the same user buffer to avoid copying,
+some caution is necessary to avoid overwriting any buffer before it's sent.
+If something like this happen, a newer version of the buffer may be sent instead.
+- If this is a problem, it's recommended to call qio_channel_flush() before freeing
+or re-using the buffer.
+
+2: Locked memory
+- When using MSG_ZERCOCOPY, the buffer memory will be locked after queued, and
+unlocked after it's sent.
+- Depending on the size of each buffer, and how often it's sent, it may require
+a larger amount of locked memory than usually available to non-root user.
+- If the required amount of locked memory is not available, writev_zero_copy
+will return an error, which can abort an operation like migration,
+- Because of this, when an user code wants to add zero copy as a feature, it
+requires a mechanism to disable it, so it can still be accessible to less
+privileged users.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Message-Id: <20220513062836.965425-4-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 2bc58ffc2926a4efdd03edfb5909861fefc68c3d)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ include/io/channel-socket.h | 2 +
+ io/channel-socket.c | 116 ++++++++++++++++++++++++++++++++++--
+ 2 files changed, 114 insertions(+), 4 deletions(-)
+
+diff --git a/include/io/channel-socket.h b/include/io/channel-socket.h
+index e747e63514..513c428fe4 100644
+--- a/include/io/channel-socket.h
++++ b/include/io/channel-socket.h
+@@ -47,6 +47,8 @@ struct QIOChannelSocket {
+ socklen_t localAddrLen;
+ struct sockaddr_storage remoteAddr;
+ socklen_t remoteAddrLen;
++ ssize_t zero_copy_queued;
++ ssize_t zero_copy_sent;
+ };
+
+
+diff --git a/io/channel-socket.c b/io/channel-socket.c
+index a1be2197ca..fbd2214d20 100644
+--- a/io/channel-socket.c
++++ b/io/channel-socket.c
+@@ -26,6 +26,14 @@
+ #include "io/channel-watch.h"
+ #include "trace.h"
+ #include "qapi/clone-visitor.h"
++#ifdef CONFIG_LINUX
++#include <linux/errqueue.h>
++#include <sys/socket.h>
++
++#if (defined(MSG_ZEROCOPY) && defined(SO_ZEROCOPY))
++#define QEMU_MSG_ZEROCOPY
++#endif
++#endif
+
+ #define SOCKET_MAX_FDS 16
+
+@@ -55,6 +63,8 @@ qio_channel_socket_new(void)
+
+ sioc = QIO_CHANNEL_SOCKET(object_new(TYPE_QIO_CHANNEL_SOCKET));
+ sioc->fd = -1;
++ sioc->zero_copy_queued = 0;
++ sioc->zero_copy_sent = 0;
+
+ ioc = QIO_CHANNEL(sioc);
+ qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN);
+@@ -154,6 +164,16 @@ int qio_channel_socket_connect_sync(QIOChannelSocket *ioc,
+ return -1;
+ }
+
++#ifdef QEMU_MSG_ZEROCOPY
++ int ret, v = 1;
++ ret = setsockopt(fd, SOL_SOCKET, SO_ZEROCOPY, &v, sizeof(v));
++ if (ret == 0) {
++ /* Zero copy available on host */
++ qio_channel_set_feature(QIO_CHANNEL(ioc),
++ QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY);
++ }
++#endif
++
+ return 0;
+ }
+
+@@ -534,6 +554,7 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ char control[CMSG_SPACE(sizeof(int) * SOCKET_MAX_FDS)];
+ size_t fdsize = sizeof(int) * nfds;
+ struct cmsghdr *cmsg;
++ int sflags = 0;
+
+ memset(control, 0, CMSG_SPACE(sizeof(int) * SOCKET_MAX_FDS));
+
+@@ -558,15 +579,31 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ memcpy(CMSG_DATA(cmsg), fds, fdsize);
+ }
+
++#ifdef QEMU_MSG_ZEROCOPY
++ if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
++ sflags = MSG_ZEROCOPY;
++ }
++#endif
++
+ retry:
+- ret = sendmsg(sioc->fd, &msg, 0);
++ ret = sendmsg(sioc->fd, &msg, sflags);
+ if (ret <= 0) {
+- if (errno == EAGAIN) {
++ switch (errno) {
++ case EAGAIN:
+ return QIO_CHANNEL_ERR_BLOCK;
+- }
+- if (errno == EINTR) {
++ case EINTR:
+ goto retry;
++#ifdef QEMU_MSG_ZEROCOPY
++ case ENOBUFS:
++ if (sflags & MSG_ZEROCOPY) {
++ error_setg_errno(errp, errno,
++ "Process can't lock enough memory for using MSG_ZEROCOPY");
++ return -1;
++ }
++ break;
++#endif
+ }
++
+ error_setg_errno(errp, errno,
+ "Unable to write to socket");
+ return -1;
+@@ -660,6 +697,74 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ }
+ #endif /* WIN32 */
+
++
++#ifdef QEMU_MSG_ZEROCOPY
++static int qio_channel_socket_flush(QIOChannel *ioc,
++ Error **errp)
++{
++ QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
++ struct msghdr msg = {};
++ struct sock_extended_err *serr;
++ struct cmsghdr *cm;
++ char control[CMSG_SPACE(sizeof(*serr))];
++ int received;
++ int ret = 1;
++
++ msg.msg_control = control;
++ msg.msg_controllen = sizeof(control);
++ memset(control, 0, sizeof(control));
++
++ while (sioc->zero_copy_sent < sioc->zero_copy_queued) {
++ received = recvmsg(sioc->fd, &msg, MSG_ERRQUEUE);
++ if (received < 0) {
++ switch (errno) {
++ case EAGAIN:
++ /* Nothing on errqueue, wait until something is available */
++ qio_channel_wait(ioc, G_IO_ERR);
++ continue;
++ case EINTR:
++ continue;
++ default:
++ error_setg_errno(errp, errno,
++ "Unable to read errqueue");
++ return -1;
++ }
++ }
++
++ cm = CMSG_FIRSTHDR(&msg);
++ if (cm->cmsg_level != SOL_IP &&
++ cm->cmsg_type != IP_RECVERR) {
++ error_setg_errno(errp, EPROTOTYPE,
++ "Wrong cmsg in errqueue");
++ return -1;
++ }
++
++ serr = (void *) CMSG_DATA(cm);
++ if (serr->ee_errno != SO_EE_ORIGIN_NONE) {
++ error_setg_errno(errp, serr->ee_errno,
++ "Error on socket");
++ return -1;
++ }
++ if (serr->ee_origin != SO_EE_ORIGIN_ZEROCOPY) {
++ error_setg_errno(errp, serr->ee_origin,
++ "Error not from zero copy");
++ return -1;
++ }
++
++ /* No errors, count successfully finished sendmsg()*/
++ sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;
++
++ /* If any sendmsg() succeeded using zero copy, return 0 at the end */
++ if (serr->ee_code != SO_EE_CODE_ZEROCOPY_COPIED) {
++ ret = 0;
++ }
++ }
++
++ return ret;
++}
++
++#endif /* QEMU_MSG_ZEROCOPY */
++
+ static int
+ qio_channel_socket_set_blocking(QIOChannel *ioc,
+ bool enabled,
+@@ -790,6 +895,9 @@ static void qio_channel_socket_class_init(ObjectClass *klass,
+ ioc_klass->io_set_delay = qio_channel_socket_set_delay;
+ ioc_klass->io_create_watch = qio_channel_socket_create_watch;
+ ioc_klass->io_set_aio_fd_handler = qio_channel_socket_set_aio_fd_handler;
++#ifdef QEMU_MSG_ZEROCOPY
++ ioc_klass->io_flush = qio_channel_socket_flush;
++#endif
+ }
+
+ static const TypeInfo qio_channel_socket_info = {
+--
+2.35.3
+
diff --git a/SOURCES/kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch b/SOURCES/kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch
new file mode 100644
index 0000000..6fc0c76
--- /dev/null
+++ b/SOURCES/kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch
@@ -0,0 +1,82 @@
+From 60bf942a58db12c821f2a6a49e2e0b04b99bec30 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 20 Jun 2022 02:39:42 -0300
+Subject: [PATCH 15/18] QIOChannelSocket: Introduce assert and reduce ifdefs to
+ improve readability
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [9/11] eaa02d68301852ccc98bdacc7387d8d03be1cb05 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+During implementation of MSG_ZEROCOPY feature, a lot of #ifdefs were
+introduced, particularly at qio_channel_socket_writev().
+
+Rewrite some of those changes so it's easier to read.
+
+Also, introduce an assert to help detect incorrect zero-copy usage is when
+it's disabled on build.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Juan Quintela <quintela@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+ dgilbert: Fixed up thinko'd g_assert_unreachable->g_assert_not_reached
+(cherry picked from commit 803ca43e4c7fcf32f9f68c118301ccd0c83ece3f)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ io/channel-socket.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/io/channel-socket.c b/io/channel-socket.c
+index fbd2214d20..7490e5943d 100644
+--- a/io/channel-socket.c
++++ b/io/channel-socket.c
+@@ -579,11 +579,17 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ memcpy(CMSG_DATA(cmsg), fds, fdsize);
+ }
+
+-#ifdef QEMU_MSG_ZEROCOPY
+ if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
++#ifdef QEMU_MSG_ZEROCOPY
+ sflags = MSG_ZEROCOPY;
+- }
++#else
++ /*
++ * We expect QIOChannel class entry point to have
++ * blocked this code path already
++ */
++ g_assert_not_reached();
+ #endif
++ }
+
+ retry:
+ ret = sendmsg(sioc->fd, &msg, sflags);
+@@ -593,15 +599,13 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
+ return QIO_CHANNEL_ERR_BLOCK;
+ case EINTR:
+ goto retry;
+-#ifdef QEMU_MSG_ZEROCOPY
+ case ENOBUFS:
+- if (sflags & MSG_ZEROCOPY) {
++ if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
+ error_setg_errno(errp, errno,
+ "Process can't lock enough memory for using MSG_ZEROCOPY");
+ return -1;
+ }
+ break;
+-#endif
+ }
+
+ error_setg_errno(errp, errno,
+--
+2.35.3
+
diff --git a/SOURCES/kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch b/SOURCES/kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch
deleted file mode 100644
index fa17617..0000000
--- a/SOURCES/kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 5688fdb9a3ed192b85dca84c47a7ddfd325778d9 Mon Sep 17 00:00:00 2001
-From: Stefano Garzarella <sgarzare@redhat.com>
-Date: Thu, 24 Mar 2022 16:04:57 +0100
-Subject: [PATCH 1/3] RHEL: disable "seqpacket" for "vhost-vsock-device" in
- rhel8.6.0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Stefano Garzarella <sgarzare@redhat.com>
-RH-MergeRequest: 135: RHEL: disable "seqpacket" for "vhost-vsock-device" in rhel8.6.0 [rhel-9.0.0.z]
-RH-Commit: [1/1] 5ee0de3110deaa0222c9783c00168b536b0c8934
-RH-Bugzilla: 2071102
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
-RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-vhost-vsock device in RHEL 8 kernels doesn't support seqpacket.
-To avoid problems when migrating a VM from RHEL 9 host, we need to
-disable it in rhel8-* machine types.
-
-Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
----
- hw/core/machine.c | 10 ++++++++++
- hw/i386/pc_piix.c | 2 ++
- hw/i386/pc_q35.c | 2 ++
- hw/s390x/s390-virtio-ccw.c | 1 +
- include/hw/boards.h | 3 +++
- 5 files changed, 18 insertions(+)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 5fae55d6cd..7dcceb904a 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -43,6 +43,16 @@
- const char *rhel_old_machine_deprecation =
- "machine types for previous major releases are deprecated";
-
-+GlobalProperty hw_compat_rhel_8_6[] = {
-+ /* hw_compat_rhel_8_6 bz 2065589 */
-+ /*
-+ * vhost-vsock device in RHEL 8 kernels doesn't support seqpacket, so
-+ * we need do disable it downstream on the latest hw_compat_rhel_8.
-+ */
-+ { "vhost-vsock-device", "seqpacket", "off" },
-+};
-+const size_t hw_compat_rhel_8_6_len = G_N_ELEMENTS(hw_compat_rhel_8_6);
-+
- /*
- * Mostly the same as hw_compat_6_0 and hw_compat_6_1
- */
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index cf68d7498c..08579366b6 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -998,6 +998,8 @@ static void pc_machine_rhel760_options(MachineClass *m)
- pcmc->kvmclock_create_always = false;
- /* From pc_i440fx_5_1_machine_options() */
- pcmc->pci_root_uid = 1;
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_6,
-+ hw_compat_rhel_8_6_len);
- compat_props_add(m->compat_props, hw_compat_rhel_8_5,
- hw_compat_rhel_8_5_len);
- compat_props_add(m->compat_props, pc_rhel_8_5_compat,
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index c8e06da084..23dacdd923 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -680,6 +680,8 @@ static void pc_q35_machine_rhel860_options(MachineClass *m)
-
- pcmc->smbios_stream_product = "RHEL-AV";
- pcmc->smbios_stream_version = "8.6.0";
-+ compat_props_add(m->compat_props, hw_compat_rhel_8_6,
-+ hw_compat_rhel_8_6_len);
- }
-
- DEFINE_PC_MACHINE(q35_rhel860, "pc-q35-rhel8.6.0", pc_q35_init_rhel860,
-diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
-index cc78a315e3..13bfa4253e 100644
---- a/hw/s390x/s390-virtio-ccw.c
-+++ b/hw/s390x/s390-virtio-ccw.c
-@@ -1121,6 +1121,7 @@ static void ccw_machine_rhel860_instance_options(MachineState *machine)
- static void ccw_machine_rhel860_class_options(MachineClass *mc)
- {
- ccw_machine_rhel900_class_options(mc);
-+ compat_props_add(mc->compat_props, hw_compat_rhel_8_6, hw_compat_rhel_8_6_len);
-
- /* All RHEL machines for prior major releases are deprecated */
- mc->deprecation_reason = rhel_old_machine_deprecation;
-diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 21d8d5528e..b9c12c4bf2 100644
---- a/include/hw/boards.h
-+++ b/include/hw/boards.h
-@@ -443,6 +443,9 @@ extern const size_t hw_compat_2_2_len;
- extern GlobalProperty hw_compat_2_1[];
- extern const size_t hw_compat_2_1_len;
-
-+extern GlobalProperty hw_compat_rhel_8_6[];
-+extern const size_t hw_compat_rhel_8_6_len;
-+
- extern GlobalProperty hw_compat_rhel_8_5[];
- extern const size_t hw_compat_rhel_8_5_len;
-
---
-2.31.1
-
diff --git a/SOURCES/kvm-RHEL-mark-old-machine-types-as-deprecated.patch b/SOURCES/kvm-RHEL-mark-old-machine-types-as-deprecated.patch
deleted file mode 100644
index b6d4003..0000000
--- a/SOURCES/kvm-RHEL-mark-old-machine-types-as-deprecated.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From dcc64971bf25e5c2303d551fb2fef448a5e8f4fd Mon Sep 17 00:00:00 2001
-From: Cornelia Huck <cohuck@redhat.com>
-Date: Thu, 3 Mar 2022 10:57:37 +0100
-Subject: [PATCH 1/5] RHEL: mark old machine types as deprecated
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Cornelia Huck <cohuck@redhat.com>
-RH-MergeRequest: 119: RHEL: mark old machine types as deprecated
-RH-Commit: [1/1] 5d7531d23fac5dd67c3cc202f538b25f26393600 (cohuck/qemu-kvm)
-RH-Bugzilla: 2052050
-RH-Acked-by: Thomas Huth <thuth@redhat.com>
-RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
-
-We want to make it obvious that we consider machine types for older
-RHEL major releases to be deprecated; we only carry them for
-compatibility purposes.
-
-Let's mark all rhel-7.x and rhel-8.x machine type as deprecated via
-QEMU's existing deprecation mechanism; those machine types will
-continue to work as expected, but commands like 'virsh capabilities',
-'virsh dominfo', or the libvirt log will tag the machine as
-deprecated.
-
-Signed-off-by: Cornelia Huck <cohuck@redhat.com>
----
- hw/core/machine.c | 6 ++++++
- hw/i386/pc_piix.c | 4 ++++
- hw/i386/pc_q35.c | 4 ++++
- hw/s390x/s390-virtio-ccw.c | 3 +++
- include/hw/boards.h | 2 ++
- 5 files changed, 19 insertions(+)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 669d3d8b91..5fae55d6cd 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -37,6 +37,12 @@
- #include "hw/virtio/virtio.h"
- #include "hw/virtio/virtio-pci.h"
-
-+/*
-+ * RHEL only: machine types for previous major releases are deprecated
-+ */
-+const char *rhel_old_machine_deprecation =
-+ "machine types for previous major releases are deprecated";
-+
- /*
- * Mostly the same as hw_compat_6_0 and hw_compat_6_1
- */
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index fccb7f5fc9..cf68d7498c 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -989,6 +989,10 @@ static void pc_machine_rhel760_options(MachineClass *m)
- m->desc = "RHEL 7.6.0 PC (i440FX + PIIX, 1996)";
- m->async_pf_vmexit_disable = true;
- m->smbus_no_migration_support = true;
-+
-+ /* All RHEL machines for prior major releases are deprecated */
-+ m->deprecation_reason = rhel_old_machine_deprecation;
-+
- pcmc->pvh_enabled = false;
- pcmc->default_cpu_version = CPU_VERSION_LEGACY;
- pcmc->kvmclock_create_always = false;
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index bf9ad32f0e..c8e06da084 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -674,6 +674,10 @@ static void pc_q35_machine_rhel860_options(MachineClass *m)
- pc_q35_machine_rhel900_options(m);
- m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)";
- m->alias = NULL;
-+
-+ /* All RHEL machines for prior major releases are deprecated */
-+ m->deprecation_reason = rhel_old_machine_deprecation;
-+
- pcmc->smbios_stream_product = "RHEL-AV";
- pcmc->smbios_stream_version = "8.6.0";
- }
-diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
-index 9da6e9b1d4..cc78a315e3 100644
---- a/hw/s390x/s390-virtio-ccw.c
-+++ b/hw/s390x/s390-virtio-ccw.c
-@@ -1121,6 +1121,9 @@ static void ccw_machine_rhel860_instance_options(MachineState *machine)
- static void ccw_machine_rhel860_class_options(MachineClass *mc)
- {
- ccw_machine_rhel900_class_options(mc);
-+
-+ /* All RHEL machines for prior major releases are deprecated */
-+ mc->deprecation_reason = rhel_old_machine_deprecation;
- }
- DEFINE_CCW_MACHINE(rhel860, "rhel8.6.0", false);
-
-diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 3c3d2ad450..21d8d5528e 100644
---- a/include/hw/boards.h
-+++ b/include/hw/boards.h
-@@ -464,4 +464,6 @@ extern const size_t hw_compat_rhel_8_0_len;
- extern GlobalProperty hw_compat_rhel_7_6[];
- extern const size_t hw_compat_rhel_7_6_len;
-
-+extern const char *rhel_old_machine_deprecation;
-+
- #endif
---
-2.31.1
-
diff --git a/SOURCES/kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch b/SOURCES/kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch
new file mode 100644
index 0000000..8a0aeb0
--- /dev/null
+++ b/SOURCES/kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch
@@ -0,0 +1,237 @@
+From 055edf068196622a3e1868c9e4c991d410272a6d Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones@redhat.com>
+Date: Wed, 15 Jun 2022 15:28:27 +0200
+Subject: [PATCH 03/18] RHEL-only: AArch64: Drop unsupported CPU types
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Daniel P. Berrangé <berrange@redhat.com>
+RH-MergeRequest: 94: i386, aarch64, s390x: deprecate many named CPU models
+RH-Commit: [3/6] 21f54c86dc87e5e75a64459b5a385686bc09640c (berrange/centos-src-qemu)
+RH-Bugzilla: 2060839
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2066824
+Upstream Status: RHEL only
+
+We only need to support AArch64 cpu types and we only need three
+types:
+ 1) A base type to use with TCG, i.e. a cpu type with only base
+ features. 'cortex-a57' serves this role and is currently used
+ by libguestfs.
+ 2) The 'max' type, which is for both KVM and TCG and is good for
+ tests that just specify 'max' but run under both. 'max' with
+ TCG also provides the VM with all the CPU features TCG
+ supports, which is good for VMs that need features not
+ provided by the basic cortex-a57.
+ 3) The host type which is used with KVM.
+
+Signed-off-by: Andrew Jones <drjones@redhat.com>
+---
+ hw/arm/virt.c | 4 ++++
+ target/arm/cpu64.c | 6 ++++++
+ target/arm/cpu_tcg.c | 12 ++----------
+ tests/qtest/arm-cpu-features.c | 6 ++++++
+ 4 files changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 95d012d6eb..74119976d3 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -239,12 +239,16 @@ static const int a15irqmap[] = {
+ };
+
+ static const char *valid_cpus[] = {
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ ARM_CPU_TYPE_NAME("cortex-a7"),
+ ARM_CPU_TYPE_NAME("cortex-a15"),
+ ARM_CPU_TYPE_NAME("cortex-a53"),
++#endif /* disabled for RHEL */
+ ARM_CPU_TYPE_NAME("cortex-a57"),
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ ARM_CPU_TYPE_NAME("cortex-a72"),
+ ARM_CPU_TYPE_NAME("a64fx"),
++#endif /* disabled for RHEL */
+ ARM_CPU_TYPE_NAME("host"),
+ ARM_CPU_TYPE_NAME("max"),
+ };
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index eb44c05822..e80b831073 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -146,6 +146,7 @@ static void aarch64_a57_initfn(Object *obj)
+ define_arm_cp_regs(cpu, cortex_a72_a57_a53_cp_reginfo);
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void aarch64_a53_initfn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+@@ -249,6 +250,7 @@ static void aarch64_a72_initfn(Object *obj)
+ cpu->gic_vprebits = 5;
+ define_arm_cp_regs(cpu, cortex_a72_a57_a53_cp_reginfo);
+ }
++#endif /* disabled for RHEL */
+
+ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp)
+ {
+@@ -923,6 +925,7 @@ static void aarch64_max_initfn(Object *obj)
+ qdev_property_add_static(DEVICE(obj), &arm_cpu_lpa2_property);
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void aarch64_a64fx_initfn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+@@ -969,12 +972,15 @@ static void aarch64_a64fx_initfn(Object *obj)
+
+ /* TODO: Add A64FX specific HPC extension registers */
+ }
++#endif /* disabled for RHEL */
+
+ static const ARMCPUInfo aarch64_cpus[] = {
+ { .name = "cortex-a57", .initfn = aarch64_a57_initfn },
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { .name = "cortex-a53", .initfn = aarch64_a53_initfn },
+ { .name = "cortex-a72", .initfn = aarch64_a72_initfn },
+ { .name = "a64fx", .initfn = aarch64_a64fx_initfn },
++#endif /* disabled for RHEL */
+ { .name = "max", .initfn = aarch64_max_initfn },
+ #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
+ { .name = "host", .initfn = aarch64_host_initfn },
+diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
+index 3826fa5122..74727fc92c 100644
+--- a/target/arm/cpu_tcg.c
++++ b/target/arm/cpu_tcg.c
+@@ -19,10 +19,10 @@
+ #include "hw/boards.h"
+ #endif
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ /* CPU models. These are not needed for the AArch64 linux-user build. */
+ #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
+
+-#if 0 /* Disabled for Red Hat Enterprise Linux */
+ #if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
+ static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+ {
+@@ -376,7 +376,6 @@ static void cortex_a9_initfn(Object *obj)
+ cpu->ccsidr[1] = 0x200fe019; /* 16k L1 icache. */
+ define_arm_cp_regs(cpu, cortexa9_cp_reginfo);
+ }
+-#endif /* disabled for RHEL */
+
+ #ifndef CONFIG_USER_ONLY
+ static uint64_t a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
+@@ -402,7 +401,6 @@ static const ARMCPRegInfo cortexa15_cp_reginfo[] = {
+ REGINFO_SENTINEL
+ };
+
+-#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void cortex_a7_initfn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+@@ -448,7 +446,6 @@ static void cortex_a7_initfn(Object *obj)
+ cpu->ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
+ define_arm_cp_regs(cpu, cortexa15_cp_reginfo); /* Same as A15 */
+ }
+-#endif /* disabled for RHEL */
+
+ static void cortex_a15_initfn(Object *obj)
+ {
+@@ -492,7 +489,6 @@ static void cortex_a15_initfn(Object *obj)
+ define_arm_cp_regs(cpu, cortexa15_cp_reginfo);
+ }
+
+-#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static void cortex_m0_initfn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+@@ -933,7 +929,6 @@ static void arm_v7m_class_init(ObjectClass *oc, void *data)
+
+ cc->gdb_core_xml_file = "arm-m-profile.xml";
+ }
+-#endif /* disabled for RHEL */
+
+ #ifndef TARGET_AARCH64
+ /*
+@@ -1013,7 +1008,6 @@ static void arm_max_initfn(Object *obj)
+ #endif /* !TARGET_AARCH64 */
+
+ static const ARMCPUInfo arm_tcg_cpus[] = {
+-#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { .name = "arm926", .initfn = arm926_initfn },
+ { .name = "arm946", .initfn = arm946_initfn },
+ { .name = "arm1026", .initfn = arm1026_initfn },
+@@ -1029,9 +1023,7 @@ static const ARMCPUInfo arm_tcg_cpus[] = {
+ { .name = "cortex-a7", .initfn = cortex_a7_initfn },
+ { .name = "cortex-a8", .initfn = cortex_a8_initfn },
+ { .name = "cortex-a9", .initfn = cortex_a9_initfn },
+-#endif /* disabled for RHEL */
+ { .name = "cortex-a15", .initfn = cortex_a15_initfn },
+-#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { .name = "cortex-m0", .initfn = cortex_m0_initfn,
+ .class_init = arm_v7m_class_init },
+ { .name = "cortex-m3", .initfn = cortex_m3_initfn,
+@@ -1062,7 +1054,6 @@ static const ARMCPUInfo arm_tcg_cpus[] = {
+ { .name = "pxa270-b1", .initfn = pxa270b1_initfn },
+ { .name = "pxa270-c0", .initfn = pxa270c0_initfn },
+ { .name = "pxa270-c5", .initfn = pxa270c5_initfn },
+-#endif /* disabled for RHEL */
+ #ifndef TARGET_AARCH64
+ { .name = "max", .initfn = arm_max_initfn },
+ #endif
+@@ -1090,3 +1081,4 @@ static void arm_tcg_cpu_register_types(void)
+ type_init(arm_tcg_cpu_register_types)
+
+ #endif /* !CONFIG_USER_ONLY || !TARGET_AARCH64 */
++#endif /* disabled for RHEL */
+diff --git a/tests/qtest/arm-cpu-features.c b/tests/qtest/arm-cpu-features.c
+index f76652143a..fe2a0a070d 100644
+--- a/tests/qtest/arm-cpu-features.c
++++ b/tests/qtest/arm-cpu-features.c
+@@ -440,8 +440,10 @@ static void test_query_cpu_model_expansion(const void *data)
+ assert_error(qts, "host", "The CPU type 'host' requires KVM", NULL);
+
+ /* Test expected feature presence/absence for some cpu types */
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ assert_has_feature_enabled(qts, "cortex-a15", "pmu");
+ assert_has_not_feature(qts, "cortex-a15", "aarch64");
++#endif /* disabled for RHEL */
+
+ /* Enabling and disabling pmu should always work. */
+ assert_has_feature_enabled(qts, "max", "pmu");
+@@ -458,6 +460,7 @@ static void test_query_cpu_model_expansion(const void *data)
+ assert_has_feature_enabled(qts, "cortex-a57", "pmu");
+ assert_has_feature_enabled(qts, "cortex-a57", "aarch64");
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ assert_has_feature_enabled(qts, "a64fx", "pmu");
+ assert_has_feature_enabled(qts, "a64fx", "aarch64");
+ /*
+@@ -470,6 +473,7 @@ static void test_query_cpu_model_expansion(const void *data)
+ "{ 'sve384': true }");
+ assert_error(qts, "a64fx", "cannot enable sve640",
+ "{ 'sve640': true }");
++#endif /* disabled for RHEL */
+
+ sve_tests_default(qts, "max");
+ pauth_tests_default(qts, "max");
+@@ -505,9 +509,11 @@ static void test_query_cpu_model_expansion_kvm(const void *data)
+ QDict *resp;
+ char *error;
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ assert_error(qts, "cortex-a15",
+ "We cannot guarantee the CPU type 'cortex-a15' works "
+ "with KVM on this host", NULL);
++#endif /* disabled for RHEL */
+
+ assert_has_feature_enabled(qts, "host", "aarch64");
+
+--
+2.35.3
+
diff --git a/SOURCES/kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch b/SOURCES/kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch
new file mode 100644
index 0000000..a1cc4c7
--- /dev/null
+++ b/SOURCES/kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch
@@ -0,0 +1,95 @@
+From d710394f68eb0b6116dd8ac76f619c192e0d5972 Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones@redhat.com>
+Date: Wed, 15 Jun 2022 15:28:27 +0200
+Subject: [PATCH 02/18] RHEL-only: tests/avocado: Switch aarch64 tests from a53
+ to a57
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Daniel P. Berrangé <berrange@redhat.com>
+RH-MergeRequest: 94: i386, aarch64, s390x: deprecate many named CPU models
+RH-Commit: [2/6] e85ef69b42c411a6997e4da10ba05176368769b3 (berrange/centos-src-qemu)
+RH-Bugzilla: 2060839
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2066824
+Upstream Status: RHEL only
+
+We plan to remove the cortex-a53 from the supported cpu types. Switch
+all avocado tests that use it to the cortex-a57, which will work the
+same and we intend to keep. We don't want to try and upstream this
+change since the better upstream change would be to switch from the
+a53 to 'max', but the upstream tests also need to use later guest
+kernels to use 'max' (see qemu upstream commit 0942820408dc
+("hw/arm/virt: Disable LPA2 for -machine virt-6.2")
+
+Signed-off-by: Andrew Jones <drjones@redhat.com>
+---
+ tests/avocado/replay_kernel.py | 2 +-
+ tests/avocado/reverse_debugging.py | 2 +-
+ tests/avocado/tcg_plugins.py | 6 +++---
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tests/avocado/replay_kernel.py b/tests/avocado/replay_kernel.py
+index 0b2b0dc692..3a7b5f0748 100644
+--- a/tests/avocado/replay_kernel.py
++++ b/tests/avocado/replay_kernel.py
+@@ -147,7 +147,7 @@ def test_aarch64_virt(self):
+ """
+ :avocado: tags=arch:aarch64
+ :avocado: tags=machine:virt
+- :avocado: tags=cpu:cortex-a53
++ :avocado: tags=cpu:cortex-a57
+ """
+ kernel_url = ('https://archives.fedoraproject.org/pub/archive/fedora'
+ '/linux/releases/29/Everything/aarch64/os/images/pxeboot'
+diff --git a/tests/avocado/reverse_debugging.py b/tests/avocado/reverse_debugging.py
+index d2921e70c3..66d185ed42 100644
+--- a/tests/avocado/reverse_debugging.py
++++ b/tests/avocado/reverse_debugging.py
+@@ -198,7 +198,7 @@ def test_aarch64_virt(self):
+ """
+ :avocado: tags=arch:aarch64
+ :avocado: tags=machine:virt
+- :avocado: tags=cpu:cortex-a53
++ :avocado: tags=cpu:cortex-a57
+ """
+ kernel_url = ('https://archives.fedoraproject.org/pub/archive/fedora'
+ '/linux/releases/29/Everything/aarch64/os/images/pxeboot'
+diff --git a/tests/avocado/tcg_plugins.py b/tests/avocado/tcg_plugins.py
+index 642d2e49e3..93b3afd823 100644
+--- a/tests/avocado/tcg_plugins.py
++++ b/tests/avocado/tcg_plugins.py
+@@ -68,7 +68,7 @@ def test_aarch64_virt_insn(self):
+ :avocado: tags=accel:tcg
+ :avocado: tags=arch:aarch64
+ :avocado: tags=machine:virt
+- :avocado: tags=cpu:cortex-a53
++ :avocado: tags=cpu:cortex-a57
+ """
+ kernel_path = self._grab_aarch64_kernel()
+ kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+@@ -94,7 +94,7 @@ def test_aarch64_virt_insn_icount(self):
+ :avocado: tags=accel:tcg
+ :avocado: tags=arch:aarch64
+ :avocado: tags=machine:virt
+- :avocado: tags=cpu:cortex-a53
++ :avocado: tags=cpu:cortex-a57
+ """
+ kernel_path = self._grab_aarch64_kernel()
+ kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+@@ -120,7 +120,7 @@ def test_aarch64_virt_mem_icount(self):
+ :avocado: tags=accel:tcg
+ :avocado: tags=arch:aarch64
+ :avocado: tags=machine:virt
+- :avocado: tags=cpu:cortex-a53
++ :avocado: tags=cpu:cortex-a57
+ """
+ kernel_path = self._grab_aarch64_kernel()
+ kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+--
+2.35.3
+
diff --git a/SOURCES/kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch b/SOURCES/kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch
new file mode 100644
index 0000000..7740d0b
--- /dev/null
+++ b/SOURCES/kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch
@@ -0,0 +1,58 @@
+From 5ab8613582fd56b847fe75750acb5b7255900b35 Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Thu, 9 Jun 2022 11:55:15 +0200
+Subject: [PATCH 15/16] Revert "globally limit the maximum number of CPUs"
+
+RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-MergeRequest: 99: Revert "globally limit the maximum number of CPUs"
+RH-Commit: [1/1] 13100d4a2209b2190a3654c1f9cf4ebade1e8d24 (vkuznets/qemu-kvm-c9s)
+RH-Bugzilla: 2094270
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2094270
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45871149
+Upstream Status: RHEL-only
+Tested: with upstream kernel
+
+Downstream QEMU carries a patch that sets the hard limit of possible vCPUs
+to the value that the KVM code of the kernel recommends as soft limit.
+Upstream KVM code has been changed recently to not use an arbitrary soft
+limit anymore, but to cap the value on the amount of available physical
+CPUs of the host. This defeats the purpose of the downstream change in
+QEMU completely. Drop the downstream-only patch to allow CPU overcommit.
+
+This reverts commit 6669f6fa677d43144f39d6ad59725b7ba622f1c2.
+
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+---
+ accel/kvm/kvm-all.c | 12 ------------
+ 1 file changed, 12 deletions(-)
+
+diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
+index fdf0e4d429..5f1377ca04 100644
+--- a/accel/kvm/kvm-all.c
++++ b/accel/kvm/kvm-all.c
+@@ -2430,18 +2430,6 @@ static int kvm_init(MachineState *ms)
+ soft_vcpus_limit = kvm_recommended_vcpus(s);
+ hard_vcpus_limit = kvm_max_vcpus(s);
+
+-#ifdef HOST_PPC64
+- /*
+- * On POWER, the kernel advertises a soft limit based on the
+- * number of CPU threads on the host. We want to allow exceeding
+- * this for testing purposes, so we don't want to set hard limit
+- * to soft limit as on x86.
+- */
+-#else
+- /* RHEL doesn't support nr_vcpus > soft_vcpus_limit */
+- hard_vcpus_limit = soft_vcpus_limit;
+-#endif
+-
+ while (nc->name) {
+ if (nc->num > soft_vcpus_limit) {
+ warn_report("Number of %s cpus requested (%d) exceeds "
+--
+2.31.1
+
diff --git a/SOURCES/kvm-Revert-migration-Simplify-unqueue_page.patch b/SOURCES/kvm-Revert-migration-Simplify-unqueue_page.patch
new file mode 100644
index 0000000..f5c97f6
--- /dev/null
+++ b/SOURCES/kvm-Revert-migration-Simplify-unqueue_page.patch
@@ -0,0 +1,134 @@
+From 5ea59b17866add54e5ae8c76d3cb472c67e1fa91 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Tue, 2 Aug 2022 08:19:49 +0200
+Subject: [PATCH 32/32] Revert "migration: Simplify unqueue_page()"
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 112: Fix postcopy migration on s390x
+RH-Commit: [2/2] 3913c9ed3f27f4b66245913da29d0c46db0c6567 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2099934
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+This reverts commit cfd66f30fb0f735df06ff4220e5000290a43dad3.
+
+The simplification of unqueue_page() introduced a bug that sometimes
+breaks migration on s390x hosts.
+
+The problem is not fully understood yet, but since we are already in
+the freeze for QEMU 7.1 and we need something working there, let's
+revert this patch for the upcoming release. The optimization can be
+redone later again in a proper way if necessary.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2099934
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20220802061949.331576-1-thuth@redhat.com>
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 777f53c75983dd10756f5dbfc8af50fe11da81c1)
+Conflicts:
+ migration/trace-events
+ (trivial contextual conflict)
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ migration/ram.c | 37 ++++++++++++++++++++++++++-----------
+ migration/trace-events | 3 ++-
+ 2 files changed, 28 insertions(+), 12 deletions(-)
+
+diff --git a/migration/ram.c b/migration/ram.c
+index fb6db54642..ee40e4a718 100644
+--- a/migration/ram.c
++++ b/migration/ram.c
+@@ -1548,7 +1548,6 @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset)
+ {
+ struct RAMSrcPageRequest *entry;
+ RAMBlock *block = NULL;
+- size_t page_size;
+
+ if (!postcopy_has_request(rs)) {
+ return NULL;
+@@ -1565,13 +1564,10 @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset)
+ entry = QSIMPLEQ_FIRST(&rs->src_page_requests);
+ block = entry->rb;
+ *offset = entry->offset;
+- page_size = qemu_ram_pagesize(block);
+- /* Each page request should only be multiple page size of the ramblock */
+- assert((entry->len % page_size) == 0);
+
+- if (entry->len > page_size) {
+- entry->len -= page_size;
+- entry->offset += page_size;
++ if (entry->len > TARGET_PAGE_SIZE) {
++ entry->len -= TARGET_PAGE_SIZE;
++ entry->offset += TARGET_PAGE_SIZE;
+ } else {
+ memory_region_unref(block->mr);
+ QSIMPLEQ_REMOVE_HEAD(&rs->src_page_requests, next_req);
+@@ -1579,9 +1575,6 @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset)
+ migration_consume_urgent_request();
+ }
+
+- trace_unqueue_page(block->idstr, *offset,
+- test_bit((*offset >> TARGET_PAGE_BITS), block->bmap));
+-
+ return block;
+ }
+
+@@ -1956,8 +1949,30 @@ static bool get_queued_page(RAMState *rs, PageSearchStatus *pss)
+ {
+ RAMBlock *block;
+ ram_addr_t offset;
++ bool dirty;
++
++ do {
++ block = unqueue_page(rs, &offset);
++ /*
++ * We're sending this page, and since it's postcopy nothing else
++ * will dirty it, and we must make sure it doesn't get sent again
++ * even if this queue request was received after the background
++ * search already sent it.
++ */
++ if (block) {
++ unsigned long page;
++
++ page = offset >> TARGET_PAGE_BITS;
++ dirty = test_bit(page, block->bmap);
++ if (!dirty) {
++ trace_get_queued_page_not_dirty(block->idstr, (uint64_t)offset,
++ page);
++ } else {
++ trace_get_queued_page(block->idstr, (uint64_t)offset, page);
++ }
++ }
+
+- block = unqueue_page(rs, &offset);
++ } while (block && !dirty);
+
+ if (!block) {
+ /*
+diff --git a/migration/trace-events b/migration/trace-events
+index 1aec580e92..09d61ed1f4 100644
+--- a/migration/trace-events
++++ b/migration/trace-events
+@@ -85,6 +85,8 @@ put_qlist_end(const char *field_name, const char *vmsd_name) "%s(%s)"
+ qemu_file_fclose(void) ""
+
+ # ram.c
++get_queued_page(const char *block_name, uint64_t tmp_offset, unsigned long page_abs) "%s/0x%" PRIx64 " page_abs=0x%lx"
++get_queued_page_not_dirty(const char *block_name, uint64_t tmp_offset, unsigned long page_abs) "%s/0x%" PRIx64 " page_abs=0x%lx"
+ migration_bitmap_sync_start(void) ""
+ migration_bitmap_sync_end(uint64_t dirty_pages) "dirty_pages %" PRIu64
+ migration_bitmap_clear_dirty(char *str, uint64_t start, uint64_t size, unsigned long page) "rb %s start 0x%"PRIx64" size 0x%"PRIx64" page 0x%lx"
+@@ -110,7 +112,6 @@ ram_save_iterate_big_wait(uint64_t milliconds, int iterations) "big wait: %" PRI
+ ram_load_complete(int ret, uint64_t seq_iter) "exit_code %d seq iteration %" PRIu64
+ ram_write_tracking_ramblock_start(const char *block_id, size_t page_size, void *addr, size_t length) "%s: page_size: %zu addr: %p length: %zu"
+ ram_write_tracking_ramblock_stop(const char *block_id, size_t page_size, void *addr, size_t length) "%s: page_size: %zu addr: %p length: %zu"
+-unqueue_page(char *block, uint64_t offset, bool dirty) "ramblock '%s' offset 0x%"PRIx64" dirty %d"
+
+ # multifd.c
+ multifd_new_send_channel_async(uint8_t id) "channel %u"
+--
+2.31.1
+
diff --git a/SOURCES/kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch b/SOURCES/kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch
deleted file mode 100644
index d9d5145..0000000
--- a/SOURCES/kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 213d2c6d3138f3570bca36edaacfd1ee86b18967 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 4 Feb 2022 06:45:51 +0100
-Subject: [PATCH 1/6] Revert "ui/clipboard: Don't use g_autoptr just to free a
- variable"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <kraxel@redhat.com>
-RH-MergeRequest: 75: fix vnc cut+paste crash
-RH-Commit: [1/4] 0937d15054ad6e902bc22d1872231504f442ddcc (kraxel/centos-qemu-kvm)
-RH-Bugzilla: 2042820
-RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-This reverts commit 8df1ea81ee6c674522967d056daa8d3748fa3883.
----
- ui/clipboard.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/ui/clipboard.c b/ui/clipboard.c
-index d53576b0f6..d7b008d62a 100644
---- a/ui/clipboard.c
-+++ b/ui/clipboard.c
-@@ -44,14 +44,13 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer,
-
- void qemu_clipboard_update(QemuClipboardInfo *info)
- {
-- QemuClipboardInfo *old = NULL;
-+ g_autoptr(QemuClipboardInfo) old = NULL;
- assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT);
-
- notifier_list_notify(&clipboard_notifiers, info);
-
- old = cbinfo[info->selection];
- cbinfo[info->selection] = qemu_clipboard_info_ref(info);
-- g_free(old);
- }
-
- QemuClipboardInfo *qemu_clipboard_info(QemuClipboardSelection selection)
---
-2.27.0
-
diff --git a/SOURCES/kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch b/SOURCES/kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch
new file mode 100644
index 0000000..e8eb35d
--- /dev/null
+++ b/SOURCES/kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch
@@ -0,0 +1,51 @@
+From 733acef2caea0758edd74fb634b095ce09bf5914 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Mon, 9 May 2022 03:46:23 -0400
+Subject: [PATCH 15/16] Revert "virtio-scsi: Reject scsi-cd if data plane
+ enabled [RHEL only]"
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 91: Revert "virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]"
+RH-Commit: [1/1] 1af55d792bc9166e5c86272afe8093c76ab41bb4 (eesposit/qemu-kvm)
+RH-Bugzilla: 1995710
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+This reverts commit 4e17b1126e.
+
+Over time AioContext usage and coverage has increased, and now block
+backend is capable of handling AioContext change upon eject and insert.
+Therefore the above downstream-only commit is not necessary anymore,
+and can be safely reverted.
+
+X-downstream-only: true
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 2450c9438c..db54d104be 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -937,15 +937,6 @@ static void virtio_scsi_hotplug(HotplugHandler *hotplug_dev, DeviceState *dev,
+ AioContext *old_context;
+ int ret;
+
+- /* XXX: Remove this check once block backend is capable of handling
+- * AioContext change upon eject/insert.
+- * s->ctx is NULL if ioeventfd is off, s->ctx is qemu_get_aio_context() if
+- * data plane is not used, both cases are safe for scsi-cd. */
+- if (s->ctx && s->ctx != qemu_get_aio_context() &&
+- object_dynamic_cast(OBJECT(dev), "scsi-cd")) {
+- error_setg(errp, "scsi-cd is not supported by data plane");
+- return;
+- }
+ if (s->ctx && !s->dataplane_fenced) {
+ if (blk_op_is_blocked(sd->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) {
+ return;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch b/SOURCES/kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
deleted file mode 100644
index 1e620ff..0000000
--- a/SOURCES/kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 473b05bbdad50dc3877ab6da4ac52b5a4fc7d5e1 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:31 -0500
-Subject: [PATCH 11/14] acpi: fix OEM ID/OEM Table ID padding
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [7/10] 276af1aa7650e79f146c75ef4ec19f792e7e163c
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-Commit [2] broke original '\0' padding of OEM ID and OEM Table ID
-fields in headers of ACPI tables. While it doesn't have impact on
-default values since QEMU uses 6 and 8 characters long values
-respectively, it broke usecase where IDs are provided on QEMU CLI.
-It shouldn't affect guest (but may cause licensing verification
-issues in guest OS).
-One of the broken usecases is user supplied SLIC table with IDs
-shorter than max possible length, where [2] mangles IDs with extra
-spaces in RSDT and FADT tables whereas guest OS expects those to
-mirror the respective values of the used SLIC table.
-
-Fix it by replacing whitespace padding with '\0' padding in
-accordance with [1] and expectations of guest OS
-
-1) ACPI spec, v2.0b
- 17.2 AML Grammar Definition
- ...
- //OEM ID of up to 6 characters. If the OEM ID is
- //shorter than 6 characters, it can be terminated
- //with a NULL character.
-
-2)
-Fixes: 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/707
-Reported-by: Dmitry V. Orekhov <dima.orekhov@gmail.com>
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Cc: qemu-stable@nongnu.org
-Message-Id: <20220112130332.1648664-4-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Ani Sinha <ani@anisinha.ca>
-Tested-by: Dmitry V. Orekhov dima.orekhov@gmail.com
-(cherry picked from commit 748c030f360a940fe0c9382c8ca1649096c3a80d)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- hw/acpi/aml-build.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
-index b3b3310df3..65148d5b9d 100644
---- a/hw/acpi/aml-build.c
-+++ b/hw/acpi/aml-build.c
-@@ -1724,9 +1724,9 @@ void acpi_table_begin(AcpiTable *desc, GArray *array)
- build_append_int_noprefix(array, 0, 4); /* Length */
- build_append_int_noprefix(array, desc->rev, 1); /* Revision */
- build_append_int_noprefix(array, 0, 1); /* Checksum */
-- build_append_padded_str(array, desc->oem_id, 6, ' '); /* OEMID */
-+ build_append_padded_str(array, desc->oem_id, 6, '\0'); /* OEMID */
- /* OEM Table ID */
-- build_append_padded_str(array, desc->oem_table_id, 8, ' ');
-+ build_append_padded_str(array, desc->oem_table_id, 8, '\0');
- build_append_int_noprefix(array, 1, 4); /* OEM Revision */
- g_array_append_vals(array, ACPI_BUILD_APPNAME8, 4); /* Creator ID */
- build_append_int_noprefix(array, 1, 4); /* Creator Revision */
---
-2.31.1
-
diff --git a/SOURCES/kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch b/SOURCES/kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
deleted file mode 100644
index 763a621..0000000
--- a/SOURCES/kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 636a09dbe361517ac2b8d810166676b5006a6ca2 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:17 -0500
-Subject: [PATCH 05/14] acpi: fix QEMU crash when started with SLIC table
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [1/10] 67c1d1d2358d0ba746f260dfc3c1cfc165357fd1
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-if QEMU is started with used provided SLIC table blob,
-
- -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
-it will assert with:
-
- hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
-
-and following backtrace:
-
- ...
- build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
- acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
- build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
- ...
-
-which happens due to acpi_table_begin() expecting NULL terminated
-oem_id and oem_table_id strings, which is normally the case, but
-in case of user provided SLIC table, oem_id points to table's blob
-directly and as result oem_id became longer than expected.
-
-Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
-return NULL terminated strings.
-
-PS:
-After [1] refactoring, oem_id semantics became inconsistent, where
-NULL terminated string was coming from machine and old way pointer
-into byte array coming from -acpitable option. That used to work
-since build_header() wasn't expecting NULL terminated string and
-blindly copied the 1st 6 bytes only.
-
-However commit [2] broke that by replacing build_header() with
-acpi_table_begin(), which was expecting NULL terminated string
-and was checking oem_id size.
-
-1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-2)
-Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-2-imammedo@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Denis Lisov <dennis.lissov@gmail.com>
-Tested-by: Alexander Tsoy <alexander@tsoy.me>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8cdb99af45365727ac17f45239a9b8c1d5155c6d)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- hw/acpi/core.c | 4 ++--
- hw/i386/acpi-build.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index 1e004d0078..3e811bf03c 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
- struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
-
- if (memcmp(hdr->sig, "SLIC", 4) == 0) {
-- oem->id = hdr->oem_id;
-- oem->table_id = hdr->oem_table_id;
-+ oem->id = g_strndup(hdr->oem_id, 6);
-+ oem->table_id = g_strndup(hdr->oem_table_id, 8);
- return 0;
- }
- }
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index 8383b83ee3..0234fe7588 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -2723,6 +2723,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
-
- /* Cleanup memory that's no longer used. */
- g_array_free(table_offsets, true);
-+ g_free(slic_oem.id);
-+ g_free(slic_oem.table_id);
- }
-
- static void acpi_ram_update(MemoryRegion *mr, GArray *data)
---
-2.31.1
-
diff --git a/SOURCES/kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch b/SOURCES/kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch
deleted file mode 100644
index 02bcda3..0000000
--- a/SOURCES/kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From a3a4fd1733e71d029e38136366e73ace8e78298b Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Tue, 1 Mar 2022 10:11:59 -0500
-Subject: [PATCH 02/14] acpi: pcihp: pcie: set power on cap on parent slot
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 124: RHEL-9.0 Fix broken PCIe device after migration
-RH-Commit: [2/2] 135602421e5fed803f7d71121380306633d490d8
-RH-Bugzilla: 2053584
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: MST <None>
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-
-on creation a PCIDevice has power turned on at the end of pci_qdev_realize()
-however later on if PCIe slot isn't populated with any children
-it's power is turned off. It's fine if native hotplug is used
-as plug callback will power slot on among other things.
-However when ACPI hotplug is enabled it replaces native PCIe plug
-callbacks with ACPI specific ones (acpi_pcihp_device_*plug_cb) and
-as result slot stays powered off. It works fine as ACPI hotplug
-on guest side takes care of enumerating/initializing hotplugged
-device. But when later guest is migrated, call chain introduced by]
-commit d5daff7d312 (pcie: implement slot power control for pcie root ports)
-
- pcie_cap_slot_post_load()
- -> pcie_cap_update_power()
- -> pcie_set_power_device()
- -> pci_set_power()
- -> pci_update_mappings()
-
-will disable earlier initialized BARs for the hotplugged device
-in powered off slot due to commit 23786d13441 (pci: implement power state)
-which disables BARs if power is off.
-
-Fix it by setting PCI_EXP_SLTCTL_PCC to PCI_EXP_SLTCTL_PWR_ON
-on slot (root port/downstream port) at the time a device
-hotplugged into it. As result PCI_EXP_SLTCTL_PWR_ON is migrated
-to target and above call chain keeps device plugged into it
-powered on.
-
-Fixes: d5daff7d312 ("pcie: implement slot power control for pcie root ports")
-Fixes: 23786d13441 ("pci: implement power state")
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2053584
-Suggested-by: "Michael S. Tsirkin" <mst@redhat.com>
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20220301151200.3507298-3-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 6b0969f1ec825984cd74619f0730be421b0c46fb)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- hw/acpi/pcihp.c | 12 +++++++++++-
- hw/pci/pcie.c | 11 +++++++++++
- include/hw/pci/pcie.h | 1 +
- 3 files changed, 23 insertions(+), 1 deletion(-)
-
-diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
-index 30405b5113..3d5610e02d 100644
---- a/hw/acpi/pcihp.c
-+++ b/hw/acpi/pcihp.c
-@@ -32,6 +32,7 @@
- #include "hw/pci/pci_bridge.h"
- #include "hw/pci/pci_host.h"
- #include "hw/pci/pcie_port.h"
-+#include "hw/pci-bridge/xio3130_downstream.h"
- #include "hw/i386/acpi-build.h"
- #include "hw/acpi/acpi.h"
- #include "hw/pci/pci_bus.h"
-@@ -341,6 +342,8 @@ void acpi_pcihp_device_plug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState *s,
- {
- PCIDevice *pdev = PCI_DEVICE(dev);
- int slot = PCI_SLOT(pdev->devfn);
-+ PCIDevice *bridge;
-+ PCIBus *bus;
- int bsel;
-
- /* Don't send event when device is enabled during qemu machine creation:
-@@ -370,7 +373,14 @@ void acpi_pcihp_device_plug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState *s,
- return;
- }
-
-- bsel = acpi_pcihp_get_bsel(pci_get_bus(pdev));
-+ bus = pci_get_bus(pdev);
-+ bridge = pci_bridge_get_device(bus);
-+ if (object_dynamic_cast(OBJECT(bridge), TYPE_PCIE_ROOT_PORT) ||
-+ object_dynamic_cast(OBJECT(bridge), TYPE_XIO3130_DOWNSTREAM)) {
-+ pcie_cap_slot_enable_power(bridge);
-+ }
-+
-+ bsel = acpi_pcihp_get_bsel(bus);
- g_assert(bsel >= 0);
- s->acpi_pcihp_pci_status[bsel].up |= (1U << slot);
- acpi_send_event(DEVICE(hotplug_dev), ACPI_PCI_HOTPLUG_STATUS);
-diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
-index d7d73a31e4..996f0e24fe 100644
---- a/hw/pci/pcie.c
-+++ b/hw/pci/pcie.c
-@@ -366,6 +366,17 @@ static void hotplug_event_clear(PCIDevice *dev)
- }
- }
-
-+void pcie_cap_slot_enable_power(PCIDevice *dev)
-+{
-+ uint8_t *exp_cap = dev->config + dev->exp.exp_cap;
-+ uint32_t sltcap = pci_get_long(exp_cap + PCI_EXP_SLTCAP);
-+
-+ if (sltcap & PCI_EXP_SLTCAP_PCP) {
-+ pci_set_word_by_mask(exp_cap + PCI_EXP_SLTCTL,
-+ PCI_EXP_SLTCTL_PCC, PCI_EXP_SLTCTL_PWR_ON);
-+ }
-+}
-+
- static void pcie_set_power_device(PCIBus *bus, PCIDevice *dev, void *opaque)
- {
- bool *power = opaque;
-diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h
-index 6063bee0ec..c27368d077 100644
---- a/include/hw/pci/pcie.h
-+++ b/include/hw/pci/pcie.h
-@@ -112,6 +112,7 @@ void pcie_cap_slot_write_config(PCIDevice *dev,
- uint32_t addr, uint32_t val, int len);
- int pcie_cap_slot_post_load(void *opaque, int version_id);
- void pcie_cap_slot_push_attention_button(PCIDevice *dev);
-+void pcie_cap_slot_enable_power(PCIDevice *dev);
-
- void pcie_cap_root_init(PCIDevice *dev);
- void pcie_cap_root_reset(PCIDevice *dev);
---
-2.31.1
-
diff --git a/SOURCES/kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch b/SOURCES/kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch
deleted file mode 100644
index 6fc7f38..0000000
--- a/SOURCES/kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 7b973b9cb7b890eaf9a31c99f5c272b513322ac1 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 3 Feb 2022 15:05:33 +0100
-Subject: [PATCH 1/8] block: Lock AioContext for drain_end in blockdev-reopen
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 73: block: Lock AioContext for drain_end in blockdev-reopen
-RH-Commit: [1/2] db25e999152b0e4f09decade1ac76b9f56cd9706 (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 2046659
-RH-Acked-by: Sergio Lopez <None>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-bdrv_subtree_drained_end() requires the caller to hold the AioContext
-lock for the drained node. Not doing this for nodes outside of the main
-AioContext leads to crashes when AIO_WAIT_WHILE() needs to wait and
-tries to temporarily release the lock.
-
-Fixes: 3908b7a8994fa5ef7a89aa58cd5a02fc58141592
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2046659
-Reported-by: Qing Wang <qinwang@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Message-Id: <20220203140534.36522-2-kwolf@redhat.com>
-Reviewed-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit aba8205be0707b9d108e32254e186ba88107a869)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- blockdev.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index b35072644e..565f6a81fd 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -3562,6 +3562,7 @@ void qmp_blockdev_reopen(BlockdevOptionsList *reopen_list, Error **errp)
- {
- BlockReopenQueue *queue = NULL;
- GSList *drained = NULL;
-+ GSList *p;
-
- /* Add each one of the BDS that we want to reopen to the queue */
- for (; reopen_list != NULL; reopen_list = reopen_list->next) {
-@@ -3611,7 +3612,15 @@ void qmp_blockdev_reopen(BlockdevOptionsList *reopen_list, Error **errp)
-
- fail:
- bdrv_reopen_queue_free(queue);
-- g_slist_free_full(drained, (GDestroyNotify) bdrv_subtree_drained_end);
-+ for (p = drained; p; p = p->next) {
-+ BlockDriverState *bs = p->data;
-+ AioContext *ctx = bdrv_get_aio_context(bs);
-+
-+ aio_context_acquire(ctx);
-+ bdrv_subtree_drained_end(bs);
-+ aio_context_release(ctx);
-+ }
-+ g_slist_free(drained);
- }
-
- void qmp_blockdev_del(const char *node_name, Error **errp)
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch b/SOURCES/kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch
deleted file mode 100644
index 8dbf30f..0000000
--- a/SOURCES/kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 87f3b10dc600ac12272ee6cdc67571910ea722f6 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Tue, 11 Jan 2022 15:36:12 +0000
-Subject: [PATCH 10/12] block-backend: prevent dangling BDS pointers across
- aio_poll()
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 71: block-backend: prevent dangling BDS pointers across aio_poll()
-RH-Commit: [1/2] 1b4cab39bf8c933ab910293a29bfceaa9e821068 (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2040123
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-The BlockBackend root child can change when aio_poll() is invoked. This
-happens when a temporary filter node is removed upon blockjob
-completion, for example.
-
-Functions in block/block-backend.c must be aware of this when using a
-blk_bs() pointer across aio_poll() because the BlockDriverState refcnt
-may reach 0, resulting in a stale pointer.
-
-One example is scsi_device_purge_requests(), which calls blk_drain() to
-wait for in-flight requests to cancel. If the backup blockjob is active,
-then the BlockBackend root child is a temporary filter BDS owned by the
-blockjob. The blockjob can complete during bdrv_drained_begin() and the
-last reference to the BDS is released when the temporary filter node is
-removed. This results in a use-after-free when blk_drain() calls
-bdrv_drained_end(bs) on the dangling pointer.
-
-Explicitly hold a reference to bs across block APIs that invoke
-aio_poll().
-
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2021778
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2036178
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20220111153613.25453-2-stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 1e3552dbd28359d35967b7c28dc86cde1bc29205)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/block-backend.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/block/block-backend.c b/block/block-backend.c
-index 12ef80ea17..23e727199b 100644
---- a/block/block-backend.c
-+++ b/block/block-backend.c
-@@ -822,16 +822,22 @@ BlockBackend *blk_by_public(BlockBackendPublic *public)
- void blk_remove_bs(BlockBackend *blk)
- {
- ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
-- BlockDriverState *bs;
- BdrvChild *root;
-
- notifier_list_notify(&blk->remove_bs_notifiers, blk);
- if (tgm->throttle_state) {
-- bs = blk_bs(blk);
-+ BlockDriverState *bs = blk_bs(blk);
-+
-+ /*
-+ * Take a ref in case blk_bs() changes across bdrv_drained_begin(), for
-+ * example, if a temporary filter node is removed by a blockjob.
-+ */
-+ bdrv_ref(bs);
- bdrv_drained_begin(bs);
- throttle_group_detach_aio_context(tgm);
- throttle_group_attach_aio_context(tgm, qemu_get_aio_context());
- bdrv_drained_end(bs);
-+ bdrv_unref(bs);
- }
-
- blk_update_root_state(blk);
-@@ -1705,6 +1711,7 @@ void blk_drain(BlockBackend *blk)
- BlockDriverState *bs = blk_bs(blk);
-
- if (bs) {
-+ bdrv_ref(bs);
- bdrv_drained_begin(bs);
- }
-
-@@ -1714,6 +1721,7 @@ void blk_drain(BlockBackend *blk)
-
- if (bs) {
- bdrv_drained_end(bs);
-+ bdrv_unref(bs);
- }
- }
-
-@@ -2044,10 +2052,13 @@ static int blk_do_set_aio_context(BlockBackend *blk, AioContext *new_context,
- int ret;
-
- if (bs) {
-+ bdrv_ref(bs);
-+
- if (update_root_node) {
- ret = bdrv_child_try_set_aio_context(bs, new_context, blk->root,
- errp);
- if (ret < 0) {
-+ bdrv_unref(bs);
- return ret;
- }
- }
-@@ -2057,6 +2068,8 @@ static int blk_do_set_aio_context(BlockBackend *blk, AioContext *new_context,
- throttle_group_attach_aio_context(tgm, new_context);
- bdrv_drained_end(bs);
- }
-+
-+ bdrv_unref(bs);
- }
-
- blk->ctx = new_context;
-@@ -2326,11 +2339,13 @@ void blk_io_limits_disable(BlockBackend *blk)
- ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
- assert(tgm->throttle_state);
- if (bs) {
-+ bdrv_ref(bs);
- bdrv_drained_begin(bs);
- }
- throttle_group_unregister_tgm(tgm);
- if (bs) {
- bdrv_drained_end(bs);
-+ bdrv_unref(bs);
- }
- }
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch b/SOURCES/kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch
deleted file mode 100644
index 5fff268..0000000
--- a/SOURCES/kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From a6b472de71f6ebbe44025e1348c90e6f1f2b2326 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Tue, 18 Jan 2022 17:59:59 +0100
-Subject: [PATCH 06/12] block/io: Update BSC only if want_zero is true
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 69: block/io: Update BSC only if want_zero is true
-RH-Commit: [1/2] ad19ff86c3420cafe5a9e785ee210e482fbc8cd7 (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2041461
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-
-We update the block-status cache whenever we get new information from a
-bdrv_co_block_status() call to the block driver. However, if we have
-passed want_zero=false to that call, it may flag areas containing zeroes
-as data, and so we would update the block-status cache with wrong
-information.
-
-Therefore, we should not update the cache with want_zero=false.
-
-Reported-by: Nir Soffer <nsoffer@redhat.com>
-Fixes: 0bc329fbb00 ("block: block-status cache for data regions")
-Reviewed-by: Nir Soffer <nsoffer@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Message-Id: <20220118170000.49423-2-hreitz@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit 113b727ce788335cf76f65355d670c9bc130fd75)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/io.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/block/io.c b/block/io.c
-index bb0a254def..4e4cb556c5 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -2497,8 +2497,12 @@ static int coroutine_fn bdrv_co_block_status(BlockDriverState *bs,
- * non-protocol nodes, and then it is never used. However, filling
- * the cache requires an RCU update, so double check here to avoid
- * such an update if possible.
-+ *
-+ * Check want_zero, because we only want to update the cache when we
-+ * have accurate information about what is zero and what is data.
- */
-- if (ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
-+ if (want_zero &&
-+ ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
- QLIST_EMPTY(&bs->children))
- {
- /*
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch b/SOURCES/kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch
deleted file mode 100644
index 24c5b8a..0000000
--- a/SOURCES/kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 76b03619435d0b2f0125ee7aa5c94f2b889247de Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Fri, 4 Feb 2022 12:10:08 +0100
-Subject: [PATCH 4/8] block/nbd: Assert there are no timers when closed
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 74: block/nbd: Handle AioContext changes
-RH-Commit: [2/6] 56903457ca35d9c596aeb6827a48f80e8eabd66a (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2033626
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
-they will access freed data when they fire.
-
-This patch is separate from the patches that actually fix the issue
-(HEAD^^ and HEAD^) so that you can run the associated regression iotest
-(281) on a configuration that reproducibly exposes the bug.
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-(cherry picked from commit 8a39c381e5e407d2fe5500324323f90a8540fa90)
-
-Conflict:
-- block/nbd.c: open_timer was introduced after the 6.2 release (for
- nbd's @open-timeout parameter), and has not been backported, so drop
- the assertion that it is NULL
-
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/nbd.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index b8e5a9b4cc..aab20125d8 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
-
- yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
-
-+ /* Must not leave timers behind that would access freed data */
-+ assert(!s->reconnect_delay_timer);
-+
- object_unref(OBJECT(s->tlscreds));
- qapi_free_SocketAddress(s->saddr);
- s->saddr = NULL;
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch b/SOURCES/kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch
deleted file mode 100644
index 0cdf622..0000000
--- a/SOURCES/kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From eeb4683ad8c40a03a4e91463ec1d1b651974b744 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Fri, 4 Feb 2022 12:10:06 +0100
-Subject: [PATCH 3/8] block/nbd: Delete reconnect delay timer when done
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 74: block/nbd: Handle AioContext changes
-RH-Commit: [1/6] 34f92910b6ffd256d781109a2b39737fc6ab449c (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2033626
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-We start the reconnect delay timer to cancel the reconnection attempt
-after a while. Once nbd_co_do_establish_connection() has returned, this
-attempt is over, and we no longer need the timer.
-
-Delete it before returning from nbd_reconnect_attempt(), so that it does
-not persist beyond the I/O request that was paused for reconnecting; we
-do not want it to fire in a drained section, because all sort of things
-can happen in such a section (e.g. the AioContext might be changed, and
-we do not want the timer to fire in the wrong context; or the BDS might
-even be deleted, and so the timer CB would access already-freed data).
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-(cherry picked from commit 3ce1fc16bad9c3f8b7b10b451a224d6d76e5c551)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/nbd.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index 5ef462db1b..b8e5a9b4cc 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -353,6 +353,13 @@ static coroutine_fn void nbd_reconnect_attempt(BDRVNBDState *s)
- }
-
- nbd_co_do_establish_connection(s->bs, NULL);
-+
-+ /*
-+ * The reconnect attempt is done (maybe successfully, maybe not), so
-+ * we no longer need this timer. Delete it so it will not outlive
-+ * this I/O request (so draining removes all timers).
-+ */
-+ reconnect_delay_timer_del(s);
- }
-
- static coroutine_fn int nbd_receive_replies(BDRVNBDState *s, uint64_t handle)
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch b/SOURCES/kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch
deleted file mode 100644
index 1cb29e9..0000000
--- a/SOURCES/kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 6d9d86cc4e6149d4c0793e8ceb65dab7535a4561 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Fri, 4 Feb 2022 12:10:11 +0100
-Subject: [PATCH 7/8] block/nbd: Move s->ioc on AioContext change
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 74: block/nbd: Handle AioContext changes
-RH-Commit: [5/6] b3c1eb21ac70d64fdac6094468a72cfbe50a30a9 (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2033626
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-s->ioc must always be attached to the NBD node's AioContext. If that
-context changes, s->ioc must be attached to the new context.
-
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2033626
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-(cherry picked from commit e15f3a66c830e3fce99c9d56c493c2f7078a1225)
-
-Conflict:
-- block/nbd.c: open_timer was added after the 6.2 release, so we need
- not (and cannot) assert it is NULL here.
-
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/nbd.c | 41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index aab20125d8..a3896c7f5f 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -2003,6 +2003,38 @@ static void nbd_cancel_in_flight(BlockDriverState *bs)
- nbd_co_establish_connection_cancel(s->conn);
- }
-
-+static void nbd_attach_aio_context(BlockDriverState *bs,
-+ AioContext *new_context)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ /*
-+ * The reconnect_delay_timer is scheduled in I/O paths when the
-+ * connection is lost, to cancel the reconnection attempt after a
-+ * given time. Once this attempt is done (successfully or not),
-+ * nbd_reconnect_attempt() ensures the timer is deleted before the
-+ * respective I/O request is resumed.
-+ * Since the AioContext can only be changed when a node is drained,
-+ * the reconnect_delay_timer cannot be active here.
-+ */
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_attach_aio_context(s->ioc, new_context);
-+ }
-+}
-+
-+static void nbd_detach_aio_context(BlockDriverState *bs)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_detach_aio_context(s->ioc);
-+ }
-+}
-+
- static BlockDriver bdrv_nbd = {
- .format_name = "nbd",
- .protocol_name = "nbd",
-@@ -2026,6 +2058,9 @@ static BlockDriver bdrv_nbd = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_tcp = {
-@@ -2051,6 +2086,9 @@ static BlockDriver bdrv_nbd_tcp = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_unix = {
-@@ -2076,6 +2114,9 @@ static BlockDriver bdrv_nbd_unix = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static void bdrv_nbd_init(void)
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch b/SOURCES/kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch
deleted file mode 100644
index bdebdc3..0000000
--- a/SOURCES/kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 6989be9d0aa08470f8b287c243dc4bf027d5fbcf Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Wed, 8 Dec 2021 15:22:46 +0000
-Subject: [PATCH 1/2] block/nvme: fix infinite loop in nvme_free_req_queue_cb()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
-RH-MergeRequest: 58: block/nvme: fix infinite loop in nvme_free_req_queue_cb()
-RH-Commit: [1/1] 544b3f310d791a20c63b51947de0c6cbb60b0d5b (stefanha/centos-stream-qemu-kvm)
-RH-Bugzilla: 2024544
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-When the request free list is exhausted the coroutine waits on
-q->free_req_queue for the next free request. Whenever a request is
-completed a BH is scheduled to invoke nvme_free_req_queue_cb() and wake
-up waiting coroutines.
-
-1. nvme_get_free_req() waits for a free request:
-
- while (q->free_req_head == -1) {
- ...
- trace_nvme_free_req_queue_wait(q->s, q->index);
- qemu_co_queue_wait(&q->free_req_queue, &q->lock);
- ...
- }
-
-2. nvme_free_req_queue_cb() wakes up the coroutine:
-
- while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
- ^--- infinite loop when free_req_head == -1
- }
-
-nvme_free_req_queue_cb() and the coroutine form an infinite loop when
-q->free_req_head == -1. Fix this by checking q->free_req_head in
-nvme_free_req_queue_cb(). If the free request list is exhausted, don't
-wake waiting coroutines. Eventually an in-flight request will complete
-and the BH will be scheduled again, guaranteeing forward progress.
-
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20211208152246.244585-1-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit cf4fbc3030c974fff726756a7ceef8386cdf500b)
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- block/nvme.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/block/nvme.c b/block/nvme.c
-index e4f336d79c..fa360b9b3c 100644
---- a/block/nvme.c
-+++ b/block/nvme.c
-@@ -206,8 +206,9 @@ static void nvme_free_req_queue_cb(void *opaque)
- NVMeQueuePair *q = opaque;
-
- qemu_mutex_lock(&q->lock);
-- while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
-- /* Retry all pending requests */
-+ while (q->free_req_head != -1 &&
-+ qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
-+ /* Retry waiting requests */
- }
- qemu_mutex_unlock(&q->lock);
- }
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch b/SOURCES/kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch
deleted file mode 100644
index 39aa96c..0000000
--- a/SOURCES/kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From d374d5aa4485a0c62d6b48eec64491cae2fd0873 Mon Sep 17 00:00:00 2001
-From: Peter Lieven <pl@kamp.de>
-Date: Thu, 13 Jan 2022 15:44:25 +0100
-Subject: [PATCH 4/5] block/rbd: fix handling of holes in .bdrv_co_block_status
-
-RH-Author: Stefano Garzarella <sgarzare@redhat.com>
-RH-MergeRequest: 68: block/rbd: fix handling of holes in .bdrv_co_block_status
-RH-Commit: [1/2] 8ef178b01885e3c292f7844ccff865b1a8d4faf0 (sgarzarella/qemu-kvm-c-9-s)
-RH-Bugzilla: 2034791
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-the assumption that we can't hit a hole if we do not diff against a snapshot was wrong.
-
-We can see a hole in an image if we diff against base if there exists an older snapshot
-of the image and we have discarded blocks in the image where the snapshot has data.
-
-Fix this by simply handling a hole like an unallocated area. There are no callbacks
-for unallocated areas so just bail out if we hit a hole.
-
-Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
-Suggested-by: Ilya Dryomov <idryomov@gmail.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Lieven <pl@kamp.de>
-Message-Id: <20220113144426.4036493-2-pl@kamp.de>
-Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
-Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 9e302f64bb407a9bb097b626da97228c2654cfee)
-Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
----
- block/rbd.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/block/rbd.c b/block/rbd.c
-index def96292e0..20bb896c4a 100644
---- a/block/rbd.c
-+++ b/block/rbd.c
-@@ -1279,11 +1279,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
- RBDDiffIterateReq *req = opaque;
-
- assert(req->offs + req->bytes <= offs);
-- /*
-- * we do not diff against a snapshot so we should never receive a callback
-- * for a hole.
-- */
-- assert(exists);
-+
-+ /* treat a hole like an unallocated area and bail out */
-+ if (!exists) {
-+ return 0;
-+ }
-
- if (!req->exists && offs > req->offs) {
- /*
---
-2.27.0
-
diff --git a/SOURCES/kvm-block-rbd-workaround-for-ceph-issue-53784.patch b/SOURCES/kvm-block-rbd-workaround-for-ceph-issue-53784.patch
deleted file mode 100644
index dd3876e..0000000
--- a/SOURCES/kvm-block-rbd-workaround-for-ceph-issue-53784.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From f035b5250529eed8d12e0b93b1b6d6f2c50003f6 Mon Sep 17 00:00:00 2001
-From: Peter Lieven <pl@kamp.de>
-Date: Thu, 13 Jan 2022 15:44:26 +0100
-Subject: [PATCH 5/5] block/rbd: workaround for ceph issue #53784
-
-RH-Author: Stefano Garzarella <sgarzare@redhat.com>
-RH-MergeRequest: 68: block/rbd: fix handling of holes in .bdrv_co_block_status
-RH-Commit: [2/2] 5feaa2e20a77886cc1a84cdf212ade3dcda28289 (sgarzarella/qemu-kvm-c-9-s)
-RH-Bugzilla: 2034791
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-librbd had a bug until early 2022 that affected all versions of ceph that
-supported fast-diff. This bug results in reporting of incorrect offsets
-if the offset parameter to rbd_diff_iterate2 is not object aligned.
-
-This patch works around this bug for pre Quincy versions of librbd.
-
-Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Lieven <pl@kamp.de>
-Message-Id: <20220113144426.4036493-3-pl@kamp.de>
-Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
-Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
-Tested-by: Stefano Garzarella <sgarzare@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit fc176116cdea816ceb8dd969080b2b95f58edbc0)
-Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
----
- block/rbd.c | 42 ++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 40 insertions(+), 2 deletions(-)
-
-diff --git a/block/rbd.c b/block/rbd.c
-index 20bb896c4a..8f183eba2a 100644
---- a/block/rbd.c
-+++ b/block/rbd.c
-@@ -1320,6 +1320,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
- int status, r;
- RBDDiffIterateReq req = { .offs = offset };
- uint64_t features, flags;
-+ uint64_t head = 0;
-
- assert(offset + bytes <= s->image_size);
-
-@@ -1347,7 +1348,43 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
- return status;
- }
-
-- r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
-+#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
-+ /*
-+ * librbd had a bug until early 2022 that affected all versions of ceph that
-+ * supported fast-diff. This bug results in reporting of incorrect offsets
-+ * if the offset parameter to rbd_diff_iterate2 is not object aligned.
-+ * Work around this bug by rounding down the offset to object boundaries.
-+ * This is OK because we call rbd_diff_iterate2 with whole_object = true.
-+ * However, this workaround only works for non cloned images with default
-+ * striping.
-+ *
-+ * See: https://tracker.ceph.com/issues/53784
-+ */
-+
-+ /* check if RBD image has non-default striping enabled */
-+ if (features & RBD_FEATURE_STRIPINGV2) {
-+ return status;
-+ }
-+
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-+ /*
-+ * check if RBD image is a clone (= has a parent).
-+ *
-+ * rbd_get_parent_info is deprecated from Nautilus onwards, but the
-+ * replacement rbd_get_parent is not present in Luminous and Mimic.
-+ */
-+ if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
-+ return status;
-+ }
-+#pragma GCC diagnostic pop
-+
-+ head = req.offs & (s->object_size - 1);
-+ req.offs -= head;
-+ bytes += head;
-+#endif
-+
-+ r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
- qemu_rbd_diff_iterate_cb, &req);
- if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
- return status;
-@@ -1366,7 +1403,8 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
- status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
- }
-
-- *pnum = req.bytes;
-+ assert(req.bytes > head);
-+ *pnum = req.bytes - head;
- return status;
- }
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch b/SOURCES/kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch
new file mode 100644
index 0000000..a948e57
--- /dev/null
+++ b/SOURCES/kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch
@@ -0,0 +1,41 @@
+From 3a0e9bb88e82cc76ca5efc0595ce94b5dc34749e Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Mon, 25 Apr 2022 13:42:46 +0800
+Subject: [PATCH 1/2] configs/devices/aarch64-softmmu: Enable CONFIG_VIRTIO_MEM
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 80: Enable virtio-mem for aarch64
+RH-Commit: [1/1] 1afbd08da6d7c860da8d617a0a932d3660514878 (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2044162
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2044162
+
+This enables virtio-mem device on aarch64 since all needed commits
+are ready.
+
+ b1b87327a9 hw/arm/virt: Support for virtio-mem-pci
+ 1263615efe virtio-mem: Correct default THP size for ARM64
+
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ configs/devices/aarch64-softmmu/aarch64-rh-devices.mak | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+index 5f6ee1de5b..187938573f 100644
+--- a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
++++ b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak
+@@ -22,6 +22,7 @@ CONFIG_VFIO=y
+ CONFIG_VFIO_PCI=y
+ CONFIG_VIRTIO_MMIO=y
+ CONFIG_VIRTIO_PCI=y
++CONFIG_VIRTIO_MEM=y
+ CONFIG_XIO3130=y
+ CONFIG_NVDIMM=y
+ CONFIG_ACPI_APEI=y
+--
+2.35.1
+
diff --git a/SOURCES/kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch b/SOURCES/kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
new file mode 100644
index 0000000..c1f3683
--- /dev/null
+++ b/SOURCES/kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
@@ -0,0 +1,101 @@
+From e3cb8849862a9f0dd20f2913d540336a037d43c7 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Tue, 10 May 2022 17:10:19 +0200
+Subject: [PATCH 07/16] coroutine: Rename qemu_coroutine_inc/dec_pool_size()
+
+RH-Author: Kevin Wolf <kwolf@redhat.com>
+RH-MergeRequest: 87: coroutine: Fix crashes due to too large pool batch size
+RH-Commit: [1/2] 6389b11f70225f221784c270d9b90c1ea43ca8fb (kmwolf/centos-qemu-kvm)
+RH-Bugzilla: 2079938
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+It's true that these functions currently affect the batch size in which
+coroutines are reused (i.e. moved from the global release pool to the
+allocation pool of a specific thread), but this is a bug and will be
+fixed in a separate patch.
+
+In fact, the comment in the header file already just promises that it
+influences the pool size, so reflect this in the name of the functions.
+As a nice side effect, the shorter function name makes some line
+wrapping unnecessary.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220510151020.105528-2-kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit 98e3ab35054b946f7c2aba5408822532b0920b53)
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ hw/block/virtio-blk.c | 6 ++----
+ include/qemu/coroutine.h | 6 +++---
+ util/qemu-coroutine.c | 4 ++--
+ 3 files changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
+index 540c38f829..6a1cc41877 100644
+--- a/hw/block/virtio-blk.c
++++ b/hw/block/virtio-blk.c
+@@ -1215,8 +1215,7 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
+ for (i = 0; i < conf->num_queues; i++) {
+ virtio_add_queue(vdev, conf->queue_size, virtio_blk_handle_output);
+ }
+- qemu_coroutine_increase_pool_batch_size(conf->num_queues * conf->queue_size
+- / 2);
++ qemu_coroutine_inc_pool_size(conf->num_queues * conf->queue_size / 2);
+ virtio_blk_data_plane_create(vdev, conf, &s->dataplane, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+@@ -1253,8 +1252,7 @@ static void virtio_blk_device_unrealize(DeviceState *dev)
+ for (i = 0; i < conf->num_queues; i++) {
+ virtio_del_queue(vdev, i);
+ }
+- qemu_coroutine_decrease_pool_batch_size(conf->num_queues * conf->queue_size
+- / 2);
++ qemu_coroutine_dec_pool_size(conf->num_queues * conf->queue_size / 2);
+ qemu_del_vm_change_state_handler(s->change);
+ blockdev_mark_auto_del(s->blk);
+ virtio_cleanup(vdev);
+diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
+index c828a95ee0..5b621d1295 100644
+--- a/include/qemu/coroutine.h
++++ b/include/qemu/coroutine.h
+@@ -334,12 +334,12 @@ void coroutine_fn yield_until_fd_readable(int fd);
+ /**
+ * Increase coroutine pool size
+ */
+-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size);
++void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size);
+
+ /**
+- * Devcrease coroutine pool size
++ * Decrease coroutine pool size
+ */
+-void qemu_coroutine_decrease_pool_batch_size(unsigned int additional_pool_size);
++void qemu_coroutine_dec_pool_size(unsigned int additional_pool_size);
+
+ #include "qemu/lockable.h"
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index c03b2422ff..faca0ca97c 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -205,12 +205,12 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
+ return co->ctx;
+ }
+
+-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size)
++void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
+ {
+ qatomic_add(&pool_batch_size, additional_pool_size);
+ }
+
+-void qemu_coroutine_decrease_pool_batch_size(unsigned int removing_pool_size)
++void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
+ {
+ qatomic_sub(&pool_batch_size, removing_pool_size);
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-coroutine-Revert-to-constant-batch-size.patch b/SOURCES/kvm-coroutine-Revert-to-constant-batch-size.patch
new file mode 100644
index 0000000..2973510
--- /dev/null
+++ b/SOURCES/kvm-coroutine-Revert-to-constant-batch-size.patch
@@ -0,0 +1,138 @@
+From 345107bfd5537b51f34aaeb97d6161858bb6feee Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Tue, 10 May 2022 17:10:20 +0200
+Subject: [PATCH 08/16] coroutine: Revert to constant batch size
+
+RH-Author: Kevin Wolf <kwolf@redhat.com>
+RH-MergeRequest: 87: coroutine: Fix crashes due to too large pool batch size
+RH-Commit: [2/2] 8a8a39af873854cdc8333d1a70f3479a97c3ec7a (kmwolf/centos-qemu-kvm)
+RH-Bugzilla: 2079938
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+Commit 4c41c69e changed the way the coroutine pool is sized because for
+virtio-blk devices with a large queue size and heavy I/O, it was just
+too small and caused coroutines to be deleted and reallocated soon
+afterwards. The change made the size dynamic based on the number of
+queues and the queue size of virtio-blk devices.
+
+There are two important numbers here: Slightly simplified, when a
+coroutine terminates, it is generally stored in the global release pool
+up to a certain pool size, and if the pool is full, it is freed.
+Conversely, when allocating a new coroutine, the coroutines in the
+release pool are reused if the pool already has reached a certain
+minimum size (the batch size), otherwise we allocate new coroutines.
+
+The problem after commit 4c41c69e is that it not only increases the
+maximum pool size (which is the intended effect), but also the batch
+size for reusing coroutines (which is a bug). It means that in cases
+with many devices and/or a large queue size (which defaults to the
+number of vcpus for virtio-blk-pci), many thousand coroutines could be
+sitting in the release pool without being reused.
+
+This is not only a waste of memory and allocations, but it actually
+makes the QEMU process likely to hit the vm.max_map_count limit on Linux
+because each coroutine requires two mappings (its stack and the guard
+page for the stack), causing it to abort() in qemu_alloc_stack() because
+when the limit is hit, mprotect() starts to fail with ENOMEM.
+
+In order to fix the problem, change the batch size back to 64 to avoid
+uselessly accumulating coroutines in the release pool, but keep the
+dynamic maximum pool size so that coroutines aren't freed too early
+in heavy I/O scenarios.
+
+Note that this fix doesn't strictly make it impossible to hit the limit,
+but this would only happen if most of the coroutines are actually in use
+at the same time, not just sitting in a pool. This is the same behaviour
+as we already had before commit 4c41c69e. Fully preventing this would
+require allowing qemu_coroutine_create() to return an error, but it
+doesn't seem to be a scenario that people hit in practice.
+
+Cc: qemu-stable@nongnu.org
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2079938
+Fixes: 4c41c69e05fe28c0f95f8abd2ebf407e95a4f04b
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220510151020.105528-3-kwolf@redhat.com>
+Tested-by: Hiroki Narukawa <hnarukaw@yahoo-corp.jp>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit 9ec7a59b5aad4b736871c378d30f5ef5ec51cb52)
+
+Conflicts:
+ util/qemu-coroutine.c
+
+Trivial merge conflict because we don't have commit ac387a08 downstream.
+
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ util/qemu-coroutine.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index faca0ca97c..804f672e0a 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -20,14 +20,20 @@
+ #include "qemu/coroutine_int.h"
+ #include "block/aio.h"
+
+-/** Initial batch size is 64, and is increased on demand */
++/**
++ * The minimal batch size is always 64, coroutines from the release_pool are
++ * reused as soon as there are 64 coroutines in it. The maximum pool size starts
++ * with 64 and is increased on demand so that coroutines are not deleted even if
++ * they are not immediately reused.
++ */
+ enum {
+- POOL_INITIAL_BATCH_SIZE = 64,
++ POOL_MIN_BATCH_SIZE = 64,
++ POOL_INITIAL_MAX_SIZE = 64,
+ };
+
+ /** Free list to speed up creation */
+ static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
+-static unsigned int pool_batch_size = POOL_INITIAL_BATCH_SIZE;
++static unsigned int pool_max_size = POOL_INITIAL_MAX_SIZE;
+ static unsigned int release_pool_size;
+ static __thread QSLIST_HEAD(, Coroutine) alloc_pool = QSLIST_HEAD_INITIALIZER(pool);
+ static __thread unsigned int alloc_pool_size;
+@@ -51,7 +57,7 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
+ if (CONFIG_COROUTINE_POOL) {
+ co = QSLIST_FIRST(&alloc_pool);
+ if (!co) {
+- if (release_pool_size > qatomic_read(&pool_batch_size)) {
++ if (release_pool_size > POOL_MIN_BATCH_SIZE) {
+ /* Slow path; a good place to register the destructor, too. */
+ if (!coroutine_pool_cleanup_notifier.notify) {
+ coroutine_pool_cleanup_notifier.notify = coroutine_pool_cleanup;
+@@ -88,12 +94,12 @@ static void coroutine_delete(Coroutine *co)
+ co->caller = NULL;
+
+ if (CONFIG_COROUTINE_POOL) {
+- if (release_pool_size < qatomic_read(&pool_batch_size) * 2) {
++ if (release_pool_size < qatomic_read(&pool_max_size) * 2) {
+ QSLIST_INSERT_HEAD_ATOMIC(&release_pool, co, pool_next);
+ qatomic_inc(&release_pool_size);
+ return;
+ }
+- if (alloc_pool_size < qatomic_read(&pool_batch_size)) {
++ if (alloc_pool_size < qatomic_read(&pool_max_size)) {
+ QSLIST_INSERT_HEAD(&alloc_pool, co, pool_next);
+ alloc_pool_size++;
+ return;
+@@ -207,10 +213,10 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
+
+ void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
+ {
+- qatomic_add(&pool_batch_size, additional_pool_size);
++ qatomic_add(&pool_max_size, additional_pool_size);
+ }
+
+ void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
+ {
+- qatomic_sub(&pool_batch_size, removing_pool_size);
++ qatomic_sub(&pool_max_size, removing_pool_size);
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/SOURCES/kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..963cf04
--- /dev/null
+++ b/SOURCES/kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,132 @@
+From ffbd90e5f4eba620c7cd631b04f0ed31beb22ffa Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 12:07:56 +0100
+Subject: [PATCH 1/6] coroutine-ucontext: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 89: coroutine: use coroutine TLS macros to protect thread-local variables
+RH-Commit: [1/3] a9782fe8e919c4bd317b7e8744c7ff57d898add3 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 1952483
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-2-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit 34145a307d849d0b6734d0222a7aa0bb9eef7407)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ util/coroutine-ucontext.c | 38 ++++++++++++++++++++++++--------------
+ 1 file changed, 24 insertions(+), 14 deletions(-)
+
+diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
+index 904b375192..127d5a13c8 100644
+--- a/util/coroutine-ucontext.c
++++ b/util/coroutine-ucontext.c
+@@ -25,6 +25,7 @@
+ #include "qemu/osdep.h"
+ #include <ucontext.h>
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+
+ #ifdef CONFIG_VALGRIND_H
+ #include <valgrind/valgrind.h>
+@@ -66,8 +67,8 @@ typedef struct {
+ /**
+ * Per-thread coroutine bookkeeping
+ */
+-static __thread CoroutineUContext leader;
+-static __thread Coroutine *current;
++QEMU_DEFINE_STATIC_CO_TLS(Coroutine *, current);
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineUContext, leader);
+
+ /*
+ * va_args to makecontext() must be type 'int', so passing
+@@ -97,14 +98,15 @@ static inline __attribute__((always_inline))
+ void finish_switch_fiber(void *fake_stack_save)
+ {
+ #ifdef CONFIG_ASAN
++ CoroutineUContext *leaderp = get_ptr_leader();
+ const void *bottom_old;
+ size_t size_old;
+
+ __sanitizer_finish_switch_fiber(fake_stack_save, &bottom_old, &size_old);
+
+- if (!leader.stack) {
+- leader.stack = (void *)bottom_old;
+- leader.stack_size = size_old;
++ if (!leaderp->stack) {
++ leaderp->stack = (void *)bottom_old;
++ leaderp->stack_size = size_old;
+ }
+ #endif
+ #ifdef CONFIG_TSAN
+@@ -161,8 +163,10 @@ static void coroutine_trampoline(int i0, int i1)
+
+ /* Initialize longjmp environment and switch back the caller */
+ if (!sigsetjmp(self->env, 0)) {
+- start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save, leader.stack,
+- leader.stack_size);
++ CoroutineUContext *leaderp = get_ptr_leader();
++
++ start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save,
++ leaderp->stack, leaderp->stack_size);
+ start_switch_fiber_tsan(&fake_stack_save, self, true); /* true=caller */
+ siglongjmp(*(sigjmp_buf *)co->entry_arg, 1);
+ }
+@@ -297,7 +301,7 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+ int ret;
+ void *fake_stack_save = NULL;
+
+- current = to_;
++ set_current(to_);
+
+ ret = sigsetjmp(from->env, 0);
+ if (ret == 0) {
+@@ -315,18 +319,24 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+
+ Coroutine *qemu_coroutine_self(void)
+ {
+- if (!current) {
+- current = &leader.base;
++ Coroutine *self = get_current();
++ CoroutineUContext *leaderp = get_ptr_leader();
++
++ if (!self) {
++ self = &leaderp->base;
++ set_current(self);
+ }
+ #ifdef CONFIG_TSAN
+- if (!leader.tsan_co_fiber) {
+- leader.tsan_co_fiber = __tsan_get_current_fiber();
++ if (!leaderp->tsan_co_fiber) {
++ leaderp->tsan_co_fiber = __tsan_get_current_fiber();
+ }
+ #endif
+- return current;
++ return self;
+ }
+
+ bool qemu_in_coroutine(void)
+ {
+- return current && current->caller;
++ Coroutine *self = get_current();
++
++ return self && self->caller;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/SOURCES/kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..9d0f811
--- /dev/null
+++ b/SOURCES/kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,139 @@
+From 9c2e55d25fec6ffb21e344513b7dbeed7e21f641 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 12:08:04 +0100
+Subject: [PATCH 2/6] coroutine: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 89: coroutine: use coroutine TLS macros to protect thread-local variables
+RH-Commit: [2/3] 68a8847e406e2eace6ddc31b0c5676a60600d606 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 1952483
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+The alloc_pool QSLIST needs a typedef so the return value of
+get_ptr_alloc_pool() can be stored in a local variable.
+
+One example of why this code is necessary: a coroutine that yields
+before calling qemu_coroutine_create() to create another coroutine is
+affected by the TLS issue.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-3-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit ac387a08a9c9f6b36757da912f0339c25f421f90)
+
+Conflicts:
+- Context conflicts due to commit 5411171c3ef4 ("coroutine: Revert to
+ constant batch size").
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ util/qemu-coroutine.c | 41 ++++++++++++++++++++++++-----------------
+ 1 file changed, 24 insertions(+), 17 deletions(-)
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index 804f672e0a..4a8bd63ef0 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -18,6 +18,7 @@
+ #include "qemu/atomic.h"
+ #include "qemu/coroutine.h"
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+ #include "block/aio.h"
+
+ /**
+@@ -35,17 +36,20 @@ enum {
+ static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
+ static unsigned int pool_max_size = POOL_INITIAL_MAX_SIZE;
+ static unsigned int release_pool_size;
+-static __thread QSLIST_HEAD(, Coroutine) alloc_pool = QSLIST_HEAD_INITIALIZER(pool);
+-static __thread unsigned int alloc_pool_size;
+-static __thread Notifier coroutine_pool_cleanup_notifier;
++
++typedef QSLIST_HEAD(, Coroutine) CoroutineQSList;
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineQSList, alloc_pool);
++QEMU_DEFINE_STATIC_CO_TLS(unsigned int, alloc_pool_size);
++QEMU_DEFINE_STATIC_CO_TLS(Notifier, coroutine_pool_cleanup_notifier);
+
+ static void coroutine_pool_cleanup(Notifier *n, void *value)
+ {
+ Coroutine *co;
+ Coroutine *tmp;
++ CoroutineQSList *alloc_pool = get_ptr_alloc_pool();
+
+- QSLIST_FOREACH_SAFE(co, &alloc_pool, pool_next, tmp) {
+- QSLIST_REMOVE_HEAD(&alloc_pool, pool_next);
++ QSLIST_FOREACH_SAFE(co, alloc_pool, pool_next, tmp) {
++ QSLIST_REMOVE_HEAD(alloc_pool, pool_next);
+ qemu_coroutine_delete(co);
+ }
+ }
+@@ -55,27 +59,30 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
+ Coroutine *co = NULL;
+
+ if (CONFIG_COROUTINE_POOL) {
+- co = QSLIST_FIRST(&alloc_pool);
++ CoroutineQSList *alloc_pool = get_ptr_alloc_pool();
++
++ co = QSLIST_FIRST(alloc_pool);
+ if (!co) {
+ if (release_pool_size > POOL_MIN_BATCH_SIZE) {
+ /* Slow path; a good place to register the destructor, too. */
+- if (!coroutine_pool_cleanup_notifier.notify) {
+- coroutine_pool_cleanup_notifier.notify = coroutine_pool_cleanup;
+- qemu_thread_atexit_add(&coroutine_pool_cleanup_notifier);
++ Notifier *notifier = get_ptr_coroutine_pool_cleanup_notifier();
++ if (!notifier->notify) {
++ notifier->notify = coroutine_pool_cleanup;
++ qemu_thread_atexit_add(notifier);
+ }
+
+ /* This is not exact; there could be a little skew between
+ * release_pool_size and the actual size of release_pool. But
+ * it is just a heuristic, it does not need to be perfect.
+ */
+- alloc_pool_size = qatomic_xchg(&release_pool_size, 0);
+- QSLIST_MOVE_ATOMIC(&alloc_pool, &release_pool);
+- co = QSLIST_FIRST(&alloc_pool);
++ set_alloc_pool_size(qatomic_xchg(&release_pool_size, 0));
++ QSLIST_MOVE_ATOMIC(alloc_pool, &release_pool);
++ co = QSLIST_FIRST(alloc_pool);
+ }
+ }
+ if (co) {
+- QSLIST_REMOVE_HEAD(&alloc_pool, pool_next);
+- alloc_pool_size--;
++ QSLIST_REMOVE_HEAD(alloc_pool, pool_next);
++ set_alloc_pool_size(get_alloc_pool_size() - 1);
+ }
+ }
+
+@@ -99,9 +106,9 @@ static void coroutine_delete(Coroutine *co)
+ qatomic_inc(&release_pool_size);
+ return;
+ }
+- if (alloc_pool_size < qatomic_read(&pool_max_size)) {
+- QSLIST_INSERT_HEAD(&alloc_pool, co, pool_next);
+- alloc_pool_size++;
++ if (get_alloc_pool_size() < qatomic_read(&pool_max_size)) {
++ QSLIST_INSERT_HEAD(get_ptr_alloc_pool(), co, pool_next);
++ set_alloc_pool_size(get_alloc_pool_size() + 1);
+ return;
+ }
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/SOURCES/kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..1665319
--- /dev/null
+++ b/SOURCES/kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,99 @@
+From 336581e6e9ace3f1ddd24ad0a258db9785f9b0ed Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 12:08:12 +0100
+Subject: [PATCH 3/6] coroutine-win32: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 89: coroutine: use coroutine TLS macros to protect thread-local variables
+RH-Commit: [3/3] 55b35dfdae1bc7d6f614ac9f81a92f5c6431f713 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 1952483
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+
+I think coroutine-win32.c could get away with __thread because the
+variables are only used in situations where either the stale value is
+correct (current) or outside coroutine context (loading leader when
+current is NULL). Due to the difficulty of being sure that this is
+really safe in all scenarios it seems worth converting it anyway.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-4-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit c1fe694357a328c807ae3cc6961c19e923448fcc)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ util/coroutine-win32.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/util/coroutine-win32.c b/util/coroutine-win32.c
+index de6bd4fd3e..c02a62c896 100644
+--- a/util/coroutine-win32.c
++++ b/util/coroutine-win32.c
+@@ -25,6 +25,7 @@
+ #include "qemu/osdep.h"
+ #include "qemu-common.h"
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+
+ typedef struct
+ {
+@@ -34,8 +35,8 @@ typedef struct
+ CoroutineAction action;
+ } CoroutineWin32;
+
+-static __thread CoroutineWin32 leader;
+-static __thread Coroutine *current;
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineWin32, leader);
++QEMU_DEFINE_STATIC_CO_TLS(Coroutine *, current);
+
+ /* This function is marked noinline to prevent GCC from inlining it
+ * into coroutine_trampoline(). If we allow it to do that then it
+@@ -52,7 +53,7 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+ CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, from_);
+ CoroutineWin32 *to = DO_UPCAST(CoroutineWin32, base, to_);
+
+- current = to_;
++ set_current(to_);
+
+ to->action = action;
+ SwitchToFiber(to->fiber);
+@@ -89,14 +90,21 @@ void qemu_coroutine_delete(Coroutine *co_)
+
+ Coroutine *qemu_coroutine_self(void)
+ {
++ Coroutine *current = get_current();
++
+ if (!current) {
+- current = &leader.base;
+- leader.fiber = ConvertThreadToFiber(NULL);
++ CoroutineWin32 *leader = get_ptr_leader();
++
++ current = &leader->base;
++ set_current(current);
++ leader->fiber = ConvertThreadToFiber(NULL);
+ }
+ return current;
+ }
+
+ bool qemu_in_coroutine(void)
+ {
++ Coroutine *current = get_current();
++
+ return current && current->caller;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-doc-Add-the-SGX-numa-description.patch b/SOURCES/kvm-doc-Add-the-SGX-numa-description.patch
deleted file mode 100644
index 8eac5fa..0000000
--- a/SOURCES/kvm-doc-Add-the-SGX-numa-description.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From eb88a12ab1ecfe77bcc0d0067c96fce27a3bde01 Mon Sep 17 00:00:00 2001
-From: Yang Zhong <yang.zhong@intel.com>
-Date: Mon, 1 Nov 2021 12:20:08 -0400
-Subject: [PATCH 03/12] doc: Add the SGX numa description
-
-RH-Author: Paul Lai <plai@redhat.com>
-RH-MergeRequest: 65: Enable SGX and add SGX Numa support
-RH-Commit: [3/5] c27b3f6976cbe92cc3c0e1dab0191cdd25de596a
-RH-Bugzilla: 2033708
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: Bandan Das <None>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Add the SGX numa reference command and how to check if
-SGX numa is support or not with multiple EPC sections.
