diff --git a/SOURCES/kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch b/SOURCES/kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch new file mode 100644 index 0000000..4fb8c36 --- /dev/null +++ b/SOURCES/kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch @@ -0,0 +1,54 @@ +From 23e038b8eb586dc19f1d653cd98d0cae109f359b Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Thu, 10 Oct 2019 22:18:07 +0200 +Subject: [PATCH 4/4] Add missing brackets to CPUID[0x80000008] code + +RH-Author: Eduardo Habkost +Message-id: <20191010221807.2953-1-ehabkost@redhat.com> +Patchwork-id: 91713 +O-Subject: [RHEL-7.8 qemu-kvm PATCH] Add missing brackets to CPUID[0x80000008] code +Bugzilla: 1760607 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Paolo Bonzini +RH-Acked-by: John Snow + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1760607 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23986041 +Upstream: not applicable + +I've made a mistake at downstream-only commit ba222e201e07 +("i386: Don't copy host virtual address limit"): I forgot to add +brackets to the existing if statement. This expose an invalid +physical address size to the guest if the host xlevel is less +than 0x80000008. + +Signed-off-by: Eduardo Habkost +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index b4839df..9283902 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -2978,7 +2978,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + if (kvm_enabled()) { + uint32_t _eax; + host_cpuid(0x80000000, 0, &_eax, NULL, NULL, NULL); +- if (_eax >= 0x80000008) ++ if (_eax >= 0x80000008) { + host_cpuid(0x80000008, 0, &_eax, NULL, NULL, NULL); + /* + * Override physical size only, as RHEL-7 KVM only supports +@@ -2986,6 +2986,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + */ + *eax &= ~0xff; + *eax |= _eax & 0xff; ++ } + } + } else { + if (env->features[FEAT_1_EDX] & CPUID_PSE36) { +-- +1.8.3.1 + diff --git a/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch b/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch index 9ca80c2..3cbc4db 100644 --- a/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch +++ b/SOURCES/kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch @@ -1,39 +1,35 @@ -From cd4088d607d604085015b0e405b2340420de5d5a Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:43 +0200 -Subject: [PATCH 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and +From 0bce0c69b76a246ee901c09a4d02bcd05619d9e0 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:22 +0200 +Subject: [PATCH 06/12] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-6-ehabkost@redhat.com> -Patchwork-id: 91361 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-6-git-send-email-plai@redhat.com> +Patchwork-id: 90856 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 05/10] kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina From: Robert Hoo Add kvm_get_supported_feature_msrs() to get supported MSR feature index list. Add kvm_arch_get_supported_msr_feature() to get each MSR features value. -7.7.z backport notes: -* No conflicts, but `#include "qemu/error-report.h"` lines was added - Signed-off-by: Robert Hoo Message-Id: <1539578845-37944-2-git-send-email-robert.hu@linux.intel.com> Reviewed-by: Eduardo Habkost Signed-off-by: Eduardo Habkost (cherry picked from commit f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost Signed-off-by: Miroslav Rezanina --- include/sysemu/kvm.h | 1 + linux-headers/linux/kvm.h | 2 ++ - target-i386/kvm.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 83 insertions(+) + target-i386/kvm.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 82 insertions(+) diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index e4403be..281fe26 100644 @@ -68,18 +64,10 @@ index 4b93099..bfeafff 100644 #ifdef KVM_CAP_IRQ_ROUTING diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index d5f6deb..2b1d7da 100644 +index b6c76f1..159ed4c 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -33,6 +33,7 @@ - #include "exec/ioport.h" - #include - #include "hw/pci/pci.h" -+#include "qemu/error-report.h" - - //#define DEBUG_KVM - -@@ -82,6 +83,7 @@ static bool has_msr_virt_ssbd; +@@ -84,6 +84,7 @@ static bool has_msr_virt_ssbd; static bool has_msr_architectural_pmu; static uint32_t num_architectural_pmu_counters; @@ -87,7 +75,7 @@ index d5f6deb..2b1d7da 100644 bool kvm_allows_irq0_override(void) { -@@ -249,11 +251,87 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, +@@ -251,11 +252,87 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, return ret; } @@ -175,7 +163,7 @@ index d5f6deb..2b1d7da 100644 static QLIST_HEAD(, HWPoisonPage) hwpoison_page_list = QLIST_HEAD_INITIALIZER(hwpoison_page_list); -@@ -831,6 +909,8 @@ int kvm_arch_init(KVMState *s) +@@ -846,6 +923,8 @@ int kvm_arch_init(KVMState *s) return ret; } diff --git a/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch b/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch index 12c4d84..e56d5e0 100644 --- a/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch +++ b/SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch @@ -1,7 +1,7 @@ -From 2724e62241909754ecf48bb64b417842e954a8d1 Mon Sep 17 00:00:00 2001 +From 7980bf40d749aeb86a972a73db67a42fe000dbca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Wed, 31 Jul 2019 21:39:33 +0200 -Subject: [PATCH 2/2] Fix heap overflow in ip_reass on big packet input +Subject: [PATCH 4/4] Fix heap overflow in ip_reass on big packet input MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -10,7 +10,7 @@ RH-Author: Philippe Mathieu-Daudé Message-id: <20190731213933.16245-2-philmd@redhat.com> Patchwork-id: 89844 O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/1] Fix heap overflow in ip_reass on big packet input -Bugzilla: 1734748 +Bugzilla: 1734749 RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Thomas Huth RH-Acked-by: Marc-André Lureau diff --git a/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch b/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch index 8c6febe..2e4393c 100644 --- a/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch +++ b/SOURCES/kvm-Remove-arch-capabilities-deprecation.patch @@ -1,18 +1,16 @@ -From deb80e0563048d3bb02d4c975929ddc8502172d4 Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:48 +0200 -Subject: [PATCH 10/10] Remove arch-capabilities deprecation - -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-11-ehabkost@redhat.com> -Patchwork-id: 91366 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 10/10] Remove arch-capabilities deprecation -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +From 8328a7b83a78666fff5166a615e4ef5792c743f0 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:27 +0200 +Subject: [PATCH 11/12] Remove arch-capabilities deprecation + +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-11-git-send-email-plai@redhat.com> +Patchwork-id: 90854 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 10/10] Remove arch-capabilities deprecation +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov - -From: Paul Lai +RH-Acked-by: Miroslav Rezanina [RHEL INTERNAL] Logic to support arch-capabilities now exists. Deprecation of arch-facilities is no longer needed. @@ -20,17 +18,16 @@ Deprecation of arch-facilities is no longer needed. fixes: arch-facilities deprecation introduced by 59c1aecdd i386: Deprecate arch-facilities and make it block live migration -7.7.z backport notes (ehabkost): -* Cherry pick from 7.8 tree with no conflicts - -Signed-off-by: Eduardo Habkost Signed-off-by: Miroslav Rezanina + +Conflicts: + target-i386/cpu.c --- target-i386/cpu.