diff --git a/SOURCES/kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch b/SOURCES/kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch
new file mode 100644
index 0000000..4fb8c36
--- /dev/null
+++ b/SOURCES/kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch
@@ -0,0 +1,54 @@
+From 23e038b8eb586dc19f1d653cd98d0cae109f359b Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Thu, 10 Oct 2019 22:18:07 +0200
+Subject: [PATCH 4/4] Add missing brackets to CPUID[0x80000008] code
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191010221807.2953-1-ehabkost@redhat.com>
+Patchwork-id: 91713
+O-Subject: [RHEL-7.8 qemu-kvm PATCH] Add missing brackets to CPUID[0x80000008] code
+Bugzilla: 1760607
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: John Snow <jsnow@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1760607
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23986041
+Upstream: not applicable
+
+I've made a mistake at downstream-only commit ba222e201e07
+("i386: Don't copy host virtual address limit"): I forgot to add
+brackets to the existing if statement. This expose an invalid
+physical address size to the guest if the host xlevel is less
+than 0x80000008.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index b4839df..9283902 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -2978,7 +2978,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ if (kvm_enabled()) {
+ uint32_t _eax;
+ host_cpuid(0x80000000, 0, &_eax, NULL, NULL, NULL);
+- if (_eax >= 0x80000008)
++ if (_eax >= 0x80000008) {
+ host_cpuid(0x80000008, 0, &_eax, NULL, NULL, NULL);
+ /*
+ * Override physical size only, as RHEL-7 KVM only supports
+@@ -2986,6 +2986,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ */
+ *eax &= ~0xff;
+ *eax |= _eax & 0xff;
++ }
+ }
+ } else {
+ if (env->features[FEAT_1_EDX] & CPUID_PSE36) {
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch b/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
index 9ca80c2..3cbc4db 100644
--- a/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
+++ b/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
@@ -1,39 +1,35 @@
-From cd4088d607d604085015b0e405b2340420de5d5a Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:43 +0200
-Subject: [PATCH 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
+From 0bce0c69b76a246ee901c09a4d02bcd05619d9e0 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:22 +0200
+Subject: [PATCH 06/12] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
KVM_GET_MSRS system ioctl
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-6-ehabkost@redhat.com>
-Patchwork-id: 91361
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-6-git-send-email-plai@redhat.com>
+Patchwork-id: 90856
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Robert Hoo <robert.hu@linux.intel.com>
Add kvm_get_supported_feature_msrs() to get supported MSR feature index list.
Add kvm_arch_get_supported_msr_feature() to get each MSR features value.
-7.7.z backport notes:
-* No conflicts, but `#include "qemu/error-report.h"` lines was added
-
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Message-Id: <1539578845-37944-2-git-send-email-robert.hu@linux.intel.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
include/sysemu/kvm.h | 1 +
linux-headers/linux/kvm.h | 2 ++
- target-i386/kvm.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 83 insertions(+)
+ target-i386/kvm.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 82 insertions(+)
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index e4403be..281fe26 100644
@@ -68,18 +64,10 @@ index 4b93099..bfeafff 100644
#ifdef KVM_CAP_IRQ_ROUTING
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
-index d5f6deb..2b1d7da 100644
+index b6c76f1..159ed4c 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
-@@ -33,6 +33,7 @@
- #include "exec/ioport.h"
- #include <asm/hyperv.h>
- #include "hw/pci/pci.h"
-+#include "qemu/error-report.h"
-
- //#define DEBUG_KVM
-
-@@ -82,6 +83,7 @@ static bool has_msr_virt_ssbd;
+@@ -84,6 +84,7 @@ static bool has_msr_virt_ssbd;
static bool has_msr_architectural_pmu;
static uint32_t num_architectural_pmu_counters;
@@ -87,7 +75,7 @@ index d5f6deb..2b1d7da 100644
bool kvm_allows_irq0_override(void)
{
-@@ -249,11 +251,87 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
+@@ -251,11 +252,87 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
return ret;
}
@@ -175,7 +163,7 @@ index d5f6deb..2b1d7da 100644
static QLIST_HEAD(, HWPoisonPage) hwpoison_page_list =
QLIST_HEAD_INITIALIZER(hwpoison_page_list);
-@@ -831,6 +909,8 @@ int kvm_arch_init(KVMState *s)
+@@ -846,6 +923,8 @@ int kvm_arch_init(KVMState *s)
return ret;
}
diff --git a/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch b/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
index 12c4d84..e56d5e0 100644
--- a/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
+++ b/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
@@ -1,7 +1,7 @@
-From 2724e62241909754ecf48bb64b417842e954a8d1 Mon Sep 17 00:00:00 2001
+From 7980bf40d749aeb86a972a73db67a42fe000dbca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Wed, 31 Jul 2019 21:39:33 +0200
-Subject: [PATCH 2/2] Fix heap overflow in ip_reass on big packet input
+Subject: [PATCH 4/4] Fix heap overflow in ip_reass on big packet input
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -10,7 +10,7 @@ RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190731213933.16245-2-philmd@redhat.com>
Patchwork-id: 89844
O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/1] Fix heap overflow in ip_reass on big packet input
-Bugzilla: 1734748
+Bugzilla: 1734749
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
diff --git a/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch b/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch
index 8c6febe..2e4393c 100644
--- a/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch
+++ b/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch
@@ -1,18 +1,16 @@
-From deb80e0563048d3bb02d4c975929ddc8502172d4 Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:48 +0200
-Subject: [PATCH 10/10] Remove arch-capabilities deprecation
-
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-11-ehabkost@redhat.com>
-Patchwork-id: 91366
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 10/10] Remove arch-capabilities deprecation
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+From 8328a7b83a78666fff5166a615e4ef5792c743f0 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:27 +0200
+Subject: [PATCH 11/12] Remove arch-capabilities deprecation
+
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-11-git-send-email-plai@redhat.com>
+Patchwork-id: 90854
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 10/10] Remove arch-capabilities deprecation
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
-
-From: Paul Lai <plai@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
[RHEL INTERNAL] Logic to support arch-capabilities now exists.
Deprecation of arch-facilities is no longer needed.
@@ -20,17 +18,16 @@ Deprecation of arch-facilities is no longer needed.
fixes: arch-facilities deprecation introduced by
59c1aecdd i386: Deprecate arch-facilities and make it block live migration
-7.7.z backport notes (ehabkost):
-* Cherry pick from 7.8 tree with no conflicts
-
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+Conflicts:
+ target-i386/cpu.c
---
target-i386/cpu.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index 35381f0..5aa45ba 100644
+index 24fc000..3ea4e97 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -34,7 +34,6 @@
@@ -41,7 +38,7 @@ index 35381f0..5aa45ba 100644
#include "hw/hw.h"
#if defined(CONFIG_KVM)
-@@ -1802,13 +1801,6 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+@@ -1819,13 +1818,6 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
x86_cpu_def->features[w] = x86_cpu_get_supported_feature_word(w);
}
@@ -52,9 +49,9 @@ index 35381f0..5aa45ba 100644
-
- /* arch-facilities: deprecated (see comment on x86_cpu_realizefn()) */
- x86_cpu_def->features[FEAT_7_0_EDX] &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
+ /* invtsc: not migratable, so not enabled by default */
+ x86_cpu_def->features[FEAT_8000_0007_EDX] &= ~CPUID_APM_INVTSC;
- #endif /* CONFIG_KVM */
- }
--
1.8.3.1
diff --git a/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch b/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
index 0e6ea80..5e053a8 100644
--- a/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
+++ b/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
@@ -1,29 +1,23 @@
-From dd8556fe139be9237694229e55ac3762ec71eca5 Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:46 +0200
-Subject: [PATCH 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for
+From aa89186992d427e17118608c9fa02b36be8fab8e Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:25 +0200
+Subject: [PATCH 09/12] kvm: Use KVM_GET_MSR_INDEX_LIST for
MSR_IA32_ARCH_CAPABILITIES support
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-9-ehabkost@redhat.com>
-Patchwork-id: 91363
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-9-git-send-email-plai@redhat.com>
+Patchwork-id: 90861
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Bandan Das <bsd@redhat.com>
When writing to guest's MSR_IA32_ARCH_CAPABILITIES, check whether it's
supported in the guest using the KVM_GET_MSR_INDEX_LIST ioctl.
-7.8 backport conflicts (plai):
- target/i386/kvm.c changes to target-i386/kvm.c
-
-7.7.z backport notes (ehabkost):
-* Cherry pick from 7.8 tree with no conflicts
-
Fixes: d86f963694df27f11b3681ffd225c9362de1b634
Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: balducci@units.it
@@ -32,7 +26,10 @@ Message-Id: <jpg4lc4iiav.fsf_-_@linux.bootlegged.copy>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit aec5e9c3a94cf8b7920f59bef69a6f426092c4a0)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Resolved Conflicts:
+ target/i386/kvm.c changes to target-i386/kvm.c
+
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.h | 1 +
@@ -40,10 +37,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
-index 1c62e63..d855ae3 100644
+index 5a86b2c..8f73af7 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
-@@ -1066,6 +1066,7 @@ typedef struct CPUX86State {
+@@ -1070,6 +1070,7 @@ typedef struct CPUX86State {
uint64_t spec_ctrl;
uint64_t virt_ssbd;
@@ -52,10 +49,10 @@ index 1c62e63..d855ae3 100644
TPRAccess tpr_access_type;
} CPUX86State;
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
-index 180ae56..bc3a514 100644
+index 722cfbc..12781a8 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
-@@ -80,6 +80,7 @@ static bool has_msr_mtrr;
+@@ -81,6 +81,7 @@ static bool has_msr_mtrr;
static bool has_msr_xss;
static bool has_msr_spec_ctrl;
static bool has_msr_virt_ssbd;
@@ -63,7 +60,7 @@ index 180ae56..bc3a514 100644
static bool has_msr_architectural_pmu;
static uint32_t num_architectural_pmu_counters;
-@@ -888,6 +889,10 @@ static int kvm_get_supported_msrs(KVMState *s)
+@@ -902,6 +903,10 @@ static int kvm_get_supported_msrs(KVMState *s)
has_msr_virt_ssbd = true;
continue;
}
@@ -74,7 +71,7 @@ index 180ae56..bc3a514 100644
}
}
-@@ -1326,14 +1331,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+@@ -1340,14 +1345,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
}
/* If host supports feature MSR, write down. */
@@ -92,7 +89,7 @@ index 180ae56..bc3a514 100644
}
/*
* The following MSRs have side effects on the guest or are too heavy
-@@ -1925,6 +1925,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+@@ -1939,6 +1939,9 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_VIRT_SSBD:
env->virt_ssbd = msrs[i].data;
break;
diff --git a/SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch b/SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch
new file mode 100644
index 0000000..865a91e
--- /dev/null
+++ b/SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch
@@ -0,0 +1,61 @@
+From 90b1929638fb5fed4e5fc65f95b7a76e339e0640 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Mon, 9 Sep 2019 09:13:33 +0200
+Subject: [PATCH 01/12] Using ip_deq after m_free might read pointers from an
+ allocation reuse.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: <20190909091333.18511-2-philmd@redhat.com>
+Patchwork-id: 90336
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/1] Using ip_deq after m_free might read pointers from an allocation reuse.