-
-Signed-off-by: Yang Zhong <yang.zhong@intel.com>
-Message-Id: <20211101162009.62161-5-yang.zhong@intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit d1889b36098c79e2e6ac90faf3d0dc5ec0057677)
-Signed-off-by: Paul Lai <plai@redhat.com>
----
- docs/system/i386/sgx.rst | 31 +++++++++++++++++++++++++++----
- 1 file changed, 27 insertions(+), 4 deletions(-)
-
-diff --git a/docs/system/i386/sgx.rst b/docs/system/i386/sgx.rst
-index f8fade5ac2..0f0a73f758 100644
---- a/docs/system/i386/sgx.rst
-+++ b/docs/system/i386/sgx.rst
-@@ -141,8 +141,7 @@ To launch a SGX guest:
- |qemu_system_x86| \\
- -cpu host,+sgx-provisionkey \\
- -object memory-backend-epc,id=mem1,size=64M,prealloc=on \\
-- -object memory-backend-epc,id=mem2,size=28M \\
-- -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
-+ -M sgx-epc.0.memdev=mem1,sgx-epc.0.node=0
-
- Utilizing SGX in the guest requires a kernel/OS with SGX support.
- The support can be determined in guest by::
-@@ -152,8 +151,32 @@ The support can be determined in guest by::
- and SGX epc info by::
-
- $ dmesg | grep sgx
-- [ 1.242142] sgx: EPC section 0x180000000-0x181bfffff
-- [ 1.242319] sgx: EPC section 0x181c00000-0x1837fffff
-+ [ 0.182807] sgx: EPC section 0x140000000-0x143ffffff
-+ [ 0.183695] sgx: [Firmware Bug]: Unable to map EPC section to online node. Fallback to the NUMA node 0.
-+
-+To launch a SGX numa guest:
-+
-+.. parsed-literal::
-+
-+ |qemu_system_x86| \\
-+ -cpu host,+sgx-provisionkey \\
-+ -object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \\
-+ -object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \\
-+ -numa node,nodeid=0,cpus=0-1,memdev=node0 \\
-+ -object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \\
-+ -object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \\
-+ -numa node,nodeid=1,cpus=2-3,memdev=node1 \\
-+ -M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1
-+
-+and SGX epc numa info by::
-+
-+ $ dmesg | grep sgx
-+ [ 0.369937] sgx: EPC section 0x180000000-0x183ffffff
-+ [ 0.370259] sgx: EPC section 0x184000000-0x185bfffff
-+
-+ $ dmesg | grep SRAT
-+ [ 0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff]
-+ [ 0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff]
-
- References
- ----------
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch b/SOURCES/kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch
new file mode 100644
index 0000000..2795dcd
--- /dev/null
+++ b/SOURCES/kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch
@@ -0,0 +1,179 @@
+From 8a12049e97149056f61f7748d9869606d282d16e Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Wed, 11 May 2022 18:01:35 +0800
+Subject: [PATCH 06/16] hw/acpi/aml-build: Use existing CPU topology to build
+ PPTT table
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 86: hw/arm/virt: Fix the default CPU topology
+RH-Commit: [6/6] 53fa376531c204cf706cc1a7a0499019756106cb (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2041823
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041823
+
+When the PPTT table is built, the CPU topology is re-calculated, but
+it's unecessary because the CPU topology has been populated in
+virt_possible_cpu_arch_ids() on arm/virt machine.
+
+This reworks build_pptt() to avoid by reusing the existing IDs in
+ms->possible_cpus. Currently, the only user of build_pptt() is
+arm/virt machine.
+
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Tested-by: Yanan Wang <wangyanan55@huawei.com>
+Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
+Acked-by: Igor Mammedov <imammedo@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Message-id: 20220503140304.855514-7-gshan@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit ae9141d4a3265553503bf07d3574b40f84615a34)
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ hw/acpi/aml-build.c | 111 +++++++++++++++++++-------------------------
+ 1 file changed, 48 insertions(+), 63 deletions(-)
+
+diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
+index 4086879ebf..e6bfac95c7 100644
+--- a/hw/acpi/aml-build.c
++++ b/hw/acpi/aml-build.c
+@@ -2002,86 +2002,71 @@ void build_pptt(GArray *table_data, BIOSLinker *linker, MachineState *ms,
+ const char *oem_id, const char *oem_table_id)
+ {
+ MachineClass *mc = MACHINE_GET_CLASS(ms);
+- GQueue *list = g_queue_new();
+- guint pptt_start = table_data->len;
+- guint parent_offset;
+- guint length, i;
+- int uid = 0;
+- int socket;
++ CPUArchIdList *cpus = ms->possible_cpus;
++ int64_t socket_id = -1, cluster_id = -1, core_id = -1;
++ uint32_t socket_offset = 0, cluster_offset = 0, core_offset = 0;
++ uint32_t pptt_start = table_data->len;
++ int n;
+ AcpiTable table = { .sig = "PPTT", .rev = 2,
+ .oem_id = oem_id, .oem_table_id = oem_table_id };
+
+ acpi_table_begin(&table, table_data);
+
+- for (socket = 0; socket < ms->smp.sockets; socket++) {
+- g_queue_push_tail(list,
+- GUINT_TO_POINTER(table_data->len - pptt_start));
+- build_processor_hierarchy_node(
+- table_data,
+- /*
+- * Physical package - represents the boundary
+- * of a physical package
+- */
+- (1 << 0),
+- 0, socket, NULL, 0);
+- }
+-
+- if (mc->smp_props.clusters_supported) {
+- length = g_queue_get_length(list);
+- for (i = 0; i < length; i++) {
+- int cluster;
+-
+- parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list));
+- for (cluster = 0; cluster < ms->smp.clusters; cluster++) {
+- g_queue_push_tail(list,
+- GUINT_TO_POINTER(table_data->len - pptt_start));
+- build_processor_hierarchy_node(
+- table_data,
+- (0 << 0), /* not a physical package */
+- parent_offset, cluster, NULL, 0);
+- }
++ /*
++ * This works with the assumption that cpus[n].props.*_id has been
++ * sorted from top to down levels in mc->possible_cpu_arch_ids().
++ * Otherwise, the unexpected and duplicated containers will be
++ * created.
++ */
++ for (n = 0; n < cpus->len; n++) {
++ if (cpus->cpus[n].props.socket_id != socket_id) {
++ assert(cpus->cpus[n].props.socket_id > socket_id);
++ socket_id = cpus->cpus[n].props.socket_id;
++ cluster_id = -1;
++ core_id = -1;
++ socket_offset = table_data->len - pptt_start;
++ build_processor_hierarchy_node(table_data,
++ (1 << 0), /* Physical package */
++ 0, socket_id, NULL, 0);
+ }
+- }
+
+- length = g_queue_get_length(list);
+- for (i = 0; i < length; i++) {
+- int core;
+-
+- parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list));
+- for (core = 0; core < ms->smp.cores; core++) {
+- if (ms->smp.threads > 1) {
+- g_queue_push_tail(list,
+- GUINT_TO_POINTER(table_data->len - pptt_start));
+- build_processor_hierarchy_node(
+- table_data,
+- (0 << 0), /* not a physical package */
+- parent_offset, core, NULL, 0);
+- } else {
+- build_processor_hierarchy_node(
+- table_data,
+- (1 << 1) | /* ACPI Processor ID valid */
+- (1 << 3), /* Node is a Leaf */
+- parent_offset, uid++, NULL, 0);
++ if (mc->smp_props.clusters_supported) {
++ if (cpus->cpus[n].props.cluster_id != cluster_id) {
++ assert(cpus->cpus[n].props.cluster_id > cluster_id);
++ cluster_id = cpus->cpus[n].props.cluster_id;
++ core_id = -1;
++ cluster_offset = table_data->len - pptt_start;
++ build_processor_hierarchy_node(table_data,
++ (0 << 0), /* Not a physical package */
++ socket_offset, cluster_id, NULL, 0);
+ }
++ } else {
++ cluster_offset = socket_offset;
+ }
+- }
+
+- length = g_queue_get_length(list);
+- for (i = 0; i < length; i++) {
+- int thread;
++ if (ms->smp.threads == 1) {
++ build_processor_hierarchy_node(table_data,
++ (1 << 1) | /* ACPI Processor ID valid */
++ (1 << 3), /* Node is a Leaf */
++ cluster_offset, n, NULL, 0);
++ } else {
++ if (cpus->cpus[n].props.core_id != core_id) {
++ assert(cpus->cpus[n].props.core_id > core_id);
++ core_id = cpus->cpus[n].props.core_id;
++ core_offset = table_data->len - pptt_start;
++ build_processor_hierarchy_node(table_data,
++ (0 << 0), /* Not a physical package */
++ cluster_offset, core_id, NULL, 0);
++ }
+
+- parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list));
+- for (thread = 0; thread < ms->smp.threads; thread++) {
+- build_processor_hierarchy_node(
+- table_data,
++ build_processor_hierarchy_node(table_data,
+ (1 << 1) | /* ACPI Processor ID valid */
+ (1 << 2) | /* Processor is a Thread */
+ (1 << 3), /* Node is a Leaf */
+- parent_offset, uid++, NULL, 0);
++ core_offset, n, NULL, 0);
+ }
+ }
+
+- g_queue_free(list);
+ acpi_table_end(linker, &table);
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-arm-smmuv3-Fix-device-reset.patch b/SOURCES/kvm-hw-arm-smmuv3-Fix-device-reset.patch
deleted file mode 100644
index 3b8f307..0000000
--- a/SOURCES/kvm-hw-arm-smmuv3-Fix-device-reset.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From c08c3fbb2bb8494738fd34ec8fc9dc434ce82f4b Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Wed, 2 Feb 2022 12:16:02 +0100
-Subject: [PATCH 12/12] hw/arm/smmuv3: Fix device reset
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 72: hw/arm/smmuv3: Fix device reset
-RH-Commit: [1/1] 2cfee2f7a03692681224fed96bb4f28406bf460a (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2042481
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Peter Xu <peterx@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-
-branch: c9s
-Brew: 42958737
-Upstream: yes
-
-We currently miss a bunch of register resets in the device reset
-function. This sometimes prevents the guest from rebooting after
-a system_reset (with virtio-blk-pci). For instance, we may get
-the following errors:
-
-invalid STE
-smmuv3-iommu-memory-region-0-0 translation failed for iova=0x13a9d2000(SMMU_EVT_C_BAD_STE)
-Invalid read at addr 0x13A9D2000, size 2, region '(null)', reason: rejected
-invalid STE
-smmuv3-iommu-memory-region-0-0 translation failed for iova=0x13a9d2000(SMMU_EVT_C_BAD_STE)
-Invalid write at addr 0x13A9D2000, size 2, region '(null)', reason: rejected
-invalid STE
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
-Message-id: 20220202111602.627429-1-eric.auger@redhat.com
-Fixes: 10a83cb988 ("hw/arm/smmuv3: Skeleton")
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-(cherry picked from commit 43530095e18fd16dcd51a4b385ad2a22c36f5698)
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/smmuv3.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
-index 01b60bee49..1b5640bb98 100644
---- a/hw/arm/smmuv3.c
-+++ b/hw/arm/smmuv3.c
-@@ -276,6 +276,12 @@ static void smmuv3_init_regs(SMMUv3State *s)
- s->features = 0;
- s->sid_split = 0;
- s->aidr = 0x1;
-+ s->cr[0] = 0;
-+ s->cr0ack = 0;
-+ s->irq_ctrl = 0;
-+ s->gerror = 0;
-+ s->gerrorn = 0;
-+ s->statusr = 0;
- }
-
- static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch b/SOURCES/kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch
deleted file mode 100644
index 390a91c..0000000
--- a/SOURCES/kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 6b0e129f0758ccd076d1ecbf85c8f1e863788981 Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Mon, 20 Dec 2021 10:11:47 +0100
-Subject: [PATCH 5/6] hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 57: hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-RH-Commit: [5/6] f573a2fb44882a010e2c6bf5f561f29d54e6e9b5 (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2031044
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-branch: c9s
-Brew: 42213566
-Upstream: no
-
-Add 9.0 machine type and remove 8.5 one.
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/virt.c | 10 ++--------
- 1 file changed, 2 insertions(+), 8 deletions(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index d433139479..d537706a86 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -3236,14 +3236,8 @@ static void rhel_machine_init(void)
- }
- type_init(rhel_machine_init);
-
--static void rhel850_virt_options(MachineClass *mc)
-+static void rhel900_virt_options(MachineClass *mc)
- {
-- VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
--
- compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len);
-- compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
-- mc->smp_props.prefer_sockets = true;
-- vmc->no_cpu_topology = true;
-- vmc->no_tcg_its = true;
- }
--DEFINE_RHEL_MACHINE_AS_LATEST(8, 5, 0)
-+DEFINE_RHEL_MACHINE_AS_LATEST(9, 0, 0)
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch b/SOURCES/kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch
deleted file mode 100644
index 0e4acf4..0000000
--- a/SOURCES/kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 4098f7b5aea8871a655bab43d5114d067662e6c5 Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Wed, 5 Jan 2022 16:17:10 +0100
-Subject: [PATCH 6/6] hw/arm/virt: Check no_tcg_its and minor style changes
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 57: hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-RH-Commit: [6/6] 4480d569463fd3f637404539d3bd06b59cafbc88 (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2031044
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-branch: c9s
-Brew: 42213566
-Upstream: no
-
-Truly allow TCG ITS instantiation according to the no_tcg_its
-class flag. Otherwise it is always set to false.
-
-We also take benefit of this patch to do some minor non
-functional style changes to be closer to the upstream code.
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/virt.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index d537706a86..0e691cbe81 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -3163,6 +3163,7 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "in ACPI table header."
- "The string may be up to 6 bytes in size");
-
-+
- object_class_property_add_str(oc, "x-oem-table-id",
- virt_get_oem_table_id,
- virt_set_oem_table_id);
-@@ -3170,6 +3171,7 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "Override the default value of field OEM Table ID "
- "in ACPI table header."
- "The string may be up to 8 bytes in size");
-+
- }
-
- static void rhel_virt_instance_init(Object *obj)
-@@ -3194,26 +3196,32 @@ static void rhel_virt_instance_init(Object *obj)
- } else {
- /* Default allows ITS instantiation */
- vms->its = true;
-+
-+ if (vmc->no_tcg_its) {
-+ vms->tcg_its = false;
-+ } else {
-+ vms->tcg_its = true;
-+ }
- }
-
- /* Default disallows iommu instantiation */
- vms->iommu = VIRT_IOMMU_NONE;
-
-+ /* The default root bus is attached to iommu by default */
-+ vms->default_bus_bypass_iommu = false;
-+
- /* Default disallows RAS instantiation and is non-configurable for RHEL */
- vms->ras = false;
-
- /* MTE is disabled by default and non-configurable for RHEL */
- vms->mte = false;
-
-- /* The default root bus is attached to iommu by default */
-- vms->default_bus_bypass_iommu = false;
--
- vms->irqmap = a15irqmap;
-
- virt_flash_create(vms);
-+
- vms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
- vms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
--
- }
-
- static const TypeInfo rhel_machine_info = {
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch b/SOURCES/kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch
new file mode 100644
index 0000000..240aead
--- /dev/null
+++ b/SOURCES/kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch
@@ -0,0 +1,74 @@
+From 3b05d3464945295112b5d02d142422f524a52054 Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Wed, 11 May 2022 18:01:35 +0800
+Subject: [PATCH 03/16] hw/arm/virt: Consider SMP configuration in CPU topology
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 86: hw/arm/virt: Fix the default CPU topology
+RH-Commit: [3/6] 7125b41f038c2b1cb33377d0ef1222f1ea42b648 (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2041823
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041823
+
+Currently, the SMP configuration isn't considered when the CPU
+topology is populated. In this case, it's impossible to provide
+the default CPU-to-NUMA mapping or association based on the socket
+ID of the given CPU.
+
+This takes account of SMP configuration when the CPU topology
+is populated. The die ID for the given CPU isn't assigned since
+it's not supported on arm/virt machine. Besides, the used SMP
+configuration in qtest/numa-test/aarch64_numa_cpu() is corrcted
+to avoid testing failure
+
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
+Acked-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20220503140304.855514-4-gshan@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit c9ec4cb5e4936f980889e717524e73896b0200ed)
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ hw/arm/virt.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 8be12e121d..a87c8d396a 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -2553,6 +2553,7 @@ static const CPUArchIdList *virt_possible_cpu_arch_ids(MachineState *ms)
+ int n;
+ unsigned int max_cpus = ms->smp.max_cpus;
+ VirtMachineState *vms = VIRT_MACHINE(ms);
++ MachineClass *mc = MACHINE_GET_CLASS(vms);
+
+ if (ms->possible_cpus) {
+ assert(ms->possible_cpus->len == max_cpus);
+@@ -2566,8 +2567,20 @@ static const CPUArchIdList *virt_possible_cpu_arch_ids(MachineState *ms)
+ ms->possible_cpus->cpus[n].type = ms->cpu_type;
+ ms->possible_cpus->cpus[n].arch_id =
+ virt_cpu_mp_affinity(vms, n);
++
++ assert(!mc->smp_props.dies_supported);
++ ms->possible_cpus->cpus[n].props.has_socket_id = true;
++ ms->possible_cpus->cpus[n].props.socket_id =
++ n / (ms->smp.clusters * ms->smp.cores * ms->smp.threads);
++ ms->possible_cpus->cpus[n].props.has_cluster_id = true;
++ ms->possible_cpus->cpus[n].props.cluster_id =
++ (n / (ms->smp.cores * ms->smp.threads)) % ms->smp.clusters;
++ ms->possible_cpus->cpus[n].props.has_core_id = true;
++ ms->possible_cpus->cpus[n].props.core_id =
++ (n / ms->smp.threads) % ms->smp.cores;
+ ms->possible_cpus->cpus[n].props.has_thread_id = true;
+- ms->possible_cpus->cpus[n].props.thread_id = n;
++ ms->possible_cpus->cpus[n].props.thread_id =
++ n % ms->smp.threads;
+ }
+ return ms->possible_cpus;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-arm-virt-Expose-the-RAS-option.patch b/SOURCES/kvm-hw-arm-virt-Expose-the-RAS-option.patch
deleted file mode 100644
index e0365c9..0000000
--- a/SOURCES/kvm-hw-arm-virt-Expose-the-RAS-option.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 914d9f9eea5d0a944aa93682b03d3189ad37ec9b Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Mon, 20 Dec 2021 15:34:22 +0100
-Subject: [PATCH 4/6] hw/arm/virt: Expose the 'RAS' option
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 57: hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-RH-Commit: [4/6] c8704564d31b23a0f08a6ced946c9a81e2e72c11 (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2031044
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-branch: c9s
-Brew: 42213566
-Upstream: no
-
-In RHEL9.0 we want to expose the 'RAS' option.
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/virt.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index c99ca93e75..d433139479 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -2348,7 +2348,6 @@ static void virt_set_acpi(Object *obj, Visitor *v, const char *name,
- visit_type_OnOffAuto(v, name, &vms->acpi, errp);
- }
-
--#if 0 /* Disabled for Red Hat Enterprise Linux */
- static bool virt_get_ras(Object *obj, Error **errp)
- {
- VirtMachineState *vms = VIRT_MACHINE(obj);
-@@ -2363,6 +2362,7 @@ static void virt_set_ras(Object *obj, bool value, Error **errp)
- vms->ras = value;
- }
-
-+#if 0 /* Disabled for Red Hat Enterprise Linux */
- static bool virt_get_mte(Object *obj, Error **errp)
- {
- VirtMachineState *vms = VIRT_MACHINE(obj);
-@@ -3143,6 +3143,12 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "Set on/off to enable/disable "
- "bypass_iommu for default root bus");
-
-+ object_class_property_add_bool(oc, "ras", virt_get_ras,
-+ virt_set_ras);
-+ object_class_property_set_description(oc, "ras",
-+ "Set on/off to enable/disable reporting host memory errors "
-+ "to a KVM guest using ACPI and guest external abort exceptions");
-+
- object_class_property_add_bool(oc, "its", virt_get_its,
- virt_set_its);
- object_class_property_set_description(oc, "its",
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch b/SOURCES/kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch
new file mode 100644
index 0000000..6b60b70
--- /dev/null
+++ b/SOURCES/kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch
@@ -0,0 +1,88 @@
+From 14e49ad3b98f01c1ad6fe456469d40a96a43dc3c Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Wed, 11 May 2022 18:01:35 +0800
+Subject: [PATCH 05/16] hw/arm/virt: Fix CPU's default NUMA node ID
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 86: hw/arm/virt: Fix the default CPU topology
+RH-Commit: [5/6] 5336f62bc0c53c0417db1d71ef89544907bc28c0 (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2041823
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041823
+
+When CPU-to-NUMA association isn't explicitly provided by users,
+the default one is given by mc->get_default_cpu_node_id(). However,
+the CPU topology isn't fully considered in the default association
+and this causes CPU topology broken warnings on booting Linux guest.
+
+For example, the following warning messages are observed when the
+Linux guest is booted with the following command lines.
+
+/home/gavin/sandbox/qemu.main/build/qemu-system-aarch64 \
+-accel kvm -machine virt,gic-version=host \
+-cpu host \
+-smp 6,sockets=2,cores=3,threads=1 \
+-m 1024M,slots=16,maxmem=64G \
+-object memory-backend-ram,id=mem0,size=128M \
+-object memory-backend-ram,id=mem1,size=128M \
+-object memory-backend-ram,id=mem2,size=128M \
+-object memory-backend-ram,id=mem3,size=128M \
+-object memory-backend-ram,id=mem4,size=128M \
+-object memory-backend-ram,id=mem4,size=384M \
+-numa node,nodeid=0,memdev=mem0 \
+-numa node,nodeid=1,memdev=mem1 \
+-numa node,nodeid=2,memdev=mem2 \
+-numa node,nodeid=3,memdev=mem3 \
+-numa node,nodeid=4,memdev=mem4 \
+-numa node,nodeid=5,memdev=mem5
+:
+alternatives: patching kernel code
+BUG: arch topology borken
+the CLS domain not a subset of the MC domain
+<the above error log repeats>
+BUG: arch topology borken
+the DIE domain not a subset of the NODE domain
+
+With current implementation of mc->get_default_cpu_node_id(),
+CPU#0 to CPU#5 are associated with NODE#0 to NODE#5 separately.
+That's incorrect because CPU#0/1/2 should be associated with same
+NUMA node because they're seated in same socket.
+
+This fixes the issue by considering the socket ID when the default
+CPU-to-NUMA association is provided in virt_possible_cpu_arch_ids().
+With this applied, no more CPU topology broken warnings are seen
+from the Linux guest. The 6 CPUs are associated with NODE#0/1, but
+there are no CPUs associated with NODE#2/3/4/5.
+
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Reviewed-by: Igor Mammedov <imammedo@redhat.com>
+Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
+Message-id: 20220503140304.855514-6-gshan@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 4c18bc192386dfbca530e7f550e0992df657818a)
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ hw/arm/virt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index a87c8d396a..95d012d6eb 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -2545,7 +2545,9 @@ virt_cpu_index_to_props(MachineState *ms, unsigned cpu_index)
+
+ static int64_t virt_get_default_cpu_node_id(const MachineState *ms, int idx)
+ {
+- return idx % ms->numa_state->num_nodes;
++ int64_t socket_id = ms->possible_cpus->cpus[idx].props.socket_id;
++
++ return socket_id % ms->numa_state->num_nodes;
+ }
+
+ static const CPUArchIdList *virt_possible_cpu_arch_ids(MachineState *ms)
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch b/SOURCES/kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch
new file mode 100644
index 0000000..78b9ee0
--- /dev/null
+++ b/SOURCES/kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch
@@ -0,0 +1,56 @@
+From e25c40735d2f022c07481b548d20476222006657 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Wed, 4 May 2022 11:11:54 +0200
+Subject: [PATCH 2/5] hw/arm/virt: Fix missing initialization in
+ instance/class_init()
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 82: hw/arm/virt: Remove the dtb-kaslr-seed machine option
+RH-Commit: [2/2] 22cbbfc30cf57a09b8acfb25d8a4dff2754c630c (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2046029
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2046029
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45133161
+Upstream Status: RHEL-only
+Tested: Boot RHEL guest and check migration from 8.6 to 9.1
+ (with custom additions)
+
+During the 7.0 rebase, the initialization of highmem_mmio and
+highmem_redists was forgotten in rhel_virt_instance_init().
+Fix it to match virt_instance_init() code.
+
+Also mc->smp_props.clusters_supported was missing in
+rhel_machine_class_init().
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/arm/virt.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index bde4f77994..8be12e121d 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -3286,6 +3286,7 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
+ hc->unplug_request = virt_machine_device_unplug_request_cb;
+ hc->unplug = virt_machine_device_unplug_cb;
+ mc->nvdimm_supported = true;
++ mc->smp_props.clusters_supported = true;
+ mc->auto_enable_numa_with_memhp = true;
+ mc->auto_enable_numa_with_memdev = true;
+ mc->default_ram_id = "mach-virt.ram";
+@@ -3366,6 +3367,8 @@ static void rhel_virt_instance_init(Object *obj)
+ vms->gic_version = VIRT_GIC_VERSION_NOSEL;
+
+ vms->highmem_ecam = !vmc->no_highmem_ecam;
++ vms->highmem_mmio = true;
++ vms->highmem_redists = true;
+
+ if (vmc->no_its) {
+ vms->its = false;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch b/SOURCES/kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch
deleted file mode 100644
index 6c21c9a..0000000
--- a/SOURCES/kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 545076d67ef27203e08538123d8bc3798caf9505 Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Mon, 20 Dec 2021 15:50:44 +0100
-Subject: [PATCH 1/6] hw/arm/virt: Register "iommu" as a class property
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 57: hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-RH-Commit: [1/6] 2b6a22ebddd2da7505961ff4ffe90424f7489300 (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2031044
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-branch: c9s
-Brew: 42213566
-Upstream: no
-
-Register the "iommu" option as a class property. This mirrors what
-was done in upstream commit b91def7b ("arm/virt: Register
-most properties as class properties").
-
-While we are at it we also move the "x-oem-id" and "x-oem-table-id"
-registrations at the very end of the rhel_machine_class_init()
-function. This makes our life easier when comparing with upstream.
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/virt.c | 23 ++++++++++++-----------
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index 6ba9a2c2e1..7e227b1fa4 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -3131,6 +3131,18 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "Set GIC version. "
- "Valid values are 2, 3, host and max");
-
-+ object_class_property_add_str(oc, "iommu", virt_get_iommu, virt_set_iommu);
-+ object_class_property_set_description(oc, "iommu",
-+ "Set the IOMMU type. "
-+ "Valid values are none and smmuv3");
-+
-+ object_class_property_add_bool(oc, "default_bus_bypass_iommu",
-+ virt_get_default_bus_bypass_iommu,
-+ virt_set_default_bus_bypass_iommu);
-+ object_class_property_set_description(oc, "default_bus_bypass_iommu",
-+ "Set on/off to enable/disable "
-+ "bypass_iommu for default root bus");
-+
- object_class_property_add_str(oc, "x-oem-id",
- virt_get_oem_id,
- virt_set_oem_id);
-@@ -3146,13 +3158,6 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "Override the default value of field OEM Table ID "
- "in ACPI table header."
- "The string may be up to 8 bytes in size");
-- object_class_property_add_bool(oc, "default_bus_bypass_iommu",
-- virt_get_default_bus_bypass_iommu,
-- virt_set_default_bus_bypass_iommu);
-- object_class_property_set_description(oc, "default_bus_bypass_iommu",
-- "Set on/off to enable/disable "
-- "bypass_iommu for default root bus");
--
- }
-
- static void rhel_virt_instance_init(Object *obj)
-@@ -3186,10 +3191,6 @@ static void rhel_virt_instance_init(Object *obj)
-
- /* Default disallows iommu instantiation */
- vms->iommu = VIRT_IOMMU_NONE;
-- object_property_add_str(obj, "iommu", virt_get_iommu, virt_set_iommu);
-- object_property_set_description(obj, "iommu",
-- "Set the IOMMU type. "
-- "Valid values are none and smmuv3");
-
- /* Default disallows RAS instantiation and is non-configurable for RHEL */
- vms->ras = false;
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-arm-virt-Register-its-as-a-class-property.patch b/SOURCES/kvm-hw-arm-virt-Register-its-as-a-class-property.patch
deleted file mode 100644
index 95f58a4..0000000
--- a/SOURCES/kvm-hw-arm-virt-Register-its-as-a-class-property.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 789933e2598f9a525c2a638feca974ca1730a859 Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Mon, 20 Dec 2021 16:04:59 +0100
-Subject: [PATCH 2/6] hw/arm/virt: Register "its" as a class property
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 57: hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-RH-Commit: [2/6] dbd3e994553f00cd19842824f6bd763863a4e484 (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2031044
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-branch: c9s
-Brew: 42213566
-Upstream: no
-
-Register "its" as a class property. This mirrors what was done
-in commit 27edeeaafe43 ("virt: Register "its" as class property").
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/virt.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index 7e227b1fa4..984151b7dd 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -3143,6 +3143,12 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "Set on/off to enable/disable "
- "bypass_iommu for default root bus");
-
-+ object_class_property_add_bool(oc, "its", virt_get_its,
-+ virt_set_its);
-+ object_class_property_set_description(oc, "its",
-+ "Set on/off to enable/disable "
-+ "ITS instantiation");
-+
- object_class_property_add_str(oc, "x-oem-id",
- virt_get_oem_id,
- virt_set_oem_id);
-@@ -3182,11 +3188,6 @@ static void rhel_virt_instance_init(Object *obj)
- } else {
- /* Default allows ITS instantiation */
- vms->its = true;
-- object_property_add_bool(obj, "its", virt_get_its,
-- virt_set_its);
-- object_property_set_description(obj, "its",
-- "Set on/off to enable/disable "
-- "ITS instantiation");
- }
-
- /* Default disallows iommu instantiation */
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch b/SOURCES/kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch
new file mode 100644
index 0000000..10af6c0
--- /dev/null
+++ b/SOURCES/kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch
@@ -0,0 +1,76 @@
+From 69f771c3dc641431f3e98497cbd3832edb69284f Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Tue, 3 May 2022 08:56:52 +0200
+Subject: [PATCH 1/5] hw/arm/virt: Remove the dtb-kaslr-seed machine option
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 82: hw/arm/virt: Remove the dtb-kaslr-seed machine option
+RH-Commit: [1/2] a89dcd7f22e04ae39de99795d3f34cdd0b831bc0 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2046029
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2046029
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45133161
+Upstream Status: RHEL-only
+Tested: Boot RHEL guest and check the option is not available
+
+In RHEL we do not want to expose the dtb-kaslr-seed virt machine
+option. Indeed the default 'on' value matches our need as
+random data in the DTB does not cause any boot failure and we
+want to support KASLR for the guest.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+
+---
+---
+ hw/arm/virt.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index e06862d22a..bde4f77994 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -2350,6 +2350,7 @@ static void virt_set_its(Object *obj, bool value, Error **errp)
+ vms->its = value;
+ }
+
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ static bool virt_get_dtb_kaslr_seed(Object *obj, Error **errp)
+ {
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+@@ -2363,6 +2364,7 @@ static void virt_set_dtb_kaslr_seed(Object *obj, bool value, Error **errp)
+
+ vms->dtb_kaslr_seed = value;
+ }
++#endif /* disabled for RHEL */
+
+ static char *virt_get_oem_id(Object *obj, Error **errp)
+ {
+@@ -3346,13 +3348,6 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
+ "Override the default value of field OEM Table ID "
+ "in ACPI table header."
+ "The string may be up to 8 bytes in size");
+-
+- object_class_property_add_bool(oc, "dtb-kaslr-seed",
+- virt_get_dtb_kaslr_seed,
+- virt_set_dtb_kaslr_seed);
+- object_class_property_set_description(oc, "dtb-kaslr-seed",
+- "Set off to disable passing of kaslr-seed "
+- "dtb node to guest");
+ }
+
+ static void rhel_virt_instance_init(Object *obj)
+@@ -3397,7 +3392,7 @@ static void rhel_virt_instance_init(Object *obj)
+ /* MTE is disabled by default and non-configurable for RHEL */
+ vms->mte = false;
+
+- /* Supply a kaslr-seed by default */
++ /* Supply a kaslr-seed by default and non-configurable for RHEL */
+ vms->dtb_kaslr_seed = true;
+
+ vms->irqmap = a15irqmap;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch b/SOURCES/kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch
deleted file mode 100644
index eab69d2..0000000
--- a/SOURCES/kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 94987c271c3bdc37216c5baa4c5766b9b7f053a1 Mon Sep 17 00:00:00 2001
-From: Eric Auger <eric.auger@redhat.com>
-Date: Mon, 20 Dec 2021 15:58:38 +0100
-Subject: [PATCH 3/6] hw/arm/virt: Rename default_bus_bypass_iommu
-
-RH-Author: Eric Auger <eric.auger@redhat.com>
-RH-MergeRequest: 57: hw/arm/virt: Add 9.0 machine type and remove 8.5 one
-RH-Commit: [3/6] 6b66844ae4629d8c879f7c6abbc5e5017a162e16 (eauger1/centos-qemu-kvm)
-RH-Bugzilla: 2031044
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-RH-Acked-by: Andrew Jones <drjones@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-branch: c9s
-Brew: 42213566
-Upstream: no
-
-Rename "default_bus_bypass_iommu" into "default-bus-bypass-iommu".
-This mirrors what was done in upstream commit:
-9dad363a223 ("hw/arm/virt: Rename default_bus_bypass_iommu")
-
-Signed-off-by: Eric Auger <eric.auger@redhat.com>
----
- hw/arm/virt.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/arm/virt.c b/hw/arm/virt.c
-index 984151b7dd..c99ca93e75 100644
---- a/hw/arm/virt.c
-+++ b/hw/arm/virt.c
-@@ -3136,10 +3136,10 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
- "Set the IOMMU type. "
- "Valid values are none and smmuv3");
-
-- object_class_property_add_bool(oc, "default_bus_bypass_iommu",
-+ object_class_property_add_bool(oc, "default-bus-bypass-iommu",
- virt_get_default_bus_bypass_iommu,
- virt_set_default_bus_bypass_iommu);
-- object_class_property_set_description(oc, "default_bus_bypass_iommu",
-+ object_class_property_set_description(oc, "default-bus-bypass-iommu",
- "Set on/off to enable/disable "
- "bypass_iommu for default root bus");
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch b/SOURCES/kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch
new file mode 100644
index 0000000..1bdad27
--- /dev/null
+++ b/SOURCES/kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch
@@ -0,0 +1,96 @@
+From 6ee4a8718dcce2d6da43ee200534b75baf1d7bbe Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 18 Nov 2021 12:57:32 +0100
+Subject: [PATCH 16/17] hw/block/fdc: Prevent end-of-track overrun
+ (CVE-2021-3507)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 107: hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
+RH-Commit: [1/2] 9ffc5290348884d20b894fa79f4d0c8089247f8b (mrezanin/centos-src-qemu-kvm)
+RH-Bugzilla: 1951522
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+Per the 82078 datasheet, if the end-of-track (EOT byte in
+the FIFO) is more than the number of sectors per side, the
+command is terminated unsuccessfully:
+
+* 5.2.5 DATA TRANSFER TERMINATION
+
+ The 82078 supports terminal count explicitly through
+ the TC pin and implicitly through the underrun/over-
+ run and end-of-track (EOT) functions. For full sector
+ transfers, the EOT parameter can define the last
+ sector to be transferred in a single or multisector
+ transfer. If the last sector to be transferred is a par-
+ tial sector, the host can stop transferring the data in
+ mid-sector, and the 82078 will continue to complete
+ the sector as if a hardware TC was received. The
+ only difference between these implicit functions and
+ TC is that they return "abnormal termination" result
+ status. Such status indications can be ignored if they
+ were expected.
+
+* 6.1.3 READ TRACK
+
+ This command terminates when the EOT specified
+ number of sectors have been read. If the 82078
+ does not find an I D Address Mark on the diskette
+ after the second· occurrence of a pulse on the
+ INDX# pin, then it sets the IC code in Status Regis-
+ ter 0 to "01" (Abnormal termination), sets the MA bit
+ in Status Register 1 to "1", and terminates the com-
+ mand.
+
+* 6.1.6 VERIFY
+
+ Refer to Table 6-6 and Table 6-7 for information
+ concerning the values of MT and EC versus SC and
+ EOT value.
+
+* Table 6·6. Result Phase Table
+
+* Table 6-7. Verify Command Result Phase Table
+
+Fix by aborting the transfer when EOT > # Sectors Per Side.
+
+Cc: qemu-stable@nongnu.org
+Cc: Hervé Poussineau <hpoussin@reactos.org>
+Fixes: baca51faff0 ("floppy driver: disk geometry auto detect")
+Reported-by: Alexander Bulekov <alxndr@bu.edu>
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/339
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-Id: <20211118115733.4038610-2-philmd@redhat.com>
+Reviewed-by: Hanna Reitz <hreitz@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit defac5e2fbddf8423a354ff0454283a2115e1367)
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ hw/block/fdc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/block/fdc.c b/hw/block/fdc.c
+index ca1776121f..6481ec0cfb 100644
+--- a/hw/block/fdc.c
++++ b/hw/block/fdc.c
+@@ -1532,6 +1532,14 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction)
+ int tmp;
+ fdctrl->data_len = 128 << (fdctrl->fifo[5] > 7 ? 7 : fdctrl->fifo[5]);
+ tmp = (fdctrl->fifo[6] - ks + 1);
++ if (tmp < 0) {
++ FLOPPY_DPRINTF("invalid EOT: %d\n", tmp);
++ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
++ fdctrl->fifo[3] = kt;
++ fdctrl->fifo[4] = kh;
++ fdctrl->fifo[5] = ks;
++ return;
++ }
+ if (fdctrl->fifo[0] & 0x80)
+ tmp += fdctrl->fifo[6];
+ fdctrl->data_len *= tmp;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch b/SOURCES/kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
new file mode 100644
index 0000000..44897ac
--- /dev/null
+++ b/SOURCES/kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
@@ -0,0 +1,95 @@
+From 4dad0e9abbc843fba4e5fee6e7aa1b0db13f5898 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:27:35 +0200
+Subject: [PATCH 03/32] hw/virtio: Replace g_memdup() by g_memdup2()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [3/27] ae196903eb1a7aebbf999100e997cf82e5024cb6 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit d792199de55ca5cb5334016884039c740290b5c7
+Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Date: Thu May 12 19:57:46 2022 +0200
+
+ hw/virtio: Replace g_memdup() by g_memdup2()
+
+ Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
+
+ The old API took the size of the memory to duplicate as a guint,
+ whereas most memory functions take memory sizes as a gsize. This
+ made it easy to accidentally pass a gsize to g_memdup(). For large
+ values, that would lead to a silent truncation of the size from 64
+ to 32 bits, and result in a heap area being returned which is
+ significantly smaller than what the caller expects. This can likely
+ be exploited in various modules to cause a heap buffer overflow.
+
+ Replace g_memdup() by the safer g_memdup2() wrapper.
+
+ Acked-by: Jason Wang <jasowang@redhat.com>
+ Acked-by: Eugenio Pérez <eperezma@redhat.com>
+ Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+ Message-Id: <20220512175747.142058-6-eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/net/virtio-net.c | 3 ++-
+ hw/virtio/virtio-crypto.c | 6 +++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 099e65036d..633de61513 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1458,7 +1458,8 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ }
+
+ iov_cnt = elem->out_num;
+- iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
++ iov2 = iov = g_memdup2(elem->out_sg,
++ sizeof(struct iovec) * elem->out_num);
+ s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
+ iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
+ if (s != sizeof(ctrl)) {
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index dcd80b904d..0e31e3cc04 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -242,7 +242,7 @@ static void virtio_crypto_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ }
+
+ out_num = elem->out_num;
+- out_iov_copy = g_memdup(elem->out_sg, sizeof(out_iov[0]) * out_num);
++ out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num);
+ out_iov = out_iov_copy;
+
+ in_num = elem->in_num;
+@@ -605,11 +605,11 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request)
+ }
+
+ out_num = elem->out_num;
+- out_iov_copy = g_memdup(elem->out_sg, sizeof(out_iov[0]) * out_num);
++ out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num);
+ out_iov = out_iov_copy;
+
+ in_num = elem->in_num;
+- in_iov_copy = g_memdup(elem->in_sg, sizeof(in_iov[0]) * in_num);
++ in_iov_copy = g_memdup2(elem->in_sg, sizeof(in_iov[0]) * in_num);
+ in_iov = in_iov_copy;
+
+ if (unlikely(iov_to_buf(out_iov, out_num, 0, &req, sizeof(req))
+--
+2.31.1
+
diff --git a/SOURCES/kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch b/SOURCES/kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch
deleted file mode 100644
index 20401ff..0000000
--- a/SOURCES/kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 2005e3bb97fba4889829b58331a057b9cb35a65d Mon Sep 17 00:00:00 2001
-From: Laurent Vivier <lvivier@redhat.com>
-Date: Fri, 11 Feb 2022 18:02:59 +0100
-Subject: [PATCH 2/5] hw/virtio: vdpa: Fix leak of host-notifier memory-region
-
-RH-Author: Laurent Vivier <lvivier@redhat.com>
-RH-MergeRequest: 123: hw/virtio: vdpa: Fix leak of host-notifier memory-region
-RH-Commit: [1/1] ddd64cac5c29786edf652f5fa97767b261ccfcdd
-RH-Bugzilla: 2059786
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
-RH-Acked-by: Cindy Lu <lulu@redhat.com>
-RH-Acked-by: MST <mst@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-
-BZ: https://bugzilla.redhat.com/2059786
-BRANCH: rhel-9.0.0
-BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43688388
-UPTREAM: Merged
-
-If call virtio_queue_set_host_notifier_mr fails, should free
-host-notifier memory-region.
-
-This problem can trigger a coredump with some vDPA drivers (mlx5,
-but not with the vdpasim), if we unplug the virtio-net card from
-the guest after a stop/start.
-
-The same fix has been done for vhost-user:
- 1f89d3b91e3e ("hw/virtio: Fix leak of host-notifier memory-region")
-
-Fixes: d0416d487bd5 ("vhost-vdpa: map virtqueue notification area if possible")
-Cc: jasowang@redhat.com
-Resolves: https://bugzilla.redhat.com/2027208
-Signed-off-by: Laurent Vivier <lvivier@redhat.com>
-Message-Id: <20220211170259.1388734-1-lvivier@redhat.com>
-Cc: qemu-stable@nongnu.org
-Acked-by: Jason Wang <jasowang@redhat.com>
-Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 98f7607ecda00dea3cbb2ed7b4427c96846efb83)
-Signed-off-by: Laurent Vivier <lvivier@redhat.com>
----
- hw/virtio/vhost-vdpa.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
-index bcaf00e09f..78da48a333 100644
---- a/hw/virtio/vhost-vdpa.c
-+++ b/hw/virtio/vhost-vdpa.c
-@@ -415,6 +415,7 @@ static int vhost_vdpa_host_notifier_init(struct vhost_dev *dev, int queue_index)
- g_free(name);
-
- if (virtio_queue_set_host_notifier_mr(vdev, queue_index, &n->mr, true)) {
-+ object_unparent(OBJECT(&n->mr));
- munmap(addr, page_size);
- goto err;
- }
---
-2.31.1
-
diff --git a/SOURCES/kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch b/SOURCES/kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch
deleted file mode 100644
index 2a67791..0000000
--- a/SOURCES/kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 575ca409fa21db088c76e57f7285021dd8da1569 Mon Sep 17 00:00:00 2001
-From: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Wed, 16 Mar 2022 09:36:19 +0100
-Subject: [PATCH 04/14] i386: Add Icelake-Server-v6 CPU model with 5-level EPT
- support
-
-RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-MergeRequest: 126: i386: Add Icelake-Server-v6 CPU model with 5-level EPT support
-RH-Commit: [2/2] a047caa01fafd8ca6a5fa0704b379edab91d4ccc
-RH-Bugzilla: 2038051
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2038051
-Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43862630
-
-commit 12cab535db6440af41ed8dfefe908a594321b6ce
-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Mon Feb 21 15:53:15 2022 +0100
-
- i386: Add Icelake-Server-v6 CPU model with 5-level EPT support
-
- Windows 11 with WSL2 enabled (Hyper-V) fails to boot with Icelake-Server
- {-v5} CPU model but boots well with '-cpu host'. Apparently, it expects
- 5-level paging and 5-level EPT support to come in pair but QEMU's
- Icelake-Server CPU model lacks the later. Introduce 'Icelake-Server-v6'
- CPU model with 'vmx-page-walk-5' enabled by default.
-
- Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
- Message-Id: <20220221145316.576138-1-vkuznets@redhat.com>
- Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
-Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
----
- target/i386/cpu.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/target/i386/cpu.c b/target/i386/cpu.c
-index aa9e636800..6e25d13339 100644
---- a/target/i386/cpu.c
-+++ b/target/i386/cpu.c
-@@ -3505,6 +3505,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
- { /* end of list */ }
- },
- },
-+ {
-+ .version = 6,
-+ .note = "5-level EPT",
-+ .props = (PropValue[]) {
-+ { "vmx-page-walk-5", "on" },
-+ { /* end of list */ }
-+ },
-+ },
- { /* end of list */ }
- }
- },
---
-2.31.1
-
diff --git a/SOURCES/kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch b/SOURCES/kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch
new file mode 100644
index 0000000..a1d4496
--- /dev/null
+++ b/SOURCES/kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch
@@ -0,0 +1,68 @@
+From 8452a7925e18d6d57e2ac787b192097d4136b104 Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Thu, 18 Aug 2022 17:01:13 +0200
+Subject: [PATCH 2/2] i386: do kvm_put_msr_feature_control() first thing when
+ vCPU is reset
+
+RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-MergeRequest: 217: i386: fix 'system_reset' when the VM is in VMX root operation
+RH-Bugzilla: 2117546
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Commit: [2/2] 08d5992691ba70561ce0a5b7f4504618f96a2ee6
+
+kvm_put_sregs2() fails to reset 'locked' CR4/CR0 bits upon vCPU reset when
+it is in VMX root operation. Do kvm_put_msr_feature_control() before
+kvm_put_sregs2() to (possibly) kick vCPU out of VMX root operation. It also
+seems logical to do kvm_put_msr_feature_control() before
+kvm_put_nested_state() and not after it, especially when 'real' nested
+state is set.
+
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Message-Id: <20220818150113.479917-3-vkuznets@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 45ed68a1a3a19754ade954d75a3c9d13ff560e5c)
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+---
+ target/i386/kvm/kvm.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
+index 9feb98fe0b..ef70e2c85f 100644
+--- a/target/i386/kvm/kvm.c
++++ b/target/i386/kvm/kvm.c
+@@ -4356,6 +4356,18 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
+
+ assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
+
++ /*
++ * Put MSR_IA32_FEATURE_CONTROL first, this ensures the VM gets out of VMX
++ * root operation upon vCPU reset. kvm_put_msr_feature_control() should also
++ * preceed kvm_put_nested_state() when 'real' nested state is set.
++ */
++ if (level >= KVM_PUT_RESET_STATE) {
++ ret = kvm_put_msr_feature_control(x86_cpu);
++ if (ret < 0) {
++ return ret;
++ }
++ }
++
+ /* must be before kvm_put_nested_state so that EFER.SVME is set */
+ ret = has_sregs2 ? kvm_put_sregs2(x86_cpu) : kvm_put_sregs(x86_cpu);
+ if (ret < 0) {
+@@ -4367,11 +4379,6 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
+ if (ret < 0) {
+ return ret;
+ }
+-
+- ret = kvm_put_msr_feature_control(x86_cpu);
+- if (ret < 0) {
+- return ret;
+- }
+ }
+
+ if (level == KVM_PUT_FULL_STATE) {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch b/SOURCES/kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch
new file mode 100644
index 0000000..7fe9b99
--- /dev/null
+++ b/SOURCES/kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch
@@ -0,0 +1,95 @@
+From b84bb71165c97b475548edc1c07decccca53cf16 Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Thu, 18 Aug 2022 17:01:12 +0200
+Subject: [PATCH 1/2] i386: reset KVM nested state upon CPU reset
+
+RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-MergeRequest: 217: i386: fix 'system_reset' when the VM is in VMX root operation
+RH-Bugzilla: 2117546
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Commit: [1/2] b329f053a027761f50187e4ca7fd6b50ac32d2ad
+
+Make sure env->nested_state is cleaned up when a vCPU is reset, it may
+be stale after an incoming migration, kvm_arch_put_registers() may
+end up failing or putting vCPU in a weird state.
+
+Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Message-Id: <20220818150113.479917-2-vkuznets@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 3cafdb67504a34a0305260f0c86a73d5a3fb000b)
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+---
+ target/i386/kvm/kvm.c | 37 +++++++++++++++++++++++++++----------
+ 1 file changed, 27 insertions(+), 10 deletions(-)
+
+diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
+index 6d1e009443..9feb98fe0b 100644
+--- a/target/i386/kvm/kvm.c
++++ b/target/i386/kvm/kvm.c
+@@ -1617,6 +1617,30 @@ static void kvm_init_xsave(CPUX86State *env)
+ env->xsave_buf_len);
+ }
+
++static void kvm_init_nested_state(CPUX86State *env)
++{
++ struct kvm_vmx_nested_state_hdr *vmx_hdr;
++ uint32_t size;
++
++ if (!env->nested_state) {
++ return;
++ }
++
++ size = env->nested_state->size;
++
++ memset(env->nested_state, 0, size);
++ env->nested_state->size = size;
++
++ if (cpu_has_vmx(env)) {
++ env->nested_state->format = KVM_STATE_NESTED_FORMAT_VMX;
++ vmx_hdr = &env->nested_state->hdr.vmx;
++ vmx_hdr->vmxon_pa = -1ull;
++ vmx_hdr->vmcs12_pa = -1ull;
++ } else if (cpu_has_svm(env)) {
++ env->nested_state->format = KVM_STATE_NESTED_FORMAT_SVM;
++ }
++}
++
+ int kvm_arch_init_vcpu(CPUState *cs)
+ {
+ struct {
+@@ -2044,19 +2068,10 @@ int kvm_arch_init_vcpu(CPUState *cs)
+ assert(max_nested_state_len >= offsetof(struct kvm_nested_state, data));
+
+ if (cpu_has_vmx(env) || cpu_has_svm(env)) {
+- struct kvm_vmx_nested_state_hdr *vmx_hdr;
+-
+ env->nested_state = g_malloc0(max_nested_state_len);
+ env->nested_state->size = max_nested_state_len;
+
+- if (cpu_has_vmx(env)) {
+- env->nested_state->format = KVM_STATE_NESTED_FORMAT_VMX;
+- vmx_hdr = &env->nested_state->hdr.vmx;
+- vmx_hdr->vmxon_pa = -1ull;
+- vmx_hdr->vmcs12_pa = -1ull;
+- } else {
+- env->nested_state->format = KVM_STATE_NESTED_FORMAT_SVM;
+- }
++ kvm_init_nested_state(env);
+ }
+ }
+
+@@ -2121,6 +2136,8 @@ void kvm_arch_reset_vcpu(X86CPU *cpu)
+ /* enabled by default */
+ env->poll_control_msr = 1;
+
++ kvm_init_nested_state(env);
++
+ sev_es_set_reset_vector(CPU(cpu));
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-iotests-108-Fix-when-missing-user_allow_other.patch b/SOURCES/kvm-iotests-108-Fix-when-missing-user_allow_other.patch
new file mode 100644
index 0000000..a37ea6f
--- /dev/null
+++ b/SOURCES/kvm-iotests-108-Fix-when-missing-user_allow_other.patch
@@ -0,0 +1,52 @@
+From 447bca651c9156d7aba6b7495c75f19b5e4ed53f Mon Sep 17 00:00:00 2001
+From: Hanna Reitz <hreitz@redhat.com>
+Date: Thu, 21 Apr 2022 16:24:35 +0200
+Subject: [PATCH 07/16] iotests/108: Fix when missing user_allow_other
+
+RH-Author: Hanna Reitz <hreitz@redhat.com>
+RH-MergeRequest: 96: qcow2: Improve refcount structure rebuilding
+RH-Commit: [4/4] a51ab8606fc9d8dea2b6539f4e795d5813892a5c (hreitz/qemu-kvm-c-9-s)
+RH-Bugzilla: 2072379
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+FUSE exports' allow-other option defaults to "auto", which means that it
+will try passing allow_other as a mount option, and fall back to not
+using it when an error occurs. We make no effort to hide fusermount's
+error message (because it would be difficult, and because users might
+want to know about the fallback occurring), and so when allow_other does
+not work (primarily when /etc/fuse.conf does not contain
+user_allow_other), this error message will appear and break the
+reference output.
+
+We do not need allow_other here, though, so we can just pass
+allow-other=off to fix that.
+
+Reported-by: Markus Armbruster <armbru@redhat.com>
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+Message-Id: <20220421142435.569600-1-hreitz@redhat.com>
+Tested-by: Markus Armbruster <armbru@redhat.com>
+Tested-by: Eric Blake <eblake@redhat.com>
+(cherry picked from commit 348a0740afc5b313599533eb69bbb2b95d2f1bba)
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+---
+ tests/qemu-iotests/108 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/qemu-iotests/108 b/tests/qemu-iotests/108
+index a3090e2875..4681c7c769 100755
+--- a/tests/qemu-iotests/108
++++ b/tests/qemu-iotests/108
+@@ -326,7 +326,7 @@ else
+
+ $QSD \
+ --blockdev file,node-name=export-node,filename="$TEST_IMG" \
+- --export fuse,id=fuse-export,node-name=export-node,mountpoint="$export_mp",writable=on,growable=off \
++ --export fuse,id=fuse-export,node-name=export-node,mountpoint="$export_mp",writable=on,growable=off,allow-other=off \
+ --pidfile "$TEST_DIR/qsd.pid" \
+ &
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch b/SOURCES/kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch
new file mode 100644
index 0000000..7a968f6
--- /dev/null
+++ b/SOURCES/kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch
@@ -0,0 +1,445 @@
+From ed69e01352b5e9a06173daab53bfa373c8535732 Mon Sep 17 00:00:00 2001
+From: Hanna Reitz <hreitz@redhat.com>
+Date: Tue, 5 Apr 2022 15:46:51 +0200
+Subject: [PATCH 05/16] iotests/108: Test new refcount rebuild algorithm
+
+RH-Author: Hanna Reitz <hreitz@redhat.com>
+RH-MergeRequest: 96: qcow2: Improve refcount structure rebuilding
+RH-Commit: [2/4] b68310a9fee8465dd3f568c8e867e1b7ae52bdaf (hreitz/qemu-kvm-c-9-s)
+RH-Bugzilla: 2072379
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+One clear problem with how qcow2's refcount structure rebuild algorithm
+used to be before "qcow2: Improve refcount structure rebuilding" was
+that it is prone to failure for qcow2 images on block devices: There is
+generally unused space after the actual image, and if that exceeds what
+one refblock covers, the old algorithm would invariably write the
+reftable past the block device's end, which cannot work. The new
+algorithm does not have this problem.
+
+Test it with three tests:
+(1) Create an image with more empty space at the end than what one
+ refblock covers, see whether rebuilding the refcount structures
+ results in a change in the image file length. (It should not.)
+
+(2) Leave precisely enough space somewhere at the beginning of the image
+ for the new reftable (and the refblock for that place), see whether
+ the new algorithm puts the reftable there. (It should.)
+
+(3) Test the original problem: Create (something like) a block device
+ with a fixed size, then create a qcow2 image in there, write some
+ data, and then have qemu-img check rebuild the refcount structures.
+ Before HEAD^, the reftable would have been written past the image
+ file end, i.e. outside of what the block device provides, which
+ cannot work. HEAD^ should have fixed that.
+ ("Something like a block device" means a loop device if we can use
+ one ("sudo -n losetup" works), or a FUSE block export with
+ growable=false otherwise.)
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+Message-Id: <20220405134652.19278-3-hreitz@redhat.com>
+(cherry picked from commit 9ffd6d646d1d5ee9087a8cbf0b7d2f96c5656162)
+
+Conflicts:
+- 108: The downstream qemu-storage-daemon does not support --daemonize,
+ so this switch has been replaced by a loop waiting for the PID file to
+ appear
+
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+---
+ tests/qemu-iotests/108 | 263 ++++++++++++++++++++++++++++++++++++-
+ tests/qemu-iotests/108.out | 81 ++++++++++++
+ 2 files changed, 343 insertions(+), 1 deletion(-)
+
+diff --git a/tests/qemu-iotests/108 b/tests/qemu-iotests/108
+index 56339ab2c5..a3090e2875 100755
+--- a/tests/qemu-iotests/108
++++ b/tests/qemu-iotests/108
+@@ -30,13 +30,20 @@ status=1 # failure is the default!
+
+ _cleanup()
+ {
+- _cleanup_test_img
++ _cleanup_test_img
++ if [ -f "$TEST_DIR/qsd.pid" ]; then
++ qsd_pid=$(cat "$TEST_DIR/qsd.pid")
++ kill -KILL "$qsd_pid"
++ fusermount -u "$TEST_DIR/fuse-export" &>/dev/null
++ fi
++ rm -f "$TEST_DIR/fuse-export"
+ }
+ trap "_cleanup; exit \$status" 0 1 2 3 15
+
+ # get standard environment, filters and checks
+ . ./common.rc
+ . ./common.filter
++. ./common.qemu
+
+ # This tests qcow2-specific low-level functionality
+ _supported_fmt qcow2
+@@ -47,6 +54,22 @@ _supported_os Linux
+ # files
+ _unsupported_imgopts 'refcount_bits=\([^1]\|.\([^6]\|$\)\)' data_file
+
++# This test either needs sudo -n losetup or FUSE exports to work
++if sudo -n losetup &>/dev/null; then
++ loopdev=true
++else
++ loopdev=false
++
++ # QSD --export fuse will either yield "Parameter 'id' is missing"
++ # or "Invalid parameter 'fuse'", depending on whether there is
++ # FUSE support or not.
++ error=$($QSD --export fuse 2>&1)
++ if [[ $error = *"'fuse'"* ]]; then
++ _notrun 'Passwordless sudo for losetup or FUSE support required, but' \
++ 'neither is available'
++ fi
++fi
++
+ echo
+ echo '=== Repairing an image without any refcount table ==='
+ echo
+@@ -138,6 +161,244 @@ _make_test_img 64M
+ poke_file "$TEST_IMG" $((0x10008)) "\xff\xff\xff\xff\xff\xff\x00\x00"
+ _check_test_img -r all
+
++echo
++echo '=== Check rebuilt reftable location ==='
++
++# In an earlier version of the refcount rebuild algorithm, the
++# reftable was generally placed at the image end (unless something was
++# allocated in the area covered by the refblock right before the image
++# file end, then we would try to place the reftable in that refblock).
++# This was later changed so the reftable would be placed in the
++# earliest possible location. Test this.
++
++echo
++echo '--- Does the image size increase? ---'
++echo
++
++# First test: Just create some image, write some data to it, and
++# resize it so there is free space at the end of the image (enough
++# that it spans at least one full refblock, which for cluster_size=512
++# images, spans 128k). With the old algorithm, the reftable would
++# have then been placed at the end of the image file, but with the new
++# one, it will be put in that free space.
++# We want to check whether the size of the image file increases due to
++# rebuilding the refcount structures (it should not).
++
++_make_test_img -o 'cluster_size=512' 1M
++# Write something
++$QEMU_IO -c 'write 0 64k' "$TEST_IMG" | _filter_qemu_io
++
++# Add free space
++file_len=$(stat -c '%s' "$TEST_IMG")
++truncate -s $((file_len + 256 * 1024)) "$TEST_IMG"
++
++# Corrupt the image by saying the image header was not allocated
++rt_offset=$(peek_file_be "$TEST_IMG" 48 8)
++rb_offset=$(peek_file_be "$TEST_IMG" $rt_offset 8)
++poke_file "$TEST_IMG" $rb_offset "\x00\x00"
++
++# Check whether rebuilding the refcount structures increases the image
++# file size
++file_len=$(stat -c '%s' "$TEST_IMG")
++echo
++# The only leaks there can be are the old refcount structures that are
++# leaked during rebuilding, no need to clutter the output with them
++_check_test_img -r all | grep -v '^Repairing cluster.*refcount=1 reference=0'
++echo
++post_repair_file_len=$(stat -c '%s' "$TEST_IMG")
++
++if [[ $file_len -eq $post_repair_file_len ]]; then
++ echo 'OK: Image size did not change'
++else
++ echo 'ERROR: Image size differs' \
++ "($file_len before, $post_repair_file_len after)"
++fi
++
++echo
++echo '--- Will the reftable occupy a hole specifically left for it? ---'
++echo
++
++# Note: With cluster_size=512, every refblock covers 128k.
++# The reftable covers 8M per reftable cluster.
++
++# Create an image that requires two reftable clusters (just because
++# this is more interesting than a single-clustered reftable).
++_make_test_img -o 'cluster_size=512' 9M
++$QEMU_IO -c 'write 0 8M' "$TEST_IMG" | _filter_qemu_io
++
++# Writing 8M will have resized the reftable. Unfortunately, doing so
++# will leave holes in the file, so we need to fill them up so we can
++# be sure the whole file is allocated. Do that by writing
++# consecutively smaller chunks starting from 8 MB, until the file
++# length increases even with a chunk size of 512. Then we must have
++# filled all holes.
++ofs=$((8 * 1024 * 1024))
++block_len=$((16 * 1024))
++while [[ $block_len -ge 512 ]]; do
++ file_len=$(stat -c '%s' "$TEST_IMG")
++ while [[ $(stat -c '%s' "$TEST_IMG") -eq $file_len ]]; do
++ # Do not include this in the reference output, it does not
++ # really matter which qemu-io calls we do here exactly
++ $QEMU_IO -c "write $ofs $block_len" "$TEST_IMG" >/dev/null
++ ofs=$((ofs + block_len))
++ done
++ block_len=$((block_len / 2))
++done
++
++# Fill up to 9M (do not include this in the reference output either,
++# $ofs is random for all we know)
++$QEMU_IO -c "write $ofs $((9 * 1024 * 1024 - ofs))" "$TEST_IMG" >/dev/null
++
++# Make space as follows:
++# - For the first refblock: Right at the beginning of the image (this
++# refblock is placed in the first place possible),
++# - For the reftable somewhere soon afterwards, still near the
++# beginning of the image (i.e. covered by the first refblock); the
++# reftable too is placed in the first place possible, but only after
++# all refblocks have been placed)
++# No space is needed for the other refblocks, because no refblock is
++# put before the space it covers. In this test case, we do not mind
++# if they are placed at the image file's end.
++
++# Before we make that space, we have to find out the host offset of
++# the area that belonged to the two data clusters at guest offset 4k,
++# because we expect the reftable to be placed there, and we will have
++# to verify that it is.
++
++l1_offset=$(peek_file_be "$TEST_IMG" 40 8)
++l2_offset=$(peek_file_be "$TEST_IMG" $l1_offset 8)
++l2_offset=$((l2_offset & 0x00fffffffffffe00))
++data_4k_offset=$(peek_file_be "$TEST_IMG" \
++ $((l2_offset + 4096 / 512 * 8)) 8)
++data_4k_offset=$((data_4k_offset & 0x00fffffffffffe00))
++
++$QEMU_IO -c "discard 0 512" -c "discard 4k 1k" "$TEST_IMG" | _filter_qemu_io
++
++# Corrupt the image by saying the image header was not allocated
++rt_offset=$(peek_file_be "$TEST_IMG" 48 8)
++rb_offset=$(peek_file_be "$TEST_IMG" $rt_offset 8)
++poke_file "$TEST_IMG" $rb_offset "\x00\x00"
++
++echo
++# The only leaks there can be are the old refcount structures that are
++# leaked during rebuilding, no need to clutter the output with them
++_check_test_img -r all | grep -v '^Repairing cluster.*refcount=1 reference=0'
++echo
++
++# Check whether the reftable was put where we expected
++rt_offset=$(peek_file_be "$TEST_IMG" 48 8)
++if [[ $rt_offset -eq $data_4k_offset ]]; then
++ echo 'OK: Reftable is where we expect it'
++else
++ echo "ERROR: Reftable is at $rt_offset, but was expected at $data_4k_offset"
++fi
++
++echo
++echo '--- Rebuilding refcount structures on block devices ---'
++echo
++
++# A block device cannot really grow, at least not during qemu-img
++# check. As mentioned in the above cases, rebuilding the refcount
++# structure may lead to new refcount structures being written after
++# the end of the image, and in the past that happened even if there
++# was more than sufficient space in the image. Such post-EOF writes
++# will not work on block devices, so test that the new algorithm
++# avoids it.
++
++# If we have passwordless sudo and losetup, we can use those to create
++# a block device. Otherwise, we can resort to qemu's FUSE export to
++# create a file that isn't growable, which effectively tests the same
++# thing.
++
++_cleanup_test_img
++truncate -s $((64 * 1024 * 1024)) "$TEST_IMG"
++
++if $loopdev; then
++ export_mp=$(sudo -n losetup --show -f "$TEST_IMG")
++ export_mp_driver=host_device
++ sudo -n chmod go+rw "$export_mp"
++else
++ # Create non-growable FUSE export that is a bit like an empty
++ # block device
++ export_mp="$TEST_DIR/fuse-export"
++ export_mp_driver=file
++ touch "$export_mp"
++
++ $QSD \
++ --blockdev file,node-name=export-node,filename="$TEST_IMG" \
++ --export fuse,id=fuse-export,node-name=export-node,mountpoint="$export_mp",writable=on,growable=off \
++ --pidfile "$TEST_DIR/qsd.pid" \
++ &
++
++ while [ ! -f "$TEST_DIR/qsd.pid" ]; do
++ sleep 0.1
++ done
++fi
++
++# Now create a qcow2 image on the device -- unfortunately, qemu-img
++# create force-creates the file, so we have to resort to the
++# blockdev-create job.
++_launch_qemu \
++ --blockdev $export_mp_driver,node-name=file,filename="$export_mp"
++
++_send_qemu_cmd \
++ $QEMU_HANDLE \
++ '{ "execute": "qmp_capabilities" }' \
++ 'return'
++
++# Small cluster size again, so the image needs multiple refblocks
++_send_qemu_cmd \
++ $QEMU_HANDLE \
++ '{ "execute": "blockdev-create",
++ "arguments": {
++ "job-id": "create",
++ "options": {
++ "driver": "qcow2",
++ "file": "file",
++ "size": '$((64 * 1024 * 1024))',
++ "cluster-size": 512
++ } } }' \
++ '"concluded"'
++
++_send_qemu_cmd \
++ $QEMU_HANDLE \
++ '{ "execute": "job-dismiss", "arguments": { "id": "create" } }' \
++ 'return'
++
++_send_qemu_cmd \
++ $QEMU_HANDLE \
++ '{ "execute": "quit" }' \
++ 'return'
++
++wait=y _cleanup_qemu
++echo
++
++# Write some data
++$QEMU_IO -c 'write 0 64k' "$export_mp" | _filter_qemu_io
++
++# Corrupt the image by saying the image header was not allocated
++rt_offset=$(peek_file_be "$export_mp" 48 8)
++rb_offset=$(peek_file_be "$export_mp" $rt_offset 8)
++poke_file "$export_mp" $rb_offset "\x00\x00"
++
++# Repairing such a simple case should just work
++# (We used to put the reftable at the end of the image file, which can
++# never work for non-growable devices.)
++echo
++TEST_IMG="$export_mp" _check_test_img -r all \
++ | grep -v '^Repairing cluster.*refcount=1 reference=0'
++
++if $loopdev; then
++ sudo -n losetup -d "$export_mp"
++else
++ qsd_pid=$(cat "$TEST_DIR/qsd.pid")
++ kill -TERM "$qsd_pid"
++ # Wait for process to exit (cannot `wait` because the QSD is daemonized)
++ while [ -f "$TEST_DIR/qsd.pid" ]; do
++ true
++ done
++fi
++
+ # success, all done
+ echo '*** done'
+ rm -f $seq.full
+diff --git a/tests/qemu-iotests/108.out b/tests/qemu-iotests/108.out
+index 75bab8dc84..b5401d788d 100644
+--- a/tests/qemu-iotests/108.out
++++ b/tests/qemu-iotests/108.out
+@@ -105,6 +105,87 @@ The following inconsistencies were found and repaired:
+ 0 leaked clusters
+ 1 corruptions
+
++Double checking the fixed image now...
++No errors were found on the image.
++
++=== Check rebuilt reftable location ===
++
++--- Does the image size increase? ---
++
++Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
++wrote 65536/65536 bytes at offset 0
++64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++
++ERROR cluster 0 refcount=0 reference=1
++Rebuilding refcount structure
++The following inconsistencies were found and repaired:
++
++ 0 leaked clusters
++ 1 corruptions
++
++Double checking the fixed image now...
++No errors were found on the image.
++
++OK: Image size did not change
++
++--- Will the reftable occupy a hole specifically left for it? ---
++
++Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=9437184
++wrote 8388608/8388608 bytes at offset 0
++8 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++discard 512/512 bytes at offset 0
++512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++discard 1024/1024 bytes at offset 4096
++1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++
++ERROR cluster 0 refcount=0 reference=1
++Rebuilding refcount structure
++The following inconsistencies were found and repaired:
++
++ 0 leaked clusters
++ 1 corruptions
++
++Double checking the fixed image now...
++No errors were found on the image.
++
++OK: Reftable is where we expect it
++
++--- Rebuilding refcount structures on block devices ---
++
++{ "execute": "qmp_capabilities" }
++{"return": {}}
++{ "execute": "blockdev-create",
++ "arguments": {
++ "job-id": "create",
++ "options": {
++ "driver": "IMGFMT",
++ "file": "file",
++ "size": 67108864,
++ "cluster-size": 512
++ } } }
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "create"}}
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "create"}}
++{"return": {}}
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "create"}}
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "create"}}
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "create"}}
++{ "execute": "job-dismiss", "arguments": { "id": "create" } }
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "create"}}
++{"return": {}}
++{ "execute": "quit" }
++{"return": {}}
++{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
++
++wrote 65536/65536 bytes at offset 0
++64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++
++ERROR cluster 0 refcount=0 reference=1
++Rebuilding refcount structure
++The following inconsistencies were found and repaired:
++
++ 0 leaked clusters
++ 1 corruptions
++
+ Double checking the fixed image now...
+ No errors were found on the image.
+ *** done
+--
+2.31.1
+
diff --git a/SOURCES/kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch b/SOURCES/kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch
deleted file mode 100644
index 20bc3a5..0000000
--- a/SOURCES/kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 06583ce33fab2976157461ac4503d6f8eeb59e75 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Fri, 4 Feb 2022 12:10:12 +0100
-Subject: [PATCH 8/8] iotests/281: Let NBD connection yield in iothread
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 74: block/nbd: Handle AioContext changes
-RH-Commit: [6/6] 632b9ef5177a80d1c0c00121e1acc37272076d3e (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2033626
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-Put an NBD block device into an I/O thread, and then read data from it,
-hoping that the NBD connection will yield during that read. When it
-does, the coroutine must be reentered in the block device's I/O thread,
-which will only happen if the NBD block driver attaches the connection's
-QIOChannel to the new AioContext. It did not do that after 4ddb5d2fde
-("block/nbd: drop connection_co") and prior to "block/nbd: Move s->ioc
-on AioContext change", which would cause an assertion failure.
-
-To improve our chances of yielding, the NBD server is throttled to
-reading 64 kB/s, and the NBD client reads 128 kB, so it should yield at
-some point.
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-(cherry picked from commit 8cfbe929e8c26050f0a4580a1606a370a947d4ce)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- tests/qemu-iotests/281 | 28 +++++++++++++++++++++++++---
- tests/qemu-iotests/281.out | 4 ++--
- 2 files changed, 27 insertions(+), 5 deletions(-)
-
-diff --git a/tests/qemu-iotests/281 b/tests/qemu-iotests/281
-index 13c588be75..b2ead7f388 100755
---- a/tests/qemu-iotests/281
-+++ b/tests/qemu-iotests/281
-@@ -253,8 +253,9 @@ class TestYieldingAndTimers(iotests.QMPTestCase):
- self.create_nbd_export()
-
- # Simple VM with an NBD block device connected to the NBD export
-- # provided by the QSD
-+ # provided by the QSD, and an (initially unused) iothread
- self.vm = iotests.VM()
-+ self.vm.add_object('iothread,id=iothr')
- self.vm.add_blockdev('nbd,node-name=nbd,server.type=unix,' +
- f'server.path={self.sock},export=exp,' +
- 'reconnect-delay=1')
-@@ -293,19 +294,40 @@ class TestYieldingAndTimers(iotests.QMPTestCase):
- # thus not see the error, and so the test will pass.)
- time.sleep(2)
-
-+ def test_yield_in_iothread(self):
-+ # Move the NBD node to the I/O thread; the NBD block driver should
-+ # attach the connection's QIOChannel to that thread's AioContext, too
-+ result = self.vm.qmp('x-blockdev-set-iothread',
-+ node_name='nbd', iothread='iothr')
-+ self.assert_qmp(result, 'return', {})
-+
-+ # Do some I/O that will be throttled by the QSD, so that the network
-+ # connection hopefully will yield here. When it is resumed, it must
-+ # then be resumed in the I/O thread's AioContext.
-+ result = self.vm.qmp('human-monitor-command',
-+ command_line='qemu-io nbd "read 0 128K"')
-+ self.assert_qmp(result, 'return', '')
-+
- def create_nbd_export(self):
- assert self.qsd is None
-
-- # Simple NBD export of a null-co BDS
-+ # Export a throttled null-co BDS: Reads are throttled (max 64 kB/s),
-+ # writes are not.
- self.qsd = QemuStorageDaemon(
-+ '--object',
-+ 'throttle-group,id=thrgr,x-bps-read=65536,x-bps-read-max=65536',
-+
- '--blockdev',
- 'null-co,node-name=null,read-zeroes=true',
-
-+ '--blockdev',
-+ 'throttle,node-name=thr,file=null,throttle-group=thrgr',
-+
- '--nbd-server',
- f'addr.type=unix,addr.path={self.sock}',
-
- '--export',
-- 'nbd,id=exp,node-name=null,name=exp,writable=true'
-+ 'nbd,id=exp,node-name=thr,name=exp,writable=true'
- )
-
- def stop_nbd_export(self):
-diff --git a/tests/qemu-iotests/281.out b/tests/qemu-iotests/281.out
-index 914e3737bd..3f8a935a08 100644
---- a/tests/qemu-iotests/281.out
-+++ b/tests/qemu-iotests/281.out
-@@ -1,5 +1,5 @@
--.....
-+......
- ----------------------------------------------------------------------
--Ran 5 tests
-+Ran 6 tests
-
- OK
---
-2.27.0
-
diff --git a/SOURCES/kvm-iotests-281-Test-lingering-timers.patch b/SOURCES/kvm-iotests-281-Test-lingering-timers.patch
deleted file mode 100644
index 7175a31..0000000
--- a/SOURCES/kvm-iotests-281-Test-lingering-timers.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 3d2d7a46713d362d2ff5137841e689593da976a3 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Fri, 4 Feb 2022 12:10:10 +0100
-Subject: [PATCH 6/8] iotests/281: Test lingering timers
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 74: block/nbd: Handle AioContext changes
-RH-Commit: [4/6] d228ba3fcdfaab2d54dd5b023688a1c055cce2c2 (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2033626
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-Prior to "block/nbd: Delete reconnect delay timer when done" and
-"block/nbd: Delete open timer when done", both of those timers would
-remain scheduled even after successfully (re-)connecting to the server,
-and they would not even be deleted when the BDS is deleted.
-
-This test constructs exactly this situation:
-(1) Configure an @open-timeout, so the open timer is armed, and
-(2) Configure a @reconnect-delay and trigger a reconnect situation
- (which succeeds immediately), so the reconnect delay timer is armed.
-Then we immediately delete the BDS, and sleep for longer than the
-@open-timeout and @reconnect-delay. Prior to said patches, this caused
-one (or both) of the timer CBs to access already-freed data.
-
-Accessing freed data may or may not crash, so this test can produce
-false successes, but I do not know how to show the problem in a better
-or more reliable way. If you run this test on "block/nbd: Assert there
-are no timers when closed" and without the fix patches mentioned above,
-you should reliably see an assertion failure.
-(But all other tests that use the reconnect delay timer (264 and 277)
-will fail in that configuration, too; as will nbd-reconnect-on-open,
-which uses the open timer.)
-
-Remove this test from the quick group because of the two second sleep
-this patch introduces.
-
-(I decided to put this test case into 281, because the main bug this
-series addresses is in the interaction of the NBD block driver and I/O
-threads, which is precisely the scope of 281. The test case for that
-other bug will also be put into the test class added here.
-
-Also, excuse the test class's name, I couldn't come up with anything
-better. The "yield" part will make sense two patches from now.)
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-(cherry picked from commit eaf1e85d4ddefdbd197f393fa9c5acc7ba8133b0)
-
-Conflict:
-- @open-timeout was introduced after the 6.2 release, and has not been
- backported. Consequently, there is no open_timer, and we can (and
- must) drop the respective parts of the test here.
-
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- tests/qemu-iotests/281 | 73 ++++++++++++++++++++++++++++++++++++--
- tests/qemu-iotests/281.out | 4 +--
- 2 files changed, 73 insertions(+), 4 deletions(-)
-
-diff --git a/tests/qemu-iotests/281 b/tests/qemu-iotests/281
-index 956698083f..13c588be75 100755
---- a/tests/qemu-iotests/281
-+++ b/tests/qemu-iotests/281
-@@ -1,5 +1,5 @@
- #!/usr/bin/env python3
--# group: rw quick
-+# group: rw
- #
- # Test cases for blockdev + IOThread interactions
- #
-@@ -20,8 +20,9 @@
- #
-
- import os
-+import time
- import iotests
--from iotests import qemu_img
-+from iotests import qemu_img, QemuStorageDaemon
-
- image_len = 64 * 1024 * 1024
-
-@@ -243,6 +244,74 @@ class TestBlockdevBackupAbort(iotests.QMPTestCase):
- # Hangs on failure, we expect this error.
- self.assert_qmp(result, 'error/class', 'GenericError')
-
-+# Test for RHBZ#2033626
-+class TestYieldingAndTimers(iotests.QMPTestCase):
-+ sock = os.path.join(iotests.sock_dir, 'nbd.sock')
-+ qsd = None
-+
-+ def setUp(self):
-+ self.create_nbd_export()
-+
-+ # Simple VM with an NBD block device connected to the NBD export
-+ # provided by the QSD
-+ self.vm = iotests.VM()
-+ self.vm.add_blockdev('nbd,node-name=nbd,server.type=unix,' +
-+ f'server.path={self.sock},export=exp,' +
-+ 'reconnect-delay=1')
-+
-+ self.vm.launch()
-+
-+ def tearDown(self):
-+ self.stop_nbd_export()
-+ self.vm.shutdown()
-+
-+ def test_timers_with_blockdev_del(self):
-+ # Stop and restart the NBD server, and do some I/O on the client to
-+ # trigger a reconnect and start the reconnect delay timer
-+ self.stop_nbd_export()
-+ self.create_nbd_export()
-+
-+ result = self.vm.qmp('human-monitor-command',
-+ command_line='qemu-io nbd "write 0 512"')
-+ self.assert_qmp(result, 'return', '')
-+
-+ # Reconnect is done, so the reconnect delay timer should be gone.
-+ # (But there used to be a bug where it remained active, for which this
-+ # is a regression test.)
-+
-+ # Delete the BDS to see whether the timer is gone. If it is not,
-+ # it will remain active, fire later, and then access freed data.
-+ # (Or, with "block/nbd: Assert there are no timers when closed"
-+ # applied, the assertion added in that patch will fail.)
-+ result = self.vm.qmp('blockdev-del', node_name='nbd')
-+ self.assert_qmp(result, 'return', {})
-+
-+ # Give the timer some time to fire (it has a timeout of 1 s).
-+ # (Sleeping in an iotest may ring some alarm bells, but note that if
-+ # the timing is off here, the test will just always pass. If we kill
-+ # the VM too early, then we just kill the timer before it can fire,
-+ # thus not see the error, and so the test will pass.)
-+ time.sleep(2)
-+
-+ def create_nbd_export(self):
-+ assert self.qsd is None
-+
-+ # Simple NBD export of a null-co BDS
-+ self.qsd = QemuStorageDaemon(
-+ '--blockdev',
-+ 'null-co,node-name=null,read-zeroes=true',
-+
-+ '--nbd-server',
-+ f'addr.type=unix,addr.path={self.sock}',
-+
-+ '--export',
-+ 'nbd,id=exp,node-name=null,name=exp,writable=true'
-+ )
-+
-+ def stop_nbd_export(self):
-+ self.qsd.stop()
-+ self.qsd = None
-+
- if __name__ == '__main__':
- iotests.main(supported_fmts=['qcow2'],
- supported_protocols=['file'])
-diff --git a/tests/qemu-iotests/281.out b/tests/qemu-iotests/281.out
-index 89968f35d7..914e3737bd 100644
---- a/tests/qemu-iotests/281.out
-+++ b/tests/qemu-iotests/281.out
-@@ -1,5 +1,5 @@
--....
-+.....
- ----------------------------------------------------------------------
--Ran 4 tests
-+Ran 5 tests
-
- OK
---
-2.27.0
-
diff --git a/SOURCES/kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch b/SOURCES/kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch
deleted file mode 100644
index 8616f1c..0000000
--- a/SOURCES/kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 37593348e7d95580fb2b0009dcb026c07367f1f8 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 3 Feb 2022 15:05:34 +0100
-Subject: [PATCH 2/8] iotests: Test blockdev-reopen with iothreads and
- throttling
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 73: block: Lock AioContext for drain_end in blockdev-reopen
-RH-Commit: [2/2] d19d5fa9efa4813ece75708436891041754ab910 (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 2046659
-RH-Acked-by: Sergio Lopez <None>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-The 'throttle' block driver implements .bdrv_co_drain_end, so
-blockdev-reopen will have to wait for it to complete in the polling
-loop at the end of qmp_blockdev_reopen(). This makes AIO_WAIT_WHILE()
-release the AioContext lock, which causes a crash if the lock hasn't
-correctly been taken.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Message-Id: <20220203140534.36522-3-kwolf@redhat.com>
-Reviewed-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit ee810602376125ca0e0afd6b7c715e13740978ea)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- tests/qemu-iotests/245 | 36 +++++++++++++++++++++++++++++++++---
- tests/qemu-iotests/245.out | 4 ++--
- 2 files changed, 35 insertions(+), 5 deletions(-)
-
-diff --git a/tests/qemu-iotests/245 b/tests/qemu-iotests/245
-index 24ac43f70e..8cbed7821b 100755
---- a/tests/qemu-iotests/245
-+++ b/tests/qemu-iotests/245
-@@ -1138,12 +1138,13 @@ class TestBlockdevReopen(iotests.QMPTestCase):
- self.assertEqual(self.get_node('hd1'), None)
- self.assert_qmp(self.get_node('hd2'), 'ro', True)
-
-- def run_test_iothreads(self, iothread_a, iothread_b, errmsg = None):
-- opts = hd_opts(0)
-+ def run_test_iothreads(self, iothread_a, iothread_b, errmsg = None,
-+ opts_a = None, opts_b = None):
-+ opts = opts_a or hd_opts(0)
- result = self.vm.qmp('blockdev-add', conv_keys = False, **opts)
- self.assert_qmp(result, 'return', {})
-
-- opts2 = hd_opts(2)
-+ opts2 = opts_b or hd_opts(2)
- result = self.vm.qmp('blockdev-add', conv_keys = False, **opts2)
- self.assert_qmp(result, 'return', {})
-
-@@ -1194,6 +1195,35 @@ class TestBlockdevReopen(iotests.QMPTestCase):
- def test_iothreads_switch_overlay(self):
- self.run_test_iothreads('', 'iothread0')
-
-+ def test_iothreads_with_throttling(self):
-+ # Create a throttle-group object
-+ opts = { 'qom-type': 'throttle-group', 'id': 'group0',
-+ 'limits': { 'iops-total': 1000 } }
-+ result = self.vm.qmp('object-add', conv_keys = False, **opts)
-+ self.assert_qmp(result, 'return', {})
-+
-+ # Options with a throttle filter between format and protocol
-+ opts = [
-+ {
-+ 'driver': iotests.imgfmt,
-+ 'node-name': f'hd{idx}',
-+ 'file' : {
-+ 'node-name': f'hd{idx}-throttle',
-+ 'driver': 'throttle',
-+ 'throttle-group': 'group0',
-+ 'file': {
-+ 'driver': 'file',
-+ 'node-name': f'hd{idx}-file',
-+ 'filename': hd_path[idx],
-+ },
-+ },
-+ }
-+ for idx in (0, 2)
-+ ]
-+
-+ self.run_test_iothreads('iothread0', 'iothread0', None,
-+ opts[0], opts[1])
-+
- if __name__ == '__main__':
- iotests.activate_logging()
- iotests.main(supported_fmts=["qcow2"],
-diff --git a/tests/qemu-iotests/245.out b/tests/qemu-iotests/245.out
-index 4eced19294..a4e04a3266 100644
---- a/tests/qemu-iotests/245.out
-+++ b/tests/qemu-iotests/245.out
-@@ -17,8 +17,8 @@ read 1/1 bytes at offset 262152
- read 1/1 bytes at offset 262160
- 1 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-
--...............
-+................
- ----------------------------------------------------------------------
--Ran 25 tests
-+Ran 26 tests
-
- OK
---
-2.27.0
-
diff --git a/SOURCES/kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch b/SOURCES/kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch
deleted file mode 100644
index 0ab3bcc..0000000
--- a/SOURCES/kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 51f691acd8042351d005873996d7bf4c7b045508 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 17 Dec 2021 17:46:53 +0100
-Subject: [PATCH 08/12] iotests: Test qemu-img convert of zeroed data cluster
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 70: qemu-img convert: Fix sparseness of output image
-RH-Commit: [1/2] 0770582c553ac6b0f18c035f9a0238599d4763cc (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 1882917
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-This demonstrates what happens when the block status changes in
-sub-min_sparse granularity, but all of the parts are zeroed out. The
-alignment logic in is_allocated_sectors() prevents that the target image
-remains fully sparse as expected, but turns it into a data cluster of
-explicit zeros.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Message-Id: <20211217164654.1184218-2-vsementsov@virtuozzo.com>
-Tested-by: Peter Lieven <pl@kamp.de>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 51cd8bddd63540514d44808f7920811439baa253)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- tests/qemu-iotests/122 | 1 +
- tests/qemu-iotests/122.out | 10 ++++++++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/tests/qemu-iotests/122 b/tests/qemu-iotests/122
-index efb260d822..be0f6b79e5 100755
---- a/tests/qemu-iotests/122
-+++ b/tests/qemu-iotests/122
-@@ -251,6 +251,7 @@ $QEMU_IO -c "write -P 0 0 64k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_test
- $QEMU_IO -c "write 0 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
- $QEMU_IO -c "write 8k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
- $QEMU_IO -c "write 17k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
-+$QEMU_IO -c "write -P 0 65k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
-
- for min_sparse in 4k 8k; do
- echo
-diff --git a/tests/qemu-iotests/122.out b/tests/qemu-iotests/122.out
-index 8fbdac2b39..69b8e8b803 100644
---- a/tests/qemu-iotests/122.out
-+++ b/tests/qemu-iotests/122.out
-@@ -192,6 +192,8 @@ wrote 1024/1024 bytes at offset 8192
- 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- wrote 1024/1024 bytes at offset 17408
- 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-+wrote 1024/1024 bytes at offset 66560
-+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-
- convert -S 4k
- [{ "start": 0, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-@@ -199,7 +201,9 @@ convert -S 4k
- { "start": 8192, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
- { "start": 12288, "length": 4096, "depth": 0, "present": false, "zero": true, "data": false},
- { "start": 16384, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
--{ "start": 20480, "length": 67088384, "depth": 0, "present": false, "zero": true, "data": false}]
-+{ "start": 20480, "length": 46080, "depth": 0, "present": false, "zero": true, "data": false},
-+{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-+{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
-
- convert -c -S 4k
- [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
-@@ -211,7 +215,9 @@ convert -c -S 4k
-
- convert -S 8k
- [{ "start": 0, "length": 24576, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
--{ "start": 24576, "length": 67084288, "depth": 0, "present": false, "zero": true, "data": false}]
-+{ "start": 24576, "length": 41984, "depth": 0, "present": false, "zero": true, "data": false},
-+{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-+{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
-
- convert -c -S 8k
- [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
---
-2.27.0
-
diff --git a/SOURCES/kvm-iotests-block-status-cache-New-test.patch b/SOURCES/kvm-iotests-block-status-cache-New-test.patch
deleted file mode 100644
index cd9a198..0000000
--- a/SOURCES/kvm-iotests-block-status-cache-New-test.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From 89fe89491f89a7526ba864a9d94d3de930261d69 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Tue, 18 Jan 2022 18:00:00 +0100
-Subject: [PATCH 07/12] iotests/block-status-cache: New test
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 69: block/io: Update BSC only if want_zero is true
-RH-Commit: [2/2] 3c5a55aca1ac7a71c175a124d63bcf7a4430a022 (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2041461
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-
-Add a new test to verify that want_zero=false block-status calls do not
-pollute the block-status cache for want_zero=true calls.
-
-We check want_zero=true calls and their results using `qemu-img map`
-(over NBD), and want_zero=false calls also using `qemu-img map` over
-NBD, but using the qemu:allocation-depth context.
-
-(This test case cannot be integrated into nbd-qemu-allocation, because
-that is a qcow2 test, and this is a raw test.)
-
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Message-Id: <20220118170000.49423-3-hreitz@redhat.com>
-Reviewed-by: Nir Soffer <nsoffer@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Tested-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit 6384dd534d742123d26c008d9794b20bc41359d5)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- tests/qemu-iotests/tests/block-status-cache | 139 ++++++++++++++++++
- .../qemu-iotests/tests/block-status-cache.out | 5 +
- 2 files changed, 144 insertions(+)
- create mode 100755 tests/qemu-iotests/tests/block-status-cache
- create mode 100644 tests/qemu-iotests/tests/block-status-cache.out
-
-diff --git a/tests/qemu-iotests/tests/block-status-cache b/tests/qemu-iotests/tests/block-status-cache
-new file mode 100755
-index 0000000000..6fa10bb8f8
---- /dev/null
-+++ b/tests/qemu-iotests/tests/block-status-cache
-@@ -0,0 +1,139 @@
-+#!/usr/bin/env python3
-+# group: rw quick
-+#
-+# Test cases for the block-status cache.
-+#
-+# Copyright (C) 2022 Red Hat, Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <http://www.gnu.org/licenses/>.
-+#
-+
-+import os
-+import signal
-+import iotests
-+from iotests import qemu_img_create, qemu_img_pipe, qemu_nbd
-+
-+
-+image_size = 1 * 1024 * 1024
-+test_img = os.path.join(iotests.test_dir, 'test.img')
-+
-+nbd_pidfile = os.path.join(iotests.test_dir, 'nbd.pid')
-+nbd_sock = os.path.join(iotests.sock_dir, 'nbd.sock')
-+
-+
-+class TestBscWithNbd(iotests.QMPTestCase):
-+ def setUp(self) -> None:
-+ """Just create an empty image with a read-only NBD server on it"""
-+ assert qemu_img_create('-f', iotests.imgfmt, test_img,
-+ str(image_size)) == 0
-+
-+ # Pass --allocation-depth to enable the qemu:allocation-depth context,
-+ # which we are going to query to provoke a block-status inquiry with
-+ # want_zero=false.
-+ assert qemu_nbd(f'--socket={nbd_sock}',
-+ f'--format={iotests.imgfmt}',
-+ '--persistent',
-+ '--allocation-depth',
-+ '--read-only',
-+ f'--pid-file={nbd_pidfile}',
-+ test_img) \
-+ == 0
-+
-+ def tearDown(self) -> None:
-+ with open(nbd_pidfile, encoding='utf-8') as f:
-+ pid = int(f.read())
-+ os.kill(pid, signal.SIGTERM)
-+ os.remove(nbd_pidfile)
-+ os.remove(test_img)
-+
-+ def test_with_zero_bug(self) -> None:
-+ """
-+ Verify that the block-status cache is not corrupted by a
-+ want_zero=false call.
-+ We can provoke a want_zero=false call with `qemu-img map` over NBD with
-+ x-dirty-bitmap=qemu:allocation-depth, so we first run a normal `map`
-+ (which results in want_zero=true), then using said
-+ qemu:allocation-depth context, and finally another normal `map` to
-+ verify that the cache has not been corrupted.
-+ """
-+
-+ nbd_img_opts = f'driver=nbd,server.type=unix,server.path={nbd_sock}'
-+ nbd_img_opts_alloc_depth = nbd_img_opts + \
-+ ',x-dirty-bitmap=qemu:allocation-depth'
-+
-+ # Normal map, results in want_zero=true.
-+ # This will probably detect an allocated data sector first (qemu likes
-+ # to allocate the first sector to facilitate alignment probing), and
-+ # then the rest to be zero. The BSC will thus contain (if anything)
-+ # one range covering the first sector.
-+ map_pre = qemu_img_pipe('map', '--output=json', '--image-opts',
-+ nbd_img_opts)
-+
-+ # qemu:allocation-depth maps for want_zero=false.
-+ # want_zero=false should (with the file driver, which the server is
-+ # using) report everything as data. While this is sufficient for
-+ # want_zero=false, this is nothing that should end up in the
-+ # block-status cache.
-+ # Due to a bug, this information did end up in the cache, though, and
-+ # this would lead to wrong information being returned on subsequent
-+ # want_zero=true calls.
-+ #
-+ # We need to run this map twice: On the first call, we probably still
-+ # have the first sector in the cache, and so this will be served from
-+ # the cache; and only the subsequent range will be queried from the
-+ # block driver. This subsequent range will then be entered into the
-+ # cache.
-+ # If we did a want_zero=true call at this point, we would thus get
-+ # correct information: The first sector is not covered by the cache, so
-+ # we would get fresh block-status information from the driver, which
-+ # would return a data range, and this would then go into the cache,
-+ # evicting the wrong range from the want_zero=false call before.
-+ #
-+ # Therefore, we need a second want_zero=false map to reproduce:
-+ # Since the first sector is not in the cache, the query for its status
-+ # will go to the driver, which will return a result that reports the
-+ # whole image to be a single data area. This result will then go into
-+ # the cache, and so the cache will then report the whole image to
-+ # contain data.
-+ #
-+ # Note that once the cache reports the whole image to contain data, any
-+ # subsequent map operation will be served from the cache, and so we can
-+ # never loop too many times here.
-+ for _ in range(2):
-+ # (Ignore the result, this is just to contaminate the cache)
-+ qemu_img_pipe('map', '--output=json', '--image-opts',
-+ nbd_img_opts_alloc_depth)
-+
-+ # Now let's see whether the cache reports everything as data, or
-+ # whether we get correct information (i.e. the same as we got on our
-+ # first attempt).
-+ map_post = qemu_img_pipe('map', '--output=json', '--image-opts',
-+ nbd_img_opts)
-+
-+ if map_pre != map_post:
-+ print('ERROR: Map information differs before and after querying ' +
-+ 'qemu:allocation-depth')
-+ print('Before:')
-+ print(map_pre)
-+ print('After:')
-+ print(map_post)
-+
-+ self.fail("Map information differs")
-+
-+
-+if __name__ == '__main__':
-+ # The block-status cache only works on the protocol layer, so to test it,
-+ # we can only use the raw format
-+ iotests.main(supported_fmts=['raw'],
-+ supported_protocols=['file'])
-diff --git a/tests/qemu-iotests/tests/block-status-cache.out b/tests/qemu-iotests/tests/block-status-cache.out
-new file mode 100644
-index 0000000000..ae1213e6f8
---- /dev/null
-+++ b/tests/qemu-iotests/tests/block-status-cache.out
-@@ -0,0 +1,5 @@
-+.
-+----------------------------------------------------------------------
-+Ran 1 tests
-+
-+OK
---
-2.27.0
-
diff --git a/SOURCES/kvm-iotests-stream-error-on-reset-New-test.patch b/SOURCES/kvm-iotests-stream-error-on-reset-New-test.patch
deleted file mode 100644
index cf69e38..0000000
--- a/SOURCES/kvm-iotests-stream-error-on-reset-New-test.patch
+++ /dev/null
@@ -1,196 +0,0 @@
-From 300f912d4a5afe4ecca9c68a71429fbc9966ec34 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Tue, 11 Jan 2022 15:36:13 +0000
-Subject: [PATCH 11/12] iotests/stream-error-on-reset: New test
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 71: block-backend: prevent dangling BDS pointers across aio_poll()
-RH-Commit: [2/2] 3167f31b91eb433f338564201f4ef336e39f7f7d (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2040123
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-Test the following scenario:
-- Simple stream block in two-layer backing chain (base and top)
-- The job is drained via blk_drain(), then an error occurs while the job
- settles the ongoing request
-- And so the job completes while in blk_drain()
-
-This was reported as a segfault, but is fixed by "block-backend: prevent
-dangling BDS pointers across aio_poll()".
-
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2036178
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20220111153613.25453-3-stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 2ca1d5d6b91f8a52a5c651f660b2f58c94bf97ba)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- .../qemu-iotests/tests/stream-error-on-reset | 140 ++++++++++++++++++
- .../tests/stream-error-on-reset.out | 5 +
- 2 files changed, 145 insertions(+)
- create mode 100755 tests/qemu-iotests/tests/stream-error-on-reset
- create mode 100644 tests/qemu-iotests/tests/stream-error-on-reset.out
-
-diff --git a/tests/qemu-iotests/tests/stream-error-on-reset b/tests/qemu-iotests/tests/stream-error-on-reset
-new file mode 100755
-index 0000000000..7eaedb24d7
---- /dev/null
-+++ b/tests/qemu-iotests/tests/stream-error-on-reset
-@@ -0,0 +1,140 @@
-+#!/usr/bin/env python3
-+# group: rw quick
-+#
-+# Test what happens when a stream job completes in a blk_drain().
-+#
-+# Copyright (C) 2022 Red Hat, Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <http://www.gnu.org/licenses/>.
-+#
-+
-+import os
-+import iotests
-+from iotests import imgfmt, qemu_img_create, qemu_io_silent, QMPTestCase
-+
-+
-+image_size = 1 * 1024 * 1024
-+data_size = 64 * 1024
-+base = os.path.join(iotests.test_dir, 'base.img')
-+top = os.path.join(iotests.test_dir, 'top.img')
-+
-+
-+# We want to test completing a stream job in a blk_drain().
-+#
-+# The blk_drain() we are going to use is a virtio-scsi device resetting,
-+# which we can trigger by resetting the system.
-+#
-+# In order to have the block job complete on drain, we (1) throttle its
-+# base image so we can start the drain after it has begun, but before it
-+# completes, and (2) make it encounter an I/O error on the ensuing write.
-+# (If it completes regularly, the completion happens after the drain for
-+# some reason.)
-+
-+class TestStreamErrorOnReset(QMPTestCase):
-+ def setUp(self) -> None:
-+ """
-+ Create two images:
-+ - base image {base} with {data_size} bytes allocated
-+ - top image {top} without any data allocated
-+
-+ And the following VM configuration:
-+ - base image throttled to {data_size}
-+ - top image with a blkdebug configuration so the first write access
-+ to it will result in an error
-+ - top image is attached to a virtio-scsi device
-+ """
-+ assert qemu_img_create('-f', imgfmt, base, str(image_size)) == 0
-+ assert qemu_io_silent('-c', f'write 0 {data_size}', base) == 0
-+ assert qemu_img_create('-f', imgfmt, top, str(image_size)) == 0
-+
-+ self.vm = iotests.VM()
-+ self.vm.add_args('-accel', 'tcg') # Make throttling work properly
-+ self.vm.add_object(self.vm.qmp_to_opts({
-+ 'qom-type': 'throttle-group',
-+ 'id': 'thrgr',
-+ 'x-bps-total': str(data_size)
-+ }))
-+ self.vm.add_blockdev(self.vm.qmp_to_opts({
-+ 'driver': imgfmt,
-+ 'node-name': 'base',
-+ 'file': {
-+ 'driver': 'throttle',
-+ 'throttle-group': 'thrgr',
-+ 'file': {
-+ 'driver': 'file',
-+ 'filename': base
-+ }
-+ }
-+ }))
-+ self.vm.add_blockdev(self.vm.qmp_to_opts({
-+ 'driver': imgfmt,
-+ 'node-name': 'top',
-+ 'file': {
-+ 'driver': 'blkdebug',
-+ 'node-name': 'top-blkdebug',
-+ 'inject-error': [{
-+ 'event': 'pwritev',
-+ 'immediately': 'true',
-+ 'once': 'true'
-+ }],
-+ 'image': {
-+ 'driver': 'file',
-+ 'filename': top
-+ }
-+ },
-+ 'backing': 'base'
-+ }))
-+ self.vm.add_device(self.vm.qmp_to_opts({
-+ 'driver': 'virtio-scsi',
-+ 'id': 'vscsi'
-+ }))
-+ self.vm.add_device(self.vm.qmp_to_opts({
-+ 'driver': 'scsi-hd',
-+ 'bus': 'vscsi.0',
-+ 'drive': 'top'
-+ }))
-+ self.vm.launch()
-+
-+ def tearDown(self) -> None:
-+ self.vm.shutdown()
-+ os.remove(top)
-+ os.remove(base)
-+
-+ def test_stream_error_on_reset(self) -> None:
-+ # Launch a stream job, which will take at least a second to
-+ # complete, because the base image is throttled (so we can
-+ # get in between it having started and it having completed)
-+ res = self.vm.qmp('block-stream', job_id='stream', device='top')
-+ self.assert_qmp(res, 'return', {})
-+
-+ while True:
-+ ev = self.vm.event_wait('JOB_STATUS_CHANGE')
-+ if ev['data']['status'] == 'running':
-+ # Once the stream job is running, reset the system, which
-+ # forces the virtio-scsi device to be reset, thus draining
-+ # the stream job, and making it complete. Completing
-+ # inside of that drain should not result in a segfault.