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 35381f0..5aa45ba 100644 +index 24fc000..3ea4e97 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -34,7 +34,6 @@ @@ -41,7 +38,7 @@ index 35381f0..5aa45ba 100644 #include "hw/hw.h" #if defined(CONFIG_KVM) -@@ -1802,13 +1801,6 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) +@@ -1819,13 +1818,6 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) x86_cpu_def->features[w] = x86_cpu_get_supported_feature_word(w); } @@ -52,9 +49,9 @@ index 35381f0..5aa45ba 100644 - - /* arch-facilities: deprecated (see comment on x86_cpu_realizefn()) */ - x86_cpu_def->features[FEAT_7_0_EDX] &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES; + /* invtsc: not migratable, so not enabled by default */ + x86_cpu_def->features[FEAT_8000_0007_EDX] &= ~CPUID_APM_INVTSC; - #endif /* CONFIG_KVM */ - } -- 1.8.3.1 diff --git a/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch b/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch index 0e6ea80..5e053a8 100644 --- a/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch +++ b/SOURCES/kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch @@ -1,29 +1,23 @@ -From dd8556fe139be9237694229e55ac3762ec71eca5 Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:46 +0200 -Subject: [PATCH 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for +From aa89186992d427e17118608c9fa02b36be8fab8e Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:25 +0200 +Subject: [PATCH 09/12] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-9-ehabkost@redhat.com> -Patchwork-id: 91363 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-9-git-send-email-plai@redhat.com> +Patchwork-id: 90861 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 08/10] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina From: Bandan Das When writing to guest's MSR_IA32_ARCH_CAPABILITIES, check whether it's supported in the guest using the KVM_GET_MSR_INDEX_LIST ioctl. -7.8 backport conflicts (plai): - target/i386/kvm.c changes to target-i386/kvm.c - -7.7.z backport notes (ehabkost): -* Cherry pick from 7.8 tree with no conflicts - Fixes: d86f963694df27f11b3681ffd225c9362de1b634 Suggested-by: Eduardo Habkost Tested-by: balducci@units.it @@ -32,7 +26,10 @@ Message-Id: Signed-off-by: Eduardo Habkost (cherry picked from commit aec5e9c3a94cf8b7920f59bef69a6f426092c4a0) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost + +Resolved Conflicts: + target/i386/kvm.c changes to target-i386/kvm.c + Signed-off-by: Miroslav Rezanina --- target-i386/cpu.h | 1 + @@ -40,10 +37,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/target-i386/cpu.h b/target-i386/cpu.h -index 1c62e63..d855ae3 100644 +index 5a86b2c..8f73af7 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h -@@ -1066,6 +1066,7 @@ typedef struct CPUX86State { +@@ -1070,6 +1070,7 @@ typedef struct CPUX86State { uint64_t spec_ctrl; uint64_t virt_ssbd; @@ -52,10 +49,10 @@ index 1c62e63..d855ae3 100644 TPRAccess tpr_access_type; } CPUX86State; diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 180ae56..bc3a514 100644 +index 722cfbc..12781a8 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -80,6 +80,7 @@ static bool has_msr_mtrr; +@@ -81,6 +81,7 @@ static bool has_msr_mtrr; static bool has_msr_xss; static bool has_msr_spec_ctrl; static bool has_msr_virt_ssbd; @@ -63,7 +60,7 @@ index 180ae56..bc3a514 100644 static bool has_msr_architectural_pmu; static uint32_t num_architectural_pmu_counters; -@@ -888,6 +889,10 @@ static int kvm_get_supported_msrs(KVMState *s) +@@ -902,6 +903,10 @@ static int kvm_get_supported_msrs(KVMState *s) has_msr_virt_ssbd = true; continue; } @@ -74,7 +71,7 @@ index 180ae56..bc3a514 100644 } } -@@ -1326,14 +1331,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) +@@ -1340,14 +1345,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) } } /* If host supports feature MSR, write down. */ @@ -92,7 +89,7 @@ index 180ae56..bc3a514 100644 } /* * The following MSRs have side effects on the guest or are too heavy -@@ -1925,6 +1925,9 @@ static int kvm_get_msrs(X86CPU *cpu) +@@ -1939,6 +1939,9 @@ static int kvm_get_msrs(X86CPU *cpu) case MSR_VIRT_SSBD: env->virt_ssbd = msrs[i].data; break; diff --git a/SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch b/SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch new file mode 100644 index 0000000..865a91e --- /dev/null +++ b/SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch @@ -0,0 +1,61 @@ +From 90b1929638fb5fed4e5fc65f95b7a76e339e0640 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Mon, 9 Sep 2019 09:13:33 +0200 +Subject: [PATCH 01/12] Using ip_deq after m_free might read pointers from an + allocation reuse. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20190909091333.18511-2-philmd@redhat.com> +Patchwork-id: 90336 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/1] Using ip_deq after m_free might read pointers from an allocation reuse. +Bugzilla: 1749735 +RH-Acked-by: John Snow +RH-Acked-by: Stefano Garzarella +RH-Acked-by: Thomas Huth + +From: Samuel Thibault + +This would be difficult to exploit, but that is still related with +CVE-2019-14378 which generates fragmented IP packets that would trigger this +issue and at least produce a DoS. + +Signed-off-by: Samuel Thibault +(cherry picked from libslirp commit c59279437eda91841b9d26079c70b8a540d41204) +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Miroslav Rezanina +--- + slirp/ip_input.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/slirp/ip_input.c b/slirp/ip_input.c +index 5226224..9e95b40 100644 +--- a/slirp/ip_input.c ++++ b/slirp/ip_input.c +@@ -296,6 +296,7 @@ ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp) + */ + while (q != (struct ipasfrag*)&fp->frag_link && + ip->ip_off + ip->ip_len > q->ipf_off) { ++ struct ipasfrag *prev; + i = (ip->ip_off + ip->ip_len) - q->ipf_off; + if (i < q->ipf_len) { + q->ipf_len -= i; +@@ -303,9 +304,10 @@ ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp) + m_adj(dtom(slirp, q), i); + break; + } ++ prev = q; + q = q->ipf_next; +- m_free(dtom(slirp, q->ipf_prev)); +- ip_deq(q->ipf_prev); ++ ip_deq(prev); ++ m_free(dtom(slirp, prev)); + } + + insert: +-- +1.8.3.1 + diff --git a/SOURCES/kvm-bswap.h-Remove-cpu_to_be16wu.patch b/SOURCES/kvm-bswap.h-Remove-cpu_to_be16wu.patch new file mode 100644 index 0000000..c3ca93e --- /dev/null +++ b/SOURCES/kvm-bswap.h-Remove-cpu_to_be16wu.patch @@ -0,0 +1,197 @@ +From 30ed4a7f03ef8820773f6eb7d63e982ad04aa8d6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Sat, 13 Jul 2019 12:38:01 +0200 +Subject: [PATCH 2/4] bswap.h: Remove cpu_to_be16wu() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20190713123802.23932-2-philmd@redhat.com> +Patchwork-id: 89507 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/2] bswap.h: Remove cpu_to_be16wu() +Bugzilla: 1270166 +RH-Acked-by: Xiao Wang +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Stefano Garzarella + +From: Peter Maydell + +Replace the legacy cpu_to_be16wu() with stw_be_p(). + +Signed-off-by: Peter Maydell +Reviewed-by: Richard Henderson +Reviewed-by: Michael S. Tsirkin +Message-id: 1383669517-25598-7-git-send-email-peter.maydell@linaro.org +Signed-off-by: Anthony Liguori +(cherry picked from commit d8ee2591e495d5feb0e0250866222dedc805c8d8) +[PMD: fix conflict in include/qemu/bswap.h] +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Miroslav Rezanina +--- + hw/block/cdrom.c | 4 ++-- + hw/ide/atapi.c | 16 ++++++++-------- + hw/net/e1000.c | 19 ++++++++----------- + include/qemu/bswap.h | 5 ----- + 4 files changed, 18 insertions(+), 26 deletions(-) + +diff --git a/hw/block/cdrom.c b/hw/block/cdrom.c +index 38469fa..5c69f34 100644 +--- a/hw/block/cdrom.c ++++ b/hw/block/cdrom.c +@@ -77,7 +77,7 @@ int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track) + q += 4; + } + len = q - buf; +- cpu_to_be16wu((uint16_t *)buf, len - 2); ++ stw_be_p(buf, len - 2); + return len; + } + +@@ -150,6 +150,6 @@ int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num) + } + + len = q - buf; +- cpu_to_be16wu((uint16_t *)buf, len - 2); ++ stw_be_p(buf, len - 2); + return len; + } +diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c +index a411748..490070a 100644 +--- a/hw/ide/atapi.c ++++ b/hw/ide/atapi.c +@@ -454,7 +454,7 @@ static int ide_dvd_read_structure(IDEState *s, int format, + cpu_to_ube32(buf + 16, total_sectors - 1); /* l0 end sector */ + + /* Size of buffer, not including 2 byte size field */ +- cpu_to_be16wu((uint16_t *)buf, 2048 + 2); ++ stw_be_p(buf, 2048 + 2); + + /* 2k data + 4 byte header */ + return (2048 + 4); +@@ -465,7 +465,7 @@ static int ide_dvd_read_structure(IDEState *s, int format, + buf[5] = 0; /* no region restrictions */ + + /* Size of buffer, not including 2 byte size field */ +- cpu_to_be16wu((uint16_t *)buf, 4 + 2); ++ stw_be_p(buf, 4 + 2); + + /* 4 byte header + 4 byte data */ + return (4 + 4); +@@ -475,7 +475,7 @@ static int ide_dvd_read_structure(IDEState *s, int format, + + case 0x04: /* DVD disc manufacturing information */ + /* Size of buffer, not including 2 byte size field */ +- cpu_to_be16wu((uint16_t *)buf, 2048 + 2); ++ stw_be_p(buf, 2048 + 2); + + /* 2k data + 4 byte header */ + return (2048 + 4); +@@ -488,22 +488,22 @@ static int ide_dvd_read_structure(IDEState *s, int format, + + buf[4] = 0x00; /* Physical format */ + buf[5] = 0x40; /* Not writable, is readable */ +- cpu_to_be16wu((uint16_t *)(buf + 6), 2048 + 4); ++ stw_be_p(buf + 6, 2048 + 4); + + buf[8] = 0x01; /* Copyright info */ + buf[9] = 0x40; /* Not writable, is readable */ +- cpu_to_be16wu((uint16_t *)(buf + 10), 4 + 4); ++ stw_be_p(buf + 10, 4 + 4); + + buf[12] = 0x03; /* BCA info */ + buf[13] = 0x40; /* Not writable, is readable */ +- cpu_to_be16wu((uint16_t *)(buf + 14), 188 + 4); ++ stw_be_p(buf + 14, 188 + 4); + + buf[16] = 0x04; /* Manufacturing info */ + buf[17] = 0x40; /* Not writable, is readable */ +- cpu_to_be16wu((uint16_t *)(buf + 18), 2048 + 4); ++ stw_be_p(buf + 18, 2048 + 4); + + /* Size of buffer, not including 2 byte size field */ +- cpu_to_be16wu((uint16_t *)buf, 16 + 2); ++ stw_be_p(buf, 16 + 2); + + /* data written + 4 byte header */ + return (16 + 4); +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index 2cd38bc..711d369 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -442,8 +442,7 @@ putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse) + n = cse + 1; + if (sloc < n-1) { + sum = net_checksum_add(n-css, data+css); +- cpu_to_be16wu((uint16_t *)(data + sloc), +- net_checksum_finish(sum)); ++ stw_be_p(data + sloc, net_checksum_finish(sum)); + } + } + +@@ -504,13 +503,11 @@ xmit_seg(E1000State *s) + DBGOUT(TXSUM, "frames %d size %d ipcss %d\n", + frames, tp->size, css); + if (tp->ip) { // IPv4 +- cpu_to_be16wu((uint16_t *)(tp->data+css+2), +- tp->size - css); +- cpu_to_be16wu((uint16_t *)(tp->data+css+4), ++ stw_be_p(tp->data+css+2, tp->size - css); ++ stw_be_p(tp->data+css+4, + be16_to_cpup((uint16_t *)(tp->data+css+4))+frames); + } else // IPv6 +- cpu_to_be16wu((uint16_t *)(tp->data+css+4), +- tp->size - css); ++ stw_be_p(tp->data+css+4, tp->size - css); + css = tp->tucss; + len = tp->size - css; + DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len); +@@ -521,14 +518,14 @@ xmit_seg(E1000State *s) + if (tp->paylen - sofar > tp->mss) + tp->data[css + 13] &= ~9; // PSH, FIN + } else // UDP +- cpu_to_be16wu((uint16_t *)(tp->data+css+4), len); ++ stw_be_p(tp->data+css+4, len); + if (tp->sum_needed & E1000_TXD_POPTS_TXSM) { + unsigned int phsum; + // add pseudo-header length before checksum calculation + sp = (uint16_t *)(tp->data + tp->tucso); + phsum = be16_to_cpup(sp) + len; + phsum = (phsum >> 16) + (phsum & 0xffff); +- cpu_to_be16wu(sp, phsum); ++ stw_be_p(sp, phsum); + } + tp->tso_frames++; + } +@@ -596,9 +593,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + if (vlan_enabled(s) && is_vlan_txd(txd_lower) && + (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) { + tp->vlan_needed = 1; +- cpu_to_be16wu((uint16_t *)(tp->vlan_header), ++ stw_be_p(tp->vlan_header, + le16_to_cpup((uint16_t *)(s->mac_reg + VET))); +- cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2), ++ stw_be_p(tp->vlan_header + 2, + le16_to_cpu(dp->upper.fields.special)); + } + +diff --git a/include/qemu/bswap.h b/include/qemu/bswap.h +index 14a5f65..91734ad 100644 +--- a/include/qemu/bswap.h ++++ b/include/qemu/bswap.h +@@ -437,11 +437,6 @@ static inline uint32_t be32_to_cpupu(const uint32_t *p) + return ldl_be_p(p); + } + +-static inline void cpu_to_be16wu(uint16_t *p, uint16_t v) +-{ +- stw_be_p(p, v); +-} +- + static inline void cpu_to_be32wu(uint32_t *p, uint32_t v) + { + stl_be_p(p, v); +-- +1.8.3.1 + diff --git a/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch b/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch index 2ee8e0c..ba295b6 100644 --- a/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch +++ b/SOURCES/kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch @@ -1,17 +1,17 @@ -From c0da3c7b7bafe378a953f139397cadc26c3d054b Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:42 +0200 -Subject: [PATCH 04/10] i386: Add CPUID bit and feature words for +From 1dd8f3631cc86fcf670f69befb5cd02e0b548da4 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:21 +0200 +Subject: [PATCH 05/12] i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-5-ehabkost@redhat.com> -Patchwork-id: 91360 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 04/10] i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-5-git-send-email-plai@redhat.com> +Patchwork-id: 90857 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 04/10] i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina From: Robert Hoo @@ -26,14 +26,13 @@ Message-Id: <1530781798-183214-3-git-send-email-robert.hu@linux.intel.com> Signed-off-by: Eduardo Habkost (cherry picked from commit 3fc7c73139d2d38ae80c3b0bc963b1ac1555924c) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost Signed-off-by: Miroslav Rezanina --- target-i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 5cfed19..ba2ce8e 100644 +index ff0921f..838c616 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -174,7 +174,7 @@ static const char *cpuid_7_0_edx_feature_name[] = { diff --git a/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch b/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch index 36bdee4..acb74dd 100644 --- a/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch +++ b/SOURCES/kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch @@ -1,17 +1,17 @@ -From 71b9824a243c47739730c263107b0e49f459db28 Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:41 +0200 -Subject: [PATCH 03/10] i386: Add new MSR indices for IA32_PRED_CMD and +From 2ef29c217183a2e16bbc8d209d94a2bb5a009204 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:20 +0200 +Subject: [PATCH 04/12] i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-4-ehabkost@redhat.com> -Patchwork-id: 91359 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 03/10] i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-4-git-send-email-plai@redhat.com> +Patchwork-id: 90862 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 03/10] i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina From: Robert Hoo @@ -27,14 +27,13 @@ Message-Id: <1530781798-183214-2-git-send-email-robert.hu@linux.intel.com> Signed-off-by: Eduardo Habkost (cherry picked from commit 8c80c99fcceabd0708a5a83f08577e778c9419f5) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost Signed-off-by: Miroslav Rezanina --- target-i386/cpu.