+Bugzilla: 1749735
+RH-Acked-by: John Snow <jsnow@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+This would be difficult to exploit, but that is still related with
+CVE-2019-14378 which generates fragmented IP packets that would trigger this
+issue and at least produce a DoS.
+
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+(cherry picked from libslirp commit c59279437eda91841b9d26079c70b8a540d41204)
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ slirp/ip_input.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/slirp/ip_input.c b/slirp/ip_input.c
+index 5226224..9e95b40 100644
+--- a/slirp/ip_input.c
++++ b/slirp/ip_input.c
+@@ -296,6 +296,7 @@ ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp)
+ */
+ while (q != (struct ipasfrag*)&fp->frag_link &&
+ ip->ip_off + ip->ip_len > q->ipf_off) {
++ struct ipasfrag *prev;
+ i = (ip->ip_off + ip->ip_len) - q->ipf_off;
+ if (i < q->ipf_len) {
+ q->ipf_len -= i;
+@@ -303,9 +304,10 @@ ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp)
+ m_adj(dtom(slirp, q), i);
+ break;
+ }
++ prev = q;
+ q = q->ipf_next;
+- m_free(dtom(slirp, q->ipf_prev));
+- ip_deq(q->ipf_prev);
++ ip_deq(prev);
++ m_free(dtom(slirp, prev));
+ }
+
+ insert:
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-bswap.h-Remove-cpu_to_be16wu.patch b/SOURCES/kvm-bswap.h-Remove-cpu_to_be16wu.patch
new file mode 100644
index 0000000..c3ca93e
--- /dev/null
+++ b/SOURCES/kvm-bswap.h-Remove-cpu_to_be16wu.patch
@@ -0,0 +1,197 @@
+From 30ed4a7f03ef8820773f6eb7d63e982ad04aa8d6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Sat, 13 Jul 2019 12:38:01 +0200
+Subject: [PATCH 2/4] bswap.h: Remove cpu_to_be16wu()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: <20190713123802.23932-2-philmd@redhat.com>
+Patchwork-id: 89507
+O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/2] bswap.h: Remove cpu_to_be16wu()
+Bugzilla: 1270166
+RH-Acked-by: Xiao Wang <jasowang@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+From: Peter Maydell <peter.maydell@linaro.org>
+
+Replace the legacy cpu_to_be16wu() with stw_be_p().
+
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <rth@twiddle.net>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Message-id: 1383669517-25598-7-git-send-email-peter.maydell@linaro.org
+Signed-off-by: Anthony Liguori <aliguori@amazon.com>
+(cherry picked from commit d8ee2591e495d5feb0e0250866222dedc805c8d8)
+[PMD: fix conflict in include/qemu/bswap.h]
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ hw/block/cdrom.c | 4 ++--
+ hw/ide/atapi.c | 16 ++++++++--------
+ hw/net/e1000.c | 19 ++++++++-----------
+ include/qemu/bswap.h | 5 -----
+ 4 files changed, 18 insertions(+), 26 deletions(-)
+
+diff --git a/hw/block/cdrom.c b/hw/block/cdrom.c
+index 38469fa..5c69f34 100644
+--- a/hw/block/cdrom.c
++++ b/hw/block/cdrom.c
+@@ -77,7 +77,7 @@ int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track)
+ q += 4;
+ }
+ len = q - buf;
+- cpu_to_be16wu((uint16_t *)buf, len - 2);
++ stw_be_p(buf, len - 2);
+ return len;
+ }
+
+@@ -150,6 +150,6 @@ int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num)
+ }
+
+ len = q - buf;
+- cpu_to_be16wu((uint16_t *)buf, len - 2);
++ stw_be_p(buf, len - 2);
+ return len;
+ }
+diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
+index a411748..490070a 100644
+--- a/hw/ide/atapi.c
++++ b/hw/ide/atapi.c
+@@ -454,7 +454,7 @@ static int ide_dvd_read_structure(IDEState *s, int format,
+ cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */
+
+ /* Size of buffer, not including 2 byte size field */
+- cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
++ stw_be_p(buf, 2048 + 2);
+
+ /* 2k data + 4 byte header */
+ return (2048 + 4);
+@@ -465,7 +465,7 @@ static int ide_dvd_read_structure(IDEState *s, int format,
+ buf[5] = 0; /* no region restrictions */
+
+ /* Size of buffer, not including 2 byte size field */
+- cpu_to_be16wu((uint16_t *)buf, 4 + 2);
++ stw_be_p(buf, 4 + 2);
+
+ /* 4 byte header + 4 byte data */
+ return (4 + 4);
+@@ -475,7 +475,7 @@ static int ide_dvd_read_structure(IDEState *s, int format,
+
+ case 0x04: /* DVD disc manufacturing information */
+ /* Size of buffer, not including 2 byte size field */
+- cpu_to_be16wu((uint16_t *)buf, 2048 + 2);
++ stw_be_p(buf, 2048 + 2);
+
+ /* 2k data + 4 byte header */
+ return (2048 + 4);
+@@ -488,22 +488,22 @@ static int ide_dvd_read_structure(IDEState *s, int format,
+
+ buf[4] = 0x00; /* Physical format */
+ buf[5] = 0x40; /* Not writable, is readable */
+- cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4);
++ stw_be_p(buf + 6, 2048 + 4);
+
+ buf[8] = 0x01; /* Copyright info */
+ buf[9] = 0x40; /* Not writable, is readable */
+- cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4);
++ stw_be_p(buf + 10, 4 + 4);
+
+ buf[12] = 0x03; /* BCA info */
+ buf[13] = 0x40; /* Not writable, is readable */
+- cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4);
++ stw_be_p(buf + 14, 188 + 4);
+
+ buf[16] = 0x04; /* Manufacturing info */
+ buf[17] = 0x40; /* Not writable, is readable */
+- cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4);
++ stw_be_p(buf + 18, 2048 + 4);
+
+ /* Size of buffer, not including 2 byte size field */
+- cpu_to_be16wu((uint16_t *)buf, 16 + 2);
++ stw_be_p(buf, 16 + 2);
+
+ /* data written + 4 byte header */
+ return (16 + 4);
+diff --git a/hw/net/e1000.c b/hw/net/e1000.c
+index 2cd38bc..711d369 100644
+--- a/hw/net/e1000.c
++++ b/hw/net/e1000.c
+@@ -442,8 +442,7 @@ putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
+ n = cse + 1;
+ if (sloc < n-1) {
+ sum = net_checksum_add(n-css, data+css);
+- cpu_to_be16wu((uint16_t *)(data + sloc),
+- net_checksum_finish(sum));
++ stw_be_p(data + sloc, net_checksum_finish(sum));
+ }
+ }
+
+@@ -504,13 +503,11 @@ xmit_seg(E1000State *s)
+ DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
+ frames, tp->size, css);
+ if (tp->ip) { // IPv4
+- cpu_to_be16wu((uint16_t *)(tp->data+css+2),
+- tp->size - css);
+- cpu_to_be16wu((uint16_t *)(tp->data+css+4),
++ stw_be_p(tp->data+css+2, tp->size - css);
++ stw_be_p(tp->data+css+4,
+ be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
+ } else // IPv6
+- cpu_to_be16wu((uint16_t *)(tp->data+css+4),
+- tp->size - css);
++ stw_be_p(tp->data+css+4, tp->size - css);
+ css = tp->tucss;
+ len = tp->size - css;
+ DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
+@@ -521,14 +518,14 @@ xmit_seg(E1000State *s)
+ if (tp->paylen - sofar > tp->mss)
+ tp->data[css + 13] &= ~9; // PSH, FIN
+ } else // UDP
+- cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
++ stw_be_p(tp->data+css+4, len);
+ if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
+ unsigned int phsum;
+ // add pseudo-header length before checksum calculation
+ sp = (uint16_t *)(tp->data + tp->tucso);
+ phsum = be16_to_cpup(sp) + len;
+ phsum = (phsum >> 16) + (phsum & 0xffff);
+- cpu_to_be16wu(sp, phsum);
++ stw_be_p(sp, phsum);
+ }
+ tp->tso_frames++;
+ }
+@@ -596,9 +593,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+ if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
+ (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
+ tp->vlan_needed = 1;
+- cpu_to_be16wu((uint16_t *)(tp->vlan_header),
++ stw_be_p(tp->vlan_header,
+ le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
+- cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
++ stw_be_p(tp->vlan_header + 2,
+ le16_to_cpu(dp->upper.fields.special));
+ }
+
+diff --git a/include/qemu/bswap.h b/include/qemu/bswap.h
+index 14a5f65..91734ad 100644
+--- a/include/qemu/bswap.h
++++ b/include/qemu/bswap.h
+@@ -437,11 +437,6 @@ static inline uint32_t be32_to_cpupu(const uint32_t *p)
+ return ldl_be_p(p);
+ }
+
+-static inline void cpu_to_be16wu(uint16_t *p, uint16_t v)
+-{
+- stw_be_p(p, v);
+-}
+-
+ static inline void cpu_to_be32wu(uint32_t *p, uint32_t v)
+ {
+ stl_be_p(p, v);
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch b/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
index 2ee8e0c..ba295b6 100644
--- a/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
+++ b/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
@@ -1,17 +1,17 @@
-From c0da3c7b7bafe378a953f139397cadc26c3d054b Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:42 +0200
-Subject: [PATCH 04/10] i386: Add CPUID bit and feature words for
+From 1dd8f3631cc86fcf670f69befb5cd02e0b548da4 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:21 +0200
+Subject: [PATCH 05/12] i386: Add CPUID bit and feature words for
IA32_ARCH_CAPABILITIES MSR
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-5-ehabkost@redhat.com>
-Patchwork-id: 91360
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 04/10] i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-5-git-send-email-plai@redhat.com>
+Patchwork-id: 90857
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 04/10] i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Robert Hoo <robert.hu@linux.intel.com>
@@ -26,14 +26,13 @@ Message-Id: <1530781798-183214-3-git-send-email-robert.hu@linux.intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 3fc7c73139d2d38ae80c3b0bc963b1ac1555924c)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index 5cfed19..ba2ce8e 100644
+index ff0921f..838c616 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -174,7 +174,7 @@ static const char *cpuid_7_0_edx_feature_name[] = {
diff --git a/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch b/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
index 36bdee4..acb74dd 100644
--- a/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
+++ b/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
@@ -1,17 +1,17 @@
-From 71b9824a243c47739730c263107b0e49f459db28 Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:41 +0200
-Subject: [PATCH 03/10] i386: Add new MSR indices for IA32_PRED_CMD and
+From 2ef29c217183a2e16bbc8d209d94a2bb5a009204 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:20 +0200
+Subject: [PATCH 04/12] i386: Add new MSR indices for IA32_PRED_CMD and
IA32_ARCH_CAPABILITIES
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-4-ehabkost@redhat.com>
-Patchwork-id: 91359
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 03/10] i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-4-git-send-email-plai@redhat.com>
+Patchwork-id: 90862
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 03/10] i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Robert Hoo <robert.hu@linux.intel.com>
@@ -27,14 +27,13 @@ Message-Id: <1530781798-183214-2-git-send-email-robert.hu@linux.intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 8c80c99fcceabd0708a5a83f08577e778c9419f5)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
-index 5d47ab8..ea5df77 100644
+index cbbc34f..0ce479a 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -306,6 +306,8 @@
diff --git a/SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch b/SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch
new file mode 100644
index 0000000..526daaa
--- /dev/null
+++ b/SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch
@@ -0,0 +1,118 @@
+From 4f73c145a24ba196d904234a1ea437af22c33240 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Thu, 3 Oct 2019 22:12:15 +0200
+Subject: [PATCH 1/4] i386: Add new model of Cascadelake-Server
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191003221217.8527-2-ehabkost@redhat.com>
+Patchwork-id: 90952
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/3] i386: Add new model of Cascadelake-Server
+Bugzilla: 1638471
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Tao Xu <tao3.xu@intel.com>
+
+New CPU models mostly inherit features from ancestor Skylake-Server,
+while addin new features: AVX512_VNNI, Intel PT.