-+ res = self.vm.qmp('system_reset')
-+ self.assert_qmp(res, 'return', {})
-+ elif ev['data']['status'] == 'null':
-+ # The test is done once the job is gone
-+ break
-+
-+
-+if __name__ == '__main__':
-+ # Passes with any format with backing file support, but qed and
-+ # qcow1 do not seem to exercise the used-to-be problematic code
-+ # path, so there is no point in having them in this list
-+ iotests.main(supported_fmts=['qcow2', 'vmdk'],
-+ supported_protocols=['file'])
-diff --git a/tests/qemu-iotests/tests/stream-error-on-reset.out b/tests/qemu-iotests/tests/stream-error-on-reset.out
-new file mode 100644
-index 0000000000..ae1213e6f8
---- /dev/null
-+++ b/tests/qemu-iotests/tests/stream-error-on-reset.out
-@@ -0,0 +1,5 @@
-+.
-+----------------------------------------------------------------------
-+Ran 1 tests
-+
-+OK
---
-2.27.0
-
diff --git a/SOURCES/kvm-iotests.py-Add-QemuStorageDaemon-class.patch b/SOURCES/kvm-iotests.py-Add-QemuStorageDaemon-class.patch
deleted file mode 100644
index b215d23..0000000
--- a/SOURCES/kvm-iotests.py-Add-QemuStorageDaemon-class.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From c21502a220d107261c9a8627158f357489d86543 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Fri, 4 Feb 2022 12:10:09 +0100
-Subject: [PATCH 5/8] iotests.py: Add QemuStorageDaemon class
-
-RH-Author: Hanna Reitz <hreitz@redhat.com>
-RH-MergeRequest: 74: block/nbd: Handle AioContext changes
-RH-Commit: [3/6] 5da1cda4d025c1bd7029ed8071b4ccf25459a878 (hreitz/qemu-kvm-c-9-s)
-RH-Bugzilla: 2033626
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-
-This is a rather simple class that allows creating a QSD instance
-running in the background and stopping it when no longer needed.
-
-The __del__ handler is a safety net for when something goes so wrong in
-a test that e.g. the tearDown() method is not called (e.g. setUp()
-launches the QSD, but then launching a VM fails). We do not want the
-QSD to continue running after the test has failed, so __del__() will
-take care to kill it.
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-(cherry picked from commit 091dc7b2b5553a529bff9a7bf9ad3bc85bc5bdcd)
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- tests/qemu-iotests/iotests.py | 40 +++++++++++++++++++++++++++++++++++
- 1 file changed, 40 insertions(+)
-
-diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
-index 83bfedb902..a51b5ce8cd 100644
---- a/tests/qemu-iotests/iotests.py
-+++ b/tests/qemu-iotests/iotests.py
-@@ -72,6 +72,8 @@
- qemu_prog = os.environ.get('QEMU_PROG', 'qemu')
- qemu_opts = os.environ.get('QEMU_OPTIONS', '').strip().split(' ')
-
-+qsd_prog = os.environ.get('QSD_PROG', 'qemu-storage-daemon')
-+
- gdb_qemu_env = os.environ.get('GDB_OPTIONS')
- qemu_gdb = []
- if gdb_qemu_env:
-@@ -312,6 +314,44 @@ def cmd(self, cmd):
- return self._read_output()
-
-
-+class QemuStorageDaemon:
-+ def __init__(self, *args: str, instance_id: str = 'a'):
-+ assert '--pidfile' not in args
-+ self.pidfile = os.path.join(test_dir, f'qsd-{instance_id}-pid')
-+ all_args = [qsd_prog] + list(args) + ['--pidfile', self.pidfile]
-+
-+ # Cannot use with here, we want the subprocess to stay around
-+ # pylint: disable=consider-using-with
-+ self._p = subprocess.Popen(all_args)
-+ while not os.path.exists(self.pidfile):
-+ if self._p.poll() is not None:
-+ cmd = ' '.join(all_args)
-+ raise RuntimeError(
-+ 'qemu-storage-daemon terminated with exit code ' +
-+ f'{self._p.returncode}: {cmd}')
-+
-+ time.sleep(0.01)
-+
-+ with open(self.pidfile, encoding='utf-8') as f:
-+ self._pid = int(f.read().strip())
-+
-+ assert self._pid == self._p.pid
-+
-+ def stop(self, kill_signal=15):
-+ self._p.send_signal(kill_signal)
-+ self._p.wait()
-+ self._p = None
-+
-+ try:
-+ os.remove(self.pidfile)
-+ except OSError:
-+ pass
-+
-+ def __del__(self):
-+ if self._p is not None:
-+ self.stop(kill_signal=9)
-+
-+
- def qemu_nbd(*args):
- '''Run qemu-nbd in daemon mode and return the parent's exit code'''
- return subprocess.call(qemu_nbd_args + ['--fork'] + list(args))
---
-2.27.0
-
diff --git a/SOURCES/kvm-kvm-don-t-use-perror-without-useful-errno.patch b/SOURCES/kvm-kvm-don-t-use-perror-without-useful-errno.patch
new file mode 100644
index 0000000..a78c089
--- /dev/null
+++ b/SOURCES/kvm-kvm-don-t-use-perror-without-useful-errno.patch
@@ -0,0 +1,62 @@
+From 9ddefaedf423ec03eadaf17496c14e0d7b2381c8 Mon Sep 17 00:00:00 2001
+From: Cornelia Huck <cohuck@redhat.com>
+Date: Thu, 28 Jul 2022 16:24:46 +0200
+Subject: [PATCH 30/32] kvm: don't use perror() without useful errno
+
+RH-Author: Cornelia Huck <cohuck@redhat.com>
+RH-MergeRequest: 110: kvm: don't use perror() without useful errno
+RH-Commit: [1/1] 20e51aac6767c1f89f74c7d692d1fb7689eff5f0 (cohuck/qemu-kvm-c9s)
+RH-Bugzilla: 2095608
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+
+perror() is designed to append the decoded errno value to a
+string. This, however, only makes sense if we called something that
+actually sets errno prior to that.
+
+For the callers that check for split irqchip support that is not the
+case, and we end up with confusing error messages that end in
+"success". Use error_report() instead.
+
+Signed-off-by: Cornelia Huck <cohuck@redhat.com>
+Message-Id: <20220728142446.438177-1-cohuck@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2095608
+(cherry picked from commit 47c182fe8b03c0c40059fb95840923e65c9bdb4f)
+Signed-off-by: Cornelia Huck <cohuck@redhat.com>
+---
+ accel/kvm/kvm-all.c | 2 +-
+ target/arm/kvm.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
+index 5f1377ca04..e9c7947640 100644
+--- a/accel/kvm/kvm-all.c
++++ b/accel/kvm/kvm-all.c
+@@ -2254,7 +2254,7 @@ static void kvm_irqchip_create(KVMState *s)
+ ret = kvm_arch_irqchip_create(s);
+ if (ret == 0) {
+ if (s->kernel_irqchip_split == ON_OFF_AUTO_ON) {
+- perror("Split IRQ chip mode not supported.");
++ error_report("Split IRQ chip mode not supported.");
+ exit(1);
+ } else {
+ ret = kvm_vm_ioctl(s, KVM_CREATE_IRQCHIP);
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index bbf1ce7ba3..0a2ba1f8e3 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -960,7 +960,7 @@ void kvm_arch_init_irq_routing(KVMState *s)
+ int kvm_arch_irqchip_create(KVMState *s)
+ {
+ if (kvm_kernel_irqchip_split()) {
+- perror("-machine kernel_irqchip=split is not supported on ARM.");
++ error_report("-machine kernel_irqchip=split is not supported on ARM.");
+ exit(1);
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch b/SOURCES/kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch
index cc90e17..f12b8ec 100644
--- a/SOURCES/kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch
+++ b/SOURCES/kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch
@@ -1,17 +1,16 @@
-From 0cd0c916715c43f71cf249bafa2829b42aa67267 Mon Sep 17 00:00:00 2001
+From 49d9c9dced7278517105e9cfec34ea4af716432d Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu, 9 Jun 2022 17:47:12 +0100
-Subject: [PATCH 2/2] linux-aio: explain why max batch is checked in
+Subject: [PATCH 6/6] linux-aio: explain why max batch is checked in
laio_io_unplug()
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
-RH-MergeRequest: 210: linux-aio: fix unbalanced plugged counter in laio_io_unplug()
-RH-Bugzilla: 2109569
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-MergeRequest: 102: linux-aio: fix unbalanced plugged counter in laio_io_unplug()
+RH-Commit: [2/2] b3d6421086bde50d4baad2343b2df89c5f66950e (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2092788
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Alberto Faria <None>
-RH-Commit: [2/2] caed03e006e8004d3c0670b24e4454a94274d7d9
It may not be obvious why laio_io_unplug() checks max batch. I discussed
this with Stefano and have added a comment summarizing the reason.
@@ -29,10 +28,10 @@ Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
1 file changed, 6 insertions(+)
diff --git a/block/linux-aio.c b/block/linux-aio.c
-index 77f17ad596..85650c4222 100644
+index 6078da7e42..9c2393a2f7 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
-@@ -362,6 +362,12 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
+@@ -365,6 +365,12 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
assert(s->io_q.plugged);
s->io_q.plugged--;
diff --git a/SOURCES/kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch b/SOURCES/kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
index f583f3e..ed9b5ee 100644
--- a/SOURCES/kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
+++ b/SOURCES/kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
@@ -1,17 +1,16 @@
-From 9c5a68878b3c6ec16c94dfcfe388a830df8deb2f Mon Sep 17 00:00:00 2001
+From e7326c3a7e0fc022aa5c0ae07bc1e19ad1b6f2ed Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu, 9 Jun 2022 17:47:11 +0100
-Subject: [PATCH 1/2] linux-aio: fix unbalanced plugged counter in
+Subject: [PATCH 5/6] linux-aio: fix unbalanced plugged counter in
laio_io_unplug()
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
-RH-MergeRequest: 210: linux-aio: fix unbalanced plugged counter in laio_io_unplug()
-RH-Bugzilla: 2109569
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-MergeRequest: 102: linux-aio: fix unbalanced plugged counter in laio_io_unplug()
+RH-Commit: [1/2] 8a71da371c72521f1d70b8767ee564575e0d522b (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2092788
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Alberto Faria <None>
-RH-Commit: [1/2] bc1fa9b401cffb712f09935aba861d1a0bf74421
Every laio_io_plug() call has a matching laio_io_unplug() call. There is
a plugged counter that tracks the number of levels of plugging and
@@ -37,10 +36,10 @@ Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/block/linux-aio.c b/block/linux-aio.c
-index f53ae72e21..77f17ad596 100644
+index 4c423fcccf..6078da7e42 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
-@@ -360,8 +360,10 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
+@@ -363,8 +363,10 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
uint64_t dev_max_batch)
{
assert(s->io_q.plugged);
diff --git a/SOURCES/kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch b/SOURCES/kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
deleted file mode 100644
index 5ff2734..0000000
--- a/SOURCES/kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From b169059c8fbf15c3ffeec0f68b938cb9febd8db7 Mon Sep 17 00:00:00 2001
-From: Peter Xu <peterx@redhat.com>
-Date: Tue, 30 Nov 2021 16:00:28 +0800
-Subject: [PATCH 5/6] memory: Fix incorrect calls of log_global_start/stop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Peter Xu <peterx@redhat.com>
-RH-MergeRequest: 77: memory: Fix qemu crash on continuous migrations of stopped VM
-RH-Commit: [1/2] 6271ee689266b24d29d4c87f60e5b096ef5f5d63 (peterx/qemu-kvm)
-RH-Bugzilla: 2044818
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: David Hildenbrand <david@redhat.com>
-RH-Acked-by: quintela1 <quintela@redhat.com>
-
-We should only call the log_global_start/stop when the global dirty track
-bitmask changes from zero<->non-zero.
-
-No real issue reported for this yet probably because no immediate user to
-enable both dirty rate measurement and migration at the same time. However
-it'll be good to be prepared for it.
-
-Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask")
-Cc: qemu-stable@nongnu.org
-Cc: Hyman Huang <huangy81@chinatelecom.cn>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Cc: Juan Quintela <quintela@redhat.com>
-Cc: David Hildenbrand <david@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Message-Id: <20211130080028.6474-1-peterx@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-(cherry picked from commit 7b0538ed3a22ce30817f818449d10701fb0821f9)
-Signed-off-by: Peter Xu <peterx@redhat.com>
----
- softmmu/memory.c | 27 ++++++++++++++-------------
- 1 file changed, 14 insertions(+), 13 deletions(-)
-
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index 7340e19ff5..81d4bf1454 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -2773,6 +2773,8 @@ static VMChangeStateEntry *vmstate_change;
-
- void memory_global_dirty_log_start(unsigned int flags)
- {
-+ unsigned int old_flags = global_dirty_tracking;
-+
- if (vmstate_change) {
- qemu_del_vm_change_state_handler(vmstate_change);
- vmstate_change = NULL;
-@@ -2781,15 +2783,14 @@ void memory_global_dirty_log_start(unsigned int flags)
- assert(flags && !(flags & (~GLOBAL_DIRTY_MASK)));
- assert(!(global_dirty_tracking & flags));
- global_dirty_tracking |= flags;
--
- trace_global_dirty_changed(global_dirty_tracking);
-
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
--
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
-+ if (!old_flags) {
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ }
- }
-
- static void memory_global_dirty_log_do_stop(unsigned int flags)
-@@ -2800,12 +2801,12 @@ static void memory_global_dirty_log_do_stop(unsigned int flags)
-
- trace_global_dirty_changed(global_dirty_tracking);
-
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
--
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ if (!global_dirty_tracking) {
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ }
- }
-
- static void memory_vm_change_state_handler(void *opaque, bool running,
---
-2.27.0
-
diff --git a/SOURCES/kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch b/SOURCES/kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch
deleted file mode 100644
index 5ea0007..0000000
--- a/SOURCES/kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-From b3ed8e344c733bc8c2223c1b9e424a9fbcea56d4 Mon Sep 17 00:00:00 2001
-From: Peter Xu <peterx@redhat.com>
-Date: Mon, 7 Feb 2022 20:30:19 +0800
-Subject: [PATCH 6/6] memory: Fix qemu crash on starting dirty log twice with
- stopped VM
-
-RH-Author: Peter Xu <peterx@redhat.com>
-RH-MergeRequest: 77: memory: Fix qemu crash on continuous migrations of stopped VM
-RH-Commit: [2/2] 98ed2ef6226ec80a1896ebb554015aded0dc0c18 (peterx/qemu-kvm)
-RH-Bugzilla: 2044818
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: David Hildenbrand <david@redhat.com>
-RH-Acked-by: quintela1 <quintela@redhat.com>
-
-QEMU can now easily crash with two continuous migration carried out:
-
-(qemu) migrate -d exec:cat>out
-(qemu) migrate_cancel
-(qemu) migrate -d exec:cat>out
-[crash] ../softmmu/memory.c:2782: memory_global_dirty_log_start: Assertion
-`!(global_dirty_tracking & flags)' failed.
-
-It's because memory API provides a way to postpone dirty log stop if the VM is
-stopped, and that'll be re-done until the next VM start. It was added in 2017
-with commit 1931076077 ("migration: optimize the downtime", 2017-08-01).
-
-However the recent work on allowing dirty tracking to be bitmask broke it,
-which is commit 63b41db4bc ("memory: make global_dirty_tracking a bitmask",
-2021-11-01).
-
-The fix proposed in this patch contains two things:
-
- (1) Instead of passing over the flags to postpone stop dirty track, we add a
- global variable (along with current vmstate_change variable) to record
- what flags to stop dirty tracking.
-
- (2) When start dirty tracking, instead if remove the vmstate hook directly,
- we also execute the postponed stop process so that we make sure all the
- starts and stops will be paired.
-
-This procedure is overlooked in the bitmask-ify work in 2021.
-
-Cc: Hyman Huang <huangy81@chinatelecom.cn>
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2044818
-Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask")
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Message-Id: <20220207123019.27223-1-peterx@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit a5c90c61a118027b86155cffdf4fe4e2e9de1020)
-Signed-off-by: Peter Xu <peterx@redhat.com>
----
- softmmu/memory.c | 61 +++++++++++++++++++++++++++++++++++-------------
- 1 file changed, 45 insertions(+), 16 deletions(-)
-
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index 81d4bf1454..0311e362ee 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -2769,19 +2769,32 @@ void memory_global_after_dirty_log_sync(void)
- MEMORY_LISTENER_CALL_GLOBAL(log_global_after_sync, Forward);
- }
-
-+/*
-+ * Dirty track stop flags that are postponed due to VM being stopped. Should
-+ * only be used within vmstate_change hook.
-+ */
-+static unsigned int postponed_stop_flags;
- static VMChangeStateEntry *vmstate_change;
-+static void memory_global_dirty_log_stop_postponed_run(void);
-
- void memory_global_dirty_log_start(unsigned int flags)
- {
-- unsigned int old_flags = global_dirty_tracking;
-+ unsigned int old_flags;
-+
-+ assert(flags && !(flags & (~GLOBAL_DIRTY_MASK)));
-
- if (vmstate_change) {
-- qemu_del_vm_change_state_handler(vmstate_change);
-- vmstate_change = NULL;
-+ /* If there is postponed stop(), operate on it first */
-+ postponed_stop_flags &= ~flags;
-+ memory_global_dirty_log_stop_postponed_run();
- }
-
-- assert(flags && !(flags & (~GLOBAL_DIRTY_MASK)));
-- assert(!(global_dirty_tracking & flags));
-+ flags &= ~global_dirty_tracking;
-+ if (!flags) {
-+ return;
-+ }
-+
-+ old_flags = global_dirty_tracking;
- global_dirty_tracking |= flags;
- trace_global_dirty_changed(global_dirty_tracking);
-
-@@ -2809,29 +2822,45 @@ static void memory_global_dirty_log_do_stop(unsigned int flags)
- }
- }
-
-+/*
-+ * Execute the postponed dirty log stop operations if there is, then reset
-+ * everything (including the flags and the vmstate change hook).
-+ */
-+static void memory_global_dirty_log_stop_postponed_run(void)
-+{
-+ /* This must be called with the vmstate handler registered */
-+ assert(vmstate_change);
-+
-+ /* Note: postponed_stop_flags can be cleared in log start routine */
-+ if (postponed_stop_flags) {
-+ memory_global_dirty_log_do_stop(postponed_stop_flags);
-+ postponed_stop_flags = 0;
-+ }
-+
-+ qemu_del_vm_change_state_handler(vmstate_change);
-+ vmstate_change = NULL;
-+}
-+
- static void memory_vm_change_state_handler(void *opaque, bool running,
- RunState state)
- {
-- unsigned int flags = (unsigned int)(uintptr_t)opaque;
- if (running) {
-- memory_global_dirty_log_do_stop(flags);
--
-- if (vmstate_change) {
-- qemu_del_vm_change_state_handler(vmstate_change);
-- vmstate_change = NULL;
-- }
-+ memory_global_dirty_log_stop_postponed_run();
- }
- }
-
- void memory_global_dirty_log_stop(unsigned int flags)
- {
- if (!runstate_is_running()) {
-+ /* Postpone the dirty log stop, e.g., to when VM starts again */
- if (vmstate_change) {
-- return;
-+ /* Batch with previous postponed flags */
-+ postponed_stop_flags |= flags;
-+ } else {
-+ postponed_stop_flags = flags;
-+ vmstate_change = qemu_add_vm_change_state_handler(
-+ memory_vm_change_state_handler, NULL);
- }
-- vmstate_change = qemu_add_vm_change_state_handler(
-- memory_vm_change_state_handler,
-- (void *)(uintptr_t)flags);
- return;
- }
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-meson-create-have_vhost_-variables.patch b/SOURCES/kvm-meson-create-have_vhost_-variables.patch
new file mode 100644
index 0000000..fcae620
--- /dev/null
+++ b/SOURCES/kvm-meson-create-have_vhost_-variables.patch
@@ -0,0 +1,154 @@
+From 51c310097832724bafac26aed81399da40128400 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:50:43 +0200
+Subject: [PATCH 05/32] meson: create have_vhost_* variables
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [5/27] 3b30f89e6d639923dc9d9a92a4261bb4509e5c83 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 2a3129a37652e5e81d12f6e16dd3c447f09831f9
+Author: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed Apr 20 17:34:05 2022 +0200
+
+ meson: create have_vhost_* variables
+
+ When using Meson options rather than config-host.h, the "when" clauses
+ have to be changed to if statements (which is not necessarily great,
+ though at least it highlights which parts of the build are per-target
+ and which are not).
+
+ Do that before moving vhost logic to meson.build, though for now
+ the variables are just based on config-host.mak data.
+
+ Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ meson.build | 30 ++++++++++++++++++++----------
+ tests/meson.build | 2 +-
+ tools/meson.build | 2 +-
+ 3 files changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 13e3323380..735f538497 100644
+--- a/meson.build
++++ b/meson.build
+@@ -298,6 +298,15 @@ have_tpm = get_option('tpm') \
+ .require(targetos != 'windows', error_message: 'TPM emulation only available on POSIX systems') \
+ .allowed()
+
++# vhost
++have_vhost_user = 'CONFIG_VHOST_USER' in config_host
++have_vhost_vdpa = 'CONFIG_VHOST_VDPA' in config_host
++have_vhost_kernel = 'CONFIG_VHOST_KERNEL' in config_host
++have_vhost_net_user = 'CONFIG_VHOST_NET_USER' in config_host
++have_vhost_net_vdpa = 'CONFIG_VHOST_NET_VDPA' in config_host
++have_vhost_net = 'CONFIG_VHOST_NET' in config_host
++have_vhost_user_crypto = 'CONFIG_VHOST_CRYPTO' in config_host
++
+ # Target-specific libraries and flags
+ libm = cc.find_library('m', required: false)
+ threads = dependency('threads')
+@@ -1335,7 +1344,7 @@ has_statx_mnt_id = cc.links(statx_mnt_id_test)
+ have_vhost_user_blk_server = get_option('vhost_user_blk_server') \
+ .require(targetos == 'linux',
+ error_message: 'vhost_user_blk_server requires linux') \
+- .require('CONFIG_VHOST_USER' in config_host,
++ .require(have_vhost_user,
+ error_message: 'vhost_user_blk_server requires vhost-user support') \
+ .disable_auto_if(not have_system) \
+ .allowed()
+@@ -2116,9 +2125,9 @@ host_kconfig = \
+ (have_ivshmem ? ['CONFIG_IVSHMEM=y'] : []) + \
+ ('CONFIG_OPENGL' in config_host ? ['CONFIG_OPENGL=y'] : []) + \
+ (x11.found() ? ['CONFIG_X11=y'] : []) + \
+- ('CONFIG_VHOST_USER' in config_host ? ['CONFIG_VHOST_USER=y'] : []) + \
+- ('CONFIG_VHOST_VDPA' in config_host ? ['CONFIG_VHOST_VDPA=y'] : []) + \
+- ('CONFIG_VHOST_KERNEL' in config_host ? ['CONFIG_VHOST_KERNEL=y'] : []) + \
++ (have_vhost_user ? ['CONFIG_VHOST_USER=y'] : []) + \
++ (have_vhost_vdpa ? ['CONFIG_VHOST_VDPA=y'] : []) + \
++ (have_vhost_kernel ? ['CONFIG_VHOST_KERNEL=y'] : []) + \
+ (have_virtfs ? ['CONFIG_VIRTFS=y'] : []) + \
+ ('CONFIG_LINUX' in config_host ? ['CONFIG_LINUX=y'] : []) + \
+ ('CONFIG_PVRDMA' in config_host ? ['CONFIG_PVRDMA=y'] : []) + \
+@@ -2799,7 +2808,7 @@ if have_system or have_user
+ endif
+
+ vhost_user = not_found
+-if targetos == 'linux' and 'CONFIG_VHOST_USER' in config_host
++if targetos == 'linux' and have_vhost_user
+ libvhost_user = subproject('libvhost-user')
+ vhost_user = libvhost_user.get_variable('vhost_user_dep')
+ endif
+@@ -3386,7 +3395,7 @@ if have_tools
+ dependencies: qemuutil,
+ install: true)
+
+- if 'CONFIG_VHOST_USER' in config_host
++ if have_vhost_user
+ subdir('contrib/vhost-user-blk')
+ subdir('contrib/vhost-user-gpu')
+ subdir('contrib/vhost-user-input')
+@@ -3516,15 +3525,16 @@ if 'simple' in get_option('trace_backends')
+ endif
+ summary_info += {'D-Bus display': dbus_display}
+ summary_info += {'QOM debugging': get_option('qom_cast_debug')}
+-summary_info += {'vhost-kernel support': config_host.has_key('CONFIG_VHOST_KERNEL')}
+-summary_info += {'vhost-net support': config_host.has_key('CONFIG_VHOST_NET')}
+-summary_info += {'vhost-crypto support': config_host.has_key('CONFIG_VHOST_CRYPTO')}
++summary_info += {'vhost-kernel support': have_vhost_kernel}
++summary_info += {'vhost-net support': have_vhost_net}
++summary_info += {'vhost-user support': have_vhost_user}
++summary_info += {'vhost-user-crypto support': have_vhost_user_crypto}
+ summary_info += {'vhost-scsi support': config_host.has_key('CONFIG_VHOST_SCSI')}
+ summary_info += {'vhost-vsock support': config_host.has_key('CONFIG_VHOST_VSOCK')}
+-summary_info += {'vhost-user support': config_host.has_key('CONFIG_VHOST_USER')}
+ summary_info += {'vhost-user-blk server support': have_vhost_user_blk_server}
+ summary_info += {'vhost-user-fs support': config_host.has_key('CONFIG_VHOST_USER_FS')}
+ summary_info += {'vhost-vdpa support': config_host.has_key('CONFIG_VHOST_VDPA')}
++summary_info += {'vhost-vdpa support': have_vhost_vdpa}
+ summary_info += {'build guest agent': have_ga}
+ summary(summary_info, bool_yn: true, section: 'Configurable features')
+
+diff --git a/tests/meson.build b/tests/meson.build
+index 1d05109eb4..bbe41c8559 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -70,7 +70,7 @@ test_deps = {
+ 'test-qht-par': qht_bench,
+ }
+
+-if have_tools and 'CONFIG_VHOST_USER' in config_host and 'CONFIG_LINUX' in config_host
++if have_tools and have_vhost_user and 'CONFIG_LINUX' in config_host
+ executable('vhost-user-bridge',
+ sources: files('vhost-user-bridge.c'),
+ dependencies: [qemuutil, vhost_user])
+diff --git a/tools/meson.build b/tools/meson.build
+index 46977af84f..10eb3a043f 100644
+--- a/tools/meson.build
++++ b/tools/meson.build
+@@ -3,7 +3,7 @@ have_virtiofsd = get_option('virtiofsd') \
+ error_message: 'virtiofsd requires Linux') \
+ .require(seccomp.found() and libcap_ng.found(),
+ error_message: 'virtiofsd requires libcap-ng-devel and seccomp-devel') \
+- .require('CONFIG_VHOST_USER' in config_host,
++ .require(have_vhost_user,
+ error_message: 'virtiofsd needs vhost-user-support') \
+ .disable_auto_if(not have_tools and not have_system) \
+ .allowed()
+--
+2.31.1
+
diff --git a/SOURCES/kvm-meson-use-have_vhost_-variables-to-pick-sources.patch b/SOURCES/kvm-meson-use-have_vhost_-variables-to-pick-sources.patch
new file mode 100644
index 0000000..99d86c1
--- /dev/null
+++ b/SOURCES/kvm-meson-use-have_vhost_-variables-to-pick-sources.patch
@@ -0,0 +1,213 @@
+From a7d57a09e33275d5e6649273b5c9da1bc3c92491 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:51:53 +0200
+Subject: [PATCH 06/32] meson: use have_vhost_* variables to pick sources
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [6/27] bc3db1efb759c0bc97fde2f4fbb3d6dc404c8d3d (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 43b6d7ee1fbc5b5fb7c85d8131fdac1863214ad6
+Author: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed Apr 20 17:34:06 2022 +0200
+
+ meson: use have_vhost_* variables to pick sources
+
+ Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ Kconfig.host | 3 ---
+ backends/meson.build | 8 ++++++--
+ hw/net/meson.build | 8 ++++++--
+ hw/virtio/Kconfig | 3 ---
+ hw/virtio/meson.build | 25 ++++++++++++++++---------
+ meson.build | 1 +
+ net/meson.build | 12 +++++++-----
+ tests/qtest/meson.build | 4 +++-
+ 8 files changed, 39 insertions(+), 25 deletions(-)
+
+diff --git a/Kconfig.host b/Kconfig.host
+index 60b9c07b5e..1165c4eacd 100644
+--- a/Kconfig.host
++++ b/Kconfig.host
+@@ -22,15 +22,12 @@ config TPM
+
+ config VHOST_USER
+ bool
+- select VHOST
+
+ config VHOST_VDPA
+ bool
+- select VHOST
+
+ config VHOST_KERNEL
+ bool
+- select VHOST
+
+ config VIRTFS
+ bool
+diff --git a/backends/meson.build b/backends/meson.build
+index 6e68945528..cb92f639ca 100644
+--- a/backends/meson.build
++++ b/backends/meson.build
+@@ -12,9 +12,13 @@ softmmu_ss.add([files(
+ softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files('rng-random.c'))
+ softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files('hostmem-file.c'))
+ softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-memfd.c'))
+-softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO'], if_true: files('vhost-user.c'))
++if have_vhost_user
++ softmmu_ss.add(when: 'CONFIG_VIRTIO', if_true: files('vhost-user.c'))
++endif
+ softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vhost.c'))
+-softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_true: files('cryptodev-vhost-user.c'))
++if have_vhost_user_crypto
++ softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vhost-user.c'))
++endif
+ softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio])
+ softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c'))
+
+diff --git a/hw/net/meson.build b/hw/net/meson.build
+index 685b75badb..ebac261542 100644
+--- a/hw/net/meson.build
++++ b/hw/net/meson.build
+@@ -46,8 +46,12 @@ specific_ss.add(when: 'CONFIG_XILINX_ETHLITE', if_true: files('xilinx_ethlite.c'
+ softmmu_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('net_rx_pkt.c'))
+ specific_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('virtio-net.c'))
+
+-softmmu_ss.add(when: ['CONFIG_VIRTIO_NET', 'CONFIG_VHOST_NET'], if_true: files('vhost_net.c'), if_false: files('vhost_net-stub.c'))
+-softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost_net-stub.c'))
++if have_vhost_net
++ softmmu_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('vhost_net.c'), if_false: files('vhost_net-stub.c'))
++ softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost_net-stub.c'))
++else
++ softmmu_ss.add(files('vhost_net-stub.c'))
++endif
+
+ softmmu_ss.add(when: 'CONFIG_ETSEC', if_true: files(
+ 'fsl_etsec/etsec.c',
+diff --git a/hw/virtio/Kconfig b/hw/virtio/Kconfig
+index c144d42f9b..8ca7b3d9d6 100644
+--- a/hw/virtio/Kconfig
++++ b/hw/virtio/Kconfig
+@@ -1,6 +1,3 @@
+-config VHOST
+- bool
+-
+ config VIRTIO
+ bool
+
+diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build
+index 67dc77e00f..30a832eb4a 100644
+--- a/hw/virtio/meson.build
++++ b/hw/virtio/meson.build
+@@ -2,18 +2,22 @@ softmmu_virtio_ss = ss.source_set()
+ softmmu_virtio_ss.add(files('virtio-bus.c'))
+ softmmu_virtio_ss.add(when: 'CONFIG_VIRTIO_PCI', if_true: files('virtio-pci.c'))
+ softmmu_virtio_ss.add(when: 'CONFIG_VIRTIO_MMIO', if_true: files('virtio-mmio.c'))
+-softmmu_virtio_ss.add(when: 'CONFIG_VHOST', if_false: files('vhost-stub.c'))
+-
+-softmmu_ss.add_all(when: 'CONFIG_VIRTIO', if_true: softmmu_virtio_ss)
+-softmmu_ss.add(when: 'CONFIG_VIRTIO', if_false: files('vhost-stub.c'))
+-
+-softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost-stub.c'))
+
+ virtio_ss = ss.source_set()
+ virtio_ss.add(files('virtio.c'))
+-virtio_ss.add(when: 'CONFIG_VHOST', if_true: files('vhost.c', 'vhost-backend.c', 'vhost-iova-tree.c'))
+-virtio_ss.add(when: 'CONFIG_VHOST_USER', if_true: files('vhost-user.c'))
+-virtio_ss.add(when: 'CONFIG_VHOST_VDPA', if_true: files('vhost-shadow-virtqueue.c', 'vhost-vdpa.c'))
++
++if have_vhost
++ virtio_ss.add(files('vhost.c', 'vhost-backend.c', 'vhost-iova-tree.c'))
++ if have_vhost_user
++ virtio_ss.add(files('vhost-user.c'))
++ endif
++ if have_vhost_vdpa
++ virtio_ss.add(files('vhost-vdpa.c', 'vhost-shadow-virtqueue.c'))
++ endif
++else
++ softmmu_virtio_ss.add(files('vhost-stub.c'))
++endif
++
+ virtio_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-balloon.c'))
+ virtio_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('virtio-crypto.c'))
+ virtio_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VIRTIO_PCI'], if_true: files('virtio-crypto-pci.c'))
+@@ -53,3 +57,6 @@ virtio_pci_ss.add(when: 'CONFIG_VIRTIO_MEM', if_true: files('virtio-mem-pci.c'))
+ virtio_ss.add_all(when: 'CONFIG_VIRTIO_PCI', if_true: virtio_pci_ss)
+
+ specific_ss.add_all(when: 'CONFIG_VIRTIO', if_true: virtio_ss)
++softmmu_ss.add_all(when: 'CONFIG_VIRTIO', if_true: softmmu_virtio_ss)
++softmmu_ss.add(when: 'CONFIG_VIRTIO', if_false: files('vhost-stub.c'))
++softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost-stub.c'))
+diff --git a/meson.build b/meson.build
+index 735f538497..9ba675f098 100644
+--- a/meson.build
++++ b/meson.build
+@@ -305,6 +305,7 @@ have_vhost_kernel = 'CONFIG_VHOST_KERNEL' in config_host
+ have_vhost_net_user = 'CONFIG_VHOST_NET_USER' in config_host
+ have_vhost_net_vdpa = 'CONFIG_VHOST_NET_VDPA' in config_host
+ have_vhost_net = 'CONFIG_VHOST_NET' in config_host
++have_vhost = have_vhost_user or have_vhost_vdpa or have_vhost_kernel
+ have_vhost_user_crypto = 'CONFIG_VHOST_CRYPTO' in config_host
+
+ # Target-specific libraries and flags
+diff --git a/net/meson.build b/net/meson.build
+index 847bc2ac85..c965e83b26 100644
+--- a/net/meson.build
++++ b/net/meson.build
+@@ -26,10 +26,10 @@ softmmu_ss.add(when: vde, if_true: files('vde.c'))
+ if have_netmap
+ softmmu_ss.add(files('netmap.c'))
+ endif
+-vhost_user_ss = ss.source_set()
+-vhost_user_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('vhost-user.c'), if_false: files('vhost-user-stub.c'))
+-softmmu_ss.add_all(when: 'CONFIG_VHOST_NET_USER', if_true: vhost_user_ss)
+-softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost-user-stub.c'))
++if have_vhost_net_user
++ softmmu_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('vhost-user.c'), if_false: files('vhost-user-stub.c'))
++ softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost-user-stub.c'))
++endif
+
+ softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('tap-linux.c'))
+ softmmu_ss.add(when: 'CONFIG_BSD', if_true: files('tap-bsd.c'))
+@@ -40,6 +40,8 @@ if not config_host.has_key('CONFIG_LINUX') and not config_host.has_key('CONFIG_B
+ endif
+ softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files(tap_posix))
+ softmmu_ss.add(when: 'CONFIG_WIN32', if_true: files('tap-win32.c'))
+-softmmu_ss.add(when: 'CONFIG_VHOST_NET_VDPA', if_true: files('vhost-vdpa.c'))
++if have_vhost_net_vdpa
++ softmmu_ss.add(files('vhost-vdpa.c'))
++endif
+
+ subdir('can')
+diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
+index 67cd32def1..9f550df900 100644
+--- a/tests/qtest/meson.build
++++ b/tests/qtest/meson.build
+@@ -269,7 +269,9 @@ qos_test_ss.add(
+ if have_virtfs
+ qos_test_ss.add(files('virtio-9p-test.c'))
+ endif
+-qos_test_ss.add(when: 'CONFIG_VHOST_USER', if_true: files('vhost-user-test.c'))
++if have_vhost_user
++ qos_test_ss.add(files('vhost-user-test.c'))
++endif
+ if have_tools and have_vhost_user_blk_server
+ qos_test_ss.add(files('vhost-user-blk-test.c'))
+ endif
+--
+2.31.1
+
diff --git a/SOURCES/kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch b/SOURCES/kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch
new file mode 100644
index 0000000..0da63bf
--- /dev/null
+++ b/SOURCES/kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch
@@ -0,0 +1,87 @@
+From 7c489b54b0bb33445113fbf16e88feb23be68013 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:30 -0300
+Subject: [PATCH 07/18] meson.build: Fix docker-test-build@alpine when
+ including linux/errqueue.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [1/11] f058eb846fcf611d527a1dd3b0cc399cdc17e3ee (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+A build error happens in alpine CI when linux/errqueue.h is included
+in io/channel-socket.c, due to redefining of 'struct __kernel_timespec':
+
+===
+ninja: job failed: [...]
+In file included from /usr/include/linux/errqueue.h:6,
+ from ../io/channel-socket.c:29:
+/usr/include/linux/time_types.h:7:8: error: redefinition of 'struct __kernel_timespec'
+ 7 | struct __kernel_timespec {
+ | ^~~~~~~~~~~~~~~~~
+In file included from /usr/include/liburing.h:19,
+ from /builds/user/qemu/include/block/aio.h:18,
+ from /builds/user/qemu/include/io/channel.h:26,
+ from /builds/user/qemu/include/io/channel-socket.h:24,
+ from ../io/channel-socket.c:24:
+/usr/include/liburing/compat.h:9:8: note: originally defined here
+ 9 | struct __kernel_timespec {
+ | ^~~~~~~~~~~~~~~~~
+ninja: subcommand failed
+===
+
+As above error message suggests, 'struct __kernel_timespec' was already
+defined by liburing/compat.h.
+
+Fix alpine CI by adding test to disable liburing in configure step if a
+redefinition happens between linux/errqueue.h and liburing/compat.h.
+
+[dgilbert: This has been fixed in Alpine issue 13813 and liburing]
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Message-Id: <20220513062836.965425-2-leobras@redhat.com>
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 354081d43de44ebd3497fe08f7f0121a5517d528)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ meson.build | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index 5a7c10e639..13e3323380 100644
+--- a/meson.build
++++ b/meson.build
+@@ -471,12 +471,23 @@ if not get_option('linux_aio').auto() or have_block
+ required: get_option('linux_aio'),
+ kwargs: static_kwargs)
+ endif
++
++linux_io_uring_test = '''
++ #include <liburing.h>
++ #include <linux/errqueue.h>
++
++ int main(void) { return 0; }'''
++
+ linux_io_uring = not_found
+ if not get_option('linux_io_uring').auto() or have_block
+ linux_io_uring = dependency('liburing', version: '>=0.3',
+ required: get_option('linux_io_uring'),
+ method: 'pkg-config', kwargs: static_kwargs)
++ if not cc.links(linux_io_uring_test)
++ linux_io_uring = not_found
++ endif
+ endif
++
+ libnfs = not_found
+ if not get_option('libnfs').auto() or have_block
+ libnfs = dependency('libnfs', version: '>=1.9.3',
+--
+2.35.3
+
diff --git a/SOURCES/kvm-migration-Add-migrate_use_tls-helper.patch b/SOURCES/kvm-migration-Add-migrate_use_tls-helper.patch
new file mode 100644
index 0000000..0fe0d91
--- /dev/null
+++ b/SOURCES/kvm-migration-Add-migrate_use_tls-helper.patch
@@ -0,0 +1,106 @@
+From 828f6c106eedcb7a48e551ffda15af56ff92a899 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:34 -0300
+Subject: [PATCH 11/18] migration: Add migrate_use_tls() helper
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [5/11] 06e945297c3b9c0ce5864885aafcdba1e5746bc2 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+A lot of places check parameters.tls_creds in order to evaluate if TLS is
+in use, and sometimes call migrate_get_current() just for that test.
+
+Add new helper function migrate_use_tls() in order to simplify testing
+for TLS usage.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-Id: <20220513062836.965425-6-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit d2fafb6a6814a8998607d0baf691265032996a0f)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/channel.c | 3 +--
+ migration/migration.c | 9 +++++++++
+ migration/migration.h | 1 +
+ migration/multifd.c | 5 +----
+ 4 files changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/migration/channel.c b/migration/channel.c
+index c4fc000a1a..086b5c0d8b 100644
+--- a/migration/channel.c
++++ b/migration/channel.c
+@@ -38,8 +38,7 @@ void migration_channel_process_incoming(QIOChannel *ioc)
+ trace_migration_set_incoming_channel(
+ ioc, object_get_typename(OBJECT(ioc)));
+
+- if (s->parameters.tls_creds &&
+- *s->parameters.tls_creds &&
++ if (migrate_use_tls() &&
+ !object_dynamic_cast(OBJECT(ioc),
+ TYPE_QIO_CHANNEL_TLS)) {
+ migration_tls_channel_process_incoming(s, ioc, &local_err);
+diff --git a/migration/migration.c b/migration/migration.c
+index 0a6b3b9f4d..d91efb66fe 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -2582,6 +2582,15 @@ bool migrate_use_zero_copy_send(void)
+ }
+ #endif
+
++int migrate_use_tls(void)
++{
++ MigrationState *s;
++
++ s = migrate_get_current();
++
++ return s->parameters.tls_creds && *s->parameters.tls_creds;
++}
++
+ int migrate_use_xbzrle(void)
+ {
+ MigrationState *s;
+diff --git a/migration/migration.h b/migration/migration.h
+index 5bcb7628ef..c2cabb8a14 100644
+--- a/migration/migration.h
++++ b/migration/migration.h
+@@ -381,6 +381,7 @@ bool migrate_use_zero_copy_send(void);
+ #else
+ #define migrate_use_zero_copy_send() (false)
+ #endif
++int migrate_use_tls(void);
+ int migrate_use_xbzrle(void);
+ uint64_t migrate_xbzrle_cache_size(void);
+ bool migrate_colo_enabled(void);
+diff --git a/migration/multifd.c b/migration/multifd.c
+index 76b57a7177..43998ad117 100644
+--- a/migration/multifd.c
++++ b/migration/multifd.c
+@@ -784,14 +784,11 @@ static bool multifd_channel_connect(MultiFDSendParams *p,
+ QIOChannel *ioc,
+ Error *error)
+ {
+- MigrationState *s = migrate_get_current();
+-
+ trace_multifd_set_outgoing_channel(
+ ioc, object_get_typename(OBJECT(ioc)), p->tls_hostname, error);
+
+ if (!error) {
+- if (s->parameters.tls_creds &&
+- *s->parameters.tls_creds &&
++ if (migrate_use_tls() &&
+ !object_dynamic_cast(OBJECT(ioc),
+ TYPE_QIO_CHANNEL_TLS)) {
+ multifd_tls_channel_connect(p, ioc, &error);
+--
+2.35.3
+
diff --git a/SOURCES/kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch b/SOURCES/kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch
new file mode 100644
index 0000000..206ac3d
--- /dev/null
+++ b/SOURCES/kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch
@@ -0,0 +1,250 @@
+From d6500340dc3c1152b5efe04ef3daa50c17a55e30 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:33 -0300
+Subject: [PATCH 10/18] migration: Add zero-copy-send parameter for QMP/HMP for
+ Linux
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [4/11] 514d98d595992c53ff98de750035e080ded8972e (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Add property that allows zero-copy migration of memory pages
+on the sending side, and also includes a helper function
+migrate_use_zero_copy_send() to check if it's enabled.
+
+No code is introduced to actually do the migration, but it allow
+future implementations to enable/disable this feature.
+
+On non-Linux builds this parameter is compiled-out.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Message-Id: <20220513062836.965425-5-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit abb6295b3ace5d17c3a65936913fc346616dbf14)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/migration.c | 32 ++++++++++++++++++++++++++++++++
+ migration/migration.h | 5 +++++
+ migration/socket.c | 11 +++++++++--
+ monitor/hmp-cmds.c | 6 ++++++
+ qapi/migration.json | 24 ++++++++++++++++++++++++
+ 5 files changed, 76 insertions(+), 2 deletions(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 695f0f2900..0a6b3b9f4d 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -899,6 +899,10 @@ MigrationParameters *qmp_query_migrate_parameters(Error **errp)
+ params->multifd_zlib_level = s->parameters.multifd_zlib_level;
+ params->has_multifd_zstd_level = true;
+ params->multifd_zstd_level = s->parameters.multifd_zstd_level;
++#ifdef CONFIG_LINUX
++ params->has_zero_copy_send = true;
++ params->zero_copy_send = s->parameters.zero_copy_send;
++#endif
+ params->has_xbzrle_cache_size = true;
+ params->xbzrle_cache_size = s->parameters.xbzrle_cache_size;
+ params->has_max_postcopy_bandwidth = true;
+@@ -1555,6 +1559,11 @@ static void migrate_params_test_apply(MigrateSetParameters *params,
+ if (params->has_multifd_compression) {
+ dest->multifd_compression = params->multifd_compression;
+ }
++#ifdef CONFIG_LINUX
++ if (params->has_zero_copy_send) {
++ dest->zero_copy_send = params->zero_copy_send;
++ }
++#endif
+ if (params->has_xbzrle_cache_size) {
+ dest->xbzrle_cache_size = params->xbzrle_cache_size;
+ }
+@@ -1667,6 +1676,11 @@ static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
+ if (params->has_multifd_compression) {
+ s->parameters.multifd_compression = params->multifd_compression;
+ }
++#ifdef CONFIG_LINUX
++ if (params->has_zero_copy_send) {
++ s->parameters.zero_copy_send = params->zero_copy_send;
++ }
++#endif
+ if (params->has_xbzrle_cache_size) {
+ s->parameters.xbzrle_cache_size = params->xbzrle_cache_size;
+ xbzrle_cache_resize(params->xbzrle_cache_size, errp);
+@@ -2557,6 +2571,17 @@ int migrate_multifd_zstd_level(void)
+ return s->parameters.multifd_zstd_level;
+ }
+
++#ifdef CONFIG_LINUX
++bool migrate_use_zero_copy_send(void)
++{
++ MigrationState *s;
++
++ s = migrate_get_current();
++
++ return s->parameters.zero_copy_send;
++}
++#endif
++
+ int migrate_use_xbzrle(void)
+ {
+ MigrationState *s;
+@@ -4200,6 +4225,10 @@ static Property migration_properties[] = {
+ DEFINE_PROP_UINT8("multifd-zstd-level", MigrationState,
+ parameters.multifd_zstd_level,
+ DEFAULT_MIGRATE_MULTIFD_ZSTD_LEVEL),
++#ifdef CONFIG_LINUX
++ DEFINE_PROP_BOOL("zero_copy_send", MigrationState,
++ parameters.zero_copy_send, false),
++#endif
+ DEFINE_PROP_SIZE("xbzrle-cache-size", MigrationState,
+ parameters.xbzrle_cache_size,
+ DEFAULT_MIGRATE_XBZRLE_CACHE_SIZE),
+@@ -4297,6 +4326,9 @@ static void migration_instance_init(Object *obj)
+ params->has_multifd_compression = true;
+ params->has_multifd_zlib_level = true;
+ params->has_multifd_zstd_level = true;
++#ifdef CONFIG_LINUX
++ params->has_zero_copy_send = true;
++#endif
+ params->has_xbzrle_cache_size = true;
+ params->has_max_postcopy_bandwidth = true;
+ params->has_max_cpu_throttle = true;
+diff --git a/migration/migration.h b/migration/migration.h
+index 2de861df01..5bcb7628ef 100644
+--- a/migration/migration.h
++++ b/migration/migration.h
+@@ -376,6 +376,11 @@ MultiFDCompression migrate_multifd_compression(void);
+ int migrate_multifd_zlib_level(void);
+ int migrate_multifd_zstd_level(void);
+
++#ifdef CONFIG_LINUX
++bool migrate_use_zero_copy_send(void);
++#else
++#define migrate_use_zero_copy_send() (false)
++#endif
+ int migrate_use_xbzrle(void);
+ uint64_t migrate_xbzrle_cache_size(void);
+ bool migrate_colo_enabled(void);
+diff --git a/migration/socket.c b/migration/socket.c
+index 05705a32d8..3754d8f72c 100644
+--- a/migration/socket.c
++++ b/migration/socket.c
+@@ -74,9 +74,16 @@ static void socket_outgoing_migration(QIOTask *task,
+
+ if (qio_task_propagate_error(task, &err)) {
+ trace_migration_socket_outgoing_error(error_get_pretty(err));
+- } else {
+- trace_migration_socket_outgoing_connected(data->hostname);
++ goto out;
+ }
++
++ trace_migration_socket_outgoing_connected(data->hostname);
++
++ if (migrate_use_zero_copy_send()) {
++ error_setg(&err, "Zero copy send not available in migration");
++ }
++
++out:
+ migration_channel_connect(data->s, sioc, data->hostname, err);
+ object_unref(OBJECT(sioc));
+ }
+diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
+index 634968498b..55b48d3733 100644
+--- a/monitor/hmp-cmds.c
++++ b/monitor/hmp-cmds.c
+@@ -1309,6 +1309,12 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
+ p->has_multifd_zstd_level = true;
+ visit_type_uint8(v, param, &p->multifd_zstd_level, &err);
+ break;
++#ifdef CONFIG_LINUX
++ case MIGRATION_PARAMETER_ZERO_COPY_SEND:
++ p->has_zero_copy_send = true;
++ visit_type_bool(v, param, &p->zero_copy_send, &err);
++ break;
++#endif
+ case MIGRATION_PARAMETER_XBZRLE_CACHE_SIZE:
+ p->has_xbzrle_cache_size = true;
+ if (!visit_type_size(v, param, &cache_size, &err)) {
+diff --git a/qapi/migration.json b/qapi/migration.json
+index 27d7b28158..4d833ecdd6 100644
+--- a/qapi/migration.json
++++ b/qapi/migration.json
+@@ -741,6 +741,13 @@
+ # will consume more CPU.
+ # Defaults to 1. (Since 5.0)
+ #
++# @zero-copy-send: Controls behavior on sending memory pages on migration.
++# When true, enables a zero-copy mechanism for sending
++# memory pages, if host supports it.
++# Requires that QEMU be permitted to use locked memory
++# for guest RAM pages.
++# Defaults to false. (Since 7.1)
++#
+ # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
+ # aliases for the purpose of dirty bitmap migration. Such
+ # aliases may for example be the corresponding names on the
+@@ -780,6 +787,7 @@
+ 'xbzrle-cache-size', 'max-postcopy-bandwidth',
+ 'max-cpu-throttle', 'multifd-compression',
+ 'multifd-zlib-level' ,'multifd-zstd-level',
++ { 'name': 'zero-copy-send', 'if' : 'CONFIG_LINUX'},
+ 'block-bitmap-mapping' ] }
+
+ ##
+@@ -906,6 +914,13 @@
+ # will consume more CPU.
+ # Defaults to 1. (Since 5.0)
+ #
++# @zero-copy-send: Controls behavior on sending memory pages on migration.
++# When true, enables a zero-copy mechanism for sending
++# memory pages, if host supports it.
++# Requires that QEMU be permitted to use locked memory
++# for guest RAM pages.
++# Defaults to false. (Since 7.1)
++#
+ # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
+ # aliases for the purpose of dirty bitmap migration. Such
+ # aliases may for example be the corresponding names on the
+@@ -960,6 +975,7 @@
+ '*multifd-compression': 'MultiFDCompression',
+ '*multifd-zlib-level': 'uint8',
+ '*multifd-zstd-level': 'uint8',
++ '*zero-copy-send': { 'type': 'bool', 'if': 'CONFIG_LINUX' },
+ '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } }
+
+ ##
+@@ -1106,6 +1122,13 @@
+ # will consume more CPU.
+ # Defaults to 1. (Since 5.0)
+ #
++# @zero-copy-send: Controls behavior on sending memory pages on migration.
++# When true, enables a zero-copy mechanism for sending
++# memory pages, if host supports it.
++# Requires that QEMU be permitted to use locked memory
++# for guest RAM pages.
++# Defaults to false. (Since 7.1)
++#
+ # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
+ # aliases for the purpose of dirty bitmap migration. Such
+ # aliases may for example be the corresponding names on the
+@@ -1158,6 +1181,7 @@
+ '*multifd-compression': 'MultiFDCompression',
+ '*multifd-zlib-level': 'uint8',
+ '*multifd-zstd-level': 'uint8',
++ '*zero-copy-send': { 'type': 'bool', 'if': 'CONFIG_LINUX' },
+ '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } }
+
+ ##
+--
+2.35.3
+
diff --git a/SOURCES/kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch b/SOURCES/kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch
new file mode 100644
index 0000000..29dc0ea
--- /dev/null
+++ b/SOURCES/kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch
@@ -0,0 +1,98 @@
+From fd6f516a94e635bc42e58448f314db575814a834 Mon Sep 17 00:00:00 2001
+From: Peter Xu <peterx@redhat.com>
+Date: Thu, 31 Mar 2022 11:08:45 -0400
+Subject: [PATCH 18/18] migration: Allow migrate-recover to run multiple times
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Peter Xu <peterx@redhat.com>
+RH-MergeRequest: 104: migration: Allow migrate-recover to run multiple times
+RH-Commit: [1/1] afd726e54c069ae800e2d01f34e768d6bac7dcb9 (peterx/qemu-kvm)
+RH-Bugzilla: 2096143
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+Previously migration didn't have an easy way to cleanup the listening
+transport, migrate recovery only allows to execute once. That's done with a
+trick flag in postcopy_recover_triggered.
+
+Now the facility is already there.
+
+Drop postcopy_recover_triggered and instead allows a new migrate-recover to
+release the previous listener transport.
+
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Signed-off-by: Peter Xu <peterx@redhat.com>
+Message-Id: <20220331150857.74406-8-peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 08401c0426bc1a5ce4609afd1cda5dd39abbf9fa)
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ migration/migration.c | 13 ++-----------
+ migration/migration.h | 1 -
+ migration/savevm.c | 3 ---
+ 3 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 2a141bfaf3..8fb3eae910 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -2166,11 +2166,8 @@ void qmp_migrate_recover(const char *uri, Error **errp)
+ return;
+ }
+
+- if (qatomic_cmpxchg(&mis->postcopy_recover_triggered,
+- false, true) == true) {
+- error_setg(errp, "Migrate recovery is triggered already");
+- return;
+- }
++ /* If there's an existing transport, release it */
++ migration_incoming_transport_cleanup(mis);
+
+ /*
+ * Note that this call will never start a real migration; it will
+@@ -2178,12 +2175,6 @@ void qmp_migrate_recover(const char *uri, Error **errp)
+ * to continue using that newly established channel.
+ */
+ qemu_start_incoming_migration(uri, errp);
+-
+- /* Safe to dereference with the assert above */
+- if (*errp) {
+- /* Reset the flag so user could still retry */
+- qatomic_set(&mis->postcopy_recover_triggered, false);
+- }
+ }
+
+ void qmp_migrate_pause(Error **errp)
+diff --git a/migration/migration.h b/migration/migration.h
+index c2cabb8a14..fbc8690ec8 100644
+--- a/migration/migration.h
++++ b/migration/migration.h
+@@ -139,7 +139,6 @@ struct MigrationIncomingState {
+ struct PostcopyBlocktimeContext *blocktime_ctx;
+
+ /* notify PAUSED postcopy incoming migrations to try to continue */
+- bool postcopy_recover_triggered;
+ QemuSemaphore postcopy_pause_sem_dst;
+ QemuSemaphore postcopy_pause_sem_fault;
+
+diff --git a/migration/savevm.c b/migration/savevm.c
+index 02ed94c180..d9076897b8 100644
+--- a/migration/savevm.c
++++ b/migration/savevm.c
+@@ -2589,9 +2589,6 @@ static bool postcopy_pause_incoming(MigrationIncomingState *mis)
+
+ assert(migrate_postcopy_ram());
+
+- /* Clear the triggered bit to allow one recovery */
+- mis->postcopy_recover_triggered = false;
+-
+ /*
+ * Unregister yank with either from/to src would work, since ioc behind it
+ * is the same
+--
+2.35.3
+
diff --git a/SOURCES/kvm-migration-Avoid-false-positive-on-non-supported-scen.patch b/SOURCES/kvm-migration-Avoid-false-positive-on-non-supported-scen.patch
new file mode 100644
index 0000000..9f440eb
--- /dev/null
+++ b/SOURCES/kvm-migration-Avoid-false-positive-on-non-supported-scen.patch
@@ -0,0 +1,93 @@
+From 0753565af588dfa78b3529e359b1590e15fcbdb3 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Tue, 19 Jul 2022 09:23:45 -0300
+Subject: [PATCH 04/11] migration: Avoid false-positive on non-supported
+ scenarios for zero-copy-send
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 111: zero-copy-send fixes & improvements
+RH-Commit: [4/6] f5c7ed6710d92668acb81d0118a71fab0b4e3d43 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 2107466
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+Migration with zero-copy-send currently has it's limitations, as it can't
+be used with TLS nor any kind of compression. In such scenarios, it should
+output errors during parameter / capability setting.
+
+But currently there are some ways of setting this not-supported scenarios
+without printing the error message:
+
+!) For 'compression' capability, it works by enabling it together with
+zero-copy-send. This happens because the validity test for zero-copy uses
+the helper unction migrate_use_compression(), which check for compression
+presence in s->enabled_capabilities[MIGRATION_CAPABILITY_COMPRESS].
+
+The point here is: the validity test happens before the capability gets
+enabled. If all of them get enabled together, this test will not return
+error.
+
+In order to fix that, replace migrate_use_compression() by directly testing
+the cap_list parameter migrate_caps_check().
+
+2) For features enabled by parameters such as TLS & 'multifd_compression',
+there was also a possibility of setting non-supported scenarios: setting
+zero-copy-send first, then setting the unsupported parameter.
+
+In order to fix that, also add a check for parameters conflicting with
+zero-copy-send on migrate_params_check().
+
+3) XBZRLE is also a compression capability, so it makes sense to also add
+it to the list of capabilities which are not supported with zero-copy-send.
+
+Fixes: 1abaec9a1b2c ("migration: Change zero_copy_send from migration parameter to migration capability")
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Message-Id: <20220719122345.253713-1-leobras@redhat.com>
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 90eb69e4f1a16b388d0483543bf6bfc69a9966e4)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/migration.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 3a3a7a4a50..343629d59c 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -1265,7 +1265,9 @@ static bool migrate_caps_check(bool *cap_list,
+ #ifdef CONFIG_LINUX
+ if (cap_list[MIGRATION_CAPABILITY_ZERO_COPY_SEND] &&
+ (!cap_list[MIGRATION_CAPABILITY_MULTIFD] ||
+- migrate_use_compression() ||
++ cap_list[MIGRATION_CAPABILITY_COMPRESS] ||
++ cap_list[MIGRATION_CAPABILITY_XBZRLE] ||
++ migrate_multifd_compression() ||
+ migrate_use_tls())) {
+ error_setg(errp,
+ "Zero copy only available for non-compressed non-TLS multifd migration");
+@@ -1502,6 +1504,17 @@ static bool migrate_params_check(MigrationParameters *params, Error **errp)
+ error_prepend(errp, "Invalid mapping given for block-bitmap-mapping: ");
+ return false;
+ }
++
++#ifdef CONFIG_LINUX
++ if (migrate_use_zero_copy_send() &&
++ ((params->has_multifd_compression && params->multifd_compression) ||
++ (params->has_tls_creds && params->tls_creds && *params->tls_creds))) {
++ error_setg(errp,
++ "Zero copy only available for non-compressed non-TLS multifd migration");
++ return false;
++ }
++#endif
++
+ return true;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-migration-Change-zero_copy_send-from-migration-param.patch b/SOURCES/kvm-migration-Change-zero_copy_send-from-migration-param.patch
new file mode 100644
index 0000000..abeeeb6
--- /dev/null
+++ b/SOURCES/kvm-migration-Change-zero_copy_send-from-migration-param.patch
@@ -0,0 +1,289 @@
+From 7e2a037f3f349c21201152cecce32d8c8ff0bea0 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 20 Jun 2022 02:39:45 -0300
+Subject: [PATCH 17/18] migration: Change zero_copy_send from migration
+ parameter to migration capability
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [11/11] e4a955607947896a49398ac8400241a0adac51a1 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+When originally implemented, zero_copy_send was designed as a Migration
+paramenter.
+
+But taking into account how is that supposed to work, and how
+the difference between a capability and a parameter, it only makes sense
+that zero-copy-send would work better as a capability.
+
+Taking into account how recently the change got merged, it was decided
+that it's still time to make it right, and convert zero_copy_send into
+a Migration capability.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Acked-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Juan Quintela <quintela@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+ dgilbert: always define the capability, even on non-Linux but error if
+set; avoids build problems with the capability
+(cherry picked from commit 1abaec9a1b2c23f7aa94709a422128d9e42c3e0b)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/migration.c | 58 +++++++++++++++++++------------------------
+ monitor/hmp-cmds.c | 6 -----
+ qapi/migration.json | 33 +++++++-----------------
+ 3 files changed, 34 insertions(+), 63 deletions(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 102236fba0..2a141bfaf3 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -163,7 +163,8 @@ INITIALIZE_MIGRATE_CAPS_SET(check_caps_background_snapshot,
+ MIGRATION_CAPABILITY_COMPRESS,
+ MIGRATION_CAPABILITY_XBZRLE,
+ MIGRATION_CAPABILITY_X_COLO,
+- MIGRATION_CAPABILITY_VALIDATE_UUID);
++ MIGRATION_CAPABILITY_VALIDATE_UUID,
++ MIGRATION_CAPABILITY_ZERO_COPY_SEND);
+
+ /* When we add fault tolerance, we could have several
+ migrations at once. For now we don't need to add
+@@ -899,10 +900,6 @@ MigrationParameters *qmp_query_migrate_parameters(Error **errp)
+ params->multifd_zlib_level = s->parameters.multifd_zlib_level;
+ params->has_multifd_zstd_level = true;
+ params->multifd_zstd_level = s->parameters.multifd_zstd_level;
+-#ifdef CONFIG_LINUX
+- params->has_zero_copy_send = true;
+- params->zero_copy_send = s->parameters.zero_copy_send;
+-#endif
+ params->has_xbzrle_cache_size = true;
+ params->xbzrle_cache_size = s->parameters.xbzrle_cache_size;
+ params->has_max_postcopy_bandwidth = true;
+@@ -1263,6 +1260,24 @@ static bool migrate_caps_check(bool *cap_list,
+ }
+ }
+
++#ifdef CONFIG_LINUX
++ if (cap_list[MIGRATION_CAPABILITY_ZERO_COPY_SEND] &&
++ (!cap_list[MIGRATION_CAPABILITY_MULTIFD] ||
++ migrate_use_compression() ||
++ migrate_use_tls())) {
++ error_setg(errp,
++ "Zero copy only available for non-compressed non-TLS multifd migration");
++ return false;
++ }
++#else
++ if (cap_list[MIGRATION_CAPABILITY_ZERO_COPY_SEND]) {
++ error_setg(errp,
++ "Zero copy currently only available on Linux");
++ return false;
++ }
++#endif
++
++
+ /* incoming side only */
+ if (runstate_check(RUN_STATE_INMIGRATE) &&
+ !migrate_multifd_is_allowed() &&
+@@ -1485,16 +1500,6 @@ static bool migrate_params_check(MigrationParameters *params, Error **errp)
+ error_prepend(errp, "Invalid mapping given for block-bitmap-mapping: ");
+ return false;
+ }
+-#ifdef CONFIG_LINUX
+- if (params->zero_copy_send &&
+- (!migrate_use_multifd() ||
+- params->multifd_compression != MULTIFD_COMPRESSION_NONE ||
+- (params->tls_creds && *params->tls_creds))) {
+- error_setg(errp,
+- "Zero copy only available for non-compressed non-TLS multifd migration");
+- return false;
+- }
+-#endif
+ return true;
+ }
+
+@@ -1568,11 +1573,6 @@ static void migrate_params_test_apply(MigrateSetParameters *params,
+ if (params->has_multifd_compression) {
+ dest->multifd_compression = params->multifd_compression;
+ }
+-#ifdef CONFIG_LINUX
+- if (params->has_zero_copy_send) {
+- dest->zero_copy_send = params->zero_copy_send;
+- }
+-#endif
+ if (params->has_xbzrle_cache_size) {
+ dest->xbzrle_cache_size = params->xbzrle_cache_size;
+ }
+@@ -1685,11 +1685,6 @@ static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
+ if (params->has_multifd_compression) {
+ s->parameters.multifd_compression = params->multifd_compression;
+ }
+-#ifdef CONFIG_LINUX
+- if (params->has_zero_copy_send) {
+- s->parameters.zero_copy_send = params->zero_copy_send;
+- }
+-#endif
+ if (params->has_xbzrle_cache_size) {
+ s->parameters.xbzrle_cache_size = params->xbzrle_cache_size;
+ xbzrle_cache_resize(params->xbzrle_cache_size, errp);
+@@ -2587,7 +2582,7 @@ bool migrate_use_zero_copy_send(void)
+
+ s = migrate_get_current();
+
+- return s->parameters.zero_copy_send;
++ return s->enabled_capabilities[MIGRATION_CAPABILITY_ZERO_COPY_SEND];
+ }
+ #endif
+
+@@ -4243,10 +4238,6 @@ static Property migration_properties[] = {
+ DEFINE_PROP_UINT8("multifd-zstd-level", MigrationState,
+ parameters.multifd_zstd_level,
+ DEFAULT_MIGRATE_MULTIFD_ZSTD_LEVEL),
+-#ifdef CONFIG_LINUX
+- DEFINE_PROP_BOOL("zero_copy_send", MigrationState,
+- parameters.zero_copy_send, false),
+-#endif
+ DEFINE_PROP_SIZE("xbzrle-cache-size", MigrationState,
+ parameters.xbzrle_cache_size,
+ DEFAULT_MIGRATE_XBZRLE_CACHE_SIZE),
+@@ -4284,6 +4275,10 @@ static Property migration_properties[] = {
+ DEFINE_PROP_MIG_CAP("x-multifd", MIGRATION_CAPABILITY_MULTIFD),
+ DEFINE_PROP_MIG_CAP("x-background-snapshot",
+ MIGRATION_CAPABILITY_BACKGROUND_SNAPSHOT),
++#ifdef CONFIG_LINUX
++ DEFINE_PROP_MIG_CAP("x-zero-copy-send",
++ MIGRATION_CAPABILITY_ZERO_COPY_SEND),
++#endif
+
+ DEFINE_PROP_END_OF_LIST(),
+ };
+@@ -4344,9 +4339,6 @@ static void migration_instance_init(Object *obj)
+ params->has_multifd_compression = true;
+ params->has_multifd_zlib_level = true;
+ params->has_multifd_zstd_level = true;
+-#ifdef CONFIG_LINUX
+- params->has_zero_copy_send = true;
+-#endif
+ params->has_xbzrle_cache_size = true;
+ params->has_max_postcopy_bandwidth = true;
+ params->has_max_cpu_throttle = true;
+diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
+index 55b48d3733..634968498b 100644
+--- a/monitor/hmp-cmds.c
++++ b/monitor/hmp-cmds.c
+@@ -1309,12 +1309,6 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
+ p->has_multifd_zstd_level = true;
+ visit_type_uint8(v, param, &p->multifd_zstd_level, &err);
+ break;
+-#ifdef CONFIG_LINUX
+- case MIGRATION_PARAMETER_ZERO_COPY_SEND:
+- p->has_zero_copy_send = true;
+- visit_type_bool(v, param, &p->zero_copy_send, &err);
+- break;
+-#endif
+ case MIGRATION_PARAMETER_XBZRLE_CACHE_SIZE:
+ p->has_xbzrle_cache_size = true;
+ if (!visit_type_size(v, param, &cache_size, &err)) {
+diff --git a/qapi/migration.json b/qapi/migration.json
+index 4d833ecdd6..5105790cd0 100644
+--- a/qapi/migration.json
++++ b/qapi/migration.json
+@@ -463,6 +463,13 @@
+ # procedure starts. The VM RAM is saved with running VM.
+ # (since 6.0)
+ #
++# @zero-copy-send: Controls behavior on sending memory pages on migration.
++# When true, enables a zero-copy mechanism for sending
++# memory pages, if host supports it.
++# Requires that QEMU be permitted to use locked memory
++# for guest RAM pages.
++# (since 7.1)
++#
+ # Features:
+ # @unstable: Members @x-colo and @x-ignore-shared are experimental.
+ #
+@@ -476,7 +483,8 @@
+ 'block', 'return-path', 'pause-before-switchover', 'multifd',
+ 'dirty-bitmaps', 'postcopy-blocktime', 'late-block-activate',
+ { 'name': 'x-ignore-shared', 'features': [ 'unstable' ] },
+- 'validate-uuid', 'background-snapshot'] }
++ 'validate-uuid', 'background-snapshot',
++ 'zero-copy-send'] }
+
+ ##
+ # @MigrationCapabilityStatus:
+@@ -741,12 +749,6 @@
+ # will consume more CPU.
+ # Defaults to 1. (Since 5.0)
+ #
+-# @zero-copy-send: Controls behavior on sending memory pages on migration.
+-# When true, enables a zero-copy mechanism for sending
+-# memory pages, if host supports it.
+-# Requires that QEMU be permitted to use locked memory
+-# for guest RAM pages.
+-# Defaults to false. (Since 7.1)
+ #
+ # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
+ # aliases for the purpose of dirty bitmap migration. Such
+@@ -787,7 +789,6 @@
+ 'xbzrle-cache-size', 'max-postcopy-bandwidth',
+ 'max-cpu-throttle', 'multifd-compression',
+ 'multifd-zlib-level' ,'multifd-zstd-level',
+- { 'name': 'zero-copy-send', 'if' : 'CONFIG_LINUX'},
+ 'block-bitmap-mapping' ] }
+
+ ##
+@@ -914,13 +915,6 @@
+ # will consume more CPU.
+ # Defaults to 1. (Since 5.0)
+ #
+-# @zero-copy-send: Controls behavior on sending memory pages on migration.
+-# When true, enables a zero-copy mechanism for sending
+-# memory pages, if host supports it.
+-# Requires that QEMU be permitted to use locked memory
+-# for guest RAM pages.
+-# Defaults to false. (Since 7.1)
+-#
+ # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
+ # aliases for the purpose of dirty bitmap migration. Such
+ # aliases may for example be the corresponding names on the
+@@ -975,7 +969,6 @@
+ '*multifd-compression': 'MultiFDCompression',
+ '*multifd-zlib-level': 'uint8',
+ '*multifd-zstd-level': 'uint8',
+- '*zero-copy-send': { 'type': 'bool', 'if': 'CONFIG_LINUX' },
+ '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } }
+
+ ##
+@@ -1122,13 +1115,6 @@
+ # will consume more CPU.
+ # Defaults to 1. (Since 5.0)
+ #
+-# @zero-copy-send: Controls behavior on sending memory pages on migration.
+-# When true, enables a zero-copy mechanism for sending
+-# memory pages, if host supports it.
+-# Requires that QEMU be permitted to use locked memory
+-# for guest RAM pages.
+-# Defaults to false. (Since 7.1)
+-#
+ # @block-bitmap-mapping: Maps block nodes and bitmaps on them to
+ # aliases for the purpose of dirty bitmap migration. Such
+ # aliases may for example be the corresponding names on the
+@@ -1181,7 +1167,6 @@
+ '*multifd-compression': 'MultiFDCompression',
+ '*multifd-zlib-level': 'uint8',
+ '*multifd-zstd-level': 'uint8',
+- '*zero-copy-send': { 'type': 'bool', 'if': 'CONFIG_LINUX' },
+ '*block-bitmap-mapping': [ 'BitmapMigrationNodeAlias' ] } }
+
+ ##
+--
+2.35.3
+
diff --git a/SOURCES/kvm-migration-Fix-operator-type.patch b/SOURCES/kvm-migration-Fix-operator-type.patch
new file mode 100644
index 0000000..f6a462a
--- /dev/null
+++ b/SOURCES/kvm-migration-Fix-operator-type.patch
@@ -0,0 +1,47 @@
+From 4bd48e784ae0c38c89f1a944b06c997fd28c4d37 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Thu, 19 May 2022 04:15:33 -0400
+Subject: [PATCH 16/16] migration: Fix operator type
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+RH-MergeRequest: 92: Fix build using clang 14
+RH-Commit: [1/1] ad9980e64cf2e39085d68f1ff601444bf2afe228 (mrezanin/centos-src-qemu-kvm)
+RH-Bugzilla: 2064530
+RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+Clang spotted an & that should have been an &&; fix it.
+
+Reported by: David Binderman / https://gitlab.com/dcb
+Fixes: 65dacaa04fa ("migration: introduce save_normal_page()")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/963
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Message-Id: <20220406102515.96320-1-dgilbert@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit f912ec5b2d65644116ff496b58d7c9145c19e4c0)
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ migration/ram.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/migration/ram.c b/migration/ram.c
+index 3532f64ecb..0ef4bd63eb 100644
+--- a/migration/ram.c
++++ b/migration/ram.c
+@@ -1289,7 +1289,7 @@ static int save_normal_page(RAMState *rs, RAMBlock *block, ram_addr_t offset,
+ offset | RAM_SAVE_FLAG_PAGE));
+ if (async) {
+ qemu_put_buffer_async(rs->f, buf, TARGET_PAGE_SIZE,
+- migrate_release_ram() &
++ migrate_release_ram() &&
+ migration_in_postcopy());
+ } else {
+ qemu_put_buffer(rs->f, buf, TARGET_PAGE_SIZE);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-migration-add-remaining-params-has_-true-in-migratio.patch b/SOURCES/kvm-migration-add-remaining-params-has_-true-in-migratio.patch
new file mode 100644
index 0000000..bcaff3b
--- /dev/null
+++ b/SOURCES/kvm-migration-add-remaining-params-has_-true-in-migratio.patch
@@ -0,0 +1,62 @@
+From 9698c0e8dd9b4f5dbc237a3f98ac46297dac85fb Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 25 Jul 2022 22:02:35 -0300
+Subject: [PATCH 05/11] migration: add remaining params->has_* = true in
+ migration_instance_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 111: zero-copy-send fixes & improvements
+RH-Commit: [5/6] 50bbad254e2356b3ae16f6e00a3db8fd0b22dde9 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 2107466
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+Some of params->has_* = true are missing in migration_instance_init, this
+causes migrate_params_check() to skip some tests, allowing some
+unsupported scenarios.
+
+Fix this by adding all missing params->has_* = true in
+migration_instance_init().
+
+Fixes: 69ef1f36b0 ("migration: define 'tls-creds' and 'tls-hostname' migration parameters")
+Fixes: 1d58872a91 ("migration: do not wait for free thread")
+Fixes: d2f1d29b95 ("migration: add support for a "tls-authz" migration parameter")
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Message-Id: <20220726010235.342927-1-leobras@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit df67aa3e61e2c83459da7d815962d9706f1528fc)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/migration.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 343629d59c..5e78028df4 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -4332,6 +4332,7 @@ static void migration_instance_init(Object *obj)
+ /* Set has_* up only for parameter checks */
+ params->has_compress_level = true;
+ params->has_compress_threads = true;
++ params->has_compress_wait_thread = true;
+ params->has_decompress_threads = true;
+ params->has_throttle_trigger_threshold = true;
+ params->has_cpu_throttle_initial = true;
+@@ -4352,6 +4353,9 @@ static void migration_instance_init(Object *obj)
+ params->has_announce_max = true;
+ params->has_announce_rounds = true;
+ params->has_announce_step = true;
++ params->has_tls_creds = true;
++ params->has_tls_hostname = true;
++ params->has_tls_authz = true;
+
+ qemu_sem_init(&ms->postcopy_pause_sem, 0);
+ qemu_sem_init(&ms->postcopy_pause_rp_sem, 0);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch b/SOURCES/kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch
new file mode 100644
index 0000000..d7b1ab3
--- /dev/null
+++ b/SOURCES/kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch
@@ -0,0 +1,83 @@
+From 78bbe28d5f5691330239041448cccfb339eed779 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Mon, 11 Jul 2022 18:11:13 -0300
+Subject: [PATCH 03/11] migration/multifd: Report to user when zerocopy not
+ working
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 111: zero-copy-send fixes & improvements
+RH-Commit: [3/6] 4f9165325b3cb8ff16d8b3b7649ff780fae0e2ad (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 2107466
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+
+Some errors, like the lack of Scatter-Gather support by the network
+interface(NETIF_F_SG) may cause sendmsg(...,MSG_ZEROCOPY) to fail on using
+zero-copy, which causes it to fall back to the default copying mechanism.
+
+After each full dirty-bitmap scan there should be a zero-copy flush
+happening, which checks for errors each of the previous calls to
+sendmsg(...,MSG_ZEROCOPY). If all of them failed to use zero-copy, then
+increment dirty_sync_missed_zero_copy migration stat to let the user know
+about it.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Acked-by: Peter Xu <peterx@redhat.com>
+Message-Id: <20220711211112.18951-4-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit d59c40cc483729f2e67c80e58df769ad19976fe9)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/multifd.c | 2 ++
+ migration/ram.c | 5 +++++
+ migration/ram.h | 2 ++
+ 3 files changed, 9 insertions(+)
+
+diff --git a/migration/multifd.c b/migration/multifd.c
+index 0b5b41c53f..96e5f0a058 100644
+--- a/migration/multifd.c
++++ b/migration/multifd.c
+@@ -626,6 +626,8 @@ int multifd_send_sync_main(QEMUFile *f)
+ if (ret < 0) {
+ error_report_err(err);
+ return -1;
++ } else if (ret == 1) {
++ dirty_sync_missed_zero_copy();
+ }
+ }
+ }
+diff --git a/migration/ram.c b/migration/ram.c
+index ee40e4a718..c437ff1b1f 100644
+--- a/migration/ram.c
++++ b/migration/ram.c
+@@ -406,6 +406,11 @@ static void ram_transferred_add(uint64_t bytes)
+ ram_counters.transferred += bytes;
+ }
+
++void dirty_sync_missed_zero_copy(void)
++{
++ ram_counters.dirty_sync_missed_zero_copy++;
++}
++
+ /* used by the search for pages to send */
+ struct PageSearchStatus {
+ /* Current block being searched */
+diff --git a/migration/ram.h b/migration/ram.h
+index 2c6dc3675d..34adf5cb92 100644
+--- a/migration/ram.h
++++ b/migration/ram.h
+@@ -86,4 +86,6 @@ void ram_write_tracking_prepare(void);
+ int ram_write_tracking_start(void);
+ void ram_write_tracking_stop(void);
+
++void dirty_sync_missed_zero_copy(void);
++
+ #endif
+--
+2.31.1
+
diff --git a/SOURCES/kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch b/SOURCES/kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch
new file mode 100644
index 0000000..ea89a9f
--- /dev/null
+++ b/SOURCES/kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch
@@ -0,0 +1,142 @@
+From 1d280070748b604c60a7be4d4c3c3a28e3964f37 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Tue, 2 Aug 2022 10:11:21 +0200
+Subject: [PATCH 31/32] multifd: Copy pages before compressing them with zlib
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 112: Fix postcopy migration on s390x
+RH-Commit: [1/2] fd5a0221e22b4563bd1cb7f8a8b95f0bfe8f5fc9 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2099934
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2099934
+
+zlib_send_prepare() compresses pages of a running VM. zlib does not
+make any thread-safety guarantees with respect to changing deflate()
+input concurrently with deflate() [1].
+
+One can observe problems due to this with the IBM zEnterprise Data
+Compression accelerator capable zlib [2]. When the hardware
+acceleration is enabled, migration/multifd/tcp/plain/zlib test fails
+intermittently [3] due to sliding window corruption. The accelerator's
+architecture explicitly discourages concurrent accesses [4]:
+
+ Page 26-57, "Other Conditions":
+
+ As observed by this CPU, other CPUs, and channel
+ programs, references to the parameter block, first,
+ second, and third operands may be multiple-access
+ references, accesses to these storage locations are
+ not necessarily block-concurrent, and the sequence
+ of these accesses or references is undefined.
+
+Mark Adler pointed out that vanilla zlib performs double fetches under
+certain circumstances as well [5], therefore we need to copy data
+before passing it to deflate().
+
+[1] https://zlib.net/manual.html
+[2] https://github.com/madler/zlib/pull/410
+[3] https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg03988.html
+[4] http://publibfp.dhe.ibm.com/epubs/pdf/a227832c.pdf
+[5] https://lists.gnu.org/archive/html/qemu-devel/2022-07/msg00889.html
+
+Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
+Message-Id: <20220705203559.2960949-1-iii@linux.ibm.com>
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 007e179ef0e97eafda4c9ff2a9d665a1947c7c6d)
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ migration/multifd-zlib.c | 38 ++++++++++++++++++++++++++++++--------
+ 1 file changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/migration/multifd-zlib.c b/migration/multifd-zlib.c
+index 3a7ae44485..18213a9513 100644
+--- a/migration/multifd-zlib.c
++++ b/migration/multifd-zlib.c
+@@ -27,6 +27,8 @@ struct zlib_data {
+ uint8_t *zbuff;
+ /* size of compressed buffer */
+ uint32_t zbuff_len;
++ /* uncompressed buffer of size qemu_target_page_size() */
++ uint8_t *buf;
+ };
+
+ /* Multifd zlib compression */
+@@ -45,26 +47,38 @@ static int zlib_send_setup(MultiFDSendParams *p, Error **errp)
+ {
+ struct zlib_data *z = g_new0(struct zlib_data, 1);
+ z_stream *zs = &z->zs;
++ const char *err_msg;
+
+ zs->zalloc = Z_NULL;
+ zs->zfree = Z_NULL;
+ zs->opaque = Z_NULL;
+ if (deflateInit(zs, migrate_multifd_zlib_level()) != Z_OK) {
+- g_free(z);
+- error_setg(errp, "multifd %u: deflate init failed", p->id);
+- return -1;
++ err_msg = "deflate init failed";
++ goto err_free_z;
+ }
+ /* This is the maxium size of the compressed buffer */
+ z->zbuff_len = compressBound(MULTIFD_PACKET_SIZE);
+ z->zbuff = g_try_malloc(z->zbuff_len);
+ if (!z->zbuff) {
+- deflateEnd(&z->zs);
+- g_free(z);
+- error_setg(errp, "multifd %u: out of memory for zbuff", p->id);
+- return -1;
++ err_msg = "out of memory for zbuff";
++ goto err_deflate_end;
++ }
++ z->buf = g_try_malloc(qemu_target_page_size());
++ if (!z->buf) {
++ err_msg = "out of memory for buf";
++ goto err_free_zbuff;
+ }
+ p->data = z;
+ return 0;
++
++err_free_zbuff:
++ g_free(z->zbuff);
++err_deflate_end:
++ deflateEnd(&z->zs);
++err_free_z:
++ g_free(z);
++ error_setg(errp, "multifd %u: %s", p->id, err_msg);
++ return -1;
+ }
+
+ /**
+@@ -82,6 +96,8 @@ static void zlib_send_cleanup(MultiFDSendParams *p, Error **errp)
+ deflateEnd(&z->zs);
+ g_free(z->zbuff);
+ z->zbuff = NULL;
++ g_free(z->buf);
++ z->buf = NULL;
+ g_free(p->data);
+ p->data = NULL;
+ }
+@@ -114,8 +130,14 @@ static int zlib_send_prepare(MultiFDSendParams *p, Error **errp)
+ flush = Z_SYNC_FLUSH;
+ }
+
++ /*
++ * Since the VM might be running, the page may be changing concurrently
++ * with compression. zlib does not guarantee that this is safe,
++ * therefore copy the page before calling deflate().
++ */
++ memcpy(z->buf, p->pages->block->host + p->normal[i], page_size);
+ zs->avail_in = page_size;
+- zs->next_in = p->pages->block->host + p->normal[i];
++ zs->next_in = z->buf;
+
+ zs->avail_out = available;
+ zs->next_out = z->zbuff + out_size;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch b/SOURCES/kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch
new file mode 100644
index 0000000..c7159e1
--- /dev/null
+++ b/SOURCES/kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch
@@ -0,0 +1,182 @@
+From c1a2866d158ac67179fa0d17f1710302eb9a3866 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:37 -0300
+Subject: [PATCH 14/18] multifd: Implement zero copy write in multifd migration
+ (multifd-zero-copy)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [8/11] b93009cc94b2cc4b464b4f68ebfb37b870dd6f7d (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Implement zero copy send on nocomp_send_write(), by making use of QIOChannel
+writev + flags & flush interface.
+
+Change multifd_send_sync_main() so flush_zero_copy() can be called
+after each iteration in order to make sure all dirty pages are sent before
+a new iteration is started. It will also flush at the beginning and at the
+end of migration.
+
+Also make it return -1 if flush_zero_copy() fails, in order to cancel
+the migration process, and avoid resuming the guest in the target host
+without receiving all current RAM.
+
+This will work fine on RAM migration because the RAM pages are not usually freed,
+and there is no problem on changing the pages content between writev_zero_copy() and
+the actual sending of the buffer, because this change will dirty the page and
+cause it to be re-sent on a next iteration anyway.
+
+A lot of locked memory may be needed in order to use multifd migration
+with zero-copy enabled, so disabling the feature should be necessary for
+low-privileged users trying to perform multifd migrations.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-Id: <20220513062836.965425-9-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 5b1d9bab2da4fca3a3caee97c430e5709cb32b7b)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/migration.c | 11 ++++++++++-
+ migration/multifd.c | 37 +++++++++++++++++++++++++++++++++++--
+ migration/multifd.h | 2 ++
+ migration/socket.c | 5 +++--
+ 4 files changed, 50 insertions(+), 5 deletions(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index d91efb66fe..102236fba0 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -1485,7 +1485,16 @@ static bool migrate_params_check(MigrationParameters *params, Error **errp)
+ error_prepend(errp, "Invalid mapping given for block-bitmap-mapping: ");
+ return false;
+ }
+-
++#ifdef CONFIG_LINUX
++ if (params->zero_copy_send &&
++ (!migrate_use_multifd() ||
++ params->multifd_compression != MULTIFD_COMPRESSION_NONE ||
++ (params->tls_creds && *params->tls_creds))) {
++ error_setg(errp,
++ "Zero copy only available for non-compressed non-TLS multifd migration");
++ return false;
++ }
++#endif
+ return true;
+ }
+
+diff --git a/migration/multifd.c b/migration/multifd.c
+index 8fca6c970e..0b5b41c53f 100644
+--- a/migration/multifd.c
++++ b/migration/multifd.c
+@@ -571,6 +571,7 @@ void multifd_save_cleanup(void)
+ int multifd_send_sync_main(QEMUFile *f)
+ {
+ int i;
++ bool flush_zero_copy;
+
+ if (!migrate_use_multifd()) {
+ return 0;
+@@ -581,6 +582,20 @@ int multifd_send_sync_main(QEMUFile *f)
+ return -1;
+ }
+ }
++
++ /*
++ * When using zero-copy, it's necessary to flush the pages before any of
++ * the pages can be sent again, so we'll make sure the new version of the
++ * pages will always arrive _later_ than the old pages.
++ *
++ * Currently we achieve this by flushing the zero-page requested writes
++ * per ram iteration, but in the future we could potentially optimize it
++ * to be less frequent, e.g. only after we finished one whole scanning of
++ * all the dirty bitmaps.
++ */
++
++ flush_zero_copy = migrate_use_zero_copy_send();
++
+ for (i = 0; i < migrate_multifd_channels(); i++) {
+ MultiFDSendParams *p = &multifd_send_state->params[i];
+
+@@ -602,6 +617,17 @@ int multifd_send_sync_main(QEMUFile *f)
+ ram_counters.transferred += p->packet_len;
+ qemu_mutex_unlock(&p->mutex);
+ qemu_sem_post(&p->sem);
++
++ if (flush_zero_copy && p->c) {
++ int ret;
++ Error *err = NULL;
++
++ ret = qio_channel_flush(p->c, &err);
++ if (ret < 0) {
++ error_report_err(err);
++ return -1;
++ }
++ }
+ }
+ for (i = 0; i < migrate_multifd_channels(); i++) {
+ MultiFDSendParams *p = &multifd_send_state->params[i];
+@@ -686,8 +712,8 @@ static void *multifd_send_thread(void *opaque)
+ p->iov[0].iov_base = p->packet;
+ }
+
+- ret = qio_channel_writev_all(p->c, p->iov, p->iovs_num,
+- &local_err);
++ ret = qio_channel_writev_full_all(p->c, p->iov, p->iovs_num, NULL,
++ 0, p->write_flags, &local_err);
+ if (ret != 0) {
+ break;
+ }
+@@ -928,6 +954,13 @@ int multifd_save_setup(Error **errp)
+ /* We need one extra place for the packet header */
+ p->iov = g_new0(struct iovec, page_count + 1);
+ p->normal = g_new0(ram_addr_t, page_count);
++
++ if (migrate_use_zero_copy_send()) {
++ p->write_flags = QIO_CHANNEL_WRITE_FLAG_ZERO_COPY;
++ } else {
++ p->write_flags = 0;
++ }
++
+ socket_send_channel_create(multifd_new_send_channel_async, p);
+ }
+
+diff --git a/migration/multifd.h b/migration/multifd.h
+index cd495195ce..7ec688fb4f 100644
+--- a/migration/multifd.h
++++ b/migration/multifd.h
+@@ -96,6 +96,8 @@ typedef struct {
+ uint32_t packet_len;
+ /* pointer to the packet */
+ MultiFDPacket_t *packet;
++ /* multifd flags for sending ram */
++ int write_flags;
+ /* multifd flags for each packet */
+ uint32_t flags;
+ /* size of the next packet that contains pages */
+diff --git a/migration/socket.c b/migration/socket.c
+index 3754d8f72c..4fd5e85f50 100644
+--- a/migration/socket.c
++++ b/migration/socket.c
+@@ -79,8 +79,9 @@ static void socket_outgoing_migration(QIOTask *task,
+
+ trace_migration_socket_outgoing_connected(data->hostname);
+
+- if (migrate_use_zero_copy_send()) {
+- error_setg(&err, "Zero copy send not available in migration");
++ if (migrate_use_zero_copy_send() &&
++ !qio_channel_has_feature(sioc, QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY)) {
++ error_setg(&err, "Zero copy send feature not detected in host kernel");
+ }
+
+ out:
+--
+2.35.3
+
diff --git a/SOURCES/kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch b/SOURCES/kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch
new file mode 100644
index 0000000..415e3a9
--- /dev/null
+++ b/SOURCES/kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch
@@ -0,0 +1,102 @@
+From 63255c13492f42a3236d96e706e5f8e70bb4e219 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:36 -0300
+Subject: [PATCH 13/18] multifd: Send header packet without flags if
+ zero-copy-send is enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [7/11] 137eea685e387d3d6aff187ec3fcac05bc16b6e3 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Since d48c3a0445 ("multifd: Use a single writev on the send side"),
+sending the header packet and the memory pages happens in the same
+writev, which can potentially make the migration faster.
+
+Using channel-socket as example, this works well with the default copying
+mechanism of sendmsg(), but with zero-copy-send=true, it will cause
+the migration to often break.
+
+This happens because the header packet buffer gets reused quite often,
+and there is a high chance that by the time the MSG_ZEROCOPY mechanism get
+to send the buffer, it has already changed, sending the wrong data and
+causing the migration to abort.
+
+It means that, as it is, the buffer for the header packet is not suitable
+for sending with MSG_ZEROCOPY.
+
+In order to enable zero copy for multifd, send the header packet on an
+individual write(), without any flags, and the remanining pages with a
+writev(), as it was happening before. This only changes how a migration
+with zero-copy-send=true works, not changing any current behavior for
+migrations with zero-copy-send=false.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-Id: <20220513062836.965425-8-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit b7dbdd8e76cd03453c234dbb9578d20969859d74)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/multifd.c | 22 +++++++++++++++++++---
+ 1 file changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/migration/multifd.c b/migration/multifd.c
+index cdb57439a7..8fca6c970e 100644
+--- a/migration/multifd.c
++++ b/migration/multifd.c
+@@ -619,6 +619,7 @@ static void *multifd_send_thread(void *opaque)
+ MultiFDSendParams *p = opaque;
+ Error *local_err = NULL;
+ int ret = 0;
++ bool use_zero_copy_send = migrate_use_zero_copy_send();
+
+ trace_multifd_send_thread_start(p->id);
+ rcu_register_thread();
+@@ -641,9 +642,14 @@ static void *multifd_send_thread(void *opaque)
+ if (p->pending_job) {
+ uint64_t packet_num = p->packet_num;
+ uint32_t flags = p->flags;
+- p->iovs_num = 1;
+ p->normal_num = 0;
+
++ if (use_zero_copy_send) {
++ p->iovs_num = 0;
++ } else {
++ p->iovs_num = 1;
++ }
++
+ for (int i = 0; i < p->pages->num; i++) {
+ p->normal[p->normal_num] = p->pages->offset[i];
+ p->normal_num++;
+@@ -667,8 +673,18 @@ static void *multifd_send_thread(void *opaque)
+ trace_multifd_send(p->id, packet_num, p->normal_num, flags,
+ p->next_packet_size);
+
+- p->iov[0].iov_len = p->packet_len;
+- p->iov[0].iov_base = p->packet;
++ if (use_zero_copy_send) {
++ /* Send header first, without zerocopy */
++ ret = qio_channel_write_all(p->c, (void *)p->packet,
++ p->packet_len, &local_err);
++ if (ret != 0) {
++ break;
++ }
++ } else {
++ /* Send header using the same writev call */
++ p->iov[0].iov_len = p->packet_len;
++ p->iov[0].iov_base = p->packet;
++ }
+
+ ret = qio_channel_writev_all(p->c, p->iov, p->iovs_num,
+ &local_err);
+--
+2.35.3
+
diff --git a/SOURCES/kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch b/SOURCES/kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch
new file mode 100644
index 0000000..e6d726a
--- /dev/null
+++ b/SOURCES/kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch
@@ -0,0 +1,163 @@
+From 4ca5375a936bc87829c6e2b4620f56c73a5efc70 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Fri, 13 May 2022 03:28:35 -0300
+Subject: [PATCH 12/18] multifd: multifd_send_sync_main now returns negative on
+ error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Leonardo Brás <leobras@redhat.com>
+RH-MergeRequest: 95: MSG_ZEROCOPY + Multifd
+RH-Commit: [6/11] c8ebdee4327d463c74f4b2eeb42d3c964f314c94 (LeoBras/centos-qemu-kvm)
+RH-Bugzilla: 1968509
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+
+Even though multifd_send_sync_main() currently emits error_reports, it's
+callers don't really check it before continuing.
+
+Change multifd_send_sync_main() to return -1 on error and 0 on success.
+Also change all it's callers to make use of this change and possibly fail
+earlier.
+
+(This change is important to next patch on multifd zero copy
+implementation, to make it sure an error in zero-copy flush does not go
+unnoticed.
+
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Message-Id: <20220513062836.965425-7-leobras@redhat.com>
+Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+(cherry picked from commit 33d70973a3a6e8c6b62bcbc64d9e488961981007)
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+---
+ migration/multifd.c | 10 ++++++----
+ migration/multifd.h | 2 +-
+ migration/ram.c | 29 ++++++++++++++++++++++-------
+ 3 files changed, 29 insertions(+), 12 deletions(-)
+
+diff --git a/migration/multifd.c b/migration/multifd.c
+index 43998ad117..cdb57439a7 100644
+--- a/migration/multifd.c
++++ b/migration/multifd.c
+@@ -568,17 +568,17 @@ void multifd_save_cleanup(void)
+ multifd_send_state = NULL;
+ }
+
+-void multifd_send_sync_main(QEMUFile *f)
++int multifd_send_sync_main(QEMUFile *f)
+ {
+ int i;
+
+ if (!migrate_use_multifd()) {
+- return;
++ return 0;
+ }
+ if (multifd_send_state->pages->num) {
+ if (multifd_send_pages(f) < 0) {
+ error_report("%s: multifd_send_pages fail", __func__);
+- return;
++ return -1;
+ }
+ }
+ for (i = 0; i < migrate_multifd_channels(); i++) {
+@@ -591,7 +591,7 @@ void multifd_send_sync_main(QEMUFile *f)
+ if (p->quit) {
+ error_report("%s: channel %d has already quit", __func__, i);
+ qemu_mutex_unlock(&p->mutex);
+- return;
++ return -1;
+ }
+
+ p->packet_num = multifd_send_state->packet_num++;
+@@ -610,6 +610,8 @@ void multifd_send_sync_main(QEMUFile *f)
+ qemu_sem_wait(&p->sem_sync);
+ }
+ trace_multifd_send_sync_main(multifd_send_state->packet_num);
++
++ return 0;
+ }
+
+ static void *multifd_send_thread(void *opaque)
+diff --git a/migration/multifd.h b/migration/multifd.h
+index 4dda900a0b..cd495195ce 100644
+--- a/migration/multifd.h
++++ b/migration/multifd.h
+@@ -22,7 +22,7 @@ int multifd_load_cleanup(Error **errp);
+ bool multifd_recv_all_channels_created(void);
+ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp);
+ void multifd_recv_sync_main(void);
+-void multifd_send_sync_main(QEMUFile *f);
++int multifd_send_sync_main(QEMUFile *f);
+ int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset);
+
+ /* Multifd Compression flags */
+diff --git a/migration/ram.c b/migration/ram.c
+index 0ef4bd63eb..fb6db54642 100644
+--- a/migration/ram.c
++++ b/migration/ram.c
+@@ -2903,6 +2903,7 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
+ {
+ RAMState **rsp = opaque;
+ RAMBlock *block;
++ int ret;
+
+ if (compress_threads_save_setup()) {
+ return -1;
+@@ -2937,7 +2938,11 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
+ ram_control_before_iterate(f, RAM_CONTROL_SETUP);
+ ram_control_after_iterate(f, RAM_CONTROL_SETUP);
+
+- multifd_send_sync_main(f);
++ ret = multifd_send_sync_main(f);
++ if (ret < 0) {
++ return ret;
++ }
++
+ qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
+ qemu_fflush(f);
+
+@@ -3046,7 +3051,11 @@ static int ram_save_iterate(QEMUFile *f, void *opaque)
+ out:
+ if (ret >= 0
+ && migration_is_setup_or_active(migrate_get_current()->state)) {
+- multifd_send_sync_main(rs->f);
++ ret = multifd_send_sync_main(rs->f);
++ if (ret < 0) {
++ return ret;
++ }
++
+ qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
+ qemu_fflush(f);
+ ram_transferred_add(8);
+@@ -3106,13 +3115,19 @@ static int ram_save_complete(QEMUFile *f, void *opaque)
+ ram_control_after_iterate(f, RAM_CONTROL_FINISH);
+ }
+
+- if (ret >= 0) {
+- multifd_send_sync_main(rs->f);
+- qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
+- qemu_fflush(f);
++ if (ret < 0) {
++ return ret;
+ }
+
+- return ret;
++ ret = multifd_send_sync_main(rs->f);
++ if (ret < 0) {
++ return ret;
++ }
++
++ qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
++ qemu_fflush(f);
++
++ return 0;
+ }
+
+ static void ram_save_pending(QEMUFile *f, void *opaque, uint64_t max_size,
+--
+2.35.3
+
diff --git a/SOURCES/kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch b/SOURCES/kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch
new file mode 100644
index 0000000..56abcb1
--- /dev/null
+++ b/SOURCES/kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch
@@ -0,0 +1,381 @@
+From 4a9ddf42788d3f924bdad7746f7aca615f03d7c1 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 11 May 2022 19:49:24 -0500
+Subject: [PATCH 2/2] nbd/server: Allow MULTI_CONN for shared writable exports
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eric Blake <eblake@redhat.com>
+RH-MergeRequest: 90: Advertise MULTI_CONN on writeable NBD servers
+RH-Commit: [2/2] 53f0e885a5ed7f6e4bb14e74fe8e7957e6afe90f (ebblake/centos-qemu-kvm)
+RH-Bugzilla: 1708300
+RH-Acked-by: Nir Soffer <nsoffer@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
+
+According to the NBD spec, a server that advertises
+NBD_FLAG_CAN_MULTI_CONN promises that multiple client connections will
+not see any cache inconsistencies: when properly separated by a single
+flush, actions performed by one client will be visible to another
+client, regardless of which client did the flush.