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target-i386/cpu.h b/target-i386/cpu.h -index 5d47ab8..ea5df77 100644 +index cbbc34f..0ce479a 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h @@ -306,6 +306,8 @@ diff --git a/SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch b/SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch new file mode 100644 index 0000000..526daaa --- /dev/null +++ b/SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch @@ -0,0 +1,118 @@ +From 4f73c145a24ba196d904234a1ea437af22c33240 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Thu, 3 Oct 2019 22:12:15 +0200 +Subject: [PATCH 1/4] i386: Add new model of Cascadelake-Server + +RH-Author: Eduardo Habkost +Message-id: <20191003221217.8527-2-ehabkost@redhat.com> +Patchwork-id: 90952 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/3] i386: Add new model of Cascadelake-Server +Bugzilla: 1638471 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Igor Mammedov + +From: Tao Xu + +New CPU models mostly inherit features from ancestor Skylake-Server, +while addin new features: AVX512_VNNI, Intel PT. +SSBD support for speculative execution +side channel mitigations. + +Note: + +On Cascadelake, some capabilities (RDCL_NO, IBRS_ALL, RSBA, +SKIP_L1DFL_VMENTRY and SSB_NO) are enumerated by MSR. +These features rely on MSR based feature support patch. +Will be added later after that patch's in. +http://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg00074.html + +Backport notes: +* Like we already did in Skylake-Server and EPYC, ARAT is + not present in the CPU model (RHEL7-3+ and RHEL-8 already have + arat=off in PC_COMPAT_RHEL7_2) + +Signed-off-by: Tao Xu +Message-Id: <20180919031122.28487-2-tao3.xu@intel.com> +Signed-off-by: Eduardo Habkost +(cherry picked from commit c7a88b52f62b30c04158eeb07f73e3f72221b6a8) +Signed-off-by: Eduardo Habkost +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 60 insertions(+) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index f92cb62..5b988c9 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -1496,6 +1496,66 @@ static x86_def_t builtin_x86_defs[] = { + .model_id = "Intel Xeon Processor (Skylake, IBRS)", + }, + { ++ .name = "Cascadelake-Server", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 85, ++ .stepping = 5, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP | ++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ | ++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD | ++ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT | ++ CPUID_7_0_EBX_INTEL_PT, ++ .features[FEAT_7_0_ECX] = ++ CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE | ++ CPUID_7_0_ECX_AVX512VNNI, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD, ++ /* Missing: XSAVES (not supported by some Linux versions, ++ * including v4.1 to v4.12). ++ * KVM doesn't yet expose any XSAVES state save component, ++ * and the only one defined in Skylake (processor tracing) ++ * probably will block migration anyway. ++ */ ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1, ++ /* Missing: ARAT. not available in the qemu-kvm-1.5.3 tree (and ++ * disabled by compat code in pc-i440fx-rhel7.2.0 and older on ++ * qemu-kvm-rhev) ++ */ ++#if 0 ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++#endif ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon Processor (Cascadelake)", ++ }, ++ { + .name = "Opteron_G1", + .level = 5, + .vendor = CPUID_VENDOR_AMD, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch b/SOURCES/kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch new file mode 100644 index 0000000..729d6a3 --- /dev/null +++ b/SOURCES/kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch @@ -0,0 +1,76 @@ +From b082e420af608c6b060e29e392e0a7fa0655298d Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Thu, 3 Oct 2019 22:12:16 +0200 +Subject: [PATCH 2/4] i386: Disable OSPKE on Cascadelake-Server + +RH-Author: Eduardo Habkost +Message-id: <20191003221217.8527-3-ehabkost@redhat.com> +Patchwork-id: 90953 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 2/3] i386: Disable OSPKE on Cascadelake-Server +Bugzilla: 1638471 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Igor Mammedov + +This is a partial cherry pick of upstream commit: + +commit bb4928c7cafe50ab2137a0034e350ef1bfa044d9 +Author: Eduardo Habkost +Date: Tue Mar 19 17:05:15 2019 -0300 + + i386: Disable OSPKE on CPU model definitions + + Currently, the Cascadelake-Server, Icelake-Client, and + Icelake-Server are always generating the following warning: + + qemu-system-x86_64: warning: \ + host doesn't support requested feature: CPUID.07H:ECX [bit 4] + + This happens because OSPKE was never returned by + GET_SUPPORTED_CPUID or x86_cpu_get_supported_feature_word(). + OSPKE is a runtime flag automatically set by the KVM module or by + TCG code, was always cleared by x86_cpu_filter_features(), and + was not supposed to appear on the CPU model table. + + Remove the OSPKE flag from the CPU model table entries, to avoid + the bogus warning and avoid returning invalid feature data on + query-cpu-* QMP commands. As OSPKE was always cleared by + x86_cpu_filter_features(), this won't have any guest-visible + impact. + + Include a test case that should detect the problem if we introduce + a similar bug again. + + Fixes: c7a88b52f62b ("i386: Add new model of Cascadelake-Server") + Fixes: 8a11c62da914 ("i386: Add new CPU model Icelake-{Server,Client}") + Cc: Tao Xu + Cc: Robert Hoo + Signed-off-by: Eduardo Habkost + Message-Id: <20190319200515.14999-1-ehabkost@redhat.com> + Signed-off-by: Eduardo Habkost + +It includes only the Cascadelake-Server change, because Icelake* +is not present in the RHEL7 tree. + +Signed-off-by: Eduardo Habkost +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index 5b988c9..926373b 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -1531,7 +1531,7 @@ static x86_def_t builtin_x86_defs[] = { + CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT | + CPUID_7_0_EBX_INTEL_PT, + .features[FEAT_7_0_ECX] = +- CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE | ++ CPUID_7_0_ECX_PKU | + CPUID_7_0_ECX_AVX512VNNI, + .features[FEAT_7_0_EDX] = + CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-i386-Don-t-copy-host-virtual-address-limit.patch b/SOURCES/kvm-i386-Don-t-copy-host-virtual-address-limit.patch new file mode 100644 index 0000000..08fa4c7 --- /dev/null +++ b/SOURCES/kvm-i386-Don-t-copy-host-virtual-address-limit.patch @@ -0,0 +1,55 @@ +From ba222e201e070d95e282762e890cf8e86251e84c Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 21 Aug 2019 22:28:26 +0200 +Subject: [PATCH 3/3] i386: Don't copy host virtual address limit + +RH-Author: Eduardo Habkost +Message-id: <20190821222826.11853-1-ehabkost@redhat.com> +Patchwork-id: 90110 +O-Subject: [RHEL-7.8 qemu-kvm PATCH] i386: Don't copy host virtual address limit +Bugzilla: 1706658 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Bandan Das + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1706658 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23157241 +Upstream: not applicable + +The KVM code in RHEL-7 supports only 48-bit virtual addresses. +Copying the host virtual address size to the guest is pointless +and only makes the VM crash if the host virtual address size is +not 48 bits. + +Change the downstream-only code that copies host CPUID to just +copy the physical address limit, and keep the hardcoded virtual +address size. + +Signed-off-by: Eduardo Habkost +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index c74f597..ca43268 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -2841,7 +2841,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + uint32_t _eax; + host_cpuid(0x80000000, 0, &_eax, NULL, NULL, NULL); + if (_eax >= 0x80000008) +- host_cpuid(0x80000008, 0, eax, NULL, NULL, NULL); ++ host_cpuid(0x80000008, 0, &_eax, NULL, NULL, NULL); ++ /* ++ * Override physical size only, as RHEL-7 KVM only supports ++ * 48 bits virtual. ++ */ ++ *eax &= ~0xff; ++ *eax |= _eax & 