+SSBD support for speculative execution
+side channel mitigations.
+
+Note:
+
+On Cascadelake, some capabilities (RDCL_NO, IBRS_ALL, RSBA,
+SKIP_L1DFL_VMENTRY and SSB_NO) are enumerated by MSR.
+These features rely on MSR based feature support patch.
+Will be added later after that patch's in.
+http://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg00074.html
+
+Backport notes:
+* Like we already did in Skylake-Server and EPYC, ARAT is
+ not present in the CPU model (RHEL7-3+ and RHEL-8 already have
+ arat=off in PC_COMPAT_RHEL7_2)
+
+Signed-off-by: Tao Xu <tao3.xu@intel.com>
+Message-Id: <20180919031122.28487-2-tao3.xu@intel.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+(cherry picked from commit c7a88b52f62b30c04158eeb07f73e3f72221b6a8)
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 60 insertions(+)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index f92cb62..5b988c9 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -1496,6 +1496,66 @@ static x86_def_t builtin_x86_defs[] = {
+ .model_id = "Intel Xeon Processor (Skylake, IBRS)",
+ },
+ {
++ .name = "Cascadelake-Server",
++ .level = 0xd,
++ .vendor = CPUID_VENDOR_INTEL,
++ .family = 6,
++ .model = 85,
++ .stepping = 5,
++ .features[FEAT_1_EDX] =
++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
++ CPUID_DE | CPUID_FP87,
++ .features[FEAT_1_ECX] =
++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
++ .features[FEAT_8000_0001_EDX] =
++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
++ .features[FEAT_8000_0001_ECX] =
++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
++ .features[FEAT_7_0_EBX] =
++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB |
++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
++ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT |
++ CPUID_7_0_EBX_INTEL_PT,
++ .features[FEAT_7_0_ECX] =
++ CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE |
++ CPUID_7_0_ECX_AVX512VNNI,
++ .features[FEAT_7_0_EDX] =
++ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
++ /* Missing: XSAVES (not supported by some Linux versions,
++ * including v4.1 to v4.12).
++ * KVM doesn't yet expose any XSAVES state save component,
++ * and the only one defined in Skylake (processor tracing)
++ * probably will block migration anyway.
++ */
++ .features[FEAT_XSAVE] =
++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
++ CPUID_XSAVE_XGETBV1,
++ /* Missing: ARAT. not available in the qemu-kvm-1.5.3 tree (and
++ * disabled by compat code in pc-i440fx-rhel7.2.0 and older on
++ * qemu-kvm-rhev)
++ */
++#if 0
++ .features[FEAT_6_EAX] =
++ CPUID_6_EAX_ARAT,
++#endif
++ .xlevel = 0x80000008,
++ .model_id = "Intel Xeon Processor (Cascadelake)",
++ },
++ {
+ .name = "Opteron_G1",
+ .level = 5,
+ .vendor = CPUID_VENDOR_AMD,
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch b/SOURCES/kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch
new file mode 100644
index 0000000..729d6a3
--- /dev/null
+++ b/SOURCES/kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch
@@ -0,0 +1,76 @@
+From b082e420af608c6b060e29e392e0a7fa0655298d Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Thu, 3 Oct 2019 22:12:16 +0200
+Subject: [PATCH 2/4] i386: Disable OSPKE on Cascadelake-Server
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191003221217.8527-3-ehabkost@redhat.com>
+Patchwork-id: 90953
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 2/3] i386: Disable OSPKE on Cascadelake-Server
+Bugzilla: 1638471
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+This is a partial cherry pick of upstream commit:
+
+commit bb4928c7cafe50ab2137a0034e350ef1bfa044d9
+Author: Eduardo Habkost <ehabkost@redhat.com>
+Date: Tue Mar 19 17:05:15 2019 -0300
+
+ i386: Disable OSPKE on CPU model definitions
+
+ Currently, the Cascadelake-Server, Icelake-Client, and
+ Icelake-Server are always generating the following warning:
+
+ qemu-system-x86_64: warning: \
+ host doesn't support requested feature: CPUID.07H:ECX [bit 4]
+
+ This happens because OSPKE was never returned by
+ GET_SUPPORTED_CPUID or x86_cpu_get_supported_feature_word().
+ OSPKE is a runtime flag automatically set by the KVM module or by
+ TCG code, was always cleared by x86_cpu_filter_features(), and
+ was not supposed to appear on the CPU model table.
+
+ Remove the OSPKE flag from the CPU model table entries, to avoid
+ the bogus warning and avoid returning invalid feature data on
+ query-cpu-* QMP commands. As OSPKE was always cleared by
+ x86_cpu_filter_features(), this won't have any guest-visible
+ impact.
+
+ Include a test case that should detect the problem if we introduce
+ a similar bug again.
+
+ Fixes: c7a88b52f62b ("i386: Add new model of Cascadelake-Server")
+ Fixes: 8a11c62da914 ("i386: Add new CPU model Icelake-{Server,Client}")
+ Cc: Tao Xu <tao3.xu@intel.com>
+ Cc: Robert Hoo <robert.hu@linux.intel.com>
+ Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+ Message-Id: <20190319200515.14999-1-ehabkost@redhat.com>
+ Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+It includes only the Cascadelake-Server change, because Icelake*
+is not present in the RHEL7 tree.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 5b988c9..926373b 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -1531,7 +1531,7 @@ static x86_def_t builtin_x86_defs[] = {
+ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT |
+ CPUID_7_0_EBX_INTEL_PT,
+ .features[FEAT_7_0_ECX] =
+- CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE |
++ CPUID_7_0_ECX_PKU |
+ CPUID_7_0_ECX_AVX512VNNI,
+ .features[FEAT_7_0_EDX] =
+ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-Don-t-copy-host-virtual-address-limit.patch b/SOURCES/kvm-i386-Don-t-copy-host-virtual-address-limit.patch
new file mode 100644
index 0000000..08fa4c7
--- /dev/null
+++ b/SOURCES/kvm-i386-Don-t-copy-host-virtual-address-limit.patch
@@ -0,0 +1,55 @@
+From ba222e201e070d95e282762e890cf8e86251e84c Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 21 Aug 2019 22:28:26 +0200
+Subject: [PATCH 3/3] i386: Don't copy host virtual address limit
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20190821222826.11853-1-ehabkost@redhat.com>
+Patchwork-id: 90110
+O-Subject: [RHEL-7.8 qemu-kvm PATCH] i386: Don't copy host virtual address limit
+Bugzilla: 1706658
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1706658
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23157241
+Upstream: not applicable
+
+The KVM code in RHEL-7 supports only 48-bit virtual addresses.
+Copying the host virtual address size to the guest is pointless
+and only makes the VM crash if the host virtual address size is
+not 48 bits.
+
+Change the downstream-only code that copies host CPUID to just
+copy the physical address limit, and keep the hardcoded virtual
+address size.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index c74f597..ca43268 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -2841,7 +2841,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ uint32_t _eax;
+ host_cpuid(0x80000000, 0, &_eax, NULL, NULL, NULL);
+ if (_eax >= 0x80000008)
+- host_cpuid(0x80000008, 0, eax, NULL, NULL, NULL);
++ host_cpuid(0x80000008, 0, &_eax, NULL, NULL, NULL);
++ /*
++ * Override physical size only, as RHEL-7 KVM only supports
++ * 48 bits virtual.
++ */
++ *eax &= ~0xff;
++ *eax |= _eax & 0xff;
+ }
+ } else {
+ if (env->features[FEAT_1_EDX] & CPUID_PSE36) {
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch b/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
index 48179c2..13b6953 100644
--- a/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
+++ b/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
@@ -1,17 +1,19 @@
-From e9ae571d86a83652aa43f9b866f619709b1feda2 Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:47 +0200
-Subject: [PATCH 09/10] i386: kvm: Disable arch_capabilities if MSR can't be
+From 178a63f8515a461a6625b856d25f4d4154ada960 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:26 +0200
+Subject: [PATCH 10/12] i386: kvm: Disable arch_capabilities if MSR can't be
set
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-10-ehabkost@redhat.com>
-Patchwork-id: 91365
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 09/10] i386: kvm: Disable arch_capabilities if MSR can't be set
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-10-git-send-email-plai@redhat.com>
+Patchwork-id: 90858
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 09/10] i386: kvm: Disable arch_capabilities if MSR can't be set
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+From: Eduardo Habkost <ehabkost@redhat.com>
KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES:
@@ -34,28 +36,24 @@ unavailable on hosts without hardware support for the MSR until bug #2
is fixed on KVM, but I can't see another way to work around bug #1
without that side effect.