+
+We always satisfy these conditions in qemu - even when we support
+multiple clients, ALL clients go through a single point of reference
+into the block layer, with no local caching. The effect of one client
+is instantly visible to the next client. Even if our backend were a
+network device, we argue that any multi-path caching effects that
+would cause inconsistencies in back-to-back actions not seeing the
+effect of previous actions would be a bug in that backend, and not the
+fault of caching in qemu. As such, it is safe to unconditionally
+advertise CAN_MULTI_CONN for any qemu NBD server situation that
+supports parallel clients.
+
+Note, however, that we don't want to advertise CAN_MULTI_CONN when we
+know that a second client cannot connect (for historical reasons,
+qemu-nbd defaults to a single connection while nbd-server-add and QMP
+commands default to unlimited connections; but we already have
+existing means to let either style of NBD server creation alter those
+defaults). This is visible by no longer advertising MULTI_CONN for
+'qemu-nbd -r' without -e, as in the iotest nbd-qemu-allocation.
+
+The harder part of this patch is setting up an iotest to demonstrate
+behavior of multiple NBD clients to a single server. It might be
+possible with parallel qemu-io processes, but I found it easier to do
+in python with the help of libnbd, and help from Nir and Vladimir in
+writing the test.
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Suggested-by: Nir Soffer <nsoffer@redhat.com>
+Suggested-by: Vladimir Sementsov-Ogievskiy <v.sementsov-og@mail.ru>
+Message-Id: <20220512004924.417153-3-eblake@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+
+(cherry picked from commit 58a6fdcc9efb2a7c1ef4893dca4aa5e8020ca3dc)
+Conflicts:
+ nbd/server.c - context, e5fb29d5 not backported
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ MAINTAINERS | 1 +
+ blockdev-nbd.c | 5 +
+ docs/interop/nbd.txt | 1 +
+ docs/tools/qemu-nbd.rst | 3 +-
+ include/block/nbd.h | 3 +-
+ nbd/server.c | 10 +-
+ qapi/block-export.json | 8 +-
+ tests/qemu-iotests/tests/nbd-multiconn | 145 ++++++++++++++++++
+ tests/qemu-iotests/tests/nbd-multiconn.out | 5 +
+ .../tests/nbd-qemu-allocation.out | 2 +-
+ 10 files changed, 172 insertions(+), 11 deletions(-)
+ create mode 100755 tests/qemu-iotests/tests/nbd-multiconn
+ create mode 100644 tests/qemu-iotests/tests/nbd-multiconn.out
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 4ad2451e03..2fe20a49ab 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -3370,6 +3370,7 @@ F: qemu-nbd.*
+ F: blockdev-nbd.c
+ F: docs/interop/nbd.txt
+ F: docs/tools/qemu-nbd.rst
++F: tests/qemu-iotests/tests/*nbd*
+ T: git https://repo.or.cz/qemu/ericb.git nbd
+ T: git https://src.openvz.org/scm/~vsementsov/qemu.git nbd
+
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c
+index add41a23af..c6d9b0324c 100644
+--- a/blockdev-nbd.c
++++ b/blockdev-nbd.c
+@@ -44,6 +44,11 @@ bool nbd_server_is_running(void)
+ return nbd_server || qemu_nbd_connections >= 0;
+ }
+
++int nbd_server_max_connections(void)
++{
++ return nbd_server ? nbd_server->max_connections : qemu_nbd_connections;
++}
++
+ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
+ {
+ nbd_client_put(client);
+diff --git a/docs/interop/nbd.txt b/docs/interop/nbd.txt
+index bdb0f2a41a..f5ca25174a 100644
+--- a/docs/interop/nbd.txt
++++ b/docs/interop/nbd.txt
+@@ -68,3 +68,4 @@ NBD_CMD_BLOCK_STATUS for "qemu:dirty-bitmap:", NBD_CMD_CACHE
+ * 4.2: NBD_FLAG_CAN_MULTI_CONN for shareable read-only exports,
+ NBD_CMD_FLAG_FAST_ZERO
+ * 5.2: NBD_CMD_BLOCK_STATUS for "qemu:allocation-depth"
++* 7.1: NBD_FLAG_CAN_MULTI_CONN for shareable writable exports
+diff --git a/docs/tools/qemu-nbd.rst b/docs/tools/qemu-nbd.rst
+index 4c950f6199..8e08a29e89 100644
+--- a/docs/tools/qemu-nbd.rst
++++ b/docs/tools/qemu-nbd.rst
+@@ -139,8 +139,7 @@ driver options if :option:`--image-opts` is specified.
+ .. option:: -e, --shared=NUM
+
+ Allow up to *NUM* clients to share the device (default
+- ``1``), 0 for unlimited. Safe for readers, but for now,
+- consistency is not guaranteed between multiple writers.
++ ``1``), 0 for unlimited.
+
+ .. option:: -t, --persistent
+
+diff --git a/include/block/nbd.h b/include/block/nbd.h
+index c5a29ce1c6..c74b7a9d2e 100644
+--- a/include/block/nbd.h
++++ b/include/block/nbd.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2016-2020 Red Hat, Inc.
++ * Copyright (C) 2016-2022 Red Hat, Inc.
+ * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws>
+ *
+ * Network Block Device
+@@ -346,6 +346,7 @@ void nbd_client_put(NBDClient *client);
+
+ void nbd_server_is_qemu_nbd(int max_connections);
+ bool nbd_server_is_running(void);
++int nbd_server_max_connections(void);
+ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
+ const char *tls_authz, uint32_t max_connections,
+ Error **errp);
+diff --git a/nbd/server.c b/nbd/server.c
+index c5644fd3f6..6e2157acfa 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2016-2021 Red Hat, Inc.
++ * Copyright (C) 2016-2022 Red Hat, Inc.
+ * Copyright (C) 2005 Anthony Liguori <anthony@codemonkey.ws>
+ *
+ * Network Block Device Server Side
+@@ -1642,7 +1642,6 @@ static int nbd_export_create(BlockExport *blk_exp, BlockExportOptions *exp_args,
+ int64_t size;
+ uint64_t perm, shared_perm;
+ bool readonly = !exp_args->writable;
+- bool shared = !exp_args->writable;
+ strList *bitmaps;
+ size_t i;
+ int ret;
+@@ -1693,11 +1692,12 @@ static int nbd_export_create(BlockExport *blk_exp, BlockExportOptions *exp_args,
+ exp->description = g_strdup(arg->description);
+ exp->nbdflags = (NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_FLUSH |
+ NBD_FLAG_SEND_FUA | NBD_FLAG_SEND_CACHE);
++
++ if (nbd_server_max_connections() != 1) {
++ exp->nbdflags |= NBD_FLAG_CAN_MULTI_CONN;
++ }
+ if (readonly) {
+ exp->nbdflags |= NBD_FLAG_READ_ONLY;
+- if (shared) {
+- exp->nbdflags |= NBD_FLAG_CAN_MULTI_CONN;
+- }
+ } else {
+ exp->nbdflags |= (NBD_FLAG_SEND_TRIM | NBD_FLAG_SEND_WRITE_ZEROES |
+ NBD_FLAG_SEND_FAST_ZERO);
+diff --git a/qapi/block-export.json b/qapi/block-export.json
+index 1e34927f85..755ccc89b1 100644
+--- a/qapi/block-export.json
++++ b/qapi/block-export.json
+@@ -21,7 +21,9 @@
+ # recreated on the fly while the NBD server is active.
+ # If missing, it will default to denying access (since 4.0).
+ # @max-connections: The maximum number of connections to allow at the same
+-# time, 0 for unlimited. (since 5.2; default: 0)
++# time, 0 for unlimited. Setting this to 1 also stops
++# the server from advertising multiple client support
++# (since 5.2; default: 0)
+ #
+ # Since: 4.2
+ ##
+@@ -50,7 +52,9 @@
+ # recreated on the fly while the NBD server is active.
+ # If missing, it will default to denying access (since 4.0).
+ # @max-connections: The maximum number of connections to allow at the same
+-# time, 0 for unlimited. (since 5.2; default: 0)
++# time, 0 for unlimited. Setting this to 1 also stops
++# the server from advertising multiple client support
++# (since 5.2; default: 0).
+ #
+ # Returns: error if the server is already running.
+ #
+diff --git a/tests/qemu-iotests/tests/nbd-multiconn b/tests/qemu-iotests/tests/nbd-multiconn
+new file mode 100755
+index 0000000000..b121f2e363
+--- /dev/null
++++ b/tests/qemu-iotests/tests/nbd-multiconn
+@@ -0,0 +1,145 @@
++#!/usr/bin/env python3
++# group: rw auto quick
++#
++# Test cases for NBD multi-conn advertisement
++#
++# Copyright (C) 2022 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++import os
++from contextlib import contextmanager
++import iotests
++from iotests import qemu_img_create, qemu_io
++
++
++disk = os.path.join(iotests.test_dir, 'disk')
++size = '4M'
++nbd_sock = os.path.join(iotests.sock_dir, 'nbd_sock')
++nbd_uri = 'nbd+unix:///{}?socket=' + nbd_sock
++
++
++@contextmanager
++def open_nbd(export_name):
++ h = nbd.NBD()
++ try:
++ h.connect_uri(nbd_uri.format(export_name))
++ yield h
++ finally:
++ h.shutdown()
++
++class TestNbdMulticonn(iotests.QMPTestCase):
++ def setUp(self):
++ qemu_img_create('-f', iotests.imgfmt, disk, size)
++ qemu_io('-c', 'w -P 1 0 2M', '-c', 'w -P 2 2M 2M', disk)
++
++ self.vm = iotests.VM()
++ self.vm.launch()
++ result = self.vm.qmp('blockdev-add', {
++ 'driver': 'qcow2',
++ 'node-name': 'n',
++ 'file': {'driver': 'file', 'filename': disk}
++ })
++ self.assert_qmp(result, 'return', {})
++
++ def tearDown(self):
++ self.vm.shutdown()
++ os.remove(disk)
++ try:
++ os.remove(nbd_sock)
++ except OSError:
++ pass
++
++ @contextmanager
++ def run_server(self, max_connections=None):
++ args = {
++ 'addr': {
++ 'type': 'unix',
++ 'data': {'path': nbd_sock}
++ }
++ }
++ if max_connections is not None:
++ args['max-connections'] = max_connections
++
++ result = self.vm.qmp('nbd-server-start', args)
++ self.assert_qmp(result, 'return', {})
++ yield
++
++ result = self.vm.qmp('nbd-server-stop')
++ self.assert_qmp(result, 'return', {})
++
++ def add_export(self, name, writable=None):
++ args = {
++ 'type': 'nbd',
++ 'id': name,
++ 'node-name': 'n',
++ 'name': name,
++ }
++ if writable is not None:
++ args['writable'] = writable
++
++ result = self.vm.qmp('block-export-add', args)
++ self.assert_qmp(result, 'return', {})
++
++ def test_default_settings(self):
++ with self.run_server():
++ self.add_export('r')
++ self.add_export('w', writable=True)
++ with open_nbd('r') as h:
++ self.assertTrue(h.can_multi_conn())
++ with open_nbd('w') as h:
++ self.assertTrue(h.can_multi_conn())
++
++ def test_limited_connections(self):
++ with self.run_server(max_connections=1):
++ self.add_export('r')
++ self.add_export('w', writable=True)
++ with open_nbd('r') as h:
++ self.assertFalse(h.can_multi_conn())
++ with open_nbd('w') as h:
++ self.assertFalse(h.can_multi_conn())
++
++ def test_parallel_writes(self):
++ with self.run_server():
++ self.add_export('w', writable=True)
++
++ clients = [nbd.NBD() for _ in range(3)]
++ for c in clients:
++ c.connect_uri(nbd_uri.format('w'))
++ self.assertTrue(c.can_multi_conn())
++
++ initial_data = clients[0].pread(1024 * 1024, 0)
++ self.assertEqual(initial_data, b'\x01' * 1024 * 1024)
++
++ updated_data = b'\x03' * 1024 * 1024
++ clients[1].pwrite(updated_data, 0)
++ clients[2].flush()
++ current_data = clients[0].pread(1024 * 1024, 0)
++
++ self.assertEqual(updated_data, current_data)
++
++ for i in range(3):
++ clients[i].shutdown()
++
++
++if __name__ == '__main__':
++ try:
++ # Easier to use libnbd than to try and set up parallel
++ # 'qemu-nbd --list' or 'qemu-io' processes, but not all systems
++ # have libnbd installed.
++ import nbd # type: ignore
++
++ iotests.main(supported_fmts=['qcow2'])
++ except ImportError:
++ iotests.notrun('libnbd not installed')
+diff --git a/tests/qemu-iotests/tests/nbd-multiconn.out b/tests/qemu-iotests/tests/nbd-multiconn.out
+new file mode 100644
+index 0000000000..8d7e996700
+--- /dev/null
++++ b/tests/qemu-iotests/tests/nbd-multiconn.out
+@@ -0,0 +1,5 @@
++...
++----------------------------------------------------------------------
++Ran 3 tests
++
++OK
+diff --git a/tests/qemu-iotests/tests/nbd-qemu-allocation.out b/tests/qemu-iotests/tests/nbd-qemu-allocation.out
+index 0bf1abb063..9d938db24e 100644
+--- a/tests/qemu-iotests/tests/nbd-qemu-allocation.out
++++ b/tests/qemu-iotests/tests/nbd-qemu-allocation.out
+@@ -17,7 +17,7 @@ wrote 2097152/2097152 bytes at offset 1048576
+ exports available: 1
+ export: ''
+ size: 4194304
+- flags: 0x58f ( readonly flush fua df multi cache )
++ flags: 0x48f ( readonly flush fua df cache )
+ min block: 1
+ opt block: 4096
+ max block: 33554432
+--
+2.31.1
+
diff --git a/SOURCES/kvm-numa-Enable-numa-for-SGX-EPC-sections.patch b/SOURCES/kvm-numa-Enable-numa-for-SGX-EPC-sections.patch
deleted file mode 100644
index e26bfcf..0000000
--- a/SOURCES/kvm-numa-Enable-numa-for-SGX-EPC-sections.patch
+++ /dev/null
@@ -1,287 +0,0 @@
-From 6274a2a09a8931188889467b104bf2e2fc39cb54 Mon Sep 17 00:00:00 2001
-From: Yang Zhong <yang.zhong@intel.com>
-Date: Mon, 1 Nov 2021 12:20:05 -0400
-Subject: [PATCH 01/12] numa: Enable numa for SGX EPC sections
-
-RH-Author: Paul Lai <plai@redhat.com>
-RH-MergeRequest: 65: Enable SGX and add SGX Numa support
-RH-Commit: [1/5] ff69d138c3f5903096388ec7ccf8dc5e6c6c6ffb
-RH-Bugzilla: 2033708
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: Bandan Das <None>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-The basic SGX did not enable numa for SGX EPC sections, which
-result in all EPC sections located in numa node 0. This patch
-enable SGX numa function in the guest and the EPC section can
-work with RAM as one numa node.
-
-The Guest kernel related log:
-[ 0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff]
-[ 0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff]
-The SRAT table can normally show SGX EPC sections menory info in different
-numa nodes.
-
-The SGX EPC numa related command:
- ......
- -m 4G,maxmem=20G \
- -smp sockets=2,cores=2 \
- -cpu host,+sgx-provisionkey \
- -object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \
- -object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \
- -numa node,nodeid=0,cpus=0-1,memdev=node0 \
- -object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \
- -object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \
- -numa node,nodeid=1,cpus=2-3,memdev=node1 \
- -M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1 \
- ......
-
-Signed-off-by: Yang Zhong <yang.zhong@intel.com>
-Message-Id: <20211101162009.62161-2-yang.zhong@intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 1105812382e1126d86dddc16b3700f8c79dc93d1)
-Signed-off-by: Paul Lai <plai@redhat.com>
----
- hw/core/numa.c | 5 ++---
- hw/i386/acpi-build.c | 2 ++
- hw/i386/sgx-epc.c | 3 +++
- hw/i386/sgx-stub.c | 4 ++++
- hw/i386/sgx.c | 44 +++++++++++++++++++++++++++++++++++++++
- include/hw/i386/sgx-epc.h | 3 +++
- monitor/hmp-cmds.c | 1 +
- qapi/machine.json | 10 ++++++++-
- qemu-options.hx | 4 ++--
- 9 files changed, 70 insertions(+), 6 deletions(-)
-
-diff --git a/hw/core/numa.c b/hw/core/numa.c
-index e6050b2273..1aa05dcf42 100644
---- a/hw/core/numa.c
-+++ b/hw/core/numa.c
-@@ -784,9 +784,8 @@ static void numa_stat_memory_devices(NumaNodeMem node_mem[])
- break;
- case MEMORY_DEVICE_INFO_KIND_SGX_EPC:
- se = value->u.sgx_epc.data;
-- /* TODO: once we support numa, assign to right node */
-- node_mem[0].node_mem += se->size;
-- node_mem[0].node_plugged_mem += se->size;
-+ node_mem[se->node].node_mem += se->size;
-+ node_mem[se->node].node_plugged_mem = 0;
- break;
- default:
- g_assert_not_reached();
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index a99c6e4fe3..8383b83ee3 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -2068,6 +2068,8 @@ build_srat(GArray *table_data, BIOSLinker *linker, MachineState *machine)
- nvdimm_build_srat(table_data);
- }
-
-+ sgx_epc_build_srat(table_data);
-+
- /*
- * TODO: this part is not in ACPI spec and current linux kernel boots fine
- * without these entries. But I recall there were issues the last time I
-diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
-index e508827e78..96b2940d75 100644
---- a/hw/i386/sgx-epc.c
-+++ b/hw/i386/sgx-epc.c
-@@ -21,6 +21,7 @@
-
- static Property sgx_epc_properties[] = {
- DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
-+ DEFINE_PROP_UINT32(SGX_EPC_NUMA_NODE_PROP, SGXEPCDevice, node, 0),
- DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem,
- TYPE_MEMORY_BACKEND_EPC, HostMemoryBackendEpc *),
- DEFINE_PROP_END_OF_LIST(),
-@@ -139,6 +140,8 @@ static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md,
- se->memaddr = epc->addr;
- se->size = object_property_get_uint(OBJECT(epc), SGX_EPC_SIZE_PROP,
- NULL);
-+ se->node = object_property_get_uint(OBJECT(epc), SGX_EPC_NUMA_NODE_PROP,
-+ NULL);
- se->memdev = object_get_canonical_path(OBJECT(epc->hostmem));
-
- info->u.sgx_epc.data = se;
-diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
-index c9b379e665..26833eb233 100644
---- a/hw/i386/sgx-stub.c
-+++ b/hw/i386/sgx-stub.c
-@@ -6,6 +6,10 @@
- #include "qapi/error.h"
- #include "qapi/qapi-commands-misc-target.h"
-
-+void sgx_epc_build_srat(GArray *table_data)
-+{
-+}
-+
- SGXInfo *qmp_query_sgx(Error **errp)
- {
- error_setg(errp, "SGX support is not compiled in");
-diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
-index 8fef3dd8fa..d04299904a 100644
---- a/hw/i386/sgx.c
-+++ b/hw/i386/sgx.c
-@@ -23,6 +23,7 @@
- #include "sysemu/hw_accel.h"
- #include "sysemu/reset.h"
- #include <sys/ioctl.h>
-+#include "hw/acpi/aml-build.h"
-
- #define SGX_MAX_EPC_SECTIONS 8
- #define SGX_CPUID_EPC_INVALID 0x0
-@@ -36,6 +37,46 @@
-
- #define RETRY_NUM 2
-
-+static int sgx_epc_device_list(Object *obj, void *opaque)
-+{
-+ GSList **list = opaque;
-+
-+ if (object_dynamic_cast(obj, TYPE_SGX_EPC)) {
-+ *list = g_slist_append(*list, DEVICE(obj));
-+ }
-+
-+ object_child_foreach(obj, sgx_epc_device_list, opaque);
-+ return 0;
-+}
-+
-+static GSList *sgx_epc_get_device_list(void)
-+{
-+ GSList *list = NULL;
-+
-+ object_child_foreach(qdev_get_machine(), sgx_epc_device_list, &list);
-+ return list;
-+}
-+
-+void sgx_epc_build_srat(GArray *table_data)
-+{
-+ GSList *device_list = sgx_epc_get_device_list();
-+
-+ for (; device_list; device_list = device_list->next) {
-+ DeviceState *dev = device_list->data;
-+ Object *obj = OBJECT(dev);
-+ uint64_t addr, size;
-+ int node;
-+
-+ node = object_property_get_uint(obj, SGX_EPC_NUMA_NODE_PROP,
-+ &error_abort);
-+ addr = object_property_get_uint(obj, SGX_EPC_ADDR_PROP, &error_abort);
-+ size = object_property_get_uint(obj, SGX_EPC_SIZE_PROP, &error_abort);
-+
-+ build_srat_memory(table_data, addr, size, node, MEM_AFFINITY_ENABLED);
-+ }
-+ g_slist_free(device_list);
-+}
-+
- static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
- {
- return (low & MAKE_64BIT_MASK(12, 20)) +
-@@ -226,6 +267,9 @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
- /* set the memdev link with memory backend */
- object_property_parse(obj, SGX_EPC_MEMDEV_PROP, list->value->memdev,
- &error_fatal);
-+ /* set the numa node property for sgx epc object */
-+ object_property_set_uint(obj, SGX_EPC_NUMA_NODE_PROP, list->value->node,
-+ &error_fatal);
- object_property_set_bool(obj, "realized", true, &error_fatal);
- object_unref(obj);
- }
-diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
-index a6a65be854..581fac389a 100644
---- a/include/hw/i386/sgx-epc.h
-+++ b/include/hw/i386/sgx-epc.h
-@@ -25,6 +25,7 @@
- #define SGX_EPC_ADDR_PROP "addr"
- #define SGX_EPC_SIZE_PROP "size"
- #define SGX_EPC_MEMDEV_PROP "memdev"
-+#define SGX_EPC_NUMA_NODE_PROP "node"
-
- /**
- * SGXEPCDevice:
-@@ -38,6 +39,7 @@ typedef struct SGXEPCDevice {
-
- /* public */
- uint64_t addr;
-+ uint32_t node;
- HostMemoryBackendEpc *hostmem;
- } SGXEPCDevice;
-
-@@ -56,6 +58,7 @@ typedef struct SGXEPCState {
- } SGXEPCState;
-
- bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
-+void sgx_epc_build_srat(GArray *table_data);
-
- static inline uint64_t sgx_epc_above_4g_end(SGXEPCState *sgx_epc)
- {
-diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 9c91bf93e9..2669156b28 100644
---- a/monitor/hmp-cmds.c
-+++ b/monitor/hmp-cmds.c
-@@ -1810,6 +1810,7 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
- se->id ? se->id : "");
- monitor_printf(mon, " memaddr: 0x%" PRIx64 "\n", se->memaddr);
- monitor_printf(mon, " size: %" PRIu64 "\n", se->size);
-+ monitor_printf(mon, " node: %" PRId64 "\n", se->node);
- monitor_printf(mon, " memdev: %s\n", se->memdev);
- break;
- default:
-diff --git a/qapi/machine.json b/qapi/machine.json
-index 067e3f5378..16e771affc 100644
---- a/qapi/machine.json
-+++ b/qapi/machine.json
-@@ -1207,12 +1207,15 @@
- #
- # @memdev: memory backend linked with device
- #
-+# @node: the numa node
-+#
- # Since: 6.2
- ##
- { 'struct': 'SgxEPCDeviceInfo',
- 'data': { '*id': 'str',
- 'memaddr': 'size',
- 'size': 'size',
-+ 'node': 'int',
- 'memdev': 'str'
- }
- }
-@@ -1285,10 +1288,15 @@
- #
- # @memdev: memory backend linked with device
- #
-+# @node: the numa node
-+#
- # Since: 6.2
- ##
- { 'struct': 'SgxEPC',
-- 'data': { 'memdev': 'str' } }
-+ 'data': { 'memdev': 'str',
-+ 'node': 'int'
-+ }
-+}
-
- ##
- # @SgxEPCProperties:
-diff --git a/qemu-options.hx b/qemu-options.hx
-index 94c4a8dbaf..4b7798088b 100644
---- a/qemu-options.hx
-+++ b/qemu-options.hx
-@@ -127,11 +127,11 @@ SRST
- ERST
-
- DEF("M", HAS_ARG, QEMU_OPTION_M,
-- " sgx-epc.0.memdev=memid\n",
-+ " sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n",
- QEMU_ARCH_ALL)
-
- SRST
--``sgx-epc.0.memdev=@var{memid}``
-+``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}``
- Define an SGX EPC section.
- ERST
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch b/SOURCES/kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch
deleted file mode 100644
index de4c4b1..0000000
--- a/SOURCES/kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-From 0f75501ba348dc9fb3ce0198ceafc8093149457d Mon Sep 17 00:00:00 2001
-From: Yang Zhong <yang.zhong@intel.com>
-Date: Mon, 1 Nov 2021 12:20:07 -0400
-Subject: [PATCH 02/12] numa: Support SGX numa in the monitor and Libvirt
- interfaces
-
-RH-Author: Paul Lai <plai@redhat.com>
-RH-MergeRequest: 65: Enable SGX and add SGX Numa support
-RH-Commit: [2/5] 8c19cfb1a139fd4dbac771e695a133f16a68437f
-RH-Bugzilla: 2033708
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: Bandan Das <None>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Add the SGXEPCSection list into SGXInfo to show the multiple
-SGX EPC sections detailed info, not the total size like before.
-This patch can enable numa support for 'info sgx' command and
-QMP interfaces. The new interfaces show each EPC section info
-in one numa node. Libvirt can use QMP interface to get the
-detailed host SGX EPC capabilities to decide how to allocate
-host EPC sections to guest.
-
-(qemu) info sgx
- SGX support: enabled
- SGX1 support: enabled
- SGX2 support: enabled
- FLC support: enabled
- NUMA node #0: size=67108864
- NUMA node #1: size=29360128
-
-The QMP interface show:
-(QEMU) query-sgx
-{"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \
-[{"node": 0, "size": 67108864}, {"node": 1, "size": 29360128}], "flc": true}}
-
-(QEMU) query-sgx-capabilities
-{"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \
-[{"node": 0, "size": 17070817280}, {"node": 1, "size": 17079205888}], "flc": true}}
-
-Signed-off-by: Yang Zhong <yang.zhong@intel.com>
-Message-Id: <20211101162009.62161-4-yang.zhong@intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 4755927ae12547c2e7cb22c5fa1b39038c6c11b1)
-Signed-off-by: Paul Lai <plai@redhat.com>
----
- hw/i386/sgx.c | 51 +++++++++++++++++++++++++++++++++++--------
- qapi/misc-target.json | 19 ++++++++++++++--
- 2 files changed, 59 insertions(+), 11 deletions(-)
-
-diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
-index d04299904a..5de5dd0893 100644
---- a/hw/i386/sgx.c
-+++ b/hw/i386/sgx.c
-@@ -83,11 +83,13 @@ static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
- ((high & MAKE_64BIT_MASK(0, 20)) << 32);
- }
-
--static uint64_t sgx_calc_host_epc_section_size(void)
-+static SGXEPCSectionList *sgx_calc_host_epc_sections(void)
- {
-+ SGXEPCSectionList *head = NULL, **tail = &head;
-+ SGXEPCSection *section;
- uint32_t i, type;
- uint32_t eax, ebx, ecx, edx;
-- uint64_t size = 0;
-+ uint32_t j = 0;
-
- for (i = 0; i < SGX_MAX_EPC_SECTIONS; i++) {
- host_cpuid(0x12, i + 2, &eax, &ebx, &ecx, &edx);
-@@ -101,10 +103,13 @@ static uint64_t sgx_calc_host_epc_section_size(void)
- break;
- }
-
-- size += sgx_calc_section_metric(ecx, edx);
-+ section = g_new0(SGXEPCSection, 1);
-+ section->node = j++;
-+ section->size = sgx_calc_section_metric(ecx, edx);
-+ QAPI_LIST_APPEND(tail, section);
- }
-
-- return size;
-+ return head;
- }
-
- static void sgx_epc_reset(void *opaque)
-@@ -168,13 +173,35 @@ SGXInfo *qmp_query_sgx_capabilities(Error **errp)
- info->sgx1 = eax & (1U << 0) ? true : false;
- info->sgx2 = eax & (1U << 1) ? true : false;
-
-- info->section_size = sgx_calc_host_epc_section_size();
-+ info->sections = sgx_calc_host_epc_sections();
-
- close(fd);
-
- return info;
- }
-
-+static SGXEPCSectionList *sgx_get_epc_sections_list(void)
-+{
-+ GSList *device_list = sgx_epc_get_device_list();
-+ SGXEPCSectionList *head = NULL, **tail = &head;
-+ SGXEPCSection *section;
-+
-+ for (; device_list; device_list = device_list->next) {
-+ DeviceState *dev = device_list->data;
-+ Object *obj = OBJECT(dev);
-+
-+ section = g_new0(SGXEPCSection, 1);
-+ section->node = object_property_get_uint(obj, SGX_EPC_NUMA_NODE_PROP,
-+ &error_abort);
-+ section->size = object_property_get_uint(obj, SGX_EPC_SIZE_PROP,
-+ &error_abort);
-+ QAPI_LIST_APPEND(tail, section);
-+ }
-+ g_slist_free(device_list);
-+
-+ return head;
-+}
-+
- SGXInfo *qmp_query_sgx(Error **errp)
- {
- SGXInfo *info = NULL;
-@@ -193,14 +220,13 @@ SGXInfo *qmp_query_sgx(Error **errp)
- return NULL;
- }
-
-- SGXEPCState *sgx_epc = &pcms->sgx_epc;
- info = g_new0(SGXInfo, 1);
-
- info->sgx = true;
- info->sgx1 = true;
- info->sgx2 = true;
- info->flc = true;
-- info->section_size = sgx_epc->size;
-+ info->sections = sgx_get_epc_sections_list();
-
- return info;
- }
-@@ -208,6 +234,7 @@ SGXInfo *qmp_query_sgx(Error **errp)
- void hmp_info_sgx(Monitor *mon, const QDict *qdict)
- {
- Error *err = NULL;
-+ SGXEPCSectionList *section_list, *section;
- g_autoptr(SGXInfo) info = qmp_query_sgx(&err);
-
- if (err) {
-@@ -222,8 +249,14 @@ void hmp_info_sgx(Monitor *mon, const QDict *qdict)
- info->sgx2 ? "enabled" : "disabled");
- monitor_printf(mon, "FLC support: %s\n",
- info->flc ? "enabled" : "disabled");
-- monitor_printf(mon, "size: %" PRIu64 "\n",
-- info->section_size);
-+
-+ section_list = info->sections;
-+ for (section = section_list; section; section = section->next) {
-+ monitor_printf(mon, "NUMA node #%" PRId64 ": ",
-+ section->value->node);
-+ monitor_printf(mon, "size=%" PRIu64 "\n",
-+ section->value->size);
-+ }
- }
-
- bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
-diff --git a/qapi/misc-target.json b/qapi/misc-target.json
-index 5aa2b95b7d..1022aa0184 100644
---- a/qapi/misc-target.json
-+++ b/qapi/misc-target.json
-@@ -337,6 +337,21 @@
- 'if': 'TARGET_ARM' }
-
-
-+##
-+# @SGXEPCSection:
-+#
-+# Information about intel SGX EPC section info
-+#
-+# @node: the numa node
-+#
-+# @size: the size of epc section
-+#
-+# Since: 6.2
-+##
-+{ 'struct': 'SGXEPCSection',
-+ 'data': { 'node': 'int',
-+ 'size': 'uint64'}}
-+
- ##
- # @SGXInfo:
- #
-@@ -350,7 +365,7 @@
- #
- # @flc: true if FLC is supported
- #
--# @section-size: The EPC section size for guest
-+# @sections: The EPC sections info for guest
- #
- # Since: 6.2
- ##
-@@ -359,7 +374,7 @@
- 'sgx1': 'bool',
- 'sgx2': 'bool',
- 'flc': 'bool',
-- 'section-size': 'uint64'},
-+ 'sections': ['SGXEPCSection']},
- 'if': 'TARGET_I386' }
-
- ##
---
-2.27.0
-
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch b/SOURCES/kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch
new file mode 100644
index 0000000..1bb8ea5
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch
@@ -0,0 +1,63 @@
+From 03996a8a826c9186e4a16e1b4757f1ef5947a503 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 5 Aug 2022 11:42:14 +0200
+Subject: [PATCH 07/11] pc-bios/s390-ccw: Fix booting with logical block size <
+ physical block size
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 113: pc-bios/s390-ccw: Fix booting with logical block size < physical block size
+RH-Commit: [1/1] a45ff477bc7d7011ea6c4d42a1aade213d1e4690 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2112303
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Claudio Imbrenda <None>
+
+For accessing single blocks during boot, it's the logical block size that
+matters. (Physical block sizes are rather interesting e.g. for creating
+file systems with the correct alignment for speed reasons etc.).
+So the s390-ccw bios has to use the logical block size for calculating
+sector numbers during the boot phase, the "physical_block_exp" shift
+value must not be taken into account. This change fixes the boot process
+when the guest hast been installed on a disk where the logical block size
+differs from the physical one, e.g. if the guest has been installed
+like this:
+
+ qemu-system-s390x -nographic -accel kvm -m 2G \
+ -drive if=none,id=d1,file=fedora.iso,format=raw,media=cdrom \
+ -device virtio-scsi -device scsi-cd,drive=d1 \
+ -drive if=none,id=d2,file=test.qcow2,format=qcow2
+ -device virtio-blk,drive=d2,physical_block_size=4096,logical_block_size=512
+
+Linux correctly uses the logical block size of 512 for the installation,
+but the s390-ccw bios tries to boot from a disk with 4096 block size so
+far, as long as this patch has not been applied yet (well, it used to work
+by accident in the past due to the virtio_assume_scsi() hack that used to
+enforce 512 byte sectors on all virtio-block disks, but that hack has been
+well removed in commit 5447de2619050a0a4d to fix other scenarios).
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2112303
+Message-Id: <20220805094214.285223-1-thuth@redhat.com>
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Reviewed-by: Eric Farman <farman@linux.ibm.com>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry picked from commit 393296de19650e1400ca265914cfdeb313725363)
+---
+ pc-bios/s390-ccw/virtio-blkdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
+index 8271c47296..794f99b42c 100644
+--- a/pc-bios/s390-ccw/virtio-blkdev.c
++++ b/pc-bios/s390-ccw/virtio-blkdev.c
+@@ -173,7 +173,7 @@ int virtio_get_block_size(void)
+
+ switch (vdev->senseid.cu_model) {
+ case VIRTIO_ID_BLOCK:
+- return vdev->config.blk.blk_size << vdev->config.blk.physical_block_exp;
++ return vdev->config.blk.blk_size;
+ case VIRTIO_ID_SCSI:
+ return vdev->scsi_block_size;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch b/SOURCES/kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch
new file mode 100644
index 0000000..b212194
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch
@@ -0,0 +1,180 @@
+From 2e38b4ec5c53b2b98539a70105d3046e1c452ab8 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 13/17] pc-bios/s390-ccw: Split virtio-scsi code from
+ virtio_blk_setup_device()
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [8/10] f49c5fb77e05c9dc09ed9f037e37f6a461e4bba6 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit cf30b7c4a9b2c64518be8037c2e6670aacdb00b9
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:19:00 2022 +0200
+
+ pc-bios/s390-ccw: Split virtio-scsi code from virtio_blk_setup_device()
+
+ The next patch is going to add more virtio-block specific code to
+ virtio_blk_setup_device(), and if the virtio-scsi code is also in
+ there, this is more cumbersome. And the calling function virtio_setup()
+ in main.c looks at the device type already anyway, so it's more
+ logical to separate the virtio-scsi stuff into a new function in
+ virtio-scsi.c instead.
+
+ Message-Id: <20220704111903.62400-10-thuth@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/main.c | 24 +++++++++++++++++-------
+ pc-bios/s390-ccw/virtio-blkdev.c | 20 ++------------------
+ pc-bios/s390-ccw/virtio-scsi.c | 19 ++++++++++++++++++-
+ pc-bios/s390-ccw/virtio-scsi.h | 2 +-
+ 4 files changed, 38 insertions(+), 27 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
+index 5d2b7ba94d..13e1d8fdf7 100644
+--- a/pc-bios/s390-ccw/main.c
++++ b/pc-bios/s390-ccw/main.c
+@@ -14,6 +14,7 @@
+ #include "s390-ccw.h"
+ #include "cio.h"
+ #include "virtio.h"
++#include "virtio-scsi.h"
+ #include "dasd-ipl.h"
+
+ char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
+@@ -218,6 +219,7 @@ static int virtio_setup(void)
+ {
+ VDev *vdev = virtio_get_device();
+ QemuIplParameters *early_qipl = (QemuIplParameters *)QIPL_ADDRESS;
++ int ret;
+
+ memcpy(&qipl, early_qipl, sizeof(QemuIplParameters));
+
+@@ -225,18 +227,26 @@ static int virtio_setup(void)
+ menu_setup();
+ }
+
+- if (virtio_get_device_type() == VIRTIO_ID_NET) {
++ switch (vdev->senseid.cu_model) {
++ case VIRTIO_ID_NET:
+ sclp_print("Network boot device detected\n");
+ vdev->netboot_start_addr = qipl.netboot_start_addr;
+- } else {
+- int ret = virtio_blk_setup_device(blk_schid);
+- if (ret) {
+- return ret;
+- }
++ return 0;
++ case VIRTIO_ID_BLOCK:
++ ret = virtio_blk_setup_device(blk_schid);
++ break;
++ case VIRTIO_ID_SCSI:
++ ret = virtio_scsi_setup_device(blk_schid);
++ break;
++ default:
++ panic("\n! No IPL device available !\n");
++ }
++
++ if (!ret) {
+ IPL_assert(virtio_ipl_disk_is_valid(), "No valid IPL device detected");
+ }
+
+- return 0;
++ return ret;
+ }
+
+ static void ipl_boot_device(void)
+diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
+index db1f7f44aa..c175b66a47 100644
+--- a/pc-bios/s390-ccw/virtio-blkdev.c
++++ b/pc-bios/s390-ccw/virtio-blkdev.c
+@@ -222,27 +222,11 @@ uint64_t virtio_get_blocks(void)
+ int virtio_blk_setup_device(SubChannelId schid)
+ {
+ VDev *vdev = virtio_get_device();
+- int ret = 0;
+
+ vdev->schid = schid;
+ virtio_setup_ccw(vdev);
+
+- switch (vdev->senseid.cu_model) {
+- case VIRTIO_ID_BLOCK:
+- sclp_print("Using virtio-blk.\n");
+- break;
+- case VIRTIO_ID_SCSI:
+- IPL_assert(vdev->config.scsi.sense_size == VIRTIO_SCSI_SENSE_SIZE,
+- "Config: sense size mismatch");
+- IPL_assert(vdev->config.scsi.cdb_size == VIRTIO_SCSI_CDB_SIZE,
+- "Config: CDB size mismatch");
++ sclp_print("Using virtio-blk.\n");
+
+- sclp_print("Using virtio-scsi.\n");
+- ret = virtio_scsi_setup(vdev);
+- break;
+- default:
+- panic("\n! No IPL device available !\n");
+- }
+-
+- return ret;
++ return 0;
+ }
+diff --git a/pc-bios/s390-ccw/virtio-scsi.c b/pc-bios/s390-ccw/virtio-scsi.c
+index 2c8d0f3097..3b7069270c 100644
+--- a/pc-bios/s390-ccw/virtio-scsi.c
++++ b/pc-bios/s390-ccw/virtio-scsi.c
+@@ -329,7 +329,7 @@ static void scsi_parse_capacity_report(void *data,
+ }
+ }
+
+-int virtio_scsi_setup(VDev *vdev)
++static int virtio_scsi_setup(VDev *vdev)
+ {
+ int retry_test_unit_ready = 3;
+ uint8_t data[256];
+@@ -430,3 +430,20 @@ int virtio_scsi_setup(VDev *vdev)
+
+ return 0;
+ }
++
++int virtio_scsi_setup_device(SubChannelId schid)
++{
++ VDev *vdev = virtio_get_device();
++
++ vdev->schid = schid;
++ virtio_setup_ccw(vdev);
++
++ IPL_assert(vdev->config.scsi.sense_size == VIRTIO_SCSI_SENSE_SIZE,
++ "Config: sense size mismatch");
++ IPL_assert(vdev->config.scsi.cdb_size == VIRTIO_SCSI_CDB_SIZE,
++ "Config: CDB size mismatch");
++
++ sclp_print("Using virtio-scsi.\n");
++
++ return virtio_scsi_setup(vdev);
++}
+diff --git a/pc-bios/s390-ccw/virtio-scsi.h b/pc-bios/s390-ccw/virtio-scsi.h
+index 4b14c2c2f9..e6b6cd4815 100644
+--- a/pc-bios/s390-ccw/virtio-scsi.h
++++ b/pc-bios/s390-ccw/virtio-scsi.h
+@@ -67,8 +67,8 @@ static inline bool virtio_scsi_response_ok(const VirtioScsiCmdResp *r)
+ return r->response == VIRTIO_SCSI_S_OK && r->status == CDB_STATUS_GOOD;
+ }
+
+-int virtio_scsi_setup(VDev *vdev);
+ int virtio_scsi_read_many(VDev *vdev,
+ ulong sector, void *load_addr, int sec_num);
++int virtio_scsi_setup_device(SubChannelId schid);
+
+ #endif /* VIRTIO_SCSI_H */
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch b/SOURCES/kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch
new file mode 100644
index 0000000..231a8a0
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch
@@ -0,0 +1,102 @@
+From 64fa56e0520215e3909e442f09d8073c1870648a Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 07/17] pc-bios/s390-ccw/bootmap: Improve the guessing logic in
+ zipl_load_vblk()
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [2/10] ca8f5e847617cf4ac2fd6c38edb2982f32fa3eba (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit 422865f6672ee1482b98d18321b55c1ecfb06c82
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:54 2022 +0200
+
+ pc-bios/s390-ccw/bootmap: Improve the guessing logic in zipl_load_vblk()
+
+ The logic of trying an final ISO or ECKD boot on virtio-block devices is
+ very weird: Since the geometry hardly ever matches in virtio_disk_is_scsi(),
+ virtio_blk_setup_device() always sets a "guessed" disk geometry via
+ virtio_assume_scsi() (which is certainly also wrong in a lot of cases).
+
+ zipl_load_vblk() then sees that there's been a "virtio_guessed_disk_nature"
+ and tries to fix up the geometry again via virtio_assume_iso9660() before
+ always trying to do ipl_iso_el_torito(). That's a very brain-twisting
+ way of attempting to boot from ISO images, which won't work anymore after
+ the following patches that will clean up the virtio_assume_scsi() mess
+ (and thus get rid of the "virtio_guessed_disk_nature" here).
+
+ Let's try a better approach instead: ISO files always have a magic
+ string "CD001" at offset 0x8001 (see e.g. the ECMA-119 specification)
+ which we can use to decide whether we should try to boot in ISO 9660
+ mode (which we should also try if we see a sector size of 2048).
+
+ And if we were not able to boot in ISO mode here, the final boot attempt
+ before panicking is to boot in ECKD mode. Since this is our last boot
+ attempt anyway, simply always assume the ECKD geometry here (if the sector
+ size was not 4096 yet), so that we also do not depend on the guessed disk
+ geometry from virtio_blk_setup_device() here anymore.
+
+ Message-Id: <20220704111903.62400-4-thuth@redhat.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/bootmap.c | 27 +++++++++++++++++++++++----
+ 1 file changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
+index 56411ab3b6..994e59c0b0 100644
+--- a/pc-bios/s390-ccw/bootmap.c
++++ b/pc-bios/s390-ccw/bootmap.c
+@@ -780,18 +780,37 @@ static void ipl_iso_el_torito(void)
+ }
+ }
+
++/**
++ * Detect whether we're trying to boot from an .ISO image.
++ * These always have a signature string "CD001" at offset 0x8001.
++ */
++static bool has_iso_signature(void)
++{
++ int blksize = virtio_get_block_size();
++
++ if (!blksize || virtio_read(0x8000 / blksize, sec)) {
++ return false;
++ }
++
++ return !memcmp("CD001", &sec[1], 5);
++}
++
+ /***********************************************************************
+ * Bus specific IPL sequences
+ */
+
+ static void zipl_load_vblk(void)
+ {
+- if (virtio_guessed_disk_nature()) {
+- virtio_assume_iso9660();
++ int blksize = virtio_get_block_size();
++
++ if (blksize == VIRTIO_ISO_BLOCK_SIZE || has_iso_signature()) {
++ if (blksize != VIRTIO_ISO_BLOCK_SIZE) {
++ virtio_assume_iso9660();
++ }
++ ipl_iso_el_torito();
+ }
+- ipl_iso_el_torito();
+
+- if (virtio_guessed_disk_nature()) {
++ if (blksize != VIRTIO_DASD_DEFAULT_BLOCK_SIZE) {
+ sclp_print("Using guessed DASD geometry.\n");
+ virtio_assume_eckd();
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch b/SOURCES/kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch
new file mode 100644
index 0000000..00601aa
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch
@@ -0,0 +1,78 @@
+From 56674ee1f25f12978a6a8a1390e11b55b3e0fabe Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 15/17] pc-bios/s390-ccw/netboot.mak: Ignore Clang's warnings
+ about GNU extensions
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [10/10] 037dab4df23ebb2b42871bca8c842a53a7204b50 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit e2269220acb03e6c6a460c3090d804835e202239
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:19:03 2022 +0200
+
+ pc-bios/s390-ccw/netboot.mak: Ignore Clang's warnings about GNU extensions
+
+ When compiling the s390-ccw bios with Clang (v14.0), there is currently
+ an unuseful warning like this:
+
+ CC pc-bios/s390-ccw/ipv6.o
+ ../../roms/SLOF/lib/libnet/ipv6.c:447:18: warning: variable length array
+ folded to constant array as an extension [-Wgnu-folding-constant]
+ unsigned short raw[ip6size];
+ ^
+
+ SLOF is currently GCC-only and cannot be compiled with Clang yet, so
+ it is expected that such extensions sneak in there - and as long as
+ we don't want to compile the code with a compiler that is neither GCC
+ or Clang, it is also not necessary to avoid such extensions.
+
+ Thus these GNU-extension related warnings are completely useless in
+ the s390-ccw bios, especially in the code that is coming from SLOF,
+ so we should simply disable the related warnings here now.
+
+ Message-Id: <20220704111903.62400-13-thuth@redhat.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/netboot.mak | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
+index 68b4d7edcb..ad41898cb6 100644
+--- a/pc-bios/s390-ccw/netboot.mak
++++ b/pc-bios/s390-ccw/netboot.mak
+@@ -16,9 +16,12 @@ s390-netboot.elf: $(NETOBJS) libnet.a libc.a
+ s390-netboot.img: s390-netboot.elf
+ $(call quiet-command,$(STRIP) --strip-unneeded $< -o $@,"STRIP","$(TARGET_DIR)$@")
+
++# SLOF is GCC-only, so ignore warnings about GNU extensions with Clang here
++NO_GNU_WARN := $(call cc-option,-Werror $(QEMU_CFLAGS),-Wno-gnu)
++
+ # libc files:
+
+-LIBC_CFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
++LIBC_CFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(NO_GNU_WARN) $(LIBC_INC) $(LIBNET_INC) \
+ -MMD -MP -MT $@ -MF $(@:%.o=%.d)
+
+ CTYPE_OBJS = isdigit.o isxdigit.o toupper.o
+@@ -52,7 +55,7 @@ libc.a: $(LIBCOBJS)
+
+ LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
+ dhcpv6.o ethernet.o ipv4.o ndp.o tftp.o pxelinux.o
+-LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
++LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(NO_GNU_WARN) $(LIBC_INC) $(LIBNET_INC) \
+ -DDHCPARCH=0x1F -MMD -MP -MT $@ -MF $(@:%.o=%.d)
+
+ %.o : $(SLOF_DIR)/lib/libnet/%.c
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch
new file mode 100644
index 0000000..5e4b689
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch
@@ -0,0 +1,56 @@
+From 430e76fd964390db86c8486f76b916a1cf7f74c2 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 12/17] pc-bios/s390-ccw/virtio: Beautify the code for reading
+ virtqueue configuration
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [7/10] b15c06b4c5431837672b6cb5d57d09da20718441 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit 070824885741f5d2a66626d3c4ecb2773c8e0552
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:59 2022 +0200
+
+ pc-bios/s390-ccw/virtio: Beautify the code for reading virtqueue configuration
+
+ It looks nicer if we separate the run_ccw() from the IPL_assert()
+ statement, and the error message should talk about "virtio device"
+ instead of "block device", since this code is nowadays used for
+ non-block (i.e. network) devices, too.
+
+ Message-Id: <20220704111903.62400-9-thuth@redhat.com>
+ Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
+index d8c2b52710..f37510f312 100644
+--- a/pc-bios/s390-ccw/virtio.c
++++ b/pc-bios/s390-ccw/virtio.c
+@@ -289,9 +289,8 @@ void virtio_setup_ccw(VDev *vdev)
+ .num = 0,
+ };
+
+- IPL_assert(
+- run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config), false) == 0,
+- "Could not get block device VQ configuration");
++ rc = run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config), false);
++ IPL_assert(rc == 0, "Could not get virtio device VQ configuration");
+ info.num = config.num;
+ vring_init(&vdev->vrings[i], &info);
+ vdev->vrings[i].schid = vdev->schid;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch
new file mode 100644
index 0000000..04ab605
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch
@@ -0,0 +1,63 @@
+From 7d4f2454f95bfc087ad3f2fe3bc4625dcea3568e Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 06/17] pc-bios/s390-ccw/virtio: Introduce a macro for the DASD
+ block size
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [1/10] 71033934e1e9988bcf71362e02665ceb7449009d (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit 1f2c2ee48e87ea743f8e23cc7569dd26c4cf9623
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:53 2022 +0200
+
+ pc-bios/s390-ccw/virtio: Introduce a macro for the DASD block size
+
+ Use VIRTIO_DASD_DEFAULT_BLOCK_SIZE instead of the magic value 4096.
+
+ Message-Id: <20220704111903.62400-3-thuth@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio-blkdev.c | 2 +-
+ pc-bios/s390-ccw/virtio.h | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
+index 7d35050292..6483307630 100644
+--- a/pc-bios/s390-ccw/virtio-blkdev.c
++++ b/pc-bios/s390-ccw/virtio-blkdev.c
+@@ -155,7 +155,7 @@ void virtio_assume_eckd(void)
+ vdev->config.blk.physical_block_exp = 0;
+ switch (vdev->senseid.cu_model) {
+ case VIRTIO_ID_BLOCK:
+- vdev->config.blk.blk_size = 4096;
++ vdev->config.blk.blk_size = VIRTIO_DASD_DEFAULT_BLOCK_SIZE;
+ break;
+ case VIRTIO_ID_SCSI:
+ vdev->config.blk.blk_size = vdev->scsi_block_size;
+diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h
+index 19fceb6495..9e410bde6f 100644
+--- a/pc-bios/s390-ccw/virtio.h
++++ b/pc-bios/s390-ccw/virtio.h
+@@ -198,6 +198,7 @@ extern int virtio_read_many(ulong sector, void *load_addr, int sec_num);
+ #define VIRTIO_SECTOR_SIZE 512
+ #define VIRTIO_ISO_BLOCK_SIZE 2048
+ #define VIRTIO_SCSI_BLOCK_SIZE 512
++#define VIRTIO_DASD_DEFAULT_BLOCK_SIZE 4096
+
+ static inline ulong virtio_sector_adjust(ulong sector)
+ {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch
new file mode 100644
index 0000000..41ae538
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch
@@ -0,0 +1,67 @@
+From 20f8724d0837acbe642c8c7698a4b256f34c1209 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 11/17] pc-bios/s390-ccw/virtio: Read device config after
+ feature negotiation
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [6/10] 54d21e430b2dfba9e0a0823d6bb8ec7e7f8ff2ff (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit aa5c69ce99411c4886bcd051f288afc02b6d968d
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:58 2022 +0200
+
+ pc-bios/s390-ccw/virtio: Read device config after feature negotiation
+
+ Feature negotiation should be done first, since some fields in the
+ config area can depend on the negotiated features and thus should
+ rather be read afterwards.
+
+ While we're at it, also adjust the error message here a little bit
+ (the code is nowadays used for non-block virtio devices, too).
+
+ Message-Id: <20220704111903.62400-8-thuth@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
+index 4e85a2eb82..d8c2b52710 100644
+--- a/pc-bios/s390-ccw/virtio.c
++++ b/pc-bios/s390-ccw/virtio.c
+@@ -262,10 +262,6 @@ void virtio_setup_ccw(VDev *vdev)
+ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
+ IPL_assert(rc == 0, "Could not write DRIVER status to host");
+
+- IPL_assert(
+- run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false) == 0,
+- "Could not get block device configuration");
+-
+ /* Feature negotiation */
+ for (i = 0; i < ARRAY_SIZE(vdev->guest_features); i++) {
+ feats.features = 0;
+@@ -278,6 +274,9 @@ void virtio_setup_ccw(VDev *vdev)
+ IPL_assert(rc == 0, "Could not set features bits");
+ }
+
++ rc = run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false);
++ IPL_assert(rc == 0, "Could not get virtio device configuration");
++
+ for (i = 0; i < vdev->nr_vqs; i++) {
+ VqInfo info = {
+ .queue = (unsigned long long) ring_area + (i * VIRTIO_RING_SIZE),
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch
new file mode 100644
index 0000000..e976047
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch
@@ -0,0 +1,93 @@
+From 303fb3ddcdbbd1373c5b1aa28e03f90507e217f3 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 10/17] pc-bios/s390-ccw/virtio: Set missing status bits while
+ initializing
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [5/10] 4bc44d9adae055fb60b79d04a2f08535b4d38d2b (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit 175aa06a152ef6b58ba9b2e47a1296b024dea70c
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:57 2022 +0200
+
+ pc-bios/s390-ccw/virtio: Set missing status bits while initializing
+
+ According chapter "3.1.1 Driver Requirements: Device Initialization"
+ of the Virtio specification (v1.1), a driver for a device has to set
+ the ACKNOWLEDGE and DRIVER bits in the status field after resetting
+ the device. The s390-ccw bios skipped these steps so far and seems
+ like QEMU never cared. Anyway, it's better to follow the spec, so
+ let's set these bits now in the right spots, too.
+
+ Message-Id: <20220704111903.62400-7-thuth@redhat.com>
+ Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com>
+ Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
+index 5d2c6e3381..4e85a2eb82 100644
+--- a/pc-bios/s390-ccw/virtio.c
++++ b/pc-bios/s390-ccw/virtio.c
+@@ -220,7 +220,7 @@ int virtio_run(VDev *vdev, int vqid, VirtioCmd *cmd)
+ void virtio_setup_ccw(VDev *vdev)
+ {
+ int i, rc, cfg_size = 0;
+- unsigned char status = VIRTIO_CONFIG_S_DRIVER_OK;
++ uint8_t status;
+ struct VirtioFeatureDesc {
+ uint32_t features;
+ uint8_t index;
+@@ -234,6 +234,10 @@ void virtio_setup_ccw(VDev *vdev)
+
+ run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0, false);
+
++ status = VIRTIO_CONFIG_S_ACKNOWLEDGE;
++ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
++ IPL_assert(rc == 0, "Could not write ACKNOWLEDGE status to host");
++
+ switch (vdev->senseid.cu_model) {
+ case VIRTIO_ID_NET:
+ vdev->nr_vqs = 2;
+@@ -253,6 +257,11 @@ void virtio_setup_ccw(VDev *vdev)
+ default:
+ panic("Unsupported virtio device\n");
+ }
++
++ status |= VIRTIO_CONFIG_S_DRIVER;
++ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
++ IPL_assert(rc == 0, "Could not write DRIVER status to host");
++
+ IPL_assert(
+ run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false) == 0,
+ "Could not get block device configuration");
+@@ -291,9 +300,10 @@ void virtio_setup_ccw(VDev *vdev)
+ run_ccw(vdev, CCW_CMD_SET_VQ, &info, sizeof(info), false) == 0,
+ "Cannot set VQ info");
+ }
+- IPL_assert(
+- run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false) == 0,
+- "Could not write status to host");
++
++ status |= VIRTIO_CONFIG_S_DRIVER_OK;
++ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
++ IPL_assert(rc == 0, "Could not write DRIVER_OK status to host");
+ }
+
+ bool virtio_is_supported(SubChannelId schid)
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch
new file mode 100644
index 0000000..109b98e
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch
@@ -0,0 +1,101 @@
+From d3335a98a7b6e084aadf4907968536a67cf8e64c Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 09/17] pc-bios/s390-ccw/virtio-blkdev: Remove
+ virtio_assume_scsi()
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [4/10] bf27f75344f220a03475a2918ed49ec9cd5ba317 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit 5447de2619050a0a4dd480b97f88a9b58da360d1
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:56 2022 +0200
+
+ pc-bios/s390-ccw/virtio-blkdev: Remove virtio_assume_scsi()
+
+ The virtio_assume_scsi() function is very questionable: First, it
+ is only called for virtio-blk, and not for virtio-scsi, so the naming
+ is already quite confusing. Second, it is called if we detected a
+ "invalid" IPL disk, trying to fix it by blindly setting a sector
+ size of 512. This of course won't work in most cases since disks
+ might have a different sector size for a reason.
+
+ Thus let's remove this strange function now. The calling code can
+ also be removed completely, since there is another spot in main.c
+ that does "IPL_assert(virtio_ipl_disk_is_valid(), ...)" to make
+ sure that we do not try to IPL from an invalid device.
+
+ Message-Id: <20220704111903.62400-6-thuth@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio-blkdev.c | 24 ------------------------
+ pc-bios/s390-ccw/virtio.h | 1 -
+ 2 files changed, 25 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
+index 7e13155589..db1f7f44aa 100644
+--- a/pc-bios/s390-ccw/virtio-blkdev.c
++++ b/pc-bios/s390-ccw/virtio-blkdev.c
+@@ -112,23 +112,6 @@ VirtioGDN virtio_guessed_disk_nature(void)
+ return virtio_get_device()->guessed_disk_nature;
+ }
+
+-void virtio_assume_scsi(void)
+-{
+- VDev *vdev = virtio_get_device();
+-
+- switch (vdev->senseid.cu_model) {
+- case VIRTIO_ID_BLOCK:
+- vdev->guessed_disk_nature = VIRTIO_GDN_SCSI;
+- vdev->config.blk.blk_size = VIRTIO_SCSI_BLOCK_SIZE;
+- vdev->config.blk.physical_block_exp = 0;
+- vdev->blk_factor = 1;
+- break;
+- case VIRTIO_ID_SCSI:
+- vdev->scsi_block_size = VIRTIO_SCSI_BLOCK_SIZE;
+- break;
+- }
+-}
+-
+ void virtio_assume_iso9660(void)
+ {
+ VDev *vdev = virtio_get_device();
+@@ -247,13 +230,6 @@ int virtio_blk_setup_device(SubChannelId schid)
+ switch (vdev->senseid.cu_model) {
+ case VIRTIO_ID_BLOCK:
+ sclp_print("Using virtio-blk.\n");
+- if (!virtio_ipl_disk_is_valid()) {
+- /* make sure all getters but blocksize return 0 for
+- * invalid IPL disk
+- */
+- memset(&vdev->config.blk, 0, sizeof(vdev->config.blk));
+- virtio_assume_scsi();
+- }
+ break;
+ case VIRTIO_ID_SCSI:
+ IPL_assert(vdev->config.scsi.sense_size == VIRTIO_SCSI_SENSE_SIZE,
+diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h
+index 241730effe..600ba5052b 100644
+--- a/pc-bios/s390-ccw/virtio.h
++++ b/pc-bios/s390-ccw/virtio.h
+@@ -182,7 +182,6 @@ enum guessed_disk_nature_type {
+ typedef enum guessed_disk_nature_type VirtioGDN;
+
+ VirtioGDN virtio_guessed_disk_nature(void);
+-void virtio_assume_scsi(void);
+ void virtio_assume_eckd(void);
+ void virtio_assume_iso9660(void);
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch
new file mode 100644
index 0000000..8bc7a11
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch
@@ -0,0 +1,63 @@
+From db58915fcaf3d24b64fe2c34cc15b5596b9a81bb Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 14/17] pc-bios/s390-ccw/virtio-blkdev: Request the right
+ feature bits
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [9/10] 9dcd8c2f659f366f9487ab6473d1f0d7778b40a7 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit 9125a314cca4a1838b09305a87d8efb98f80ab67
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:19:01 2022 +0200
+
+ pc-bios/s390-ccw/virtio-blkdev: Request the right feature bits
+
+ The virtio-blk code uses the block size and geometry fields in the
+ config area. According to the virtio-spec, these have to be negotiated
+ with the right feature bits during initialization, otherwise they
+ might not be available. QEMU is so far very forgiving and always
+ provides them, but we should not rely on this behavior, so let's
+ better request them properly via the VIRTIO_BLK_F_GEOMETRY and
+ VIRTIO_BLK_F_BLK_SIZE feature bits.
+
+ Message-Id: <20220704111903.62400-11-thuth@redhat.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio-blkdev.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
+index c175b66a47..8271c47296 100644
+--- a/pc-bios/s390-ccw/virtio-blkdev.c
++++ b/pc-bios/s390-ccw/virtio-blkdev.c
+@@ -13,6 +13,9 @@
+ #include "virtio.h"
+ #include "virtio-scsi.h"
+
++#define VIRTIO_BLK_F_GEOMETRY (1 << 4)
++#define VIRTIO_BLK_F_BLK_SIZE (1 << 6)
++
+ static int virtio_blk_read_many(VDev *vdev, ulong sector, void *load_addr,
+ int sec_num)
+ {
+@@ -223,6 +226,7 @@ int virtio_blk_setup_device(SubChannelId schid)
+ {
+ VDev *vdev = virtio_get_device();
+
++ vdev->guest_features[0] = VIRTIO_BLK_F_GEOMETRY | VIRTIO_BLK_F_BLK_SIZE;
+ vdev->schid = schid;
+ virtio_setup_ccw(vdev);
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch b/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch
new file mode 100644
index 0000000..818e515
--- /dev/null
+++ b/SOURCES/kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch
@@ -0,0 +1,124 @@
+From f07e4629a7c58407f903810a038660c88c6a6315 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 8 Jul 2022 20:49:01 +0200
+Subject: [PATCH 08/17] pc-bios/s390-ccw/virtio-blkdev: Simplify/fix
+ virtio_ipl_disk_is_valid()
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
+RH-Commit: [3/10] fb06830a3e50d9da3d84913b50bb227865cc44b3 (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2098077
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: http://bugzilla.redhat.com/2098077
+
+commit bbf615f7b707f009ef8e757d170902ad33b90644
+Author: Thomas Huth <thuth@redhat.com>
+Date: Mon Jul 4 13:18:55 2022 +0200
+
+ pc-bios/s390-ccw/virtio-blkdev: Simplify/fix virtio_ipl_disk_is_valid()
+
+ The s390-ccw bios fails to boot if the boot disk is a virtio-blk
+ disk with a sector size of 4096. For example:
+
+ dasdfmt -b 4096 -d cdl -y -p -M quick /dev/dasdX
+ fdasd -a /dev/dasdX
+ install a guest onto /dev/dasdX1 using virtio-blk
+ qemu-system-s390x -nographic -hda /dev/dasdX1
+
+ The bios then bails out with:
+
+ ! Cannot read block 0 !
+
+ Looking at virtio_ipl_disk_is_valid() and especially the function
+ virtio_disk_is_scsi(), it does not really make sense that we expect
+ only such a limited disk geometry (like a block size of 512) for
+ our boot disks. Let's relax the check and allow everything that
+ remotely looks like a sane disk.
+
+ Message-Id: <20220704111903.62400-5-thuth@redhat.com>
+ Reviewed-by: Eric Farman <farman@linux.ibm.com>
+ Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ pc-bios/s390-ccw/virtio-blkdev.c | 41 ++++++--------------------------
+ pc-bios/s390-ccw/virtio.h | 2 --
+ 2 files changed, 7 insertions(+), 36 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
+index 6483307630..7e13155589 100644
+--- a/pc-bios/s390-ccw/virtio-blkdev.c
++++ b/pc-bios/s390-ccw/virtio-blkdev.c
+@@ -166,46 +166,19 @@ void virtio_assume_eckd(void)
+ virtio_eckd_sectors_for_block_size(vdev->config.blk.blk_size);
+ }
+
+-bool virtio_disk_is_scsi(void)
+-{
+- VDev *vdev = virtio_get_device();
+-
+- if (vdev->guessed_disk_nature == VIRTIO_GDN_SCSI) {
+- return true;
+- }
+- switch (vdev->senseid.cu_model) {
+- case VIRTIO_ID_BLOCK:
+- return (vdev->config.blk.geometry.heads == 255)
+- && (vdev->config.blk.geometry.sectors == 63)
+- && (virtio_get_block_size() == VIRTIO_SCSI_BLOCK_SIZE);
+- case VIRTIO_ID_SCSI:
+- return true;
+- }
+- return false;
+-}
+-
+-bool virtio_disk_is_eckd(void)
++bool virtio_ipl_disk_is_valid(void)
+ {
++ int blksize = virtio_get_block_size();
+ VDev *vdev = virtio_get_device();
+- const int block_size = virtio_get_block_size();
+
+- if (vdev->guessed_disk_nature == VIRTIO_GDN_DASD) {
++ if (vdev->guessed_disk_nature == VIRTIO_GDN_SCSI ||
++ vdev->guessed_disk_nature == VIRTIO_GDN_DASD) {
+ return true;
+ }
+- switch (vdev->senseid.cu_model) {
+- case VIRTIO_ID_BLOCK:
+- return (vdev->config.blk.geometry.heads == 15)
+- && (vdev->config.blk.geometry.sectors ==
+- virtio_eckd_sectors_for_block_size(block_size));
+- case VIRTIO_ID_SCSI:
+- return false;
+- }
+- return false;
+-}
+
+-bool virtio_ipl_disk_is_valid(void)
+-{
+- return virtio_disk_is_scsi() || virtio_disk_is_eckd();
++ return (vdev->senseid.cu_model == VIRTIO_ID_BLOCK ||
++ vdev->senseid.cu_model == VIRTIO_ID_SCSI) &&
++ blksize >= 512 && blksize <= 4096;
+ }
+
+ int virtio_get_block_size(void)
+diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h
+index 9e410bde6f..241730effe 100644
+--- a/pc-bios/s390-ccw/virtio.h
++++ b/pc-bios/s390-ccw/virtio.h
+@@ -186,8 +186,6 @@ void virtio_assume_scsi(void);
+ void virtio_assume_eckd(void);
+ void virtio_assume_iso9660(void);
+
+-extern bool virtio_disk_is_scsi(void);
+-extern bool virtio_disk_is_eckd(void);
+ extern bool virtio_ipl_disk_is_valid(void);
+ extern int virtio_get_block_size(void);
+ extern uint8_t virtio_get_heads(void);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch b/SOURCES/kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch
deleted file mode 100644
index 435d3f2..0000000
--- a/SOURCES/kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 0a200d937e63554c38db577961ef4f09c836cb2f Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Tue, 1 Mar 2022 10:11:58 -0500
-Subject: [PATCH 01/14] pci: expose TYPE_XIO3130_DOWNSTREAM name
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 124: RHEL-9.0 Fix broken PCIe device after migration
-RH-Commit: [1/2] 38a5fef15d0b6c231b5ac268aad7d541e5303a7e
-RH-Bugzilla: 2053584
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: MST <None>
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Type name will be used in followup patch for cast check
-in pcihp code.
-
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20220301151200.3507298-2-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit c41481af9a5d0d463607cc45b45c510875570817)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- hw/pci-bridge/xio3130_downstream.c | 3 ++-
- include/hw/pci-bridge/xio3130_downstream.h | 15 +++++++++++++++
- 2 files changed, 17 insertions(+), 1 deletion(-)
- create mode 100644 include/hw/pci-bridge/xio3130_downstream.h
-
-diff --git a/hw/pci-bridge/xio3130_downstream.c b/hw/pci-bridge/xio3130_downstream.c
-index 04aae72cd6..b17cafd359 100644
---- a/hw/pci-bridge/xio3130_downstream.c
-+++ b/hw/pci-bridge/xio3130_downstream.c
-@@ -28,6 +28,7 @@
- #include "migration/vmstate.h"
- #include "qapi/error.h"
- #include "qemu/module.h"
-+#include "hw/pci-bridge/xio3130_downstream.h"
-
- #define PCI_DEVICE_ID_TI_XIO3130D 0x8233 /* downstream port */
- #define XIO3130_REVISION 0x1
-@@ -173,7 +174,7 @@ static void xio3130_downstream_class_init(ObjectClass *klass, void *data)
- }
-
- static const TypeInfo xio3130_downstream_info = {
-- .name = "xio3130-downstream",
-+ .name = TYPE_XIO3130_DOWNSTREAM,
- .parent = TYPE_PCIE_SLOT,
- .class_init = xio3130_downstream_class_init,
- .interfaces = (InterfaceInfo[]) {
-diff --git a/include/hw/pci-bridge/xio3130_downstream.h b/include/hw/pci-bridge/xio3130_downstream.h
-new file mode 100644
-index 0000000000..1d10139aea
---- /dev/null
-+++ b/include/hw/pci-bridge/xio3130_downstream.h
-@@ -0,0 +1,15 @@
-+/*
-+ * TI X3130 pci express downstream port switch
-+ *
-+ * Copyright (C) 2022 Igor Mammedov <imammedo@redhat.com>
-+ *
-+ * SPDX-License-Identifier: GPL-2.0-or-later
-+ */
-+
-+#ifndef HW_PCI_BRIDGE_XIO3130_DOWNSTREAM_H
-+#define HW_PCI_BRIDGE_XIO3130_DOWNSTREAM_H
-+
-+#define TYPE_XIO3130_DOWNSTREAM "xio3130-downstream"
-+
-+#endif
-+
---
-2.31.1
-
diff --git a/SOURCES/kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch b/SOURCES/kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch
deleted file mode 100644
index 9e58f6c..0000000
--- a/SOURCES/kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-From a6a327ae392c02b8e8c75b5d702d929ff8fe408d Mon Sep 17 00:00:00 2001
-From: Yang Zhong <yang.zhong@intel.com>
-Date: Thu, 20 Jan 2022 17:31:04 -0500
-Subject: [PATCH 05/12] qapi: Cleanup SGX related comments and restore
- @section-size
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Paul Lai <plai@redhat.com>
-RH-MergeRequest: 65: Enable SGX and add SGX Numa support
-RH-Commit: [5/5] 0d3b9f37cd3cce202050ba3bd51eef4410ef3d38
-RH-Bugzilla: 2033708
-RH-Acked-by: Paolo Bonzini <None>
-RH-Acked-by: Bandan Das <None>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-The SGX NUMA patches were merged into Qemu 7.0 release, we need
-clarify detailed version history information and also change
-some related comments, which make SGX related comments clearer.
-
-The QMP command schema promises backwards compatibility as standard.
-We temporarily restore "@section-size", which can avoid incompatible
-API breakage. The "@section-size" will be deprecated in 7.2 version.
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Yang Zhong <yang.zhong@intel.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20220120223104.437161-1-yang.zhong@intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Paul Lai <plai@redhat.com>
----
- docs/about/deprecated.rst | 13 +++++++++++++
- hw/i386/sgx.c | 11 +++++++++--
- qapi/machine.json | 4 ++--
- qapi/misc-target.json | 22 +++++++++++++++++-----
- 4 files changed, 41 insertions(+), 9 deletions(-)
-
-diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
-index ff7488cb63..33925edf45 100644
---- a/docs/about/deprecated.rst
-+++ b/docs/about/deprecated.rst
-@@ -270,6 +270,19 @@ accepted incorrect commands will return an error. Users should make sure that
- all arguments passed to ``device_add`` are consistent with the documented
- property types.
-
-+``query-sgx`` return value member ``section-size`` (since 7.0)
-+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-+
-+Member ``section-size`` in return value elements with meta-type ``uint64`` is
-+deprecated. Use ``sections`` instead.
-+
-+
-+``query-sgx-capabilities`` return value member ``section-size`` (since 7.0)
-+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-+
-+Member ``section-size`` in return value elements with meta-type ``uint64`` is
-+deprecated. Use ``sections`` instead.
-+
- System accelerators
- -------------------
-
-diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
-index 5de5dd0893..a2b318dd93 100644
---- a/hw/i386/sgx.c
-+++ b/hw/i386/sgx.c
-@@ -83,7 +83,7 @@ static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
- ((high & MAKE_64BIT_MASK(0, 20)) << 32);
- }
-
--static SGXEPCSectionList *sgx_calc_host_epc_sections(void)
-+static SGXEPCSectionList *sgx_calc_host_epc_sections(uint64_t *size)
- {
- SGXEPCSectionList *head = NULL, **tail = &head;
- SGXEPCSection *section;
-@@ -106,6 +106,7 @@ static SGXEPCSectionList *sgx_calc_host_epc_sections(void)
- section = g_new0(SGXEPCSection, 1);
- section->node = j++;
- section->size = sgx_calc_section_metric(ecx, edx);
-+ *size += section->size;
- QAPI_LIST_APPEND(tail, section);
- }
-
-@@ -156,6 +157,7 @@ SGXInfo *qmp_query_sgx_capabilities(Error **errp)
- {
- SGXInfo *info = NULL;
- uint32_t eax, ebx, ecx, edx;
-+ uint64_t size = 0;
-
- int fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
- if (fd < 0) {
-@@ -173,7 +175,8 @@ SGXInfo *qmp_query_sgx_capabilities(Error **errp)
- info->sgx1 = eax & (1U << 0) ? true : false;
- info->sgx2 = eax & (1U << 1) ? true : false;
-
-- info->sections = sgx_calc_host_epc_sections();
-+ info->sections = sgx_calc_host_epc_sections(&size);
-+ info->section_size = size;
-
- close(fd);
-
-@@ -220,12 +223,14 @@ SGXInfo *qmp_query_sgx(Error **errp)
- return NULL;
- }
-
-+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
- info = g_new0(SGXInfo, 1);
-
- info->sgx = true;
- info->sgx1 = true;
- info->sgx2 = true;
- info->flc = true;
-+ info->section_size = sgx_epc->size;
- info->sections = sgx_get_epc_sections_list();
-
- return info;
-@@ -249,6 +254,8 @@ void hmp_info_sgx(Monitor *mon, const QDict *qdict)
- info->sgx2 ? "enabled" : "disabled");
- monitor_printf(mon, "FLC support: %s\n",
- info->flc ? "enabled" : "disabled");
-+ monitor_printf(mon, "size: %" PRIu64 "\n",
-+ info->section_size);
-
- section_list = info->sections;
- for (section = section_list; section; section = section->next) {
-diff --git a/qapi/machine.json b/qapi/machine.json
-index 16e771affc..a9f33d0f27 100644
---- a/qapi/machine.json
-+++ b/qapi/machine.json
-@@ -1207,7 +1207,7 @@
- #
- # @memdev: memory backend linked with device
- #
--# @node: the numa node
-+# @node: the numa node (Since: 7.0)
- #
- # Since: 6.2
- ##
-@@ -1288,7 +1288,7 @@
- #
- # @memdev: memory backend linked with device
- #
--# @node: the numa node
-+# @node: the numa node (Since: 7.0)
- #
- # Since: 6.2
- ##
-diff --git a/qapi/misc-target.json b/qapi/misc-target.json
-index 1022aa0184..4bc45d2474 100644
---- a/qapi/misc-target.json
-+++ b/qapi/misc-target.json
-@@ -344,9 +344,9 @@
- #
- # @node: the numa node
- #
--# @size: the size of epc section
-+# @size: the size of EPC section
- #
--# Since: 6.2
-+# Since: 7.0
- ##
- { 'struct': 'SGXEPCSection',
- 'data': { 'node': 'int',
-@@ -365,7 +365,13 @@
- #
- # @flc: true if FLC is supported
- #
--# @sections: The EPC sections info for guest
-+# @section-size: The EPC section size for guest
-+# Redundant with @sections. Just for backward compatibility.
-+#
-+# @sections: The EPC sections info for guest (Since: 7.0)
-+#
-+# Features:
-+# @deprecated: Member @section-size is deprecated. Use @sections instead.
- #
- # Since: 6.2
- ##
-@@ -374,6 +380,8 @@
- 'sgx1': 'bool',
- 'sgx2': 'bool',
- 'flc': 'bool',
-+ 'section-size': { 'type': 'uint64',
-+ 'features': [ 'deprecated' ] },
- 'sections': ['SGXEPCSection']},
- 'if': 'TARGET_I386' }
-
-@@ -390,7 +398,9 @@
- #
- # -> { "execute": "query-sgx" }
- # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
--# "flc": true, "section-size" : 0 } }
-+# "flc": true, "section-size" : 96468992,
-+# "sections": [{"node": 0, "size": 67108864},
-+# {"node": 1, "size": 29360128}]} }
- #
- ##
- { 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
-@@ -408,7 +418,9 @@
- #
- # -> { "execute": "query-sgx-capabilities" }
- # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
--# "flc": true, "section-size" : 0 } }
-+# "flc": true, "section-size" : 96468992,
-+# "section" : [{"node": 0, "size": 67108864},
-+# {"node": 1, "size": 29360128}]} }
- #
- ##
- { 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
---
-2.27.0
-
diff --git a/SOURCES/kvm-qapi-machine.json-Add-cluster-id.patch b/SOURCES/kvm-qapi-machine.json-Add-cluster-id.patch
new file mode 100644
index 0000000..2b2a22a
--- /dev/null
+++ b/SOURCES/kvm-qapi-machine.json-Add-cluster-id.patch
@@ -0,0 +1,126 @@
+From e97c563f7146098119839aa146a6f25070eb7148 Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Wed, 11 May 2022 18:01:02 +0800
+Subject: [PATCH 01/16] qapi/machine.json: Add cluster-id
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 86: hw/arm/virt: Fix the default CPU topology
+RH-Commit: [1/6] 44d7d83008c6d28485ae44f7cced792f4987b919 (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2041823
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041823
+
+This adds cluster-id in CPU instance properties, which will be used
+by arm/virt machine. Besides, the cluster-id is also verified or
+dumped in various spots:
+
+ * hw/core/machine.c::machine_set_cpu_numa_node() to associate
+ CPU with its NUMA node.
+
+ * hw/core/machine.c::machine_numa_finish_cpu_init() to record
+ CPU slots with no NUMA mapping set.
+
+ * hw/core/machine-hmp-cmds.c::hmp_hotpluggable_cpus() to dump
+ cluster-id.
+
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
+Acked-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20220503140304.855514-2-gshan@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 1dcf7001d4bae651129d46d5628b29e93a411d0b)
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ hw/core/machine-hmp-cmds.c | 4 ++++
+ hw/core/machine.c | 16 ++++++++++++++++
+ qapi/machine.json | 6 ++++--
+ 3 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/hw/core/machine-hmp-cmds.c b/hw/core/machine-hmp-cmds.c
+index 4e2f319aeb..5cb5eecbfc 100644
+--- a/hw/core/machine-hmp-cmds.c
++++ b/hw/core/machine-hmp-cmds.c
+@@ -77,6 +77,10 @@ void hmp_hotpluggable_cpus(Monitor *mon, const QDict *qdict)
+ if (c->has_die_id) {
+ monitor_printf(mon, " die-id: \"%" PRIu64 "\"\n", c->die_id);
+ }
++ if (c->has_cluster_id) {
++ monitor_printf(mon, " cluster-id: \"%" PRIu64 "\"\n",
++ c->cluster_id);
++ }
+ if (c->has_core_id) {
+ monitor_printf(mon, " core-id: \"%" PRIu64 "\"\n", c->core_id);
+ }
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index dffc3ef4ab..168f4de910 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -890,6 +890,11 @@ void machine_set_cpu_numa_node(MachineState *machine,
+ return;
+ }
+
++ if (props->has_cluster_id && !slot->props.has_cluster_id) {
++ error_setg(errp, "cluster-id is not supported");
++ return;
++ }
++
+ if (props->has_socket_id && !slot->props.has_socket_id) {
+ error_setg(errp, "socket-id is not supported");
+ return;
+@@ -909,6 +914,11 @@ void machine_set_cpu_numa_node(MachineState *machine,
+ continue;
+ }
+
++ if (props->has_cluster_id &&
++ props->cluster_id != slot->props.cluster_id) {
++ continue;
++ }
++
+ if (props->has_die_id && props->die_id != slot->props.die_id) {
+ continue;
+ }
+@@ -1203,6 +1213,12 @@ static char *cpu_slot_to_string(const CPUArchId *cpu)
+ }
+ g_string_append_printf(s, "die-id: %"PRId64, cpu->props.die_id);
+ }
++ if (cpu->props.has_cluster_id) {
++ if (s->len) {
++ g_string_append_printf(s, ", ");
++ }
++ g_string_append_printf(s, "cluster-id: %"PRId64, cpu->props.cluster_id);
++ }
+ if (cpu->props.has_core_id) {
+ if (s->len) {
+ g_string_append_printf(s, ", ");
+diff --git a/qapi/machine.json b/qapi/machine.json
+index d25a481ce4..4c417e32a5 100644
+--- a/qapi/machine.json
++++ b/qapi/machine.json
+@@ -868,10 +868,11 @@
+ # @node-id: NUMA node ID the CPU belongs to
+ # @socket-id: socket number within node/board the CPU belongs to
+ # @die-id: die number within socket the CPU belongs to (since 4.1)
+-# @core-id: core number within die the CPU belongs to
++# @cluster-id: cluster number within die the CPU belongs to (since 7.1)
++# @core-id: core number within cluster the CPU belongs to
+ # @thread-id: thread number within core the CPU belongs to
+ #
+-# Note: currently there are 5 properties that could be present
++# Note: currently there are 6 properties that could be present
+ # but management should be prepared to pass through other
+ # properties with device_add command to allow for future
+ # interface extension. This also requires the filed names to be kept in
+@@ -883,6 +884,7 @@
+ 'data': { '*node-id': 'int',
+ '*socket-id': 'int',
+ '*die-id': 'int',
++ '*cluster-id': 'int',
+ '*core-id': 'int',
+ '*thread-id': 'int'
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch b/SOURCES/kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch
new file mode 100644
index 0000000..9010d3d
--- /dev/null
+++ b/SOURCES/kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch
@@ -0,0 +1,162 @@
+From 5e385a0e49a520550a83299632be175857b63f19 Mon Sep 17 00:00:00 2001
+From: Hanna Reitz <hreitz@redhat.com>
+Date: Tue, 5 Apr 2022 15:46:52 +0200
+Subject: [PATCH 06/16] qcow2: Add errp to rebuild_refcount_structure()
+
+RH-Author: Hanna Reitz <hreitz@redhat.com>
+RH-MergeRequest: 96: qcow2: Improve refcount structure rebuilding
+RH-Commit: [3/4] 937b89a7eab6ec6b18618d59bc1526976ad03290 (hreitz/qemu-kvm-c-9-s)
+RH-Bugzilla: 2072379
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+Instead of fprint()-ing error messages in rebuild_refcount_structure()
+and its rebuild_refcounts_write_refblocks() helper, pass them through an
+Error object to qcow2_check_refcounts() (which will then print it).
+
+Suggested-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+Message-Id: <20220405134652.19278-4-hreitz@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+(cherry picked from commit 0423f75351ab83b844a31349218b0eadd830e07a)
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+---
+ block/qcow2-refcount.c | 33 +++++++++++++++++++--------------
+ 1 file changed, 19 insertions(+), 14 deletions(-)
+
+diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
+index c5669eaa51..ed0ecfaa89 100644
+--- a/block/qcow2-refcount.c
++++ b/block/qcow2-refcount.c
+@@ -2465,7 +2465,8 @@ static int64_t alloc_clusters_imrt(BlockDriverState *bs,
+ static int rebuild_refcounts_write_refblocks(
+ BlockDriverState *bs, void **refcount_table, int64_t *nb_clusters,
+ int64_t first_cluster, int64_t end_cluster,
+- uint64_t **on_disk_reftable_ptr, uint32_t *on_disk_reftable_entries_ptr
++ uint64_t **on_disk_reftable_ptr, uint32_t *on_disk_reftable_entries_ptr,
++ Error **errp
+ )
+ {
+ BDRVQcow2State *s = bs->opaque;
+@@ -2516,8 +2517,8 @@ static int rebuild_refcounts_write_refblocks(
+ nb_clusters,
+ &first_free_cluster);
+ if (refblock_offset < 0) {
+- fprintf(stderr, "ERROR allocating refblock: %s\n",
+- strerror(-refblock_offset));
++ error_setg_errno(errp, -refblock_offset,
++ "ERROR allocating refblock");
+ return refblock_offset;
+ }
+
+@@ -2539,6 +2540,7 @@ static int rebuild_refcounts_write_refblocks(
+ on_disk_reftable_entries *
+ REFTABLE_ENTRY_SIZE);
+ if (!on_disk_reftable) {
++ error_setg(errp, "ERROR allocating reftable memory");
+ return -ENOMEM;
+ }
+
+@@ -2562,7 +2564,7 @@ static int rebuild_refcounts_write_refblocks(
+ ret = qcow2_pre_write_overlap_check(bs, 0, refblock_offset,
+ s->cluster_size, false);
+ if (ret < 0) {
+- fprintf(stderr, "ERROR writing refblock: %s\n", strerror(-ret));
++ error_setg_errno(errp, -ret, "ERROR writing refblock");
+ return ret;
+ }
+
+@@ -2578,7 +2580,7 @@ static int rebuild_refcounts_write_refblocks(
+ ret = bdrv_pwrite(bs->file, refblock_offset, on_disk_refblock,
+ s->cluster_size);
+ if (ret < 0) {
+- fprintf(stderr, "ERROR writing refblock: %s\n", strerror(-ret));
++ error_setg_errno(errp, -ret, "ERROR writing refblock");
+ return ret;
+ }
+
+@@ -2601,7 +2603,8 @@ static int rebuild_refcounts_write_refblocks(
+ static int rebuild_refcount_structure(BlockDriverState *bs,
+ BdrvCheckResult *res,
+ void **refcount_table,
+- int64_t *nb_clusters)
++ int64_t *nb_clusters,
++ Error **errp)
+ {
+ BDRVQcow2State *s = bs->opaque;
+ int64_t reftable_offset = -1;
+@@ -2652,7 +2655,7 @@ static int rebuild_refcount_structure(BlockDriverState *bs,
+ rebuild_refcounts_write_refblocks(bs, refcount_table, nb_clusters,
+ 0, *nb_clusters,
+ &on_disk_reftable,
+- &on_disk_reftable_entries);
++ &on_disk_reftable_entries, errp);
+ if (reftable_size_changed < 0) {
+ res->check_errors++;
+ ret = reftable_size_changed;
+@@ -2676,8 +2679,8 @@ static int rebuild_refcount_structure(BlockDriverState *bs,
+ refcount_table, nb_clusters,
+ &first_free_cluster);
+ if (reftable_offset < 0) {
+- fprintf(stderr, "ERROR allocating reftable: %s\n",
+- strerror(-reftable_offset));
++ error_setg_errno(errp, -reftable_offset,
++ "ERROR allocating reftable");
+ res->check_errors++;
+ ret = reftable_offset;
+ goto fail;
+@@ -2695,7 +2698,7 @@ static int rebuild_refcount_structure(BlockDriverState *bs,
+ reftable_start_cluster,
+ reftable_end_cluster,
+ &on_disk_reftable,
+- &on_disk_reftable_entries);
++ &on_disk_reftable_entries, errp);
+ if (reftable_size_changed < 0) {
+ res->check_errors++;
+ ret = reftable_size_changed;
+@@ -2725,7 +2728,7 @@ static int rebuild_refcount_structure(BlockDriverState *bs,
+ ret = qcow2_pre_write_overlap_check(bs, 0, reftable_offset, reftable_length,
+ false);
+ if (ret < 0) {
+- fprintf(stderr, "ERROR writing reftable: %s\n", strerror(-ret));
++ error_setg_errno(errp, -ret, "ERROR writing reftable");
+ goto fail;
+ }
+
+@@ -2733,7 +2736,7 @@ static int rebuild_refcount_structure(BlockDriverState *bs,
+ ret = bdrv_pwrite(bs->file, reftable_offset, on_disk_reftable,
+ reftable_length);
+ if (ret < 0) {
+- fprintf(stderr, "ERROR writing reftable: %s\n", strerror(-ret));
++ error_setg_errno(errp, -ret, "ERROR writing reftable");
+ goto fail;
+ }
+
+@@ -2746,7 +2749,7 @@ static int rebuild_refcount_structure(BlockDriverState *bs,
+ &reftable_offset_and_clusters,
+ sizeof(reftable_offset_and_clusters));
+ if (ret < 0) {
+- fprintf(stderr, "ERROR setting reftable: %s\n", strerror(-ret));
++ error_setg_errno(errp, -ret, "ERROR setting reftable");
+ goto fail;
+ }
+
+@@ -2814,11 +2817,13 @@ int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
+ if (rebuild && (fix & BDRV_FIX_ERRORS)) {
+ BdrvCheckResult old_res = *res;
+ int fresh_leaks = 0;
++ Error *local_err = NULL;
+
+ fprintf(stderr, "Rebuilding refcount structure\n");
+ ret = rebuild_refcount_structure(bs, res, &refcount_table,
+- &nb_clusters);
++ &nb_clusters, &local_err);
+ if (ret < 0) {
++ error_report_err(local_err);
+ goto fail;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-qcow2-Improve-refcount-structure-rebuilding.patch b/SOURCES/kvm-qcow2-Improve-refcount-structure-rebuilding.patch
new file mode 100644
index 0000000..cdc92b8
--- /dev/null
+++ b/SOURCES/kvm-qcow2-Improve-refcount-structure-rebuilding.patch
@@ -0,0 +1,465 @@
+From b453cf6be8429f4438d51eb24fcf49e7d9f14db6 Mon Sep 17 00:00:00 2001
+From: Hanna Reitz <hreitz@redhat.com>
+Date: Tue, 5 Apr 2022 15:46:50 +0200
+Subject: [PATCH 04/16] qcow2: Improve refcount structure rebuilding
+
+RH-Author: Hanna Reitz <hreitz@redhat.com>
+RH-MergeRequest: 96: qcow2: Improve refcount structure rebuilding
+RH-Commit: [1/4] a3606b7abcaebb4930b566e95b1090aead62dfae (hreitz/qemu-kvm-c-9-s)
+RH-Bugzilla: 2072379
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+When rebuilding the refcount structures (when qemu-img check -r found
+errors with refcount = 0, but reference count > 0), the new refcount
+table defaults to being put at the image file end[1]. There is no good
+reason for that except that it means we will not have to rewrite any
+refblocks we already wrote to disk.
+
+Changing the code to rewrite those refblocks is not too difficult,
+though, so let us do that. That is beneficial for images on block
+devices, where we cannot really write beyond the end of the image file.
+
+Use this opportunity to add extensive comments to the code, and refactor
+it a bit, getting rid of the backwards-jumping goto.
+
+[1] Unless there is something allocated in the area pointed to by the
+ last refblock, so we have to write that refblock. In that case, we
+ try to put the reftable in there.
+
+Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1519071
+Closes: https://gitlab.com/qemu-project/qemu/-/issues/941
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+Message-Id: <20220405134652.19278-2-hreitz@redhat.com>
+(cherry picked from commit a8c07ec287554dcefd33733f0e5888a281ddc95e)
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+---
+ block/qcow2-refcount.c | 332 +++++++++++++++++++++++++++++------------
+ 1 file changed, 235 insertions(+), 97 deletions(-)
+
+diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
+index b91499410c..c5669eaa51 100644
+--- a/block/qcow2-refcount.c
++++ b/block/qcow2-refcount.c
+@@ -2438,111 +2438,140 @@ static int64_t alloc_clusters_imrt(BlockDriverState *bs,
+ }
+
+ /*
+- * Creates a new refcount structure based solely on the in-memory information
+- * given through *refcount_table. All necessary allocations will be reflected
+- * in that array.
++ * Helper function for rebuild_refcount_structure().
+ *
+- * On success, the old refcount structure is leaked (it will be covered by the
+- * new refcount structure).
++ * Scan the range of clusters [first_cluster, end_cluster) for allocated
++ * clusters and write all corresponding refblocks to disk. The refblock
++ * and allocation data is taken from the in-memory refcount table
++ * *refcount_table[] (of size *nb_clusters), which is basically one big
++ * (unlimited size) refblock for the whole image.
++ *
++ * For these refblocks, clusters are allocated using said in-memory
++ * refcount table. Care is taken that these allocations are reflected
++ * in the refblocks written to disk.
++ *
++ * The refblocks' offsets are written into a reftable, which is
++ * *on_disk_reftable_ptr[] (of size *on_disk_reftable_entries_ptr). If
++ * that reftable is of insufficient size, it will be resized to fit.
++ * This reftable is not written to disk.
++ *
++ * (If *on_disk_reftable_ptr is not NULL, the entries within are assumed
++ * to point to existing valid refblocks that do not need to be allocated
++ * again.)
++ *
++ * Return whether the on-disk reftable array was resized (true/false),
++ * or -errno on error.
+ */
+-static int rebuild_refcount_structure(BlockDriverState *bs,
+- BdrvCheckResult *res,
+- void **refcount_table,
+- int64_t *nb_clusters)
++static int rebuild_refcounts_write_refblocks(
++ BlockDriverState *bs, void **refcount_table, int64_t *nb_clusters,
++ int64_t first_cluster, int64_t end_cluster,
++ uint64_t **on_disk_reftable_ptr, uint32_t *on_disk_reftable_entries_ptr
++ )
+ {
+ BDRVQcow2State *s = bs->opaque;
+- int64_t first_free_cluster = 0, reftable_offset = -1, cluster = 0;
++ int64_t cluster;
+ int64_t refblock_offset, refblock_start, refblock_index;
+- uint32_t reftable_size = 0;
+- uint64_t *on_disk_reftable = NULL;
++ int64_t first_free_cluster = 0;
++ uint64_t *on_disk_reftable = *on_disk_reftable_ptr;
++ uint32_t on_disk_reftable_entries = *on_disk_reftable_entries_ptr;
+ void *on_disk_refblock;
+- int ret = 0;
+- struct {
+- uint64_t reftable_offset;
+- uint32_t reftable_clusters;
+- } QEMU_PACKED reftable_offset_and_clusters;
+-
+- qcow2_cache_empty(bs, s->refcount_block_cache);
++ bool reftable_grown = false;
++ int ret;
+
+-write_refblocks:
+- for (; cluster < *nb_clusters; cluster++) {
++ for (cluster = first_cluster; cluster < end_cluster; cluster++) {
++ /* Check all clusters to find refblocks that contain non-zero entries */
+ if (!s->get_refcount(*refcount_table, cluster)) {
+ continue;
+ }
+
++ /*
++ * This cluster is allocated, so we need to create a refblock
++ * for it. The data we will write to disk is just the
++ * respective slice from *refcount_table, so it will contain
++ * accurate refcounts for all clusters belonging to this
++ * refblock. After we have written it, we will therefore skip
++ * all remaining clusters in this refblock.
++ */
++
+ refblock_index = cluster >> s->refcount_block_bits;
+ refblock_start = refblock_index << s->refcount_block_bits;
+
+- /* Don't allocate a cluster in a refblock already written to disk */
+- if (first_free_cluster < refblock_start) {
+- first_free_cluster = refblock_start;
+- }
+- refblock_offset = alloc_clusters_imrt(bs, 1, refcount_table,
+- nb_clusters, &first_free_cluster);
+- if (refblock_offset < 0) {
+- fprintf(stderr, "ERROR allocating refblock: %s\n",
+- strerror(-refblock_offset));
+- res->check_errors++;
+- ret = refblock_offset;
+- goto fail;
+- }
++ if (on_disk_reftable_entries > refblock_index &&
++ on_disk_reftable[refblock_index])
++ {
++ /*
++ * We can get here after a `goto write_refblocks`: We have a
++ * reftable from a previous run, and the refblock is already
++ * allocated. No need to allocate it again.
++ */
++ refblock_offset = on_disk_reftable[refblock_index];
++ } else {
++ int64_t refblock_cluster_index;
+
+- if (reftable_size <= refblock_index) {
+- uint32_t old_reftable_size = reftable_size;
+- uint64_t *new_on_disk_reftable;
++ /* Don't allocate a cluster in a refblock already written to disk */
++ if (first_free_cluster < refblock_start) {
++ first_free_cluster = refblock_start;
++ }
++ refblock_offset = alloc_clusters_imrt(bs, 1, refcount_table,
++ nb_clusters,
++ &first_free_cluster);
++ if (refblock_offset < 0) {
++ fprintf(stderr, "ERROR allocating refblock: %s\n",
++ strerror(-refblock_offset));
++ return refblock_offset;
++ }
+
+- reftable_size = ROUND_UP((refblock_index + 1) * REFTABLE_ENTRY_SIZE,
+- s->cluster_size) / REFTABLE_ENTRY_SIZE;
+- new_on_disk_reftable = g_try_realloc(on_disk_reftable,
+- reftable_size *
+- REFTABLE_ENTRY_SIZE);
+- if (!new_on_disk_reftable) {
+- res->check_errors++;
+- ret = -ENOMEM;
+- goto fail;
++ refblock_cluster_index = refblock_offset / s->cluster_size;
++ if (refblock_cluster_index >= end_cluster) {
++ /*
++ * We must write the refblock that holds this refblock's
++ * refcount
++ */
++ end_cluster = refblock_cluster_index + 1;
+ }
+- on_disk_reftable = new_on_disk_reftable;
+
+- memset(on_disk_reftable + old_reftable_size, 0,
+- (reftable_size - old_reftable_size) * REFTABLE_ENTRY_SIZE);
++ if (on_disk_reftable_entries <= refblock_index) {
++ on_disk_reftable_entries =
++ ROUND_UP((refblock_index + 1) * REFTABLE_ENTRY_SIZE,
++ s->cluster_size) / REFTABLE_ENTRY_SIZE;
++ on_disk_reftable =
++ g_try_realloc(on_disk_reftable,
++ on_disk_reftable_entries *
++ REFTABLE_ENTRY_SIZE);
++ if (!on_disk_reftable) {
++ return -ENOMEM;
++ }
+
+- /* The offset we have for the reftable is now no longer valid;
+- * this will leak that range, but we can easily fix that by running
+- * a leak-fixing check after this rebuild operation */
+- reftable_offset = -1;
+- } else {
+- assert(on_disk_reftable);
+- }
+- on_disk_reftable[refblock_index] = refblock_offset;
++ memset(on_disk_reftable + *on_disk_reftable_entries_ptr, 0,
++ (on_disk_reftable_entries -
++ *on_disk_reftable_entries_ptr) *
++ REFTABLE_ENTRY_SIZE);
+
+- /* If this is apparently the last refblock (for now), try to squeeze the
+- * reftable in */
+- if (refblock_index == (*nb_clusters - 1) >> s->refcount_block_bits &&
+- reftable_offset < 0)
+- {
+- uint64_t reftable_clusters = size_to_clusters(s, reftable_size *
+- REFTABLE_ENTRY_SIZE);
+- reftable_offset = alloc_clusters_imrt(bs, reftable_clusters,
+- refcount_table, nb_clusters,
+- &first_free_cluster);
+- if (reftable_offset < 0) {
+- fprintf(stderr, "ERROR allocating reftable: %s\n",
+- strerror(-reftable_offset));
+- res->check_errors++;
+- ret = reftable_offset;
+- goto fail;
++ *on_disk_reftable_ptr = on_disk_reftable;
++ *on_disk_reftable_entries_ptr = on_disk_reftable_entries;
++
++ reftable_grown = true;
++ } else {
++ assert(on_disk_reftable);
+ }
++ on_disk_reftable[refblock_index] = refblock_offset;
+ }
+
++ /* Refblock is allocated, write it to disk */
++
+ ret = qcow2_pre_write_overlap_check(bs, 0, refblock_offset,
+ s->cluster_size, false);
+ if (ret < 0) {
+ fprintf(stderr, "ERROR writing refblock: %s\n", strerror(-ret));
+- goto fail;
++ return ret;
+ }
+
+- /* The size of *refcount_table is always cluster-aligned, therefore the
+- * write operation will not overflow */
++ /*
++ * The refblock is simply a slice of *refcount_table.