0xff; + } + } else { + if (env->features[FEAT_1_EDX] & CPUID_PSE36) { +-- +1.8.3.1 + diff --git a/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch b/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch index 48179c2..13b6953 100644 --- a/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch +++ b/SOURCES/kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch @@ -1,17 +1,19 @@ -From e9ae571d86a83652aa43f9b866f619709b1feda2 Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:47 +0200 -Subject: [PATCH 09/10] i386: kvm: Disable arch_capabilities if MSR can't be +From 178a63f8515a461a6625b856d25f4d4154ada960 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:26 +0200 +Subject: [PATCH 10/12] i386: kvm: Disable arch_capabilities if MSR can't be set -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-10-ehabkost@redhat.com> -Patchwork-id: 91365 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 09/10] i386: kvm: Disable arch_capabilities if MSR can't be set -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-10-git-send-email-plai@redhat.com> +Patchwork-id: 90858 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 09/10] i386: kvm: Disable arch_capabilities if MSR can't be set +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina + +From: Eduardo Habkost KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES: @@ -34,28 +36,24 @@ unavailable on hosts without hardware support for the MSR until bug #2 is fixed on KVM, but I can't see another way to work around bug #1 without that side effect. -7.8 backport conflicts (plai): - target/i386/kvm.c changes to target-i386/kvm.c - -7.7.z backport notes (ehabkost): -* Cherry pick from 7.8 tree with no conflicts - Signed-off-by: Eduardo Habkost Message-Id: <20190125220606.4864-2-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost (cherry picked from commit 485b1d256bcb0874bcde0223727c159b6837e6f8) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost Signed-off-by: Miroslav Rezanina + +Conflicts: + target/i386/kvm.c changes to target-i386/kvm.c --- target-i386/kvm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index bc3a514..0374b7a 100644 +index 12781a8..c79b0ea 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -234,6 +234,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, +@@ -235,6 +235,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, if (!kvm_irqchip_in_kernel()) { ret &= ~CPUID_EXT_X2APIC; } diff --git a/SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch b/SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch new file mode 100644 index 0000000..81ce3b7 --- /dev/null +++ b/SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch @@ -0,0 +1,59 @@ +From 4d23f26f51e1a4b4a8c7aa2d105891e4589f913c Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Thu, 3 Oct 2019 22:12:17 +0200 +Subject: [PATCH 3/4] i386: remove the 'INTEL_PT' CPUID bit from + Cascadelake-Server + +RH-Author: Eduardo Habkost +Message-id: <20191003221217.8527-4-ehabkost@redhat.com> +Patchwork-id: 90954 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 3/3] i386: remove the 'INTEL_PT' CPUID bit from Cascadelake-Server +Bugzilla: 1638471 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Igor Mammedov + +From: Paolo Bonzini + +This is a partial cherry pick of upstream commit: + +commit 4c257911dcc7c4189768e9651755c849ce9db4e8 +Author: Paolo Bonzini +Date: Fri Dec 21 12:35:56 2018 +0100 + + i386: remove the 'INTEL_PT' CPUID bit from named CPU models + + Processor tracing is not yet implemented for KVM and it will be an + opt in feature requiring a special module parameter. + Disable it, because it is wrong to enable it by default and + it is impossible that no one has ever used it. + + Cc: qemu-stable@nongnu.org + Signed-off-by: Paolo Bonzini + +It includes only the Cascadelake-Server change, because the other +CPU models are not present in the RHEL7 tree. + +Signed-off-by: Eduardo Habkost +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index 926373b..b4839df 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -1528,8 +1528,7 @@ static x86_def_t builtin_x86_defs[] = { + CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB | + CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ | + CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD | +- CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT | +- CPUID_7_0_EBX_INTEL_PT, ++ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT, + .features[FEAT_7_0_ECX] = + CPUID_7_0_ECX_PKU | + CPUID_7_0_ECX_AVX512VNNI, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch b/SOURCES/kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch new file mode 100644 index 0000000..d638efd --- /dev/null +++ b/SOURCES/kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch @@ -0,0 +1,92 @@ +From 58d702589fd93689c142e8cb48d51877a8de3a93 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Sat, 13 Jul 2019 12:38:02 +0200 +Subject: [PATCH 3/4] net: Transmit zero UDP checksum as 0xFFFF +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20190713123802.23932-3-philmd@redhat.com> +Patchwork-id: 89509 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 2/2] net: Transmit zero UDP checksum as 0xFFFF +Bugzilla: 1270166 +RH-Acked-by: Xiao Wang +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Stefano Garzarella + +From: Ed Swierk + +The checksum algorithm used by IPv4, TCP and UDP allows a zero value +to be represented by either 0x0000 and 0xFFFF. But per RFC 768, a zero +UDP checksum must be transmitted as 0xFFFF because 0x0000 is a special +value meaning no checksum. + +Substitute 0xFFFF whenever a checksum is computed as zero when +modifying a UDP datagram header. Doing this on IPv4 and TCP checksums +is unnecessary but legal. Add a wrapper for net_checksum_finish() that +makes the substitution. + +(We can't just change net_checksum_finish(), as that function is also +used by receivers to verify checksums, and in that case the expected +value is always 0x0000.) + +Signed-off-by: Ed Swierk +Signed-off-by: Jason Wang +(cherry picked from commit 0dacea92d26c31d453c58de2e99c178fee554166) +[PMD: conflicts: hw/net/net_rx_pkt.c hw/net/vmxnet3.c] +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Miroslav Rezanina +--- + hw/net/e1000.c | 2 +- + hw/net/vmxnet_tx_pkt.c | 2 +- + include/net/checksum.h | 6 ++++++ + 3 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index 711d369..d876949 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -442,7 +442,7 @@ putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse) + n = cse + 1; + if (sloc < n-1) { + sum = net_checksum_add(n-css, data+css); +- stw_be_p(data + sloc, net_checksum_finish(sum)); ++ stw_be_p(data + sloc, net_checksum_finish_nozero(sum)); + } + } + +diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c +index fc01e4d..03f34cf 100644 +--- a/hw/net/vmxnet_tx_pkt.c ++++ b/hw/net/vmxnet_tx_pkt.c +@@ -437,7 +437,7 @@ static void vmxnet_tx_pkt_do_sw_csum(struct VmxnetTxPkt *pkt) + csum_cntr += eth_calc_pseudo_hdr_csum(iphdr, csl); + + /* Put the checksum obtained into the packet */ +- csum = cpu_to_be16(net_checksum_finish(csum_cntr)); ++ csum = cpu_to_be16(net_checksum_finish_nozero(csum_cntr)); + iov_from_buf(iov, iov_len, csum_offset, &csum, sizeof csum); + } + +diff --git a/include/net/checksum.h b/include/net/checksum.h +index 80203fb..78b7d9b 100644 +--- a/include/net/checksum.h ++++ b/include/net/checksum.h +@@ -33,6 +33,12 @@ net_checksum_add(int len, uint8_t *buf) + } + + static inline uint16_t ++net_checksum_finish_nozero(uint32_t sum) ++{ ++ return net_checksum_finish(sum) ?: 0xFFFF; ++} ++ ++static inline uint16_t + net_raw_checksum(uint8_t *data, int length) + { + return net_checksum_finish(net_checksum_add(length, data)); +-- +1.8.3.1 + diff --git a/SOURCES/kvm-qxl-check-release-info-object.patch