-7.8 backport conflicts (plai):
- target/i386/kvm.c changes to target-i386/kvm.c
-
-7.7.z backport notes (ehabkost):
-* Cherry pick from 7.8 tree with no conflicts
-
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190125220606.4864-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 485b1d256bcb0874bcde0223727c159b6837e6f8)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+Conflicts:
+ target/i386/kvm.c changes to target-i386/kvm.c
---
target-i386/kvm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
-index bc3a514..0374b7a 100644
+index 12781a8..c79b0ea 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
-@@ -234,6 +234,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
+@@ -235,6 +235,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
if (!kvm_irqchip_in_kernel()) {
ret &= ~CPUID_EXT_X2APIC;
}
diff --git a/SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch b/SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch
new file mode 100644
index 0000000..81ce3b7
--- /dev/null
+++ b/SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch
@@ -0,0 +1,59 @@
+From 4d23f26f51e1a4b4a8c7aa2d105891e4589f913c Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Thu, 3 Oct 2019 22:12:17 +0200
+Subject: [PATCH 3/4] i386: remove the 'INTEL_PT' CPUID bit from
+ Cascadelake-Server
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20191003221217.8527-4-ehabkost@redhat.com>
+Patchwork-id: 90954
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 3/3] i386: remove the 'INTEL_PT' CPUID bit from Cascadelake-Server
+Bugzilla: 1638471
+RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+This is a partial cherry pick of upstream commit:
+
+commit 4c257911dcc7c4189768e9651755c849ce9db4e8
+Author: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri Dec 21 12:35:56 2018 +0100
+
+ i386: remove the 'INTEL_PT' CPUID bit from named CPU models
+
+ Processor tracing is not yet implemented for KVM and it will be an
+ opt in feature requiring a special module parameter.
+ Disable it, because it is wrong to enable it by default and
+ it is impossible that no one has ever used it.
+
+ Cc: qemu-stable@nongnu.org
+ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+It includes only the Cascadelake-Server change, because the other
+CPU models are not present in the RHEL7 tree.
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index 926373b..b4839df 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -1528,8 +1528,7 @@ static x86_def_t builtin_x86_defs[] = {
+ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB |
+ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
+ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
+- CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT |
+- CPUID_7_0_EBX_INTEL_PT,
++ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
+ .features[FEAT_7_0_ECX] =
+ CPUID_7_0_ECX_PKU |
+ CPUID_7_0_ECX_AVX512VNNI,
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch b/SOURCES/kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch
new file mode 100644
index 0000000..d638efd
--- /dev/null
+++ b/SOURCES/kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch
@@ -0,0 +1,92 @@
+From 58d702589fd93689c142e8cb48d51877a8de3a93 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Sat, 13 Jul 2019 12:38:02 +0200
+Subject: [PATCH 3/4] net: Transmit zero UDP checksum as 0xFFFF
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: <20190713123802.23932-3-philmd@redhat.com>
+Patchwork-id: 89509
+O-Subject: [RHEL-7.7 qemu-kvm PATCH 2/2] net: Transmit zero UDP checksum as 0xFFFF
+Bugzilla: 1270166
+RH-Acked-by: Xiao Wang <jasowang@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+
+From: Ed Swierk <eswierk@skyportsystems.com>
+
+The checksum algorithm used by IPv4, TCP and UDP allows a zero value
+to be represented by either 0x0000 and 0xFFFF. But per RFC 768, a zero
+UDP checksum must be transmitted as 0xFFFF because 0x0000 is a special
+value meaning no checksum.
+
+Substitute 0xFFFF whenever a checksum is computed as zero when
+modifying a UDP datagram header. Doing this on IPv4 and TCP checksums
+is unnecessary but legal. Add a wrapper for net_checksum_finish() that
+makes the substitution.
+
+(We can't just change net_checksum_finish(), as that function is also
+used by receivers to verify checksums, and in that case the expected
+value is always 0x0000.)
+
+Signed-off-by: Ed Swierk <eswierk@skyportsystems.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 0dacea92d26c31d453c58de2e99c178fee554166)
+[PMD: conflicts: hw/net/net_rx_pkt.c hw/net/vmxnet3.c]
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ hw/net/e1000.c | 2 +-
+ hw/net/vmxnet_tx_pkt.c | 2 +-
+ include/net/checksum.h | 6 ++++++
+ 3 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/e1000.c b/hw/net/e1000.c
+index 711d369..d876949 100644
+--- a/hw/net/e1000.c
++++ b/hw/net/e1000.c
+@@ -442,7 +442,7 @@ putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
+ n = cse + 1;
+ if (sloc < n-1) {
+ sum = net_checksum_add(n-css, data+css);
+- stw_be_p(data + sloc, net_checksum_finish(sum));
++ stw_be_p(data + sloc, net_checksum_finish_nozero(sum));
+ }
+ }
+
+diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c
+index fc01e4d..03f34cf 100644
+--- a/hw/net/vmxnet_tx_pkt.c
++++ b/hw/net/vmxnet_tx_pkt.c
+@@ -437,7 +437,7 @@ static void vmxnet_tx_pkt_do_sw_csum(struct VmxnetTxPkt *pkt)
+ csum_cntr += eth_calc_pseudo_hdr_csum(iphdr, csl);
+
+ /* Put the checksum obtained into the packet */
+- csum = cpu_to_be16(net_checksum_finish(csum_cntr));
++ csum = cpu_to_be16(net_checksum_finish_nozero(csum_cntr));
+ iov_from_buf(iov, iov_len, csum_offset, &csum, sizeof csum);
+ }
+
+diff --git a/include/net/checksum.h b/include/net/checksum.h
+index 80203fb..78b7d9b 100644
+--- a/include/net/checksum.h
++++ b/include/net/checksum.h
+@@ -33,6 +33,12 @@ net_checksum_add(int len, uint8_t *buf)
+ }
+
+ static inline uint16_t
++net_checksum_finish_nozero(uint32_t sum)
++{
++ return net_checksum_finish(sum) ?: 0xFFFF;
++}
++
++static inline uint16_t
+ net_raw_checksum(uint8_t *data, int length)
+ {
+ return net_checksum_finish(net_checksum_add(length, data));
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-qxl-check-release-info-object.patch b/SOURCES/kvm-qxl-check-release-info-object.patch
index 585e777..3fa6998 100644
--- a/SOURCES/kvm-qxl-check-release-info-object.patch
+++ b/SOURCES/kvm-qxl-check-release-info-object.patch
@@ -1,7 +1,7 @@
-From bd9de3a28ae6721d5ccf1d14acf259b3e6f4093c Mon Sep 17 00:00:00 2001
+From 1fd91c62715b21e480a8c25d05452acb633ab11c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Wed, 19 Jun 2019 16:03:38 +0200
-Subject: [PATCH 1/2] qxl: check release info object
+Subject: [PATCH 1/4] qxl: check release info object
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -10,7 +10,7 @@ RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190619160338.15430-2-philmd@redhat.com>
Patchwork-id: 88733
O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/1] qxl: check release info object
-Bugzilla: 1732337
+Bugzilla: 1712703
RH-Acked-by: Christophe de Dinechin <cdupontd@redhat.com>
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
diff --git a/SOURCES/kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch b/SOURCES/kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch
new file mode 100644
index 0000000..6ccb8c4
--- /dev/null
+++ b/SOURCES/kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch
@@ -0,0 +1,71 @@
+From 896665af83060fb673fc12081083f53a10a19dc5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Fri, 17 Jan 2020 12:00:36 +0100
+Subject: [PATCH 2/3] slirp: use correct size while emulating IRC commands
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: <20200117120037.12800-3-philmd@redhat.com>
+Patchwork-id: 93396
+O-Subject: [RHEL-7.7.z qemu-kvm + RHEL-7.8 qemu-kvm + RHEL-7.9 qemu-kvm PATCH v2 2/3] slirp: use correct size while emulating IRC commands
+Bugzilla: 1791560
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Prasad J Pandit <pjp@fedoraproject.org>
+
+While emulating IRC DCC commands, tcp_emu() uses 'mbuf' size
+'m->m_size' to write DCC commands via snprintf(3). This may
+lead to OOB write access, because 'bptr' points somewhere in
+the middle of 'mbuf' buffer, not at the start. Use M_FREEROOM(m)
+size to avoid OOB access.
+
+Reported-by: Vishnu Dev TJ <vishnudevtj@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Message-Id: <20200109094228.79764-2-ppandit@redhat.com>
+(cherry picked from libslirp commit ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9)
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ slirp/tcp_subr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
+index 70a4c83..321c2a4 100644
+--- a/slirp/tcp_subr.c
++++ b/slirp/tcp_subr.c
+@@ -728,7 +728,7 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ return 1;
+ }
+ m->m_len = bptr - m->m_data; /* Adjust length */
+- m->m_len += snprintf(bptr, m->m_size,
++ m->m_len += snprintf(bptr, M_FREEROOM(m),
+ "DCC CHAT chat %lu %u%c\n",
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), 1);
+@@ -739,7 +739,7 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ return 1;
+ }
+ m->m_len = bptr - m->m_data; /* Adjust length */
+- m->m_len += snprintf(bptr, m->m_size,
++ m->m_len += snprintf(bptr, M_FREEROOM(m),
+ "DCC SEND %s %lu %u %u%c\n", buff,
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), n1, 1);
+@@ -750,7 +750,7 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ return 1;
+ }
+ m->m_len = bptr - m->m_data; /* Adjust length */
+- m->m_len += snprintf(bptr, m->m_size,
++ m->m_len += snprintf(bptr, M_FREEROOM(m),
+ "DCC MOVE %s %lu %u %u%c\n", buff,
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), n1, 1);
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-slirp-use-correct-size-while-emulating-commands.patch b/SOURCES/kvm-slirp-use-correct-size-while-emulating-commands.patch
new file mode 100644
index 0000000..ae5466d
--- /dev/null
+++ b/SOURCES/kvm-slirp-use-correct-size-while-emulating-commands.patch
@@ -0,0 +1,70 @@
+From 95cf6abd88bedca0533ababfdb6480c3174f3b81 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Fri, 17 Jan 2020 12:00:37 +0100
+Subject: [PATCH 3/3] slirp: use correct size while emulating commands
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: <20200117120037.12800-4-philmd@redhat.com>
+Patchwork-id: 93397
+O-Subject: [RHEL-7.7.z qemu-kvm + RHEL-7.8 qemu-kvm + RHEL-7.9 qemu-kvm PATCH v2 3/3] slirp: use correct size while emulating commands
+Bugzilla: 1791560
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Prasad J Pandit <pjp@fedoraproject.org>
+
+While emulating services in tcp_emu(), it uses 'mbuf' size
+'m->m_size' to write commands via snprintf(3). Use M_FREEROOM(m)
+size to avoid possible OOB access.