++ * Note that the size of *refcount_table is always aligned to
++ * whole clusters, so the write operation will not result in
++ * out-of-bounds accesses.
++ */
+ on_disk_refblock = (void *)((char *) *refcount_table +
+ refblock_index * s->cluster_size);
+
+@@ -2550,23 +2579,99 @@ write_refblocks:
+ s->cluster_size);
+ if (ret < 0) {
+ fprintf(stderr, "ERROR writing refblock: %s\n", strerror(-ret));
+- goto fail;
++ return ret;
+ }
+
+- /* Go to the end of this refblock */
++ /* This refblock is done, skip to its end */
+ cluster = refblock_start + s->refcount_block_size - 1;
+ }
+
+- if (reftable_offset < 0) {
+- uint64_t post_refblock_start, reftable_clusters;
++ return reftable_grown;
++}
++
++/*
++ * Creates a new refcount structure based solely on the in-memory information
++ * given through *refcount_table (this in-memory information is basically just
++ * the concatenation of all refblocks). All necessary allocations will be
++ * reflected in that array.
++ *
++ * On success, the old refcount structure is leaked (it will be covered by the
++ * new refcount structure).
++ */
++static int rebuild_refcount_structure(BlockDriverState *bs,
++ BdrvCheckResult *res,
++ void **refcount_table,
++ int64_t *nb_clusters)
++{
++ BDRVQcow2State *s = bs->opaque;
++ int64_t reftable_offset = -1;
++ int64_t reftable_length = 0;
++ int64_t reftable_clusters;
++ int64_t refblock_index;
++ uint32_t on_disk_reftable_entries = 0;
++ uint64_t *on_disk_reftable = NULL;
++ int ret = 0;
++ int reftable_size_changed = 0;
++ struct {
++ uint64_t reftable_offset;
++ uint32_t reftable_clusters;
++ } QEMU_PACKED reftable_offset_and_clusters;
++
++ qcow2_cache_empty(bs, s->refcount_block_cache);
++
++ /*
++ * For each refblock containing entries, we try to allocate a
++ * cluster (in the in-memory refcount table) and write its offset
++ * into on_disk_reftable[]. We then write the whole refblock to
++ * disk (as a slice of the in-memory refcount table).
++ * This is done by rebuild_refcounts_write_refblocks().
++ *
++ * Once we have scanned all clusters, we try to find space for the
++ * reftable. This will dirty the in-memory refcount table (i.e.
++ * make it differ from the refblocks we have already written), so we
++ * need to run rebuild_refcounts_write_refblocks() again for the
++ * range of clusters where the reftable has been allocated.
++ *
++ * This second run might make the reftable grow again, in which case
++ * we will need to allocate another space for it, which is why we
++ * repeat all this until the reftable stops growing.
++ *
++ * (This loop will terminate, because with every cluster the
++ * reftable grows, it can accomodate a multitude of more refcounts,
++ * so that at some point this must be able to cover the reftable
++ * and all refblocks describing it.)
++ *
++ * We then convert the reftable to big-endian and write it to disk.
++ *
++ * Note that we never free any reftable allocations. Doing so would
++ * needlessly complicate the algorithm: The eventual second check
++ * run we do will clean up all leaks we have caused.
++ */
++
++ reftable_size_changed =
++ rebuild_refcounts_write_refblocks(bs, refcount_table, nb_clusters,
++ 0, *nb_clusters,
++ &on_disk_reftable,
++ &on_disk_reftable_entries);
++ if (reftable_size_changed < 0) {
++ res->check_errors++;
++ ret = reftable_size_changed;
++ goto fail;
++ }
++
++ /*
++ * There was no reftable before, so rebuild_refcounts_write_refblocks()
++ * must have increased its size (from 0 to something).
++ */
++ assert(reftable_size_changed);
++
++ do {
++ int64_t reftable_start_cluster, reftable_end_cluster;
++ int64_t first_free_cluster = 0;
++
++ reftable_length = on_disk_reftable_entries * REFTABLE_ENTRY_SIZE;
++ reftable_clusters = size_to_clusters(s, reftable_length);
+
+- post_refblock_start = ROUND_UP(*nb_clusters, s->refcount_block_size);
+- reftable_clusters =
+- size_to_clusters(s, reftable_size * REFTABLE_ENTRY_SIZE);
+- /* Not pretty but simple */
+- if (first_free_cluster < post_refblock_start) {
+- first_free_cluster = post_refblock_start;
+- }
+ reftable_offset = alloc_clusters_imrt(bs, reftable_clusters,
+ refcount_table, nb_clusters,
+ &first_free_cluster);
+@@ -2578,24 +2683,55 @@ write_refblocks:
+ goto fail;
+ }
+
+- goto write_refblocks;
+- }
++ /*
++ * We need to update the affected refblocks, so re-run the
++ * write_refblocks loop for the reftable's range of clusters.
++ */
++ assert(offset_into_cluster(s, reftable_offset) == 0);
++ reftable_start_cluster = reftable_offset / s->cluster_size;
++ reftable_end_cluster = reftable_start_cluster + reftable_clusters;
++ reftable_size_changed =
++ rebuild_refcounts_write_refblocks(bs, refcount_table, nb_clusters,
++ reftable_start_cluster,
++ reftable_end_cluster,
++ &on_disk_reftable,
++ &on_disk_reftable_entries);
++ if (reftable_size_changed < 0) {
++ res->check_errors++;
++ ret = reftable_size_changed;
++ goto fail;
++ }
++
++ /*
++ * If the reftable size has changed, we will need to find a new
++ * allocation, repeating the loop.
++ */
++ } while (reftable_size_changed);
+
+- for (refblock_index = 0; refblock_index < reftable_size; refblock_index++) {
++ /* The above loop must have run at least once */
++ assert(reftable_offset >= 0);
++
++ /*
++ * All allocations are done, all refblocks are written, convert the
++ * reftable to big-endian and write it to disk.
++ */
++
++ for (refblock_index = 0; refblock_index < on_disk_reftable_entries;
++ refblock_index++)
++ {
+ cpu_to_be64s(&on_disk_reftable[refblock_index]);
+ }
+
+- ret = qcow2_pre_write_overlap_check(bs, 0, reftable_offset,
+- reftable_size * REFTABLE_ENTRY_SIZE,
++ ret = qcow2_pre_write_overlap_check(bs, 0, reftable_offset, reftable_length,
+ false);
+ if (ret < 0) {
+ fprintf(stderr, "ERROR writing reftable: %s\n", strerror(-ret));
+ goto fail;
+ }
+
+- assert(reftable_size < INT_MAX / REFTABLE_ENTRY_SIZE);
++ assert(reftable_length < INT_MAX);
+ ret = bdrv_pwrite(bs->file, reftable_offset, on_disk_reftable,
+- reftable_size * REFTABLE_ENTRY_SIZE);
++ reftable_length);
+ if (ret < 0) {
+ fprintf(stderr, "ERROR writing reftable: %s\n", strerror(-ret));
+ goto fail;
+@@ -2604,7 +2740,7 @@ write_refblocks:
+ /* Enter new reftable into the image header */
+ reftable_offset_and_clusters.reftable_offset = cpu_to_be64(reftable_offset);
+ reftable_offset_and_clusters.reftable_clusters =
+- cpu_to_be32(size_to_clusters(s, reftable_size * REFTABLE_ENTRY_SIZE));
++ cpu_to_be32(reftable_clusters);
+ ret = bdrv_pwrite_sync(bs->file,
+ offsetof(QCowHeader, refcount_table_offset),
+ &reftable_offset_and_clusters,
+@@ -2614,12 +2750,14 @@ write_refblocks:
+ goto fail;
+ }
+
+- for (refblock_index = 0; refblock_index < reftable_size; refblock_index++) {
++ for (refblock_index = 0; refblock_index < on_disk_reftable_entries;
++ refblock_index++)
++ {
+ be64_to_cpus(&on_disk_reftable[refblock_index]);
+ }
+ s->refcount_table = on_disk_reftable;
+ s->refcount_table_offset = reftable_offset;
+- s->refcount_table_size = reftable_size;
++ s->refcount_table_size = on_disk_reftable_entries;
+ update_max_refcount_table_index(s);
+
+ return 0;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch b/SOURCES/kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch
deleted file mode 100644
index 2d67070..0000000
--- a/SOURCES/kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From a221f5a8ed02690687e6709c49ae0e1e01c5f466 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Date: Fri, 17 Dec 2021 17:46:54 +0100
-Subject: [PATCH 09/12] qemu-img: make is_allocated_sectors() more efficient
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 70: qemu-img convert: Fix sparseness of output image
-RH-Commit: [2/2] cc05aa4ac506b57ff9b430c007618cdf1485a03f (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 1882917
-RH-Acked-by: Eric Blake <eblake@redhat.com>
-RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-Consider the case when the whole buffer is zero and end is unaligned.
-
-If i <= tail, we return 1 and do one unaligned WRITE, RMW happens.
-
-If i > tail, we do on aligned WRITE_ZERO (or skip if target is zeroed)
-and again one unaligned WRITE, RMW happens.
-
-Let's do better: don't fragment the whole-zero buffer and report it as
-ZERO: in case of zeroed target we just do nothing and avoid RMW. If
-target is not zeroes, one unaligned WRITE_ZERO should not be much worse
-than one unaligned WRITE.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Message-Id: <20211217164654.1184218-3-vsementsov@virtuozzo.com>
-Tested-by: Peter Lieven <pl@kamp.de>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 96054c76ff2db74165385a69f234c57a6bbc941e)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- qemu-img.c | 23 +++++++++++++++++++----
- tests/qemu-iotests/122.out | 8 ++------
- 2 files changed, 21 insertions(+), 10 deletions(-)
-
-diff --git a/qemu-img.c b/qemu-img.c
-index f036a1d428..d7ddfcc528 100644
---- a/qemu-img.c
-+++ b/qemu-img.c
-@@ -1171,19 +1171,34 @@ static int is_allocated_sectors(const uint8_t *buf, int n, int *pnum,
- }
- }
-
-+ if (i == n) {
-+ /*
-+ * The whole buf is the same.
-+ * No reason to split it into chunks, so return now.
-+ */
-+ *pnum = i;
-+ return !is_zero;
-+ }
-+
- tail = (sector_num + i) & (alignment - 1);
- if (tail) {
- if (is_zero && i <= tail) {
-- /* treat unallocated areas which only consist
-- * of a small tail as allocated. */
-+ /*
-+ * For sure next sector after i is data, and it will rewrite this
-+ * tail anyway due to RMW. So, let's just write data now.
-+ */
- is_zero = false;
- }
- if (!is_zero) {
-- /* align up end offset of allocated areas. */
-+ /* If possible, align up end offset of allocated areas. */
- i += alignment - tail;
- i = MIN(i, n);
- } else {
-- /* align down end offset of zero areas. */
-+ /*
-+ * For sure next sector after i is data, and it will rewrite this
-+ * tail anyway due to RMW. Better is avoid RMW and write zeroes up
-+ * to aligned bound.
-+ */
- i -= tail;
- }
- }
-diff --git a/tests/qemu-iotests/122.out b/tests/qemu-iotests/122.out
-index 69b8e8b803..e18766e167 100644
---- a/tests/qemu-iotests/122.out
-+++ b/tests/qemu-iotests/122.out
-@@ -201,9 +201,7 @@ convert -S 4k
- { "start": 8192, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
- { "start": 12288, "length": 4096, "depth": 0, "present": false, "zero": true, "data": false},
- { "start": 16384, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
--{ "start": 20480, "length": 46080, "depth": 0, "present": false, "zero": true, "data": false},
--{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
--{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
-+{ "start": 20480, "length": 67088384, "depth": 0, "present": false, "zero": true, "data": false}]
-
- convert -c -S 4k
- [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
-@@ -215,9 +213,7 @@ convert -c -S 4k
-
- convert -S 8k
- [{ "start": 0, "length": 24576, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
--{ "start": 24576, "length": 41984, "depth": 0, "present": false, "zero": true, "data": false},
--{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
--{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
-+{ "start": 24576, "length": 67084288, "depth": 0, "present": false, "zero": true, "data": false}]
-
- convert -c -S 8k
- [{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
---
-2.27.0
-
diff --git a/SOURCES/kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch b/SOURCES/kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch
new file mode 100644
index 0000000..9acff58
--- /dev/null
+++ b/SOURCES/kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch
@@ -0,0 +1,92 @@
+From e6aae1d0368a152924c38775e517f4e83c1d898b Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 11 May 2022 19:49:23 -0500
+Subject: [PATCH 1/2] qemu-nbd: Pass max connections to blockdev layer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eric Blake <eblake@redhat.com>
+RH-MergeRequest: 90: Advertise MULTI_CONN on writeable NBD servers
+RH-Commit: [1/2] b0e33fd125bf3523b8b9a4dead3c8bb2342bfd4e (ebblake/centos-qemu-kvm)
+RH-Bugzilla: 1708300
+RH-Acked-by: Nir Soffer <None>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
+
+The next patch wants to adjust whether the NBD server code advertises
+MULTI_CONN based on whether it is known if the server limits to
+exactly one client. For a server started by QMP, this information is
+obtained through nbd_server_start (which can support more than one
+export); but for qemu-nbd (which supports exactly one export), it is
+controlled only by the command-line option -e/--shared. Since we
+already have a hook function used by qemu-nbd, it's easiest to just
+alter its signature to fit our needs.
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20220512004924.417153-2-eblake@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit a5fced40212ed73c715ca298a2929dd4d99c9999)
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ blockdev-nbd.c | 8 ++++----
+ include/block/nbd.h | 2 +-
+ qemu-nbd.c | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c
+index 9840d25a82..add41a23af 100644
+--- a/blockdev-nbd.c
++++ b/blockdev-nbd.c
+@@ -30,18 +30,18 @@ typedef struct NBDServerData {
+ } NBDServerData;
+
+ static NBDServerData *nbd_server;
+-static bool is_qemu_nbd;
++static int qemu_nbd_connections = -1; /* Non-negative if this is qemu-nbd */
+
+ static void nbd_update_server_watch(NBDServerData *s);
+
+-void nbd_server_is_qemu_nbd(bool value)
++void nbd_server_is_qemu_nbd(int max_connections)
+ {
+- is_qemu_nbd = value;
++ qemu_nbd_connections = max_connections;
+ }
+
+ bool nbd_server_is_running(void)
+ {
+- return nbd_server || is_qemu_nbd;
++ return nbd_server || qemu_nbd_connections >= 0;
+ }
+
+ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
+diff --git a/include/block/nbd.h b/include/block/nbd.h
+index a98eb665da..c5a29ce1c6 100644
+--- a/include/block/nbd.h
++++ b/include/block/nbd.h
+@@ -344,7 +344,7 @@ void nbd_client_new(QIOChannelSocket *sioc,
+ void nbd_client_get(NBDClient *client);
+ void nbd_client_put(NBDClient *client);
+
+-void nbd_server_is_qemu_nbd(bool value);
++void nbd_server_is_qemu_nbd(int max_connections);
+ bool nbd_server_is_running(void);
+ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
+ const char *tls_authz, uint32_t max_connections,
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 713e7557a9..8c25ae93df 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -1087,7 +1087,7 @@ int main(int argc, char **argv)
+
+ bs->detect_zeroes = detect_zeroes;
+
+- nbd_server_is_qemu_nbd(true);
++ nbd_server_is_qemu_nbd(shared);
+
+ export_opts = g_new(BlockExportOptions, 1);
+ *export_opts = (BlockExportOptions) {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch b/SOURCES/kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch
deleted file mode 100644
index bc36f5c..0000000
--- a/SOURCES/kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 0f4592f79f8c24f84db18a8c39c6056b2a0be524 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
-Date: Fri, 7 Jan 2022 11:54:19 +0100
-Subject: [PATCH 1/5] qemu-storage-daemon: Add vhost-user-blk help
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 63: qemu-storage-daemon: Add vhost-user-blk help
-RH-Commit: [1/2] 6b08fec5d6ceea9f8f3810321099310069e08b53 (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 1962088
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-Add missing vhost-user-blk help:
-
- $ qemu-storage-daemon -h
- ...
- --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,
- addr.type=unix,addr.path=<socket-path>[,writable=on|off]
- [,logical-block-size=<block-size>][,num-queues=<num-queues>]
- export the specified block node as a
- vhosts-user-blk device over UNIX domain socket
- --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,
- fd,addr.str=<fd>[,writable=on|off]
- [,logical-block-size=<block-size>][,num-queues=<num-queues>]
- export the specified block node as a
- vhosts-user-blk device over file descriptor
- ...
-
-Fixes: 90fc91d50b7 ("convert vhost-user-blk server to block export API")
-Reported-by: Qing Wang <qinwang@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Message-Id: <20220107105420.395011-3-f4bug@amsat.org>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit c8cbc9524269d9583749aaaea8aa244add7e1900)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- storage-daemon/qemu-storage-daemon.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/storage-daemon/qemu-storage-daemon.c b/storage-daemon/qemu-storage-daemon.c
-index 52cf17e8ac..9d76d1114d 100644
---- a/storage-daemon/qemu-storage-daemon.c
-+++ b/storage-daemon/qemu-storage-daemon.c
-@@ -104,6 +104,19 @@ static void help(void)
- " export the specified block node over FUSE\n"
- "\n"
- #endif /* CONFIG_FUSE */
-+#ifdef CONFIG_VHOST_USER_BLK_SERVER
-+" --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,\n"
-+" addr.type=unix,addr.path=<socket-path>[,writable=on|off]\n"
-+" [,logical-block-size=<block-size>][,num-queues=<num-queues>]\n"
-+" export the specified block node as a\n"
-+" vhost-user-blk device over UNIX domain socket\n"
-+" --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,\n"
-+" fd,addr.str=<fd>[,writable=on|off]\n"
-+" [,logical-block-size=<block-size>][,num-queues=<num-queues>]\n"
-+" export the specified block node as a\n"
-+" vhost-user-blk device over file descriptor\n"
-+"\n"
-+#endif /* CONFIG_VHOST_USER_BLK_SERVER */
- " --monitor [chardev=]name[,mode=control][,pretty[=on|off]]\n"
- " configure a QMP monitor\n"
- "\n"
---
-2.27.0
-
diff --git a/SOURCES/kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch b/SOURCES/kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch
deleted file mode 100644
index 798a27e..0000000
--- a/SOURCES/kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 20edf203c8cb314e27409918399aa7cbdc6fdb02 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Tue, 25 Jan 2022 16:15:14 +0100
-Subject: [PATCH 2/5] qemu-storage-daemon: Fix typo in vhost-user-blk help
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 63: qemu-storage-daemon: Add vhost-user-blk help
-RH-Commit: [2/2] b7afb670c398799b6e49b926e296771453a55fba (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 1962088
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-
-The syntax of the fd passing case misses the "addr.type=" key. Add it.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Message-Id: <20220125151514.49035-1-kwolf@redhat.com>
-Reviewed-by: Hanna Reitz <hreitz@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit e66e665f15736f5ee1fbd8087926cb0f1e52f61a)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- storage-daemon/qemu-storage-daemon.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/storage-daemon/qemu-storage-daemon.c b/storage-daemon/qemu-storage-daemon.c
-index 9d76d1114d..ec9aa79b55 100644
---- a/storage-daemon/qemu-storage-daemon.c
-+++ b/storage-daemon/qemu-storage-daemon.c
-@@ -111,7 +111,7 @@ static void help(void)
- " export the specified block node as a\n"
- " vhost-user-blk device over UNIX domain socket\n"
- " --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,\n"
--" fd,addr.str=<fd>[,writable=on|off]\n"
-+" addr.type=fd,addr.str=<fd>[,writable=on|off]\n"
- " [,logical-block-size=<block-size>][,num-queues=<num-queues>]\n"
- " export the specified block node as a\n"
- " vhost-user-blk device over file descriptor\n"
---
-2.27.0
-
diff --git a/SOURCES/kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch b/SOURCES/kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch
new file mode 100644
index 0000000..9c2ac99
--- /dev/null
+++ b/SOURCES/kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch
@@ -0,0 +1,100 @@
+From a039ed652e6d2f5edcef9d5d1d3baec17ce7f929 Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Wed, 11 May 2022 18:01:35 +0800
+Subject: [PATCH 04/16] qtest/numa-test: Correct CPU and NUMA association in
+ aarch64_numa_cpu()
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 86: hw/arm/virt: Fix the default CPU topology
+RH-Commit: [4/6] 64e9908a179eb4fb586d662f70f275a81808e50c (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2041823
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041823
+
+In aarch64_numa_cpu(), the CPU and NUMA association is something
+like below. Two threads in the same core/cluster/socket are
+associated with two individual NUMA nodes, which is unreal as
+Igor Mammedov mentioned. We don't expect the association to break
+NUMA-to-socket boundary, which matches with the real world.
+
+NUMA-node socket cluster core thread
+------------------------------------------
+0 0 0 0 0
+1 0 0 0 1
+
+This corrects the topology for CPUs and their association with
+NUMA nodes. After this patch is applied, the CPU and NUMA
+association becomes something like below, which looks real.
+Besides, socket/cluster/core/thread IDs are all checked when
+the NUMA node IDs are verified. It helps to check if the CPU
+topology is properly populated or not.
+
+NUMA-node socket cluster core thread
+------------------------------------------
+0 1 0 0 0
+1 0 0 0 0
+
+Suggested-by: Igor Mammedov <imammedo@redhat.com>
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Acked-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: 20220503140304.855514-5-gshan@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit e280ecb39bc1629f74ea5479d464fd1608dc8f76)
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ tests/qtest/numa-test.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/tests/qtest/numa-test.c b/tests/qtest/numa-test.c
+index aeda8c774c..32e35daaae 100644
+--- a/tests/qtest/numa-test.c
++++ b/tests/qtest/numa-test.c
+@@ -224,17 +224,17 @@ static void aarch64_numa_cpu(const void *data)
+ g_autofree char *cli = NULL;
+
+ cli = make_cli(data, "-machine "
+- "smp.cpus=2,smp.sockets=1,smp.clusters=1,smp.cores=1,smp.threads=2 "
++ "smp.cpus=2,smp.sockets=2,smp.clusters=1,smp.cores=1,smp.threads=1 "
+ "-numa node,nodeid=0,memdev=ram -numa node,nodeid=1 "
+- "-numa cpu,node-id=1,thread-id=0 "
+- "-numa cpu,node-id=0,thread-id=1");
++ "-numa cpu,node-id=0,socket-id=1,cluster-id=0,core-id=0,thread-id=0 "
++ "-numa cpu,node-id=1,socket-id=0,cluster-id=0,core-id=0,thread-id=0");
+ qts = qtest_init(cli);
+ cpus = get_cpus(qts, &resp);
+ g_assert(cpus);
+
+ while ((e = qlist_pop(cpus))) {
+ QDict *cpu, *props;
+- int64_t thread, node;
++ int64_t socket, cluster, core, thread, node;
+
+ cpu = qobject_to(QDict, e);
+ g_assert(qdict_haskey(cpu, "props"));
+@@ -242,12 +242,18 @@ static void aarch64_numa_cpu(const void *data)
+
+ g_assert(qdict_haskey(props, "node-id"));
+ node = qdict_get_int(props, "node-id");
++ g_assert(qdict_haskey(props, "socket-id"));
++ socket = qdict_get_int(props, "socket-id");
++ g_assert(qdict_haskey(props, "cluster-id"));
++ cluster = qdict_get_int(props, "cluster-id");
++ g_assert(qdict_haskey(props, "core-id"));
++ core = qdict_get_int(props, "core-id");
+ g_assert(qdict_haskey(props, "thread-id"));
+ thread = qdict_get_int(props, "thread-id");
+
+- if (thread == 0) {
++ if (socket == 0 && cluster == 0 && core == 0 && thread == 0) {
+ g_assert_cmpint(node, ==, 1);
+- } else if (thread == 1) {
++ } else if (socket == 1 && cluster == 0 && core == 0 && thread == 0) {
+ g_assert_cmpint(node, ==, 0);
+ } else {
+ g_assert(false);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch b/SOURCES/kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch
new file mode 100644
index 0000000..a87abc0
--- /dev/null
+++ b/SOURCES/kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch
@@ -0,0 +1,68 @@
+From 66f3928b40991d8467a3da086688f73d061886c8 Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Wed, 11 May 2022 18:01:35 +0800
+Subject: [PATCH 02/16] qtest/numa-test: Specify CPU topology in
+ aarch64_numa_cpu()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Gavin Shan <gshan@redhat.com>
+RH-MergeRequest: 86: hw/arm/virt: Fix the default CPU topology
+RH-Commit: [2/6] b851e7ad59e057825392ddf75e9040cc102a0385 (gwshan/qemu-rhel-9)
+RH-Bugzilla: 2041823
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2041823
+
+The CPU topology isn't enabled on arm/virt machine yet, but we're
+going to do it in next patch. After the CPU topology is enabled by
+next patch, "thread-id=1" becomes invalid because the CPU core is
+preferred on arm/virt machine. It means these two CPUs have 0/1
+as their core IDs, but their thread IDs are all 0. It will trigger
+test failure as the following message indicates:
+
+[14/21 qemu:qtest+qtest-aarch64 / qtest-aarch64/numa-test ERROR
+1.48s killed by signal 6 SIGABRT
+>>> G_TEST_DBUS_DAEMON=/home/gavin/sandbox/qemu.main/tests/dbus-vmstate-daemon.sh \
+QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon \
+QTEST_QEMU_BINARY=./qemu-system-aarch64 \
+QTEST_QEMU_IMG=./qemu-img MALLOC_PERTURB_=83 \
+/home/gavin/sandbox/qemu.main/build/tests/qtest/numa-test --tap -k
+――――――――――――――――――――――――――――――――――――――――――――――
+stderr:
+qemu-system-aarch64: -numa cpu,node-id=0,thread-id=1: no match found
+
+This fixes the issue by providing comprehensive SMP configurations
+in aarch64_numa_cpu(). The SMP configurations aren't used before
+the CPU topology is enabled in next patch.
+
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
+Message-id: 20220503140304.855514-3-gshan@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit ac7199a2523ce2ccf8e685087a5d177eeca89b09)
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+---
+ tests/qtest/numa-test.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tests/qtest/numa-test.c b/tests/qtest/numa-test.c
+index 90bf68a5b3..aeda8c774c 100644
+--- a/tests/qtest/numa-test.c
++++ b/tests/qtest/numa-test.c
+@@ -223,7 +223,8 @@ static void aarch64_numa_cpu(const void *data)
+ QTestState *qts;
+ g_autofree char *cli = NULL;
+
+- cli = make_cli(data, "-machine smp.cpus=2 "
++ cli = make_cli(data, "-machine "
++ "smp.cpus=2,smp.sockets=1,smp.clusters=1,smp.cores=1,smp.threads=2 "
+ "-numa node,nodeid=0,memdev=ram -numa node,nodeid=1 "
+ "-numa cpu,node-id=1,thread-id=0 "
+ "-numa cpu,node-id=0,thread-id=1");
+--
+2.31.1
+
diff --git a/SOURCES/kvm-redhat-Add-rhel8.6.0-and-rhel9.0.0-machine-types-for.patch b/SOURCES/kvm-redhat-Add-rhel8.6.0-and-rhel9.0.0-machine-types-for.patch
deleted file mode 100644
index 407aa1e..0000000
--- a/SOURCES/kvm-redhat-Add-rhel8.6.0-and-rhel9.0.0-machine-types-for.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 0e85c10b73c36f386723c842a797d5e2155e758f Mon Sep 17 00:00:00 2001
-From: Thomas Huth <thuth@redhat.com>
-Date: Fri, 10 Dec 2021 10:07:40 +0100
-Subject: [PATCH 1/2] redhat: Add rhel8.6.0 and rhel9.0.0 machine types for
- s390x
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Thomas Huth <thuth@redhat.com>
-RH-MergeRequest: 55: redhat: Add rhel8.6.0 and rhel9.0.0 machine types for s390x
-RH-Commit: [1/1] ad8fd5c825ae52a8fbb3a28f700a514509c59978 (thuth/qemu-kvm-cs9)
-RH-Bugzilla: 2008060
-RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-RH-Acked-by: David Hildenbrand <david@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2008060
-
-The new machine types have better default values for the upcoming
-"generation 16" mainframe.
-
-Signed-off-by: Thomas Huth <thuth@redhat.com>
----
- hw/s390x/s390-virtio-ccw.c | 26 +++++++++++++++++++++++++-
- 1 file changed, 25 insertions(+), 1 deletion(-)
-
-diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
-index c654045964..9da6e9b1d4 100644
---- a/hw/s390x/s390-virtio-ccw.c
-+++ b/hw/s390x/s390-virtio-ccw.c
-@@ -1103,10 +1103,33 @@ static void ccw_machine_2_4_class_options(MachineClass *mc)
- DEFINE_CCW_MACHINE(2_4, "2.4", false);
- #endif
-
-+static void ccw_machine_rhel900_instance_options(MachineState *machine)
-+{
-+}
-+
-+static void ccw_machine_rhel900_class_options(MachineClass *mc)
-+{
-+}
-+DEFINE_CCW_MACHINE(rhel900, "rhel9.0.0", true);
-+
-+static void ccw_machine_rhel860_instance_options(MachineState *machine)
-+{
-+ /* Note: The -rhel8.6.0 and -rhel9.0.0 machines are technically identical */
-+ ccw_machine_rhel900_instance_options(machine);
-+}
-+
-+static void ccw_machine_rhel860_class_options(MachineClass *mc)
-+{
-+ ccw_machine_rhel900_class_options(mc);
-+}
-+DEFINE_CCW_MACHINE(rhel860, "rhel8.6.0", false);
-+
- static void ccw_machine_rhel850_instance_options(MachineState *machine)
- {
- static const S390FeatInit qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V6_0 };
-
-+ ccw_machine_rhel860_instance_options(machine);
-+
- s390_set_qemu_cpu_model(0x2964, 13, 2, qemu_cpu_feat);
-
- s390_cpudef_featoff_greater(16, 1, S390_FEAT_NNPA);
-@@ -1118,10 +1141,11 @@ static void ccw_machine_rhel850_instance_options(MachineState *machine)
-
- static void ccw_machine_rhel850_class_options(MachineClass *mc)
- {
-+ ccw_machine_rhel860_class_options(mc);
- compat_props_add(mc->compat_props, hw_compat_rhel_8_5, hw_compat_rhel_8_5_len);
- mc->smp_props.prefer_sockets = true;
- }
--DEFINE_CCW_MACHINE(rhel850, "rhel8.5.0", true);
-+DEFINE_CCW_MACHINE(rhel850, "rhel8.5.0", false);
-
- static void ccw_machine_rhel840_instance_options(MachineState *machine)
- {
---
-2.27.0
-
diff --git a/SOURCES/kvm-redhat-Enable-virtio-mem-as-tech-preview-on-x86-64.patch b/SOURCES/kvm-redhat-Enable-virtio-mem-as-tech-preview-on-x86-64.patch
deleted file mode 100644
index d3b2ba0..0000000
--- a/SOURCES/kvm-redhat-Enable-virtio-mem-as-tech-preview-on-x86-64.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 24b44713de4b2a47c42dfeea813c8911694367a0 Mon Sep 17 00:00:00 2001
-From: David Hildenbrand <david@redhat.com>
-Date: Fri, 17 Dec 2021 10:00:53 +0100
-Subject: [PATCH 2/2] redhat: Enable virtio-mem as tech-preview on x86-64
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: David Hildenbrand <david@redhat.com>
-RH-MergeRequest: 56: redhat: Enable virtio-mem as tech-preview on x86-64
-RH-Commit: [1/1] 255749cd877b91ce1978b67a088f7c0e181fd85e
-RH-Bugzilla: 2014484
-RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-RH-Acked-by: Thomas Huth <thuth@redhat.com>
-RH-Acked-by: Gavin Shan <gshan@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2014484
-Upstream-status: RHEL-only
-
-Everything necesssary for tech-preview of virtio-mem in RHEL9 is
-included in QEMU v6.2. Let's enable it via the config option
-CONFIG_VIRTIO_MEM on x86-64.
-
-Signed-off-by: David Hildenbrand <david@redhat.com>
----
- configs/devices/x86_64-softmmu/x86_64-rh-devices.mak | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-index 1f7a9ab024..dc03fbb671 100644
---- a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-+++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
-@@ -88,6 +88,7 @@ CONFIG_VGA_CIRRUS=y
- CONFIG_VGA_PCI=y
- CONFIG_VHOST_USER=y
- CONFIG_VHOST_USER_BLK=y
-+CONFIG_VIRTIO_MEM=y
- CONFIG_VIRTIO_PCI=y
- CONFIG_VIRTIO_VGA=y
- CONFIG_VMMOUSE=y
---
-2.27.0
-
diff --git a/SOURCES/kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch b/SOURCES/kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch
new file mode 100644
index 0000000..f027c45
--- /dev/null
+++ b/SOURCES/kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch
@@ -0,0 +1,106 @@
+From 236f216309261bc924e49014267998fdc2ef7f46 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Fri, 29 Jul 2022 16:55:34 +0200
+Subject: [PATCH 28/32] redhat: Update linux-headers/linux/kvm.h to v5.18-rc6
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 109: Honor storage keys during emulation of I/O instructions
+RH-Commit: [1/2] f306d7ff8efa64b14158388b95815ac556a25d8a (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2111994
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Claudio Imbrenda <None>
+
+Upstream Status: RHEL-only
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2111994
+
+Based on upstream commit e4082063e47e9731dbeb1c26174c17f6038f577f
+("linux-headers: Update to v5.18-rc6"), but this is focusing on
+the file linux-headers/linux/kvm.h only (since the other changes
+related to the VFIO renaming might break some stuff).
+
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ linux-headers/linux/kvm.h | 27 +++++++++++++++++++++------
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
+index d232feaae9..0d05d02ee4 100644
+--- a/linux-headers/linux/kvm.h
++++ b/linux-headers/linux/kvm.h
+@@ -445,7 +445,11 @@ struct kvm_run {
+ #define KVM_SYSTEM_EVENT_RESET 2
+ #define KVM_SYSTEM_EVENT_CRASH 3
+ __u32 type;
+- __u64 flags;
++ __u32 ndata;
++ union {
++ __u64 flags;
++ __u64 data[16];
++ };
+ } system_event;
+ /* KVM_EXIT_S390_STSI */
+ struct {
+@@ -562,9 +566,12 @@ struct kvm_s390_mem_op {
+ __u32 op; /* type of operation */
+ __u64 buf; /* buffer in userspace */
+ union {
+- __u8 ar; /* the access register number */
++ struct {
++ __u8 ar; /* the access register number */
++ __u8 key; /* access key, ignored if flag unset */
++ };
+ __u32 sida_offset; /* offset into the sida */
+- __u8 reserved[32]; /* should be set to 0 */
++ __u8 reserved[32]; /* ignored */
+ };
+ };
+ /* types for kvm_s390_mem_op->op */
+@@ -572,9 +579,12 @@ struct kvm_s390_mem_op {
+ #define KVM_S390_MEMOP_LOGICAL_WRITE 1
+ #define KVM_S390_MEMOP_SIDA_READ 2
+ #define KVM_S390_MEMOP_SIDA_WRITE 3
++#define KVM_S390_MEMOP_ABSOLUTE_READ 4
++#define KVM_S390_MEMOP_ABSOLUTE_WRITE 5
+ /* flags for kvm_s390_mem_op->flags */
+ #define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0)
+ #define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1)
++#define KVM_S390_MEMOP_F_SKEY_PROTECTION (1ULL << 2)
+
+ /* for KVM_INTERRUPT */
+ struct kvm_interrupt {
+@@ -1134,6 +1144,12 @@ struct kvm_ppc_resize_hpt {
+ #define KVM_CAP_VM_GPA_BITS 207
+ #define KVM_CAP_XSAVE2 208
+ #define KVM_CAP_SYS_ATTRIBUTES 209
++#define KVM_CAP_PPC_AIL_MODE_3 210
++#define KVM_CAP_S390_MEM_OP_EXTENSION 211
++#define KVM_CAP_PMU_CAPABILITY 212
++#define KVM_CAP_DISABLE_QUIRKS2 213
++/* #define KVM_CAP_VM_TSC_CONTROL 214 */
++#define KVM_CAP_SYSTEM_EVENT_DATA 215
+
+ #ifdef KVM_CAP_IRQ_ROUTING
+
+@@ -1624,9 +1640,6 @@ struct kvm_enc_region {
+ #define KVM_S390_NORMAL_RESET _IO(KVMIO, 0xc3)
+ #define KVM_S390_CLEAR_RESET _IO(KVMIO, 0xc4)
+
+-/* Available with KVM_CAP_XSAVE2 */
+-#define KVM_GET_XSAVE2 _IOR(KVMIO, 0xcf, struct kvm_xsave)
+-
+ struct kvm_s390_pv_sec_parm {
+ __u64 origin;
+ __u64 length;
+@@ -1973,6 +1986,8 @@ struct kvm_dirty_gfn {
+ #define KVM_BUS_LOCK_DETECTION_OFF (1 << 0)
+ #define KVM_BUS_LOCK_DETECTION_EXIT (1 << 1)
+
++#define KVM_PMU_CAP_DISABLE (1 << 0)
++
+ /**
+ * struct kvm_stats_header - Header of per vm/vcpu binary statistics data.
+ * @flags: Some extra information for header, always 0 for now.
+--
+2.31.1
+
diff --git a/SOURCES/kvm-rhel-machine-types-x86-set-prefer_sockets.patch b/SOURCES/kvm-rhel-machine-types-x86-set-prefer_sockets.patch
deleted file mode 100644
index 83c912d..0000000
--- a/SOURCES/kvm-rhel-machine-types-x86-set-prefer_sockets.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From ecadfaec992fda7f485522c9ee6e7c9b05614a22 Mon Sep 17 00:00:00 2001
-From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Date: Tue, 7 Dec 2021 18:39:47 +0000
-Subject: [PATCH 2/2] rhel machine types/x86: set prefer_sockets
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 59: rhel machine types/x86: set prefer_sockets
-RH-Commit: [1/1] 9bcd9e2c95154e39ef30a8a342ad6c713fa4f1fb (dagrh/c-9-s-qemu-kvm)
-RH-Bugzilla: 2028623
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: quintela1 <quintela@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-When I fixed up the machine types for 8.5 I missed the
- prefer_sockets = true
-
-add them in; it looks like Power, ARM already have them, and I see them
-in thuth's s390 patch.
-
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
----
- hw/i386/pc_piix.c | 1 +
- hw/i386/pc_q35.c | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index 183b5d5464..fccb7f5fc9 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -973,6 +973,7 @@ static void pc_machine_rhel7_options(MachineClass *m)
- compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
- m->alias = "pc";
- m->is_default = 1;
-+ m->smp_props.prefer_sockets = true;
- }
-
- static void pc_init_rhel760(MachineState *machine)
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 0e7e885e78..3b748ddd7b 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -662,6 +662,7 @@ static void pc_q35_machine_rhel850_options(MachineClass *m)
- hw_compat_rhel_8_5_len);
- compat_props_add(m->compat_props, pc_rhel_8_5_compat,
- pc_rhel_8_5_compat_len);
-+ m->smp_props.prefer_sockets = true;
- }
-
- DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
---
-2.27.0
-
diff --git a/SOURCES/kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch b/SOURCES/kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch
new file mode 100644
index 0000000..cee10e7
--- /dev/null
+++ b/SOURCES/kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch
@@ -0,0 +1,96 @@
+From e5360c1e76fee8b8dcbcba7efbb1e36f0b48ac40 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Mon, 22 Aug 2022 14:53:20 +0200
+Subject: [PATCH 01/23] scsi-generic: Fix emulated block limits VPD page
+
+RH-Author: Kevin Wolf <kwolf@redhat.com>
+RH-MergeRequest: 115: scsi-generic: Fix emulated block limits VPD page
+RH-Bugzilla: 2120275
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Commit: [1/1] 336ba583311a80beeadd1900336056404f63211a (kmwolf/centos-qemu-kvm)
+Commits 01ef8185b80 amd 24b36e9813e updated the way that the maximum
+transfer length is calculated for patching block limits VPD page in an
+INQUIRY response.
+
+The same updates also need to be made for the case where the host device
+does not support the block limits VPD page at all and we emulate the
+whole page.
+
+Without this fix, on host block devices a maximum transfer length of
+(INT_MAX - sector_size) bytes is advertised to the guest, resulting in
+I/O errors when a request that exceeds the host limits is made by the
+guest. (Prior to commit 24b36e9813e, this code path would use the
+max_transfer value from the host instead of INT_MAX, but still miss the
+fix from 01ef8185b80 where max_transfer is also capped to max_iov
+host pages, so it would be less wrong, but still wrong.)
+
+Cc: qemu-stable@nongnu.org
+Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2096251
+Fixes: 01ef8185b809af9d287e1a03a3f9d8ea8231118a
+Fixes: 24b36e9813ec15da7db62e3b3621730710c5f020
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220822125320.48257-1-kwolf@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit 51e15194b0a091e5c40aab2eb234a1d36c5c58ee)
+
+Resolved conflict: qemu_real_host_page_size() is a getter function in
+current upstream, but still just a public global variable downstream.
+
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ hw/scsi/scsi-generic.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
+index 0306ccc7b1..3742899839 100644
+--- a/hw/scsi/scsi-generic.c
++++ b/hw/scsi/scsi-generic.c
+@@ -147,6 +147,18 @@ static int execute_command(BlockBackend *blk,
+ return 0;
+ }
+
++static uint64_t calculate_max_transfer(SCSIDevice *s)
++{
++ uint64_t max_transfer = blk_get_max_hw_transfer(s->conf.blk);
++ uint32_t max_iov = blk_get_max_hw_iov(s->conf.blk);
++
++ assert(max_transfer);
++ max_transfer = MIN_NON_ZERO(max_transfer,
++ max_iov * qemu_real_host_page_size);
++
++ return max_transfer / s->blocksize;
++}
++
+ static int scsi_handle_inquiry_reply(SCSIGenericReq *r, SCSIDevice *s, int len)
+ {
+ uint8_t page, page_idx;
+@@ -179,12 +191,7 @@ static int scsi_handle_inquiry_reply(SCSIGenericReq *r, SCSIDevice *s, int len)
+ (r->req.cmd.buf[1] & 0x01)) {
+ page = r->req.cmd.buf[2];
+ if (page == 0xb0) {
+- uint64_t max_transfer = blk_get_max_hw_transfer(s->conf.blk);
+- uint32_t max_iov = blk_get_max_hw_iov(s->conf.blk);
+-
+- assert(max_transfer);
+- max_transfer = MIN_NON_ZERO(max_transfer, max_iov * qemu_real_host_page_size)
+- / s->blocksize;
++ uint64_t max_transfer = calculate_max_transfer(s);
+ stl_be_p(&r->buf[8], max_transfer);
+ /* Also take care of the opt xfer len. */
+ stl_be_p(&r->buf[12],
+@@ -230,7 +237,7 @@ static int scsi_generic_emulate_block_limits(SCSIGenericReq *r, SCSIDevice *s)
+ uint8_t buf[64];
+
+ SCSIBlockLimits bl = {
+- .max_io_sectors = blk_get_max_transfer(s->conf.blk) / s->blocksize
++ .max_io_sectors = calculate_max_transfer(s),
+ };
+
+ memset(r->buf, 0, r->buflen);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch b/SOURCES/kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch
deleted file mode 100644
index 4ddfbe9..0000000
--- a/SOURCES/kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From 005339f7deaee639c38d30e5bf2235c292ce3937 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 5 Jan 2022 12:38:47 +0000
-Subject: [PATCH 3/3] softmmu: fix device deletion events with -device JSON
- syntax
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Kevin Wolf <kwolf@redhat.com>
-RH-MergeRequest: 62: Fix hot unplug of devices created with -device JSON syntax
-RH-Commit: [1/1] 980e505ba215b5f9324c107481c5bb257ae03f42 (kmwolf/centos-qemu-kvm)
-RH-Bugzilla: 2036669
-RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-RH-Acked-by: Jano Tomko <None>
-
-The -device JSON syntax impl leaks a reference on the created
-DeviceState instance. As a result when you hot-unplug the
-device, the device_finalize method won't be called and thus
-it will fail to emit the required DEVICE_DELETED event.
-
-A 'json-cli' feature was previously added against the
-'device_add' QMP command QAPI schema to indicated to mgmt
-apps that -device supported JSON syntax. Given the hotplug
-bug that feature flag is not usable for its purpose, so
-we add a new 'json-cli-hotplug' feature to indicate the
--device supports JSON without breaking hotplug.
-
-Fixes: 5dacda5167560b3af8eadbce5814f60ba44b467e
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/802
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-Message-Id: <20220105123847.4047954-2-berrange@redhat.com>
-Reviewed-by: Laurent Vivier <lvivier@redhat.com>
-Tested-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 64b4529a432507ee84a924be69a03432639e87ba)
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- qapi/qdev.json | 5 ++++-
- softmmu/vl.c | 4 +++-
- tests/qtest/device-plug-test.c | 19 +++++++++++++++++++
- 3 files changed, 26 insertions(+), 2 deletions(-)
-
-diff --git a/qapi/qdev.json b/qapi/qdev.json
-index 69656b14df..26cd10106b 100644
---- a/qapi/qdev.json
-+++ b/qapi/qdev.json
-@@ -44,6 +44,9 @@
- # @json-cli: If present, the "-device" command line option supports JSON
- # syntax with a structure identical to the arguments of this
- # command.
-+# @json-cli-hotplug: If present, the "-device" command line option supports JSON
-+# syntax without the reference counting leak that broke
-+# hot-unplug
- #
- # Notes:
- #
-@@ -74,7 +77,7 @@
- { 'command': 'device_add',
- 'data': {'driver': 'str', '*bus': 'str', '*id': 'str'},
- 'gen': false, # so we can get the additional arguments
-- 'features': ['json-cli'] }
-+ 'features': ['json-cli', 'json-cli-hotplug'] }
-
- ##
- # @device_del:
-diff --git a/softmmu/vl.c b/softmmu/vl.c
-index d46b8fb4ab..b3829e2edd 100644
---- a/softmmu/vl.c
-+++ b/softmmu/vl.c
-@@ -2690,6 +2690,7 @@ static void qemu_create_cli_devices(void)
- qemu_opts_foreach(qemu_find_opts("device"),
- device_init_func, NULL, &error_fatal);
- QTAILQ_FOREACH(opt, &device_opts, next) {
-+ DeviceState *dev;
- loc_push_restore(&opt->loc);
- /*
- * TODO Eventually we should call qmp_device_add() here to make sure it
-@@ -2698,7 +2699,8 @@ static void qemu_create_cli_devices(void)
- * from the start, so call qdev_device_add_from_qdict() directly for
- * now.
- */
-- qdev_device_add_from_qdict(opt->opts, true, &error_fatal);
-+ dev = qdev_device_add_from_qdict(opt->opts, true, &error_fatal);
-+ object_unref(OBJECT(dev));
- loc_pop(&opt->loc);
- }
- rom_reset_order_override();
-diff --git a/tests/qtest/device-plug-test.c b/tests/qtest/device-plug-test.c
-index 559d47727a..ad79bd4c14 100644
---- a/tests/qtest/device-plug-test.c
-+++ b/tests/qtest/device-plug-test.c
-@@ -77,6 +77,23 @@ static void test_pci_unplug_request(void)
- qtest_quit(qtest);
- }
-
-+static void test_pci_unplug_json_request(void)
-+{
-+ QTestState *qtest = qtest_initf(
-+ "-device '{\"driver\": \"virtio-mouse-pci\", \"id\": \"dev0\"}'");
-+
-+ /*
-+ * Request device removal. As the guest is not running, the request won't
-+ * be processed. However during system reset, the removal will be
-+ * handled, removing the device.
-+ */
-+ device_del(qtest, "dev0");
-+ system_reset(qtest);
-+ wait_device_deleted_event(qtest, "dev0");
-+
-+ qtest_quit(qtest);
-+}
-+
- static void test_ccw_unplug(void)
- {
- QTestState *qtest = qtest_initf("-device virtio-balloon-ccw,id=dev0");
-@@ -145,6 +162,8 @@ int main(int argc, char **argv)
- */
- qtest_add_func("/device-plug/pci-unplug-request",
- test_pci_unplug_request);
-+ qtest_add_func("/device-plug/pci-unplug-json-request",
-+ test_pci_unplug_json_request);
-
- if (!strcmp(arch, "s390x")) {
- qtest_add_func("/device-plug/ccw-unplug",
---
-2.27.0
-
diff --git a/SOURCES/kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch b/SOURCES/kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch
new file mode 100644
index 0000000..8fd2e16
--- /dev/null
+++ b/SOURCES/kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch
@@ -0,0 +1,54 @@
+From 74b3e92dcb9e343e135a681259514b4fd28086ea Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 May 2022 15:25:09 +0200
+Subject: [PATCH 4/5] sysemu: tpm: Add a stub function for TPM_IS_CRB
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 84: vfio/common: Remove spurious tpm-crb-cmd misalignment warning
+RH-Commit: [1/2] 0ab55ca1aa12a3a7cbdef5a378928f75e030e536 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2037612
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037612
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45166961
+Upstream Status: YES
+Tested: With TPM-CRB and VFIO
+
+In a subsequent patch, VFIO will need to recognize if
+a memory region owner is a TPM CRB device. Hence VFIO
+needs to use TPM_IS_CRB() even if CONFIG_TPM is unset. So
+let's add a stub function.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Suggested-by: Cornelia Huck <cohuck@redhat.com>
+Reviewed-by: Stefan Berger <stefanb@linnux.ibm.com>
+Link: https://lore.kernel.org/r/20220506132510.1847942-2-eric.auger@redhat.com
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+(cherry picked from commit 4168cdad398843ed53d650a27651868b4d3e21c9)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ include/sysemu/tpm.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
+index 68b2206463..fb40e30ff6 100644
+--- a/include/sysemu/tpm.h
++++ b/include/sysemu/tpm.h
+@@ -80,6 +80,12 @@ static inline TPMVersion tpm_get_version(TPMIf *ti)
+ #define tpm_init() (0)
+ #define tpm_cleanup()
+
++/* needed for an alignment check in non-tpm code */
++static inline Object *TPM_IS_CRB(Object *obj)
++{
++ return NULL;
++}
++
+ #endif /* CONFIG_TPM */
+
+ #endif /* QEMU_TPM_H */
+--
+2.31.1
+
diff --git a/SOURCES/kvm-target-arm-deprecate-named-CPU-models.patch b/SOURCES/kvm-target-arm-deprecate-named-CPU-models.patch
new file mode 100644
index 0000000..dbe8d24
--- /dev/null
+++ b/SOURCES/kvm-target-arm-deprecate-named-CPU-models.patch
@@ -0,0 +1,129 @@
+From 1f8528b71d96c01dd6106f11681f4a4e2776ef5f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 21 Mar 2022 12:05:42 +0000
+Subject: [PATCH 06/18] target/arm: deprecate named CPU models
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Daniel P. Berrangé <berrange@redhat.com>
+RH-MergeRequest: 94: i386, aarch64, s390x: deprecate many named CPU models
+RH-Commit: [6/6] afddeb9e898206fd04499f01c48caf7dc1a8b8ef (berrange/centos-src-qemu)
+RH-Bugzilla: 2060839
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+KVM requires use of the 'host' CPU model, so named CPU models are only
+needed for TCG. Since we don't consider TCG to be supported we can
+deprecate all the named CPU models. TCG users can rely on 'max' model.
+
+Note: this has the effect of deprecating the default built-in CPU
+model 'cortex-a57'. Applications using QEMU are expected to make an
+explicit choice about which CPU model they want, since no builtin
+default can suit all purposes.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2060839
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ target/arm/cpu-qom.h | 1 +
+ target/arm/cpu.c | 5 +++++
+ target/arm/cpu.h | 2 ++
+ target/arm/cpu64.c | 8 +++++++-
+ target/arm/helper.c | 2 ++
+ 5 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
+index 64c44cef2d..82e97249bc 100644
+--- a/target/arm/cpu-qom.h
++++ b/target/arm/cpu-qom.h
+@@ -35,6 +35,7 @@ typedef struct ARMCPUInfo {
+ const char *name;
+ void (*initfn)(Object *obj);
+ void (*class_init)(ObjectClass *oc, void *data);
++ const char *deprecation_note;
+ } ARMCPUInfo;
+
+ void arm_cpu_register(const ARMCPUInfo *info);
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
+index 5d4ca7a227..c74b0fb462 100644
+--- a/target/arm/cpu.c
++++ b/target/arm/cpu.c
+@@ -2105,8 +2105,13 @@ static void arm_cpu_instance_init(Object *obj)
+ static void cpu_register_class_init(ObjectClass *oc, void *data)
+ {
+ ARMCPUClass *acc = ARM_CPU_CLASS(oc);
++ CPUClass *cc = CPU_CLASS(oc);
+
+ acc->info = data;
++
++ if (acc->info->deprecation_note) {
++ cc->deprecation_note = acc->info->deprecation_note;
++ }
+ }
+
+ void arm_cpu_register(const ARMCPUInfo *info)
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index 23879de5fa..c0c9f680e5 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -33,6 +33,8 @@
+ #define KVM_HAVE_MCE_INJECTION 1
+ #endif
+
++#define RHEL_CPU_DEPRECATION "use 'host' / 'max'"
++
+ #define EXCP_UDEF 1 /* undefined instruction */
+ #define EXCP_SWI 2 /* software interrupt */
+ #define EXCP_PREFETCH_ABORT 3
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index e80b831073..c8f152891c 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -975,7 +975,8 @@ static void aarch64_a64fx_initfn(Object *obj)
+ #endif /* disabled for RHEL */
+
+ static const ARMCPUInfo aarch64_cpus[] = {
+- { .name = "cortex-a57", .initfn = aarch64_a57_initfn },
++ { .name = "cortex-a57", .initfn = aarch64_a57_initfn,
++ .deprecation_note = RHEL_CPU_DEPRECATION },
+ #if 0 /* Disabled for Red Hat Enterprise Linux */
+ { .name = "cortex-a53", .initfn = aarch64_a53_initfn },
+ { .name = "cortex-a72", .initfn = aarch64_a72_initfn },
+@@ -1052,8 +1053,13 @@ static void aarch64_cpu_instance_init(Object *obj)
+ static void cpu_register_class_init(ObjectClass *oc, void *data)
+ {
+ ARMCPUClass *acc = ARM_CPU_CLASS(oc);
++ CPUClass *cc = CPU_CLASS(oc);
+
+ acc->info = data;
++
++ if (acc->info->deprecation_note) {
++ cc->deprecation_note = acc->info->deprecation_note;
++ }
+ }
+
+ void aarch64_cpu_register(const ARMCPUInfo *info)
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index 7d14650615..3d34f63e49 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -8560,6 +8560,7 @@ void arm_cpu_list(void)
+ static void arm_cpu_add_definition(gpointer data, gpointer user_data)
+ {
+ ObjectClass *oc = data;
++ CPUClass *cc = CPU_CLASS(oc);
+ CpuDefinitionInfoList **cpu_list = user_data;
+ CpuDefinitionInfo *info;
+ const char *typename;
+@@ -8569,6 +8570,7 @@ static void arm_cpu_add_definition(gpointer data, gpointer user_data)
+ info->name = g_strndup(typename,
+ strlen(typename) - strlen("-" TYPE_ARM_CPU));
+ info->q_typename = g_strdup(typename);
++ info->deprecated = !!cc->deprecation_note;
+
+ QAPI_LIST_PREPEND(*cpu_list, info);
+ }
+--
+2.35.3
+
diff --git a/SOURCES/kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch b/SOURCES/kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch
new file mode 100644
index 0000000..d63bfdb
--- /dev/null
+++ b/SOURCES/kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch
@@ -0,0 +1,273 @@
+From 577b04770e47aed0f88acb4a415ed04ddbe087f1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 17 Mar 2022 17:59:22 +0000
+Subject: [PATCH 04/18] target/i386: deprecate CPUs older than x86_64-v2 ABI
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Daniel P. Berrangé <berrange@redhat.com>
+RH-MergeRequest: 94: i386, aarch64, s390x: deprecate many named CPU models
+RH-Commit: [4/6] 71f6043f11b31ffa841a2e14d24972e571c18a9e (berrange/centos-src-qemu)
+RH-Bugzilla: 2060839
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+RHEL-9 is compiled with the x86_64-v2 ABI. We use this as a baseline to
+select which CPUs we want to support, such that there is at least one
+supported guest CPU that can be launched for every physical machine
+capable of running RHEL-9 KVM.
+
+Supported CPUs:
+
+ * QEMU models
+
+ base (QEMU internal)
+ host (host passthrough)
+ max (host passthrough for KVM,
+ all emulated features for TCG)
+
+ * Intel models
+
+ Icelake-Server
+ Icelake-Server-noTSX
+ Cascadelake-Server (2019)
+ Cascadelake-Server-noTSX (2019)
+ Skylake-Server (2016)
+ Skylake-Server-IBRS (2016)
+ Skylake-Server-noTSX-IBRS (2016)
+ Skylake-Client (2015)
+ Skylake-Client-IBRS (2015)
+ Skylake-Client-noTSX-IBRS (2015)
+ Broadwell (2014)
+ Broadwell-IBRS (2014)
+ Broadwell-noTSX (2014)
+ Broadwell-noTSX-IBRS (2014)
+ Haswell (2013)
+ Haswell-IBRS (2013)
+ Haswell-noTSX (2013)
+ Haswell-noTSX-IBRS (2013)
+ IvyBridge (2012)
+ IvyBridge-IBRS (2012)
+ SandyBridge (2011)
+ SandyBridge-IBRS (2011)
+ Westmere (2010)
+ Westmere-IBRS (2010)
+ Nehalem (2008)
+ Nehalem-IBRS (2008)
+
+ Cooperlake (2020)
+ Snowridge (2019)
+ KnightsMill (2017)
+ Denverton (2016)
+
+ * AMD models
+
+ EPYC-Milan (2021)
+ EPYC-Rome (2019)
+ EPYC (2017)
+ EPYC-IBPB (2017)
+ Opteron_G5 (2012)
+ Opteron_G4 (2011)
+
+ * Other
+
+ Dhyana (2018)
+
+(I've omitted the many -vNNN versions for brevity)
+
+Deprecated CPUs:
+
+ 486
+ athlon
+ Conroe
+ core2duo
+ coreduo
+ Icelake-Client (already deprecated upstream)
+ Icelake-Client-noTSX (already deprecated upstream)
+ kvm32
+ kvm64
+ n270
+ Opteron_G1
+ Opteron_G2
+ Opteron_G3
+ Penryn
+ pentium2
+ pentium3
+ pentium
+ phenom
+ qemu32
+ qemu64
+
+The deprecated CPU models are subject to removal in a future
+major version of RHEL.
+
+Note: this has the effect of deprecating the default built-in CPU
+model 'qemu64'. Applications using QEMU are expected to make an
+explicit choice about which CPU model they want, since no builtin
+default can suit all purposes.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2060839
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ target/i386/cpu.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index cb6b5467d0..87cb641b5f 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1780,9 +1780,13 @@ static const CPUCaches epyc_milan_cache_info = {
+ * PT in VMX operation
+ */
+
++#define RHEL_CPU_DEPRECATION \
++ "use at least 'Nehalem' / 'Opteron_G4', or 'host' / 'max'"
++
+ static const X86CPUDefinition builtin_x86_defs[] = {
+ {
+ .name = "qemu64",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_AMD,
+ .family = 15,
+@@ -1803,6 +1807,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "phenom",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 5,
+ .vendor = CPUID_VENDOR_AMD,
+ .family = 16,
+@@ -1835,6 +1840,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "core2duo",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 10,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -1877,6 +1883,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "kvm64",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 15,
+@@ -1918,6 +1925,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "qemu32",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 4,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -1932,6 +1940,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "kvm32",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 5,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 15,
+@@ -1962,6 +1971,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "coreduo",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 10,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -1995,6 +2005,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "486",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 1,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 4,
+@@ -2007,6 +2018,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "pentium",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 1,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 5,
+@@ -2019,6 +2031,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "pentium2",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 2,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -2031,6 +2044,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "pentium3",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 3,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -2043,6 +2057,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "athlon",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 2,
+ .vendor = CPUID_VENDOR_AMD,
+ .family = 6,
+@@ -2058,6 +2073,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "n270",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 10,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -2083,6 +2099,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "Conroe",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 10,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -2123,6 +2140,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "Penryn",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 10,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+@@ -3832,6 +3850,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "Opteron_G1",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 5,
+ .vendor = CPUID_VENDOR_AMD,
+ .family = 15,
+@@ -3852,6 +3871,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "Opteron_G2",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 5,
+ .vendor = CPUID_VENDOR_AMD,
+ .family = 15,
+@@ -3874,6 +3894,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
+ },
+ {
+ .name = "Opteron_G3",
++ .deprecation_note = RHEL_CPU_DEPRECATION,
+ .level = 5,
+ .vendor = CPUID_VENDOR_AMD,
+ .family = 16,
+--
+2.35.3
+
diff --git a/SOURCES/kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch b/SOURCES/kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch
new file mode 100644
index 0000000..c940cdb
--- /dev/null
+++ b/SOURCES/kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch
@@ -0,0 +1,48 @@
+From 39642d0d37e2ef61ce7fde0bc284d37a365e4482 Mon Sep 17 00:00:00 2001
+From: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
+Date: Mon, 2 May 2022 17:59:11 -0300
+Subject: [PATCH 2/2] target/ppc/cpu-models: Fix ppc_cpu_aliases list for RHEL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Murilo Opsfelder Araújo <muriloo@linux.ibm.com>
+RH-MergeRequest: 81: target/ppc/cpu-models: remove extraneous "#endif"
+RH-Commit: [1/1] 5fff003ad3deb84c6a8e69ab90552a31edb3b058 (mopsfelder/centos-stream-src-qemu-kvm)
+RH-Bugzilla: 2081022
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+The commit b9d28ecdedaf ("Enable/disable devices for RHEL") removed the
+"#if 0" from the beginning of the ppc_cpu_aliases list, which broke the
+build on ppc64le:
+
+ ../target/ppc/cpu-models.c:904:2: error: #endif without #if
+ #endif
+ ^
+ 1 error generated.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2081022
+
+Fixes: b9d28ecdedaf (Enable/disable devices for RHEL)
+Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
+---
+ target/ppc/cpu-models.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/target/ppc/cpu-models.c b/target/ppc/cpu-models.c
+index dd78883410..528467eac1 100644
+--- a/target/ppc/cpu-models.c
++++ b/target/ppc/cpu-models.c
+@@ -746,6 +746,7 @@
+ /* PowerPC CPU aliases */
+
+ PowerPCCPUAlias ppc_cpu_aliases[] = {
++#if 0 /* Disabled for Red Hat Enterprise Linux */
+ { "405", "405d4" },
+ { "405cr", "405crc" },
+ { "405gp", "405gpd" },
+--
+2.35.1
+
diff --git a/SOURCES/kvm-target-s390x-deprecate-CPUs-older-than-z14.patch b/SOURCES/kvm-target-s390x-deprecate-CPUs-older-than-z14.patch
new file mode 100644
index 0000000..212900d
--- /dev/null
+++ b/SOURCES/kvm-target-s390x-deprecate-CPUs-older-than-z14.patch
@@ -0,0 +1,194 @@
+From 8459c305914e2a7a19dcd1662d54a89def7acfa6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Thu, 17 Mar 2022 17:59:22 +0000
+Subject: [PATCH 05/18] target/s390x: deprecate CPUs older than z14
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Daniel P. Berrangé <berrange@redhat.com>
+RH-MergeRequest: 94: i386, aarch64, s390x: deprecate many named CPU models
+RH-Commit: [5/6] 2da9e06cf452287673f94f880a7eb8b2b37b7278 (berrange/centos-src-qemu)
+RH-Bugzilla: 2060839
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+RHEL-9 is compiled with the z14 ABI. We use this as a baseline to
+select which CPUs we want to support, such that there is at least one
+supported guest CPU that can be launched for every physical
+machine capable of running RHEL-9 KVM.
+
+Supported CPUs:
+
+ gen15a-base
+ gen15a
+ gen15b-base
+ gen15b
+ gen16a-base
+ gen16a
+ gen16b-base
+ gen16b
+ max
+ qemu
+ z14.2-base
+ z14.2
+ z14-base
+ z14
+ z14ZR1-base
+ z14ZR1
+
+Deprecated CPUs:
+
+ z10BC.2-base
+ z10BC.2
+ z10BC-base
+ z10BC
+ z10EC.2-base
+ z10EC.2
+ z10EC.3-base
+ z10EC.3
+ z10EC-base
+ z10EC
+ z114-base
+ z114
+ z13.2-base
+ z13.2
+ z13-base
+ z13s-base
+ z13s
+ z13
+ z196.2-base
+ z196.2
+ z196-base
+ z196
+ z800-base
+ z800
+ z890.2-base
+ z890.2
+ z890.3-base
+ z890.3
+ z890-base
+ z890
+ z900.2-base
+ z900.2
+ z900.3-base
+ z900.3
+ z900-base
+ z900
+ z990.2-base
+ z990.2
+ z990.3-base
+ z990.3
+ z990.4-base
+ z990.4
+ z990.5-base
+ z990.5
+ z990-base
+ z990
+ z9BC.2-base
+ z9BC.2
+ z9BC-base
+ z9BC
+ z9EC.2-base
+ z9EC.2
+ z9EC.3-base
+ z9EC.3
+ z9EC-base
+ z9EC
+ zBC12-base
+ zBC12
+ zEC12.2-base
+ zEC12.2
+ zEC12-base
+ zEC12
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2060839
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ target/s390x/cpu_models.c | 11 +++++++++++
+ target/s390x/cpu_models.h | 2 ++
+ target/s390x/cpu_models_sysemu.c | 2 ++
+ 3 files changed, 15 insertions(+)
+
+diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
+index 6d71428056..9b9fc41676 100644
+--- a/target/s390x/cpu_models.c
++++ b/target/s390x/cpu_models.c
+@@ -45,6 +45,9 @@
+ * of a following release have been a superset of the previous release. With
+ * generation 15 one base feature and one optional feature have been deprecated.
+ */
++
++#define RHEL_CPU_DEPRECATION "use at least 'z14', or 'host' / 'qemu' / 'max'"
++
+ static S390CPUDef s390_cpu_defs[] = {
+ CPUDEF_INIT(0x2064, 7, 1, 38, 0x00000000U, "z900", "IBM zSeries 900 GA1"),
+ CPUDEF_INIT(0x2064, 7, 2, 38, 0x00000000U, "z900.2", "IBM zSeries 900 GA2"),
+@@ -852,22 +855,30 @@ static void s390_host_cpu_model_class_init(ObjectClass *oc, void *data)
+ static void s390_base_cpu_model_class_init(ObjectClass *oc, void *data)
+ {
+ S390CPUClass *xcc = S390_CPU_CLASS(oc);
++ CPUClass *cc = CPU_CLASS(oc);
+
+ /* all base models are migration safe */
+ xcc->cpu_def = (const S390CPUDef *) data;
+ xcc->is_migration_safe = true;
+ xcc->is_static = true;
+ xcc->desc = xcc->cpu_def->desc;
++ if (xcc->cpu_def->gen < 14) {
++ cc->deprecation_note = RHEL_CPU_DEPRECATION;
++ }
+ }
+
+ static void s390_cpu_model_class_init(ObjectClass *oc, void *data)
+ {
+ S390CPUClass *xcc = S390_CPU_CLASS(oc);
++ CPUClass *cc = CPU_CLASS(oc);
+
+ /* model that can change between QEMU versions */
+ xcc->cpu_def = (const S390CPUDef *) data;
+ xcc->is_migration_safe = true;
+ xcc->desc = xcc->cpu_def->desc;
++ if (xcc->cpu_def->gen < 14) {
++ cc->deprecation_note = RHEL_CPU_DEPRECATION;
++ }
+ }
+
+ static void s390_qemu_cpu_model_class_init(ObjectClass *oc, void *data)
+diff --git a/target/s390x/cpu_models.h b/target/s390x/cpu_models.h
+index 74d1f87e4f..372160bcd7 100644
+--- a/target/s390x/cpu_models.h
++++ b/target/s390x/cpu_models.h
+@@ -38,6 +38,8 @@ struct S390CPUDef {
+ S390FeatBitmap full_feat;
+ /* used to init full_feat from generated data */
+ S390FeatInit full_init;
++ /* if deprecated, provides a suggestion */
++ const char *deprecation_note;
+ };
+
+ /* CPU model based on a CPU definition */
+diff --git a/target/s390x/cpu_models_sysemu.c b/target/s390x/cpu_models_sysemu.c
+index 6a04ccab1b..f3b7c304ec 100644
+--- a/target/s390x/cpu_models_sysemu.c
++++ b/target/s390x/cpu_models_sysemu.c
+@@ -61,6 +61,7 @@ static void create_cpu_model_list(ObjectClass *klass, void *opaque)
+ CpuDefinitionInfo *info;
+ char *name = g_strdup(object_class_get_name(klass));
+ S390CPUClass *scc = S390_CPU_CLASS(klass);
++ CPUClass *cc = CPU_CLASS(klass);
+
+ /* strip off the -s390x-cpu */
+ g_strrstr(name, "-" TYPE_S390_CPU)[0] = 0;
+@@ -70,6 +71,7 @@ static void create_cpu_model_list(ObjectClass *klass, void *opaque)
+ info->migration_safe = scc->is_migration_safe;
+ info->q_static = scc->is_static;
+ info->q_typename = g_strdup(object_class_get_name(klass));
++ info->deprecated = !!cc->deprecation_note;
+ /* check for unavailable features */
+ if (cpu_list_data->model) {
+ Object *obj;
+--
+2.35.3
+
diff --git a/SOURCES/kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch b/SOURCES/kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch
new file mode 100644
index 0000000..61752c7
--- /dev/null
+++ b/SOURCES/kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch
@@ -0,0 +1,103 @@
+From 27c1d979a994f5afc59c3520af58d15aa5aae723 Mon Sep 17 00:00:00 2001
+From: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
+Date: Fri, 6 May 2022 17:39:56 +0200
+Subject: [PATCH 29/32] target/s390x: kvm: Honor storage keys during emulation
+
+RH-Author: Thomas Huth <thuth@redhat.com>
+RH-MergeRequest: 109: Honor storage keys during emulation of I/O instructions
+RH-Commit: [2/2] 346dee1e13bfe1c074e4c6a4417091711d852f9c (thuth/qemu-kvm-cs9)
+RH-Bugzilla: 2111994
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: David Hildenbrand <david@redhat.com>
+RH-Acked-by: Claudio Imbrenda <None>
+
+Storage key controlled protection is currently not honored when
+emulating instructions.
+If available, enable key protection for the MEM_OP ioctl, thereby
+enabling it for the s390_cpu_virt_mem_* functions, when using kvm.
+As a result, the emulation of the following instructions honors storage
+keys:
+
+* CLP
+ The Synch I/O CLP command would need special handling in order
+ to support storage keys, but is currently not supported.
+* CHSC
+ Performing commands asynchronously would require special
+ handling, but commands are currently always synchronous.
+* STSI
+* TSCH
+ Must (and does) not change channel if terminated due to
+ protection.
+* MSCH
+ Suppressed on protection, works because fetching instruction.
+* SSCH
+ Suppressed on protection, works because fetching instruction.
+* STSCH
+* STCRW
+ Suppressed on protection, this works because no partial store is
+ possible, because the operand cannot span multiple pages.
+* PCISTB
+* MPCIFC
+* STPCIFC
+
+Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
+Message-Id: <20220506153956.2217601-3-scgl@linux.ibm.com>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+(cherry picked from commit 54354861d21b69ec0781f43e67b8d4f6edad7e3f)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2111994
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+---
+ target/s390x/kvm/kvm.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
+index 74f089d87f..1f1d1a33b8 100644
+--- a/target/s390x/kvm/kvm.c
++++ b/target/s390x/kvm/kvm.c
+@@ -152,12 +152,15 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
+ static int cap_sync_regs;
+ static int cap_async_pf;
+ static int cap_mem_op;
++static int cap_mem_op_extension;
+ static int cap_s390_irq;
+ static int cap_ri;
+ static int cap_hpage_1m;
+ static int cap_vcpu_resets;
+ static int cap_protected;
+
++static bool mem_op_storage_key_support;
++
+ static int active_cmma;
+
+ static int kvm_s390_query_mem_limit(uint64_t *memory_limit)
+@@ -355,6 +358,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
+ cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);
+ cap_async_pf = kvm_check_extension(s, KVM_CAP_ASYNC_PF);
+ cap_mem_op = kvm_check_extension(s, KVM_CAP_S390_MEM_OP);
++ cap_mem_op_extension = kvm_check_extension(s, KVM_CAP_S390_MEM_OP_EXTENSION);
++ mem_op_storage_key_support = cap_mem_op_extension > 0;
+ cap_s390_irq = kvm_check_extension(s, KVM_CAP_S390_INJECT_IRQ);
+ cap_vcpu_resets = kvm_check_extension(s, KVM_CAP_S390_VCPU_RESETS);
+ cap_protected = kvm_check_extension(s, KVM_CAP_S390_PROTECTED);
+@@ -843,6 +848,7 @@ int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf,
+ : KVM_S390_MEMOP_LOGICAL_READ,
+ .buf = (uint64_t)hostbuf,
+ .ar = ar,
++ .key = (cpu->env.psw.mask & PSW_MASK_KEY) >> PSW_SHIFT_KEY,
+ };
+ int ret;
+
+@@ -852,6 +858,9 @@ int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf,
+ if (!hostbuf) {
+ mem_op.flags |= KVM_S390_MEMOP_F_CHECK_ONLY;
+ }
++ if (mem_op_storage_key_support) {
++ mem_op.flags |= KVM_S390_MEMOP_F_SKEY_PROTECTION;
++ }
+
+ ret = kvm_vcpu_ioctl(CPU(cpu), KVM_S390_MEM_OP, &mem_op);
+ if (ret < 0) {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-tests-acpi-SLIC-update-expected-blobs.patch b/SOURCES/kvm-tests-acpi-SLIC-update-expected-blobs.patch
deleted file mode 100644
index 91c5631..0000000
--- a/SOURCES/kvm-tests-acpi-SLIC-update-expected-blobs.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1dd4518bbf917158c9558dfb9e92be0a3f74b42b Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:20 -0500
-Subject: [PATCH 08/14] tests: acpi: SLIC: update expected blobs
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [4/10] 9023e98b18b9145ef889eec912b222e039fcc76f
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-5-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit c8adb4d222c42951a9d0367e5f5d4e1f5e2c9ad7)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/data/acpi/q35/FACP.slic | Bin 244 -> 244 bytes
- tests/data/acpi/q35/SLIC.slic | Bin 0 -> 36 bytes
- tests/qtest/bios-tables-test-allowed-diff.h | 2 --
- 3 files changed, 2 deletions(-)
-
-diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
-index 49dbf8fa3e..dfb8523c8b 100644
---- a/tests/qtest/bios-tables-test-allowed-diff.h
-+++ b/tests/qtest/bios-tables-test-allowed-diff.h
-@@ -1,3 +1 @@
- /* List of comma-separated changed AML files to ignore */
--"tests/data/acpi/q35/FACP.slic",
--"tests/data/acpi/q35/SLIC.slic",
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-acpi-add-SLIC-table-test.patch b/SOURCES/kvm-tests-acpi-add-SLIC-table-test.patch
deleted file mode 100644
index 9152c34..0000000
--- a/SOURCES/kvm-tests-acpi-add-SLIC-table-test.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From f897bc3aca1bb98b1907cfd76ba52cfa541b9b5c Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:19 -0500
-Subject: [PATCH 07/14] tests: acpi: add SLIC table test
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [3/10] b72e6f11e4d86bf39fa440df3902d9259d16d5db
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-When user uses '-acpitable' to add SLIC table, some ACPI
-tables (FADT) will change its 'Oem ID'/'Oem Table ID' fields to
-match that of SLIC. Test makes sure thati QEMU handles
-those fields correctly when SLIC table is added with
-'-acpitable' option.
-
-Conflicts:
- tests/qtest/bios-tables-test.c
- due to missing 39d7554b2009 ("tests/acpi: add test case for VIOT")
-
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-4-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 11edfabee443b149468a82b5efc88c96d1d259ec)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/qtest/bios-tables-test.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
-index 62745181a8..088609c196 100644
---- a/tests/qtest/bios-tables-test.c
-+++ b/tests/qtest/bios-tables-test.c
-@@ -1465,6 +1465,20 @@ static void test_acpi_virt_tcg(void)
- free_test_data(&data);
- }
-
-+static void test_acpi_q35_slic(void)
-+{
-+ test_data data = {
-+ .machine = MACHINE_Q35,
-+ .variant = ".slic",
-+ };
-+
-+ test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME',"
-+ "oem_rev=00002210,asl_compiler_id='qemu',"
-+ "asl_compiler_rev=00000000,data=/dev/null",
-+ &data);
-+ free_test_data(&data);
-+}
-+
- static void test_oem_fields(test_data *data)
- {
- int i;
-@@ -1639,6 +1653,7 @@ int main(int argc, char *argv[])
- qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic);
- qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar);
- }
-+ qtest_add_func("acpi/q35/slic", test_acpi_q35_slic);
- } else if (strcmp(arch, "aarch64") == 0) {
- if (has_tcg) {
- qtest_add_func("acpi/virt", test_acpi_virt_tcg);
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch b/SOURCES/kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch
deleted file mode 100644
index 5f5f300..0000000
--- a/SOURCES/kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 80fdb82bab21ab0d094795287ce903d0d48974fc Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:29 -0500
-Subject: [PATCH 09/14] tests: acpi: manually pad OEM_ID/OEM_TABLE_ID for
- test_oem_fields() test
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [5/10] 7d55865be1e1574605734c2663bac233e87b8134
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-The next commit will revert OEM fields padding with whitespace to
-padding with '\0' as it was before [1]. As result test_oem_fields() will
-fail due to unexpectedly smaller ID sizes read from QEMU ACPI tables.
-
-Pad OEM_ID/OEM_TABLE_ID manually with spaces so that values the test
-puts on QEMU CLI and expected values match.
-
-1) 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20220112130332.1648664-2-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit a849522f726767022203ef2b6c395ea19facb866)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/qtest/bios-tables-test.c | 15 ++++++---------
- 1 file changed, 6 insertions(+), 9 deletions(-)
-
-diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
-index 088609c196..cfccfd4408 100644
---- a/tests/qtest/bios-tables-test.c
-+++ b/tests/qtest/bios-tables-test.c
-@@ -71,9 +71,10 @@
-
- #define ACPI_REBUILD_EXPECTED_AML "TEST_ACPI_REBUILD_AML"
-
--#define OEM_ID "TEST"
--#define OEM_TABLE_ID "OEM"
--#define OEM_TEST_ARGS "-machine x-oem-id="OEM_ID",x-oem-table-id="OEM_TABLE_ID
-+#define OEM_ID "TEST "
-+#define OEM_TABLE_ID "OEM "
-+#define OEM_TEST_ARGS "-machine x-oem-id='" OEM_ID "',x-oem-table-id='" \
-+ OEM_TABLE_ID "'"
-
- typedef struct {
- bool tcg_only;
-@@ -1482,11 +1483,7 @@ static void test_acpi_q35_slic(void)
- static void test_oem_fields(test_data *data)
- {
- int i;
-- char oem_id[6];
-- char oem_table_id[8];
-
-- strpadcpy(oem_id, sizeof oem_id, OEM_ID, ' ');
-- strpadcpy(oem_table_id, sizeof oem_table_id, OEM_TABLE_ID, ' ');
- for (i = 0; i < data->tables->len; ++i) {
- AcpiSdtTable *sdt;
-
-@@ -1496,8 +1493,8 @@ static void test_oem_fields(test_data *data)
- continue;
- }
-
-- g_assert(memcmp(sdt->aml + 10, oem_id, 6) == 0);
-- g_assert(memcmp(sdt->aml + 16, oem_table_id, 8) == 0);
-+ g_assert(memcmp(sdt->aml + 10, OEM_ID, 6) == 0);
-+ g_assert(memcmp(sdt->aml + 16, OEM_TABLE_ID, 8) == 0);
- }
- }
-
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch b/SOURCES/kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch
deleted file mode 100644
index b0abe81..0000000
--- a/SOURCES/kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From d08941e96003ea6bd26d73b4270912670e39e1bc Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Fri, 14 Jan 2022 09:26:41 -0500
-Subject: [PATCH 13/14] tests: acpi: test short OEM_ID/OEM_TABLE_ID values in
- test_oem_fields()
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [9/10] f1f9991d5d7ef5afb2f98f4fa81aeb3e3cf32d8f
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-Previous patch [1] added explicit whitespace padding to OEM_ID/OEM_TABLE_ID
-values used in test_oem_fields() testcase to avoid false positive and
-bisection issues when QEMU is switched to \0' padding. As result
-testcase ceased to test values that were shorter than max possible
-length values.
-
-Update testcase to make sure that it's testing shorter IDs like it
-used to before [2].
-
-1) "tests: acpi: manually pad OEM_ID/OEM_TABLE_ID for test_oem_fields() test"
-2) 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20220114142641.1727679-1-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 408ca92634770de5eac7965ed97c6260e770f2e7)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/qtest/bios-tables-test.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
-index cfccfd4408..0dd9a0a55b 100644
---- a/tests/qtest/bios-tables-test.c
-+++ b/tests/qtest/bios-tables-test.c
-@@ -71,10 +71,10 @@
-
- #define ACPI_REBUILD_EXPECTED_AML "TEST_ACPI_REBUILD_AML"
-
--#define OEM_ID "TEST "
--#define OEM_TABLE_ID "OEM "
--#define OEM_TEST_ARGS "-machine x-oem-id='" OEM_ID "',x-oem-table-id='" \
-- OEM_TABLE_ID "'"
-+#define OEM_ID "TEST"
-+#define OEM_TABLE_ID "OEM"
-+#define OEM_TEST_ARGS "-machine x-oem-id=" OEM_ID ",x-oem-table-id=" \
-+ OEM_TABLE_ID
-
- typedef struct {
- bool tcg_only;
-@@ -1493,8 +1493,8 @@ static void test_oem_fields(test_data *data)
- continue;
- }
-
-- g_assert(memcmp(sdt->aml + 10, OEM_ID, 6) == 0);
-- g_assert(memcmp(sdt->aml + 16, OEM_TABLE_ID, 8) == 0);
-+ g_assert(strncmp((char *)sdt->aml + 10, OEM_ID, 6) == 0);
-+ g_assert(strncmp((char *)sdt->aml + 16, OEM_TABLE_ID, 8) == 0);
- }
- }
-
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-acpi-update-expected-blobs.patch b/SOURCES/kvm-tests-acpi-update-expected-blobs.patch
deleted file mode 100644
index d629202..0000000
--- a/SOURCES/kvm-tests-acpi-update-expected-blobs.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From b8831f75d186639385d75a4df9c510c7435fcdaf Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:32 -0500
-Subject: [PATCH 12/14] tests: acpi: update expected blobs
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [8/10] dddfa6e1b966bf7c5c00a20c98a778b060dc6983
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-Expected changes caused by previous commit:
-
-nvdimm ssdt (q35/pc/virt):
- - * OEM Table ID "NVDIMM "
- + * OEM Table ID "NVDIMM"
-
-SLIC test FADT (tests/data/acpi/q35/FACP.slic):
- -[010h 0016 8] Oem Table ID : "ME "
- +[010h 0016 8] Oem Table ID : "ME"
-
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20220112130332.1648664-5-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 5adc3aba875416b0e077d8a29ddd0357883746f4)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/data/acpi/pc/SSDT.dimmpxm | Bin 734 -> 734 bytes
- tests/data/acpi/q35/FACP.slic | Bin 244 -> 244 bytes
- tests/data/acpi/q35/SSDT.dimmpxm | Bin 734 -> 734 bytes
- tests/data/acpi/virt/SSDT.memhp | Bin 736 -> 736 bytes
- tests/qtest/bios-tables-test-allowed-diff.h | 4 ----
- 5 files changed, 4 deletions(-)
-
-diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
-index 7faa8f53be..dfb8523c8b 100644
---- a/tests/qtest/bios-tables-test-allowed-diff.h
-+++ b/tests/qtest/bios-tables-test-allowed-diff.h
-@@ -1,5 +1 @@
- /* List of comma-separated changed AML files to ignore */
--"tests/data/acpi/virt/SSDT.memhp",
--"tests/data/acpi/pc/SSDT.dimmpxm",
--"tests/data/acpi/q35/SSDT.dimmpxm",
--"tests/data/acpi/q35/FACP.slic",
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch b/SOURCES/kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch
deleted file mode 100644
index ebe3d36..0000000
--- a/SOURCES/kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 9d8ab705fb0ffc55e78c22f4dd79c4c57437532e Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:18 -0500
-Subject: [PATCH 06/14] tests: acpi: whitelist expected blobs before changing
- them
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [2/10] 677ac6f62a40479f88cc0d47bfece74bb39ae7a7
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-3-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit e71f6ab9d93a7d01e833647e7010c1079c4cef30)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/data/acpi/q35/FACP.slic | Bin 0 -> 244 bytes
- tests/data/acpi/q35/SLIC.slic | 0
- tests/qtest/bios-tables-test-allowed-diff.h | 2 ++
- 3 files changed, 2 insertions(+)
- create mode 100644 tests/data/acpi/q35/FACP.slic
- create mode 100644 tests/data/acpi/q35/SLIC.slic
-
-diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic
-new file mode 100644
-index 0000000000..e69de29bb2
-diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
-index dfb8523c8b..49dbf8fa3e 100644
---- a/tests/qtest/bios-tables-test-allowed-diff.h
-+++ b/tests/qtest/bios-tables-test-allowed-diff.h
-@@ -1 +1,3 @@
- /* List of comma-separated changed AML files to ignore */
-+"tests/data/acpi/q35/FACP.slic",
-+"tests/data/acpi/q35/SLIC.slic",
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch b/SOURCES/kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch
deleted file mode 100644
index 6774f18..0000000
--- a/SOURCES/kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 667b82b02f7f3a1e5c37e3ff77b146cc3fd9da80 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:30 -0500
-Subject: [PATCH 10/14] tests: acpi: whitelist nvdimm's SSDT and FACP.slic
- expected blobs
-
-RH-Author: Igor Mammedov <imammedo@redhat.com>
-RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table
-RH-Commit: [6/10] 9b35b82e26499de3b7bdc0cdd089fda0a8ec031a
-RH-Bugzilla: 2043531
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: MST <None>
-
-The next commit will revert OEM fields whitespace padding to
-padding with '\0' as it was before [1]. That will change OEM
-Table ID for:
- * SSDT.*: where it was padded from 6 characters to 8
- * FACP.slic: where it was padded from 2 characters to 8
-after reverting whitespace padding, it will be replaced with
-'\0' which effectively will shorten OEM table ID to 6 and 2
-characters.
-
-Whitelist affected tables before introducing the change.
-
-1) 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20220112130332.1648664-3-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit d1e4a4654154925eddf0fc449fa9c92b806b9c8c)
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
----
- tests/qtest/bios-tables-test-allowed-diff.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
-index dfb8523c8b..7faa8f53be 100644
---- a/tests/qtest/bios-tables-test-allowed-diff.h
-+++ b/tests/qtest/bios-tables-test-allowed-diff.h
-@@ -1 +1,5 @@
- /* List of comma-separated changed AML files to ignore */
-+"tests/data/acpi/virt/SSDT.memhp",
-+"tests/data/acpi/pc/SSDT.dimmpxm",
-+"tests/data/acpi/q35/SSDT.dimmpxm",
-+"tests/data/acpi/q35/FACP.slic",
---
-2.31.1
-
diff --git a/SOURCES/kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch b/SOURCES/kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch
new file mode 100644
index 0000000..4fcf786
--- /dev/null
+++ b/SOURCES/kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch
@@ -0,0 +1,157 @@
+From f52aa60217634c96fef59ce76b803a94610bf5c8 Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones@redhat.com>
+Date: Wed, 15 Jun 2022 15:28:27 +0200
+Subject: [PATCH 01/18] tests/avocado: update aarch64_virt test to exercise
+ -cpu max
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Daniel P. Berrangé <berrange@redhat.com>
+RH-MergeRequest: 94: i386, aarch64, s390x: deprecate many named CPU models
+RH-Commit: [1/6] df6839e567180a4c32afd98852f68b2279e00f7c (berrange/centos-src-qemu)
+RH-Bugzilla: 2060839
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2066824
+
+commit 11593544df6f8febb3ce87015c22b429bf43c4c7
+Author: Alex Bennée <alex.bennee@linaro.org>
+Date: Tue Apr 19 10:09:56 2022 +0100
+
+ tests/avocado: update aarch64_virt test to exercise -cpu max
+
+ The Fedora 29 kernel is quite old and importantly fails when running
+ in LPA2 scenarios. As it's not really exercising much of the CPU space
+ replace it with a custom 5.16.12 kernel with all the architecture
+ options turned on. There is a minimal buildroot initramfs included in
+ the kernel which has a few tools for stress testing the memory
+ subsystem. The userspace also targets the Neoverse N1 processor so
+ would fail with a v8.0 cpu like cortex-a53.
+
+ While we are at it move the test into its own file so it can have an
+ assigned maintainer.
+
+ Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
+ Acked-by: Richard Henderson <richard.henderson@linaro.org>
+ Tested-by: Richard Henderson <richard.henderson@linaro.org>
+ Message-Id: <20220419091020.3008144-2-alex.bennee@linaro.org>
+
+Signed-off-by: Andrew Jones <drjones@redhat.com>
+---
+ MAINTAINERS | 1 +
+ tests/avocado/boot_linux_console.py | 25 -------------
+ tests/avocado/machine_aarch64_virt.py | 51 +++++++++++++++++++++++++++
+ 3 files changed, 52 insertions(+), 25 deletions(-)
+ create mode 100644 tests/avocado/machine_aarch64_virt.py
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 2fe20a49ab..bfe8806f60 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -942,6 +942,7 @@ S: Maintained
+ F: hw/arm/virt*
+ F: include/hw/arm/virt.h
+ F: docs/system/arm/virt.rst
++F: tests/avocado/machine_aarch64_virt.py
+
+ Xilinx Zynq
+ M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
+diff --git a/tests/avocado/boot_linux_console.py b/tests/avocado/boot_linux_console.py
+index b40a3abc81..45a2ceda22 100644
+--- a/tests/avocado/boot_linux_console.py
++++ b/tests/avocado/boot_linux_console.py
+@@ -325,31 +325,6 @@ def test_mips_malta32el_nanomips_64k_dbg(self):
+ kernel_hash = '18d1c68f2e23429e266ca39ba5349ccd0aeb7180'
+ self.do_test_mips_malta32el_nanomips(kernel_url, kernel_hash)
+
+- def test_aarch64_virt(self):
+- """
+- :avocado: tags=arch:aarch64
+- :avocado: tags=machine:virt
+- :avocado: tags=accel:tcg
+- :avocado: tags=cpu:cortex-a53
+- """
+- kernel_url = ('https://archives.fedoraproject.org/pub/archive/fedora'
+- '/linux/releases/29/Everything/aarch64/os/images/pxeboot'
+- '/vmlinuz')
+- kernel_hash = '8c73e469fc6ea06a58dc83a628fc695b693b8493'
+- kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
+-
+- self.vm.set_console()
+- kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+- 'console=ttyAMA0')
+- self.require_accelerator("tcg")
+- self.vm.add_args('-cpu', 'cortex-a53',
+- '-accel', 'tcg',
+- '-kernel', kernel_path,
+- '-append', kernel_command_line)
+- self.vm.launch()
+- console_pattern = 'Kernel command line: %s' % kernel_command_line
+- self.wait_for_console_pattern(console_pattern)
+-
+ def test_aarch64_xlnx_versal_virt(self):
+ """
+ :avocado: tags=arch:aarch64
+diff --git a/tests/avocado/machine_aarch64_virt.py b/tests/avocado/machine_aarch64_virt.py
+new file mode 100644
+index 0000000000..21848cba70
+--- /dev/null
++++ b/tests/avocado/machine_aarch64_virt.py
+@@ -0,0 +1,51 @@
++# Functional test that boots a Linux kernel and checks the console
++#
++# Copyright (c) 2022 Linaro Ltd.
++#
++# Author:
++# Alex Bennée <alex.bennee@linaro.org>
++#
++# SPDX-License-Identifier: GPL-2.0-or-later
++
++import time
++
++from avocado_qemu import QemuSystemTest
++from avocado_qemu import wait_for_console_pattern
++from avocado_qemu import exec_command
++
++class Aarch64VirtMachine(QemuSystemTest):
++ KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
++
++ def wait_for_console_pattern(self, success_message, vm=None):
++ wait_for_console_pattern(self, success_message,
++ failure_message='Kernel panic - not syncing',
++ vm=vm)
++
++ def test_aarch64_virt(self):
++ """
++ :avocado: tags=arch:aarch64
++ :avocado: tags=machine:virt
++ :avocado: tags=accel:tcg
++ :avocado: tags=cpu:max
++ """
++ kernel_url = ('https://fileserver.linaro.org/s/'
++ 'z6B2ARM7DQT3HWN/download')
++
++ kernel_hash = 'ed11daab50c151dde0e1e9c9cb8b2d9bd3215347'
++ kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
++
++ self.vm.set_console()
++ kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
++ 'console=ttyAMA0')
++ self.require_accelerator("tcg")
++ self.vm.add_args('-cpu', 'max,pauth-impdef=on',
++ '-accel', 'tcg',
++ '-kernel', kernel_path,
++ '-append', kernel_command_line)
++ self.vm.launch()
++ self.wait_for_console_pattern('Welcome to Buildroot')
++ time.sleep(0.1)
++ exec_command(self, 'root')
++ time.sleep(0.1)
++ exec_command(self, 'cat /proc/self/maps')
++ time.sleep(0.1)
+--
+2.35.3
+
diff --git a/SOURCES/kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch b/SOURCES/kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch
new file mode 100644
index 0000000..7b9a8f3
--- /dev/null
+++ b/SOURCES/kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch
@@ -0,0 +1,119 @@
+From cea7b15c613a11ea15a1458d6990be7044df6643 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 18 Nov 2021 12:57:33 +0100
+Subject: [PATCH 17/17] tests/qtest/fdc-test: Add a regression test for
+ CVE-2021-3507
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 107: hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
+RH-Commit: [2/2] 067c052df790959c28c1fcc16547676d36523bd9 (mrezanin/centos-src-qemu-kvm)
+RH-Bugzilla: 1951522
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339
+
+Without the previous commit, when running 'make check-qtest-i386'
+with QEMU configured with '--enable-sanitizers' we get:
+
+ ==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000062a00 at pc 0x5626d03c491a bp 0x7ffdb4199410 sp 0x7ffdb4198bc0
+ READ of size 786432 at 0x619000062a00 thread T0
+ #0 0x5626d03c4919 in __asan_memcpy (qemu-system-i386+0x1e65919)
+ #1 0x5626d1c023cc in flatview_write_continue softmmu/physmem.c:2787:13
+ #2 0x5626d1bf0c0f in flatview_write softmmu/physmem.c:2822:14
+ #3 0x5626d1bf0798 in address_space_write softmmu/physmem.c:2914:18
+ #4 0x5626d1bf0f37 in address_space_rw softmmu/physmem.c:2924:16
+ #5 0x5626d1bf14c8 in cpu_physical_memory_rw softmmu/physmem.c:2933:5
+ #6 0x5626d0bd5649 in cpu_physical_memory_write include/exec/cpu-common.h:82:5
+ #7 0x5626d0bd0a07 in i8257_dma_write_memory hw/dma/i8257.c:452:9
+ #8 0x5626d09f825d in fdctrl_transfer_handler hw/block/fdc.c:1616:13
+ #9 0x5626d0a048b4 in fdctrl_start_transfer hw/block/fdc.c:1539:13
+ #10 0x5626d09f4c3e in fdctrl_write_data hw/block/fdc.c:2266:13
+ #11 0x5626d09f22f7 in fdctrl_write hw/block/fdc.c:829:9
+ #12 0x5626d1c20bc5 in portio_write softmmu/ioport.c:207:17
+
+ 0x619000062a00 is located 0 bytes to the right of 512-byte region [0x619000062800,0x619000062a00)
+ allocated by thread T0 here:
+ #0 0x5626d03c66ec in posix_memalign (qemu-system-i386+0x1e676ec)
+ #1 0x5626d2b988d4 in qemu_try_memalign util/oslib-posix.c:210:11
+ #2 0x5626d2b98b0c in qemu_memalign util/oslib-posix.c:226:27
+ #3 0x5626d09fbaf0 in fdctrl_realize_common hw/block/fdc.c:2341:20
+ #4 0x5626d0a150ed in isabus_fdc_realize hw/block/fdc-isa.c:113:5
+ #5 0x5626d2367935 in device_set_realized hw/core/qdev.c:531:13
+
+ SUMMARY: AddressSanitizer: heap-buffer-overflow (qemu-system-i386+0x1e65919) in __asan_memcpy
+ Shadow bytes around the buggy address:
+ 0x0c32800044f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c3280004500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 0x0c3280004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 0x0c3280004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 0x0c3280004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ =>0x0c3280004540:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c3280004550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c3280004560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c3280004570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c3280004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c3280004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+ Shadow byte legend (one shadow byte represents 8 application bytes):
+ Addressable: 00
+ Heap left redzone: fa
+ Freed heap region: fd
+ ==4028352==ABORTING
+
+[ kwolf: Added snapshot=on to prevent write file lock failure ]
+
+Reported-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit 46609b90d9e3a6304def11038a76b58ff43f77bc)
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ tests/qtest/fdc-test.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c
+index b0d40012e6..1d4f852128 100644
+--- a/tests/qtest/fdc-test.c
++++ b/tests/qtest/fdc-test.c
+@@ -583,6 +583,26 @@ static void test_cve_2021_20196(void)
+ qtest_quit(s);
+ }
+
++static void test_cve_2021_3507(void)
++{
++ QTestState *s;
++
++ s = qtest_initf("-nographic -m 32M -nodefaults "
++ "-drive file=%s,format=raw,if=floppy,snapshot=on",
++ test_image);
++ qtest_outl(s, 0x9, 0x0a0206);
++ qtest_outw(s, 0x3f4, 0x1600);
++ qtest_outw(s, 0x3f4, 0x0000);
++ qtest_outw(s, 0x3f4, 0x0000);
++ qtest_outw(s, 0x3f4, 0x0000);
++ qtest_outw(s, 0x3f4, 0x0200);
++ qtest_outw(s, 0x3f4, 0x0200);
++ qtest_outw(s, 0x3f4, 0x0000);
++ qtest_outw(s, 0x3f4, 0x0000);
++ qtest_outw(s, 0x3f4, 0x0000);
++ qtest_quit(s);
++}
++
+ int main(int argc, char **argv)
+ {
+ int fd;
+@@ -614,6 +634,7 @@ int main(int argc, char **argv)
+ qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19);
+ qtest_add_func("/fdc/fuzz-registers", fuzz_registers);
+ qtest_add_func("/fdc/fuzz/cve_2021_20196", test_cve_2021_20196);
++ qtest_add_func("/fdc/fuzz/cve_2021_3507", test_cve_2021_3507);
+
+ ret = g_test_run();
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch b/SOURCES/kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch
deleted file mode 100644
index 6b7173e..0000000
--- a/SOURCES/kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From c5ff43026547ea20fbb496c5b6734b7e64362151 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 14 Feb 2022 12:37:49 +0100
-Subject: [PATCH 2/6] ui: avoid compiler warnings from unused clipboard info
- variable
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <kraxel@redhat.com>
-RH-MergeRequest: 75: fix vnc cut+paste crash
-RH-Commit: [2/4] 6a7982a0bab86bf843fd65842e730a61b2fa2cb0 (kraxel/centos-qemu-kvm)
-RH-Bugzilla: 2042820
-RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-With latest clang 13.0.0 we get
-
-../ui/clipboard.c:47:34: error: variable 'old' set but not used [-Werror,-Wunused-but-set-variable]
- g_autoptr(QemuClipboardInfo) old = NULL;
- ^
-
-The compiler can't tell that we only declared this variable in
-order to get the side effect of free'ing it when out of scope.