b/SOURCES/kvm-qxl-check-release-info-object.patch index 585e777..3fa6998 100644 --- a/SOURCES/kvm-qxl-check-release-info-object.patch +++ b/SOURCES/kvm-qxl-check-release-info-object.patch @@ -1,7 +1,7 @@ -From bd9de3a28ae6721d5ccf1d14acf259b3e6f4093c Mon Sep 17 00:00:00 2001 +From 1fd91c62715b21e480a8c25d05452acb633ab11c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Wed, 19 Jun 2019 16:03:38 +0200 -Subject: [PATCH 1/2] qxl: check release info object +Subject: [PATCH 1/4] qxl: check release info object MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -10,7 +10,7 @@ RH-Author: Philippe Mathieu-Daudé Message-id: <20190619160338.15430-2-philmd@redhat.com> Patchwork-id: 88733 O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/1] qxl: check release info object -Bugzilla: 1732337 +Bugzilla: 1712703 RH-Acked-by: Christophe de Dinechin RH-Acked-by: Gerd Hoffmann RH-Acked-by: Laszlo Ersek diff --git a/SOURCES/kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch b/SOURCES/kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch new file mode 100644 index 0000000..6ccb8c4 --- /dev/null +++ b/SOURCES/kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch @@ -0,0 +1,71 @@ +From 896665af83060fb673fc12081083f53a10a19dc5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 17 Jan 2020 12:00:36 +0100 +Subject: [PATCH 2/3] slirp: use correct size while emulating IRC commands +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20200117120037.12800-3-philmd@redhat.com> +Patchwork-id: 93396 +O-Subject: [RHEL-7.7.z qemu-kvm + RHEL-7.8 qemu-kvm + RHEL-7.9 qemu-kvm PATCH v2 2/3] slirp: use correct size while emulating IRC commands +Bugzilla: 1791560 +RH-Acked-by: Stefano Garzarella +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Thomas Huth + +From: Prasad J Pandit + +While emulating IRC DCC commands, tcp_emu() uses 'mbuf' size +'m->m_size' to write DCC commands via snprintf(3). This may +lead to OOB write access, because 'bptr' points somewhere in +the middle of 'mbuf' buffer, not at the start. Use M_FREEROOM(m) +size to avoid OOB access. + +Reported-by: Vishnu Dev TJ +Signed-off-by: Prasad J Pandit +Reviewed-by: Samuel Thibault +Message-Id: <20200109094228.79764-2-ppandit@redhat.com> +(cherry picked from libslirp commit ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9) +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Miroslav Rezanina +--- + slirp/tcp_subr.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c +index 70a4c83..321c2a4 100644 +--- a/slirp/tcp_subr.c ++++ b/slirp/tcp_subr.c +@@ -728,7 +728,7 @@ tcp_emu(struct socket *so, struct mbuf *m) + return 1; + } + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "DCC CHAT chat %lu %u%c\n", + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), 1); +@@ -739,7 +739,7 @@ tcp_emu(struct socket *so, struct mbuf *m) + return 1; + } + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "DCC SEND %s %lu %u %u%c\n", buff, + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), n1, 1); +@@ -750,7 +750,7 @@ tcp_emu(struct socket *so, struct mbuf *m) + return 1; + } + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "DCC MOVE %s %lu %u %u%c\n", buff, + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), n1, 1); +-- +1.8.3.1 + diff --git a/SOURCES/kvm-slirp-use-correct-size-while-emulating-commands.patch b/SOURCES/kvm-slirp-use-correct-size-while-emulating-commands.patch new file mode 100644 index 0000000..ae5466d --- /dev/null +++ b/SOURCES/kvm-slirp-use-correct-size-while-emulating-commands.patch @@ -0,0 +1,70 @@ +From 95cf6abd88bedca0533ababfdb6480c3174f3b81 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 17 Jan 2020 12:00:37 +0100 +Subject: [PATCH 3/3] slirp: use correct size while emulating commands +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20200117120037.12800-4-philmd@redhat.com> +Patchwork-id: 93397 +O-Subject: [RHEL-7.7.z qemu-kvm + RHEL-7.8 qemu-kvm + RHEL-7.9 qemu-kvm PATCH v2 3/3] slirp: use correct size while emulating commands +Bugzilla: 1791560 +RH-Acked-by: Stefano Garzarella +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Thomas Huth + +From: Prasad J Pandit + +While emulating services in tcp_emu(), it uses 'mbuf' size +'m->m_size' to write commands via snprintf(3). Use M_FREEROOM(m) +size to avoid possible OOB access. + +Signed-off-by: Prasad J Pandit +Signed-off-by: Samuel Thibault +Message-Id: <20200109094228.79764-3-ppandit@redhat.com> +(cherry picked from libslirp commit 82ebe9c370a0e2970fb5695aa19aa5214a6a1c80) +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Miroslav Rezanina +--- + slirp/tcp_subr.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c +index 321c2a4..19e2245 100644 +--- a/slirp/tcp_subr.c ++++ b/slirp/tcp_subr.c +@@ -648,7 +648,7 @@ tcp_emu(struct socket *so, struct mbuf *m) + n4 = (laddr & 0xff); + + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size - m->m_len, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "ORT %d,%d,%d,%d,%d,%d\r\n%s", + n1, n2, n3, n4, n5, n6, x==7?buff:""); + return 1; +@@ -681,7 +681,7 @@ tcp_emu(struct socket *so, struct mbuf *m) + n4 = (laddr & 0xff); + + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size - m->m_len, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s", + n1, n2, n3, n4, n5, n6, x==7?buff:""); + +@@ -707,8 +707,8 @@ tcp_emu(struct socket *so, struct mbuf *m) + if (m->m_data[m->m_len-1] == '\0' && lport != 0 && + (so = tcp_listen(slirp, INADDR_ANY, 0, so->so_laddr.s_addr, + htons(lport), SS_FACCEPTONCE)) != NULL) +- m->m_len = snprintf(m->m_data, m->m_size, "%d", +- ntohs(so->so_fport)) + 1; ++ m->m_len = snprintf(m->m_data, M_ROOM(m), ++ "%d", ntohs(so->so_fport)) + 1; + return 1; + + case EMU_IRC: +-- +1.8.3.1 + diff --git a/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch b/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch index 8e1f05e..8b34363 100644 --- a/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch +++ b/SOURCES/kvm-target-i386-Export-TAA_NO-bit-to-guests.patch @@ -1,13 +1,13 @@ -From 5b1c740a646c4ecd8c85ac02429f43b84c746a04 Mon Sep 17 00:00:00 2001 +From 2ce01dcb0add24ad6ba0a703b63d00fb9d95ee5f Mon Sep 17 00:00:00 2001 From: Eduardo Habkost -Date: Tue, 3 Dec 2019 23:22:01 +0100 +Date: Wed, 4 Dec 2019 01:48:28 +0100 Subject: [PATCH 1/2] target/i386: Export TAA_NO bit to guests RH-Author: Eduardo Habkost -Message-id: <20191203232202.555105-2-ehabkost@redhat.com> -Patchwork-id: 92844 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 1/2] target/i386: Export TAA_NO bit to guests -Bugzilla: 1771960 +Message-id: <20191204014829.608318-2-ehabkost@redhat.com> +Patchwork-id: 92853 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/2] target/i386: Export TAA_NO bit to guests +Bugzilla: 1771961 RH-Acked-by: Paolo Bonzini RH-Acked-by: Dr. David Alan Gilbert RH-Acked-by: Igor Mammedov @@ -31,13 +31,13 @@ Signed-off-by: Miroslav Rezanina 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 5aa45ba..2de8822 100644 +index 9283902..120df73 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -201,7 +201,7 @@ static const char *cpuid_xsave_feature_name[] = { +@@ -212,7 +212,7 @@ static const char *cpuid_apm_edx_feature_name[] = { static const char *cpuid_arch_capabilities_feature_name[] = { "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", - "ssb-no", NULL, NULL, NULL, + "ssb-no", "mds-no", NULL, NULL, - NULL, NULL, NULL, NULL, + "taa-no", NULL, NULL, NULL, NULL, NULL, NULL, NULL, diff --git a/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch b/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch index 0c66177..4ffc0d9 100644 --- a/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch +++ b/SOURCES/kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch @@ -1,20 +1,22 @@ -From 