+
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Message-Id: <20200109094228.79764-3-ppandit@redhat.com>
+(cherry picked from libslirp commit 82ebe9c370a0e2970fb5695aa19aa5214a6a1c80)
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ slirp/tcp_subr.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
+index 321c2a4..19e2245 100644
+--- a/slirp/tcp_subr.c
++++ b/slirp/tcp_subr.c
+@@ -648,7 +648,7 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ n4 = (laddr & 0xff);
+
+ m->m_len = bptr - m->m_data; /* Adjust length */
+- m->m_len += snprintf(bptr, m->m_size - m->m_len,
++ m->m_len += snprintf(bptr, M_FREEROOM(m),
+ "ORT %d,%d,%d,%d,%d,%d\r\n%s",
+ n1, n2, n3, n4, n5, n6, x==7?buff:"");
+ return 1;
+@@ -681,7 +681,7 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ n4 = (laddr & 0xff);
+
+ m->m_len = bptr - m->m_data; /* Adjust length */
+- m->m_len += snprintf(bptr, m->m_size - m->m_len,
++ m->m_len += snprintf(bptr, M_FREEROOM(m),
+ "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
+ n1, n2, n3, n4, n5, n6, x==7?buff:"");
+
+@@ -707,8 +707,8 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ if (m->m_data[m->m_len-1] == '\0' && lport != 0 &&
+ (so = tcp_listen(slirp, INADDR_ANY, 0, so->so_laddr.s_addr,
+ htons(lport), SS_FACCEPTONCE)) != NULL)
+- m->m_len = snprintf(m->m_data, m->m_size, "%d",
+- ntohs(so->so_fport)) + 1;
++ m->m_len = snprintf(m->m_data, M_ROOM(m),
++ "%d", ntohs(so->so_fport)) + 1;
+ return 1;
+
+ case EMU_IRC:
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch b/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
index 8e1f05e..8b34363 100644
--- a/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
+++ b/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
@@ -1,13 +1,13 @@
-From 5b1c740a646c4ecd8c85ac02429f43b84c746a04 Mon Sep 17 00:00:00 2001
+From 2ce01dcb0add24ad6ba0a703b63d00fb9d95ee5f Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Tue, 3 Dec 2019 23:22:01 +0100
+Date: Wed, 4 Dec 2019 01:48:28 +0100
Subject: [PATCH 1/2] target/i386: Export TAA_NO bit to guests
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191203232202.555105-2-ehabkost@redhat.com>
-Patchwork-id: 92844
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 1/2] target/i386: Export TAA_NO bit to guests
-Bugzilla: 1771960
+Message-id: <20191204014829.608318-2-ehabkost@redhat.com>
+Patchwork-id: 92853
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/2] target/i386: Export TAA_NO bit to guests
+Bugzilla: 1771961
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
@@ -31,13 +31,13 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index 5aa45ba..2de8822 100644
+index 9283902..120df73 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -201,7 +201,7 @@ static const char *cpuid_xsave_feature_name[] = {
+@@ -212,7 +212,7 @@ static const char *cpuid_apm_edx_feature_name[] = {
static const char *cpuid_arch_capabilities_feature_name[] = {
"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
- "ssb-no", NULL, NULL, NULL,
+ "ssb-no", "mds-no", NULL, NULL,
- NULL, NULL, NULL, NULL,
+ "taa-no", NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
diff --git a/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch b/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
index 0c66177..4ffc0d9 100644
--- a/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
+++ b/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
@@ -1,20 +1,22 @@
-From 2b13f79a51b0106170cd0b5d9996a3a553d8781e Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:40 +0200
-Subject: [PATCH 02/10] target-i386: Isolate KVM-specific code on CPU feature
+From 592237e21bc3527ebc66b8f4c76652cf5cde9438 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:19 +0200
+Subject: [PATCH 03/12] target-i386: Isolate KVM-specific code on CPU feature
filtering logic
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-3-ehabkost@redhat.com>
-Patchwork-id: 91358
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 02/10] target-i386: Isolate KVM-specific code on CPU feature filtering logic
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-3-git-send-email-plai@redhat.com>
+Patchwork-id: 90855
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 02/10] target-i386: Isolate KVM-specific code on CPU feature filtering logic
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+From: Eduardo Habkost <ehabkost@redhat.com>
This will allow us to re-use the feature filtering logic (and the
check/enforce flag logic) for TCG.
@@ -24,17 +26,16 @@ Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 27418adf32b9cd164d464fffc4fc0505d6b2b15d)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index c9d7557..5cfed19 100644
+index 6fb805b..ff0921f 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -2367,6 +2367,16 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+@@ -2387,6 +2387,16 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
return cpu_list;
}
@@ -51,7 +52,7 @@ index c9d7557..5cfed19 100644
/*
* Filters CPU feature words based on host availability of each feature.
*
-@@ -2374,20 +2384,15 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+@@ -2394,20 +2404,15 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
*
* Returns: 0 if all flags are supported by the host, non-zero otherwise.
*/
@@ -74,7 +75,7 @@ index c9d7557..5cfed19 100644
uint32_t requested_features = env->features[w];
env->features[w] &= host_feat;
cpu->filtered_features[w] = requested_features & ~env->features[w];
-@@ -3070,7 +3075,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
+@@ -3102,7 +3107,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
env->features[w] &= feature_word_info[w].tcg_features;
}
} else {
diff --git a/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch b/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch
index 89f6b7e..6511e2e 100644
--- a/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch
+++ b/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch
@@ -1,19 +1,21 @@
-From 7e79bb0dc6af82413c9c5b153f18ce91146e0e53 Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:39 +0200
-Subject: [PATCH 01/10] target-i386: Merge feature filtering/checking functions
+From 50e0729e98e9938b338367e29afd6b7abce9bb04 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:18 +0200
+Subject: [PATCH 02/12] target-i386: Merge feature filtering/checking functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-2-ehabkost@redhat.com>
-Patchwork-id: 91357
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 01/10] target-i386: Merge feature filtering/checking functions
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-2-git-send-email-plai@redhat.com>
+Patchwork-id: 90853
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 01/10] target-i386: Merge feature filtering/checking functions
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+From: Eduardo Habkost <ehabkost@redhat.com>
Merge filter_features_for_kvm() and kvm_check_features_against_host().
@@ -21,29 +23,25 @@ Both functions made exactly the same calculations, the only difference
was that filter_features_for_kvm() changed the bits on cpu->features[],
and kvm_check_features_against_host() did error reporting.
-7.8 backport notes (plai):
-* unavailable_host_feature() removed due to lack of references.
-* report_unavailable_features() from 51f63aed3 to make things compile.
-
-7.7.z backport notes (ehabkost):
-* cherry-pick from 7.8 with no conflicts
-
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 51f63aed32314479065207ff2fb28255de4dbda4)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+ unavailable_host_feature() removed due to lack of references.
+ report_unavailable_features() from 51f63aed3 to make things compile.
+
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.c | 91 ++++++++++++++-----------------------------------------
1 file changed, 22 insertions(+), 69 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index c2fcd1e..c9d7557 100644
+index ca43268..6fb805b 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -1754,11 +1754,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+@@ -1774,11 +1774,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
#endif /* CONFIG_KVM */
}
@@ -57,7 +55,7 @@ index c2fcd1e..c9d7557 100644
if (1 << i & mask) {
const char *reg = get_register_name_32(f->cpuid_reg);
assert(reg);
-@@ -1767,40 +1767,8 @@ static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask)
+@@ -1787,40 +1787,8 @@ static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask)
f->cpuid_eax, reg,
f->feat_names[i] ? "." : "",
f->feat_names[i] ? f->feat_names[i] : "", i);
@@ -98,7 +96,7 @@ index c2fcd1e..c9d7557 100644
}
static void x86_cpuid_version_get_family(Object *obj, Visitor *v, void *opaque,
-@@ -2399,12 +2367,21 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+@@ -2419,12 +2387,21 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
return cpu_list;
}
@@ -122,7 +120,7 @@ index c2fcd1e..c9d7557 100644
for (w = 0; w < FEATURE_WORDS; w++) {
FeatureWordInfo *wi = &feature_word_info[w];
-@@ -2414,9 +2391,16 @@ static void filter_features_for_kvm(X86CPU *cpu)
+@@ -2434,9 +2411,16 @@ static void filter_features_for_kvm(X86CPU *cpu)
uint32_t requested_features = env->features[w];
env->features[w] &= host_feat;
cpu->filtered_features[w] = requested_features & ~env->features[w];
@@ -140,7 +138,7 @@ index c2fcd1e..c9d7557 100644
static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
{
-@@ -3086,42 +3070,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
+@@ -3118,42 +3102,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
env->features[w] &= feature_word_info[w].tcg_features;
}
} else {
diff --git a/SOURCES/kvm-target-i386-Support-invariant-tsc-flag.patch b/SOURCES/kvm-target-i386-Support-invariant-tsc-flag.patch
new file mode 100644
index 0000000..d8a216a
--- /dev/null
+++ b/SOURCES/kvm-target-i386-Support-invariant-tsc-flag.patch
@@ -0,0 +1,142 @@
+From 4e903b8594bb59a953e66ca0fb422079f6f6b573 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 21 Aug 2019 14:30:05 +0200
+Subject: [PATCH 1/3] target-i386: Support "invariant tsc" flag
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20190821143006.23516-2-ehabkost@redhat.com>
+Patchwork-id: 90101
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/2] target-i386: Support "invariant tsc" flag
+Bugzilla: 1626871
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+Expose "Invariant TSC" flag, if KVM is enabled. From Intel documentation:
+
+17.13.1 Invariant TSC The time stamp counter in newer processors may
+support an enhancement, referred to as invariant TSC. Processor’s
+support for invariant TSC is indicated by CPUID.80000007H:EDX[8].
+The invariant TSC will run at a constant rate in all ACPI P-, C-.
+and T-states. This is the architectural behavior moving forward. On
+processors with invariant TSC support, the OS may use the TSC for wall
+clock timer services (instead of ACPI or HPET timers). TSC reads are
+much more efficient and do not incur the overhead associated with a ring
+transition or access to a platform resource.
+
+Backport notes:
+ One extra line to remove invtsc was added to
+ kvm_cpu_fill_host(), to replace the unmigratable_flags field,
+ and fix the same issue fixed by upstream commit 120eee7d1fdb
+ ("target-i386: Set migratable=yes by default on "host" CPU
+ mooel").