-
-This pattern is a little dubious for a use of g_autoptr, so
-rewrite the code to avoid it.
-
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-[AJB: fix merge conflict]
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
-Message-Id: <20211215141949.3512719-2-berrange@redhat.com>
-Message-Id: <20220105135009.1584676-2-alex.bennee@linaro.org>
-(cherry picked from commit 70a54b01693eda3c61814b05d699aba41015ac48)
----
- ui/clipboard.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/ui/clipboard.c b/ui/clipboard.c
-index d7b008d62a..7672058e84 100644
---- a/ui/clipboard.c
-+++ b/ui/clipboard.c
-@@ -44,12 +44,11 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer,
-
- void qemu_clipboard_update(QemuClipboardInfo *info)
- {
-- g_autoptr(QemuClipboardInfo) old = NULL;
- assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT);
-
- notifier_list_notify(&clipboard_notifiers, info);
-
-- old = cbinfo[info->selection];
-+ qemu_clipboard_info_unref(cbinfo[info->selection]);
- cbinfo[info->selection] = qemu_clipboard_info_ref(info);
- }
-
---
-2.27.0
-
diff --git a/SOURCES/kvm-ui-clipboard-fix-use-after-free-regression.patch b/SOURCES/kvm-ui-clipboard-fix-use-after-free-regression.patch
deleted file mode 100644
index e14cb23..0000000
--- a/SOURCES/kvm-ui-clipboard-fix-use-after-free-regression.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 965275cd87f8008f129509c6d6fd0096e8ac2d96 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Mon, 14 Feb 2022 15:59:17 +0400
-Subject: [PATCH 3/6] ui/clipboard: fix use-after-free regression
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <kraxel@redhat.com>
-RH-MergeRequest: 75: fix vnc cut+paste crash
-RH-Commit: [3/4] d8f68e0eb60d9aaa9a703d969f215816bf35f6f0 (kraxel/centos-qemu-kvm)
-RH-Bugzilla: 2042820
-RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-The same info may be used to update the clipboard, and may be freed
-before being ref'ed again.
-
-Fixes: 70a54b01693ed ("ui: avoid compiler warnings from unused clipboard info variable")
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Message-Id: <20220214115917.1679568-1-marcandre.lureau@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- ui/clipboard.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/ui/clipboard.c b/ui/clipboard.c
-index 7672058e84..d7dae13760 100644
---- a/ui/clipboard.c
-+++ b/ui/clipboard.c
-@@ -48,8 +48,10 @@ void qemu_clipboard_update(QemuClipboardInfo *info)
-
- notifier_list_notify(&clipboard_notifiers, info);
-
-- qemu_clipboard_info_unref(cbinfo[info->selection]);
-- cbinfo[info->selection] = qemu_clipboard_info_ref(info);
-+ if (cbinfo[info->selection] != info) {
-+ qemu_clipboard_info_unref(cbinfo[info->selection]);
-+ cbinfo[info->selection] = qemu_clipboard_info_ref(info);
-+ }
- }
-
- QemuClipboardInfo *qemu_clipboard_info(QemuClipboardSelection selection)
---
-2.27.0
-
diff --git a/SOURCES/kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch b/SOURCES/kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch
deleted file mode 100644
index 6d3802c..0000000
--- a/SOURCES/kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 14582cfec72e52894f16ed5c3fb14adb2d6d8e25 Mon Sep 17 00:00:00 2001
-From: Rao Lei <lei.rao@intel.com>
-Date: Wed, 5 Jan 2022 10:08:08 +0800
-Subject: [PATCH 4/6] ui/vnc.c: Fixed a deadlock bug.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <kraxel@redhat.com>
-RH-MergeRequest: 75: fix vnc cut+paste crash
-RH-Commit: [4/4] 5321e447de974d91e9a6c0cf01f4352166ffb7ce (kraxel/centos-qemu-kvm)
-RH-Bugzilla: 2042820
-RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-
-The GDB statck is as follows:
-(gdb) bt
-0 __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52
-1 0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80
-2 0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60)
- at ../util/qemu-thread-posix.c:80
-3 0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60
-4 0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138
-5 0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209
-6 0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 <clipboard_notifiers>, data=0x56211dd1bbf0) at ../util/notify.c:39
-7 0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50
-8 0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD)
- at ../ui/clipboard.c:41
-9 0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19
-10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358
-11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611
-12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649
-13 0x000056211a5b976c in qio_channel_fd_source_dispatch
- (source=0x56211ce50a00, callback=0x56211a0d4d71 <vnc_client_io>, user_data=0x56211df14200) at ../io/channel-watch.c:84
-14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
-15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232
-16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255
-17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531
-18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726
-19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50
-
-From the call trace, we can see it is a deadlock bug.
-vnc_disconnect_finish will acquire the output_mutex.
-But, the output_mutex will be acquired again in vnc_clipboard_send.
-Repeated locking will cause deadlock. So, I move
-qemu_clipboard_peer_unregister() behind vnc_unlock_output();
-
-Fixes: 0bf41cab93e ("ui/vnc: clipboard support")
-Signed-off-by: Lei Rao <lei.rao@intel.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220105020808.597325-1-lei.rao@intel.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 1dbbe6f172810026c51dc84ed927a3cc23017949)
----
- ui/vnc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index af02522e84..b253e85c65 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -1354,12 +1354,12 @@ void vnc_disconnect_finish(VncState *vs)
- /* last client gone */
- vnc_update_server_surface(vs->vd);
- }
-+ vnc_unlock_output(vs);
-+
- if (vs->cbpeer.update.notify) {
- qemu_clipboard_peer_unregister(&vs->cbpeer);
- }
-
-- vnc_unlock_output(vs);
--
- qemu_mutex_destroy(&vs->output_mutex);
- if (vs->bh != NULL) {
- qemu_bh_delete(vs->bh);
---
-2.27.0
-
diff --git a/SOURCES/kvm-util-Return-void-on-iova_tree_remove.patch b/SOURCES/kvm-util-Return-void-on-iova_tree_remove.patch
new file mode 100644
index 0000000..07c6f8e
--- /dev/null
+++ b/SOURCES/kvm-util-Return-void-on-iova_tree_remove.patch
@@ -0,0 +1,70 @@
+From 74c829f82eafa8e42ae94f7ace55c8aaed3bb5f4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Wed, 27 Apr 2022 17:49:31 +0200
+Subject: [PATCH 05/23] util: Return void on iova_tree_remove
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [4/21] 252287acca896eba7b5d2b62fc6247cfc565ba57 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: Merged
+
+It always returns IOVA_OK so nobody uses it.
+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220427154931.3166388-1-eperezma@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+(cherry picked from commit 832fef7cc14d65f99d523f883ef384014e6476a7)
+---
+ include/qemu/iova-tree.h | 4 +---
+ util/iova-tree.c | 4 +---
+ 2 files changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/include/qemu/iova-tree.h b/include/qemu/iova-tree.h
+index c938fb0793..16bbfdf5f8 100644
+--- a/include/qemu/iova-tree.h
++++ b/include/qemu/iova-tree.h
+@@ -72,10 +72,8 @@ int iova_tree_insert(IOVATree *tree, const DMAMap *map);
+ * provided. The range does not need to be exactly what has inserted,
+ * all the mappings that are included in the provided range will be
+ * removed from the tree. Here map->translated_addr is meaningless.
+- *
+- * Return: 0 if succeeded, or <0 if error.
+ */
+-int iova_tree_remove(IOVATree *tree, const DMAMap *map);
++void iova_tree_remove(IOVATree *tree, const DMAMap *map);
+
+ /**
+ * iova_tree_find:
+diff --git a/util/iova-tree.c b/util/iova-tree.c
+index 6dff29c1f6..fee530a579 100644
+--- a/util/iova-tree.c
++++ b/util/iova-tree.c
+@@ -164,15 +164,13 @@ void iova_tree_foreach(IOVATree *tree, iova_tree_iterator iterator)
+ g_tree_foreach(tree->tree, iova_tree_traverse, iterator);
+ }
+
+-int iova_tree_remove(IOVATree *tree, const DMAMap *map)
++void iova_tree_remove(IOVATree *tree, const DMAMap *map)
+ {
+ const DMAMap *overlap;
+
+ while ((overlap = iova_tree_find(tree, map))) {
+ g_tree_remove(tree->tree, overlap);
+ }
+-
+- return IOVA_OK;
+ }
+
+ /**
+--
+2.31.1
+
diff --git a/SOURCES/kvm-util-accept-iova_tree_remove_parameter-by-value.patch b/SOURCES/kvm-util-accept-iova_tree_remove_parameter-by-value.patch
new file mode 100644
index 0000000..cd073da
--- /dev/null
+++ b/SOURCES/kvm-util-accept-iova_tree_remove_parameter-by-value.patch
@@ -0,0 +1,182 @@
+From 90697579eaf598614293d75f684d6e8c55f8ab9b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:04 +0200
+Subject: [PATCH 06/23] util: accept iova_tree_remove_parameter by value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [5/21] ddaf052789e7ab3c67a77c038347113301587ffb (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+It's convenient to call iova_tree_remove from a map returned from
+iova_tree_find or iova_tree_find_iova. With the current code this is not
+possible, since we will free it, and then we will try to search for it
+again.
+
+Fix it making accepting the map by value, forcing a copy of the
+argument. Not applying a fixes tag, since there is no use like that at
+the moment.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit d69ba6677405de86b3b617fc7688b549f84cf013)
+---
+ hw/i386/intel_iommu.c | 6 +++---
+ hw/virtio/vhost-iova-tree.c | 2 +-
+ hw/virtio/vhost-iova-tree.h | 2 +-
+ hw/virtio/vhost-vdpa.c | 6 +++---
+ include/qemu/iova-tree.h | 2 +-
+ net/vhost-vdpa.c | 4 ++--
+ util/iova-tree.c | 4 ++--
+ 7 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
+index c64aa81a83..6738cf0929 100644
+--- a/hw/i386/intel_iommu.c
++++ b/hw/i386/intel_iommu.c
+@@ -1157,7 +1157,7 @@ static int vtd_page_walk_one(IOMMUTLBEvent *event, vtd_page_walk_info *info)
+ return ret;
+ }
+ /* Drop any existing mapping */
+- iova_tree_remove(as->iova_tree, &target);
++ iova_tree_remove(as->iova_tree, target);
+ /* Recover the correct type */
+ event->type = IOMMU_NOTIFIER_MAP;
+ entry->perm = cache_perm;
+@@ -1170,7 +1170,7 @@ static int vtd_page_walk_one(IOMMUTLBEvent *event, vtd_page_walk_info *info)
+ trace_vtd_page_walk_one_skip_unmap(entry->iova, entry->addr_mask);
+ return 0;
+ }
+- iova_tree_remove(as->iova_tree, &target);
++ iova_tree_remove(as->iova_tree, target);
+ }
+
+ trace_vtd_page_walk_one(info->domain_id, entry->iova,
+@@ -3532,7 +3532,7 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
+
+ map.iova = n->start;
+ map.size = size;
+- iova_tree_remove(as->iova_tree, &map);
++ iova_tree_remove(as->iova_tree, map);
+ }
+
+ static void vtd_address_space_unmap_all(IntelIOMMUState *s)
+diff --git a/hw/virtio/vhost-iova-tree.c b/hw/virtio/vhost-iova-tree.c
+index 55fed1fefb..1339a4de8b 100644
+--- a/hw/virtio/vhost-iova-tree.c
++++ b/hw/virtio/vhost-iova-tree.c
+@@ -104,7 +104,7 @@ int vhost_iova_tree_map_alloc(VhostIOVATree *tree, DMAMap *map)
+ * @iova_tree: The vhost iova tree
+ * @map: The map to remove
+ */
+-void vhost_iova_tree_remove(VhostIOVATree *iova_tree, const DMAMap *map)
++void vhost_iova_tree_remove(VhostIOVATree *iova_tree, DMAMap map)
+ {
+ iova_tree_remove(iova_tree->iova_taddr_map, map);
+ }
+diff --git a/hw/virtio/vhost-iova-tree.h b/hw/virtio/vhost-iova-tree.h
+index 6a4f24e0f9..4adfd79ff0 100644
+--- a/hw/virtio/vhost-iova-tree.h
++++ b/hw/virtio/vhost-iova-tree.h
+@@ -22,6 +22,6 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(VhostIOVATree, vhost_iova_tree_delete);
+ const DMAMap *vhost_iova_tree_find_iova(const VhostIOVATree *iova_tree,
+ const DMAMap *map);
+ int vhost_iova_tree_map_alloc(VhostIOVATree *iova_tree, DMAMap *map);
+-void vhost_iova_tree_remove(VhostIOVATree *iova_tree, const DMAMap *map);
++void vhost_iova_tree_remove(VhostIOVATree *iova_tree, DMAMap map);
+
+ #endif
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index cc15b7d8ee..39aa70f52d 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -238,7 +238,7 @@ static void vhost_vdpa_listener_region_add(MemoryListener *listener,
+
+ fail_map:
+ if (v->shadow_vqs_enabled) {
+- vhost_iova_tree_remove(v->iova_tree, &mem_region);
++ vhost_iova_tree_remove(v->iova_tree, mem_region);
+ }
+
+ fail:
+@@ -298,7 +298,7 @@ static void vhost_vdpa_listener_region_del(MemoryListener *listener,
+ return;
+ }
+ iova = result->iova;
+- vhost_iova_tree_remove(v->iova_tree, result);
++ vhost_iova_tree_remove(v->iova_tree, *result);
+ }
+ vhost_vdpa_iotlb_batch_begin_once(v);
+ ret = vhost_vdpa_dma_unmap(v, iova, int128_get64(llsize));
+@@ -942,7 +942,7 @@ static bool vhost_vdpa_svq_map_ring(struct vhost_vdpa *v, DMAMap *needle,
+ needle->perm == IOMMU_RO);
+ if (unlikely(r != 0)) {
+ error_setg_errno(errp, -r, "Cannot map region to device");
+- vhost_iova_tree_remove(v->iova_tree, needle);
++ vhost_iova_tree_remove(v->iova_tree, *needle);
+ }
+
+ return r == 0;
+diff --git a/include/qemu/iova-tree.h b/include/qemu/iova-tree.h
+index 16bbfdf5f8..8528e5c98f 100644
+--- a/include/qemu/iova-tree.h
++++ b/include/qemu/iova-tree.h
+@@ -73,7 +73,7 @@ int iova_tree_insert(IOVATree *tree, const DMAMap *map);
+ * all the mappings that are included in the provided range will be
+ * removed from the tree. Here map->translated_addr is meaningless.
+ */
+-void iova_tree_remove(IOVATree *tree, const DMAMap *map);
++void iova_tree_remove(IOVATree *tree, DMAMap map);
+
+ /**
+ * iova_tree_find:
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 411e71e6c2..ba65736f83 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -244,7 +244,7 @@ static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)
+ error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
+ }
+
+- vhost_iova_tree_remove(tree, map);
++ vhost_iova_tree_remove(tree, *map);
+ }
+
+ static size_t vhost_vdpa_net_cvq_cmd_len(void)
+@@ -297,7 +297,7 @@ static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
+ return true;
+
+ dma_map_err:
+- vhost_iova_tree_remove(v->iova_tree, &map);
++ vhost_iova_tree_remove(v->iova_tree, map);
+ return false;
+ }
+
+diff --git a/util/iova-tree.c b/util/iova-tree.c
+index fee530a579..536789797e 100644
+--- a/util/iova-tree.c
++++ b/util/iova-tree.c
+@@ -164,11 +164,11 @@ void iova_tree_foreach(IOVATree *tree, iova_tree_iterator iterator)
+ g_tree_foreach(tree->tree, iova_tree_traverse, iterator);
+ }
+
+-void iova_tree_remove(IOVATree *tree, const DMAMap *map)
++void iova_tree_remove(IOVATree *tree, DMAMap map)
+ {
+ const DMAMap *overlap;
+
+- while ((overlap = iova_tree_find(tree, map))) {
++ while ((overlap = iova_tree_find(tree, &map))) {
+ g_tree_remove(tree->tree, overlap);
+ }
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch b/SOURCES/kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch
new file mode 100644
index 0000000..77929a6
--- /dev/null
+++ b/SOURCES/kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch
@@ -0,0 +1,385 @@
+From 7a6fa42d4a4263c94b9bf18290f9e7680ea9e7f4 Mon Sep 17 00:00:00 2001
+From: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Date: Mon, 25 Apr 2022 09:57:23 +0200
+Subject: [PATCH 03/16] util/event-loop-base: Introduce options to set the
+ thread pool size
+
+RH-Author: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+RH-MergeRequest: 93: util/thread-pool: Expose minimum and maximum size
+RH-Commit: [3/3] af78a88ff3c69701cbb5f9e980c3d6ebbd13ff98
+RH-Bugzilla: 2031024
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+The thread pool regulates itself: when idle, it kills threads until
+empty, when in demand, it creates new threads until full. This behaviour
+doesn't play well with latency sensitive workloads where the price of
+creating a new thread is too high. For example, when paired with qemu's
+'-mlock', or using safety features like SafeStack, creating a new thread
+has been measured take multiple milliseconds.
+
+In order to mitigate this let's introduce a new 'EventLoopBase'
+property to set the thread pool size. The threads will be created during
+the pool's initialization or upon updating the property's value, remain
+available during its lifetime regardless of demand, and destroyed upon
+freeing it. A properly characterized workload will then be able to
+configure the pool to avoid any latency spikes.
+
+Signed-off-by: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Message-id: 20220425075723.20019-4-nsaenzju@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 71ad4713cc1d7fca24388b828ef31ae6cb38a31c)
+---
+ event-loop-base.c | 23 +++++++++++++
+ include/block/aio.h | 10 ++++++
+ include/block/thread-pool.h | 3 ++
+ include/sysemu/event-loop-base.h | 4 +++
+ iothread.c | 3 ++
+ qapi/qom.json | 10 +++++-
+ util/aio-posix.c | 1 +
+ util/async.c | 20 ++++++++++++
+ util/main-loop.c | 9 ++++++
+ util/thread-pool.c | 55 +++++++++++++++++++++++++++++---
+ 10 files changed, 133 insertions(+), 5 deletions(-)
+
+diff --git a/event-loop-base.c b/event-loop-base.c
+index e7f99a6ec8..d5be4dc6fc 100644
+--- a/event-loop-base.c
++++ b/event-loop-base.c
+@@ -14,6 +14,7 @@
+ #include "qemu/osdep.h"
+ #include "qom/object_interfaces.h"
+ #include "qapi/error.h"
++#include "block/thread-pool.h"
+ #include "sysemu/event-loop-base.h"
+
+ typedef struct {
+@@ -21,9 +22,22 @@ typedef struct {
+ ptrdiff_t offset; /* field's byte offset in EventLoopBase struct */
+ } EventLoopBaseParamInfo;
+
++static void event_loop_base_instance_init(Object *obj)
++{
++ EventLoopBase *base = EVENT_LOOP_BASE(obj);
++
++ base->thread_pool_max = THREAD_POOL_MAX_THREADS_DEFAULT;
++}
++
+ static EventLoopBaseParamInfo aio_max_batch_info = {
+ "aio-max-batch", offsetof(EventLoopBase, aio_max_batch),
+ };
++static EventLoopBaseParamInfo thread_pool_min_info = {
++ "thread-pool-min", offsetof(EventLoopBase, thread_pool_min),
++};
++static EventLoopBaseParamInfo thread_pool_max_info = {
++ "thread-pool-max", offsetof(EventLoopBase, thread_pool_max),
++};
+
+ static void event_loop_base_get_param(Object *obj, Visitor *v,
+ const char *name, void *opaque, Error **errp)
+@@ -95,12 +109,21 @@ static void event_loop_base_class_init(ObjectClass *klass, void *class_data)
+ event_loop_base_get_param,
+ event_loop_base_set_param,
+ NULL, &aio_max_batch_info);
++ object_class_property_add(klass, "thread-pool-min", "int",
++ event_loop_base_get_param,
++ event_loop_base_set_param,
++ NULL, &thread_pool_min_info);
++ object_class_property_add(klass, "thread-pool-max", "int",
++ event_loop_base_get_param,
++ event_loop_base_set_param,
++ NULL, &thread_pool_max_info);
+ }
+
+ static const TypeInfo event_loop_base_info = {
+ .name = TYPE_EVENT_LOOP_BASE,
+ .parent = TYPE_OBJECT,
+ .instance_size = sizeof(EventLoopBase),
++ .instance_init = event_loop_base_instance_init,
+ .class_size = sizeof(EventLoopBaseClass),
+ .class_init = event_loop_base_class_init,
+ .abstract = true,
+diff --git a/include/block/aio.h b/include/block/aio.h
+index 5634173b12..d128558f1d 100644
+--- a/include/block/aio.h
++++ b/include/block/aio.h
+@@ -192,6 +192,8 @@ struct AioContext {
+ QSLIST_HEAD(, Coroutine) scheduled_coroutines;
+ QEMUBH *co_schedule_bh;
+
++ int thread_pool_min;
++ int thread_pool_max;
+ /* Thread pool for performing work and receiving completion callbacks.
+ * Has its own locking.
+ */
+@@ -769,4 +771,12 @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
+ void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
+ Error **errp);
+
++/**
++ * aio_context_set_thread_pool_params:
++ * @ctx: the aio context
++ * @min: min number of threads to have readily available in the thread pool
++ * @min: max number of threads the thread pool can contain
++ */
++void aio_context_set_thread_pool_params(AioContext *ctx, int64_t min,
++ int64_t max, Error **errp);
+ #endif
+diff --git a/include/block/thread-pool.h b/include/block/thread-pool.h
+index 7dd7d730a0..2020bcc92d 100644
+--- a/include/block/thread-pool.h
++++ b/include/block/thread-pool.h
+@@ -20,6 +20,8 @@
+
+ #include "block/block.h"
+
++#define THREAD_POOL_MAX_THREADS_DEFAULT 64
++
+ typedef int ThreadPoolFunc(void *opaque);
+
+ typedef struct ThreadPool ThreadPool;
+@@ -33,5 +35,6 @@ BlockAIOCB *thread_pool_submit_aio(ThreadPool *pool,
+ int coroutine_fn thread_pool_submit_co(ThreadPool *pool,
+ ThreadPoolFunc *func, void *arg);
+ void thread_pool_submit(ThreadPool *pool, ThreadPoolFunc *func, void *arg);
++void thread_pool_update_params(ThreadPool *pool, struct AioContext *ctx);
+
+ #endif
+diff --git a/include/sysemu/event-loop-base.h b/include/sysemu/event-loop-base.h
+index fced4c9fea..2748bf6ae1 100644
+--- a/include/sysemu/event-loop-base.h
++++ b/include/sysemu/event-loop-base.h
+@@ -33,5 +33,9 @@ struct EventLoopBase {
+
+ /* AioContext AIO engine parameters */
+ int64_t aio_max_batch;
++
++ /* AioContext thread pool parameters */
++ int64_t thread_pool_min;
++ int64_t thread_pool_max;
+ };
+ #endif
+diff --git a/iothread.c b/iothread.c
+index 8fa2f3bfb8..529194a566 100644
+--- a/iothread.c
++++ b/iothread.c
+@@ -174,6 +174,9 @@ static void iothread_set_aio_context_params(EventLoopBase *base, Error **errp)
+ aio_context_set_aio_params(iothread->ctx,
+ iothread->parent_obj.aio_max_batch,
+ errp);
++
++ aio_context_set_thread_pool_params(iothread->ctx, base->thread_pool_min,
++ base->thread_pool_max, errp);
+ }
+
+
+diff --git a/qapi/qom.json b/qapi/qom.json
+index 7d4a2ac1b9..6a653c6636 100644
+--- a/qapi/qom.json
++++ b/qapi/qom.json
+@@ -508,10 +508,18 @@
+ # 0 means that the engine will use its default.
+ # (default: 0)
+ #
++# @thread-pool-min: minimum number of threads reserved in the thread pool
++# (default:0)
++#
++# @thread-pool-max: maximum number of threads the thread pool can contain
++# (default:64)
++#
+ # Since: 7.1
+ ##
+ { 'struct': 'EventLoopBaseProperties',
+- 'data': { '*aio-max-batch': 'int' } }
++ 'data': { '*aio-max-batch': 'int',
++ '*thread-pool-min': 'int',
++ '*thread-pool-max': 'int' } }
+
+ ##
+ # @IothreadProperties:
+diff --git a/util/aio-posix.c b/util/aio-posix.c
+index be0182a3c6..731f3826c0 100644
+--- a/util/aio-posix.c
++++ b/util/aio-posix.c
+@@ -15,6 +15,7 @@
+
+ #include "qemu/osdep.h"
+ #include "block/block.h"
++#include "block/thread-pool.h"
+ #include "qemu/main-loop.h"
+ #include "qemu/rcu.h"
+ #include "qemu/rcu_queue.h"
+diff --git a/util/async.c b/util/async.c
+index 2ea1172f3e..554ba70cca 100644
+--- a/util/async.c
++++ b/util/async.c
+@@ -563,6 +563,9 @@ AioContext *aio_context_new(Error **errp)
+
+ ctx->aio_max_batch = 0;
+
++ ctx->thread_pool_min = 0;
++ ctx->thread_pool_max = THREAD_POOL_MAX_THREADS_DEFAULT;
++
+ return ctx;
+ fail:
+ g_source_destroy(&ctx->source);
+@@ -696,3 +699,20 @@ void qemu_set_current_aio_context(AioContext *ctx)
+ assert(!get_my_aiocontext());
+ set_my_aiocontext(ctx);
+ }
++
++void aio_context_set_thread_pool_params(AioContext *ctx, int64_t min,
++ int64_t max, Error **errp)
++{
++
++ if (min > max || !max || min > INT_MAX || max > INT_MAX) {
++ error_setg(errp, "bad thread-pool-min/thread-pool-max values");
++ return;
++ }
++
++ ctx->thread_pool_min = min;
++ ctx->thread_pool_max = max;
++
++ if (ctx->thread_pool) {
++ thread_pool_update_params(ctx->thread_pool, ctx);
++ }
++}
+diff --git a/util/main-loop.c b/util/main-loop.c
+index 5b13f456fa..a0f48186ab 100644
+--- a/util/main-loop.c
++++ b/util/main-loop.c
+@@ -30,6 +30,7 @@
+ #include "sysemu/replay.h"
+ #include "qemu/main-loop.h"
+ #include "block/aio.h"
++#include "block/thread-pool.h"
+ #include "qemu/error-report.h"
+ #include "qemu/queue.h"
+ #include "qemu/compiler.h"
+@@ -187,12 +188,20 @@ int qemu_init_main_loop(Error **errp)
+
+ static void main_loop_update_params(EventLoopBase *base, Error **errp)
+ {
++ ERRP_GUARD();
++
+ if (!qemu_aio_context) {
+ error_setg(errp, "qemu aio context not ready");
+ return;
+ }
+
+ aio_context_set_aio_params(qemu_aio_context, base->aio_max_batch, errp);
++ if (*errp) {
++ return;
++ }
++
++ aio_context_set_thread_pool_params(qemu_aio_context, base->thread_pool_min,
++ base->thread_pool_max, errp);
+ }
+
+ MainLoop *mloop;
+diff --git a/util/thread-pool.c b/util/thread-pool.c
+index d763cea505..196835b4d3 100644
+--- a/util/thread-pool.c
++++ b/util/thread-pool.c
+@@ -58,7 +58,6 @@ struct ThreadPool {
+ QemuMutex lock;
+ QemuCond worker_stopped;
+ QemuSemaphore sem;
+- int max_threads;
+ QEMUBH *new_thread_bh;
+
+ /* The following variables are only accessed from one AioContext. */
+@@ -71,8 +70,27 @@ struct ThreadPool {
+ int new_threads; /* backlog of threads we need to create */
+ int pending_threads; /* threads created but not running yet */
+ bool stopping;
++ int min_threads;
++ int max_threads;
+ };
+
++static inline bool back_to_sleep(ThreadPool *pool, int ret)
++{
++ /*
++ * The semaphore timed out, we should exit the loop except when:
++ * - There is work to do, we raced with the signal.
++ * - The max threads threshold just changed, we raced with the signal.
++ * - The thread pool forces a minimum number of readily available threads.
++ */
++ if (ret == -1 && (!QTAILQ_EMPTY(&pool->request_list) ||
++ pool->cur_threads > pool->max_threads ||
++ pool->cur_threads <= pool->min_threads)) {
++ return true;
++ }
++
++ return false;
++}
++
+ static void *worker_thread(void *opaque)
+ {
+ ThreadPool *pool = opaque;
+@@ -91,8 +109,9 @@ static void *worker_thread(void *opaque)
+ ret = qemu_sem_timedwait(&pool->sem, 10000);
+ qemu_mutex_lock(&pool->lock);
+ pool->idle_threads--;
+- } while (ret == -1 && !QTAILQ_EMPTY(&pool->request_list));
+- if (ret == -1 || pool->stopping) {
++ } while (back_to_sleep(pool, ret));
++ if (ret == -1 || pool->stopping ||
++ pool->cur_threads > pool->max_threads) {
+ break;
+ }
+
+@@ -294,6 +313,33 @@ void thread_pool_submit(ThreadPool *pool, ThreadPoolFunc *func, void *arg)
+ thread_pool_submit_aio(pool, func, arg, NULL, NULL);
+ }
+
++void thread_pool_update_params(ThreadPool *pool, AioContext *ctx)
++{
++ qemu_mutex_lock(&pool->lock);
++
++ pool->min_threads = ctx->thread_pool_min;
++ pool->max_threads = ctx->thread_pool_max;
++
++ /*
++ * We either have to:
++ * - Increase the number available of threads until over the min_threads
++ * threshold.
++ * - Decrease the number of available threads until under the max_threads
++ * threshold.
++ * - Do nothing. The current number of threads fall in between the min and
++ * max thresholds. We'll let the pool manage itself.
++ */
++ for (int i = pool->cur_threads; i < pool->min_threads; i++) {
++ spawn_thread(pool);
++ }
++
++ for (int i = pool->cur_threads; i > pool->max_threads; i--) {
++ qemu_sem_post(&pool->sem);
++ }
++
++ qemu_mutex_unlock(&pool->lock);
++}
++
+ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
+ {
+ if (!ctx) {
+@@ -306,11 +352,12 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
+ qemu_mutex_init(&pool->lock);
+ qemu_cond_init(&pool->worker_stopped);
+ qemu_sem_init(&pool->sem, 0);
+- pool->max_threads = 64;
+ pool->new_thread_bh = aio_bh_new(ctx, spawn_thread_bh_fn, pool);
+
+ QLIST_INIT(&pool->head);
+ QTAILQ_INIT(&pool->request_list);
++
++ thread_pool_update_params(pool, ctx);
+ }
+
+ ThreadPool *thread_pool_new(AioContext *ctx)
+--
+2.31.1
+
diff --git a/SOURCES/kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch b/SOURCES/kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch
new file mode 100644
index 0000000..2104424
--- /dev/null
+++ b/SOURCES/kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch
@@ -0,0 +1,233 @@
+From b4969662de01848f887a3918e97e516efc213f71 Mon Sep 17 00:00:00 2001
+From: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Date: Mon, 25 Apr 2022 09:57:22 +0200
+Subject: [PATCH 02/16] util/main-loop: Introduce the main loop into QOM
+
+RH-Author: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+RH-MergeRequest: 93: util/thread-pool: Expose minimum and maximum size
+RH-Commit: [2/3] a481b77e25ad50d13dcbe26b36c551b18c89bddd
+RH-Bugzilla: 2031024
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+
+'event-loop-base' provides basic property handling for all 'AioContext'
+based event loops. So let's define a new 'MainLoopClass' that inherits
+from it. This will permit tweaking the main loop's properties through
+qapi as well as through the command line using the '-object' keyword[1].
+Only one instance of 'MainLoopClass' might be created at any time.
+
+'EventLoopBaseClass' learns a new callback, 'can_be_deleted()' so as to
+mark 'MainLoop' as non-deletable.
+
+[1] For example:
+ -object main-loop,id=main-loop,aio-max-batch=<value>
+
+Signed-off-by: Nicolas Saenz Julienne <nsaenzju@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Message-id: 20220425075723.20019-3-nsaenzju@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 70ac26b9e5ca8374bb3ef3f30b871726673c9f27)
+---
+ event-loop-base.c | 13 ++++++++
+ include/qemu/main-loop.h | 10 ++++++
+ include/sysemu/event-loop-base.h | 1 +
+ meson.build | 3 +-
+ qapi/qom.json | 13 ++++++++
+ util/main-loop.c | 56 ++++++++++++++++++++++++++++++++
+ 6 files changed, 95 insertions(+), 1 deletion(-)
+
+diff --git a/event-loop-base.c b/event-loop-base.c
+index a924c73a7c..e7f99a6ec8 100644
+--- a/event-loop-base.c
++++ b/event-loop-base.c
+@@ -73,10 +73,23 @@ static void event_loop_base_complete(UserCreatable *uc, Error **errp)
+ }
+ }
+
++static bool event_loop_base_can_be_deleted(UserCreatable *uc)
++{
++ EventLoopBaseClass *bc = EVENT_LOOP_BASE_GET_CLASS(uc);
++ EventLoopBase *backend = EVENT_LOOP_BASE(uc);
++
++ if (bc->can_be_deleted) {
++ return bc->can_be_deleted(backend);
++ }
++
++ return true;
++}
++
+ static void event_loop_base_class_init(ObjectClass *klass, void *class_data)
+ {
+ UserCreatableClass *ucc = USER_CREATABLE_CLASS(klass);
+ ucc->complete = event_loop_base_complete;
++ ucc->can_be_deleted = event_loop_base_can_be_deleted;
+
+ object_class_property_add(klass, "aio-max-batch", "int",
+ event_loop_base_get_param,
+diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
+index d3750c8e76..20c9387654 100644
+--- a/include/qemu/main-loop.h
++++ b/include/qemu/main-loop.h
+@@ -26,9 +26,19 @@
+ #define QEMU_MAIN_LOOP_H
+
+ #include "block/aio.h"
++#include "qom/object.h"
++#include "sysemu/event-loop-base.h"
+
+ #define SIG_IPI SIGUSR1
+
++#define TYPE_MAIN_LOOP "main-loop"
++OBJECT_DECLARE_TYPE(MainLoop, MainLoopClass, MAIN_LOOP)
++
++struct MainLoop {
++ EventLoopBase parent_obj;
++};
++typedef struct MainLoop MainLoop;
++
+ /**
+ * qemu_init_main_loop: Set up the process so that it can run the main loop.
+ *
+diff --git a/include/sysemu/event-loop-base.h b/include/sysemu/event-loop-base.h
+index 8e77d8b69f..fced4c9fea 100644
+--- a/include/sysemu/event-loop-base.h
++++ b/include/sysemu/event-loop-base.h
+@@ -25,6 +25,7 @@ struct EventLoopBaseClass {
+
+ void (*init)(EventLoopBase *base, Error **errp);
+ void (*update_params)(EventLoopBase *base, Error **errp);
++ bool (*can_be_deleted)(EventLoopBase *base);
+ };
+
+ struct EventLoopBase {
+diff --git a/meson.build b/meson.build
+index b9c919a55e..5a7c10e639 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2832,7 +2832,8 @@ libqemuutil = static_library('qemuutil',
+ sources: util_ss.sources() + stub_ss.sources() + genh,
+ dependencies: [util_ss.dependencies(), libm, threads, glib, socket, malloc, pixman])
+ qemuutil = declare_dependency(link_with: libqemuutil,
+- sources: genh + version_res)
++ sources: genh + version_res,
++ dependencies: [event_loop_base])
+
+ if have_system or have_user
+ decodetree = generator(find_program('scripts/decodetree.py'),
+diff --git a/qapi/qom.json b/qapi/qom.json
+index a2439533c5..7d4a2ac1b9 100644
+--- a/qapi/qom.json
++++ b/qapi/qom.json
+@@ -540,6 +540,17 @@
+ '*poll-grow': 'int',
+ '*poll-shrink': 'int' } }
+
++##
++# @MainLoopProperties:
++#
++# Properties for the main-loop object.
++#
++# Since: 7.1
++##
++{ 'struct': 'MainLoopProperties',
++ 'base': 'EventLoopBaseProperties',
++ 'data': {} }
++
+ ##
+ # @MemoryBackendProperties:
+ #
+@@ -830,6 +841,7 @@
+ { 'name': 'input-linux',
+ 'if': 'CONFIG_LINUX' },
+ 'iothread',
++ 'main-loop',
+ { 'name': 'memory-backend-epc',
+ 'if': 'CONFIG_LINUX' },
+ 'memory-backend-file',
+@@ -895,6 +907,7 @@
+ 'input-linux': { 'type': 'InputLinuxProperties',
+ 'if': 'CONFIG_LINUX' },
+ 'iothread': 'IothreadProperties',
++ 'main-loop': 'MainLoopProperties',
+ 'memory-backend-epc': { 'type': 'MemoryBackendEpcProperties',
+ 'if': 'CONFIG_LINUX' },
+ 'memory-backend-file': 'MemoryBackendFileProperties',
+diff --git a/util/main-loop.c b/util/main-loop.c
+index b7b0ce4ca0..5b13f456fa 100644
+--- a/util/main-loop.c
++++ b/util/main-loop.c
+@@ -33,6 +33,7 @@
+ #include "qemu/error-report.h"
+ #include "qemu/queue.h"
+ #include "qemu/compiler.h"
++#include "qom/object.h"
+
+ #ifndef _WIN32
+ #include <sys/wait.h>
+@@ -184,6 +185,61 @@ int qemu_init_main_loop(Error **errp)
+ return 0;
+ }
+
++static void main_loop_update_params(EventLoopBase *base, Error **errp)
++{
++ if (!qemu_aio_context) {
++ error_setg(errp, "qemu aio context not ready");
++ return;
++ }
++
++ aio_context_set_aio_params(qemu_aio_context, base->aio_max_batch, errp);
++}
++
++MainLoop *mloop;
++
++static void main_loop_init(EventLoopBase *base, Error **errp)
++{
++ MainLoop *m = MAIN_LOOP(base);
++
++ if (mloop) {
++ error_setg(errp, "only one main-loop instance allowed");
++ return;
++ }
++
++ main_loop_update_params(base, errp);
++
++ mloop = m;
++ return;
++}
++
++static bool main_loop_can_be_deleted(EventLoopBase *base)
++{
++ return false;
++}
++
++static void main_loop_class_init(ObjectClass *oc, void *class_data)
++{
++ EventLoopBaseClass *bc = EVENT_LOOP_BASE_CLASS(oc);
++
++ bc->init = main_loop_init;
++ bc->update_params = main_loop_update_params;
++ bc->can_be_deleted = main_loop_can_be_deleted;
++}
++
++static const TypeInfo main_loop_info = {
++ .name = TYPE_MAIN_LOOP,
++ .parent = TYPE_EVENT_LOOP_BASE,
++ .class_init = main_loop_class_init,
++ .instance_size = sizeof(MainLoop),
++};
++
++static void main_loop_register_types(void)
++{
++ type_register_static(&main_loop_info);
++}
++
++type_init(main_loop_register_types)
++
+ static int max_priority;
+
+ #ifndef _WIN32
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Add-device-migration-blocker.patch b/SOURCES/kvm-vdpa-Add-device-migration-blocker.patch
new file mode 100644
index 0000000..1b83c98
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Add-device-migration-blocker.patch
@@ -0,0 +1,106 @@
+From 8e0fdce814af4cfc84dce5e5920da989b1f1a86d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 16:06:05 +0200
+Subject: [PATCH 26/32] vdpa: Add device migration blocker
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [26/27] 53d94d45b5e5e88f12b95f9b0f243696cfcbd7ce (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit c156d5bf2b142dcc06808ccee06882144f230aec
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:45 2022 +0200
+
+ vdpa: Add device migration blocker
+
+ Since the vhost-vdpa device is exposing _F_LOG, adding a migration blocker if
+ it uses CVQ.
+
+ However, qemu is able to migrate simple devices with no CVQ as long as
+ they use SVQ. To allow it, add a placeholder error to vhost_vdpa, and
+ only add to vhost_dev when used. vhost_dev machinery place the migration
+ blocker if needed.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-vdpa.c | 15 +++++++++++++++
+ include/hw/virtio/vhost-vdpa.h | 1 +
+ 2 files changed, 16 insertions(+)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 49effe5462..e3e5bce4bb 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -20,6 +20,7 @@
+ #include "hw/virtio/vhost-shadow-virtqueue.h"
+ #include "hw/virtio/vhost-vdpa.h"
+ #include "exec/address-spaces.h"
++#include "migration/blocker.h"
+ #include "qemu/main-loop.h"
+ #include "cpu.h"
+ #include "trace.h"
+@@ -1020,6 +1021,13 @@ static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)
+ return true;
+ }
+
++ if (v->migration_blocker) {
++ int r = migrate_add_blocker(v->migration_blocker, &err);
++ if (unlikely(r < 0)) {
++ return false;
++ }
++ }
++
+ for (i = 0; i < v->shadow_vqs->len; ++i) {
+ VirtQueue *vq = virtio_get_queue(dev->vdev, dev->vq_index + i);
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+@@ -1062,6 +1070,10 @@ err:
+ vhost_svq_stop(svq);
+ }
+
++ if (v->migration_blocker) {
++ migrate_del_blocker(v->migration_blocker);
++ }
++
+ return false;
+ }
+
+@@ -1081,6 +1093,9 @@ static bool vhost_vdpa_svqs_stop(struct vhost_dev *dev)
+ }
+ }
+
++ if (v->migration_blocker) {
++ migrate_del_blocker(v->migration_blocker);
++ }
+ return true;
+ }
+
+diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
+index 1111d85643..d10a89303e 100644
+--- a/include/hw/virtio/vhost-vdpa.h
++++ b/include/hw/virtio/vhost-vdpa.h
+@@ -35,6 +35,7 @@ typedef struct vhost_vdpa {
+ bool shadow_vqs_enabled;
+ /* IOVA mapping used by the Shadow Virtqueue */
+ VhostIOVATree *iova_tree;
++ Error *migration_blocker;
+ GPtrArray *shadow_vqs;
+ const VhostShadowVirtqueueOps *shadow_vq_ops;
+ void *shadow_vq_ops_opaque;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch b/SOURCES/kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch
new file mode 100644
index 0000000..4dede70
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch
@@ -0,0 +1,87 @@
+From e1f9986cf77e4b2f16aca7b2523bc75bae0c4d3c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:36 +0200
+Subject: [PATCH 21/23] vdpa: Add virtio-net mac address via CVQ at start
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [20/21] a7920816d5faf7a0cfbb7c2731a48ddfc456b8d4 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+This is needed so the destination vdpa device see the same state a the
+guest set in the source.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit f34cd09b13855657a0d49c5ea6a1e37ba9dc2334)
+---
+ net/vhost-vdpa.c | 40 ++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 40 insertions(+)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index f09f044ec1..79ebda7de1 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -363,11 +363,51 @@ static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s, size_t out_len,
+ return vhost_svq_poll(svq);
+ }
+
++static int vhost_vdpa_net_load(NetClientState *nc)
++{
++ VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
++ const struct vhost_vdpa *v = &s->vhost_vdpa;
++ const VirtIONet *n;
++ uint64_t features;
++
++ assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
++
++ if (!v->shadow_vqs_enabled) {
++ return 0;
++ }
++
++ n = VIRTIO_NET(v->dev->vdev);
++ features = n->parent_obj.guest_features;
++ if (features & BIT_ULL(VIRTIO_NET_F_CTRL_MAC_ADDR)) {
++ const struct virtio_net_ctrl_hdr ctrl = {
++ .class = VIRTIO_NET_CTRL_MAC,
++ .cmd = VIRTIO_NET_CTRL_MAC_ADDR_SET,
++ };
++ char *cursor = s->cvq_cmd_out_buffer;
++ ssize_t dev_written;
++
++ memcpy(cursor, &ctrl, sizeof(ctrl));
++ cursor += sizeof(ctrl);
++ memcpy(cursor, n->mac, sizeof(n->mac));
++
++ dev_written = vhost_vdpa_net_cvq_add(s, sizeof(ctrl) + sizeof(n->mac),
++ sizeof(virtio_net_ctrl_ack));
++ if (unlikely(dev_written < 0)) {
++ return dev_written;
++ }
++
++ return *((virtio_net_ctrl_ack *)s->cvq_cmd_in_buffer) != VIRTIO_NET_OK;
++ }
++
++ return 0;
++}
++
+ static NetClientInfo net_vhost_vdpa_cvq_info = {
+ .type = NET_CLIENT_DRIVER_VHOST_VDPA,
+ .size = sizeof(VhostVDPAState),
+ .receive = vhost_vdpa_receive,
+ .start = vhost_vdpa_net_cvq_start,
++ .load = vhost_vdpa_net_load,
+ .stop = vhost_vdpa_net_cvq_stop,
+ .cleanup = vhost_vdpa_cleanup,
+ .has_vnet_hdr = vhost_vdpa_has_vnet_hdr,
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch b/SOURCES/kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch
new file mode 100644
index 0000000..8a7b600
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch
@@ -0,0 +1,223 @@
+From 0b27781f9984c67625c49a516c3e38fbf5fa1b1b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 16:06:16 +0200
+Subject: [PATCH 27/32] vdpa: Add x-svq to NetdevVhostVDPAOptions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [27/27] bd85496c2a8c1ebf34f908fca2be2ab9852fd0e9 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 1576dbb5bbc49344c606e969ec749be70c0fd94e
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:46 2022 +0200
+
+ vdpa: Add x-svq to NetdevVhostVDPAOptions
+
+ Finally offering the possibility to enable SVQ from the command line.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Acked-by: Markus Armbruster <armbru@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ net/vhost-vdpa.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++--
+ qapi/net.json | 9 +++++-
+ 2 files changed, 77 insertions(+), 4 deletions(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 8b76dac966..50672bcd66 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -75,6 +75,28 @@ const int vdpa_feature_bits[] = {
+ VHOST_INVALID_FEATURE_BIT
+ };
+
++/** Supported device specific feature bits with SVQ */
++static const uint64_t vdpa_svq_device_features =
++ BIT_ULL(VIRTIO_NET_F_CSUM) |
++ BIT_ULL(VIRTIO_NET_F_GUEST_CSUM) |
++ BIT_ULL(VIRTIO_NET_F_MTU) |
++ BIT_ULL(VIRTIO_NET_F_MAC) |
++ BIT_ULL(VIRTIO_NET_F_GUEST_TSO4) |
++ BIT_ULL(VIRTIO_NET_F_GUEST_TSO6) |
++ BIT_ULL(VIRTIO_NET_F_GUEST_ECN) |
++ BIT_ULL(VIRTIO_NET_F_GUEST_UFO) |
++ BIT_ULL(VIRTIO_NET_F_HOST_TSO4) |
++ BIT_ULL(VIRTIO_NET_F_HOST_TSO6) |
++ BIT_ULL(VIRTIO_NET_F_HOST_ECN) |
++ BIT_ULL(VIRTIO_NET_F_HOST_UFO) |
++ BIT_ULL(VIRTIO_NET_F_MRG_RXBUF) |
++ BIT_ULL(VIRTIO_NET_F_STATUS) |
++ BIT_ULL(VIRTIO_NET_F_CTRL_VQ) |
++ BIT_ULL(VIRTIO_F_ANY_LAYOUT) |
++ BIT_ULL(VIRTIO_NET_F_CTRL_MAC_ADDR) |
++ BIT_ULL(VIRTIO_NET_F_RSC_EXT) |
++ BIT_ULL(VIRTIO_NET_F_STANDBY);
++
+ VHostNetState *vhost_vdpa_get_vhost_net(NetClientState *nc)
+ {
+ VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
+@@ -133,9 +155,13 @@ err_init:
+ static void vhost_vdpa_cleanup(NetClientState *nc)
+ {
+ VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
++ struct vhost_dev *dev = &s->vhost_net->dev;
+
+ qemu_vfree(s->cvq_cmd_out_buffer);
+ qemu_vfree(s->cvq_cmd_in_buffer);
++ if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
++ g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
++ }
+ if (s->vhost_net) {
+ vhost_net_cleanup(s->vhost_net);
+ g_free(s->vhost_net);
+@@ -437,7 +463,9 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+ int vdpa_device_fd,
+ int queue_pair_index,
+ int nvqs,
+- bool is_datapath)
++ bool is_datapath,
++ bool svq,
++ VhostIOVATree *iova_tree)
+ {
+ NetClientState *nc = NULL;
+ VhostVDPAState *s;
+@@ -455,6 +483,8 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+
+ s->vhost_vdpa.device_fd = vdpa_device_fd;
+ s->vhost_vdpa.index = queue_pair_index;
++ s->vhost_vdpa.shadow_vqs_enabled = svq;
++ s->vhost_vdpa.iova_tree = iova_tree;
+ if (!is_datapath) {
+ s->cvq_cmd_out_buffer = qemu_memalign(qemu_real_host_page_size,
+ vhost_vdpa_net_cvq_cmd_page_len());
+@@ -465,6 +495,8 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+
+ s->vhost_vdpa.shadow_vq_ops = &vhost_vdpa_net_svq_ops;
+ s->vhost_vdpa.shadow_vq_ops_opaque = s;
++ error_setg(&s->vhost_vdpa.migration_blocker,
++ "Migration disabled: vhost-vdpa uses CVQ.");
+ }
+ ret = vhost_vdpa_add(nc, (void *)&s->vhost_vdpa, queue_pair_index, nvqs);
+ if (ret) {
+@@ -474,6 +506,14 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+ return nc;
+ }
+
++static int vhost_vdpa_get_iova_range(int fd,
++ struct vhost_vdpa_iova_range *iova_range)
++{
++ int ret = ioctl(fd, VHOST_VDPA_GET_IOVA_RANGE, iova_range);
++
++ return ret < 0 ? -errno : 0;
++}
++
+ static int vhost_vdpa_get_features(int fd, uint64_t *features, Error **errp)
+ {
+ int ret = ioctl(fd, VHOST_GET_FEATURES, features);
+@@ -524,6 +564,7 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
+ uint64_t features;
+ int vdpa_device_fd;
+ g_autofree NetClientState **ncs = NULL;
++ g_autoptr(VhostIOVATree) iova_tree = NULL;
+ NetClientState *nc;
+ int queue_pairs, r, i, has_cvq = 0;
+
+@@ -551,22 +592,45 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
+ return queue_pairs;
+ }
+
++ if (opts->x_svq) {
++ struct vhost_vdpa_iova_range iova_range;
++
++ uint64_t invalid_dev_features =
++ features & ~vdpa_svq_device_features &
++ /* Transport are all accepted at this point */
++ ~MAKE_64BIT_MASK(VIRTIO_TRANSPORT_F_START,
++ VIRTIO_TRANSPORT_F_END - VIRTIO_TRANSPORT_F_START);
++
++ if (invalid_dev_features) {
++ error_setg(errp, "vdpa svq does not work with features 0x%" PRIx64,
++ invalid_dev_features);
++ goto err_svq;
++ }
++
++ vhost_vdpa_get_iova_range(vdpa_device_fd, &iova_range);
++ iova_tree = vhost_iova_tree_new(iova_range.first, iova_range.last);
++ }
++
+ ncs = g_malloc0(sizeof(*ncs) * queue_pairs);
+
+ for (i = 0; i < queue_pairs; i++) {
+ ncs[i] = net_vhost_vdpa_init(peer, TYPE_VHOST_VDPA, name,
+- vdpa_device_fd, i, 2, true);
++ vdpa_device_fd, i, 2, true, opts->x_svq,
++ iova_tree);
+ if (!ncs[i])
+ goto err;
+ }
+
+ if (has_cvq) {
+ nc = net_vhost_vdpa_init(peer, TYPE_VHOST_VDPA, name,
+- vdpa_device_fd, i, 1, false);
++ vdpa_device_fd, i, 1, false,
++ opts->x_svq, iova_tree);
+ if (!nc)
+ goto err;
+ }
+
++ /* iova_tree ownership belongs to last NetClientState */
++ g_steal_pointer(&iova_tree);
+ return 0;
+
+ err:
+@@ -575,6 +639,8 @@ err:
+ qemu_del_net_client(ncs[i]);
+ }
+ }
++
++err_svq:
+ qemu_close(vdpa_device_fd);
+
+ return -1;
+diff --git a/qapi/net.json b/qapi/net.json
+index b92f3f5fb4..92848e4362 100644
+--- a/qapi/net.json
++++ b/qapi/net.json
+@@ -445,12 +445,19 @@
+ # @queues: number of queues to be created for multiqueue vhost-vdpa
+ # (default: 1)
+ #
++# @x-svq: Start device with (experimental) shadow virtqueue. (Since 7.1)
++# (default: false)
++#
++# Features:
++# @unstable: Member @x-svq is experimental.
++#
+ # Since: 5.1
+ ##
+ { 'struct': 'NetdevVhostVDPAOptions',
+ 'data': {
+ '*vhostdev': 'str',
+- '*queues': 'int' } }
++ '*queues': 'int',
++ '*x-svq': {'type': 'bool', 'features' : [ 'unstable'] } } }
+
+ ##
+ # @NetClientDriver:
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch b/SOURCES/kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch
new file mode 100644
index 0000000..acd45e0
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch
@@ -0,0 +1,65 @@
+From df06ce560ddfefde98bef822ec2020382059921f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 10/32] vdpa: Avoid compiler to squash reads to used idx
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [10/27] b28789302d4f64749da26f413763f918161d9b70 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit c381abc37f0aba42ed2e3b41cdace8f8438829e4
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:29 2022 +0200
+
+ vdpa: Avoid compiler to squash reads to used idx
+
+ In the next patch we will allow busypolling of this value. The compiler
+ have a running path where shadow_used_idx, last_used_idx, and vring used
+ idx are not modified within the same thread busypolling.
+
+ This was not an issue before since we always cleared device event
+ notifier before checking it, and that could act as memory barrier.
+ However, the busypoll needs something similar to kernel READ_ONCE.
+
+ Let's add it here, sepparated from the polling.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 3fbda1e3d4..9c46c3a8fa 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -327,11 +327,12 @@ static void vhost_handle_guest_kick_notifier(EventNotifier *n)
+
+ static bool vhost_svq_more_used(VhostShadowVirtqueue *svq)
+ {
++ uint16_t *used_idx = &svq->vring.used->idx;
+ if (svq->last_used_idx != svq->shadow_used_idx) {
+ return true;
+ }
+
+- svq->shadow_used_idx = cpu_to_le16(svq->vring.used->idx);
++ svq->shadow_used_idx = cpu_to_le16(*(volatile uint16_t *)used_idx);
+
+ return svq->last_used_idx != svq->shadow_used_idx;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch b/SOURCES/kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch
new file mode 100644
index 0000000..243aec8
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch
@@ -0,0 +1,323 @@
+From 881945094c0e4d33614d40959bfc20e395f5a478 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 16:05:40 +0200
+Subject: [PATCH 24/32] vdpa: Buffer CVQ support on shadow virtqueue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [24/27] 5486f80141a3ad968a32e782bdcdead32f417352 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 2df4dd31e194c94da7d28c02e92449f4a989fca9
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:43 2022 +0200
+
+ vdpa: Buffer CVQ support on shadow virtqueue
+
+ Introduce the control virtqueue support for vDPA shadow virtqueue. This
+ is needed for advanced networking features like rx filtering.
+
+ Virtio-net control VQ copies the descriptors to qemu's VA, so we avoid
+ TOCTOU with the guest's or device's memory every time there is a device
+ model change. Otherwise, the guest could change the memory content in
+ the time between qemu and the device read it.
+
+ To demonstrate command handling, VIRTIO_NET_F_CTRL_MACADDR is
+ implemented. If the virtio-net driver changes MAC the virtio-net device
+ model will be updated with the new one, and a rx filtering change event
+ will be raised.
+
+ More cvq commands could be added here straightforwardly but they have
+ not been tested.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ net/vhost-vdpa.c | 213 +++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 205 insertions(+), 8 deletions(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 2e3b6b10d8..df42822463 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -33,6 +33,9 @@ typedef struct VhostVDPAState {
+ NetClientState nc;
+ struct vhost_vdpa vhost_vdpa;
+ VHostNetState *vhost_net;
++
++ /* Control commands shadow buffers */
++ void *cvq_cmd_out_buffer, *cvq_cmd_in_buffer;
+ bool started;
+ } VhostVDPAState;
+
+@@ -131,6 +134,8 @@ static void vhost_vdpa_cleanup(NetClientState *nc)
+ {
+ VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
+
++ qemu_vfree(s->cvq_cmd_out_buffer);
++ qemu_vfree(s->cvq_cmd_in_buffer);
+ if (s->vhost_net) {
+ vhost_net_cleanup(s->vhost_net);
+ g_free(s->vhost_net);
+@@ -190,24 +195,191 @@ static NetClientInfo net_vhost_vdpa_info = {
+ .check_peer_type = vhost_vdpa_check_peer_type,
+ };
+
++static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)
++{
++ VhostIOVATree *tree = v->iova_tree;
++ DMAMap needle = {
++ /*
++ * No need to specify size or to look for more translations since
++ * this contiguous chunk was allocated by us.
++ */
++ .translated_addr = (hwaddr)(uintptr_t)addr,
++ };
++ const DMAMap *map = vhost_iova_tree_find_iova(tree, &needle);
++ int r;
++
++ if (unlikely(!map)) {
++ error_report("Cannot locate expected map");
++ return;
++ }
++
++ r = vhost_vdpa_dma_unmap(v, map->iova, map->size + 1);
++ if (unlikely(r != 0)) {
++ error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
++ }
++
++ vhost_iova_tree_remove(tree, map);
++}
++
++static size_t vhost_vdpa_net_cvq_cmd_len(void)
++{
++ /*
++ * MAC_TABLE_SET is the ctrl command that produces the longer out buffer.
++ * In buffer is always 1 byte, so it should fit here
++ */
++ return sizeof(struct virtio_net_ctrl_hdr) +
++ 2 * sizeof(struct virtio_net_ctrl_mac) +
++ MAC_TABLE_ENTRIES * ETH_ALEN;
++}
++
++static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
++{
++ return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), qemu_real_host_page_size);
++}
++
++/** Copy and map a guest buffer. */
++static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
++ const struct iovec *out_data,
++ size_t out_num, size_t data_len, void *buf,
++ size_t *written, bool write)
++{
++ DMAMap map = {};
++ int r;
++
++ if (unlikely(!data_len)) {
++ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid legnth of %s buffer\n",
++ __func__, write ? "in" : "out");
++ return false;
++ }
++
++ *written = iov_to_buf(out_data, out_num, 0, buf, data_len);
++ map.translated_addr = (hwaddr)(uintptr_t)buf;
++ map.size = vhost_vdpa_net_cvq_cmd_page_len() - 1;
++ map.perm = write ? IOMMU_RW : IOMMU_RO,
++ r = vhost_iova_tree_map_alloc(v->iova_tree, &map);
++ if (unlikely(r != IOVA_OK)) {
++ error_report("Cannot map injected element");
++ return false;
++ }
++
++ r = vhost_vdpa_dma_map(v, map.iova, vhost_vdpa_net_cvq_cmd_page_len(), buf,
++ !write);
++ if (unlikely(r < 0)) {
++ goto dma_map_err;
++ }
++
++ return true;
++
++dma_map_err:
++ vhost_iova_tree_remove(v->iova_tree, &map);
++ return false;
++}
++
+ /**
+- * Forward buffer for the moment.
++ * Copy the guest element into a dedicated buffer suitable to be sent to NIC
++ *
++ * @iov: [0] is the out buffer, [1] is the in one
++ */
++static bool vhost_vdpa_net_cvq_map_elem(VhostVDPAState *s,
++ VirtQueueElement *elem,
++ struct iovec *iov)
++{
++ size_t in_copied;
++ bool ok;
++
++ iov[0].iov_base = s->cvq_cmd_out_buffer;
++ ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, elem->out_sg, elem->out_num,
++ vhost_vdpa_net_cvq_cmd_len(), iov[0].iov_base,
++ &iov[0].iov_len, false);
++ if (unlikely(!ok)) {
++ return false;
++ }
++
++ iov[1].iov_base = s->cvq_cmd_in_buffer;
++ ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, NULL, 0,
++ sizeof(virtio_net_ctrl_ack), iov[1].iov_base,
++ &in_copied, true);
++ if (unlikely(!ok)) {
++ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer);
++ return false;
++ }
++
++ iov[1].iov_len = sizeof(virtio_net_ctrl_ack);
++ return true;
++}
++
++/**
++ * Do not forward commands not supported by SVQ. Otherwise, the device could
++ * accept it and qemu would not know how to update the device model.
++ */
++static bool vhost_vdpa_net_cvq_validate_cmd(const struct iovec *out,
++ size_t out_num)
++{
++ struct virtio_net_ctrl_hdr ctrl;
++ size_t n;
++
++ n = iov_to_buf(out, out_num, 0, &ctrl, sizeof(ctrl));
++ if (unlikely(n < sizeof(ctrl))) {
++ qemu_log_mask(LOG_GUEST_ERROR,
++ "%s: invalid legnth of out buffer %zu\n", __func__, n);
++ return false;
++ }
++
++ switch (ctrl.class) {
++ case VIRTIO_NET_CTRL_MAC:
++ switch (ctrl.cmd) {
++ case VIRTIO_NET_CTRL_MAC_ADDR_SET:
++ return true;
++ default:
++ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid mac cmd %u\n",
++ __func__, ctrl.cmd);
++ };
++ break;
++ default:
++ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid control class %u\n",
++ __func__, ctrl.class);
++ };
++
++ return false;
++}
++
++/**
++ * Validate and copy control virtqueue commands.
++ *
++ * Following QEMU guidelines, we offer a copy of the buffers to the device to
++ * prevent TOCTOU bugs.
+ */
+ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ VirtQueueElement *elem,
+ void *opaque)
+ {
+- unsigned int n = elem->out_num + elem->in_num;
+- g_autofree struct iovec *dev_buffers = g_new(struct iovec, n);
++ VhostVDPAState *s = opaque;
+ size_t in_len, dev_written;
+ virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+- int r;
++ /* out and in buffers sent to the device */
++ struct iovec dev_buffers[2] = {
++ { .iov_base = s->cvq_cmd_out_buffer },
++ { .iov_base = s->cvq_cmd_in_buffer },
++ };
++ /* in buffer used for device model */
++ const struct iovec in = {
++ .iov_base = &status,
++ .iov_len = sizeof(status),
++ };
++ int r = -EINVAL;
++ bool ok;
++
++ ok = vhost_vdpa_net_cvq_map_elem(s, elem, dev_buffers);
++ if (unlikely(!ok)) {
++ goto out;
++ }
+
+- memcpy(dev_buffers, elem->out_sg, elem->out_num);
+- memcpy(dev_buffers + elem->out_num, elem->in_sg, elem->in_num);
++ ok = vhost_vdpa_net_cvq_validate_cmd(&dev_buffers[0], 1);
++ if (unlikely(!ok)) {
++ goto out;
++ }
+
+- r = vhost_svq_add(svq, &dev_buffers[0], elem->out_num, &dev_buffers[1],
+- elem->in_num, elem);
++ r = vhost_svq_add(svq, &dev_buffers[0], 1, &dev_buffers[1], 1, elem);
+ if (unlikely(r != 0)) {
+ if (unlikely(r == -ENOSPC)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
+@@ -224,6 +396,18 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ dev_written = vhost_svq_poll(svq);
+ if (unlikely(dev_written < sizeof(status))) {
+ error_report("Insufficient written data (%zu)", dev_written);
++ goto out;
++ }
++
++ memcpy(&status, dev_buffers[1].iov_base, sizeof(status));
++ if (status != VIRTIO_NET_OK) {
++ goto out;
++ }
++
++ status = VIRTIO_NET_ERR;
++ virtio_net_handle_ctrl_iov(svq->vdev, &in, 1, dev_buffers, 1);
++ if (status != VIRTIO_NET_OK) {
++ error_report("Bad CVQ processing in model");
+ }
+
+ out:
+@@ -234,6 +418,12 @@ out:
+ }
+ vhost_svq_push_elem(svq, elem, MIN(in_len, sizeof(status)));
+ g_free(elem);
++ if (dev_buffers[0].iov_base) {
++ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, dev_buffers[0].iov_base);
++ }
++ if (dev_buffers[1].iov_base) {
++ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, dev_buffers[1].iov_base);
++ }
+ return r;
+ }
+
+@@ -266,6 +456,13 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+ s->vhost_vdpa.device_fd = vdpa_device_fd;
+ s->vhost_vdpa.index = queue_pair_index;
+ if (!is_datapath) {
++ s->cvq_cmd_out_buffer = qemu_memalign(qemu_real_host_page_size,
++ vhost_vdpa_net_cvq_cmd_page_len());
++ memset(s->cvq_cmd_out_buffer, 0, vhost_vdpa_net_cvq_cmd_page_len());
++ s->cvq_cmd_in_buffer = qemu_memalign(qemu_real_host_page_size,
++ vhost_vdpa_net_cvq_cmd_page_len());
++ memset(s->cvq_cmd_in_buffer, 0, vhost_vdpa_net_cvq_cmd_page_len());
++
+ s->vhost_vdpa.shadow_vq_ops = &vhost_vdpa_net_svq_ops;
+ s->vhost_vdpa.shadow_vq_ops_opaque = s;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Delete-CVQ-migration-blocker.patch b/SOURCES/kvm-vdpa-Delete-CVQ-migration-blocker.patch
new file mode 100644
index 0000000..87dfb5a
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Delete-CVQ-migration-blocker.patch
@@ -0,0 +1,98 @@
+From 896f7749c72afe988ab28ac6af77b9c53b685c03 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:37 +0200
+Subject: [PATCH 22/23] vdpa: Delete CVQ migration blocker
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [21/21] 286f55177a132a8845c2912fb28cb4add472005a (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+We can restore the device state in the destination via CVQ now. Remove
+the migration blocker.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit fe2b0cd71cddbec4eaf6e325eaf357a4e72a469d)
+---
+ hw/virtio/vhost-vdpa.c | 15 ---------------
+ include/hw/virtio/vhost-vdpa.h | 1 -
+ net/vhost-vdpa.c | 2 --
+ 3 files changed, 18 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 0bea1e1eb9..b61e313953 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1031,13 +1031,6 @@ static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)
+ return true;
+ }
+
+- if (v->migration_blocker) {
+- int r = migrate_add_blocker(v->migration_blocker, &err);
+- if (unlikely(r < 0)) {
+- return false;
+- }
+- }
+-
+ for (i = 0; i < v->shadow_vqs->len; ++i) {
+ VirtQueue *vq = virtio_get_queue(dev->vdev, dev->vq_index + i);
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+@@ -1080,10 +1073,6 @@ err:
+ vhost_svq_stop(svq);
+ }
+
+- if (v->migration_blocker) {
+- migrate_del_blocker(v->migration_blocker);
+- }
+-
+ return false;
+ }
+
+@@ -1099,10 +1088,6 @@ static void vhost_vdpa_svqs_stop(struct vhost_dev *dev)
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+ vhost_vdpa_svq_unmap_rings(dev, svq);
+ }
+-
+- if (v->migration_blocker) {
+- migrate_del_blocker(v->migration_blocker);
+- }
+ }
+
+ static int vhost_vdpa_dev_start(struct vhost_dev *dev, bool started)
+diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
+index d10a89303e..1111d85643 100644
+--- a/include/hw/virtio/vhost-vdpa.h
++++ b/include/hw/virtio/vhost-vdpa.h
+@@ -35,7 +35,6 @@ typedef struct vhost_vdpa {
+ bool shadow_vqs_enabled;
+ /* IOVA mapping used by the Shadow Virtqueue */
+ VhostIOVATree *iova_tree;
+- Error *migration_blocker;
+ GPtrArray *shadow_vqs;
+ const VhostShadowVirtqueueOps *shadow_vq_ops;
+ void *shadow_vq_ops_opaque;
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 79ebda7de1..f4f16583e4 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -555,8 +555,6 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+
+ s->vhost_vdpa.shadow_vq_ops = &vhost_vdpa_net_svq_ops;
+ s->vhost_vdpa.shadow_vq_ops_opaque = s;
+- error_setg(&s->vhost_vdpa.migration_blocker,
+- "Migration disabled: vhost-vdpa uses CVQ.");
+ }
+ ret = vhost_vdpa_add(nc, (void *)&s->vhost_vdpa, queue_pair_index, nvqs);
+ if (ret) {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch b/SOURCES/kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch
new file mode 100644
index 0000000..d6e72ac
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch
@@ -0,0 +1,84 @@
+From 3a5d325fcb2958318262efac31d5fd25fb062523 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 21/32] vdpa: Export vhost_vdpa_dma_map and unmap calls
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [21/27] 97e7a583bbd3c12a0786d53132812ec41702c190 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 463ba1e3b8cf080812895c5f26d95d8d7db2e692
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:40 2022 +0200
+
+ vdpa: Export vhost_vdpa_dma_map and unmap calls
+
+ Shadow CVQ will copy buffers on qemu VA, so we avoid TOCTOU attacks from
+ the guest that could set a different state in qemu device model and vdpa
+ device.
+
+ To do so, it needs to be able to map these new buffers to the device.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Acked-by: Jason Wang <jasowang@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-vdpa.c | 7 +++----
+ include/hw/virtio/vhost-vdpa.h | 4 ++++
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 28df57b12e..14b02fe079 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -71,8 +71,8 @@ static bool vhost_vdpa_listener_skipped_section(MemoryRegionSection *section,
+ return false;
+ }
+
+-static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size,
+- void *vaddr, bool readonly)
++int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size,
++ void *vaddr, bool readonly)
+ {
+ struct vhost_msg_v2 msg = {};
+ int fd = v->device_fd;
+@@ -97,8 +97,7 @@ static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size,
+ return ret;
+ }
+
+-static int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova,
+- hwaddr size)
++int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size)
+ {
+ struct vhost_msg_v2 msg = {};
+ int fd = v->device_fd;
+diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
+index a29dbb3f53..7214eb47dc 100644
+--- a/include/hw/virtio/vhost-vdpa.h
++++ b/include/hw/virtio/vhost-vdpa.h
+@@ -39,4 +39,8 @@ typedef struct vhost_vdpa {
+ VhostVDPAHostNotifier notifier[VIRTIO_QUEUE_MAX];
+ } VhostVDPA;
+
++int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size,
++ void *vaddr, bool readonly);
++int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size);
++
+ #endif
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch b/SOURCES/kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch
new file mode 100644
index 0000000..44e97af
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch
@@ -0,0 +1,108 @@
+From 9a290bd74f983f3a65aa9ec5df2da9aa94bfdecd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 16:05:42 +0200
+Subject: [PATCH 25/32] vdpa: Extract get features part from
+ vhost_vdpa_get_max_queue_pairs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [25/27] 654ad68e10a4df84cced923c64e72d500721ad67 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 8170ab3f43989680491d00f1017f60b25d346114
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:44 2022 +0200
+
+ vdpa: Extract get features part from vhost_vdpa_get_max_queue_pairs
+
+ To know the device features is needed for CVQ SVQ, so SVQ knows if it
+ can handle all commands or not. Extract from
+ vhost_vdpa_get_max_queue_pairs so we can reuse it.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Acked-by: Jason Wang <jasowang@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ net/vhost-vdpa.c | 30 ++++++++++++++++++++----------
+ 1 file changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index df42822463..8b76dac966 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -474,20 +474,24 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+ return nc;
+ }
+
+-static int vhost_vdpa_get_max_queue_pairs(int fd, int *has_cvq, Error **errp)
++static int vhost_vdpa_get_features(int fd, uint64_t *features, Error **errp)
++{
++ int ret = ioctl(fd, VHOST_GET_FEATURES, features);
++ if (unlikely(ret < 0)) {
++ error_setg_errno(errp, errno,
++ "Fail to query features from vhost-vDPA device");
++ }
++ return ret;
++}
++
++static int vhost_vdpa_get_max_queue_pairs(int fd, uint64_t features,
++ int *has_cvq, Error **errp)
+ {
+ unsigned long config_size = offsetof(struct vhost_vdpa_config, buf);
+ g_autofree struct vhost_vdpa_config *config = NULL;
+ __virtio16 *max_queue_pairs;
+- uint64_t features;
+ int ret;
+
+- ret = ioctl(fd, VHOST_GET_FEATURES, &features);
+- if (ret) {
+- error_setg(errp, "Fail to query features from vhost-vDPA device");
+- return ret;
+- }
+-
+ if (features & (1 << VIRTIO_NET_F_CTRL_VQ)) {
+ *has_cvq = 1;
+ } else {
+@@ -517,10 +521,11 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
+ NetClientState *peer, Error **errp)
+ {
+ const NetdevVhostVDPAOptions *opts;
++ uint64_t features;
+ int vdpa_device_fd;
+ g_autofree NetClientState **ncs = NULL;
+ NetClientState *nc;
+- int queue_pairs, i, has_cvq = 0;
++ int queue_pairs, r, i, has_cvq = 0;
+
+ assert(netdev->type == NET_CLIENT_DRIVER_VHOST_VDPA);
+ opts = &netdev->u.vhost_vdpa;
+@@ -534,7 +539,12 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
+ return -errno;
+ }
+
+- queue_pairs = vhost_vdpa_get_max_queue_pairs(vdpa_device_fd,
++ r = vhost_vdpa_get_features(vdpa_device_fd, &features, errp);
++ if (unlikely(r < 0)) {
++ return r;
++ }
++
++ queue_pairs = vhost_vdpa_get_max_queue_pairs(vdpa_device_fd, features,
+ &has_cvq, errp);
+ if (queue_pairs < 0) {
+ qemu_close(vdpa_device_fd);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch b/SOURCES/kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
new file mode 100644
index 0000000..2d0d55f
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
@@ -0,0 +1,50 @@
+From e19adb058502e24580dbc4f6f944cd951ca288ed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:44 +0200
+Subject: [PATCH 08/11] vdpa: Fix bad index calculus at
+ vhost_vdpa_get_vring_base
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 114: vdpa: Fix memory listener deletions of iova tree
+RH-Commit: [1/4] 754fb8960684fa7a91bddb18c8df58c3b947ee75 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 2116876
+RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Fixes: 6d0b222666 ("vdpa: Adapt vhost_vdpa_get_vring_base to SVQ")
+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-4-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 639036477ef890958415967e753ca2cbb348c16c)
+---
+ hw/virtio/vhost-vdpa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index e3e5bce4bb..a7dfac530f 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1193,11 +1193,11 @@ static int vhost_vdpa_get_vring_base(struct vhost_dev *dev,
+ struct vhost_vring_state *ring)
+ {
+ struct vhost_vdpa *v = dev->opaque;
++ int vdpa_idx = ring->index - dev->vq_index;
+ int ret;
+
+ if (v->shadow_vqs_enabled) {
+- VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs,
+- ring->index);
++ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, vdpa_idx);
+
+ /*
+ * Setting base as last used idx, so destination will see as available
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch b/SOURCES/kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch
new file mode 100644
index 0000000..1757d3f
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch
@@ -0,0 +1,58 @@
+From 71857062b7aea29fc418e107244cf4083cd78cd7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 2 Aug 2022 13:24:46 +0200
+Subject: [PATCH 11/11] vdpa: Fix file descriptor leak on get features error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 114: vdpa: Fix memory listener deletions of iova tree
+RH-Commit: [4/4] bdfe6ed4539ecf68dc8bc4519755f9d5c096447d (eperezmartin/qemu-kvm)
+RH-Bugzilla: 2116876
+RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+File descriptor vdpa_device_fd is not free in the case of returning
+error from vhost_vdpa_get_features. Fixing it by making all errors go to
+the same error path.
+
+Resolves: Coverity CID 1490785
+Fixes: 8170ab3f43 ("vdpa: Extract get features part from vhost_vdpa_get_max_queue_pairs")
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Reviewed-by: Laurent Vivier <lvivier@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20220802112447.249436-2-eperezma@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+(cherry picked from commit aed5da45daf734ddc543c0791e877dac75e16f61)
+---
+ net/vhost-vdpa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 50672bcd66..411e71e6c2 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -566,7 +566,7 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
+ g_autofree NetClientState **ncs = NULL;
+ g_autoptr(VhostIOVATree) iova_tree = NULL;
+ NetClientState *nc;
+- int queue_pairs, r, i, has_cvq = 0;
++ int queue_pairs, r, i = 0, has_cvq = 0;
+
+ assert(netdev->type == NET_CLIENT_DRIVER_VHOST_VDPA);
+ opts = &netdev->u.vhost_vdpa;
+@@ -582,7 +582,7 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
+
+ r = vhost_vdpa_get_features(vdpa_device_fd, &features, errp);
+ if (unlikely(r < 0)) {
+- return r;
++ goto err;
+ }
+
+ queue_pairs = vhost_vdpa_get_max_queue_pairs(vdpa_device_fd, features,
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch b/SOURCES/kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
new file mode 100644
index 0000000..8125cb2
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
@@ -0,0 +1,45 @@
+From 6335431b70dd55c1d52152d726fa462db2e10eb8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:45 +0200
+Subject: [PATCH 09/11] vdpa: Fix index calculus at vhost_vdpa_svqs_start
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 114: vdpa: Fix memory listener deletions of iova tree
+RH-Commit: [2/4] 9ce732e6bba426f8e00020ee6ad77f972f3e75b5 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 2116876
+RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+With the introduction of MQ the index of the vq needs to be calculated
+with the device model vq_index.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20220512175747.142058-5-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 1c82fdfef8a227518ffecae9d419bcada995c202)
+---
+ hw/virtio/vhost-vdpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index a7dfac530f..f877b354fa 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1032,7 +1032,7 @@ static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)
+ VirtQueue *vq = virtio_get_queue(dev->vdev, dev->vq_index + i);
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+ struct vhost_vring_addr addr = {
+- .index = i,
++ .index = dev->vq_index + i,
+ };
+ int r;
+ bool ok = vhost_vdpa_svq_setup(dev, svq, i, &err);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch b/SOURCES/kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch
new file mode 100644
index 0000000..e6f1d39
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch
@@ -0,0 +1,61 @@
+From b212edc97a471c75f8b8b44ee2a3a2cf82ef14d9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Fri, 22 Jul 2022 10:26:30 +0200
+Subject: [PATCH 10/11] vdpa: Fix memory listener deletions of iova tree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 114: vdpa: Fix memory listener deletions of iova tree
+RH-Commit: [3/4] ad71f098b3fa8654962ac7872b5393c37c9825f2 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 2116876
+RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+vhost_vdpa_listener_region_del is always deleting the first iova entry
+of the tree, since it's using the needle iova instead of the result's
+one.
+
+This was detected using a vga virtual device in the VM using vdpa SVQ.
+It makes some extra memory adding and deleting, so the wrong one was
+mapped / unmapped. This was undetected before since all the memory was
+mappend and unmapped totally without that device, but other conditions
+could trigger it too:
+
+* mem_region was with .iova = 0, .translated_addr = (correct GPA).
+* iova_tree_find_iova returned right result, but does not update
+ mem_region.
+* iova_tree_remove always removed region with .iova = 0. Right iova were
+ sent to the device.
+* Next map will fill the first region with .iova = 0, causing a mapping
+ with the same iova and device complains, if the next action is a map.
+* Next unmap will cause to try to unmap again iova = 0, causing the
+ device to complain that no region was mapped at iova = 0.
+
+Fixes: 34e3c94edaef ("vdpa: Add custom IOTLB translations to SVQ")
+Reported-by: Lei Yang <leiyang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 75a8ce64f6e37513698857fb4284170da163ed06)
+---
+ hw/virtio/vhost-vdpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index f877b354fa..03dc6014b0 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -288,7 +288,7 @@ static void vhost_vdpa_listener_region_del(MemoryListener *listener,
+
+ result = vhost_iova_tree_find_iova(v->iova_tree, &mem_region);
+ iova = result->iova;
+- vhost_iova_tree_remove(v->iova_tree, &mem_region);
++ vhost_iova_tree_remove(v->iova_tree, result);
+ }
+ vhost_vdpa_iotlb_batch_begin_once(v);
+ ret = vhost_vdpa_dma_unmap(v, iova, int128_get64(llsize));
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch b/SOURCES/kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch
new file mode 100644
index 0000000..e45a198
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch
@@ -0,0 +1,133 @@
+From 8e36feb4d3480b7c09d9dcbde18c9db1e8063f18 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:06 +0200
+Subject: [PATCH 08/23] vdpa: Make SVQ vring unmapping return void
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [7/21] 3366340dc7ae65f83894f5d0da0d1e0f64713751 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Nothing actually reads the return value, but an error in cleaning some
+entries could cause device stop to abort, making a restart impossible.
+Better ignore explicitely the return value.
+
+Reported-by: Lei Yang <leiyang@redhat.com>
+Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit bb5cf89ef2338ab6be946ede6821c3f61347eb1b)
+---
+ hw/virtio/vhost-vdpa.c | 32 ++++++++++----------------------
+ 1 file changed, 10 insertions(+), 22 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index e5c264fb29..8eddf39f2a 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -882,7 +882,7 @@ static int vhost_vdpa_svq_set_fds(struct vhost_dev *dev,
+ /**
+ * Unmap a SVQ area in the device
+ */
+-static bool vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v,
++static void vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v,
+ const DMAMap *needle)
+ {
+ const DMAMap *result = vhost_iova_tree_find_iova(v->iova_tree, needle);
+@@ -891,38 +891,33 @@ static bool vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v,
+
+ if (unlikely(!result)) {
+ error_report("Unable to find SVQ address to unmap");
+- return false;
++ return;
+ }
+
+ size = ROUND_UP(result->size, qemu_real_host_page_size);
+ r = vhost_vdpa_dma_unmap(v, result->iova, size);
+ if (unlikely(r < 0)) {
+ error_report("Unable to unmap SVQ vring: %s (%d)", g_strerror(-r), -r);
+- return false;
++ return;
+ }
+
+ vhost_iova_tree_remove(v->iova_tree, *result);
+- return r == 0;
+ }
+
+-static bool vhost_vdpa_svq_unmap_rings(struct vhost_dev *dev,
++static void vhost_vdpa_svq_unmap_rings(struct vhost_dev *dev,
+ const VhostShadowVirtqueue *svq)
+ {
+ DMAMap needle = {};
+ struct vhost_vdpa *v = dev->opaque;
+ struct vhost_vring_addr svq_addr;
+- bool ok;
+
+ vhost_svq_get_vring_addr(svq, &svq_addr);
+
+ needle.translated_addr = svq_addr.desc_user_addr;
+- ok = vhost_vdpa_svq_unmap_ring(v, &needle);
+- if (unlikely(!ok)) {
+- return false;
+- }
++ vhost_vdpa_svq_unmap_ring(v, &needle);
+
+ needle.translated_addr = svq_addr.used_user_addr;
+- return vhost_vdpa_svq_unmap_ring(v, &needle);
++ vhost_vdpa_svq_unmap_ring(v, &needle);
+ }
+
+ /**
+@@ -1093,26 +1088,22 @@ err:
+ return false;
+ }
+
+-static bool vhost_vdpa_svqs_stop(struct vhost_dev *dev)
++static void vhost_vdpa_svqs_stop(struct vhost_dev *dev)
+ {
+ struct vhost_vdpa *v = dev->opaque;
+
+ if (!v->shadow_vqs) {
+- return true;
++ return;
+ }
+
+ for (unsigned i = 0; i < v->shadow_vqs->len; ++i) {
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+- bool ok = vhost_vdpa_svq_unmap_rings(dev, svq);
+- if (unlikely(!ok)) {
+- return false;
+- }
++ vhost_vdpa_svq_unmap_rings(dev, svq);
+ }
+
+ if (v->migration_blocker) {
+ migrate_del_blocker(v->migration_blocker);
+ }
+- return true;
+ }
+
+ static int vhost_vdpa_dev_start(struct vhost_dev *dev, bool started)
+@@ -1129,10 +1120,7 @@ static int vhost_vdpa_dev_start(struct vhost_dev *dev, bool started)
+ }
+ vhost_vdpa_set_vring_ready(dev);
+ } else {
+- ok = vhost_vdpa_svqs_stop(dev);
+- if (unlikely(!ok)) {
+- return -1;
+- }
++ vhost_vdpa_svqs_stop(dev);
+ vhost_vdpa_host_notifiers_uninit(dev, dev->nvqs);
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch b/SOURCES/kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch
new file mode 100644
index 0000000..7cdf05c
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch
@@ -0,0 +1,251 @@
+From 70c72316c26e95cd18b4d46b83e78ba3a148212c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:33 +0200
+Subject: [PATCH 18/23] vdpa: Move command buffers map to start of net device
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [17/21] 7a9824fa618f5c2904648b50e3078474cd3987aa (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+As this series will reuse them to restore the device state at the end of
+a migration (or a device start), let's allocate only once at the device
+start so we don't duplicate their map and unmap.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit d7d73dec14cebcebd8de774424795aeb821236c1)
+---
+ net/vhost-vdpa.c | 123 ++++++++++++++++++++++-------------------------
+ 1 file changed, 58 insertions(+), 65 deletions(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 03e4cf1abc..17626feb8d 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -263,29 +263,20 @@ static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
+ return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), qemu_real_host_page_size);
+ }
+
+-/** Copy and map a guest buffer. */
+-static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
+- const struct iovec *out_data,
+- size_t out_num, size_t data_len, void *buf,
+- size_t *written, bool write)
++/** Map CVQ buffer. */
++static int vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v, void *buf, size_t size,
++ bool write)
+ {
+ DMAMap map = {};
+ int r;
+
+- if (unlikely(!data_len)) {
+- qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid legnth of %s buffer\n",
+- __func__, write ? "in" : "out");
+- return false;
+- }
+-
+- *written = iov_to_buf(out_data, out_num, 0, buf, data_len);
+ map.translated_addr = (hwaddr)(uintptr_t)buf;
+- map.size = vhost_vdpa_net_cvq_cmd_page_len() - 1;
++ map.size = size - 1;
+ map.perm = write ? IOMMU_RW : IOMMU_RO,
+ r = vhost_iova_tree_map_alloc(v->iova_tree, &map);
+ if (unlikely(r != IOVA_OK)) {
+ error_report("Cannot map injected element");
+- return false;
++ return r;
+ }
+
+ r = vhost_vdpa_dma_map(v, map.iova, vhost_vdpa_net_cvq_cmd_page_len(), buf,
+@@ -294,50 +285,58 @@ static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
+ goto dma_map_err;
+ }
+
+- return true;
++ return 0;
+
+ dma_map_err:
+ vhost_iova_tree_remove(v->iova_tree, map);
+- return false;
++ return r;
+ }
+
+-/**
+- * Copy the guest element into a dedicated buffer suitable to be sent to NIC
+- *
+- * @iov: [0] is the out buffer, [1] is the in one
+- */
+-static bool vhost_vdpa_net_cvq_map_elem(VhostVDPAState *s,
+- VirtQueueElement *elem,
+- struct iovec *iov)
++static int vhost_vdpa_net_cvq_start(NetClientState *nc)
+ {
+- size_t in_copied;
+- bool ok;
++ VhostVDPAState *s;
++ int r;
+
+- iov[0].iov_base = s->cvq_cmd_out_buffer;
+- ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, elem->out_sg, elem->out_num,
+- vhost_vdpa_net_cvq_cmd_len(), iov[0].iov_base,
+- &iov[0].iov_len, false);
+- if (unlikely(!ok)) {
+- return false;
++ assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
++
++ s = DO_UPCAST(VhostVDPAState, nc, nc);
++ if (!s->vhost_vdpa.shadow_vqs_enabled) {
++ return 0;
+ }
+
+- iov[1].iov_base = s->cvq_cmd_in_buffer;
+- ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, NULL, 0,
+- sizeof(virtio_net_ctrl_ack), iov[1].iov_base,
+- &in_copied, true);
+- if (unlikely(!ok)) {
++ r = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer,
++ vhost_vdpa_net_cvq_cmd_page_len(), false);
++ if (unlikely(r < 0)) {
++ return r;
++ }
++
++ r = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, s->cvq_cmd_in_buffer,
++ vhost_vdpa_net_cvq_cmd_page_len(), true);
++ if (unlikely(r < 0)) {
+ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer);
+- return false;
+ }
+
+- iov[1].iov_len = sizeof(virtio_net_ctrl_ack);
+- return true;
++ return r;
++}
++
++static void vhost_vdpa_net_cvq_stop(NetClientState *nc)
++{
++ VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
++
++ assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA);
++
++ if (s->vhost_vdpa.shadow_vqs_enabled) {
++ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_out_buffer);
++ vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, s->cvq_cmd_in_buffer);
++ }
+ }
+
+ static NetClientInfo net_vhost_vdpa_cvq_info = {
+ .type = NET_CLIENT_DRIVER_VHOST_VDPA,
+ .size = sizeof(VhostVDPAState),
+ .receive = vhost_vdpa_receive,
++ .start = vhost_vdpa_net_cvq_start,
++ .stop = vhost_vdpa_net_cvq_stop,
+ .cleanup = vhost_vdpa_cleanup,
+ .has_vnet_hdr = vhost_vdpa_has_vnet_hdr,
+ .has_ufo = vhost_vdpa_has_ufo,
+@@ -348,19 +347,17 @@ static NetClientInfo net_vhost_vdpa_cvq_info = {
+ * Do not forward commands not supported by SVQ. Otherwise, the device could
+ * accept it and qemu would not know how to update the device model.
+ */
+-static bool vhost_vdpa_net_cvq_validate_cmd(const struct iovec *out,
+- size_t out_num)
++static bool vhost_vdpa_net_cvq_validate_cmd(const void *out_buf, size_t len)
+ {
+ struct virtio_net_ctrl_hdr ctrl;
+- size_t n;
+
+- n = iov_to_buf(out, out_num, 0, &ctrl, sizeof(ctrl));
+- if (unlikely(n < sizeof(ctrl))) {
++ if (unlikely(len < sizeof(ctrl))) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+- "%s: invalid legnth of out buffer %zu\n", __func__, n);
++ "%s: invalid legnth of out buffer %zu\n", __func__, len);
+ return false;
+ }
+
++ memcpy(&ctrl, out_buf, sizeof(ctrl));
+ switch (ctrl.class) {
+ case VIRTIO_NET_CTRL_MAC:
+ switch (ctrl.cmd) {
+@@ -392,10 +389,14 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ VhostVDPAState *s = opaque;
+ size_t in_len, dev_written;
+ virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+- /* out and in buffers sent to the device */
+- struct iovec dev_buffers[2] = {
+- { .iov_base = s->cvq_cmd_out_buffer },
+- { .iov_base = s->cvq_cmd_in_buffer },
++ /* Out buffer sent to both the vdpa device and the device model */
++ struct iovec out = {
++ .iov_base = s->cvq_cmd_out_buffer,
++ };
++ /* In buffer sent to the device */
++ const struct iovec dev_in = {
++ .iov_base = s->cvq_cmd_in_buffer,
++ .iov_len = sizeof(virtio_net_ctrl_ack),
+ };
+ /* in buffer used for device model */
+ const struct iovec in = {
+@@ -405,17 +406,15 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ int r = -EINVAL;
+ bool ok;
+
+- ok = vhost_vdpa_net_cvq_map_elem(s, elem, dev_buffers);
+- if (unlikely(!ok)) {
+- goto out;
+- }
+-
+- ok = vhost_vdpa_net_cvq_validate_cmd(&dev_buffers[0], 1);
++ out.iov_len = iov_to_buf(elem->out_sg, elem->out_num, 0,
++ s->cvq_cmd_out_buffer,
++ vhost_vdpa_net_cvq_cmd_len());
++ ok = vhost_vdpa_net_cvq_validate_cmd(s->cvq_cmd_out_buffer, out.iov_len);
+ if (unlikely(!ok)) {
+ goto out;
+ }
+
+- r = vhost_svq_add(svq, &dev_buffers[0], 1, &dev_buffers[1], 1, elem);
++ r = vhost_svq_add(svq, &out, 1, &dev_in, 1, elem);
+ if (unlikely(r != 0)) {
+ if (unlikely(r == -ENOSPC)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
+@@ -435,13 +434,13 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ goto out;
+ }
+
+- memcpy(&status, dev_buffers[1].iov_base, sizeof(status));
++ memcpy(&status, s->cvq_cmd_in_buffer, sizeof(status));
+ if (status != VIRTIO_NET_OK) {
+ goto out;
+ }
+
+ status = VIRTIO_NET_ERR;
+- virtio_net_handle_ctrl_iov(svq->vdev, &in, 1, dev_buffers, 1);
++ virtio_net_handle_ctrl_iov(svq->vdev, &in, 1, &out, 1);
+ if (status != VIRTIO_NET_OK) {
+ error_report("Bad CVQ processing in model");
+ }
+@@ -454,12 +453,6 @@ out:
+ }
+ vhost_svq_push_elem(svq, elem, MIN(in_len, sizeof(status)));
+ g_free(elem);
+- if (dev_buffers[0].iov_base) {
+- vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, dev_buffers[0].iov_base);
+- }
+- if (dev_buffers[1].iov_base) {
+- vhost_vdpa_cvq_unmap_buf(&s->vhost_vdpa, dev_buffers[1].iov_base);
+- }
+ return r;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch b/SOURCES/kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch
new file mode 100644
index 0000000..b23d64f
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch
@@ -0,0 +1,49 @@
+From 51c1e9cf1612727ec4c6e795576ae8fa0c0b2d4c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:05 +0200
+Subject: [PATCH 07/23] vdpa: Remove SVQ vring from iova_tree at shutdown
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [6/21] f72e67b9c90103151cbf86bff53e8f14b30f0e5b (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Although the device will be reset before usage, the right thing to do is
+to clean it.
+
+Reported-by: Lei Yang <leiyang@redhat.com>
+Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 0c45fa6c420ec3a1dd9ea9c40fa11bd943bb3be9)
+---
+ hw/virtio/vhost-vdpa.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 39aa70f52d..e5c264fb29 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -896,6 +896,12 @@ static bool vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v,
+
+ size = ROUND_UP(result->size, qemu_real_host_page_size);
+ r = vhost_vdpa_dma_unmap(v, result->iova, size);
++ if (unlikely(r < 0)) {
++ error_report("Unable to unmap SVQ vring: %s (%d)", g_strerror(-r), -r);
++ return false;
++ }
++
++ vhost_iova_tree_remove(v->iova_tree, *result);
+ return r == 0;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch b/SOURCES/kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch
new file mode 100644
index 0000000..98697cb
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch
@@ -0,0 +1,48 @@
+From edde0b6a805085255bccc0ccdc3b9b6f81cef37b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:02 +0200
+Subject: [PATCH 03/23] vdpa: Skip the maps not in the iova tree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [2/21] 73acd16375a17cdf4c58830386541dd3a1b18bf7 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Next patch will skip the registering of dma maps that the vdpa device
+rejects in the iova tree. We need to consider that here or we cause a
+SIGSEGV accessing result.
+
+Reported-by: Lei Yang <leiyang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit a92ca0ffee5858636432a6059eb2790df1c9c77f)
+---
+ hw/virtio/vhost-vdpa.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 96334ab5b6..aa7765c6bc 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -287,6 +287,10 @@ static void vhost_vdpa_listener_region_del(MemoryListener *listener,
+ };
+
+ result = vhost_iova_tree_find_iova(v->iova_tree, &mem_region);
++ if (!result) {
++ /* The memory listener map wasn't mapped */
++ return;
++ }
+ iova = result->iova;
+ vhost_iova_tree_remove(v->iova_tree, result);
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch b/SOURCES/kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch
new file mode 100644
index 0000000..8398415
--- /dev/null
+++ b/SOURCES/kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch
@@ -0,0 +1,79 @@
+From 89a67e0ce3e4c7b9f9b2d4cfb9fc5eeebc5643ac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:08 +0200
+Subject: [PATCH 10/23] vdpa: Use ring hwaddr at vhost_vdpa_svq_unmap_ring
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [9/21] 4420134d7be60fa8b04dc9a56566524bf8daddd4 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Reduce code duplication.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 5a92452da95b2edfbffdd42ddc2612a7d09a5db0)
+---
+ hw/virtio/vhost-vdpa.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 8eddf39f2a..0bea1e1eb9 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -882,10 +882,12 @@ static int vhost_vdpa_svq_set_fds(struct vhost_dev *dev,
+ /**
+ * Unmap a SVQ area in the device
+ */
+-static void vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v,
+- const DMAMap *needle)
++static void vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v, hwaddr addr)
+ {
+- const DMAMap *result = vhost_iova_tree_find_iova(v->iova_tree, needle);
++ const DMAMap needle = {
++ .translated_addr = addr,
++ };
++ const DMAMap *result = vhost_iova_tree_find_iova(v->iova_tree, &needle);
+ hwaddr size;
+ int r;
+
+@@ -907,17 +909,14 @@ static void vhost_vdpa_svq_unmap_ring(struct vhost_vdpa *v,
+ static void vhost_vdpa_svq_unmap_rings(struct vhost_dev *dev,
+ const VhostShadowVirtqueue *svq)
+ {
+- DMAMap needle = {};
+ struct vhost_vdpa *v = dev->opaque;
+ struct vhost_vring_addr svq_addr;
+
+ vhost_svq_get_vring_addr(svq, &svq_addr);
+
+- needle.translated_addr = svq_addr.desc_user_addr;
+- vhost_vdpa_svq_unmap_ring(v, &needle);
++ vhost_vdpa_svq_unmap_ring(v, svq_addr.desc_user_addr);
+
+- needle.translated_addr = svq_addr.used_user_addr;
+- vhost_vdpa_svq_unmap_ring(v, &needle);
++ vhost_vdpa_svq_unmap_ring(v, svq_addr.used_user_addr);
+ }
+
+ /**
+@@ -995,7 +994,7 @@ static bool vhost_vdpa_svq_map_rings(struct vhost_dev *dev,
+ ok = vhost_vdpa_svq_map_ring(v, &device_region, errp);
+ if (unlikely(!ok)) {
+ error_prepend(errp, "Cannot create vq device region: ");
+- vhost_vdpa_svq_unmap_ring(v, &driver_region);
++ vhost_vdpa_svq_unmap_ring(v, driver_region.translated_addr);
+ }
+ addr->used_user_addr = device_region.iova;
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch b/SOURCES/kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch
new file mode 100644
index 0000000..e1da31d
--- /dev/null
+++ b/SOURCES/kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch
@@ -0,0 +1,62 @@
+From f92b0ef80b4889ae0beb0b2a026ec3892d576d79 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:32 +0200
+Subject: [PATCH 17/23] vdpa: add net_vhost_vdpa_cvq_info NetClientInfo
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [16/21] c80c9fd89e81fc389e7d02e9d764331ab9fc7a0a (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Next patches will add a new info callback to restore NIC status through
+CVQ. Since only the CVQ vhost device is needed, create it with a new
+NetClientInfo.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 9d379453404303069f93f9b8163ae3805bcd8c2e)
+---
+ net/vhost-vdpa.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index ba65736f83..03e4cf1abc 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -334,6 +334,16 @@ static bool vhost_vdpa_net_cvq_map_elem(VhostVDPAState *s,
+ return true;
+ }
+
++static NetClientInfo net_vhost_vdpa_cvq_info = {
++ .type = NET_CLIENT_DRIVER_VHOST_VDPA,
++ .size = sizeof(VhostVDPAState),
++ .receive = vhost_vdpa_receive,
++ .cleanup = vhost_vdpa_cleanup,
++ .has_vnet_hdr = vhost_vdpa_has_vnet_hdr,
++ .has_ufo = vhost_vdpa_has_ufo,
++ .check_peer_type = vhost_vdpa_check_peer_type,
++};
++
+ /**
+ * Do not forward commands not supported by SVQ. Otherwise, the device could
+ * accept it and qemu would not know how to update the device model.
+@@ -475,7 +485,7 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+ nc = qemu_new_net_client(&net_vhost_vdpa_info, peer, device,
+ name);
+ } else {
+- nc = qemu_new_net_control_client(&net_vhost_vdpa_info, peer,
++ nc = qemu_new_net_control_client(&net_vhost_vdpa_cvq_info, peer,
+ device, name);
+ }
+ snprintf(nc->info_str, sizeof(nc->info_str), TYPE_VHOST_VDPA);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch b/SOURCES/kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch
new file mode 100644
index 0000000..8c66f19
--- /dev/null
+++ b/SOURCES/kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch
@@ -0,0 +1,83 @@
+From 6d16102aca24bab16c846fe6457071f4466b8e35 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:03 +0200
+Subject: [PATCH 04/23] vdpa: do not save failed dma maps in SVQ iova tree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [3/21] f9bea39f7fa14c5ef0f85774cbad0ca3b52c4498 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+If a map fails for whatever reason, it must not be saved in the tree.
+Otherwise, qemu will try to unmap it in cleanup, leaving to more errors.