2b13f79a51b0106170cd0b5d9996a3a553d8781e Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:40 +0200 -Subject: [PATCH 02/10] target-i386: Isolate KVM-specific code on CPU feature +From 592237e21bc3527ebc66b8f4c76652cf5cde9438 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:19 +0200 +Subject: [PATCH 03/12] target-i386: Isolate KVM-specific code on CPU feature filtering logic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-3-ehabkost@redhat.com> -Patchwork-id: 91358 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 02/10] target-i386: Isolate KVM-specific code on CPU feature filtering logic -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-3-git-send-email-plai@redhat.com> +Patchwork-id: 90855 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 02/10] target-i386: Isolate KVM-specific code on CPU feature filtering logic +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina + +From: Eduardo Habkost This will allow us to re-use the feature filtering logic (and the check/enforce flag logic) for TCG. @@ -24,17 +26,16 @@ Signed-off-by: Eduardo Habkost Signed-off-by: Andreas Färber (cherry picked from commit 27418adf32b9cd164d464fffc4fc0505d6b2b15d) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost Signed-off-by: Miroslav Rezanina --- target-i386/cpu.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index c9d7557..5cfed19 100644 +index 6fb805b..ff0921f 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -2367,6 +2367,16 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) +@@ -2387,6 +2387,16 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) return cpu_list; } @@ -51,7 +52,7 @@ index c9d7557..5cfed19 100644 /* * Filters CPU feature words based on host availability of each feature. * -@@ -2374,20 +2384,15 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) +@@ -2394,20 +2404,15 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) * * Returns: 0 if all flags are supported by the host, non-zero otherwise. */ @@ -74,7 +75,7 @@ index c9d7557..5cfed19 100644 uint32_t requested_features = env->features[w]; env->features[w] &= host_feat; cpu->filtered_features[w] = requested_features & ~env->features[w]; -@@ -3070,7 +3075,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) +@@ -3102,7 +3107,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) env->features[w] &= feature_word_info[w].tcg_features; } } else { diff --git a/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch b/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch index 89f6b7e..6511e2e 100644 --- a/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch +++ b/SOURCES/kvm-target-i386-Merge-feature-filtering-checking-functio.patch @@ -1,19 +1,21 @@ -From 7e79bb0dc6af82413c9c5b153f18ce91146e0e53 Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:39 +0200 -Subject: [PATCH 01/10] target-i386: Merge feature filtering/checking functions +From 50e0729e98e9938b338367e29afd6b7abce9bb04 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:18 +0200 +Subject: [PATCH 02/12] target-i386: Merge feature filtering/checking functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-2-ehabkost@redhat.com> -Patchwork-id: 91357 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 01/10] target-i386: Merge feature filtering/checking functions -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-2-git-send-email-plai@redhat.com> +Patchwork-id: 90853 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 01/10] target-i386: Merge feature filtering/checking functions +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina + +From: Eduardo Habkost Merge filter_features_for_kvm() and kvm_check_features_against_host(). @@ -21,29 +23,25 @@ Both functions made exactly the same calculations, the only difference was that filter_features_for_kvm() changed the bits on cpu->features[], and kvm_check_features_against_host() did error reporting. -7.8 backport notes (plai): -* unavailable_host_feature() removed due to lack of references. -* report_unavailable_features() from 51f63aed3 to make things compile. - -7.7.z backport notes (ehabkost): -* cherry-pick from 7.8 with no conflicts - Reviewed-by: Richard Henderson Signed-off-by: Eduardo Habkost Signed-off-by: Andreas Färber (cherry picked from commit 51f63aed32314479065207ff2fb28255de4dbda4) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost + + unavailable_host_feature() removed due to lack of references. + report_unavailable_features() from 51f63aed3 to make things compile. + Signed-off-by: Miroslav Rezanina --- target-i386/cpu.c | 91 ++++++++++++++----------------------------------------- 1 file changed, 22 insertions(+), 69 deletions(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index c2fcd1e..c9d7557 100644 +index ca43268..6fb805b 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -1754,11 +1754,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) +@@ -1774,11 +1774,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) #endif /* CONFIG_KVM */ } @@ -57,7 +55,7 @@ index c2fcd1e..c9d7557 100644 if (1 << i & mask) { const char *reg = get_register_name_32(f->cpuid_reg); assert(reg); -@@ -1767,40 +1767,8 @@ static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask) +@@ -1787,40 +1787,8 @@ static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask) f->cpuid_eax, reg, f->feat_names[i] ? "." : "", f->feat_names[i] ? f->feat_names[i] : "", i); @@ -98,7 +96,7 @@ index c2fcd1e..c9d7557 100644 } static void x86_cpuid_version_get_family(Object *obj, Visitor *v, void *opaque, -@@ -2399,12 +2367,21 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) +@@ -2419,12 +2387,21 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) return cpu_list; } @@ -122,7 +120,7 @@ index c2fcd1e..c9d7557 100644 for (w = 0; w < FEATURE_WORDS; w++) { FeatureWordInfo *wi = &feature_word_info[w]; -@@ -2414,9 +2391,16 @@ static void filter_features_for_kvm(X86CPU *cpu) +@@ -2434,9 +2411,16 @@ static void filter_features_for_kvm(X86CPU *cpu) uint32_t requested_features = env->features[w]; env->features[w] &= host_feat; cpu->filtered_features[w] = requested_features & ~env->features[w]; @@ -140,7 +138,7 @@ index c2fcd1e..c9d7557 100644 static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp) { -@@ -3086,42 +3070,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) +@@ -3118,42 +3102,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) env->features[w] &= feature_word_info[w].tcg_features; } } else { diff --git a/SOURCES/kvm-target-i386-Support-invariant-tsc-flag.patch b/SOURCES/kvm-target-i386-Support-invariant-tsc-flag.patch new file mode 100644 index 0000000..d8a216a --- /dev/null +++ b/SOURCES/kvm-target-i386-Support-invariant-tsc-flag.patch @@ -0,0 +1,142 @@ +From 4e903b8594bb59a953e66ca0fb422079f6f6b573 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 21 Aug 2019 14:30:05 +0200 +Subject: [PATCH 1/3] target-i386: Support "invariant tsc" flag +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eduardo Habkost +Message-id: <20190821143006.23516-2-ehabkost@redhat.com> +Patchwork-id: 90101 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/2] target-i386: Support "invariant tsc" flag +Bugzilla: 1626871 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Bandan Das +RH-Acked-by: Igor Mammedov + +From: Marcelo Tosatti + +Expose "Invariant TSC" flag, if KVM is enabled. From Intel documentation: + +17.13.1 Invariant TSC The time stamp counter in newer processors may +support an enhancement, referred to as invariant TSC. Processor’s +support for invariant TSC is indicated by CPUID.80000007H:EDX[8]. +The invariant TSC will run at a constant rate in all ACPI P-, C-. +and T-states. This is the architectural behavior moving forward. On +processors with invariant TSC support, the OS may use the TSC for wall +clock timer services (instead of ACPI or HPET