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+[ehabkost: redo feature filtering to use .tcg_features]
+[ehabkost: add CPUID_APM_INVTSC macro, add it to .unmigratable_flags]
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Andreas Färber <afaerber@suse.de>
+(cherry picked from commit 303752a9068bfe84b9b05f1cd5ad5ff65b7f3ea6)
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu.c | 26 ++++++++++++++++++++++++++
+ target-i386/cpu.h | 4 ++++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/target-i386/cpu.c b/target-i386/cpu.c
+index c2fcd1e..c74f597 100644
+--- a/target-i386/cpu.c
++++ b/target-i386/cpu.c
+@@ -199,6 +199,17 @@ static const char *cpuid_xsave_feature_name[] = {
+ NULL, NULL, NULL, NULL,
+ };
+
++static const char *cpuid_apm_edx_feature_name[] = {
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ "invtsc", NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++ NULL, NULL, NULL, NULL,
++};
++
+ #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
+ #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
+ CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
+@@ -258,6 +269,7 @@ static const char *cpuid_xsave_feature_name[] = {
+ CPUID_7_0_EBX_RDSEED */
+ #define TCG_7_0_ECX_FEATURES 0
+ #define TCG_7_0_EDX_FEATURES 0
++#define TCG_APM_FEATURES 0
+
+
+ typedef struct FeatureWordInfo {
+@@ -326,6 +338,12 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+ .cpuid_reg = R_EDX,
+ .tcg_features = TCG_7_0_EDX_FEATURES,
+ },
++ [FEAT_8000_0007_EDX] = {
++ .feat_names = cpuid_apm_edx_feature_name,
++ .cpuid_eax = 0x80000007,
++ .cpuid_reg = R_EDX,
++ .tcg_features = TCG_APM_FEATURES,
++ },
+ [FEAT_8000_0008_EBX] = {
+ .feat_names = cpuid_80000008_ebx_feature_name,
+ .cpuid_eax = 0x80000008,
+@@ -1750,6 +1768,8 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+
+ /* arch-facilities: deprecated (see comment on x86_cpu_realizefn()) */
+ x86_cpu_def->features[FEAT_7_0_EDX] &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
++ /* invtsc: not migratable, so not enabled by default */
++ x86_cpu_def->features[FEAT_8000_0007_EDX] &= ~CPUID_APM_INVTSC;
+
+ #endif /* CONFIG_KVM */
+ }
+@@ -2805,6 +2825,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ *ecx = 0x02008140;
+ *edx = 0;
+ break;
++ case 0x80000007:
++ *eax = 0;
++ *ebx = 0;
++ *ecx = 0;
++ *edx = env->features[FEAT_8000_0007_EDX];
++ break;
+ case 0x80000008:
+ /* virtual & phys address size in low 2 bytes. */
+ /* XXX: This value must match the one used in the MMU code. */
+diff --git a/target-i386/cpu.h b/target-i386/cpu.h
+index 5d47ab8..cbbc34f 100644
+--- a/target-i386/cpu.h
++++ b/target-i386/cpu.h
+@@ -408,6 +408,7 @@ typedef enum FeatureWord {
+ FEAT_7_0_EDX, /* CPUID[EAX=7,ECX=0].EDX */
+ FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */
+ FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */
++ FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */
+ FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */
+ FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */
+ FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
+@@ -613,6 +614,9 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ #define CPUID_XSAVE_XGETBV1 (1U << 2)
+ #define CPUID_XSAVE_XSAVES (1U << 3)
+
++/* CPUID[0x80000007].EDX flags: */
++#define CPUID_APM_INVTSC (1U << 8)
++
+ #define CPUID_VENDOR_SZ 12
+
+ #define CPUID_VENDOR_INTEL_1 0x756e6547 /* "Genu" */
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch b/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch
index 2e6e266..abbaec3 100644
--- a/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch
+++ b/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch
@@ -1,16 +1,16 @@
-From c432e7520c4410545d5883f2a5be5dcecbf1854d Mon Sep 17 00:00:00 2001
+From 5f41a4ac3ff6527f7a23c3b2a2d8bef128f5c077 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Mon, 6 Jan 2020 13:04:21 +0100
-Subject: [PATCH] target/i386: add MDS-NO feature
+Date: Tue, 24 Sep 2019 20:50:32 +0200
+Subject: [PATCH 12/12] target/i386: add MDS-NO feature
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191024031525.7449-1-ehabkost@redhat.com>
-Patchwork-id: 91937
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH] target/i386: add MDS-NO feature
-Bugzilla: 1755333
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+Message-id: <20190924205032.12926-2-ehabkost@redhat.com>
+Patchwork-id: 90873
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/1] target/i386: add MDS-NO feature
+Bugzilla: 1714791
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
@@ -27,21 +27,22 @@ Message-Id: <20190516185320.28340-1-pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 20140a82c67467f53814ca197403d5e1b561a5e5)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index 48d3aec..63ae76e 100644
+index 3ea4e97..f92cb62 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -200,7 +200,7 @@ static const char *cpuid_xsave_feature_name[] = {
+@@ -211,7 +211,7 @@ static const char *cpuid_apm_edx_feature_name[] = {
static const char *cpuid_arch_capabilities_feature_name[] = {
"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
-- "ssb-no", NULL, NULL, "tsx-ctrl",
-+ "ssb-no", "mds-no", NULL, "tsx-ctrl",
- "taa-no", NULL, NULL, NULL,
+- "ssb-no", NULL, NULL, NULL,
++ "ssb-no", "mds-no", NULL, NULL,
+ NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
--
diff --git a/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch b/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
index c2af061..62c3002 100644
--- a/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
+++ b/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
@@ -1,13 +1,13 @@
-From bd481c114114e2a694ed1e8cb24e3c5d7cc451a3 Mon Sep 17 00:00:00 2001
+From 73fac9c9beb00cc462eaae8589b4b2261142a8b2 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Tue, 3 Dec 2019 23:22:02 +0100
+Date: Wed, 4 Dec 2019 01:48:29 +0100
Subject: [PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191203232202.555105-3-ehabkost@redhat.com>
-Patchwork-id: 92845
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL
-Bugzilla: 1771960
+Message-id: <20191204014829.608318-3-ehabkost@redhat.com>
+Patchwork-id: 92854
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL
+Bugzilla: 1771961
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
@@ -37,20 +37,20 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
4 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index 2de8822..48d3aec 100644
+index 120df73..57f5364 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -200,7 +200,7 @@ static const char *cpuid_xsave_feature_name[] = {
+@@ -211,7 +211,7 @@ static const char *cpuid_apm_edx_feature_name[] = {
static const char *cpuid_arch_capabilities_feature_name[] = {
"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
-- "ssb-no", NULL, NULL, NULL,
-+ "ssb-no", NULL, NULL, "tsx-ctrl",
+- "ssb-no", "mds-no", NULL, NULL,
++ "ssb-no", "mds-no", NULL, "tsx-ctrl",
"taa-no", NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
-index d855ae3..705cd66 100644
+index 8f73af7..c9bcdd5 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -307,7 +307,11 @@
@@ -65,7 +65,7 @@ index d855ae3..705cd66 100644
#define MSR_IA32_TSCDEADLINE 0x6e0
#define MSR_P6_PERFCTR0 0xc1
-@@ -1063,6 +1067,7 @@ typedef struct CPUX86State {
+@@ -1067,6 +1071,7 @@ typedef struct CPUX86State {
uint64_t xss;
uint32_t pkru;
@@ -74,10 +74,10 @@ index d855ae3..705cd66 100644
uint64_t spec_ctrl;
uint64_t virt_ssbd;
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
-index 0374b7a..689b37c 100644
+index c79b0ea..7df2b28 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
-@@ -79,6 +79,7 @@ static bool has_msr_hv_tsc;
+@@ -80,6 +80,7 @@ static bool has_msr_hv_tsc;
static bool has_msr_mtrr;
static bool has_msr_xss;
static bool has_msr_spec_ctrl;
@@ -85,7 +85,7 @@ index 0374b7a..689b37c 100644
static bool has_msr_virt_ssbd;
static bool has_msr_arch_capabs;
-@@ -894,6 +895,10 @@ static int kvm_get_supported_msrs(KVMState *s)
+@@ -908,6 +909,10 @@ static int kvm_get_supported_msrs(KVMState *s)
has_msr_spec_ctrl = true;
continue;
}
@@ -96,7 +96,7 @@ index 0374b7a..689b37c 100644
if (kvm_msr_list->indices[i] == MSR_VIRT_SSBD) {
has_msr_virt_ssbd = true;
continue;
-@@ -1316,6 +1321,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+@@ -1330,6 +1335,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
if (has_msr_spec_ctrl) {
kvm_msr_entry_set(&msrs[n++], MSR_IA32_SPEC_CTRL, env->spec_ctrl);
}
@@ -106,7 +106,7 @@ index 0374b7a..689b37c 100644
if (has_msr_virt_ssbd) {
kvm_msr_entry_set(&msrs[n++], MSR_VIRT_SSBD, env->virt_ssbd);
}
-@@ -1685,6 +1693,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+@@ -1699,6 +1707,9 @@ static int kvm_get_msrs(X86CPU *cpu)
if (has_msr_spec_ctrl) {
msrs[n++].index = MSR_IA32_SPEC_CTRL;
}
@@ -116,7 +116,7 @@ index 0374b7a..689b37c 100644
if (has_msr_virt_ssbd) {
msrs[n++].index = MSR_VIRT_SSBD;
}
-@@ -1931,6 +1942,9 @@ static int kvm_get_msrs(X86CPU *cpu)
+@@ -1945,6 +1956,9 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_IA32_SPEC_CTRL:
env->spec_ctrl = msrs[i].data;
break;
@@ -127,7 +127,7 @@ index 0374b7a..689b37c 100644
env->virt_ssbd = msrs[i].data;
break;
diff --git a/target-i386/machine.c b/target-i386/machine.c
-index 507ab1a..266797a 100644
+index cd2cf6f..892c8f4 100644
--- a/target-i386/machine.c
+++ b/target-i386/machine.c
@@ -778,6 +778,24 @@ static const VMStateDescription vmstate_msr_virt_ssbd = {
@@ -152,10 +152,10 @@ index 507ab1a..266797a 100644
+ }
+};
+
- const VMStateDescription vmstate_x86_cpu = {
+ VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
-@@ -938,6 +956,9 @@ const VMStateDescription vmstate_x86_cpu = {
+@@ -938,6 +956,9 @@ VMStateDescription vmstate_x86_cpu = {
}, {
.vmsd = &vmstate_msr_virt_ssbd,
.needed = virt_ssbd_needed,
diff --git a/SOURCES/kvm-target-i386-block-migration-and-savevm-if-invariant-.patch b/SOURCES/kvm-target-i386-block-migration-and-savevm-if-invariant-.patch
new file mode 100644
index 0000000..d2ff0b7
--- /dev/null
+++ b/SOURCES/kvm-target-i386-block-migration-and-savevm-if-invariant-.patch
@@ -0,0 +1,111 @@
+From f53b97e4cda28b911c11400a985bcff587b2df34 Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 21 Aug 2019 14:30:06 +0200
+Subject: [PATCH 2/3] target-i386: block migration and savevm if invariant tsc
+ is exposed
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20190821143006.23516-3-ehabkost@redhat.com>
+Patchwork-id: 90102
+O-Subject: [RHEL-7.8 qemu-kvm PATCH 2/2] target-i386: block migration and savevm if invariant tsc is exposed
+Bugzilla: 1626871
+RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+RH-Acked-by: Bandan Das <bsd@redhat.com>
+RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+
+From: Marcelo Tosatti <mtosatti@redhat.com>
+
+Invariant TSC documentation mentions that "invariant TSC will run at a
+constant rate in all ACPI P-, C-. and T-states".