+
+Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
+Reported-by: Lei Yang <leiyang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 6cc2ec65382fde205511ac00a324995ce6ee8f28)
+---
+ hw/virtio/vhost-vdpa.c | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index aa7765c6bc..cc15b7d8ee 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -174,6 +174,7 @@ static void vhost_vdpa_listener_commit(MemoryListener *listener)
+ static void vhost_vdpa_listener_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+ {
++ DMAMap mem_region = {};
+ struct vhost_vdpa *v = container_of(listener, struct vhost_vdpa, listener);
+ hwaddr iova;
+ Int128 llend, llsize;
+@@ -210,13 +211,13 @@ static void vhost_vdpa_listener_region_add(MemoryListener *listener,
+
+ llsize = int128_sub(llend, int128_make64(iova));
+ if (v->shadow_vqs_enabled) {
+- DMAMap mem_region = {
+- .translated_addr = (hwaddr)(uintptr_t)vaddr,
+- .size = int128_get64(llsize) - 1,
+- .perm = IOMMU_ACCESS_FLAG(true, section->readonly),
+- };
++ int r;
+
+- int r = vhost_iova_tree_map_alloc(v->iova_tree, &mem_region);
++ mem_region.translated_addr = (hwaddr)(uintptr_t)vaddr,
++ mem_region.size = int128_get64(llsize) - 1,
++ mem_region.perm = IOMMU_ACCESS_FLAG(true, section->readonly),
++
++ r = vhost_iova_tree_map_alloc(v->iova_tree, &mem_region);
+ if (unlikely(r != IOVA_OK)) {
+ error_report("Can't allocate a mapping (%d)", r);
+ goto fail;
+@@ -230,11 +231,16 @@ static void vhost_vdpa_listener_region_add(MemoryListener *listener,
+ vaddr, section->readonly);
+ if (ret) {
+ error_report("vhost vdpa map fail!");
+- goto fail;
++ goto fail_map;
+ }
+
+ return;
+
++fail_map:
++ if (v->shadow_vqs_enabled) {
++ vhost_iova_tree_remove(v->iova_tree, &mem_region);
++ }
++
+ fail:
+ /*
+ * On the initfn path, store the first error in the container so we
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch b/SOURCES/kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch
new file mode 100644
index 0000000..3cc011f
--- /dev/null
+++ b/SOURCES/kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch
@@ -0,0 +1,153 @@
+From 56f4bebc591893e590481617da7cd7ecffeb166d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:34 +0200
+Subject: [PATCH 19/23] vdpa: extract vhost_vdpa_net_cvq_add from
+ vhost_vdpa_net_handle_ctrl_avail
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [18/21] 08ab71dbf050f5c2e97c622d1915f71a56c135b8 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+So we can reuse it to inject state messages.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+--
+v7:
+* Remove double free error
+
+v6:
+* Do not assume in buffer sent to the device is sizeof(virtio_net_ctrl_ack)
+
+v5:
+* Do not use an artificial !NULL VirtQueueElement
+* Use only out size instead of iovec dev_buffers for these functions.
+
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit d9afb1f0ee4d662ed67d3bc1220b943f7e4cfa6f)
+---
+ net/vhost-vdpa.c | 59 +++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 38 insertions(+), 21 deletions(-)
+
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index 17626feb8d..f09f044ec1 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -331,6 +331,38 @@ static void vhost_vdpa_net_cvq_stop(NetClientState *nc)
+ }
+ }
+
++static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s, size_t out_len,
++ size_t in_len)
++{
++ /* Buffers for the device */
++ const struct iovec out = {
++ .iov_base = s->cvq_cmd_out_buffer,
++ .iov_len = out_len,
++ };
++ const struct iovec in = {
++ .iov_base = s->cvq_cmd_in_buffer,
++ .iov_len = sizeof(virtio_net_ctrl_ack),
++ };
++ VhostShadowVirtqueue *svq = g_ptr_array_index(s->vhost_vdpa.shadow_vqs, 0);
++ int r;
++
++ r = vhost_svq_add(svq, &out, 1, &in, 1, NULL);
++ if (unlikely(r != 0)) {
++ if (unlikely(r == -ENOSPC)) {
++ qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
++ __func__);
++ }
++ return r;
++ }
++
++ /*
++ * We can poll here since we've had BQL from the time we sent the
++ * descriptor. Also, we need to take the answer before SVQ pulls by itself,
++ * when BQL is released
++ */
++ return vhost_svq_poll(svq);
++}
++
+ static NetClientInfo net_vhost_vdpa_cvq_info = {
+ .type = NET_CLIENT_DRIVER_VHOST_VDPA,
+ .size = sizeof(VhostVDPAState),
+@@ -387,23 +419,18 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ void *opaque)
+ {
+ VhostVDPAState *s = opaque;
+- size_t in_len, dev_written;
++ size_t in_len;
+ virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+ /* Out buffer sent to both the vdpa device and the device model */
+ struct iovec out = {
+ .iov_base = s->cvq_cmd_out_buffer,
+ };
+- /* In buffer sent to the device */
+- const struct iovec dev_in = {
+- .iov_base = s->cvq_cmd_in_buffer,
+- .iov_len = sizeof(virtio_net_ctrl_ack),
+- };
+ /* in buffer used for device model */
+ const struct iovec in = {
+ .iov_base = &status,
+ .iov_len = sizeof(status),
+ };
+- int r = -EINVAL;
++ ssize_t dev_written = -EINVAL;
+ bool ok;
+
+ out.iov_len = iov_to_buf(elem->out_sg, elem->out_num, 0,
+@@ -414,21 +441,11 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+ goto out;
+ }
+
+- r = vhost_svq_add(svq, &out, 1, &dev_in, 1, elem);
+- if (unlikely(r != 0)) {
+- if (unlikely(r == -ENOSPC)) {
+- qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
+- __func__);
+- }
++ dev_written = vhost_vdpa_net_cvq_add(s, out.iov_len, sizeof(status));
++ if (unlikely(dev_written < 0)) {
+ goto out;
+ }
+
+- /*
+- * We can poll here since we've had BQL from the time we sent the
+- * descriptor. Also, we need to take the answer before SVQ pulls by itself,
+- * when BQL is released
+- */
+- dev_written = vhost_svq_poll(svq);
+ if (unlikely(dev_written < sizeof(status))) {
+ error_report("Insufficient written data (%zu)", dev_written);
+ goto out;
+@@ -436,7 +453,7 @@ static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
+
+ memcpy(&status, s->cvq_cmd_in_buffer, sizeof(status));
+ if (status != VIRTIO_NET_OK) {
+- goto out;
++ return VIRTIO_NET_ERR;
+ }
+
+ status = VIRTIO_NET_ERR;
+@@ -453,7 +470,7 @@ out:
+ }
+ vhost_svq_push_elem(svq, elem, MIN(in_len, sizeof(status)));
+ g_free(elem);
+- return r;
++ return dev_written < 0 ? dev_written : 0;
+ }
+
+ static const VhostShadowVirtqueueOps vhost_vdpa_net_svq_ops = {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vdpa-manual-forward-CVQ-buffers.patch b/SOURCES/kvm-vdpa-manual-forward-CVQ-buffers.patch
new file mode 100644
index 0000000..61909ff
--- /dev/null
+++ b/SOURCES/kvm-vdpa-manual-forward-CVQ-buffers.patch
@@ -0,0 +1,166 @@
+From c33bc0b7f2b5cfa330a6d89d60ee94de129c65c1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 16:05:38 +0200
+Subject: [PATCH 23/32] vdpa: manual forward CVQ buffers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [23/27] ce128d5152be7eebf87e186eb8b58c2ed95aff6d (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit bd907ae4b00ebedad5e586af05ea3d6490318d45
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:42 2022 +0200
+
+ vdpa: manual forward CVQ buffers
+
+ Do a simple forwarding of CVQ buffers, the same work SVQ could do but
+ through callbacks. No functional change intended.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-vdpa.c | 3 +-
+ include/hw/virtio/vhost-vdpa.h | 3 ++
+ net/vhost-vdpa.c | 58 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 14b02fe079..49effe5462 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -417,7 +417,8 @@ static int vhost_vdpa_init_svq(struct vhost_dev *hdev, struct vhost_vdpa *v,
+ for (unsigned n = 0; n < hdev->nvqs; ++n) {
+ g_autoptr(VhostShadowVirtqueue) svq;
+
+- svq = vhost_svq_new(v->iova_tree, NULL, NULL);
++ svq = vhost_svq_new(v->iova_tree, v->shadow_vq_ops,
++ v->shadow_vq_ops_opaque);
+ if (unlikely(!svq)) {
+ error_setg(errp, "Cannot create svq %u", n);
+ return -1;
+diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
+index 7214eb47dc..1111d85643 100644
+--- a/include/hw/virtio/vhost-vdpa.h
++++ b/include/hw/virtio/vhost-vdpa.h
+@@ -15,6 +15,7 @@
+ #include <gmodule.h>
+
+ #include "hw/virtio/vhost-iova-tree.h"
++#include "hw/virtio/vhost-shadow-virtqueue.h"
+ #include "hw/virtio/virtio.h"
+ #include "standard-headers/linux/vhost_types.h"
+
+@@ -35,6 +36,8 @@ typedef struct vhost_vdpa {
+ /* IOVA mapping used by the Shadow Virtqueue */
+ VhostIOVATree *iova_tree;
+ GPtrArray *shadow_vqs;
++ const VhostShadowVirtqueueOps *shadow_vq_ops;
++ void *shadow_vq_ops_opaque;
+ struct vhost_dev *dev;
+ VhostVDPAHostNotifier notifier[VIRTIO_QUEUE_MAX];
+ } VhostVDPA;
+diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
+index df1e69ee72..2e3b6b10d8 100644
+--- a/net/vhost-vdpa.c
++++ b/net/vhost-vdpa.c
+@@ -11,11 +11,14 @@
+
+ #include "qemu/osdep.h"
+ #include "clients.h"
++#include "hw/virtio/virtio-net.h"
+ #include "net/vhost_net.h"
+ #include "net/vhost-vdpa.h"
+ #include "hw/virtio/vhost-vdpa.h"
+ #include "qemu/config-file.h"
+ #include "qemu/error-report.h"
++#include "qemu/log.h"
++#include "qemu/memalign.h"
+ #include "qemu/option.h"
+ #include "qapi/error.h"
+ #include <linux/vhost.h>
+@@ -187,6 +190,57 @@ static NetClientInfo net_vhost_vdpa_info = {
+ .check_peer_type = vhost_vdpa_check_peer_type,
+ };
+
++/**
++ * Forward buffer for the moment.
++ */
++static int vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
++ VirtQueueElement *elem,
++ void *opaque)
++{
++ unsigned int n = elem->out_num + elem->in_num;
++ g_autofree struct iovec *dev_buffers = g_new(struct iovec, n);
++ size_t in_len, dev_written;
++ virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
++ int r;
++
++ memcpy(dev_buffers, elem->out_sg, elem->out_num);
++ memcpy(dev_buffers + elem->out_num, elem->in_sg, elem->in_num);
++
++ r = vhost_svq_add(svq, &dev_buffers[0], elem->out_num, &dev_buffers[1],
++ elem->in_num, elem);
++ if (unlikely(r != 0)) {
++ if (unlikely(r == -ENOSPC)) {
++ qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
++ __func__);
++ }
++ goto out;
++ }
++
++ /*
++ * We can poll here since we've had BQL from the time we sent the
++ * descriptor. Also, we need to take the answer before SVQ pulls by itself,
++ * when BQL is released
++ */
++ dev_written = vhost_svq_poll(svq);
++ if (unlikely(dev_written < sizeof(status))) {
++ error_report("Insufficient written data (%zu)", dev_written);
++ }
++
++out:
++ in_len = iov_from_buf(elem->in_sg, elem->in_num, 0, &status,
++ sizeof(status));
++ if (unlikely(in_len < sizeof(status))) {
++ error_report("Bad device CVQ written length");
++ }
++ vhost_svq_push_elem(svq, elem, MIN(in_len, sizeof(status)));
++ g_free(elem);
++ return r;
++}
++
++static const VhostShadowVirtqueueOps vhost_vdpa_net_svq_ops = {
++ .avail_handler = vhost_vdpa_net_handle_ctrl_avail,
++};
++
+ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+ const char *device,
+ const char *name,
+@@ -211,6 +265,10 @@ static NetClientState *net_vhost_vdpa_init(NetClientState *peer,
+
+ s->vhost_vdpa.device_fd = vdpa_device_fd;
+ s->vhost_vdpa.index = queue_pair_index;
++ if (!is_datapath) {
++ s->vhost_vdpa.shadow_vq_ops = &vhost_vdpa_net_svq_ops;
++ s->vhost_vdpa.shadow_vq_ops_opaque = s;
++ }
+ ret = vhost_vdpa_add(nc, (void *)&s->vhost_vdpa, queue_pair_index, nvqs);
+ if (ret) {
+ qemu_del_net_client(nc);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch b/SOURCES/kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch
new file mode 100644
index 0000000..26083c1
--- /dev/null
+++ b/SOURCES/kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch
@@ -0,0 +1,114 @@
+From b90a5878355bd549200ed1eff52ea084325bfc8a Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 May 2022 15:25:10 +0200
+Subject: [PATCH 5/5] vfio/common: remove spurious tpm-crb-cmd misalignment
+ warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 84: vfio/common: Remove spurious tpm-crb-cmd misalignment warning
+RH-Commit: [2/2] 9b73a9aec59cb50d5e3468cc553464bf4a73d0a1 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2037612
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Andrew Jones <drjones@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037612
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45166961
+Upstream Status: YES
+Tested: With TPM-CRB and VFIO
+
+The CRB command buffer currently is a RAM MemoryRegion and given
+its base address alignment, it causes an error report on
+vfio_listener_region_add(). This region could have been a RAM device
+region, easing the detection of such safe situation but this option
+was not well received. So let's add a helper function that uses the
+memory region owner type to detect the situation is safe wrt
+the assignment. Other device types can be checked here if such kind
+of problem occurs again.
+
+Conflicts in hw/vfio/common.c
+We don't have 8e3b0cbb721 ("Replace qemu_real_host_page variables with inlined functions")
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Acked-by: Stefan Berger <stefanb@linux.ibm.com>
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Link: https://lore.kernel.org/r/20220506132510.1847942-3-eric.auger@redhat.com
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+(cherry picked from commit 851d6d1a0ff29a87ec588205842edf6b86d99b5c)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/common.c | 27 ++++++++++++++++++++++++++-
+ hw/vfio/trace-events | 1 +
+ 2 files changed, 27 insertions(+), 1 deletion(-)
+
+diff --git a/hw/vfio/common.c b/hw/vfio/common.c
+index 080046e3f5..0fbe0d47af 100644
+--- a/hw/vfio/common.c
++++ b/hw/vfio/common.c
+@@ -40,6 +40,7 @@
+ #include "trace.h"
+ #include "qapi/error.h"
+ #include "migration/migration.h"
++#include "sysemu/tpm.h"
+
+ VFIOGroupList vfio_group_list =
+ QLIST_HEAD_INITIALIZER(vfio_group_list);
+@@ -861,6 +862,22 @@ static void vfio_unregister_ram_discard_listener(VFIOContainer *container,
+ g_free(vrdl);
+ }
+
++static bool vfio_known_safe_misalignment(MemoryRegionSection *section)
++{
++ MemoryRegion *mr = section->mr;
++
++ if (!TPM_IS_CRB(mr->owner)) {
++ return false;
++ }
++
++ /* this is a known safe misaligned region, just trace for debug purpose */
++ trace_vfio_known_safe_misalignment(memory_region_name(mr),
++ section->offset_within_address_space,
++ section->offset_within_region,
++ qemu_real_host_page_size);
++ return true;
++}
++
+ static void vfio_listener_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+ {
+@@ -884,7 +901,15 @@ static void vfio_listener_region_add(MemoryListener *listener,
+ if (unlikely((section->offset_within_address_space &
+ ~qemu_real_host_page_mask) !=
+ (section->offset_within_region & ~qemu_real_host_page_mask))) {
+- error_report("%s received unaligned region", __func__);
++ if (!vfio_known_safe_misalignment(section)) {
++ error_report("%s received unaligned region %s iova=0x%"PRIx64
++ " offset_within_region=0x%"PRIx64
++ " qemu_real_host_page_size=0x%"PRIxPTR,
++ __func__, memory_region_name(section->mr),
++ section->offset_within_address_space,
++ section->offset_within_region,
++ qemu_real_host_page_size);
++ }
+ return;
+ }
+
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index 0ef1b5f4a6..582882db91 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -100,6 +100,7 @@ vfio_listener_region_add_skip(uint64_t start, uint64_t end) "SKIPPING region_add
+ vfio_spapr_group_attach(int groupfd, int tablefd) "Attached groupfd %d to liobn fd %d"
+ vfio_listener_region_add_iommu(uint64_t start, uint64_t end) "region_add [iommu] 0x%"PRIx64" - 0x%"PRIx64
+ vfio_listener_region_add_ram(uint64_t iova_start, uint64_t iova_end, void *vaddr) "region_add [ram] 0x%"PRIx64" - 0x%"PRIx64" [%p]"
++vfio_known_safe_misalignment(const char *name, uint64_t iova, uint64_t offset_within_region, uintptr_t page_size) "Region \"%s\" iova=0x%"PRIx64" offset_within_region=0x%"PRIx64" qemu_real_host_page_size=0x%"PRIxPTR ": cannot be mapped for DMA"
+ vfio_listener_region_add_no_dma_map(const char *name, uint64_t iova, uint64_t size, uint64_t page_size) "Region \"%s\" 0x%"PRIx64" size=0x%"PRIx64" is not aligned to 0x%"PRIx64" and cannot be mapped for DMA"
+ vfio_listener_region_del_skip(uint64_t start, uint64_t end) "SKIPPING region_del 0x%"PRIx64" - 0x%"PRIx64
+ vfio_listener_region_del(uint64_t start, uint64_t end) "region_del 0x%"PRIx64" - 0x%"PRIx64
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch b/SOURCES/kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch
new file mode 100644
index 0000000..7e644c5
--- /dev/null
+++ b/SOURCES/kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch
@@ -0,0 +1,78 @@
+From 3de8fb9f3dba18d04efa10b70bcec641035effc5 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Tue, 24 May 2022 05:14:05 -0400
+Subject: [PATCH 16/16] vfio/common: remove spurious warning on
+ vfio_listener_region_del
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 101: vfio/common: remove spurious warning on vfio_listener_region_del
+RH-Commit: [1/1] dac688b8a981ebb964fea79ea198c329b9cdb551 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2086262
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Alex Williamson <None>
+
+ Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2086262
+ Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45876133
+ Upstream Status: YES
+ Tested: With TPM-CRB and VFIO
+
+851d6d1a0f ("vfio/common: remove spurious tpm-crb-cmd misalignment
+warning") removed the warning on vfio_listener_region_add() path.
+
+However the same warning also hits on region_del path. Let's remove
+it and reword the dynamic trace as this can be called on both
+map and unmap path.
+
+Contextual Conflict in hw/vfio/common.c
+We don't have 8e3b0cbb721 ("Replace qemu_real_host_page variables with inlined functions")
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Link: https://lore.kernel.org/r/20220524091405.416256-1-eric.auger@redhat.com
+Fixes: 851d6d1a0ff2 ("vfio/common: remove spurious tpm-crb-cmd misalignment warning")
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+(cherry picked from commit ec6600be0dc16982181c7ad80d94c143c0807dd2)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/common.c | 10 +++++++++-
+ hw/vfio/trace-events | 2 +-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/common.c b/hw/vfio/common.c
+index 0fbe0d47af..637981f9a1 100644
+--- a/hw/vfio/common.c
++++ b/hw/vfio/common.c
+@@ -1145,7 +1145,15 @@ static void vfio_listener_region_del(MemoryListener *listener,
+ if (unlikely((section->offset_within_address_space &
+ ~qemu_real_host_page_mask) !=
+ (section->offset_within_region & ~qemu_real_host_page_mask))) {
+- error_report("%s received unaligned region", __func__);
++ if (!vfio_known_safe_misalignment(section)) {
++ error_report("%s received unaligned region %s iova=0x%"PRIx64
++ " offset_within_region=0x%"PRIx64
++ " qemu_real_host_page_size=0x%"PRIxPTR,
++ __func__, memory_region_name(section->mr),
++ section->offset_within_address_space,
++ section->offset_within_region,
++ qemu_real_host_page_size);
++ }
+ return;
+ }
+
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index 582882db91..73dffe9e00 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -100,7 +100,7 @@ vfio_listener_region_add_skip(uint64_t start, uint64_t end) "SKIPPING region_add
+ vfio_spapr_group_attach(int groupfd, int tablefd) "Attached groupfd %d to liobn fd %d"
+ vfio_listener_region_add_iommu(uint64_t start, uint64_t end) "region_add [iommu] 0x%"PRIx64" - 0x%"PRIx64
+ vfio_listener_region_add_ram(uint64_t iova_start, uint64_t iova_end, void *vaddr) "region_add [ram] 0x%"PRIx64" - 0x%"PRIx64" [%p]"
+-vfio_known_safe_misalignment(const char *name, uint64_t iova, uint64_t offset_within_region, uintptr_t page_size) "Region \"%s\" iova=0x%"PRIx64" offset_within_region=0x%"PRIx64" qemu_real_host_page_size=0x%"PRIxPTR ": cannot be mapped for DMA"
++vfio_known_safe_misalignment(const char *name, uint64_t iova, uint64_t offset_within_region, uintptr_t page_size) "Region \"%s\" iova=0x%"PRIx64" offset_within_region=0x%"PRIx64" qemu_real_host_page_size=0x%"PRIxPTR
+ vfio_listener_region_add_no_dma_map(const char *name, uint64_t iova, uint64_t size, uint64_t page_size) "Region \"%s\" 0x%"PRIx64" size=0x%"PRIx64" is not aligned to 0x%"PRIx64" and cannot be mapped for DMA"
+ vfio_listener_region_del_skip(uint64_t start, uint64_t end) "SKIPPING region_del 0x%"PRIx64" - 0x%"PRIx64
+ vfio_listener_region_del(uint64_t start, uint64_t end) "region_del 0x%"PRIx64" - 0x%"PRIx64
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Add-SVQDescState.patch b/SOURCES/kvm-vhost-Add-SVQDescState.patch
new file mode 100644
index 0000000..b1ea4bb
--- /dev/null
+++ b/SOURCES/kvm-vhost-Add-SVQDescState.patch
@@ -0,0 +1,135 @@
+From 14200f493243f73152ea4a4b97274f0ec4fb36fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 15/32] vhost: Add SVQDescState
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [15/27] 2e2866f22e37cace8598ff44dfcdc07fcc915d6d (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 9e87868fcaf5785c8e1490c290505fa32305ff91
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:34 2022 +0200
+
+ vhost: Add SVQDescState
+
+ This will allow SVQ to add context to the different queue elements.
+
+ This patch only store the actual element, no functional change intended.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 16 ++++++++--------
+ hw/virtio/vhost-shadow-virtqueue.h | 8 ++++++--
+ 2 files changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 3cec03d709..a08e3d4025 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -256,7 +256,7 @@ static int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
+ return -EINVAL;
+ }
+
+- svq->ring_id_maps[qemu_head] = elem;
++ svq->desc_state[qemu_head].elem = elem;
+ vhost_svq_kick(svq);
+ return 0;
+ }
+@@ -411,21 +411,21 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- if (unlikely(!svq->ring_id_maps[used_elem.id])) {
++ if (unlikely(!svq->desc_state[used_elem.id].elem)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Device %s says index %u is used, but it was not available",
+ svq->vdev->name, used_elem.id);
+ return NULL;
+ }
+
+- num = svq->ring_id_maps[used_elem.id]->in_num +
+- svq->ring_id_maps[used_elem.id]->out_num;
++ num = svq->desc_state[used_elem.id].elem->in_num +
++ svq->desc_state[used_elem.id].elem->out_num;
+ last_used_chain = vhost_svq_last_desc_of_chain(svq, num, used_elem.id);
+ svq->desc_next[last_used_chain] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
+- return g_steal_pointer(&svq->ring_id_maps[used_elem.id]);
++ return g_steal_pointer(&svq->desc_state[used_elem.id].elem);
+ }
+
+ static void vhost_svq_flush(VhostShadowVirtqueue *svq,
+@@ -595,7 +595,7 @@ void vhost_svq_start(VhostShadowVirtqueue *svq, VirtIODevice *vdev,
+ memset(svq->vring.desc, 0, driver_size);
+ svq->vring.used = qemu_memalign(qemu_real_host_page_size, device_size);
+ memset(svq->vring.used, 0, device_size);
+- svq->ring_id_maps = g_new0(VirtQueueElement *, svq->vring.num);
++ svq->desc_state = g_new0(SVQDescState, svq->vring.num);
+ svq->desc_next = g_new0(uint16_t, svq->vring.num);
+ for (unsigned i = 0; i < svq->vring.num - 1; i++) {
+ svq->desc_next[i] = cpu_to_le16(i + 1);
+@@ -620,7 +620,7 @@ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+
+ for (unsigned i = 0; i < svq->vring.num; ++i) {
+ g_autofree VirtQueueElement *elem = NULL;
+- elem = g_steal_pointer(&svq->ring_id_maps[i]);
++ elem = g_steal_pointer(&svq->desc_state[i].elem);
+ if (elem) {
+ virtqueue_detach_element(svq->vq, elem, 0);
+ }
+@@ -632,7 +632,7 @@ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+ }
+ svq->vq = NULL;
+ g_free(svq->desc_next);
+- g_free(svq->ring_id_maps);
++ g_free(svq->desc_state);
+ qemu_vfree(svq->vring.desc);
+ qemu_vfree(svq->vring.used);
+ }
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index c132c994e9..d646c35054 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -15,6 +15,10 @@
+ #include "standard-headers/linux/vhost_types.h"
+ #include "hw/virtio/vhost-iova-tree.h"
+
++typedef struct SVQDescState {
++ VirtQueueElement *elem;
++} SVQDescState;
++
+ /* Shadow virtqueue to relay notifications */
+ typedef struct VhostShadowVirtqueue {
+ /* Shadow vring */
+@@ -47,8 +51,8 @@ typedef struct VhostShadowVirtqueue {
+ /* IOVA mapping */
+ VhostIOVATree *iova_tree;
+
+- /* Map for use the guest's descriptors */
+- VirtQueueElement **ring_id_maps;
++ /* SVQ vring descriptors state */
++ SVQDescState *desc_state;
+
+ /* Next VirtQueue element that guest made available */
+ VirtQueueElement *next_guest_avail_elem;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Add-svq-avail_handler-callback.patch b/SOURCES/kvm-vhost-Add-svq-avail_handler-callback.patch
new file mode 100644
index 0000000..a8b585d
--- /dev/null
+++ b/SOURCES/kvm-vhost-Add-svq-avail_handler-callback.patch
@@ -0,0 +1,164 @@
+From 433106c286a1961737300ebaece6f10b2747e7d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 20/32] vhost: Add svq avail_handler callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [20/27] d228eb89d204f8be623bc870503bbf0078dfc9ae (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit e966c0b781aebabd2c0f5eef91678f08ce1d068c
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:39 2022 +0200
+
+ vhost: Add svq avail_handler callback
+
+ This allows external handlers to be aware of new buffers that the guest
+ places in the virtqueue.
+
+ When this callback is defined the ownership of the guest's virtqueue
+ element is transferred to the callback. This means that if the user
+ wants to forward the descriptor it needs to manually inject it. The
+ callback is also free to process the command by itself and use the
+ element with svq_push.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 14 ++++++++++++--
+ hw/virtio/vhost-shadow-virtqueue.h | 31 +++++++++++++++++++++++++++++-
+ hw/virtio/vhost-vdpa.c | 3 ++-
+ 3 files changed, 44 insertions(+), 4 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 95d0d7a7ee..e53aac45f6 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -306,7 +306,11 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+ break;
+ }
+
+- r = vhost_svq_add_element(svq, elem);
++ if (svq->ops) {
++ r = svq->ops->avail_handler(svq, elem, svq->ops_opaque);
++ } else {
++ r = vhost_svq_add_element(svq, elem);
++ }
+ if (unlikely(r != 0)) {
+ if (r == -ENOSPC) {
+ /*
+@@ -685,12 +689,16 @@ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+ * shadow methods and file descriptors.
+ *
+ * @iova_tree: Tree to perform descriptors translations
++ * @ops: SVQ owner callbacks
++ * @ops_opaque: ops opaque pointer
+ *
+ * Returns the new virtqueue or NULL.
+ *
+ * In case of error, reason is reported through error_report.
+ */
+-VhostShadowVirtqueue *vhost_svq_new(VhostIOVATree *iova_tree)
++VhostShadowVirtqueue *vhost_svq_new(VhostIOVATree *iova_tree,
++ const VhostShadowVirtqueueOps *ops,
++ void *ops_opaque)
+ {
+ g_autofree VhostShadowVirtqueue *svq = g_new0(VhostShadowVirtqueue, 1);
+ int r;
+@@ -712,6 +720,8 @@ VhostShadowVirtqueue *vhost_svq_new(VhostIOVATree *iova_tree)
+ event_notifier_init_fd(&svq->svq_kick, VHOST_FILE_UNBIND);
+ event_notifier_set_handler(&svq->hdev_call, vhost_svq_handle_call);
+ svq->iova_tree = iova_tree;
++ svq->ops = ops;
++ svq->ops_opaque = ops_opaque;
+ return g_steal_pointer(&svq);
+
+ err_init_hdev_call:
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index cf442f7dea..d04c34a589 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -25,6 +25,27 @@ typedef struct SVQDescState {
+ unsigned int ndescs;
+ } SVQDescState;
+
++typedef struct VhostShadowVirtqueue VhostShadowVirtqueue;
++
++/**
++ * Callback to handle an avail buffer.
++ *
++ * @svq: Shadow virtqueue
++ * @elem: Element placed in the queue by the guest
++ * @vq_callback_opaque: Opaque
++ *
++ * Returns 0 if the vq is running as expected.
++ *
++ * Note that ownership of elem is transferred to the callback.
++ */
++typedef int (*VirtQueueAvailCallback)(VhostShadowVirtqueue *svq,
++ VirtQueueElement *elem,
++ void *vq_callback_opaque);
++
++typedef struct VhostShadowVirtqueueOps {
++ VirtQueueAvailCallback avail_handler;
++} VhostShadowVirtqueueOps;
++
+ /* Shadow virtqueue to relay notifications */
+ typedef struct VhostShadowVirtqueue {
+ /* Shadow vring */
+@@ -69,6 +90,12 @@ typedef struct VhostShadowVirtqueue {
+ */
+ uint16_t *desc_next;
+
++ /* Caller callbacks */
++ const VhostShadowVirtqueueOps *ops;
++
++ /* Caller callbacks opaque */
++ void *ops_opaque;
++
+ /* Next head to expose to the device */
+ uint16_t shadow_avail_idx;
+
+@@ -102,7 +129,9 @@ void vhost_svq_start(VhostShadowVirtqueue *svq, VirtIODevice *vdev,
+ VirtQueue *vq);
+ void vhost_svq_stop(VhostShadowVirtqueue *svq);
+
+-VhostShadowVirtqueue *vhost_svq_new(VhostIOVATree *iova_tree);
++VhostShadowVirtqueue *vhost_svq_new(VhostIOVATree *iova_tree,
++ const VhostShadowVirtqueueOps *ops,
++ void *ops_opaque);
+
+ void vhost_svq_free(gpointer vq);
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(VhostShadowVirtqueue, vhost_svq_free);
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 33dcaa135e..28df57b12e 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -416,8 +416,9 @@ static int vhost_vdpa_init_svq(struct vhost_dev *hdev, struct vhost_vdpa *v,
+
+ shadow_vqs = g_ptr_array_new_full(hdev->nvqs, vhost_svq_free);
+ for (unsigned n = 0; n < hdev->nvqs; ++n) {
+- g_autoptr(VhostShadowVirtqueue) svq = vhost_svq_new(v->iova_tree);
++ g_autoptr(VhostShadowVirtqueue) svq;
+
++ svq = vhost_svq_new(v->iova_tree, NULL, NULL);
+ if (unlikely(!svq)) {
+ error_setg(errp, "Cannot create svq %u", n);
+ return -1;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch b/SOURCES/kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch
new file mode 100644
index 0000000..9b6155b
--- /dev/null
+++ b/SOURCES/kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch
@@ -0,0 +1,67 @@
+From 6cde15c70c86819033337771eb522e94e3ea9e34 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:20:07 +0200
+Subject: [PATCH 09/23] vhost: Always store new kick fd on
+ vhost_svq_set_svq_kick_fd
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [8/21] a09b8851c39d7cea67414560f6d322e988b9d59a (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+We can unbind twice a file descriptor if we call twice
+vhost_svq_set_svq_kick_fd because of this. Since it comes from vhost and
+not from SVQ, that file descriptor could be a different thing that
+guest's vhost notifier.
+
+Likewise, it can happens the same if a guest start and stop the device
+multiple times.
+
+Reported-by: Lei Yang <leiyang@redhat.com>
+Fixes: dff4426fa6 ("vhost: Add Shadow VirtQueue kick forwarding capabilities")
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 6867f29c1425add7e0e8d1d8d58cc0ffbb8df0e4)
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index e53aac45f6..f420311b89 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -602,13 +602,13 @@ void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd)
+ event_notifier_set_handler(svq_kick, NULL);
+ }
+
++ event_notifier_init_fd(svq_kick, svq_kick_fd);
+ /*
+ * event_notifier_set_handler already checks for guest's notifications if
+ * they arrive at the new file descriptor in the switch, so there is no
+ * need to explicitly check for them.
+ */
+ if (poll_start) {
+- event_notifier_init_fd(svq_kick, svq_kick_fd);
+ event_notifier_set(svq_kick);
+ event_notifier_set_handler(svq_kick, vhost_handle_guest_kick_notifier);
+ }
+@@ -655,7 +655,7 @@ void vhost_svq_start(VhostShadowVirtqueue *svq, VirtIODevice *vdev,
+ */
+ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+ {
+- event_notifier_set_handler(&svq->svq_kick, NULL);
++ vhost_svq_set_svq_kick_fd(svq, VHOST_FILE_UNBIND);
+ g_autofree VirtQueueElement *next_avail_elem = NULL;
+
+ if (!svq->vq) {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch b/SOURCES/kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch
new file mode 100644
index 0000000..9b09d42
--- /dev/null
+++ b/SOURCES/kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch
@@ -0,0 +1,134 @@
+From 893dffb820973361bcef33612a6b924554a856c1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 13/32] vhost: Check for queue full at vhost_svq_add
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [13/27] d4bd8299fb7733a1e190618dfc92b4b53b7bbeb3 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit f20b70eb5a68cfd8fef74a13ccdd494ef1cb0221
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:32 2022 +0200
+
+ vhost: Check for queue full at vhost_svq_add
+
+ The series need to expose vhost_svq_add with full functionality,
+ including checking for full queue.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 59 +++++++++++++++++-------------
+ 1 file changed, 33 insertions(+), 26 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index e3fc3c2658..1d2bab287b 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -233,21 +233,29 @@ static void vhost_svq_kick(VhostShadowVirtqueue *svq)
+ * Add an element to a SVQ.
+ *
+ * The caller must check that there is enough slots for the new element. It
+- * takes ownership of the element: In case of failure, it is free and the SVQ
+- * is considered broken.
++ * takes ownership of the element: In case of failure not ENOSPC, it is free.
++ *
++ * Return -EINVAL if element is invalid, -ENOSPC if dev queue is full
+ */
+-static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
++static int vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ {
+ unsigned qemu_head;
+- bool ok = vhost_svq_add_split(svq, elem, &qemu_head);
++ unsigned ndescs = elem->in_num + elem->out_num;
++ bool ok;
++
++ if (unlikely(ndescs > vhost_svq_available_slots(svq))) {
++ return -ENOSPC;
++ }
++
++ ok = vhost_svq_add_split(svq, elem, &qemu_head);
+ if (unlikely(!ok)) {
+ g_free(elem);
+- return false;
++ return -EINVAL;
+ }
+
+ svq->ring_id_maps[qemu_head] = elem;
+ vhost_svq_kick(svq);
+- return true;
++ return 0;
+ }
+
+ /**
+@@ -274,7 +282,7 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+
+ while (true) {
+ VirtQueueElement *elem;
+- bool ok;
++ int r;
+
+ if (svq->next_guest_avail_elem) {
+ elem = g_steal_pointer(&svq->next_guest_avail_elem);
+@@ -286,25 +294,24 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+ break;
+ }
+
+- if (elem->out_num + elem->in_num > vhost_svq_available_slots(svq)) {
+- /*
+- * This condition is possible since a contiguous buffer in GPA
+- * does not imply a contiguous buffer in qemu's VA
+- * scatter-gather segments. If that happens, the buffer exposed
+- * to the device needs to be a chain of descriptors at this
+- * moment.
+- *
+- * SVQ cannot hold more available buffers if we are here:
+- * queue the current guest descriptor and ignore further kicks
+- * until some elements are used.
+- */
+- svq->next_guest_avail_elem = elem;
+- return;
+- }
+-
+- ok = vhost_svq_add(svq, elem);
+- if (unlikely(!ok)) {
+- /* VQ is broken, just return and ignore any other kicks */
++ r = vhost_svq_add(svq, elem);
++ if (unlikely(r != 0)) {
++ if (r == -ENOSPC) {
++ /*
++ * This condition is possible since a contiguous buffer in
++ * GPA does not imply a contiguous buffer in qemu's VA
++ * scatter-gather segments. If that happens, the buffer
++ * exposed to the device needs to be a chain of descriptors
++ * at this moment.
++ *
++ * SVQ cannot hold more available buffers if we are here:
++ * queue the current guest descriptor and ignore kicks
++ * until some elements are used.
++ */
++ svq->next_guest_avail_elem = elem;
++ }
++
++ /* VQ is full or broken, just return and ignore kicks */
+ return;
+ }
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch b/SOURCES/kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch
new file mode 100644
index 0000000..6755aad
--- /dev/null
+++ b/SOURCES/kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch
@@ -0,0 +1,138 @@
+From 5c8de23e185a1a1f0b19eac3c9fa03411c9f545c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 14/32] vhost: Decouple vhost_svq_add from VirtQueueElement
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [14/27] 463087dd316adc91b9c7a4e6634c6fc1745c1849 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 1f46ae65d85f677b660bda46685dd3e94885a7cb
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:33 2022 +0200
+
+ vhost: Decouple vhost_svq_add from VirtQueueElement
+
+ VirtQueueElement comes from the guest, but we're heading SVQ to be able
+ to modify the element presented to the device without the guest's
+ knowledge.
+
+ To do so, make SVQ accept sg buffers directly, instead of using
+ VirtQueueElement.
+
+ Add vhost_svq_add_element to maintain element convenience.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Acked-by: Jason Wang <jasowang@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 33 ++++++++++++++++++++----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 1d2bab287b..3cec03d709 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -172,30 +172,31 @@ static bool vhost_svq_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ }
+
+ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+- VirtQueueElement *elem, unsigned *head)
++ const struct iovec *out_sg, size_t out_num,
++ const struct iovec *in_sg, size_t in_num,
++ unsigned *head)
+ {
+ unsigned avail_idx;
+ vring_avail_t *avail = svq->vring.avail;
+ bool ok;
+- g_autofree hwaddr *sgs = g_new(hwaddr, MAX(elem->out_num, elem->in_num));
++ g_autofree hwaddr *sgs = g_new(hwaddr, MAX(out_num, in_num));
+
+ *head = svq->free_head;
+
+ /* We need some descriptors here */
+- if (unlikely(!elem->out_num && !elem->in_num)) {
++ if (unlikely(!out_num && !in_num)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Guest provided element with no descriptors");
+ return false;
+ }
+
+- ok = vhost_svq_vring_write_descs(svq, sgs, elem->out_sg, elem->out_num,
+- elem->in_num > 0, false);
++ ok = vhost_svq_vring_write_descs(svq, sgs, out_sg, out_num, in_num > 0,
++ false);
+ if (unlikely(!ok)) {
+ return false;
+ }
+
+- ok = vhost_svq_vring_write_descs(svq, sgs, elem->in_sg, elem->in_num, false,
+- true);
++ ok = vhost_svq_vring_write_descs(svq, sgs, in_sg, in_num, false, true);
+ if (unlikely(!ok)) {
+ return false;
+ }
+@@ -237,17 +238,19 @@ static void vhost_svq_kick(VhostShadowVirtqueue *svq)
+ *
+ * Return -EINVAL if element is invalid, -ENOSPC if dev queue is full
+ */
+-static int vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
++static int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
++ size_t out_num, const struct iovec *in_sg,
++ size_t in_num, VirtQueueElement *elem)
+ {
+ unsigned qemu_head;
+- unsigned ndescs = elem->in_num + elem->out_num;
++ unsigned ndescs = in_num + out_num;
+ bool ok;
+
+ if (unlikely(ndescs > vhost_svq_available_slots(svq))) {
+ return -ENOSPC;
+ }
+
+- ok = vhost_svq_add_split(svq, elem, &qemu_head);
++ ok = vhost_svq_add_split(svq, out_sg, out_num, in_sg, in_num, &qemu_head);
+ if (unlikely(!ok)) {
+ g_free(elem);
+ return -EINVAL;
+@@ -258,6 +261,14 @@ static int vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ return 0;
+ }
+
++/* Convenience wrapper to add a guest's element to SVQ */
++static int vhost_svq_add_element(VhostShadowVirtqueue *svq,
++ VirtQueueElement *elem)
++{
++ return vhost_svq_add(svq, elem->out_sg, elem->out_num, elem->in_sg,
++ elem->in_num, elem);
++}
++
+ /**
+ * Forward available buffers.
+ *
+@@ -294,7 +305,7 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+ break;
+ }
+
+- r = vhost_svq_add(svq, elem);
++ r = vhost_svq_add_element(svq, elem);
+ if (unlikely(r != 0)) {
+ if (r == -ENOSPC) {
+ /*
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Delete-useless-read-memory-barrier.patch b/SOURCES/kvm-vhost-Delete-useless-read-memory-barrier.patch
new file mode 100644
index 0000000..f5aad51
--- /dev/null
+++ b/SOURCES/kvm-vhost-Delete-useless-read-memory-barrier.patch
@@ -0,0 +1,47 @@
+From 773d1bb4e9ea9ca704372e52569955937f91f15c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:28 +0200
+Subject: [PATCH 13/23] vhost: Delete useless read memory barrier
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [12/21] 0e238fe934b1fc2c7e10b6f693468bc25ea3243f (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+As discussed in previous series [1], this memory barrier is useless with
+the atomic read of used idx at vhost_svq_more_used. Deleting it.
+
+[1] https://lists.nongnu.org/archive/html/qemu-devel/2022-07/msg02616.html
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit cdfb1612ba0f9b76367c96ce26ba94fedc7a0e61)
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 7792f3db1d..d36afbc547 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -509,9 +509,6 @@ size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
+ if (unlikely(g_get_monotonic_time() - start_us > 10e6)) {
+ return 0;
+ }
+-
+- /* Make sure we read new used_idx */
+- smp_rmb();
+ } while (true);
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch b/SOURCES/kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch
new file mode 100644
index 0000000..81ed89e
--- /dev/null
+++ b/SOURCES/kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch
@@ -0,0 +1,63 @@
+From 2f134d800a7ac521a637a0da2116b2603b12c8c0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:29 +0200
+Subject: [PATCH 14/23] vhost: Do not depend on !NULL VirtQueueElement on
+ vhost_svq_flush
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [13/21] 93ec7baa2a29031db25d86b7dc1a949388623370 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Since QEMU will be able to inject new elements on CVQ to restore the
+state, we need not to depend on a VirtQueueElement to know if a new
+element has been used by the device or not. Instead of check that, check
+if there are new elements only using used idx on vhost_svq_flush.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 7599f71c11c08b90f173c35ded1aaa1fdca86f1b)
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index d36afbc547..c0e3c92e96 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -499,17 +499,20 @@ static void vhost_svq_flush(VhostShadowVirtqueue *svq,
+ size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
+ {
+ int64_t start_us = g_get_monotonic_time();
++ uint32_t len;
++
+ do {
+- uint32_t len;
+- VirtQueueElement *elem = vhost_svq_get_buf(svq, &len);
+- if (elem) {
+- return len;
++ if (vhost_svq_more_used(svq)) {
++ break;
+ }
+
+ if (unlikely(g_get_monotonic_time() - start_us > 10e6)) {
+ return 0;
+ }
+ } while (true);
++
++ vhost_svq_get_buf(svq, &len);
++ return len;
+ }
+
+ /**
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Expose-vhost_svq_add.patch b/SOURCES/kvm-vhost-Expose-vhost_svq_add.patch
new file mode 100644
index 0000000..70dc774
--- /dev/null
+++ b/SOURCES/kvm-vhost-Expose-vhost_svq_add.patch
@@ -0,0 +1,73 @@
+From cefd6583a8483c7a80f9cde8f7ad4705983af9e7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 18/32] vhost: Expose vhost_svq_add
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [18/27] bfb44f597d350336113783bcc9b3c9d9d32ff8c0 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit d0291f3f284d3bc220cdb13b0d8ac8a44eb5fd4c
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:37 2022 +0200
+
+ vhost: Expose vhost_svq_add
+
+ This allows external parts of SVQ to forward custom buffers to the
+ device.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 6 +++---
+ hw/virtio/vhost-shadow-virtqueue.h | 3 +++
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 1ce52d5b4a..cb879e7b88 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -238,9 +238,9 @@ static void vhost_svq_kick(VhostShadowVirtqueue *svq)
+ *
+ * Return -EINVAL if element is invalid, -ENOSPC if dev queue is full
+ */
+-static int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
+- size_t out_num, const struct iovec *in_sg,
+- size_t in_num, VirtQueueElement *elem)
++int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
++ size_t out_num, const struct iovec *in_sg, size_t in_num,
++ VirtQueueElement *elem)
+ {
+ unsigned qemu_head;
+ unsigned ndescs = in_num + out_num;
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index d9fc1f1799..dd78f4bec2 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -86,6 +86,9 @@ bool vhost_svq_valid_features(uint64_t features, Error **errp);
+
+ void vhost_svq_push_elem(VhostShadowVirtqueue *svq,
+ const VirtQueueElement *elem, uint32_t len);
++int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
++ size_t out_num, const struct iovec *in_sg, size_t in_num,
++ VirtQueueElement *elem);
+
+ void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd);
+ void vhost_svq_set_svq_call_fd(VhostShadowVirtqueue *svq, int call_fd);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch b/SOURCES/kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch
new file mode 100644
index 0000000..f149c05
--- /dev/null
+++ b/SOURCES/kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch
@@ -0,0 +1,83 @@
+From 793d6d56190397624efdcaf6e0112bd12e39c05d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:25:01 +0200
+Subject: [PATCH 02/32] vhost: Fix device's used descriptor dequeue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [2/27] b92803a0681c94c65d243dd07424522387594760 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 81abfa5724c9a6502d7a1d3a67c55f2a303a1170
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Thu May 12 19:57:43 2022 +0200
+
+ vhost: Fix device's used descriptor dequeue
+
+ Only the first one of them were properly enqueued back.
+
+ Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Message-Id: <20220512175747.142058-3-eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 3155801f50..31fc50907d 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -334,12 +334,22 @@ static void vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
+ svq->vring.avail->flags |= cpu_to_le16(VRING_AVAIL_F_NO_INTERRUPT);
+ }
+
++static uint16_t vhost_svq_last_desc_of_chain(const VhostShadowVirtqueue *svq,
++ uint16_t num, uint16_t i)
++{
++ for (uint16_t j = 0; j < (num - 1); ++j) {
++ i = le16_to_cpu(svq->desc_next[i]);
++ }
++
++ return i;
++}
++
+ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ uint32_t *len)
+ {
+ const vring_used_t *used = svq->vring.used;
+ vring_used_elem_t used_elem;
+- uint16_t last_used;
++ uint16_t last_used, last_used_chain, num;
+
+ if (!vhost_svq_more_used(svq)) {
+ return NULL;
+@@ -365,7 +375,10 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- svq->desc_next[used_elem.id] = svq->free_head;
++ num = svq->ring_id_maps[used_elem.id]->in_num +
++ svq->ring_id_maps[used_elem.id]->out_num;
++ last_used_chain = vhost_svq_last_desc_of_chain(svq, num, used_elem.id);
++ svq->desc_next[last_used_chain] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch b/SOURCES/kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch
new file mode 100644
index 0000000..51eb700
--- /dev/null
+++ b/SOURCES/kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch
@@ -0,0 +1,68 @@
+From aa99cf129923e0203c0caeb3b4e94a0eb973746f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:36:38 +0200
+Subject: [PATCH 04/32] vhost: Fix element in vhost_svq_add failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [4/27] 96689c99a47dd49591c0d126cb1fbb975b2f79b4 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 5181db132b587754dda3a520eec923b87a65bbb7
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Thu May 12 19:57:47 2022 +0200
+
+ vhost: Fix element in vhost_svq_add failure
+
+ Coverity rightly reports that is not free in that case.
+
+ Fixes: Coverity CID 1487559
+ Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Message-Id: <20220512175747.142058-7-eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 31fc50907d..06d0bb39d9 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -199,11 +199,19 @@ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+ return true;
+ }
+
++/**
++ * Add an element to a SVQ.
++ *
++ * The caller must check that there is enough slots for the new element. It
++ * takes ownership of the element: In case of failure, it is free and the SVQ
++ * is considered broken.
++ */
+ static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ {
+ unsigned qemu_head;
+ bool ok = vhost_svq_add_split(svq, elem, &qemu_head);
+ if (unlikely(!ok)) {
++ g_free(elem);
+ return false;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Get-vring-base-from-vq-not-svq.patch b/SOURCES/kvm-vhost-Get-vring-base-from-vq-not-svq.patch
new file mode 100644
index 0000000..1c8e586
--- /dev/null
+++ b/SOURCES/kvm-vhost-Get-vring-base-from-vq-not-svq.patch
@@ -0,0 +1,87 @@
+From 3f2ba7cce6b272a8b5c8953e8923e799e4aa7b88 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Mon, 18 Jul 2022 14:05:45 +0200
+Subject: [PATCH 02/23] vhost: Get vring base from vq, not svq
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/21] e7e0294bbc98f69ccdbc4af4715857e77b017f80 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: Merged
+
+The SVQ vring used idx usually match with the guest visible one, as long
+as all the guest buffers (GPA) maps to exactly one buffer within qemu's
+VA. However, as we can see in virtqueue_map_desc, a single guest buffer
+could map to many buffers in SVQ vring.
+
+Also, its also a mistake to rewind them at the source of migration.
+Since VirtQueue is able to migrate the inflight descriptors, its
+responsability of the destination to perform the rewind just in case it
+cannot report the inflight descriptors to the device.
+
+This makes easier to migrate between backends or to recover them in
+vhost devices that support set in flight descriptors.
+
+Fixes: 6d0b22266633 ("vdpa: Adapt vhost_vdpa_get_vring_base to SVQ")
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 2fdac348fd3d243bb964937236af3cc27ae7af2b)
+---
+ hw/virtio/vhost-vdpa.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 03dc6014b0..96334ab5b6 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1177,7 +1177,18 @@ static int vhost_vdpa_set_vring_base(struct vhost_dev *dev,
+ struct vhost_vring_state *ring)
+ {
+ struct vhost_vdpa *v = dev->opaque;
++ VirtQueue *vq = virtio_get_queue(dev->vdev, ring->index);
+
++ /*
++ * vhost-vdpa devices does not support in-flight requests. Set all of them
++ * as available.
++ *
++ * TODO: This is ok for networking, but other kinds of devices might
++ * have problems with these retransmissions.
++ */
++ while (virtqueue_rewind(vq, 1)) {
++ continue;
++ }
+ if (v->shadow_vqs_enabled) {
+ /*
+ * Device vring base was set at device start. SVQ base is handled by
+@@ -1193,21 +1204,10 @@ static int vhost_vdpa_get_vring_base(struct vhost_dev *dev,
+ struct vhost_vring_state *ring)
+ {
+ struct vhost_vdpa *v = dev->opaque;
+- int vdpa_idx = ring->index - dev->vq_index;
+ int ret;
+
+ if (v->shadow_vqs_enabled) {
+- VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, vdpa_idx);
+-
+- /*
+- * Setting base as last used idx, so destination will see as available
+- * all the entries that the device did not use, including the in-flight
+- * processing ones.
+- *
+- * TODO: This is ok for networking, but other kinds of devices might
+- * have problems with these retransmissions.
+- */
+- ring->num = svq->last_used_idx;
++ ring->num = virtio_queue_get_last_avail_idx(dev->vdev, ring->index);
+ return 0;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch b/SOURCES/kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch
new file mode 100644
index 0000000..513d7b4
--- /dev/null
+++ b/SOURCES/kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch
@@ -0,0 +1,61 @@
+From 3a944d8cd3d35b2398ff68d9ed8ea51d27dfab3c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 12/32] vhost: Move vhost_svq_kick call to vhost_svq_add
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [12/27] 29a7e1fb4992c4beca1e9a3379bb4c8a0f567459 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 98b5adef8493a2bfad6655cfee84299e88bedbf7
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:31 2022 +0200
+
+ vhost: Move vhost_svq_kick call to vhost_svq_add
+
+ The series needs to expose vhost_svq_add with full functionality,
+ including kick
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 05cd39d1eb..e3fc3c2658 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -246,6 +246,7 @@ static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ }
+
+ svq->ring_id_maps[qemu_head] = elem;
++ vhost_svq_kick(svq);
+ return true;
+ }
+
+@@ -306,7 +307,6 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+ /* VQ is broken, just return and ignore any other kicks */
+ return;
+ }
+- vhost_svq_kick(svq);
+ }
+
+ virtio_queue_set_notification(svq->vq, true);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Reorder-vhost_svq_kick.patch b/SOURCES/kvm-vhost-Reorder-vhost_svq_kick.patch
new file mode 100644
index 0000000..f61f3c3
--- /dev/null
+++ b/SOURCES/kvm-vhost-Reorder-vhost_svq_kick.patch
@@ -0,0 +1,88 @@
+From fdbf66e4c70de16ab36d70ea591322b1b24df591 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 11/32] vhost: Reorder vhost_svq_kick
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [11/27] 1d08b97eb3960a0f85f2dd48c3331b803f7ea205 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit d93a2405ca6efa9dc1c420cee5a34bd8242818d0
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:30 2022 +0200
+
+ vhost: Reorder vhost_svq_kick
+
+ Future code needs to call it from vhost_svq_add.
+
+ No functional change intended.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 9c46c3a8fa..05cd39d1eb 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -215,6 +215,20 @@ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+ return true;
+ }
+
++static void vhost_svq_kick(VhostShadowVirtqueue *svq)
++{
++ /*
++ * We need to expose the available array entries before checking the used
++ * flags
++ */
++ smp_mb();
++ if (svq->vring.used->flags & VRING_USED_F_NO_NOTIFY) {
++ return;
++ }
++
++ event_notifier_set(&svq->hdev_kick);
++}
++
+ /**
+ * Add an element to a SVQ.
+ *
+@@ -235,20 +249,6 @@ static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ return true;
+ }
+
+-static void vhost_svq_kick(VhostShadowVirtqueue *svq)
+-{
+- /*
+- * We need to expose the available array entries before checking the used
+- * flags
+- */
+- smp_mb();
+- if (svq->vring.used->flags & VRING_USED_F_NO_NOTIFY) {
+- return;
+- }
+-
+- event_notifier_set(&svq->hdev_kick);
+-}
+-
+ /**
+ * Forward available buffers.
+ *
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch b/SOURCES/kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
new file mode 100644
index 0000000..31bfccc
--- /dev/null
+++ b/SOURCES/kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
@@ -0,0 +1,123 @@
+From 486647551223cc01f4dba87197030bbf4e674f0f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:24:48 +0200
+Subject: [PATCH 01/32] vhost: Track descriptor chain in private at SVQ
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [1/27] 26d16dc383e3064ac6e4288d5c52b39fee0ad204 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 495fe3a78749c39c0e772c4e1a55d6cb8a7e5292
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Thu May 12 19:57:42 2022 +0200
+
+ vhost: Track descriptor chain in private at SVQ
+
+ The device could have access to modify them, and it definitely have
+ access when we implement packed vq. Harden SVQ maintaining a private
+ copy of the descriptor chain. Other fields like buffer addresses are
+ already maintained sepparatedly.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Message-Id: <20220512175747.142058-2-eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 12 +++++++-----
+ hw/virtio/vhost-shadow-virtqueue.h | 6 ++++++
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index b232803d1b..3155801f50 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -138,6 +138,7 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ for (n = 0; n < num; n++) {
+ if (more_descs || (n + 1 < num)) {
+ descs[i].flags = flags | cpu_to_le16(VRING_DESC_F_NEXT);
++ descs[i].next = cpu_to_le16(svq->desc_next[i]);
+ } else {
+ descs[i].flags = flags;
+ }
+@@ -145,10 +146,10 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ descs[i].len = cpu_to_le32(iovec[n].iov_len);
+
+ last = i;
+- i = cpu_to_le16(descs[i].next);
++ i = cpu_to_le16(svq->desc_next[i]);
+ }
+
+- svq->free_head = le16_to_cpu(descs[last].next);
++ svq->free_head = le16_to_cpu(svq->desc_next[last]);
+ }
+
+ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+@@ -336,7 +337,6 @@ static void vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
+ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ uint32_t *len)
+ {
+- vring_desc_t *descs = svq->vring.desc;
+ const vring_used_t *used = svq->vring.used;
+ vring_used_elem_t used_elem;
+ uint16_t last_used;
+@@ -365,7 +365,7 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- descs[used_elem.id].next = svq->free_head;
++ svq->desc_next[used_elem.id] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
+@@ -540,8 +540,9 @@ void vhost_svq_start(VhostShadowVirtqueue *svq, VirtIODevice *vdev,
+ svq->vring.used = qemu_memalign(qemu_real_host_page_size, device_size);
+ memset(svq->vring.used, 0, device_size);
+ svq->ring_id_maps = g_new0(VirtQueueElement *, svq->vring.num);
++ svq->desc_next = g_new0(uint16_t, svq->vring.num);
+ for (unsigned i = 0; i < svq->vring.num - 1; i++) {
+- svq->vring.desc[i].next = cpu_to_le16(i + 1);
++ svq->desc_next[i] = cpu_to_le16(i + 1);
+ }
+ }
+
+@@ -574,6 +575,7 @@ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+ virtqueue_detach_element(svq->vq, next_avail_elem, 0);
+ }
+ svq->vq = NULL;
++ g_free(svq->desc_next);
+ g_free(svq->ring_id_maps);
+ qemu_vfree(svq->vring.desc);
+ qemu_vfree(svq->vring.used);
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index e5e24c536d..c132c994e9 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -53,6 +53,12 @@ typedef struct VhostShadowVirtqueue {
+ /* Next VirtQueue element that guest made available */
+ VirtQueueElement *next_guest_avail_elem;
+
++ /*
++ * Backup next field for each descriptor so we can recover securely, not
++ * needing to trust the device access.
++ */
++ uint16_t *desc_next;
++
+ /* Next head to expose to the device */
+ uint16_t shadow_avail_idx;
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-Track-number-of-descs-in-SVQDescState.patch b/SOURCES/kvm-vhost-Track-number-of-descs-in-SVQDescState.patch
new file mode 100644
index 0000000..6a2e147
--- /dev/null
+++ b/SOURCES/kvm-vhost-Track-number-of-descs-in-SVQDescState.patch
@@ -0,0 +1,81 @@
+From 24b8cf88f53f9fc7cb393c9cad908f759980bfee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 16/32] vhost: Track number of descs in SVQDescState
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [16/27] 26f30cb6dd35c1eb1ddabe25113431bed3d744aa (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit ac4cfdc6f39c06732d27554523f9d5f8a53b4ffa
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:35 2022 +0200
+
+ vhost: Track number of descs in SVQDescState
+
+ A guest's buffer continuos on GPA may need multiple descriptors on
+ qemu's VA, so SVQ should track its length sepparatedly.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 4 ++--
+ hw/virtio/vhost-shadow-virtqueue.h | 6 ++++++
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index a08e3d4025..4d99075e73 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -257,6 +257,7 @@ static int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
+ }
+
+ svq->desc_state[qemu_head].elem = elem;
++ svq->desc_state[qemu_head].ndescs = ndescs;
+ vhost_svq_kick(svq);
+ return 0;
+ }
+@@ -418,8 +419,7 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- num = svq->desc_state[used_elem.id].elem->in_num +
+- svq->desc_state[used_elem.id].elem->out_num;
++ num = svq->desc_state[used_elem.id].ndescs;
+ last_used_chain = vhost_svq_last_desc_of_chain(svq, num, used_elem.id);
+ svq->desc_next[last_used_chain] = svq->free_head;
+ svq->free_head = used_elem.id;
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index d646c35054..5c7e7cbab6 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -17,6 +17,12 @@
+
+ typedef struct SVQDescState {
+ VirtQueueElement *elem;
++
++ /*
++ * Number of descriptors exposed to the device. May or may not match
++ * guest's
++ */
++ unsigned int ndescs;
+ } SVQDescState;
+
+ /* Shadow virtqueue to relay notifications */
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-add-vhost_svq_poll.patch b/SOURCES/kvm-vhost-add-vhost_svq_poll.patch
new file mode 100644
index 0000000..fa27e5e
--- /dev/null
+++ b/SOURCES/kvm-vhost-add-vhost_svq_poll.patch
@@ -0,0 +1,92 @@
+From 0ab3da1092362470d256b433c546bd365d34f930 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 19/32] vhost: add vhost_svq_poll
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [19/27] 6807bb0bb6e5183b46a03b12b4027c7d767e8555 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 3f44d13dda83d390cc9563e56e7d337e4f6223f4
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:38 2022 +0200
+
+ vhost: add vhost_svq_poll
+
+ It allows the Shadow Control VirtQueue to wait for the device to use the
+ available buffers.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 27 +++++++++++++++++++++++++++
+ hw/virtio/vhost-shadow-virtqueue.h | 1 +
+ 2 files changed, 28 insertions(+)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index cb879e7b88..95d0d7a7ee 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -485,6 +485,33 @@ static void vhost_svq_flush(VhostShadowVirtqueue *svq,
+ } while (!vhost_svq_enable_notification(svq));
+ }
+
++/**
++ * Poll the SVQ for one device used buffer.
++ *
++ * This function race with main event loop SVQ polling, so extra
++ * synchronization is needed.
++ *
++ * Return the length written by the device.
++ */
++size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
++{
++ int64_t start_us = g_get_monotonic_time();
++ do {
++ uint32_t len;
++ VirtQueueElement *elem = vhost_svq_get_buf(svq, &len);
++ if (elem) {
++ return len;
++ }
++
++ if (unlikely(g_get_monotonic_time() - start_us > 10e6)) {
++ return 0;
++ }
++
++ /* Make sure we read new used_idx */
++ smp_rmb();
++ } while (true);
++}
++
+ /**
+ * Forward used buffers.
+ *
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index dd78f4bec2..cf442f7dea 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -89,6 +89,7 @@ void vhost_svq_push_elem(VhostShadowVirtqueue *svq,
+ int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
+ size_t out_num, const struct iovec *in_sg, size_t in_num,
+ VirtQueueElement *elem);
++size_t vhost_svq_poll(VhostShadowVirtqueue *svq);
+
+ void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd);
+ void vhost_svq_set_svq_call_fd(VhostShadowVirtqueue *svq, int call_fd);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-add-vhost_svq_push_elem.patch b/SOURCES/kvm-vhost-add-vhost_svq_push_elem.patch
new file mode 100644
index 0000000..2a9ec40
--- /dev/null
+++ b/SOURCES/kvm-vhost-add-vhost_svq_push_elem.patch
@@ -0,0 +1,83 @@
+From a26eb02b3a49c5d1163685ba5b83b67138c09047 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 17/32] vhost: add vhost_svq_push_elem
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [17/27] d064b40a262f2dfdc9f648d250aa8c8020c40385 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 432efd144e990b6e040862de25f8f0b6a6eeb03d
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:36 2022 +0200
+
+ vhost: add vhost_svq_push_elem
+
+ This function allows external SVQ users to return guest's available
+ buffers.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 16 ++++++++++++++++
+ hw/virtio/vhost-shadow-virtqueue.h | 3 +++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 4d99075e73..1ce52d5b4a 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -428,6 +428,22 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return g_steal_pointer(&svq->desc_state[used_elem.id].elem);
+ }
+
++/**
++ * Push an element to SVQ, returning it to the guest.
++ */
++void vhost_svq_push_elem(VhostShadowVirtqueue *svq,
++ const VirtQueueElement *elem, uint32_t len)
++{
++ virtqueue_push(svq->vq, elem, len);
++ if (svq->next_guest_avail_elem) {
++ /*
++ * Avail ring was full when vhost_svq_flush was called, so it's a
++ * good moment to make more descriptors available if possible.
++ */
++ vhost_handle_guest_kick(svq);
++ }
++}
++
+ static void vhost_svq_flush(VhostShadowVirtqueue *svq,
+ bool check_for_avail_queue)
+ {
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index 5c7e7cbab6..d9fc1f1799 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -84,6 +84,9 @@ typedef struct VhostShadowVirtqueue {
+
+ bool vhost_svq_valid_features(uint64_t features, Error **errp);
+
++void vhost_svq_push_elem(VhostShadowVirtqueue *svq,
++ const VirtQueueElement *elem, uint32_t len);
++
+ void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd);
+ void vhost_svq_set_svq_call_fd(VhostShadowVirtqueue *svq, int call_fd);
+ void vhost_svq_get_vring_addr(const VhostShadowVirtqueue *svq,
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch b/SOURCES/kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch
new file mode 100644
index 0000000..08bcaf2
--- /dev/null
+++ b/SOURCES/kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch
@@ -0,0 +1,120 @@
+From 2bdea90bfbce3b8d5bfa86178a942a470b85b835 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 07/32] vhost: move descriptor translation to
+ vhost_svq_vring_write_descs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [7/27] 5533c72065e4ebf8ea7db966c976a3b29bdafb82 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 009c2549bb9dc7f7061009eb87f2a53d4b364983
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:26 2022 +0200
+
+ vhost: move descriptor translation to vhost_svq_vring_write_descs
+
+ It's done for both in and out descriptors so it's better placed here.
+
+ Acked-by: Jason Wang <jasowang@redhat.com>
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 38 +++++++++++++++++++++---------
+ 1 file changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 06d0bb39d9..3fbda1e3d4 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -122,17 +122,35 @@ static bool vhost_svq_translate_addr(const VhostShadowVirtqueue *svq,
+ return true;
+ }
+
+-static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+- const struct iovec *iovec, size_t num,
+- bool more_descs, bool write)
++/**
++ * Write descriptors to SVQ vring
++ *
++ * @svq: The shadow virtqueue
++ * @sg: Cache for hwaddr
++ * @iovec: The iovec from the guest
++ * @num: iovec length
++ * @more_descs: True if more descriptors come in the chain
++ * @write: True if they are writeable descriptors
++ *
++ * Return true if success, false otherwise and print error.
++ */
++static bool vhost_svq_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
++ const struct iovec *iovec, size_t num,
++ bool more_descs, bool write)
+ {
+ uint16_t i = svq->free_head, last = svq->free_head;
+ unsigned n;
+ uint16_t flags = write ? cpu_to_le16(VRING_DESC_F_WRITE) : 0;
+ vring_desc_t *descs = svq->vring.desc;
++ bool ok;
+
+ if (num == 0) {
+- return;
++ return true;
++ }
++
++ ok = vhost_svq_translate_addr(svq, sg, iovec, num);
++ if (unlikely(!ok)) {
++ return false;
+ }
+
+ for (n = 0; n < num; n++) {
+@@ -150,6 +168,7 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ }
+
+ svq->free_head = le16_to_cpu(svq->desc_next[last]);
++ return true;
+ }
+
+ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+@@ -169,21 +188,18 @@ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+ return false;
+ }
+
+- ok = vhost_svq_translate_addr(svq, sgs, elem->out_sg, elem->out_num);
++ ok = vhost_svq_vring_write_descs(svq, sgs, elem->out_sg, elem->out_num,
++ elem->in_num > 0, false);
+ if (unlikely(!ok)) {
+ return false;
+ }
+- vhost_vring_write_descs(svq, sgs, elem->out_sg, elem->out_num,
+- elem->in_num > 0, false);
+-
+
+- ok = vhost_svq_translate_addr(svq, sgs, elem->in_sg, elem->in_num);
++ ok = vhost_svq_vring_write_descs(svq, sgs, elem->in_sg, elem->in_num, false,
++ true);
+ if (unlikely(!ok)) {
+ return false;
+ }
+
+- vhost_vring_write_descs(svq, sgs, elem->in_sg, elem->in_num, false, true);
+-
+ /*
+ * Put the entry in the available array (but don't update avail->idx until
+ * they do sync).
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch b/SOURCES/kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch
index e0df99e..70e8f59 100644
--- a/SOURCES/kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch
+++ b/SOURCES/kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch
@@ -1,18 +1,18 @@
-From 1e3faef7048c8d36c9e3f004c7e08d96b30d055f Mon Sep 17 00:00:00 2001
+From edb2bd99355f300b512c040e91f5870ea14a5d7e Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:15 -0700
-Subject: [PATCH 4/7] vhost-net: fix improper cleanup in vhost_net_start
+Subject: [PATCH 11/16] vhost-net: fix improper cleanup in vhost_net_start
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [4/7] 31575b626fd5b381a4640e4f2608033bb141dc62
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [4/7] e88e482dd4b344f0cc887a358268beaed4d62917 (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
vhost_net_start() missed a corresponding stop_one() upon error from
vhost_set_vring_enable(). While at it, make the error handling for
@@ -24,7 +24,7 @@ Message-Id: <1651890498-24478-5-git-send-email-si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 6f3910b5eee00b8cc959e94659c0d524c482a418)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/vhost_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/SOURCES/kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch b/SOURCES/kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch
new file mode 100644
index 0000000..31677fd
--- /dev/null
+++ b/SOURCES/kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch
@@ -0,0 +1,87 @@
+From a9095850da8dd4ea3fdb725cb7f79118144e22fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:39:27 +0200
+Subject: [PATCH 22/32] vhost-net-vdpa: add stubs for when no virtio-net device
+ is present
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [22/27] a2b25a805bb06094a5fab27ce8f82bee12a9fcb5 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 94c643732dc110d04bbdf0eb43c41bce23b3593e
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:41 2022 +0200
+
+ vhost-net-vdpa: add stubs for when no virtio-net device is present
+
+ net/vhost-vdpa.c will need functions that are declared in
+ vhost-shadow-virtqueue.c, that needs functions of virtio-net.c.
+
+ Copy the vhost-vdpa-stub.c code so
+ only the constructor net_init_vhost_vdpa needs to be defined.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ net/meson.build | 3 ++-
+ net/vhost-vdpa-stub.c | 21 +++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+ create mode 100644 net/vhost-vdpa-stub.c
+
+diff --git a/net/meson.build b/net/meson.build
+index c965e83b26..116a9e7cbb 100644
+--- a/net/meson.build
++++ b/net/meson.build
+@@ -41,7 +41,8 @@ endif
+ softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files(tap_posix))
+ softmmu_ss.add(when: 'CONFIG_WIN32', if_true: files('tap-win32.c'))
+ if have_vhost_net_vdpa
+- softmmu_ss.add(files('vhost-vdpa.c'))
++ softmmu_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('vhost-vdpa.c'), if_false: files('vhost-vdpa-stub.c'))
++ softmmu_ss.add(when: 'CONFIG_ALL', if_true: files('vhost-vdpa-stub.c'))
+ endif
+
+ subdir('can')
+diff --git a/net/vhost-vdpa-stub.c b/net/vhost-vdpa-stub.c
+new file mode 100644
+index 0000000000..1732ed2443
+--- /dev/null
++++ b/net/vhost-vdpa-stub.c
+@@ -0,0 +1,21 @@
++/*
++ * vhost-vdpa-stub.c
++ *
++ * Copyright (c) 2022 Red Hat, Inc.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#include "qemu/osdep.h"
++#include "clients.h"
++#include "net/vhost-vdpa.h"
++#include "qapi/error.h"
++
++int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
++ NetClientState *peer, Error **errp)
++{
++ error_setg(errp, "vhost-vdpa requires frontend driver virtio-net-*");
++ return -1;
++}
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch b/SOURCES/kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch
new file mode 100644
index 0000000..7125f6a
--- /dev/null
+++ b/SOURCES/kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch
@@ -0,0 +1,80 @@
+From 45305ab202fa2191962152e5a501a9a13e31a0b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:26 +0200
+Subject: [PATCH 11/23] vhost: stop transfer elem ownership in
+ vhost_handle_guest_kick
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [10/21] 697a5c0ad59efe27abf447f7965091993bc39756 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+It was easier to allow vhost_svq_add to handle the memory. Now that we
+will allow qemu to add elements to a SVQ without the guest's knowledge,
+it's better to handle it in the caller.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit eb42df8bb2c92a7313343d97409cd99ccba25b25)
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index f420311b89..2ae47d90a1 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -233,9 +233,6 @@ static void vhost_svq_kick(VhostShadowVirtqueue *svq)
+ /**
+ * Add an element to a SVQ.
+ *
+- * The caller must check that there is enough slots for the new element. It
+- * takes ownership of the element: In case of failure not ENOSPC, it is free.
+- *
+ * Return -EINVAL if element is invalid, -ENOSPC if dev queue is full
+ */
+ int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
+@@ -252,7 +249,6 @@ int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
+
+ ok = vhost_svq_add_split(svq, out_sg, out_num, in_sg, in_num, &qemu_head);
+ if (unlikely(!ok)) {
+- g_free(elem);
+ return -EINVAL;
+ }
+
+@@ -293,7 +289,7 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+ virtio_queue_set_notification(svq->vq, false);
+
+ while (true) {
+- VirtQueueElement *elem;
++ g_autofree VirtQueueElement *elem;
+ int r;
+
+ if (svq->next_guest_avail_elem) {
+@@ -324,12 +320,14 @@ static void vhost_handle_guest_kick(VhostShadowVirtqueue *svq)
+ * queue the current guest descriptor and ignore kicks
+ * until some elements are used.
+ */
+- svq->next_guest_avail_elem = elem;
++ svq->next_guest_avail_elem = g_steal_pointer(&elem);
+ }
+
+ /* VQ is full or broken, just return and ignore kicks */
+ return;
+ }
++ /* elem belongs to SVQ or external caller now */
++ elem = NULL;
+ }
+
+ virtio_queue_set_notification(svq->vq, true);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch b/SOURCES/kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch
new file mode 100644
index 0000000..b908739
--- /dev/null
+++ b/SOURCES/kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch
@@ -0,0 +1,55 @@
+From 78b7d9af26ae802b3ca0d7b794b366ab4d515647 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:27 +0200
+Subject: [PATCH 12/23] vhost: use SVQ element ndescs instead of opaque data
+ for desc validation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [11/21] 536ba65ff7241c4dc66362294ba8de4354260d6f (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Since we're going to allow SVQ to add elements without the guest's
+knowledge and without its own VirtQueueElement, it's easier to check if
+an element is a valid head checking a different thing than the
+VirtQueueElement.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 70e0841722deb363b53cdcd465af12a0d1461b60)
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 2ae47d90a1..7792f3db1d 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -414,7 +414,7 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- if (unlikely(!svq->desc_state[used_elem.id].elem)) {
++ if (unlikely(!svq->desc_state[used_elem.id].ndescs)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Device %s says index %u is used, but it was not available",
+ svq->vdev->name, used_elem.id);
+@@ -422,6 +422,7 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ }
+
+ num = svq->desc_state[used_elem.id].ndescs;
++ svq->desc_state[used_elem.id].ndescs = 0;
+ last_used_chain = vhost_svq_last_desc_of_chain(svq, num, used_elem.id);
+ svq->desc_next[last_used_chain] = svq->free_head;
+ svq->free_head = used_elem.id;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost-vdpa-backend-feature-should-set-only-once.patch b/SOURCES/kvm-vhost-vdpa-backend-feature-should-set-only-once.patch
index 961174f..747bf5f 100644
--- a/SOURCES/kvm-vhost-vdpa-backend-feature-should-set-only-once.patch
+++ b/SOURCES/kvm-vhost-vdpa-backend-feature-should-set-only-once.patch
@@ -1,18 +1,18 @@
-From 4e7f13419c3c45563210e8aed01ebbdf0dd43a01 Mon Sep 17 00:00:00 2001
+From 46c5a35aa56cf0dd55376638dbf7d46e85f497e1 Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:16 -0700
-Subject: [PATCH 5/7] vhost-vdpa: backend feature should set only once
+Subject: [PATCH 12/16] vhost-vdpa: backend feature should set only once
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [5/7] 338375ebeab833b8ddd7c7f501aa348f28953778
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [5/7] 7531bb8da0c99b29997e8bfc6d1e811daf3cdd38 (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
The vhost_vdpa_one_time_request() branch in
vhost_vdpa_set_backend_cap() incorrectly sends down
@@ -35,16 +35,16 @@ Message-Id: <1651890498-24478-6-git-send-email-si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 6aee7e4233f6467f69531fcd352adff028f3f5ea)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/virtio/vhost-vdpa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
-index 78da48a333..a9be24776a 100644
+index 8adf7c0b92..6e3dbd9e89 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
-@@ -525,7 +525,7 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)
+@@ -665,7 +665,7 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)
features &= f;
diff --git a/SOURCES/kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch b/SOURCES/kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch
index 4a971c3..2466557 100644
--- a/SOURCES/kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch
+++ b/SOURCES/kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch
@@ -1,19 +1,19 @@
-From 0074686ee2de7ffb06b4eb2f9c14a2f7dcea248b Mon Sep 17 00:00:00 2001
+From 58acdab17ec00ab76105ab92a51c5ba4dec3df5a Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:17 -0700
-Subject: [PATCH 6/7] vhost-vdpa: change name and polarity for
+Subject: [PATCH 13/16] vhost-vdpa: change name and polarity for
vhost_vdpa_one_time_request()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [6/7] 9cc673a62032fdf8c84e3d82ff504ae4f4100ecf
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [6/7] 7029778f463a136ff412c63b86b6953390e47bf8 (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
The name vhost_vdpa_one_time_request() was confusing. No
matter whatever it returns, its typical occurrence had
@@ -34,16 +34,16 @@ Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit d71b0609fc04217e28d17009f04d74b08be6f466)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/virtio/vhost-vdpa.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
-index a9be24776a..38bbcb3c18 100644
+index 6e3dbd9e89..33dcaa135e 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
-@@ -319,11 +319,18 @@ static void vhost_vdpa_get_iova_range(struct vhost_vdpa *v)
+@@ -366,11 +366,18 @@ static void vhost_vdpa_get_iova_range(struct vhost_vdpa *v)
v->iova_range.last);
}
@@ -63,8 +63,8 @@ index a9be24776a..38bbcb3c18 100644
+ return v->index == 0;
}
- static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque, Error **errp)
-@@ -351,7 +358,7 @@ static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque, Error **errp)
+ static int vhost_vdpa_get_dev_features(struct vhost_dev *dev,
+@@ -451,7 +458,7 @@ static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque, Error **errp)
vhost_vdpa_get_iova_range(v);
@@ -73,7 +73,7 @@ index a9be24776a..38bbcb3c18 100644
return 0;
}
-@@ -468,7 +475,7 @@ static int vhost_vdpa_memslots_limit(struct vhost_dev *dev)
+@@ -594,7 +601,7 @@ static int vhost_vdpa_memslots_limit(struct vhost_dev *dev)
static int vhost_vdpa_set_mem_table(struct vhost_dev *dev,
struct vhost_memory *mem)
{
@@ -82,8 +82,8 @@ index a9be24776a..38bbcb3c18 100644
return 0;
}
-@@ -496,7 +503,7 @@ static int vhost_vdpa_set_features(struct vhost_dev *dev,
- {
+@@ -623,7 +630,7 @@ static int vhost_vdpa_set_features(struct vhost_dev *dev,
+ struct vhost_vdpa *v = dev->opaque;
int ret;
- if (vhost_vdpa_one_time_request(dev)) {
@@ -91,7 +91,7 @@ index a9be24776a..38bbcb3c18 100644
return 0;
}
-@@ -525,7 +532,7 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)
+@@ -665,7 +672,7 @@ static int vhost_vdpa_set_backend_cap(struct vhost_dev *dev)
features &= f;
@@ -100,16 +100,16 @@ index a9be24776a..38bbcb3c18 100644
r = vhost_vdpa_call(dev, VHOST_SET_BACKEND_FEATURES, &features);
if (r) {
return -EFAULT;
-@@ -670,7 +677,7 @@ static int vhost_vdpa_dev_start(struct vhost_dev *dev, bool started)
- static int vhost_vdpa_set_log_base(struct vhost_dev *dev, uint64_t base,
+@@ -1118,7 +1125,7 @@ static int vhost_vdpa_set_log_base(struct vhost_dev *dev, uint64_t base,
struct vhost_log *log)
{
-- if (vhost_vdpa_one_time_request(dev)) {
-+ if (!vhost_vdpa_first_dev(dev)) {
+ struct vhost_vdpa *v = dev->opaque;
+- if (v->shadow_vqs_enabled || vhost_vdpa_one_time_request(dev)) {
++ if (v->shadow_vqs_enabled || !vhost_vdpa_first_dev(dev)) {
return 0;
}
-@@ -739,7 +746,7 @@ static int vhost_vdpa_get_features(struct vhost_dev *dev,
+@@ -1240,7 +1247,7 @@ static int vhost_vdpa_get_features(struct vhost_dev *dev,
static int vhost_vdpa_set_owner(struct vhost_dev *dev)
{
diff --git a/SOURCES/kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch b/SOURCES/kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch
index c9a4d7f..7716cbf 100644
--- a/SOURCES/kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch
+++ b/SOURCES/kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch
@@ -1,18 +1,18 @@
-From b140a9fdeaab84d4a2d8828604ffb6aa8367dcbe Mon Sep 17 00:00:00 2001
+From 3142102adb98f46518c0ac1773b0c48710c6bed6 Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:14 -0700
-Subject: [PATCH 3/7] vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa
+Subject: [PATCH 10/16] vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [3/7] 600138cb9945013179f5a3c14f52d637c4b9f6c7
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [3/7] c83ff6c97d34cfae3c3447edde934b42a9ace75f (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
... such that no memory leaks on dangling net clients in case of
error.
@@ -23,13 +23,13 @@ Message-Id: <1651890498-24478-4-git-send-email-si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9bd055073e375c8a0d7ebce925e05d914d69fc7f)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
net/vhost-vdpa.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
-index 25dd6dd975..814f704687 100644
+index 1e9fe47c03..df1e69ee72 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -306,7 +306,9 @@ int net_init_vhost_vdpa(const Netdev *netdev, const char *name,
@@ -42,7 +42,7 @@ index 25dd6dd975..814f704687 100644
+ }
}
qemu_close(vdpa_device_fd);
- g_free(ncs);
+
--
2.31.1
diff --git a/SOURCES/kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch b/SOURCES/kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
deleted file mode 100644
index 7f4388a..0000000
--- a/SOURCES/kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 3a8dff1446aaa9a3b93a16ea027214064e84a582 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@rehat.com>
-Date: Thu, 14 Apr 2022 10:38:26 -0400
-Subject: [PATCH 3/3] vhost-vsock: detach the virqueue element in case of error
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 179: vhost-vsock: detach the virqueue element in case of error
-RH-Commit: [1/1] 9275dbff40eb3c7be2abca8369055ca4a1e1e52d (jmaloy/qemu-kvm)
-RH-Bugzilla: 2075640
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075640
-Upstream: Merged
-CVE: CVE-2022-26354
-
-commit 8d1b247f3748ac4078524130c6d7ae42b6140aaf
-Author: Stefano Garzarella <sgarzare@redhat.com>
-Date: Mon Feb 28 10:50:58 2022 +0100
-
- vhost-vsock: detach the virqueue element in case of error
-
- In vhost_vsock_common_send_transport_reset(), if an element popped from
- the virtqueue is invalid, we should call virtqueue_detach_element() to
- detach it from the virtqueue before freeing its memory.
-
- Fixes: fc0b9b0e1c ("vhost-vsock: add virtio sockets device")
- Fixes: CVE-2022-26354
- Cc: qemu-stable@nongnu.org
- Reported-by: VictorV <vv474172261@gmail.com>
- Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
- Message-Id: <20220228095058.27899-1-sgarzare@redhat.com>
- Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
- Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
- Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-
-(cherry picked from commit 8d1b247f3748ac4078524130c6d7ae42b6140aaf)
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- hw/virtio/vhost-vsock-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
-index 3f3771274e..ed706681ac 100644
---- a/hw/virtio/vhost-vsock-common.c
-+++ b/hw/virtio/vhost-vsock-common.c
-@@ -153,19 +153,23 @@ static void vhost_vsock_common_send_transport_reset(VHostVSockCommon *vvc)
- if (elem->out_num) {
- error_report("invalid vhost-vsock event virtqueue element with "
- "out buffers");
-- goto out;
-+ goto err;
- }
-
- if (iov_from_buf(elem->in_sg, elem->in_num, 0,
- &event, sizeof(event)) != sizeof(event)) {
- error_report("vhost-vsock event virtqueue element is too short");
-- goto out;
-+ goto err;
- }
-
- virtqueue_push(vq, elem, sizeof(event));
- virtio_notify(VIRTIO_DEVICE(vvc), vq);
-
--out:
-+ g_free(elem);
-+ return;
-+
-+err:
-+ virtqueue_detach_element(vq, elem, 0);
- g_free(elem);
- }
-
---
-2.31.1
-
diff --git a/SOURCES/kvm-vhost_net-Add-NetClientInfo-start-callback.patch b/SOURCES/kvm-vhost_net-Add-NetClientInfo-start-callback.patch
new file mode 100644
index 0000000..40bf5f6
--- /dev/null
+++ b/SOURCES/kvm-vhost_net-Add-NetClientInfo-start-callback.patch
@@ -0,0 +1,73 @@
+From 6a6999311742b6dccdfce09f30742a63d72d1bd7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:30 +0200
+Subject: [PATCH 15/23] vhost_net: Add NetClientInfo start callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [14/21] df6a96ae3aec02ecae793bdbd8e9c2fcfac7871a (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+This is used by the backend to perform actions before the device is
+started.
+
+In particular, vdpa net use it to map CVQ buffers to the device, so it
+can send control commands using them.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 80bda0e674fd0b439ac627ab7ecdbd4a1b46d525)
+---
+ hw/net/vhost_net.c | 7 +++++++
+ include/net/net.h | 2 ++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
+index d6d7c51f62..1005f9d8e6 100644
+--- a/hw/net/vhost_net.c
++++ b/hw/net/vhost_net.c
+@@ -244,6 +244,13 @@ static int vhost_net_start_one(struct vhost_net *net,
+ struct vhost_vring_file file = { };
+ int r;
+
++ if (net->nc->info->start) {
++ r = net->nc->info->start(net->nc);
++ if (r < 0) {
++ return r;
++ }
++ }
++
+ r = vhost_dev_enable_notifiers(&net->dev, dev);
+ if (r < 0) {
+ goto fail_notifiers;
+diff --git a/include/net/net.h b/include/net/net.h
+index 523136c7ac..ad9e80083a 100644
+--- a/include/net/net.h
++++ b/include/net/net.h
+@@ -44,6 +44,7 @@ typedef struct NICConf {
+
+ typedef void (NetPoll)(NetClientState *, bool enable);
+ typedef bool (NetCanReceive)(NetClientState *);
++typedef int (NetStart)(NetClientState *);
+ typedef ssize_t (NetReceive)(NetClientState *, const uint8_t *, size_t);
+ typedef ssize_t (NetReceiveIOV)(NetClientState *, const struct iovec *, int);
+ typedef void (NetCleanup) (NetClientState *);
+@@ -71,6 +72,7 @@ typedef struct NetClientInfo {
+ NetReceive *receive_raw;
+ NetReceiveIOV *receive_iov;
+ NetCanReceive *can_receive;
++ NetStart *start;
+ NetCleanup *cleanup;
+ LinkStatusChanged *link_status_changed;
+ QueryRxFilter *query_rx_filter;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost_net-Add-NetClientInfo-stop-callback.patch b/SOURCES/kvm-vhost_net-Add-NetClientInfo-stop-callback.patch
new file mode 100644
index 0000000..c622824
--- /dev/null
+++ b/SOURCES/kvm-vhost_net-Add-NetClientInfo-stop-callback.patch
@@ -0,0 +1,68 @@
+From effd0ed379deb43bb850f1aeff24fa85935d7f52 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:31 +0200
+Subject: [PATCH 16/23] vhost_net: Add NetClientInfo stop callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [15/21] 9f8a3e9bfb0d21fa0479f54a7a17cb738aa46359 (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+Used by the backend to perform actions after the device is stopped.
+
+In particular, vdpa net use it to unmap CVQ buffers to the device,
+cleaning the actions performed in prepare().
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit c6544e2331d721627fa7356da3592bcb46340f1b)
+---
+ hw/net/vhost_net.c | 3 +++
+ include/net/net.h | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
+index 1005f9d8e6..275ece5324 100644
+--- a/hw/net/vhost_net.c
++++ b/hw/net/vhost_net.c
+@@ -320,6 +320,9 @@ static void vhost_net_stop_one(struct vhost_net *net,
+ net->nc->info->poll(net->nc, true);
+ }
+ vhost_dev_stop(&net->dev, dev);
++ if (net->nc->info->stop) {
++ net->nc->info->stop(net->nc);
++ }
+ vhost_dev_disable_notifiers(&net->dev, dev);
+ }
+
+diff --git a/include/net/net.h b/include/net/net.h
+index ad9e80083a..476ad45b9a 100644
+--- a/include/net/net.h
++++ b/include/net/net.h
+@@ -45,6 +45,7 @@ typedef struct NICConf {
+ typedef void (NetPoll)(NetClientState *, bool enable);
+ typedef bool (NetCanReceive)(NetClientState *);
+ typedef int (NetStart)(NetClientState *);
++typedef void (NetStop)(NetClientState *);
+ typedef ssize_t (NetReceive)(NetClientState *, const uint8_t *, size_t);
+ typedef ssize_t (NetReceiveIOV)(NetClientState *, const struct iovec *, int);
+ typedef void (NetCleanup) (NetClientState *);
+@@ -73,6 +74,7 @@ typedef struct NetClientInfo {
+ NetReceiveIOV *receive_iov;
+ NetCanReceive *can_receive;
+ NetStart *start;
++ NetStop *stop;
+ NetCleanup *cleanup;
+ LinkStatusChanged *link_status_changed;
+ QueryRxFilter *query_rx_filter;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-vhost_net-add-NetClientState-load-callback.patch b/SOURCES/kvm-vhost_net-add-NetClientState-load-callback.patch
new file mode 100644
index 0000000..92a9078
--- /dev/null
+++ b/SOURCES/kvm-vhost_net-add-NetClientState-load-callback.patch
@@ -0,0 +1,73 @@
+From 6a5c236b95ce475c556ccd92c2135ad48474e8fb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Tue, 23 Aug 2022 20:30:35 +0200
+Subject: [PATCH 20/23] vhost_net: add NetClientState->load() callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 116: vdpa: Restore device state on destination
+RH-Bugzilla: 2114060
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [19/21] 439b4133a757b2f1c5f4a1441eca25329896491a (eperezmartin/qemu-kvm)
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2114060
+Upstream status: git@github.com:jasowang/qemu.git net-next
+
+It allows per-net client operations right after device's successful
+start. In particular, to load the device status.
+
+Vhost-vdpa net will use it to add the CVQ buffers to restore the device
+status.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 302f3d20e68a8a120d431f7ff7cb02a75917f54c)
+---
+ hw/net/vhost_net.c | 7 +++++++
+ include/net/net.h | 2 ++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
+index 275ece5324..ea3a8be1c9 100644
+--- a/hw/net/vhost_net.c
++++ b/hw/net/vhost_net.c
+@@ -281,6 +281,13 @@ static int vhost_net_start_one(struct vhost_net *net,
+ }
+ }
+ }
++
++ if (net->nc->info->load) {
++ r = net->nc->info->load(net->nc);
++ if (r < 0) {
++ goto fail;
++ }
++ }
+ return 0;
+ fail:
+ file.fd = -1;
+diff --git a/include/net/net.h b/include/net/net.h
+index 476ad45b9a..81d0b21def 100644
+--- a/include/net/net.h
++++ b/include/net/net.h
+@@ -45,6 +45,7 @@ typedef struct NICConf {
+ typedef void (NetPoll)(NetClientState *, bool enable);
+ typedef bool (NetCanReceive)(NetClientState *);
+ typedef int (NetStart)(NetClientState *);
++typedef int (NetLoad)(NetClientState *);
+ typedef void (NetStop)(NetClientState *);
+ typedef ssize_t (NetReceive)(NetClientState *, const uint8_t *, size_t);
+ typedef ssize_t (NetReceiveIOV)(NetClientState *, const struct iovec *, int);
+@@ -74,6 +75,7 @@ typedef struct NetClientInfo {
+ NetReceiveIOV *receive_iov;
+ NetCanReceive *can_receive;
+ NetStart *start;
++ NetLoad *load;
+ NetStop *stop;
+ NetCleanup *cleanup;
+ LinkStatusChanged *link_status_changed;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch b/SOURCES/kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch
new file mode 100644
index 0000000..2a72cc7
--- /dev/null
+++ b/SOURCES/kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch
@@ -0,0 +1,46 @@
+From 643d9c28ff8b15c333cc748c5e712659ad2a257c Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Mon, 13 Jun 2022 14:10:10 +0800
+Subject: [PATCH 03/17] virtio-iommu: Add an assert check in translate routine
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
+RH-Commit: [3/5] 19f309fd0beda40d65f51c454e37936658ac9f38 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2100106
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
+
+With address space switch supported, dma access translation only
+happen after endpoint is attached to a non-bypass domain.
+
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Message-Id: <20220613061010.2674054-4-zhenzhong.duan@intel.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 23b5f0ff6d923d3bca11cf44eed3daf7a0a836a8)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/virtio/virtio-iommu.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
+index 440a1c28a7..e970d4d5a6 100644
+--- a/hw/virtio/virtio-iommu.c
++++ b/hw/virtio/virtio-iommu.c
+@@ -866,6 +866,10 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
+ qemu_rec_mutex_lock(&s->mutex);
+
+ ep = g_tree_lookup(s->endpoints, GUINT_TO_POINTER(sid));
++
++ if (bypass_allowed)
++ assert(ep && ep->domain && !ep->domain->bypass);
++
+ if (!ep) {
+ if (!bypass_allowed) {
+ error_report_once("%s sid=%d is not known!!", __func__, sid);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch b/SOURCES/kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch
new file mode 100644
index 0000000..3352666
--- /dev/null
+++ b/SOURCES/kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch
@@ -0,0 +1,250 @@
+From d60774ee3168eefb21a4120a38107cd36ae17e07 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Mon, 13 Jun 2022 14:10:08 +0800
+Subject: [PATCH 01/17] virtio-iommu: Add bypass mode support to assigned
+ device
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
+RH-Commit: [1/5] 4777815533b31c7f4f09af8902e378fd3fc1186a (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2100106
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
+
+Currently assigned devices can not work in virtio-iommu bypass mode.
+Guest driver fails to probe the device due to DMA failure. And the
+reason is because of lacking GPA -> HPA mappings when VM is created.
+
+Add a root container memory region to hold both bypass memory region
+and iommu memory region, so the switch between them is supported
+just like the implementation in virtual VT-d.
+
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Message-Id: <20220613061010.2674054-2-zhenzhong.duan@intel.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 90519b90539b16258d1d52b908b199f44877dc18)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/virtio/trace-events | 1 +
+ hw/virtio/virtio-iommu.c | 115 ++++++++++++++++++++++++++++++-
+ include/hw/virtio/virtio-iommu.h | 2 +
+ 3 files changed, 116 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
+index a5102eac9e..2ab5881b88 100644
+--- a/hw/virtio/trace-events
++++ b/hw/virtio/trace-events
+@@ -114,6 +114,7 @@ virtio_iommu_remap(const char *name, uint64_t virt_start, uint64_t virt_end, uin
+ virtio_iommu_set_page_size_mask(const char *name, uint64_t old, uint64_t new) "mr=%s old_mask=0x%"PRIx64" new_mask=0x%"PRIx64
+ virtio_iommu_notify_flag_add(const char *name) "add notifier to mr %s"
+ virtio_iommu_notify_flag_del(const char *name) "del notifier from mr %s"
++virtio_iommu_switch_address_space(uint8_t bus, uint8_t slot, uint8_t fn, bool on) "Device %02x:%02x.%x switching address space (iommu enabled=%d)"
+
+ # virtio-mem.c
+ virtio_mem_send_response(uint16_t type) "type=%" PRIu16
+diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
+index 6d5ea0bdf1..5e99e6c62b 100644
+--- a/hw/virtio/virtio-iommu.c
++++ b/hw/virtio/virtio-iommu.c
+@@ -70,6 +70,77 @@ static inline uint16_t virtio_iommu_get_bdf(IOMMUDevice *dev)
+ return PCI_BUILD_BDF(pci_bus_num(dev->bus), dev->devfn);
+ }
+
++static bool virtio_iommu_device_bypassed(IOMMUDevice *sdev)
++{
++ uint32_t sid;
++ bool bypassed;
++ VirtIOIOMMU *s = sdev->viommu;
++ VirtIOIOMMUEndpoint *ep;
++
++ sid = virtio_iommu_get_bdf(sdev);
++
++ qemu_mutex_lock(&s->mutex);
++ /* need to check bypass before system reset */
++ if (!s->endpoints) {
++ bypassed = s->config.bypass;
++ goto unlock;
++ }
++
++ ep = g_tree_lookup(s->endpoints, GUINT_TO_POINTER(sid));
++ if (!ep || !ep->domain) {
++ bypassed = s->config.bypass;
++ } else {
++ bypassed = ep->domain->bypass;
++ }
++
++unlock:
++ qemu_mutex_unlock(&s->mutex);
++ return bypassed;
++}
++
++/* Return whether the device is using IOMMU translation. */
++static bool virtio_iommu_switch_address_space(IOMMUDevice *sdev)
++{
++ bool use_remapping;
++
++ assert(sdev);
++
++ use_remapping = !virtio_iommu_device_bypassed(sdev);
++
++ trace_virtio_iommu_switch_address_space(pci_bus_num(sdev->bus),
++ PCI_SLOT(sdev->devfn),
++ PCI_FUNC(sdev->devfn),
++ use_remapping);
++
++ /* Turn off first then on the other */
++ if (use_remapping) {
++ memory_region_set_enabled(&sdev->bypass_mr, false);
++ memory_region_set_enabled(MEMORY_REGION(&sdev->iommu_mr), true);
++ } else {
++ memory_region_set_enabled(MEMORY_REGION(&sdev->iommu_mr), false);
++ memory_region_set_enabled(&sdev->bypass_mr, true);
++ }
++
++ return use_remapping;
++}
++
++static void virtio_iommu_switch_address_space_all(VirtIOIOMMU *s)
++{
++ GHashTableIter iter;
++ IOMMUPciBus *iommu_pci_bus;
++ int i;
++
++ g_hash_table_iter_init(&iter, s->as_by_busptr);
++ while (g_hash_table_iter_next(&iter, NULL, (void **)&iommu_pci_bus)) {
++ for (i = 0; i < PCI_DEVFN_MAX; i++) {
++ if (!iommu_pci_bus->pbdev[i]) {
++ continue;
++ }
++ virtio_iommu_switch_address_space(iommu_pci_bus->pbdev[i]);
++ }
++ }
++}
++
+ /**
+ * The bus number is used for lookup when SID based operations occur.
+ * In that case we lazily populate the IOMMUPciBus array from the bus hash
+@@ -214,6 +285,7 @@ static gboolean virtio_iommu_notify_map_cb(gpointer key, gpointer value,
+ static void virtio_iommu_detach_endpoint_from_domain(VirtIOIOMMUEndpoint *ep)
+ {
+ VirtIOIOMMUDomain *domain = ep->domain;
++ IOMMUDevice *sdev = container_of(ep->iommu_mr, IOMMUDevice, iommu_mr);
+
+ if (!ep->domain) {
+ return;
+@@ -222,6 +294,7 @@ static void virtio_iommu_detach_endpoint_from_domain(VirtIOIOMMUEndpoint *ep)
+ ep->iommu_mr);
+ QLIST_REMOVE(ep, next);
+ ep->domain = NULL;
++ virtio_iommu_switch_address_space(sdev);
+ }
+
+ static VirtIOIOMMUEndpoint *virtio_iommu_get_endpoint(VirtIOIOMMU *s,
+@@ -324,12 +397,39 @@ static AddressSpace *virtio_iommu_find_add_as(PCIBus *bus, void *opaque,
+
+ trace_virtio_iommu_init_iommu_mr(name);
+
++ memory_region_init(&sdev->root, OBJECT(s), name, UINT64_MAX);
++ address_space_init(&sdev->as, &sdev->root, TYPE_VIRTIO_IOMMU);
++
++ /*
++ * Build the IOMMU disabled container with aliases to the
++ * shared MRs. Note that aliasing to a shared memory region
++ * could help the memory API to detect same FlatViews so we
++ * can have devices to share the same FlatView when in bypass
++ * mode. (either by not configuring virtio-iommu driver or with
++ * "iommu=pt"). It will greatly reduce the total number of
++ * FlatViews of the system hence VM runs faster.