+
+This is not the case if migration to a host with different TSC frequency
+is allowed, or if savevm is performed. So block migration/savevm.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+[AF+mtosatti: Updated error message]
+Signed-off-by: Andreas Färber <afaerber@suse.de>
+(cherry picked from commit 68bfd0ad4a1dcc4c328d5db85dc746b49c1ec07e)
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ target-i386/cpu-qom.h | 2 +-
+ target-i386/kvm.c | 15 +++++++++++++++
+ target-i386/machine.c | 2 +-
+ 3 files changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
+index 0b01e8f..89dd29a 100644
+--- a/target-i386/cpu-qom.h
++++ b/target-i386/cpu-qom.h
+@@ -94,7 +94,7 @@ static inline X86CPU *x86_env_get_cpu(CPUX86State *env)
+ #define ENV_OFFSET offsetof(X86CPU, env)
+
+ #ifndef CONFIG_USER_ONLY
+-extern const struct VMStateDescription vmstate_x86_cpu;
++extern struct VMStateDescription vmstate_x86_cpu;
+ #endif
+
+ /**
+diff --git a/target-i386/kvm.c b/target-i386/kvm.c
+index d5f6deb..b6c76f1 100644
+--- a/target-i386/kvm.c
++++ b/target-i386/kvm.c
+@@ -33,6 +33,8 @@
+ #include "exec/ioport.h"
+ #include <asm/hyperv.h>
+ #include "hw/pci/pci.h"
++#include "migration/migration.h"
++#include "qapi/qmp/qerror.h"
+
+ //#define DEBUG_KVM
+
+@@ -449,6 +451,8 @@ static bool hyperv_enabled(X86CPU *cpu)
+ cpu->hyperv_relaxed_timing);
+ }
+
++static Error *invtsc_mig_blocker;
++
+ #define KVM_MAX_CPUID_ENTRIES 100
+
+ int kvm_arch_init_vcpu(CPUState *cs)
+@@ -698,6 +702,17 @@ int kvm_arch_init_vcpu(CPUState *cs)
+
+ qemu_add_vm_change_state_handler(cpu_update_state, env);
+
++ c = cpuid_find_entry(&cpuid_data.cpuid, 0x80000007, 0);
++ if (c && (c->edx & 1<<8) && invtsc_mig_blocker == NULL) {
++ /* for migration */
++ error_setg(&invtsc_mig_blocker,
++ "State blocked by non-migratable CPU device"
++ " (invtsc flag)");
++ migrate_add_blocker(invtsc_mig_blocker);
++ /* for savevm */
++ vmstate_x86_cpu.unmigratable = 1;
++ }
++
+ cpuid_data.cpuid.padding = 0;
+ r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, &cpuid_data);
+ if (r) {
+diff --git a/target-i386/machine.c b/target-i386/machine.c
+index 507ab1a..cd2cf6f 100644
+--- a/target-i386/machine.c
++++ b/target-i386/machine.c
+@@ -778,7 +778,7 @@ static const VMStateDescription vmstate_msr_virt_ssbd = {
+ }
+ };
+
+-const VMStateDescription vmstate_x86_cpu = {
++VMStateDescription vmstate_x86_cpu = {
+ .name = "cpu",
+ .version_id = 12,
+ .minimum_version_id = 3,
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-tcp_emu-Fix-oob-access.patch b/SOURCES/kvm-tcp_emu-Fix-oob-access.patch
new file mode 100644
index 0000000..55119f9
--- /dev/null
+++ b/SOURCES/kvm-tcp_emu-Fix-oob-access.patch
@@ -0,0 +1,60 @@
+From dea2f95979cc0ba0c36f07b8e9cc709bd1ef1eb4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Fri, 17 Jan 2020 12:00:35 +0100
+Subject: [PATCH 1/3] tcp_emu: Fix oob access
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: <20200117120037.12800-2-philmd@redhat.com>
+Patchwork-id: 93395
+O-Subject: [RHEL-7.7.z qemu-kvm + RHEL-7.8 qemu-kvm + RHEL-7.9 qemu-kvm PATCH v2 1/3] tcp_emu: Fix oob access
+Bugzilla: 1791560
+RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+The main loop only checks for one available byte, while we sometimes
+need two bytes.
+
+(cherry picked from libslirp commit 2655fffed7a9e765bcb4701dd876e9dab975f289)
+[PMD: backported with style conflicts,
+ CHANGELOG.md absent in downstream]
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ slirp/tcp_subr.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
+index d49a366..70a4c83 100644
+--- a/slirp/tcp_subr.c
++++ b/slirp/tcp_subr.c
+@@ -837,6 +837,9 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ break;
+
+ case 5:
++ if (bptr == m->m_data + m->m_len - 1)
++ return 1; /* We need two bytes */
++
+ /*
+ * The difference between versions 1.0 and
+ * 2.0 is here. For future versions of
+@@ -852,6 +855,10 @@ tcp_emu(struct socket *so, struct mbuf *m)
+ /* This is the field containing the port
+ * number that RA-player is listening to.
+ */
++
++ if (bptr == m->m_data + m->m_len - 1)
++ return 1; /* We need two bytes */
++
+ lport = (((u_char*)bptr)[0] << 8)
+ + ((u_char *)bptr)[1];
+ if (lport < 6970)
+--
+1.8.3.1
+
diff --git a/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch b/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
index c8ad7fc..e647bf6 100644
--- a/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
+++ b/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
@@ -1,17 +1,17 @@
-From c238d465b43fa575e2571f54813ca44a8709168d Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:44 +0200
-Subject: [PATCH 06/10] x86: Data structure changes to support MSR based
+From e2f14f95ccb04db5f470d3593e2a2f2dc69187d8 Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:23 +0200
+Subject: [PATCH 07/12] x86: Data structure changes to support MSR based
features
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-7-ehabkost@redhat.com>
-Patchwork-id: 91364
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 06/10] x86: Data structure changes to support MSR based features
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-7-git-send-email-plai@redhat.com>
+Patchwork-id: 90863
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 06/10] x86: Data structure changes to support MSR based features
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Robert Hoo <robert.hu@linux.intel.com>
@@ -19,34 +19,31 @@ Add FeatureWordType indicator in struct FeatureWordInfo.
Change feature_word_info[] accordingly.
Change existing functions that refer to feature_word_info[] accordingly.
-7.8 backport conflicts (plai):
- target/i386/cpu.c changes to target-i386/cpu.c
-
- x86_cpu_get_supported_feature_word() updated @ 07585923485
- dropped hvf_enabled(), tcg_enabled(), and migratable_only checks
-
-7.7.z backport notes (ehabkost):
-* Cherry pick from 7.8 tree with no conflicts
-
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Message-Id: <1539578845-37944-3-git-send-email-robert.hu@linux.intel.com>
[ehabkost: fixed hvf_enabled() case]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
(cherry picked from commit 07585923485952bf4cb7da563c9f91fecc85d09c)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Resolved Conflicts:
+ target/i386/cpu.c changes to target-i386/cpu.c
+
+ x86_cpu_get_supported_feature_word() updated @ 07585923485
+ dropped hvf_enabled(), tcg_enabled(), and migratable_only checks
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
- target-i386/cpu.c | 160 ++++++++++++++++++++++++++++++++++++++++--------------
- 1 file changed, 118 insertions(+), 42 deletions(-)
+ target-i386/cpu.c | 163 +++++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 119 insertions(+), 44 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index ba2ce8e..7fecd21 100644
+index 838c616..488634c 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -260,83 +260,120 @@ static const char *cpuid_xsave_feature_name[] = {
- #define TCG_7_0_EDX_FEATURES 0
+@@ -272,89 +272,125 @@ static const char *cpuid_apm_edx_feature_name[] = {
+ #define TCG_APM_FEATURES 0
+typedef enum FeatureWordType {
@@ -170,6 +167,13 @@ index ba2ce8e..7fecd21 100644
+ },
.tcg_features = TCG_7_0_EDX_FEATURES,
},
+ [FEAT_8000_0007_EDX] = {
+ .feat_names = cpuid_apm_edx_feature_name,
+- .cpuid_eax = 0x80000007,
+- .cpuid_reg = R_EDX,
++ .cpuid = { .eax = 0x80000007, .reg = R_EDX, },
+ .tcg_features = TCG_APM_FEATURES,
+ },
[FEAT_8000_0008_EBX] = {
+ .type = CPUID_FEATURE_WORD,
.feat_names = cpuid_80000008_ebx_feature_name,
@@ -192,7 +196,7 @@ index ba2ce8e..7fecd21 100644
},
};
-@@ -366,6 +403,8 @@ typedef struct ExtSaveArea {
+@@ -384,6 +420,8 @@ typedef struct ExtSaveArea {
uint32_t offset, size;
} ExtSaveArea;
@@ -201,7 +205,7 @@ index ba2ce8e..7fecd21 100644
static const ExtSaveArea ext_save_areas[] = {
[2] = { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX,
.offset = 0x240, .size = 0x100 },
-@@ -1737,10 +1776,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+@@ -1755,10 +1793,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
FeatureWord w;
for (w = 0; w < FEATURE_WORDS; w++) {
@@ -213,7 +217,7 @@ index ba2ce8e..7fecd21 100644
}
/*
-@@ -1754,19 +1790,40 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
+@@ -1774,19 +1809,40 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
#endif /* CONFIG_KVM */
}
@@ -258,7 +262,7 @@ index ba2ce8e..7fecd21 100644
}
}
}
-@@ -2075,11 +2132,18 @@ static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque,
+@@ -2095,11 +2151,18 @@ static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque,
for (w = 0; w < FEATURE_WORDS; w++) {
FeatureWordInfo *wi = &feature_word_info[w];
@@ -281,7 +285,7 @@ index ba2ce8e..7fecd21 100644
qwi->features = array[w];
/* List will be in reverse order, but order shouldn't matter */
-@@ -2370,11 +2434,23 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
+@@ -2390,11 +2453,23 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w)
{
FeatureWordInfo *wi = &feature_word_info[w];
diff --git a/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch b/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
index 7cd7905..71ee4b4 100644
--- a/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
+++ b/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
@@ -1,39 +1,36 @@
-From 44f5e2649ee37f15607c516c8f9efc58aad708bb Mon Sep 17 00:00:00 2001
-From: Eduardo Habkost <ehabkost@redhat.com>
-Date: Wed, 9 Oct 2019 17:51:45 +0200
-Subject: [PATCH 07/10] x86: define a new MSR based feature word --
+From a047703bdb55821e77d9a89f484e98e5293dc5bf Mon Sep 17 00:00:00 2001
+From: "plai@redhat.com" <plai@redhat.com>
+Date: Mon, 23 Sep 2019 20:40:24 +0200
+Subject: [PATCH 08/12] x86: define a new MSR based feature word --
FEATURE_WORDS_ARCH_CAPABILITIES
-RH-Author: Eduardo Habkost <ehabkost@redhat.com>
-Message-id: <20191009175148.1361-8-ehabkost@redhat.com>
-Patchwork-id: 91362
-O-Subject: [RHEL-7.7.z qemu-kvm PATCH 07/10] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES
-Bugzilla: 1730606
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Author: plai@redhat.com
+Message-id: <1569271227-28026-8-git-send-email-plai@redhat.com>
+Patchwork-id: 90860
+O-Subject: [RHEL7.8 qemu-kvm PATCH v6 07/10] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES
+Bugzilla: 1709971
+RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
-RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Robert Hoo <robert.hu@linux.intel.com>
Note RSBA is specially treated -- no matter host support it or not, qemu
pretends it is supported.