++ */
++ memory_region_init_alias(&sdev->bypass_mr, OBJECT(s),
++ "system", get_system_memory(), 0,
++ memory_region_size(get_system_memory()));
++
+ memory_region_init_iommu(&sdev->iommu_mr, sizeof(sdev->iommu_mr),
+ TYPE_VIRTIO_IOMMU_MEMORY_REGION,
+ OBJECT(s), name,
+ UINT64_MAX);
+- address_space_init(&sdev->as,
+- MEMORY_REGION(&sdev->iommu_mr), TYPE_VIRTIO_IOMMU);
++
++ /*
++ * Hook both the containers under the root container, we
++ * switch between iommu & bypass MRs by enable/disable
++ * corresponding sub-containers
++ */
++ memory_region_add_subregion_overlap(&sdev->root, 0,
++ MEMORY_REGION(&sdev->iommu_mr),
++ 0);
++ memory_region_add_subregion_overlap(&sdev->root, 0,
++ &sdev->bypass_mr, 0);
++
++ virtio_iommu_switch_address_space(sdev);
+ g_free(name);
+ }
+ return &sdev->as;
+@@ -343,6 +443,7 @@ static int virtio_iommu_attach(VirtIOIOMMU *s,
+ uint32_t flags = le32_to_cpu(req->flags);
+ VirtIOIOMMUDomain *domain;
+ VirtIOIOMMUEndpoint *ep;
++ IOMMUDevice *sdev;
+
+ trace_virtio_iommu_attach(domain_id, ep_id);
+
+@@ -376,6 +477,8 @@ static int virtio_iommu_attach(VirtIOIOMMU *s,
+ QLIST_INSERT_HEAD(&domain->endpoint_list, ep, next);
+
+ ep->domain = domain;
++ sdev = container_of(ep->iommu_mr, IOMMUDevice, iommu_mr);
++ virtio_iommu_switch_address_space(sdev);
+
+ /* Replay domain mappings on the associated memory region */
+ g_tree_foreach(domain->mappings, virtio_iommu_notify_map_cb,
+@@ -888,6 +991,7 @@ static void virtio_iommu_set_config(VirtIODevice *vdev,
+ return;
+ }
+ dev_config->bypass = in_config->bypass;
++ virtio_iommu_switch_address_space_all(dev);
+ }
+
+ trace_virtio_iommu_set_config(in_config->bypass);
+@@ -1027,6 +1131,8 @@ static void virtio_iommu_system_reset(void *opaque)
+ * system reset
+ */
+ s->config.bypass = s->boot_bypass;
++ virtio_iommu_switch_address_space_all(s);
++
+ }
+
+ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
+@@ -1043,6 +1149,11 @@ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
+ virtio_iommu_handle_command);
+ s->event_vq = virtio_add_queue(vdev, VIOMMU_DEFAULT_QUEUE_SIZE, NULL);
+
++ /*
++ * config.bypass is needed to get initial address space early, such as
++ * in vfio realize
++ */
++ s->config.bypass = s->boot_bypass;
+ s->config.page_size_mask = TARGET_PAGE_MASK;
+ s->config.input_range.end = UINT64_MAX;
+ s->config.domain_range.end = UINT32_MAX;
+diff --git a/include/hw/virtio/virtio-iommu.h b/include/hw/virtio/virtio-iommu.h
+index 84391f8448..102eeefa73 100644
+--- a/include/hw/virtio/virtio-iommu.h
++++ b/include/hw/virtio/virtio-iommu.h
+@@ -37,6 +37,8 @@ typedef struct IOMMUDevice {
+ int devfn;
+ IOMMUMemoryRegion iommu_mr;
+ AddressSpace as;
++ MemoryRegion root; /* The root container of the device */
++ MemoryRegion bypass_mr; /* The alias of shared memory MR */
+ } IOMMUDevice;
+
+ typedef struct IOMMUPciBus {
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-iommu-Fix-migration-regression.patch b/SOURCES/kvm-virtio-iommu-Fix-migration-regression.patch
new file mode 100644
index 0000000..f5ae4d6
--- /dev/null
+++ b/SOURCES/kvm-virtio-iommu-Fix-migration-regression.patch
@@ -0,0 +1,54 @@
+From 8d45902b4884315ec090e607e9f03606b21001cf Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Fri, 24 Jun 2022 17:37:40 +0800
+Subject: [PATCH 05/17] virtio-iommu: Fix migration regression
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
+RH-Commit: [5/5] 9652c4aaaf88e24083fab1fbc3d1423260c93ca6 (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2100106
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
+
+We also need to switch to the right address space on dest side
+after loading the device status. DMA to wrong address space is
+destructive.
+
+Fixes: 3facd774962fd ("virtio-iommu: Add bypass mode support to assigned device")
+Suggested-by: Eric Auger <eric.auger@redhat.com>
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Message-Id: <20220624093740.3525267-1-zhenzhong.duan@intel.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+(cherry picked from commit d355566bd958e24e7e384da6ea89a9fc88d7bfed)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/virtio/virtio-iommu.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
+index 44a041dec9..2012835554 100644
+--- a/hw/virtio/virtio-iommu.c
++++ b/hw/virtio/virtio-iommu.c
+@@ -1324,6 +1324,14 @@ static int iommu_post_load(void *opaque, int version_id)
+ VirtIOIOMMU *s = opaque;
+
+ g_tree_foreach(s->domains, reconstruct_endpoints, s);
++
++ /*
++ * Memory regions are dynamically turned on/off depending on
++ * 'config.bypass' and attached domain type if there is. After
++ * migration, we need to make sure the memory regions are
++ * still correct.
++ */
++ virtio_iommu_switch_address_space_all(s);
+ return 0;
+ }
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch b/SOURCES/kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch
new file mode 100644
index 0000000..7747bfe
--- /dev/null
+++ b/SOURCES/kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch
@@ -0,0 +1,67 @@
+From b681247c29b59af40c86f8f0ae5709138ae9bf1a Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Thu, 23 Jun 2022 10:31:52 +0800
+Subject: [PATCH 04/17] virtio-iommu: Fix the partial copy of probe request
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
+RH-Commit: [4/5] c402164414a8e69bbb6df20af3c2b6d2589d6f3e (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2100106
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
+
+The structure of probe request doesn't include the tail, this leads
+to a few field missed to be copied. Currently this isn't an issue as
+those missed field belong to reserved field, just in case reserved
+field will be used in the future.
+
+Changed 4th parameter of virtio_iommu_iov_to_req() to receive size
+of device-readable part.
+
+Fixes: 1733eebb9e75b ("virtio-iommu: Implement RESV_MEM probe request")
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Message-Id: <20220623023152.3473231-1-zhenzhong.duan@intel.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+(cherry picked from commit 45461aace83d961e933b27519b81d17b4c690514)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/virtio/virtio-iommu.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
+index e970d4d5a6..44a041dec9 100644
+--- a/hw/virtio/virtio-iommu.c
++++ b/hw/virtio/virtio-iommu.c
+@@ -676,11 +676,10 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
+
+ static int virtio_iommu_iov_to_req(struct iovec *iov,
+ unsigned int iov_cnt,
+- void *req, size_t req_sz)
++ void *req, size_t payload_sz)
+ {
+- size_t sz, payload_sz = req_sz - sizeof(struct virtio_iommu_req_tail);
++ size_t sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
+
+- sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
+ if (unlikely(sz != payload_sz)) {
+ return VIRTIO_IOMMU_S_INVAL;
+ }
+@@ -693,7 +692,8 @@ static int virtio_iommu_handle_ ## __req(VirtIOIOMMU *s, \
+ unsigned int iov_cnt) \
+ { \
+ struct virtio_iommu_req_ ## __req req; \
+- int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); \
++ int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, \
++ sizeof(req) - sizeof(struct virtio_iommu_req_tail));\
+ \
+ return ret ? ret : virtio_iommu_ ## __req(s, &req); \
+ }
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch b/SOURCES/kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch
new file mode 100644
index 0000000..df961b0
--- /dev/null
+++ b/SOURCES/kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch
@@ -0,0 +1,141 @@
+From 881c999e302e7ee1212b47c523a2cf442c549417 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Mon, 13 Jun 2022 14:10:09 +0800
+Subject: [PATCH 02/17] virtio-iommu: Use recursive lock to avoid deadlock
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
+RH-Commit: [2/5] 67dce1eecb49555f728f119f8efac00417ff65bf (eauger1/centos-qemu-kvm)
+RH-Bugzilla: 2100106
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
+
+When switching address space with mutex lock hold, mapping will be
+replayed for assigned device. This will trigger relock deadlock.
+
+Also release the mutex resource in unrealize routine.
+
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Message-Id: <20220613061010.2674054-3-zhenzhong.duan@intel.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 08f2030a2e46f1e93d186b3a683e5caef1df562b)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/virtio/virtio-iommu.c | 20 +++++++++++---------
+ include/hw/virtio/virtio-iommu.h | 2 +-
+ 2 files changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
+index 5e99e6c62b..440a1c28a7 100644
+--- a/hw/virtio/virtio-iommu.c
++++ b/hw/virtio/virtio-iommu.c
+@@ -79,7 +79,7 @@ static bool virtio_iommu_device_bypassed(IOMMUDevice *sdev)
+
+ sid = virtio_iommu_get_bdf(sdev);
+
+- qemu_mutex_lock(&s->mutex);
++ qemu_rec_mutex_lock(&s->mutex);
+ /* need to check bypass before system reset */
+ if (!s->endpoints) {
+ bypassed = s->config.bypass;
+@@ -94,7 +94,7 @@ static bool virtio_iommu_device_bypassed(IOMMUDevice *sdev)
+ }
+
+ unlock:
+- qemu_mutex_unlock(&s->mutex);
++ qemu_rec_mutex_unlock(&s->mutex);
+ return bypassed;
+ }
+
+@@ -746,7 +746,7 @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
+ tail.status = VIRTIO_IOMMU_S_DEVERR;
+ goto out;
+ }
+- qemu_mutex_lock(&s->mutex);
++ qemu_rec_mutex_lock(&s->mutex);
+ switch (head.type) {
+ case VIRTIO_IOMMU_T_ATTACH:
+ tail.status = virtio_iommu_handle_attach(s, iov, iov_cnt);
+@@ -775,7 +775,7 @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
+ default:
+ tail.status = VIRTIO_IOMMU_S_UNSUPP;
+ }
+- qemu_mutex_unlock(&s->mutex);
++ qemu_rec_mutex_unlock(&s->mutex);
+
+ out:
+ sz = iov_from_buf(elem->in_sg, elem->in_num, 0,
+@@ -863,7 +863,7 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
+ sid = virtio_iommu_get_bdf(sdev);
+
+ trace_virtio_iommu_translate(mr->parent_obj.name, sid, addr, flag);
+- qemu_mutex_lock(&s->mutex);
++ qemu_rec_mutex_lock(&s->mutex);
+
+ ep = g_tree_lookup(s->endpoints, GUINT_TO_POINTER(sid));
+ if (!ep) {
+@@ -947,7 +947,7 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
+ trace_virtio_iommu_translate_out(addr, entry.translated_addr, sid);
+
+ unlock:
+- qemu_mutex_unlock(&s->mutex);
++ qemu_rec_mutex_unlock(&s->mutex);
+ return entry;
+ }
+
+@@ -1036,7 +1036,7 @@ static void virtio_iommu_replay(IOMMUMemoryRegion *mr, IOMMUNotifier *n)
+
+ sid = virtio_iommu_get_bdf(sdev);
+
+- qemu_mutex_lock(&s->mutex);
++ qemu_rec_mutex_lock(&s->mutex);
+
+ if (!s->endpoints) {
+ goto unlock;
+@@ -1050,7 +1050,7 @@ static void virtio_iommu_replay(IOMMUMemoryRegion *mr, IOMMUNotifier *n)
+ g_tree_foreach(ep->domain->mappings, virtio_iommu_remap, mr);
+
+ unlock:
+- qemu_mutex_unlock(&s->mutex);
++ qemu_rec_mutex_unlock(&s->mutex);
+ }
+
+ static int virtio_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu_mr,
+@@ -1169,7 +1169,7 @@ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
+ virtio_add_feature(&s->features, VIRTIO_IOMMU_F_PROBE);
+ virtio_add_feature(&s->features, VIRTIO_IOMMU_F_BYPASS_CONFIG);
+
+- qemu_mutex_init(&s->mutex);
++ qemu_rec_mutex_init(&s->mutex);
+
+ s->as_by_busptr = g_hash_table_new_full(NULL, NULL, NULL, g_free);
+
+@@ -1197,6 +1197,8 @@ static void virtio_iommu_device_unrealize(DeviceState *dev)
+ g_tree_destroy(s->endpoints);
+ }
+
++ qemu_rec_mutex_destroy(&s->mutex);
++
+ virtio_delete_queue(s->req_vq);
+ virtio_delete_queue(s->event_vq);
+ virtio_cleanup(vdev);
+diff --git a/include/hw/virtio/virtio-iommu.h b/include/hw/virtio/virtio-iommu.h
+index 102eeefa73..2ad5ee320b 100644
+--- a/include/hw/virtio/virtio-iommu.h
++++ b/include/hw/virtio/virtio-iommu.h
+@@ -58,7 +58,7 @@ struct VirtIOIOMMU {
+ ReservedRegion *reserved_regions;
+ uint32_t nb_reserved_regions;
+ GTree *domains;
+- QemuMutex mutex;
++ QemuRecMutex mutex;
+ GTree *endpoints;
+ bool boot_bypass;
+ };
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch b/SOURCES/kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch
new file mode 100644
index 0000000..4ae4cc4
--- /dev/null
+++ b/SOURCES/kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch
@@ -0,0 +1,69 @@
+From dffe24d5c1f5a4676e9d2a5bc032effd420b008f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 08/32] virtio-net: Expose MAC_TABLE_ENTRIES
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [8/27] 5c3b96215ddf853cafc594da47f57d7e157db4ee (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 6758c01f054c2a842d41d927d628b09f649d3254
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:27 2022 +0200
+
+ virtio-net: Expose MAC_TABLE_ENTRIES
+
+ vhost-vdpa control virtqueue needs to know the maximum entries supported
+ by the virtio-net device, so we know if it is possible to apply the
+ filter.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/net/virtio-net.c | 1 -
+ include/hw/virtio/virtio-net.h | 3 +++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 633de61513..2a127f0a3b 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -49,7 +49,6 @@
+
+ #define VIRTIO_NET_VM_VERSION 11
+
+-#define MAC_TABLE_ENTRIES 64
+ #define MAX_VLAN (1 << 12) /* Per 802.1Q definition */
+
+ /* previously fixed value */
+diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
+index eb87032627..cce1c554f7 100644
+--- a/include/hw/virtio/virtio-net.h
++++ b/include/hw/virtio/virtio-net.h
+@@ -35,6 +35,9 @@ OBJECT_DECLARE_SIMPLE_TYPE(VirtIONet, VIRTIO_NET)
+ * and latency. */
+ #define TX_BURST 256
+
++/* Maximum VIRTIO_NET_CTRL_MAC_TABLE_SET unicast + multicast entries. */
++#define MAC_TABLE_ENTRIES 64
++
+ typedef struct virtio_net_conf
+ {
+ uint32_t txtimer;
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch b/SOURCES/kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch
new file mode 100644
index 0000000..b4b9012
--- /dev/null
+++ b/SOURCES/kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch
@@ -0,0 +1,169 @@
+From 49e91b34b62f5da147fa2fb80d203dd675c48f64 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 21 Jul 2022 15:38:55 +0200
+Subject: [PATCH 09/32] virtio-net: Expose ctrl virtqueue logic
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eugenio Pérez <eperezma@redhat.com>
+RH-MergeRequest: 108: Net Control Virtqueue shadow Support
+RH-Commit: [9/27] c4ab1e35f4ca728df82a687763c662369282c513 (eperezmartin/qemu-kvm)
+RH-Bugzilla: 1939363
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/1939363
+
+Upstream Status: git://git.qemu.org/qemu.git
+
+commit 640b8a1c588b56349b3307d88459ea1cd86181fb
+Author: Eugenio Pérez <eperezma@redhat.com>
+Date: Wed Jul 20 08:59:28 2022 +0200
+
+ virtio-net: Expose ctrl virtqueue logic
+
+ This allows external vhost-net devices to modify the state of the
+ VirtIO device model once the vhost-vdpa device has acknowledged the
+ control commands.
+
+ Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+ Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+ Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+---
+ hw/net/virtio-net.c | 84 ++++++++++++++++++++--------------
+ include/hw/virtio/virtio-net.h | 4 ++
+ 2 files changed, 53 insertions(+), 35 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 2a127f0a3b..59bedba681 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1433,57 +1433,71 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
+ return VIRTIO_NET_OK;
+ }
+
+-static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
++size_t virtio_net_handle_ctrl_iov(VirtIODevice *vdev,
++ const struct iovec *in_sg, unsigned in_num,
++ const struct iovec *out_sg,
++ unsigned out_num)
+ {
+ VirtIONet *n = VIRTIO_NET(vdev);
+ struct virtio_net_ctrl_hdr ctrl;
+ virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
+- VirtQueueElement *elem;
+ size_t s;
+ struct iovec *iov, *iov2;
+- unsigned int iov_cnt;
++
++ if (iov_size(in_sg, in_num) < sizeof(status) ||
++ iov_size(out_sg, out_num) < sizeof(ctrl)) {
++ virtio_error(vdev, "virtio-net ctrl missing headers");
++ return 0;
++ }
++
++ iov2 = iov = g_memdup2(out_sg, sizeof(struct iovec) * out_num);
++ s = iov_to_buf(iov, out_num, 0, &ctrl, sizeof(ctrl));
++ iov_discard_front(&iov, &out_num, sizeof(ctrl));
++ if (s != sizeof(ctrl)) {
++ status = VIRTIO_NET_ERR;
++ } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
++ status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, out_num);
++ } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
++ status = virtio_net_handle_mac(n, ctrl.cmd, iov, out_num);
++ } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
++ status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, out_num);
++ } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
++ status = virtio_net_handle_announce(n, ctrl.cmd, iov, out_num);
++ } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
++ status = virtio_net_handle_mq(n, ctrl.cmd, iov, out_num);
++ } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
++ status = virtio_net_handle_offloads(n, ctrl.cmd, iov, out_num);
++ }
++
++ s = iov_from_buf(in_sg, in_num, 0, &status, sizeof(status));
++ assert(s == sizeof(status));
++
++ g_free(iov2);
++ return sizeof(status);
++}
++
++static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
++{
++ VirtQueueElement *elem;
+
+ for (;;) {
++ size_t written;
+ elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
+ if (!elem) {
+ break;
+ }
+- if (iov_size(elem->in_sg, elem->in_num) < sizeof(status) ||
+- iov_size(elem->out_sg, elem->out_num) < sizeof(ctrl)) {
+- virtio_error(vdev, "virtio-net ctrl missing headers");
++
++ written = virtio_net_handle_ctrl_iov(vdev, elem->in_sg, elem->in_num,
++ elem->out_sg, elem->out_num);
++ if (written > 0) {
++ virtqueue_push(vq, elem, written);
++ virtio_notify(vdev, vq);
++ g_free(elem);
++ } else {
+ virtqueue_detach_element(vq, elem, 0);
+ g_free(elem);
+ break;
+ }
+-
+- iov_cnt = elem->out_num;
+- iov2 = iov = g_memdup2(elem->out_sg,
+- sizeof(struct iovec) * elem->out_num);
+- s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
+- iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
+- if (s != sizeof(ctrl)) {
+- status = VIRTIO_NET_ERR;
+- } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
+- status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
+- } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
+- status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
+- } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
+- status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
+- } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
+- status = virtio_net_handle_announce(n, ctrl.cmd, iov, iov_cnt);
+- } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
+- status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
+- } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
+- status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
+- }
+-
+- s = iov_from_buf(elem->in_sg, elem->in_num, 0, &status, sizeof(status));
+- assert(s == sizeof(status));
+-
+- virtqueue_push(vq, elem, sizeof(status));
+- virtio_notify(vdev, vq);
+- g_free(iov2);
+- g_free(elem);
+ }
+ }
+
+diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
+index cce1c554f7..ef234ffe7e 100644
+--- a/include/hw/virtio/virtio-net.h
++++ b/include/hw/virtio/virtio-net.h
+@@ -221,6 +221,10 @@ struct VirtIONet {
+ struct EBPFRSSContext ebpf_rss;
+ };
+
++size_t virtio_net_handle_ctrl_iov(VirtIODevice *vdev,
++ const struct iovec *in_sg, unsigned in_num,
++ const struct iovec *out_sg,
++ unsigned out_num);
+ void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
+ const char *type);
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch b/SOURCES/kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch
index d834255..9da7ea7 100644
--- a/SOURCES/kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch
+++ b/SOURCES/kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch
@@ -1,19 +1,19 @@
-From 370df65141aa7ca10c4eaca8e862580e50dead65 Mon Sep 17 00:00:00 2001
+From 316b73277de233c7a9b6917077c00d7012060944 Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:13 -0700
-Subject: [PATCH 2/7] virtio-net: align ctrl_vq index for non-mq guest for
+Subject: [PATCH 09/16] virtio-net: align ctrl_vq index for non-mq guest for
vhost_vdpa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [2/7] bb12ad61fac82935ef1ca6e37da6da2f04e43d51
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [2/7] 7f764bbb579c7b473ad67fc25b46e698d277e781 (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
With MQ enabled vdpa device and non-MQ supporting guest e.g.
booting vdpa with mq=on over OVMF of single vqp, below assert
@@ -73,13 +73,13 @@ Message-Id: <1651890498-24478-3-git-send-email-si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 68b0a6395f36a8f48f56f46d05f30be2067598b0)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/virtio-net.c | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index ec045c3f41..f118379bb4 100644
+index ffb3475201..f0bb29c741 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -14,6 +14,7 @@
@@ -90,7 +90,7 @@ index ec045c3f41..f118379bb4 100644
#include "qemu/main-loop.h"
#include "qemu/module.h"
#include "hw/virtio/virtio.h"
-@@ -3163,8 +3164,22 @@ static NetClientInfo net_virtio_info = {
+@@ -3171,8 +3172,22 @@ static NetClientInfo net_virtio_info = {
static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
{
VirtIONet *n = VIRTIO_NET(vdev);
@@ -114,7 +114,7 @@ index ec045c3f41..f118379bb4 100644
return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
}
-@@ -3172,8 +3187,22 @@ static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
+@@ -3180,8 +3195,22 @@ static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
bool mask)
{
VirtIONet *n = VIRTIO_NET(vdev);
diff --git a/SOURCES/kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch b/SOURCES/kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch
index efc164f..3930cc2 100644
--- a/SOURCES/kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch
+++ b/SOURCES/kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch
@@ -1,19 +1,19 @@
-From 6182990c1327658c417280a557d16191f70c91b7 Mon Sep 17 00:00:00 2001
+From 521a1953bc11ab6823dcbbee773bcf86e926a9e7 Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:18 -0700
-Subject: [PATCH 7/7] virtio-net: don't handle mq request in userspace handler
- for vhost-vdpa
+Subject: [PATCH 14/16] virtio-net: don't handle mq request in userspace
+ handler for vhost-vdpa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [7/7] 2e636b805ab3f365b1f26fbdac7a7d0ade62508d
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [7/7] 9781cab45448ae16a00fbf10cf7995df6b984a0a (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
virtio_queue_host_notifier_read() tends to read pending event
left behind on ioeventfd in the vhost_net_stop() path, and
@@ -68,16 +68,16 @@ Message-Id: <1651890498-24478-8-git-send-email-si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 2a7888cc3aa31faee839fa5dddad354ff8941f4c)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/virtio-net.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f118379bb4..7e172ef829 100644
+index f0bb29c741..099e65036d 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
-@@ -1373,6 +1373,7 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
+@@ -1381,6 +1381,7 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
{
VirtIODevice *vdev = VIRTIO_DEVICE(n);
uint16_t queue_pairs;
@@ -85,7 +85,7 @@ index f118379bb4..7e172ef829 100644
virtio_net_disable_rss(n);
if (cmd == VIRTIO_NET_CTRL_MQ_HASH_CONFIG) {
-@@ -1404,6 +1405,18 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
+@@ -1412,6 +1413,18 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
return VIRTIO_NET_ERR;
}
diff --git a/SOURCES/kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch b/SOURCES/kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch
deleted file mode 100644
index aa52233..0000000
--- a/SOURCES/kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From d1a64781c4f7fa698a359ea078a98029f4f67c1b Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Tue, 8 Mar 2022 10:42:51 +0800
-Subject: [PATCH 2/3] virtio-net: fix map leaking on error during receive
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 178: virtio-net: fix map leaking on error during receive
-RH-Commit: [1/1] afdfa3198fcf815de59915136222f73711efd292 (jmaloy/qemu-kvm)
-RH-Bugzilla: 2075635
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075635
-Upstream: Merged
-CVE: CVE-2022-26353
-
-commit abe300d9d894f7138e1af7c8e9c88c04bfe98b37
-Author: Jason Wang <jasowang@redhat.com>
-Date: Tue Mar 8 10:42:51 2022 +0800
-
- virtio-net: fix map leaking on error during receive
-
- Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
- tries to fix the use after free of the sg by caching the virtqueue
- elements in an array and unmap them at once after receiving the
- packets, But it forgot to unmap the cached elements on error which
- will lead to leaking of mapping and other unexpected results.
-
- Fixing this by detaching the cached elements on error. This addresses
- CVE-2022-26353.
-
- Reported-by: Victor Tom <vv474172261@gmail.com>
- Cc: qemu-stable@nongnu.org
- Fixes: CVE-2022-26353
- Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
- Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
- Signed-off-by: Jason Wang <jasowang@redhat.com>
-
-(cherry picked from commit abe300d9d894f7138e1af7c8e9c88c04bfe98b37)
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- hw/net/virtio-net.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f2014d5ea0..e1f4748831 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1862,6 +1862,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
-
- err:
- for (j = 0; j < i; j++) {
-+ virtqueue_detach_element(q->rx_vq, elems[j], lens[j]);
- g_free(elems[j]);
- }
-
---
-2.31.1
-
diff --git a/SOURCES/kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch b/SOURCES/kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch
index 19307ea..f6072d2 100644
--- a/SOURCES/kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch
+++ b/SOURCES/kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch
@@ -1,19 +1,19 @@
-From b956af02efde25f458205cb5bc2c389409564e3f Mon Sep 17 00:00:00 2001
+From 9e737aba614e94da4458f02d4ff97e95ffffd19f Mon Sep 17 00:00:00 2001
From: Si-Wei Liu <si-wei.liu@oracle.com>
Date: Fri, 6 May 2022 19:28:12 -0700
-Subject: [PATCH 1/7] virtio-net: setup vhost_dev and notifiers for cvq only
+Subject: [PATCH 08/16] virtio-net: setup vhost_dev and notifiers for cvq only
when feature is negotiated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Cindy Lu <lulu@redhat.com>
-RH-MergeRequest: 204: vdpa :sync the Multiqueue fixes for vhost-vDPA
-RH-Commit: [1/7] 4e1e54bbf5d91a590a61e3fee1100716b50837ee
-RH-Bugzilla: 2095795
-RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Author: Jason Wang <jasowang@redhat.com>
+RH-MergeRequest: 98: Multiqueue fixes for vhost-vDPA
+RH-Commit: [1/7] a5c5a2862b2e4d15ef7c09da3e4234fdef37cc66 (jasowang/qemu-kvm-cs)
+RH-Bugzilla: 2070804
RH-Acked-by: Eugenio Pérez <eperezma@redhat.com>
-RH-Acked-by: Jason Wang <jasowang@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+RH-Acked-by: Cindy Lu <lulu@redhat.com>
When the control virtqueue feature is absent or not negotiated,
vhost_net_start() still tries to set up vhost_dev and install
@@ -28,16 +28,16 @@ Message-Id: <1651890498-24478-2-git-send-email-si-wei.liu@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit aa8581945a13712ff3eed0ad3ba7a9664fc1604b)
-Signed-off-by: Cindy Lu <lulu@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/virtio-net.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index e1f4748831..ec045c3f41 100644
+index 1067e72b39..ffb3475201 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
-@@ -244,7 +244,8 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
+@@ -245,7 +245,8 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
VirtIODevice *vdev = VIRTIO_DEVICE(n);
NetClientState *nc = qemu_get_queue(n->nic);
int queue_pairs = n->multiqueue ? n->max_queue_pairs : 1;
diff --git a/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch b/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch
new file mode 100644
index 0000000..897e04c
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch
@@ -0,0 +1,77 @@
+From 975af1b9f1811e113e1babd928ae70f8e4ebefb5 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 09:28:19 +0100
+Subject: [PATCH 13/16] virtio-scsi: clean up virtio_scsi_handle_cmd_vq()
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 88: virtio-scsi: fix 100% CPU consumption with IOThreads
+RH-Commit: [5/6] 27b0225783fa9bbb8fe5ee692bd3f0a888d49d07 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2079347
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+virtio_scsi_handle_cmd_vq() is only called from hw/scsi/virtio-scsi.c
+now and its return value is no longer used. Remove the function
+prototype from virtio-scsi.h and drop the return value.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-6-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit ad482b57ef841b2d4883c5079d20ba44ff5e4b3e)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 5 +----
+ include/hw/virtio/virtio-scsi.h | 1 -
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index a47033d91d..df5ff8bab7 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -685,12 +685,11 @@ static void virtio_scsi_handle_cmd_req_submit(VirtIOSCSI *s, VirtIOSCSIReq *req)
+ scsi_req_unref(sreq);
+ }
+
+-bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq)
++static void virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq)
+ {
+ VirtIOSCSIReq *req, *next;
+ int ret = 0;
+ bool suppress_notifications = virtio_queue_get_notification(vq);
+- bool progress = false;
+
+ QTAILQ_HEAD(, VirtIOSCSIReq) reqs = QTAILQ_HEAD_INITIALIZER(reqs);
+
+@@ -700,7 +699,6 @@ bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq)
+ }
+
+ while ((req = virtio_scsi_pop_req(s, vq))) {
+- progress = true;
+ ret = virtio_scsi_handle_cmd_req_prepare(s, req);
+ if (!ret) {
+ QTAILQ_INSERT_TAIL(&reqs, req, next);
+@@ -725,7 +723,6 @@ bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq)
+ QTAILQ_FOREACH_SAFE(req, &reqs, next, next) {
+ virtio_scsi_handle_cmd_req_submit(s, req);
+ }
+- return progress;
+ }
+
+ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
+diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
+index 44dc3b81ec..2497530064 100644
+--- a/include/hw/virtio/virtio-scsi.h
++++ b/include/hw/virtio/virtio-scsi.h
+@@ -151,7 +151,6 @@ void virtio_scsi_common_realize(DeviceState *dev,
+ Error **errp);
+
+ void virtio_scsi_common_unrealize(DeviceState *dev);
+-bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq);
+ void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
+ void virtio_scsi_free_req(VirtIOSCSIReq *req);
+ void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch b/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch
new file mode 100644
index 0000000..30f012f
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch
@@ -0,0 +1,65 @@
+From c6e16a7a5a18ec2bc4f8a6f5cc1c887e18b16cdf Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 09:28:12 +0100
+Subject: [PATCH 12/16] virtio-scsi: clean up virtio_scsi_handle_ctrl_vq()
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 88: virtio-scsi: fix 100% CPU consumption with IOThreads
+RH-Commit: [4/6] ca3751b7bfad5163c5b1c81b8525936a848d42ea (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2079347
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+virtio_scsi_handle_ctrl_vq() is only called from hw/scsi/virtio-scsi.c
+now and its return value is no longer used. Remove the function
+prototype from virtio-scsi.h and drop the return value.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-5-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 73b3b49f1880f236b4d0ffd7efb00280c05a5fab)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 5 +----
+ include/hw/virtio/virtio-scsi.h | 1 -
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index dd2185b943..a47033d91d 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -460,16 +460,13 @@ static void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s, VirtIOSCSIReq *req)
+ }
+ }
+
+-bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
++static void virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
+ {
+ VirtIOSCSIReq *req;
+- bool progress = false;
+
+ while ((req = virtio_scsi_pop_req(s, vq))) {
+- progress = true;
+ virtio_scsi_handle_ctrl_req(s, req);
+ }
+- return progress;
+ }
+
+ /*
+diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
+index 5957597825..44dc3b81ec 100644
+--- a/include/hw/virtio/virtio-scsi.h
++++ b/include/hw/virtio/virtio-scsi.h
+@@ -152,7 +152,6 @@ void virtio_scsi_common_realize(DeviceState *dev,
+
+ void virtio_scsi_common_unrealize(DeviceState *dev);
+ bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq);
+-bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq);
+ void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
+ void virtio_scsi_free_req(VirtIOSCSIReq *req);
+ void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch b/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch
new file mode 100644
index 0000000..bfdd39b
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch
@@ -0,0 +1,62 @@
+From 019d5a0ca5d13f837a59b9e2815e2fd7ac120807 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 09:28:06 +0100
+Subject: [PATCH 11/16] virtio-scsi: clean up virtio_scsi_handle_event_vq()
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 88: virtio-scsi: fix 100% CPU consumption with IOThreads
+RH-Commit: [3/6] f8dbc4c1991c61e4cf8dea50942c3cd509c9c4bd (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2079347
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+virtio_scsi_handle_event_vq() is only called from hw/scsi/virtio-scsi.c
+now and its return value is no longer used. Remove the function
+prototype from virtio-scsi.h and drop the return value.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-4-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 37ce2de95169dacab3fb53d11bd4509b9c2e3a4c)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 4 +---
+ include/hw/virtio/virtio-scsi.h | 1 -
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 7b69eeed64..dd2185b943 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -856,13 +856,11 @@ void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
+ virtio_scsi_complete_req(req);
+ }
+
+-bool virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq)
++static void virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq)
+ {
+ if (s->events_dropped) {
+ virtio_scsi_push_event(s, NULL, VIRTIO_SCSI_T_NO_EVENT, 0);
+- return true;
+ }
+- return false;
+ }
+
+ static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
+diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
+index 543681bc18..5957597825 100644
+--- a/include/hw/virtio/virtio-scsi.h
++++ b/include/hw/virtio/virtio-scsi.h
+@@ -151,7 +151,6 @@ void virtio_scsi_common_realize(DeviceState *dev,
+ Error **errp);
+
+ void virtio_scsi_common_unrealize(DeviceState *dev);
+-bool virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq);
+ bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq);
+ bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq);
+ void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch b/SOURCES/kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
new file mode 100644
index 0000000..5ba11a2
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
@@ -0,0 +1,103 @@
+From 1b609b2af303fb6498b2ef94ac4f2e900dc8c1b2 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 09:27:45 +0100
+Subject: [PATCH 10/16] virtio-scsi: don't waste CPU polling the event
+ virtqueue
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 88: virtio-scsi: fix 100% CPU consumption with IOThreads
+RH-Commit: [2/6] 7e613d9b9fa8ceb668c78cb3ce7ebe1d73a004b5 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2079347
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+The virtio-scsi event virtqueue is not emptied by its handler function.
+This is typical for rx virtqueues where the device uses buffers when
+some event occurs (e.g. a packet is received, an error condition
+happens, etc).
+
+Polling non-empty virtqueues wastes CPU cycles. We are not waiting for
+new buffers to become available, we are waiting for an event to occur,
+so it's a misuse of CPU resources to poll for buffers.
+
+Introduce the new virtio_queue_aio_attach_host_notifier_no_poll() API,
+which is identical to virtio_queue_aio_attach_host_notifier() except
+that it does not poll the virtqueue.
+
+Before this patch the following command-line consumed 100% CPU in the
+IOThread polling and calling virtio_scsi_handle_event():
+
+ $ qemu-system-x86_64 -M accel=kvm -m 1G -cpu host \
+ --object iothread,id=iothread0 \
+ --device virtio-scsi-pci,iothread=iothread0 \
+ --blockdev file,filename=test.img,aio=native,cache.direct=on,node-name=drive0 \
+ --device scsi-hd,drive=drive0
+
+After this patch CPU is no longer wasted.
+
+Reported-by: Nir Soffer <nsoffer@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Tested-by: Nir Soffer <nsoffer@redhat.com>
+Message-id: 20220427143541.119567-3-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 38738f7dbbda90fbc161757b7f4be35b52205552)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/scsi/virtio-scsi-dataplane.c | 2 +-
+ hw/virtio/virtio.c | 13 +++++++++++++
+ include/hw/virtio/virtio.h | 1 +
+ 3 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/hw/scsi/virtio-scsi-dataplane.c b/hw/scsi/virtio-scsi-dataplane.c
+index 29575cbaf6..8bb6e6acfc 100644
+--- a/hw/scsi/virtio-scsi-dataplane.c
++++ b/hw/scsi/virtio-scsi-dataplane.c
+@@ -138,7 +138,7 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
+
+ aio_context_acquire(s->ctx);
+ virtio_queue_aio_attach_host_notifier(vs->ctrl_vq, s->ctx);
+- virtio_queue_aio_attach_host_notifier(vs->event_vq, s->ctx);
++ virtio_queue_aio_attach_host_notifier_no_poll(vs->event_vq, s->ctx);
+
+ for (i = 0; i < vs->conf.num_queues; i++) {
+ virtio_queue_aio_attach_host_notifier(vs->cmd_vqs[i], s->ctx);
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 9d637e043e..67a873f54a 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3534,6 +3534,19 @@ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ virtio_queue_host_notifier_aio_poll_end);
+ }
+
++/*
++ * Same as virtio_queue_aio_attach_host_notifier() but without polling. Use
++ * this for rx virtqueues and similar cases where the virtqueue handler
++ * function does not pop all elements. When the virtqueue is left non-empty
++ * polling consumes CPU cycles and should not be used.
++ */
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx)
++{
++ aio_set_event_notifier(ctx, &vq->host_notifier, true,
++ virtio_queue_host_notifier_read,
++ NULL, NULL);
++}
++
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ {
+ aio_set_event_notifier(ctx, &vq->host_notifier, true, NULL, NULL, NULL);
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index b31c4507f5..b62a35fdca 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -317,6 +317,7 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
+ void virtio_queue_set_host_notifier_enabled(VirtQueue *vq, bool enabled);
+ void virtio_queue_host_notifier_read(EventNotifier *n);
+ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx);
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx);
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
+ VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
+ VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch b/SOURCES/kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
new file mode 100644
index 0000000..1f22ba0
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
@@ -0,0 +1,119 @@
+From 5aaf33dbbbc89d58a52337985641723b9ee13541 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:36 +0100
+Subject: [PATCH 09/16] virtio-scsi: fix ctrl and event handler functions in
+ dataplane mode
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 88: virtio-scsi: fix 100% CPU consumption with IOThreads
+RH-Commit: [1/6] 3087889041b960f14a6b3893243f78523a78f637 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2079347
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+Commit f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare
+virtio_scsi_handle_cmd for dataplane") prepared the virtio-scsi cmd
+virtqueue handler function to be used in both the dataplane and
+non-datpalane code paths.
+
+It failed to convert the ctrl and event virtqueue handler functions,
+which are not designed to be called from the dataplane code path but
+will be since the ioeventfd is set up for those virtqueues when
+dataplane starts.
+
+Convert the ctrl and event virtqueue handler functions now so they
+operate correctly when called from the dataplane code path. Avoid code
+duplication by extracting this code into a helper function.
+
+Fixes: f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare virtio_scsi_handle_cmd for dataplane")
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-2-stefanha@redhat.com
+[Fixed s/by used/be used/ typo pointed out by Michael Tokarev
+<mjt@tls.msk.ru>.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 2f743ef6366c2df4ef51ef3ae318138cdc0125ab)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 42 +++++++++++++++++++++++++++---------------
+ 1 file changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 7f6da33a8a..7b69eeed64 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -472,16 +472,32 @@ bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
+ return progress;
+ }
+
++/*
++ * If dataplane is configured but not yet started, do so now and return true on
++ * success.
++ *
++ * Dataplane is started by the core virtio code but virtqueue handler functions
++ * can also be invoked when a guest kicks before DRIVER_OK, so this helper
++ * function helps us deal with manually starting ioeventfd in that case.
++ */
++static bool virtio_scsi_defer_to_dataplane(VirtIOSCSI *s)
++{
++ if (!s->ctx || s->dataplane_started) {
++ return false;
++ }
++
++ virtio_device_start_ioeventfd(&s->parent_obj.parent_obj);
++ return !s->dataplane_fenced;
++}
++
+ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ {
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+
+- if (s->ctx) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_ctrl_vq(s, vq);
+ virtio_scsi_release(s);
+@@ -720,12 +736,10 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
+ /* use non-QOM casts in the data path */
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+
+- if (s->ctx && !s->dataplane_started) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_cmd_vq(s, vq);
+ virtio_scsi_release(s);
+@@ -855,12 +869,10 @@ static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
+ {
+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+
+- if (s->ctx) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_event_vq(s, vq);
+ virtio_scsi_release(s);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch b/SOURCES/kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch
new file mode 100644
index 0000000..8f1fb3e
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch
@@ -0,0 +1,117 @@
+From cbcab5ed1686fddeb2c6adb3a3f6ed0678a36e71 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Mon, 8 Aug 2022 12:21:34 -0400
+Subject: [PATCH 23/23] virtio-scsi: fix race in virtio_scsi_dataplane_start()
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 211: virtio-scsi: fix race in virtio_scsi_dataplane_start() (RHEL src-git)
+RH-Commit: [1/1] 2d4964d8863e259326a73fb918fa2f5f63b4a60a
+RH-Bugzilla: 2099541
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+
+As soon as virtio_scsi_data_plane_start() attaches host notifiers the
+IOThread may start virtqueue processing. There is a race between
+IOThread virtqueue processing and virtio_scsi_data_plane_start() because
+it only assigns s->dataplane_started after attaching host notifiers.
+
+When a virtqueue handler function in the IOThread calls
+virtio_scsi_defer_to_dataplane() it may see !s->dataplane_started and
+attempt to start dataplane even though we're already in the IOThread:
+
+ #0 0x00007f67b360857c __pthread_kill_implementation (libc.so.6 + 0xa257c)
+ #1 0x00007f67b35bbd56 raise (libc.so.6 + 0x55d56)
+ #2 0x00007f67b358e833 abort (libc.so.6 + 0x28833)
+ #3 0x00007f67b358e75b __assert_fail_base.cold (libc.so.6 + 0x2875b)
+ #4 0x00007f67b35b4cd6 __assert_fail (libc.so.6 + 0x4ecd6)
+ #5 0x000055ca87fd411b memory_region_transaction_commit (qemu-kvm + 0x67511b)
+ #6 0x000055ca87e17811 virtio_pci_ioeventfd_assign (qemu-kvm + 0x4b8811)
+ #7 0x000055ca87e14836 virtio_bus_set_host_notifier (qemu-kvm + 0x4b5836)
+ #8 0x000055ca87f8e14e virtio_scsi_set_host_notifier (qemu-kvm + 0x62f14e)
+ #9 0x000055ca87f8dd62 virtio_scsi_dataplane_start (qemu-kvm + 0x62ed62)
+ #10 0x000055ca87e14610 virtio_bus_start_ioeventfd (qemu-kvm + 0x4b5610)
+ #11 0x000055ca87f8c29a virtio_scsi_handle_ctrl (qemu-kvm + 0x62d29a)
+ #12 0x000055ca87fa5902 virtio_queue_host_notifier_read (qemu-kvm + 0x646902)
+ #13 0x000055ca882c099e aio_dispatch_handler (qemu-kvm + 0x96199e)
+ #14 0x000055ca882c1761 aio_poll (qemu-kvm + 0x962761)
+ #15 0x000055ca880e1052 iothread_run (qemu-kvm + 0x782052)
+ #16 0x000055ca882c562a qemu_thread_start (qemu-kvm + 0x96662a)
+
+This patch assigns s->dataplane_started before attaching host notifiers
+so that virtqueue handler functions that run in the IOThread before
+virtio_scsi_data_plane_start() returns correctly identify that dataplane
+does not need to be started. This fix is taken from the virtio-blk
+dataplane code and it's worth adding a comment in virtio-blk as well to
+explain why it works.
+
+Note that s->dataplane_started does not need the AioContext lock because
+it is set before attaching host notifiers and cleared after detaching
+host notifiers. In other words, the IOThread always sees the value true
+and the main loop thread does not modify it while the IOThread is
+active.
+
+Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2099541
+Reported-by: Qing Wang <qinwang@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220808162134.240405-1-stefanha@redhat.com>
+Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 9a4b6a63aee885931622549c85669dcca03bed39)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ hw/block/dataplane/virtio-blk.c | 5 +++++
+ hw/scsi/virtio-scsi-dataplane.c | 11 ++++++++---
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
+index 49276e46f2..26f965cabc 100644
+--- a/hw/block/dataplane/virtio-blk.c
++++ b/hw/block/dataplane/virtio-blk.c
+@@ -219,6 +219,11 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
+
+ memory_region_transaction_commit();
+
++ /*
++ * These fields are visible to the IOThread so we rely on implicit barriers
++ * in aio_context_acquire() on the write side and aio_notify_accept() on
++ * the read side.
++ */
+ s->starting = false;
+ vblk->dataplane_started = true;
+ trace_virtio_blk_data_plane_start(s);
+diff --git a/hw/scsi/virtio-scsi-dataplane.c b/hw/scsi/virtio-scsi-dataplane.c
+index 8bb6e6acfc..20bb91766e 100644
+--- a/hw/scsi/virtio-scsi-dataplane.c
++++ b/hw/scsi/virtio-scsi-dataplane.c
+@@ -136,6 +136,14 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
+
+ memory_region_transaction_commit();
+
++ /*
++ * These fields are visible to the IOThread so we rely on implicit barriers
++ * in aio_context_acquire() on the write side and aio_notify_accept() on
++ * the read side.
++ */
++ s->dataplane_starting = false;
++ s->dataplane_started = true;
++
+ aio_context_acquire(s->ctx);
+ virtio_queue_aio_attach_host_notifier(vs->ctrl_vq, s->ctx);
+ virtio_queue_aio_attach_host_notifier_no_poll(vs->event_vq, s->ctx);
+@@ -143,9 +151,6 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
+ for (i = 0; i < vs->conf.num_queues; i++) {
+ virtio_queue_aio_attach_host_notifier(vs->cmd_vqs[i], s->ctx);
+ }
+-
+- s->dataplane_starting = false;
+- s->dataplane_started = true;
+ aio_context_release(s->ctx);
+ return 0;
+
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch b/SOURCES/kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch
new file mode 100644
index 0000000..8487f5c
--- /dev/null
+++ b/SOURCES/kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch
@@ -0,0 +1,168 @@
+From 6603f216dbc07a1d221b1665409cfec6cc9960e2 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Tue, 17 May 2022 09:28:26 +0100
+Subject: [PATCH 14/16] virtio-scsi: move request-related items from .h to .c
+
+RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
+RH-MergeRequest: 88: virtio-scsi: fix 100% CPU consumption with IOThreads
+RH-Commit: [6/6] ecdf5289abd04062c85c5ed8e577a5249684a3b0 (stefanha/centos-stream-qemu-kvm)
+RH-Bugzilla: 2079347
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+There is no longer a need to expose the request and related APIs in
+virtio-scsi.h since there are no callers outside virtio-scsi.c.
+
+Note the block comment in VirtIOSCSIReq has been adjusted to meet the
+coding style.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-7-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 3dc584abeef0e1277c2de8c1c1974cb49444eb0a)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/scsi/virtio-scsi.c | 45 ++++++++++++++++++++++++++++++---
+ include/hw/virtio/virtio-scsi.h | 40 -----------------------------
+ 2 files changed, 41 insertions(+), 44 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index df5ff8bab7..2450c9438c 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -29,6 +29,43 @@
+ #include "hw/virtio/virtio-access.h"
+ #include "trace.h"
+
++typedef struct VirtIOSCSIReq {
++ /*
++ * Note:
++ * - fields up to resp_iov are initialized by virtio_scsi_init_req;
++ * - fields starting at vring are zeroed by virtio_scsi_init_req.
++ */
++ VirtQueueElement elem;
++
++ VirtIOSCSI *dev;
++ VirtQueue *vq;
++ QEMUSGList qsgl;
++ QEMUIOVector resp_iov;
++
++ union {
++ /* Used for two-stage request submission */
++ QTAILQ_ENTRY(VirtIOSCSIReq) next;
++
++ /* Used for cancellation of request during TMFs */
++ int remaining;
++ };
++
++ SCSIRequest *sreq;
++ size_t resp_size;
++ enum SCSIXferMode mode;
++ union {
++ VirtIOSCSICmdResp cmd;
++ VirtIOSCSICtrlTMFResp tmf;
++ VirtIOSCSICtrlANResp an;
++ VirtIOSCSIEvent event;
++ } resp;
++ union {
++ VirtIOSCSICmdReq cmd;
++ VirtIOSCSICtrlTMFReq tmf;
++ VirtIOSCSICtrlANReq an;
++ } req;
++} VirtIOSCSIReq;
++
+ static inline int virtio_scsi_get_lun(uint8_t *lun)
+ {
+ return ((lun[2] << 8) | lun[3]) & 0x3FFF;
+@@ -45,7 +82,7 @@ static inline SCSIDevice *virtio_scsi_device_get(VirtIOSCSI *s, uint8_t *lun)
+ return scsi_device_get(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
+ }
+
+-void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req)
++static void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req)
+ {
+ VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ const size_t zero_skip =
+@@ -58,7 +95,7 @@ void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req)
+ memset((uint8_t *)req + zero_skip, 0, sizeof(*req) - zero_skip);
+ }
+
+-void virtio_scsi_free_req(VirtIOSCSIReq *req)
++static void virtio_scsi_free_req(VirtIOSCSIReq *req)
+ {
+ qemu_iovec_destroy(&req->resp_iov);
+ qemu_sglist_destroy(&req->qsgl);
+@@ -801,8 +838,8 @@ static void virtio_scsi_reset(VirtIODevice *vdev)
+ s->events_dropped = false;
+ }
+
+-void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
+- uint32_t event, uint32_t reason)
++static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
++ uint32_t event, uint32_t reason)
+ {
+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
+ VirtIOSCSIReq *req;
+diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
+index 2497530064..abdda2cbd0 100644
+--- a/include/hw/virtio/virtio-scsi.h
++++ b/include/hw/virtio/virtio-scsi.h
+@@ -94,42 +94,6 @@ struct VirtIOSCSI {
+ uint32_t host_features;
+ };
+
+-typedef struct VirtIOSCSIReq {
+- /* Note:
+- * - fields up to resp_iov are initialized by virtio_scsi_init_req;
+- * - fields starting at vring are zeroed by virtio_scsi_init_req.
+- * */
+- VirtQueueElement elem;
+-
+- VirtIOSCSI *dev;
+- VirtQueue *vq;
+- QEMUSGList qsgl;
+- QEMUIOVector resp_iov;
+-
+- union {
+- /* Used for two-stage request submission */
+- QTAILQ_ENTRY(VirtIOSCSIReq) next;
+-
+- /* Used for cancellation of request during TMFs */
+- int remaining;
+- };
+-
+- SCSIRequest *sreq;
+- size_t resp_size;
+- enum SCSIXferMode mode;
+- union {
+- VirtIOSCSICmdResp cmd;
+- VirtIOSCSICtrlTMFResp tmf;
+- VirtIOSCSICtrlANResp an;
+- VirtIOSCSIEvent event;
+- } resp;
+- union {
+- VirtIOSCSICmdReq cmd;
+- VirtIOSCSICtrlTMFReq tmf;
+- VirtIOSCSICtrlANReq an;
+- } req;
+-} VirtIOSCSIReq;
+-
+ static inline void virtio_scsi_acquire(VirtIOSCSI *s)
+ {
+ if (s->ctx) {
+@@ -151,10 +115,6 @@ void virtio_scsi_common_realize(DeviceState *dev,
+ Error **errp);
+
+ void virtio_scsi_common_unrealize(DeviceState *dev);
+-void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
+-void virtio_scsi_free_req(VirtIOSCSIReq *req);
+-void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
+- uint32_t event, uint32_t reason);
+
+ void virtio_scsi_dataplane_setup(VirtIOSCSI *s, Error **errp);
+ int virtio_scsi_dataplane_start(VirtIODevice *s);
+--
+2.31.1
+
diff --git a/SOURCES/kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch b/SOURCES/kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch
deleted file mode 100644
index 539b8fe..0000000
--- a/SOURCES/kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 846192d22a1ddfa87682bb0b67febef5c30c9743 Mon Sep 17 00:00:00 2001
-From: Vivek Goyal <vgoyal@redhat.com>
-Date: Tue, 25 Jan 2022 13:51:14 -0500
-Subject: [PATCH 3/5] virtiofsd: Drop membership of all supplementary groups
- (CVE-2022-0358)
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 66: c9s: virtiofsd security fix - drop secondary groups
-RH-Commit: [1/1] cdf3b0405ea3369933e76761890f16b040641036 (redhat/centos-stream/src/qemu-kvm)
-RH-Bugzilla: 2046201
-RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
-RH-Acked-by: Sergio Lopez <None>
-RH-Acked-by: Vivek Goyal <None>
-
-At the start, drop membership of all supplementary groups. This is
-not required.
-
-If we have membership of "root" supplementary group and when we switch
-uid/gid using setresuid/setsgid, we still retain membership of existing
-supplemntary groups. And that can allow some operations which are not
-normally allowed.
-
-For example, if root in guest creates a dir as follows.
-
-$ mkdir -m 03777 test_dir
-
-This sets SGID on dir as well as allows unprivileged users to write into
-this dir.
-
-And now as unprivileged user open file as follows.
-
-$ su test
-$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);
-
-This will create SGID set executable in test_dir/.
-
-And that's a problem because now an unpriviliged user can execute it,
-get egid=0 and get access to resources owned by "root" group. This is
-privilege escalation.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
-Fixes: CVE-2022-0358
-Reported-by: JIETAO XIAO <shawtao1125@gmail.com>
-Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
-Message-Id: <YfBGoriS38eBQrAb@redhat.com>
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
- dgilbert: Fixed missing {}'s style nit
-(cherry picked from commit 449e8171f96a6a944d1f3b7d3627ae059eae21ca)
----
- tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++
- 1 file changed, 27 insertions(+)
-
-diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
-index 64b5b4fbb1..b3d0674f6d 100644
---- a/tools/virtiofsd/passthrough_ll.c
-+++ b/tools/virtiofsd/passthrough_ll.c
-@@ -54,6 +54,7 @@
- #include <sys/wait.h>
- #include <sys/xattr.h>
- #include <syslog.h>
-+#include <grp.h>
-
- #include "qemu/cutils.h"
- #include "passthrough_helpers.h"
-@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
- #define OURSYS_setresuid SYS_setresuid
- #endif
-
-+static void drop_supplementary_groups(void)
-+{
-+ int ret;
-+
-+ ret = getgroups(0, NULL);
-+ if (ret == -1) {
-+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n",
-+ errno, strerror(errno));
-+ exit(1);
-+ }
-+
-+ if (!ret) {
-+ return;
-+ }
-+
-+ /* Drop all supplementary groups. We should not need it */
-+ ret = setgroups(0, NULL);
-+ if (ret == -1) {
-+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n",
-+ errno, strerror(errno));
-+ exit(1);
-+ }
-+}
-+
- /*
- * Change to uid/gid of caller so that file is created with
- * ownership of caller.
-@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[])
-
- qemu_init_exec_dir(argv[0]);
-
-+ drop_supplementary_groups();
-+
- pthread_mutex_init(&lo.mutex, NULL);
- lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
- lo.root.fd = -1;
---
-2.27.0
-
diff --git a/SOURCES/kvm-vmxcap-Add-5-level-EPT-bit.patch b/SOURCES/kvm-vmxcap-Add-5-level-EPT-bit.patch
deleted file mode 100644
index 0701cc0..0000000
--- a/SOURCES/kvm-vmxcap-Add-5-level-EPT-bit.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 5d8e4aefe49d4ea5237efc8132e44183b99ebabc Mon Sep 17 00:00:00 2001
-From: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Wed, 16 Mar 2022 09:35:23 +0100
-Subject: [PATCH 03/14] vmxcap: Add 5-level EPT bit
-
-RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-MergeRequest: 126: i386: Add Icelake-Server-v6 CPU model with 5-level EPT support
-RH-Commit: [1/2] 3f74e192278b8886de5dbeaf607521e9d3b744eb
-RH-Bugzilla: 2038051
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2038051
-Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43862630
-
-commit d312378e59658473aa91aa15c67ec6200d92e5ff
-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
-Date: Mon Feb 21 15:53:16 2022 +0100
-
- vmxcap: Add 5-level EPT bit
-
- 5-level EPT is present in Icelake Server CPUs and is supported by QEMU
- ('vmx-page-walk-5').
-
- Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
- Message-Id: <20220221145316.576138-2-vkuznets@redhat.com>
- Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
-Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
----
- scripts/kvm/vmxcap | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap
-index 6fe66d5f57..f140040104 100755
---- a/scripts/kvm/vmxcap
-+++ b/scripts/kvm/vmxcap
-@@ -249,6 +249,7 @@ controls = [
- bits = {
- 0: 'Execute-only EPT translations',
- 6: 'Page-walk length 4',
-+ 7: 'Page-walk length 5',
- 8: 'Paging-structure memory type UC',
- 14: 'Paging-structure memory type WB',
- 16: '2MB EPT pages',
---
-2.31.1
-
diff --git a/SOURCES/kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch b/SOURCES/kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch
deleted file mode 100644
index eb3273c..0000000
--- a/SOURCES/kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 1b8eeb1323fa21c7b26d0396fae5ae4a8cdb1ace Mon Sep 17 00:00:00 2001
-From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Date: Tue, 11 Jan 2022 18:29:31 +0000
-Subject: [PATCH 1/3] x86: Add q35 RHEL 8.6.0 machine type
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 61: x86: Add rhel 8.6.0 & 9.0.0 machine types
-RH-Commit: [1/2] 189335cf0e4ad117e3e401f23aa07cddbbac50df (dagrh/c-9-s-qemu-kvm)
-RH-Bugzilla: 1945666
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Add the new 8.6.0 machine type; note that while the -AV
-notation has gone in the product naming, just keep the smbios
-definitions the same for consistency.
-
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
----
- hw/i386/pc_q35.c | 21 ++++++++++++++++++++-
- 1 file changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 3b748ddd7b..0c25305f15 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -646,6 +646,24 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
- compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
- }
-
-+static void pc_q35_init_rhel860(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel860_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel_options(m);
-+ m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)";
-+ pcmc->smbios_stream_product = "RHEL-AV";
-+ pcmc->smbios_stream_version = "8.6.0";
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel860, "pc-q35-rhel8.6.0", pc_q35_init_rhel860,
-+ pc_q35_machine_rhel860_options);
-+
-+
- static void pc_q35_init_rhel850(MachineState *machine)
- {
- pc_q35_init(machine);
-@@ -654,8 +672,9 @@ static void pc_q35_init_rhel850(MachineState *machine)
- static void pc_q35_machine_rhel850_options(MachineClass *m)
- {
- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-- pc_q35_machine_rhel_options(m);
-+ pc_q35_machine_rhel860_options(m);
- m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
-+ m->alias = NULL;
- pcmc->smbios_stream_product = "RHEL-AV";
- pcmc->smbios_stream_version = "8.5.0";
- compat_props_add(m->compat_props, hw_compat_rhel_8_5,
---
-2.27.0
-
diff --git a/SOURCES/kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch b/SOURCES/kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch
deleted file mode 100644
index 4367495..0000000
--- a/SOURCES/kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 3d5024fb9c904a649d07f0def3a90b3d36611215 Mon Sep 17 00:00:00 2001
-From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Date: Wed, 12 Jan 2022 13:21:57 +0000
-Subject: [PATCH 2/3] x86: Add q35 RHEL 9.0.0 machine type
-
-RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-MergeRequest: 61: x86: Add rhel 8.6.0 & 9.0.0 machine types
-RH-Commit: [2/2] 743378502459b978efd632271f97ddb824422203 (dagrh/c-9-s-qemu-kvm)
-RH-Bugzilla: 1945666
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
-RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
-
-Add a rhel-9.0.0 q35 machine type; it's currently identical to 8.6.0;
-but having a separate machine type will make life easier in the future
-when the 8.x types go away.
-
-Note: The smbios stream product name has now changed to 'RHEL'
-
-bz: https://bugzilla.redhat.com/show_bug.cgi?id=1945666
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
----
- hw/i386/pc_q35.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 0c25305f15..bf9ad32f0e 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -646,6 +646,23 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
- compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
- }
-
-+static void pc_q35_init_rhel900(MachineState *machine)
-+{
-+ pc_q35_init(machine);
-+}
-+
-+static void pc_q35_machine_rhel900_options(MachineClass *m)
-+{
-+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-+ pc_q35_machine_rhel_options(m);
-+ m->desc = "RHEL-9.0.0 PC (Q35 + ICH9, 2009)";
-+ pcmc->smbios_stream_product = "RHEL";
-+ pcmc->smbios_stream_version = "9.0.0";
-+}
-+
-+DEFINE_PC_MACHINE(q35_rhel900, "pc-q35-rhel9.0.0", pc_q35_init_rhel900,
-+ pc_q35_machine_rhel900_options);
-+
- static void pc_q35_init_rhel860(MachineState *machine)
- {
- pc_q35_init(machine);
-@@ -654,8 +671,9 @@ static void pc_q35_init_rhel860(MachineState *machine)
- static void pc_q35_machine_rhel860_options(MachineClass *m)
- {
- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-- pc_q35_machine_rhel_options(m);
-+ pc_q35_machine_rhel900_options(m);
- m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)";
-+ m->alias = NULL;
- pcmc->smbios_stream_product = "RHEL-AV";
- pcmc->smbios_stream_version = "8.6.0";
- }
-@@ -674,7 +692,6 @@ static void pc_q35_machine_rhel850_options(MachineClass *m)
- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
- pc_q35_machine_rhel860_options(m);
- m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
-- m->alias = NULL;
- pcmc->smbios_stream_product = "RHEL-AV";
- pcmc->smbios_stream_version = "8.5.0";
- compat_props_add(m->compat_props, hw_compat_rhel_8_5,
---
-2.27.0
-
diff --git a/SOURCES/tests_data_acpi_pc_SSDT.dimmpxm b/SOURCES/tests_data_acpi_pc_SSDT.dimmpxm
deleted file mode 100644
index ac55387..0000000
Binary files a/SOURCES/tests_data_acpi_pc_SSDT.dimmpxm and /dev/null differ
diff --git a/SOURCES/tests_data_acpi_q35_FACP.slic b/SOURCES/tests_data_acpi_q35_FACP.slic
deleted file mode 100644
index 15986e0..0000000
Binary files a/SOURCES/tests_data_acpi_q35_FACP.slic and /dev/null differ
diff --git a/SOURCES/tests_data_acpi_q35_SSDT.dimmpxm b/SOURCES/tests_data_acpi_q35_SSDT.dimmpxm
deleted file mode 100644
index 98e6f0e..0000000
Binary files a/SOURCES/tests_data_acpi_q35_SSDT.dimmpxm and /dev/null differ
diff --git a/SOURCES/tests_data_acpi_virt_SSDT.memhp b/SOURCES/tests_data_acpi_virt_SSDT.memhp
deleted file mode 100644
index 375d7b6..0000000
Binary files a/SOURCES/tests_data_acpi_virt_SSDT.memhp and /dev/null differ
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 54ac6fa..6ee557d 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -101,7 +101,7 @@
%global target_list %{kvm_target}-softmmu
%global block_drivers_rw_list qcow2,raw,file,host_device,nbd,iscsi,rbd,blkdebug,luks,null-co,nvme,copy-on-read,throttle,compress
-%global block_drivers_ro_list vdi,vmdk,vhdx,vpc,https,ssh
+%global block_drivers_ro_list vdi,vmdk,vhdx,vpc,https
%define qemudocdir %{_docdir}/%{name}
%global firmwaredirs "%{_datadir}/qemu-firmware:%{_datadir}/ipxe/qemu:%{_datadir}/seavgabios:%{_datadir}/seabios"
@@ -150,8 +150,8 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
-Version: 6.2.0
-Release: 11%{?rcrel}%{?dist}%{?cc_suffix}.5
+Version: 7.0.0
+Release: 13%{?rcrel}%{?dist}%{?cc_suffix}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
# Epoch 15 used for RHEL 8
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -174,176 +174,326 @@ Source28: 95-kvm-memlock.conf
Source30: kvm-s390x.conf
Source31: kvm-x86.conf
Source36: README.tests
-Source37: tests_data_acpi_pc_SSDT.dimmpxm
-Source38: tests_data_acpi_q35_FACP.slic
-Source39: tests_data_acpi_q35_SSDT.dimmpxm
-Source40: tests_data_acpi_virt_SSDT.memhp
-
-
-Patch0001: 0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch
-Patch0005: 0005-Initial-redhat-build.patch
-Patch0006: 0006-Enable-disable-devices-for-RHEL.patch
-Patch0007: 0007-Machine-type-related-general-changes.patch
-Patch0008: 0008-Add-aarch64-machine-types.patch
-Patch0009: 0009-Add-ppc64-machine-types.patch
-Patch0010: 0010-Add-s390x-machine-types.patch
-Patch0011: 0011-Add-x86_64-machine-types.patch
-Patch0012: 0012-Enable-make-check.patch
-Patch0013: 0013-vfio-cap-number-of-devices-that-can-be-assigned.patch
-Patch0014: 0014-Add-support-statement-to-help-output.patch
-Patch0015: 0015-globally-limit-the-maximum-number-of-CPUs.patch
-Patch0016: 0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
-Patch0017: 0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
-Patch0018: 0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
-Patch0019: 0019-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
-Patch0020: 0020-Fix-virtio-net-pci-vectors-compat.patch
-Patch0021: 0021-x86-rhel-machine-types-Add-pc_rhel_8_5_compat.patch
-Patch0022: 0022-x86-rhel-machine-types-Wire-compat-into-q35-and-i440.patch
-Patch0023: 0023-redhat-virt-rhel8.5.0-Update-machine-type-compatibil.patch
-Patch0024: 0024-redhat-Add-s390x-machine-type-compatibility-handling.patch
-Patch0025: 0025-compat-Update-hw_compat_rhel_8_5-with-6.2.0-RC2-chan.patch
-# For bz#2008060 - Fix CPU Model for new IBM Z Hardware - qemu part
-Patch26: kvm-redhat-Add-rhel8.6.0-and-rhel9.0.0-machine-types-for.patch
-# For bz#2014484 - [RHEL9] Enable virtio-mem as tech-preview on x86-64 - QEMU
-Patch27: kvm-redhat-Enable-virtio-mem-as-tech-preview-on-x86-64.patch
-# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
-Patch28: kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch
-# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
-Patch29: kvm-hw-arm-virt-Register-its-as-a-class-property.patch
-# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
-Patch30: kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch
-# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
-Patch31: kvm-hw-arm-virt-Expose-the-RAS-option.patch
-# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
-Patch32: kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch
-# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
-Patch33: kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch
-# For bz#2024544 - Fio workers hangs when running fio with 32 jobs iodepth 32 and QEMU's userspace NVMe driver
-Patch34: kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch
-# For bz#2028623 - [9.0] machine types: 6.2: Fix prefer_sockets
-Patch35: kvm-rhel-machine-types-x86-set-prefer_sockets.patch
-# For bz#1945666 - 9.0: x86 machine types
-Patch36: kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch
-# For bz#1945666 - 9.0: x86 machine types
-Patch37: kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch
-# For bz#2036669 - DEVICE_DELETED event is not delivered for device frontend if -device is configured via JSON
-Patch38: kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch
-# For bz#1962088 - [QSD] wrong help message for the fuse
-Patch39: kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch
-# For bz#1962088 - [QSD] wrong help message for the fuse
-Patch40: kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch
-# For bz#2046201 - CVE-2022-0358 qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-9.0]
-Patch41: kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch
-# For bz#2034791 - Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD
-Patch42: kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch
-# For bz#2034791 - Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD
-Patch43: kvm-block-rbd-workaround-for-ceph-issue-53784.patch
-# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
-Patch44: kvm-numa-Enable-numa-for-SGX-EPC-sections.patch
-# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
-Patch45: kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch
-# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
-Patch46: kvm-doc-Add-the-SGX-numa-description.patch
-# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
-Patch47: kvm-Enable-SGX-RH-Only.patch
-# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
-Patch48: kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch
-# For bz#2041461 - Inconsistent block status reply in qemu-nbd
-Patch49: kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch
-# For bz#2041461 - Inconsistent block status reply in qemu-nbd
-Patch50: kvm-iotests-block-status-cache-New-test.patch
-# For bz#1882917 - the target image size is incorrect when converting a badly fragmented file
-Patch51: kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch
-# For bz#1882917 - the target image size is incorrect when converting a badly fragmented file
-Patch52: kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch
-# For bz#2040123 - Qemu core dumped when do block-stream to a snapshot node on non-enough space storage
-Patch53: kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch
-# For bz#2040123 - Qemu core dumped when do block-stream to a snapshot node on non-enough space storage
-Patch54: kvm-iotests-stream-error-on-reset-New-test.patch
-# For bz#2042481 - [aarch64] Launch guest with "default-bus-bypass-iommu=off,iommu=smmuv3" and "iommu_platform=on", guest hangs after system_reset
-Patch55: kvm-hw-arm-smmuv3-Fix-device-reset.patch
-# For bz#2046659 - qemu crash after execute blockdev-reopen with iothread
-Patch56: kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch
-# For bz#2046659 - qemu crash after execute blockdev-reopen with iothread
-Patch57: kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch
-# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
-Patch58: kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch
-# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
-Patch59: kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch
-# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
-Patch60: kvm-iotests.py-Add-QemuStorageDaemon-class.patch
-# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
-Patch61: kvm-iotests-281-Test-lingering-timers.patch
-# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
-Patch62: kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch
-# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
-Patch63: kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch
-# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM
-Patch64: kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch
-# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM
-Patch65: kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch
-# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM
-Patch66: kvm-ui-clipboard-fix-use-after-free-regression.patch
-# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM
-Patch67: kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch
-# For bz#2044818 - Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused
-Patch68: kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
-# For bz#2044818 - Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused
-Patch69: kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch
-# For bz#2052050 - Mark all RHEL-8 and earlier machine types as deprecated
-Patch70: kvm-RHEL-mark-old-machine-types-as-deprecated.patch
-# For bz#2059786 - [virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device
-Patch71: kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch
-# For bz#2053584 - watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843]
-Patch72: kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch
-# For bz#2053584 - watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843]
-Patch73: kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch
-# For bz#2038051 - Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04'
-Patch74: kvm-vmxcap-Add-5-level-EPT-bit.patch
-# For bz#2038051 - Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04'
-Patch75: kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch76: kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch77: kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch78: kvm-tests-acpi-add-SLIC-table-test.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch79: kvm-tests-acpi-SLIC-update-expected-blobs.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch80: kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch81: kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch82: kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch83: kvm-tests-acpi-update-expected-blobs.patch
-# For bz#2043531 - Guest can not start with SLIC acpi table
-Patch84: kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch
-# For bz#2071102 - RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.0.0.z]
-Patch85: kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch
-# For bz#2075635 - CVE-2022-26353 qemu-kvm: QEMU: virtio-net: map leaking on error during receive [rhel-9] [rhel-9.0.0.z]
-Patch86: kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch
-# For bz#2075640 - CVE-2022-26354 qemu-kvm: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak [rhel-9] [rhel-9.0.0.z]
-Patch87: kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch88: kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch89: kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch90: kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch91: kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch92: kvm-vhost-vdpa-backend-feature-should-set-only-once.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch93: kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch
-# For bz#2095795 - PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z]
-Patch94: kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch
-# For bz#2109569 - Stalled IO Operations in VM [rhel-9.0.0.z]
-Patch95: kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
-# For bz#2109569 - Stalled IO Operations in VM [rhel-9.0.0.z]
-Patch96: kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch
+
+
+Patch0004: 0004-Initial-redhat-build.patch
+Patch0005: 0005-Enable-disable-devices-for-RHEL.patch
+Patch0006: 0006-Machine-type-related-general-changes.patch
+Patch0007: 0007-Add-aarch64-machine-types.patch
+Patch0008: 0008-Add-ppc64-machine-types.patch
+Patch0009: 0009-Add-s390x-machine-types.patch
+Patch0010: 0010-Add-x86_64-machine-types.patch
+Patch0011: 0011-Enable-make-check.patch
+Patch0012: 0012-vfio-cap-number-of-devices-that-can-be-assigned.patch
+Patch0013: 0013-Add-support-statement-to-help-output.patch
+Patch0014: 0014-globally-limit-the-maximum-number-of-CPUs.patch
+Patch0015: 0015-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
+Patch0016: 0016-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
+Patch0017: 0017-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
+Patch0018: 0018-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch
+Patch0019: 0019-WRB-Introduce-RHEL-9.0.0-hw-compat-structure.patch
+Patch0020: 0020-redhat-Update-s390x-machine-type-compatibility-for-r.patch
+Patch0021: 0021-pc-Move-s3-s4-suspend-disabling-to-compat.patch
+# For bz#2044162 - [RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU
+Patch22: kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch
+# For bz#2081022 - Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes
+Patch23: kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch
+# For bz#2046029 - [WRB] New machine type property - dtb-kaslr-seed
+Patch24: kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch
+# For bz#2046029 - [WRB] New machine type property - dtb-kaslr-seed
+Patch25: kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch
+# For bz#1477099 - virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)
+Patch26: kvm-Enable-virtio-iommu-pci-on-aarch64.patch
+# For bz#2037612 - [Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region
+Patch27: kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch
+# For bz#2037612 - [Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region
+Patch28: kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch
+# For bz#2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
+Patch29: kvm-qapi-machine.json-Add-cluster-id.patch
+# For bz#2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
+Patch30: kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch
+# For bz#2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
+Patch31: kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch
+# For bz#2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
+Patch32: kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch
+# For bz#2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
+Patch33: kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch
+# For bz#2041823 - [aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken'
+Patch34: kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch
+# For bz#2079938 - qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory
+Patch35: kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
+# For bz#2079938 - qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory
+Patch36: kvm-coroutine-Revert-to-constant-batch-size.patch
+# For bz#2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
+Patch37: kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
+# For bz#2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
+Patch38: kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
+# For bz#2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
+Patch39: kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch
+# For bz#2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
+Patch40: kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch
+# For bz#2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
+Patch41: kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch
+# For bz#2079347 - Guest boot blocked when scsi disks using same iothread and 100% CPU consumption
+Patch42: kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch
+# For bz#1995710 - RFE: Allow virtio-scsi CD-ROM media change with IOThreads
+Patch43: kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch
+# For bz#2064530 - Rebuild qemu-kvm with clang-14
+Patch44: kvm-migration-Fix-operator-type.patch
+# For bz#1708300 - RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN
+Patch45: kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch
+# For bz#1708300 - RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN
+Patch46: kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch
+# For bz#2031024 - Add support for fixing thread pool size [QEMU]
+Patch47: kvm-Introduce-event-loop-base-abstract-class.patch
+# For bz#2031024 - Add support for fixing thread pool size [QEMU]
+Patch48: kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch
+# For bz#2031024 - Add support for fixing thread pool size [QEMU]
+Patch49: kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch
+# For bz#2072379 - Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)
+Patch50: kvm-qcow2-Improve-refcount-structure-rebuilding.patch
+# For bz#2072379 - Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)
+Patch51: kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch
+# For bz#2072379 - Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)
+Patch52: kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch
+# For bz#2072379 - Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)
+Patch53: kvm-iotests-108-Fix-when-missing-user_allow_other.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch54: kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch55: kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch56: kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch57: kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch58: kvm-vhost-vdpa-backend-feature-should-set-only-once.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch59: kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch
+# For bz#2070804 - PXE boot crash qemu when using multiqueue vDPA
+Patch60: kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch
+# For bz#2094270 - Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore
+Patch61: kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch
+# For bz#2086262 - [Win11][tpm]vfio_listener_region_del received unaligned region
+Patch62: kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch
+# For bz#1952483 - RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures
+Patch63: kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+# For bz#1952483 - RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures
+Patch64: kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+# For bz#1952483 - RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures
+Patch65: kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+# For bz#2094252 - Compile the virtio-iommu device on x86_64
+Patch66: kvm-Enable-virtio-iommu-pci-on-x86_64.patch
+# For bz#2092788 - Stalled IO Operations in VM
+Patch67: kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
+# For bz#2092788 - Stalled IO Operations in VM
+Patch68: kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch
+# For bz#2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
+Patch69: kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch
+# For bz#2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
+Patch70: kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch
+# For bz#2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
+Patch71: kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch
+# For bz#2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
+Patch72: kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch
+# For bz#2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
+Patch73: kvm-target-s390x-deprecate-CPUs-older-than-z14.patch
+# For bz#2060839 - Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9
+Patch74: kvm-target-arm-deprecate-named-CPU-models.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch75: kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch76: kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch77: kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch78: kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch79: kvm-migration-Add-migrate_use_tls-helper.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch80: kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch81: kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch82: kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch83: kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch84: kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch
+# For bz#1968509 - Use MSG_ZEROCOPY on QEMU Live Migration
+Patch85: kvm-migration-Change-zero_copy_send-from-migration-param.patch
+# For bz#2096143 - The migration port is not released if use it again for recovering postcopy migration
+Patch86: kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch
+# For bz#2100106 - Fix virtio-iommu/vfio bypass
+Patch87: kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch
+# For bz#2100106 - Fix virtio-iommu/vfio bypass
+Patch88: kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch
+# For bz#2100106 - Fix virtio-iommu/vfio bypass
+Patch89: kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch
+# For bz#2100106 - Fix virtio-iommu/vfio bypass
+Patch90: kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch
+# For bz#2100106 - Fix virtio-iommu/vfio bypass
+Patch91: kvm-virtio-iommu-Fix-migration-regression.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch92: kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch93: kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch94: kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch95: kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch96: kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch97: kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch98: kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch99: kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch100: kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch
+# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
+Patch101: kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch
+# For bz#1951522 - CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]
+Patch102: kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch
+# For bz#1951522 - CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]
+Patch103: kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch104: kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch105: kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch106: kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch107: kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch108: kvm-meson-create-have_vhost_-variables.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch109: kvm-meson-use-have_vhost_-variables-to-pick-sources.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch110: kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch111: kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch112: kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch113: kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch114: kvm-vhost-Reorder-vhost_svq_kick.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch115: kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch116: kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch117: kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch118: kvm-vhost-Add-SVQDescState.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch119: kvm-vhost-Track-number-of-descs-in-SVQDescState.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch120: kvm-vhost-add-vhost_svq_push_elem.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch121: kvm-vhost-Expose-vhost_svq_add.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch122: kvm-vhost-add-vhost_svq_poll.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch123: kvm-vhost-Add-svq-avail_handler-callback.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch124: kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch125: kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch126: kvm-vdpa-manual-forward-CVQ-buffers.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch127: kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch128: kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch129: kvm-vdpa-Add-device-migration-blocker.patch
+# For bz#1939363 - vDPA control virtqueue support in Qemu
+Patch130: kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch
+# For bz#2111994 - RHEL9: skey test in kvm_unit_test got failed
+Patch131: kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch
+# For bz#2111994 - RHEL9: skey test in kvm_unit_test got failed
+Patch132: kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch
+# For bz#2095608 - Please correct the error message when try to start qemu with "-M kernel-irqchip=split"
+Patch133: kvm-kvm-don-t-use-perror-without-useful-errno.patch
+# For bz#2099934 - Guest reboot on destination host after postcopy migration completed
+Patch134: kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch
+# For bz#2099934 - Guest reboot on destination host after postcopy migration completed
+Patch135: kvm-Revert-migration-Simplify-unqueue_page.patch
+# For bz#2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
+Patch136: kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch
+# For bz#2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
+Patch137: kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch
+# For bz#2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
+Patch138: kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch
+# For bz#2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
+Patch139: kvm-migration-Avoid-false-positive-on-non-supported-scen.patch
+# For bz#2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
+Patch140: kvm-migration-add-remaining-params-has_-true-in-migratio.patch
+# For bz#2107466 - zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together
+Patch141: kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch
+# For bz#2112303 - virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions
+Patch142: kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch
+# For bz#2116876 - Fixes for vDPA control virtqueue support in Qemu
+Patch143: kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
+# For bz#2116876 - Fixes for vDPA control virtqueue support in Qemu
+Patch144: kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
+# For bz#2116876 - Fixes for vDPA control virtqueue support in Qemu
+Patch145: kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch
+# For bz#2116876 - Fixes for vDPA control virtqueue support in Qemu
+Patch146: kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch
+# For bz#2120275 - Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1]
+Patch147: kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch148: kvm-vhost-Get-vring-base-from-vq-not-svq.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch149: kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch150: kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch151: kvm-util-Return-void-on-iova_tree_remove.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch152: kvm-util-accept-iova_tree_remove_parameter-by-value.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch153: kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch154: kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch155: kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch156: kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch157: kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch158: kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch159: kvm-vhost-Delete-useless-read-memory-barrier.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch160: kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch161: kvm-vhost_net-Add-NetClientInfo-start-callback.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch162: kvm-vhost_net-Add-NetClientInfo-stop-callback.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch163: kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch164: kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch165: kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch166: kvm-vhost_net-add-NetClientState-load-callback.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch167: kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch
+# For bz#2114060 - vDPA state restore support through control virtqueue in Qemu
+Patch168: kvm-vdpa-Delete-CVQ-migration-blocker.patch
+# For bz#2099541 - qemu coredump with error Assertion `qemu_mutex_iothread_locked()' failed when repeatly hotplug/unplug disks in pause status
+Patch169: kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch
+# For bz#2117546 - [RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command
+Patch170: kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch
+# For bz#2117546 - [RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command
+Patch171: kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch
# Source-git patches
@@ -374,7 +524,6 @@ BuildRequires: python3-sphinx_rtd_theme
BuildRequires: libseccomp-devel >= %{libseccomp_version}
# For network block driver
BuildRequires: libcurl-devel
-BuildRequires: libssh-devel
%if %{have_block_rbd}
BuildRequires: librbd-devel
%endif
@@ -565,16 +714,6 @@ using the rbd protocol.
%endif
-%package block-ssh
-Summary: QEMU SSH block driver
-Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
-%description block-ssh
-This package provides the additional SSH block driver for QEMU.
-
-Install this package if you want to access remote disks using
-the Secure Shell (SSH) protocol.
-
-
%package audio-pa
Summary: QEMU PulseAudio audio driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
@@ -672,10 +811,6 @@ This package provides usbredir support.
%global qemu_kvm_build qemu_kvm_build
mkdir -p %{qemu_kvm_build}
-cp -f %{SOURCE37} tests/data/acpi/pc/SSDT.dimmpxm
-cp -f %{SOURCE38} tests/data/acpi/q35/FACP.slic
-cp -f %{SOURCE39} tests/data/acpi/q35/SSDT.dimmpxm
-cp -f %{SOURCE40} tests/data/acpi/virt/SSDT.memhp
%build
%define disable_everything \\\
@@ -702,6 +837,7 @@ cp -f %{SOURCE40} tests/data/acpi/virt/SSDT.memhp
--disable-crypto-afalg \\\
--disable-curl \\\
--disable-curses \\\
+ --disable-dbus-display \\\
--disable-debug-info \\\
--disable-debug-mutex \\\
--disable-debug-tcg \\\
@@ -732,7 +868,6 @@ cp -f %{SOURCE40} tests/data/acpi/virt/SSDT.memhp
--disable-libssh \\\
--disable-libudev \\\
--disable-libusb \\\
- --disable-libxml2 \\\
--disable-linux-aio \\\
--disable-linux-io-uring \\\
--disable-linux-user \\\
@@ -758,6 +893,7 @@ cp -f %{SOURCE40} tests/data/acpi/virt/SSDT.memhp
--disable-pvrdma \\\
--disable-qcow1 \\\
--disable-qed \\\
+ --disable-qga-vss \\\
--disable-qom-cast-debug \\\
--disable-rbd \\\
--disable-rdma \\\
@@ -807,7 +943,6 @@ cp -f %{SOURCE40} tests/data/acpi/virt/SSDT.memhp
--disable-whpx \\\
--disable-xen \\\
--disable-xen-pci-passthrough \\\
- --disable-xfsctl \\\
--disable-xkbcommon \\\
--disable-zstd \\\
--with-git-submodules=ignore \\\
@@ -831,7 +966,7 @@ run_configure() {
--with-pkgversion="%{name}-%{version}-%{release}" \
--with-suffix="%{name}" \
--firmwarepath=%{firmwaredirs} \
- --meson="%{__meson}" \
+ --meson="internal" \
--enable-trace-backend=dtrace \
--with-coroutine=ucontext \
--with-git=git \
@@ -859,9 +994,6 @@ run_configure \
--block-drv-ro-whitelist=%{block_drivers_ro_list} \
%endif
--enable-attr \
-%ifarch %{ix86} x86_64
- --enable-avx2 \
-%endif
--enable-cap-ng \
--enable-capstone=internal \
--enable-coroutine-pool \
@@ -878,7 +1010,6 @@ run_configure \
%if %{have_pmem}
--enable-libpmem \
%endif
- --enable-libssh \
--enable-libusb \
--enable-libudev \
--enable-linux-aio \
@@ -931,7 +1062,6 @@ run_configure \
--enable-safe-stack \
%endif
-
%if %{tools_only}
%make_build qemu-img
%make_build qemu-io
@@ -1036,7 +1166,7 @@ cp -R %{qemu_kvm_build}/tests/avocado/* %{buildroot}%{testsdir}/tests/avocado/
# Install qemu.py and qmp/ scripts required to run avocado_qemu tests
cp -R %{qemu_kvm_build}/python/qemu %{buildroot}%{testsdir}/python
cp -R %{qemu_kvm_build}/scripts/qmp/* %{buildroot}%{testsdir}/scripts/qmp
-install -p -m 0755 tests/Makefile.include %{buildroot}%{testsdir}/tests/
+install -p -m 0644 tests/Makefile.include %{buildroot}%{testsdir}/tests/
# Install qemu-iotests
cp -R tests/qemu-iotests/* %{buildroot}%{testsdir}/tests/qemu-iotests/
@@ -1170,10 +1300,9 @@ rm -rf %{buildroot}%{_datadir}/%{name}/vgabios*bin
rm -rf %{buildroot}%{_datadir}/%{name}/bios*.bin
rm -rf %{buildroot}%{_datadir}/%{name}/sgabios.bin
-# Remove virtiofsd (we use separate package for virtiofsd)
-rm -rf %{buildroot}%{_mandir}/man1/virtiofsd.1*
-rm -rf %{buildroot}%{_libexecdir}/virtiofsd
-rm -rf %{buildroot}%{_datadir}/qemu/vhost-user/50-qemu-virtiofsd.json
+# Remove vof roms
+rm -rf %{buildroot}%{_datadir}/%{name}/vof-nvram.bin
+rm -rf %{buildroot}%{_datadir}/%{name}/vof.bin
%if %{have_modules_load}
install -D -p -m 644 %{_sourcedir}/modules-load.conf %{buildroot}%{_sysconfdir}/modules-load.d/kvm.conf
@@ -1201,6 +1330,10 @@ rm -rf %{buildroot}%{qemudocdir}/specs
# endif !tools_only
%endif
+# Remove virtiofsd (we use separate package for virtiofsd)
+rm -rf %{buildroot}%{_mandir}/man1/virtiofsd.1*
+rm -rf %{buildroot}%{_libexecdir}/virtiofsd
+rm -rf %{buildroot}%{_datadir}/qemu/vhost-user/50-qemu-virtiofsd.json
%check
%if !%{tools_only}
@@ -1342,17 +1475,21 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%files device-display-virtio-gpu
%{_libdir}/%{name}/hw-display-virtio-gpu.so
+
%files device-display-virtio-gpu-gl
%{_libdir}/%{name}/hw-display-virtio-gpu-gl.so
+
%ifarch s390x
%files device-display-virtio-gpu-ccw
%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so
%else
%files device-display-virtio-gpu-pci
%{_libdir}/%{name}/hw-display-virtio-gpu-pci.so
+
%files device-display-virtio-gpu-pci-gl
%{_libdir}/%{name}/hw-display-virtio-gpu-pci-gl.so
%endif
+
%ifarch x86_64 %{power64}
%files device-display-virtio-vga
%{_libdir}/%{name}/hw-display-virtio-vga.so
@@ -1370,8 +1507,6 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%files block-rbd
%{_libdir}/%{name}/block-rbd.so
%endif
-%files block-ssh
-%{_libdir}/%{name}/block-ssh.so
%files audio-pa
%{_libdir}/%{name}/audio-pa.so
@@ -1386,7 +1521,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%{_libdir}/%{name}/hw-usb-host.so
%if %{have_usbredir}
-%files device-usb-redirect
+%files device-usb-redirect
%{_libdir}/%{name}/hw-usb-redirect.so
%endif
@@ -1394,70 +1529,287 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%endif
%changelog
-* Tue Aug 30 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-11.el9_0.5
-- kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2109569]
-- kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2109569]
-- Resolves: bz#2109569
- (Stalled IO Operations in VM [rhel-9.0.0.z])
-
-* Fri Aug 05 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-11.el9_0.4
-- kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2095795]
-- kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2095795]
-- kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2095795]
-- kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2095795]
-- kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2095795]
-- kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2095795]
-- kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2095795]
-- Resolves: bz#2095795
- (PXE boot crash qemu when using multiqueue vDPA [rhel-9.0.0.z])
-
-* Mon May 09 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-11.el9_0.3
-- kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2071102]
-- kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch [bz#2075635]
-- kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch [bz#2075640]
-- Resolves: bz#2071102
- (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.0.0.z])
-- Resolves: bz#2075635
- (CVE-2022-26353 qemu-kvm: QEMU: virtio-net: map leaking on error during receive [rhel-9] [rhel-9.0.0.z])
-- Resolves: bz#2075640
- (CVE-2022-26354 qemu-kvm: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak [rhel-9] [rhel-9.0.0.z])
-
-* Tue Mar 22 2022 <cconte@redhat.com> - 6.2.0-11.el9_0.2
-- kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2053584]
-- kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2053584]
-- kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2038051]
-- kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2038051]
-- kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2043531]
-- kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2043531]
-- kvm-tests-acpi-add-SLIC-table-test.patch [bz#2043531]
-- kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2043531]
-- kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2043531]
-- kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2043531]
-- kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2043531]
-- kvm-tests-acpi-update-expected-blobs.patch [bz#2043531]
-- kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2043531]
-- kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2043531]
-- Resolves: bz#2053584
- (watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843])
-- Resolves: bz#2038051
- (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04')
-- Resolves: bz#2043531
- (Guest can not start with SLIC acpi table)
-
-* Tue Mar 15 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-11.el9_0.1
-- kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2052050]
-- kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2059786]
-- kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2059175 bz#2059146]
-- kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2059175 bz#2059146]
-- kvm-spec-Obsolete-ssh-driver.patch [bz#2059175 bz#2059146]
-- Resolves: bz#2052050
- (Mark all RHEL-8 and earlier machine types as deprecated)
-- Resolves: bz#2059786
- ([virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device)
-- Resolves: bz#2059175
- (Broken upgrade path due to qemu-kvm-hw-usbredir rename)
-- Resolves: bz#2059146
- (Missing qemu-kvm-block-ssh obsolete breaks upgrade path)
+* Tue Sep 13 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-13
+- kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2117546]
+- kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2117546]
+- Resolves: bz#2117546
+ ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command)
+
+* Fri Aug 26 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-12
+- kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120275]
+- kvm-vhost-Get-vring-base-from-vq-not-svq.patch [bz#2114060]
+- kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [bz#2114060]
+- kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [bz#2114060]
+- kvm-util-Return-void-on-iova_tree_remove.patch [bz#2114060]
+- kvm-util-accept-iova_tree_remove_parameter-by-value.patch [bz#2114060]
+- kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [bz#2114060]
+- kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [bz#2114060]
+- kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [bz#2114060]
+- kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [bz#2114060]
+- kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [bz#2114060]
+- kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [bz#2114060]
+- kvm-vhost-Delete-useless-read-memory-barrier.patch [bz#2114060]
+- kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [bz#2114060]
+- kvm-vhost_net-Add-NetClientInfo-start-callback.patch [bz#2114060]
+- kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [bz#2114060]
+- kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [bz#2114060]
+- kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [bz#2114060]
+- kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [bz#2114060]
+- kvm-vhost_net-add-NetClientState-load-callback.patch [bz#2114060]
+- kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [bz#2114060]
+- kvm-vdpa-Delete-CVQ-migration-blocker.patch [bz#2114060]
+- kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch [bz#2099541]
+- Resolves: bz#2120275
+ (Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1])
+- Resolves: bz#2114060
+ (vDPA state restore support through control virtqueue in Qemu)
+- Resolves: bz#2099541
+ (qemu coredump with error Assertion `qemu_mutex_iothread_locked()' failed when repeatly hotplug/unplug disks in pause status)
+
+* Mon Aug 15 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-11
+- kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466]
+- kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466]
+- kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466]
+- kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466]
+- kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466]
+- kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466]
+- kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303]
+- kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876]
+- kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876]
+- kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876]
+- kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876]
+- Resolves: bz#2107466
+ (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together)
+- Resolves: bz#2112303
+ (virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions)
+- Resolves: bz#2116876
+ (Fixes for vDPA control virtqueue support in Qemu)
+
+* Mon Aug 08 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-10
+- kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363]
+- kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363]
+- kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363]
+- kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363]
+- kvm-meson-create-have_vhost_-variables.patch [bz#1939363]
+- kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363]
+- kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363]
+- kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363]
+- kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363]
+- kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363]
+- kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363]
+- kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363]
+- kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363]
+- kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363]
+- kvm-vhost-Add-SVQDescState.patch [bz#1939363]
+- kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363]
+- kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363]
+- kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363]
+- kvm-vhost-add-vhost_svq_poll.patch [bz#1939363]
+- kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363]
+- kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363]
+- kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363]
+- kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363]
+- kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363]
+- kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363]
+- kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363]
+- kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363]
+- kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994]
+- kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994]
+- kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608]
+- kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934]
+- kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934]
+- Resolves: bz#1939363
+ (vDPA control virtqueue support in Qemu)
+- Resolves: bz#2111994
+ (RHEL9: skey test in kvm_unit_test got failed)
+- Resolves: bz#2095608
+ (Please correct the error message when try to start qemu with "-M kernel-irqchip=split")
+- Resolves: bz#2099934
+ (Guest reboot on destination host after postcopy migration completed)
+
+* Mon Jul 18 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-9
+- kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106]
+- kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106]
+- kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106]
+- kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106]
+- kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106]
+- kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077]
+- kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077]
+- kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522]
+- kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522]
+- Resolves: bz#2100106
+ (Fix virtio-iommu/vfio bypass)
+- Resolves: bz#2098077
+ (virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions)
+- Resolves: bz#1951522
+ (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0])
+
+* Tue Jul 05 2022 Camilla Conte <cconte@redhat.com> - 7.0.0-8
+- kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839]
+- kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839]
+- kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839]
+- kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839]
+- kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839]
+- kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839]
+- kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509]
+- kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509]
+- kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509]
+- kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509]
+- kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509]
+- kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509]
+- kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509]
+- kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509]
+- kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509]
+- kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509]
+- kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509]
+- kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143]
+- Resolves: bz#2060839
+ (Consider deprecating CPU models like "kvm64" / "qemu64" on RHEL 9)
+- Resolves: bz#1968509
+ (Use MSG_ZEROCOPY on QEMU Live Migration)
+- Resolves: bz#2096143
+ (The migration port is not released if use it again for recovering postcopy migration)
+
+* Mon Jun 27 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-7
+- kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483]
+- kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483]
+- kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483]
+- kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252]
+- kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788]
+- kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788]
+- Resolves: bz#1952483
+ (RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures)
+- Resolves: bz#2094252
+ (Compile the virtio-iommu device on x86_64)
+- Resolves: bz#2092788
+ (Stalled IO Operations in VM)
+
+* Mon Jun 13 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-6
+- kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024]
+- kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024]
+- kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024]
+- kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379]
+- kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379]
+- kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379]
+- kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379]
+- kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804]
+- kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804]
+- kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804]
+- kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804]
+- kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804]
+- kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804]
+- kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804]
+- kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270]
+- kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262]
+- Resolves: bz#2031024
+ (Add support for fixing thread pool size [QEMU])
+- Resolves: bz#2072379
+ (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs))
+- Resolves: bz#2070804
+ (PXE boot crash qemu when using multiqueue vDPA)
+- Resolves: bz#2094270
+ (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore)
+- Resolves: bz#2086262
+ ([Win11][tpm]vfio_listener_region_del received unaligned region)
+
+* Mon May 30 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-5
+- kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300]
+- kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300]
+- Resolves: bz#1708300
+ (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN)
+
+* Thu May 19 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-4
+- kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823]
+- kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823]
+- kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823]
+- kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823]
+- kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823]
+- kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823]
+- kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938]
+- kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938]
+- kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347]
+- kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347]
+- kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347]
+- kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347]
+- kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347]
+- kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347]
+- kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710]
+- kvm-migration-Fix-operator-type.patch [bz#2064530]
+- Resolves: bz#2041823
+ ([aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken')
+- Resolves: bz#2079938
+ (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory)
+- Resolves: bz#2079347
+ (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption)
+- Resolves: bz#1995710
+ (RFE: Allow virtio-scsi CD-ROM media change with IOThreads)
+- Resolves: bz#2064530
+ (Rebuild qemu-kvm with clang-14)
+
+* Thu May 12 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-3
+- kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029]
+- kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029]
+- kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099]
+- kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612]
+- kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612]
+- Resolves: bz#2046029
+ ([WRB] New machine type property - dtb-kaslr-seed)
+- Resolves: bz#1477099
+ (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support))
+- Resolves: bz#2037612
+ ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region)
+
+* Fri May 06 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-2
+- kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162]
+- kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022]
+- Resolves: bz#2044162
+ ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU)
+- Resolves: bz#2081022
+ (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes)
+
+* Wed Apr 20 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-1
+- Rebase to QEMU 7.0.0 [bz#2064757]
+- Do not build ssh block driver anymore [bz#2064500]
+- Removed hpet and parallel port support [bz#2065042]
+- Compatibility support [bz#2064782 bz#2064771]
+- Resolves: bz#2064757
+ (Rebase to QEMU 7.0.0)
+- Resolves: bz#2064500
+ (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1)
+- Resolves: bz#2065042
+ (Remove upstream-only devices from the qemu-kvm binary)
+- Resolves: bz#2064782
+ (Update machine type compatibility for QEMU 7.0.0 update [s390x])
+- Resolves: bz#2064771
+ (Update machine type compatibility for QEMU 7.0.0 update [x86_64])
+
+* Thu Apr 14 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-13
+- kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2065589]
+- Resolves: bz#2065589
+ (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.1.0])
+
+* Mon Mar 21 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-12
+- kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2062813]
+- kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2062828]
+- kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2062819 bz#2062817]
+- kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2062819]
+- kvm-spec-Obsolete-ssh-driver.patch [bz#2062817]
+- Resolves: bz#2062828
+ ([virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device [rhel-9.1.0])
+- Resolves: bz#2062819
+ (Broken upgrade path due to qemu-kvm-hw-usbredir rename [rhel-9.1.0])
+- Resolves: bz#2062817
+ (Missing qemu-kvm-block-ssh obsolete breaks upgrade path [rhel-9.1.0])
+- Resolves: bz#2062813
+ (Mark all RHEL-8 and earlier machine types as deprecated [rhel-9.1.0])
* Tue Mar 01 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-11
- kvm-spec-Remove-qemu-virtiofsd.patch [bz#2055284]