-7.8 backport conflicts (plai):
- target/i386/cpu.c
- target/i386/cpu.h
- target/i386/kvm.c
-
-7.7.z backport notes (ehabkost):
-* Cherry picked from 7.8 tree with no conflicts
-
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Message-Id: <1539578845-37944-4-git-send-email-robert.hu@linux.intel.com>
[ehabkost: removed automatic enabling of RSBA]
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
(cherry picked from commit d86f963694df27f11b3681ffd225c9362de1b634)
Signed-off-by: Paul Lai <plai@redhat.com>
-Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+
+Resolved Conflicts:
+ target/i386/cpu.c
+ target/i386/cpu.h
+ target/i386/kvm.c
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
@@ -43,10 +40,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
3 files changed, 41 insertions(+)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
-index 7fecd21..35381f0 100644
+index 488634c..24fc000 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
-@@ -199,6 +199,17 @@ static const char *cpuid_xsave_feature_name[] = {
+@@ -210,6 +210,17 @@ static const char *cpuid_apm_edx_feature_name[] = {
NULL, NULL, NULL, NULL,
};
@@ -64,7 +61,7 @@ index 7fecd21..35381f0 100644
#define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
#define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
-@@ -375,6 +386,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+@@ -392,6 +403,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
.reg = R_EAX,
},
},
@@ -84,10 +81,10 @@ index 7fecd21..35381f0 100644
typedef struct X86RegisterInfo32 {
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
-index ea5df77..1c62e63 100644
+index 0ce479a..5a86b2c 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
-@@ -415,6 +415,7 @@ typedef enum FeatureWord {
+@@ -416,6 +416,7 @@ typedef enum FeatureWord {
FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
FEAT_SVM, /* CPUID[8000_000A].EDX */
FEAT_XSAVE, /* CPUID[EAX=0xd,ECX=1].EAX */
@@ -95,7 +92,7 @@ index ea5df77..1c62e63 100644
FEATURE_WORDS,
} FeatureWord;
-@@ -632,6 +633,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+@@ -636,6 +637,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
#define CPUID_MWAIT_IBE (1U << 1) /* Interrupts can exit capability */
#define CPUID_MWAIT_EMX (1U << 0) /* enumeration supported */
@@ -110,10 +107,10 @@ index ea5df77..1c62e63 100644
#define HYPERV_SPINLOCK_NEVER_RETRY 0xFFFFFFFF
#endif
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
-index 2b1d7da..180ae56 100644
+index 159ed4c..722cfbc 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
-@@ -1325,6 +1325,16 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
+@@ -1339,6 +1339,16 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
kvm_msr_entry_set(&msrs[n++], MSR_IA32_TSC, env->tsc);
}
}
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 80cccfe..78e86ee 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -14,7 +14,7 @@
%global have_usbredir 0
%endif
-%ifnarch s390 s390x %{arm}
+%ifnarch s390 s390x
%global have_librdma 1
%global have_tcmalloc 1
%endif
@@ -41,9 +41,6 @@
%ifarch aarch64
%global kvm_target aarch64
%endif
-%ifarch %{arm}
- %global kvm_target arm
-%endif
#Versions of various parts:
@@ -79,13 +76,13 @@ Obsoletes: %1 < %{obsoletes_version} \
Summary: QEMU is a machine emulator and virtualizer
Name: %{pkgname}%{?pkgsuffix}
Version: 1.5.3
-Release: 167%{?dist}.4
+Release: 173%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 10
License: GPLv2 and GPLv2+ and CC-BY
Group: Development/Tools
URL: http://www.qemu.org/
-ExclusiveArch: x86_64 %{arm}
+ExclusiveArch: x86_64
Requires: seabios-bin >= 1.7.2.2-5
Requires: sgabios-bin
Requires: seavgabios-bin
@@ -3972,36 +3969,62 @@ Patch1955: kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch
Patch1956: kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch
# For bz#1669068 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7]
Patch1957: kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch
-# For bz#1732337 - CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z]
+# For bz#1712703 - CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7]
Patch1958: kvm-qxl-check-release-info-object.patch
-# For bz#1734748 - CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z]
-Patch1959: kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1960: kvm-target-i386-Merge-feature-filtering-checking-functio.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1961: kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1962: kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1963: kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1964: kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1965: kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1966: kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1967: kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1968: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
-# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]
-Patch1969: kvm-Remove-arch-capabilities-deprecation.patch
-# For bz#1771960 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]
-Patch1970: kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
-# For bz#1771960 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]
-Patch1971: kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
-# For bz#1755333 - [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z]
-Patch1972: kvm-target-i386-add-MDS-NO-feature.patch
+# For bz#1270166 - UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.
+Patch1959: kvm-bswap.h-Remove-cpu_to_be16wu.patch
+# For bz#1270166 - UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.
+Patch1960: kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch
+# For bz#1734749 - CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8]
+Patch1961: kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
+# For bz#1626871 - [RFE] request for using TscInvariant feature with qemu-kvm.
+Patch1962: kvm-target-i386-Support-invariant-tsc-flag.patch
+# For bz#1626871 - [RFE] request for using TscInvariant feature with qemu-kvm.
+Patch1963: kvm-target-i386-block-migration-and-savevm-if-invariant-.patch
+# For bz#1706658 - [Intel 7.8 Bug] qemu-kvm fail with "err:kvm_init_vcpu() invalidate argumant" on ICX platform
+Patch1964: kvm-i386-Don-t-copy-host-virtual-address-limit.patch
+# For bz#1749735 - CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7]
+Patch1965: kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1966: kvm-target-i386-Merge-feature-filtering-checking-functio.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1967: kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1968: kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1969: kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1970: kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1971: kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1972: kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1973: kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1974: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
+# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm
+Patch1975: kvm-Remove-arch-capabilities-deprecation.patch
+# For bz#1714791 - [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm
+Patch1976: kvm-target-i386-add-MDS-NO-feature.patch
+# For bz#1638471 - [Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model
+Patch1977: kvm-i386-Add-new-model-of-Cascadelake-Server.patch
+# For bz#1638471 - [Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model
+Patch1978: kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch
+# For bz#1638471 - [Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model
+Patch1979: kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch
+# For bz#1760607 - Corrupted EAX values due to missing brackets at CPUID[0x800000008] code
+Patch1980: kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch
+# For bz#1771961 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8]
+Patch1981: kvm-target-i386-Export-TAA_NO-bit-to-guests.patch
+# For bz#1771961 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8]
+Patch1982: kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch
+# For bz#1791560 - CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8]
+Patch1983: kvm-tcp_emu-Fix-oob-access.patch
+# For bz#1791560 - CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8]
+Patch1984: kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch
+# For bz#1791560 - CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8]
+Patch1985: kvm-slirp-use-correct-size-while-emulating-commands.patch
BuildRequires: zlib-devel
@@ -6152,6 +6175,19 @@ tar -xf %{SOURCE21}
%patch1970 -p1
%patch1971 -p1
%patch1972 -p1
+%patch1973 -p1
+%patch1974 -p1
+%patch1975 -p1
+%patch1976 -p1
+%patch1977 -p1
+%patch1978 -p1
+%patch1979 -p1
+%patch1980 -p1
+%patch1981 -p1
+%patch1982 -p1
+%patch1983 -p1
+%patch1984 -p1
+%patch1985 -p1
%build
buildarch="%{kvm_target}-softmmu"
@@ -6597,38 +6633,69 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%{_mandir}/man8/qemu-nbd.8*
%changelog
-* Mon Jan 06 2020 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.4
-- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333]
-- Resolves: bz#1755333
- ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z])
-
-* Tue Dec 10 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.3
-- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960]
-- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960]
-- Resolves: bz#1771960
- (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z])
-
-* Thu Oct 24 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.2
-- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606]
-- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606]
-- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606]
-- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606]
-- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606]
-- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606]
-- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606]
-- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606]
-- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606]
-- kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606]
-- Resolves: bz#1730606
- ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z])
-
-* Mon Aug 12 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7_7.1
-- kvm-qxl-check-release-info-object.patch [bz#1732337]
-- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]
-- Resolves: bz#1732337
- (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z])
-- Resolves: bz#1734748
- (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z])
+* Thu Jan 23 2020 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-173.el7
+- kvm-tcp_emu-Fix-oob-access.patch [bz#1791560]
+- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560]
+- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560]
+- Resolves: bz#1791560
+ (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8])
+
+* Thu Dec 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-172.el7
+- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961]
+- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961]
+- Resolves: bz#1771961
+ (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8])
+
+* Tue Oct 15 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-171.el7
+- kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471]
+- kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471]
+- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471]
+- kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607]
+- Resolves: bz#1638471
+ ([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model)
+- Resolves: bz#1760607
+ (Corrupted EAX values due to missing brackets at CPUID[0x800000008] code)
+
+* Wed Oct 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-170.el7
+- kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735]
+- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971]
+- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971]
+- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971]
+- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971]
+- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971]
+- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971]
+- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971]
+- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971]
+- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971]
+- kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971]
+- kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791]
+- Resolves: bz#1709971
+ ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm)
+- Resolves: bz#1714791
+ ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm)
+- Resolves: bz#1749735
+ (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7])
+
+* Wed Sep 04 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-169.el7
+- kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871]
+- kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871]
+- kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658]
+- Resolves: bz#1626871
+ ([RFE] request for using TscInvariant feature with qemu-kvm.)
+- Resolves: bz#1706658
+ ([Intel 7.8 Bug] qemu-kvm fail with "err:kvm_init_vcpu() invalidate argumant" on ICX platform)
+
+* Tue Aug 20 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-168.el7
+- kvm-qxl-check-release-info-object.patch [bz#1712703]
+- kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166]
+- kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166]
+- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749]
+- Resolves: bz#1270166
+ (UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.)
+- Resolves: bz#1712703
+ (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7])
+- Resolves: bz#1734749
+ (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8])
* Wed Jun 12 2019 Miroslav Rezanina <mrezanin@redhat.com> - 1.5.3-167.el7
- Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]