timers). TSC reads are +much more efficient and do not incur the overhead associated with a ring +transition or access to a platform resource. + +Backport notes: + One extra line to remove invtsc was added to + kvm_cpu_fill_host(), to replace the unmigratable_flags field, + and fix the same issue fixed by upstream commit 120eee7d1fdb + ("target-i386: Set migratable=yes by default on "host" CPU + mooel"). + +Signed-off-by: Marcelo Tosatti +[ehabkost: redo feature filtering to use .tcg_features] +[ehabkost: add CPUID_APM_INVTSC macro, add it to .unmigratable_flags] +Signed-off-by: Eduardo Habkost +Signed-off-by: Andreas Färber +(cherry picked from commit 303752a9068bfe84b9b05f1cd5ad5ff65b7f3ea6) +Signed-off-by: Eduardo Habkost + +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 26 ++++++++++++++++++++++++++ + target-i386/cpu.h | 4 ++++ + 2 files changed, 30 insertions(+) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index c2fcd1e..c74f597 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -199,6 +199,17 @@ static const char *cpuid_xsave_feature_name[] = { + NULL, NULL, NULL, NULL, + }; + ++static const char *cpuid_apm_edx_feature_name[] = { ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ "invtsc", NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++}; ++ + #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE) + #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \ + CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC) +@@ -258,6 +269,7 @@ static const char *cpuid_xsave_feature_name[] = { + CPUID_7_0_EBX_RDSEED */ + #define TCG_7_0_ECX_FEATURES 0 + #define TCG_7_0_EDX_FEATURES 0 ++#define TCG_APM_FEATURES 0 + + + typedef struct FeatureWordInfo { +@@ -326,6 +338,12 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .cpuid_reg = R_EDX, + .tcg_features = TCG_7_0_EDX_FEATURES, + }, ++ [FEAT_8000_0007_EDX] = { ++ .feat_names = cpuid_apm_edx_feature_name, ++ .cpuid_eax = 0x80000007, ++ .cpuid_reg = R_EDX, ++ .tcg_features = TCG_APM_FEATURES, ++ }, + [FEAT_8000_0008_EBX] = { + .feat_names = cpuid_80000008_ebx_feature_name, + .cpuid_eax = 0x80000008, +@@ -1750,6 +1768,8 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) + + /* arch-facilities: deprecated (see comment on x86_cpu_realizefn()) */ + x86_cpu_def->features[FEAT_7_0_EDX] &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES; ++ /* invtsc: not migratable, so not enabled by default */ ++ x86_cpu_def->features[FEAT_8000_0007_EDX] &= ~CPUID_APM_INVTSC; + + #endif /* CONFIG_KVM */ + } +@@ -2805,6 +2825,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + *ecx = 0x02008140; + *edx = 0; + break; ++ case 0x80000007: ++ *eax = 0; ++ *ebx = 0; ++ *ecx = 0; ++ *edx = env->features[FEAT_8000_0007_EDX]; ++ break; + case 0x80000008: + /* virtual & phys address size in low 2 bytes. */ + /* XXX: This value must match the one used in the MMU code. */ +diff --git a/target-i386/cpu.h b/target-i386/cpu.h +index 5d47ab8..cbbc34f 100644 +--- a/target-i386/cpu.h ++++ b/target-i386/cpu.h +@@ -408,6 +408,7 @@ typedef enum FeatureWord { + FEAT_7_0_EDX, /* CPUID[EAX=7,ECX=0].EDX */ + FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */ + FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */ ++ FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */ + FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */ + FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */ + FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */ +@@ -613,6 +614,9 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_XSAVE_XGETBV1 (1U << 2) + #define CPUID_XSAVE_XSAVES (1U << 3) + ++/* CPUID[0x80000007].EDX flags: */ ++#define CPUID_APM_INVTSC (1U << 8) ++ + #define CPUID_VENDOR_SZ 12 + + #define CPUID_VENDOR_INTEL_1 0x756e6547 /* "Genu" */ +-- +1.8.3.1 + diff --git a/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch b/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch index 2e6e266..abbaec3 100644 --- a/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch +++ b/SOURCES/kvm-target-i386-add-MDS-NO-feature.patch @@ -1,16 +1,16 @@ -From c432e7520c4410545d5883f2a5be5dcecbf1854d Mon Sep 17 00:00:00 2001 +From 5f41a4ac3ff6527f7a23c3b2a2d8bef128f5c077 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost -Date: Mon, 6 Jan 2020 13:04:21 +0100 -Subject: [PATCH] target/i386: add MDS-NO feature +Date: Tue, 24 Sep 2019 20:50:32 +0200 +Subject: [PATCH 12/12] target/i386: add MDS-NO feature RH-Author: Eduardo Habkost -Message-id: <20191024031525.7449-1-ehabkost@redhat.com> -Patchwork-id: 91937 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH] target/i386: add MDS-NO feature -Bugzilla: 1755333 -RH-Acked-by: Igor Mammedov +Message-id: <20190924205032.12926-2-ehabkost@redhat.com> +Patchwork-id: 90873 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 1/1] target/i386: add MDS-NO feature +Bugzilla: 1714791 RH-Acked-by: Dr. David Alan Gilbert -RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Igor Mammedov +RH-Acked-by: Paolo Bonzini From: Paolo Bonzini @@ -27,21 +27,22 @@ Message-Id: <20190516185320.28340-1-pbonzini@redhat.com> Signed-off-by: Eduardo Habkost (cherry picked from commit 20140a82c67467f53814ca197403d5e1b561a5e5) Signed-off-by: Eduardo Habkost +Signed-off-by: Miroslav Rezanina --- target-i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 48d3aec..63ae76e 100644 +index 3ea4e97..f92cb62 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -200,7 +200,7 @@ static const char *cpuid_xsave_feature_name[] = { +@@ -211,7 +211,7 @@ static const char *cpuid_apm_edx_feature_name[] = { static const char *cpuid_arch_capabilities_feature_name[] = { "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", -- "ssb-no", NULL, NULL, "tsx-ctrl", -+ "ssb-no", "mds-no", NULL, "tsx-ctrl", - "taa-no", NULL, NULL, NULL, +- "ssb-no", NULL, NULL, NULL, ++ "ssb-no", "mds-no", NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -- diff --git a/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch b/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch index c2af061..62c3002 100644 --- a/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch +++ b/SOURCES/kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch @@ -1,13 +1,13 @@ -From bd481c114114e2a694ed1e8cb24e3c5d7cc451a3 Mon Sep 17 00:00:00 2001 +From 73fac9c9beb00cc462eaae8589b4b2261142a8b2 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost -Date: Tue, 3 Dec 2019 23:22:02 +0100 +Date: Wed, 4 Dec 2019 01:48:29 +0100 Subject: [PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL RH-Author: Eduardo Habkost -Message-id: <20191203232202.555105-3-ehabkost@redhat.com> -Patchwork-id: 92845 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL -Bugzilla: 1771960 +Message-id: <20191204014829.608318-3-ehabkost@redhat.com> +Patchwork-id: 92854 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 2/2] target/i386: add support for MSR_IA32_TSX_CTRL +Bugzilla: 1771961 RH-Acked-by: Paolo Bonzini RH-Acked-by: Dr. David Alan Gilbert RH-Acked-by: Igor Mammedov @@ -37,20 +37,20 @@ Signed-off-by: Miroslav Rezanina 4 files changed, 41 insertions(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 2de8822..48d3aec 100644 +index 120df73..57f5364 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -200,7 +200,7 @@ static const char *cpuid_xsave_feature_name[] = { +@@ -211,7 +211,7 @@ static const char *cpuid_apm_edx_feature_name[] = { static const char *cpuid_arch_capabilities_feature_name[] = { "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", -- "ssb-no", NULL, NULL, NULL, -+ "ssb-no", NULL, NULL, "tsx-ctrl", +- "ssb-no", "mds-no", NULL, NULL, ++ "ssb-no", "mds-no", NULL, "tsx-ctrl", "taa-no", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, diff --git a/target-i386/cpu.h b/target-i386/cpu.h -index d855ae3..705cd66 100644 +index 8f73af7..c9bcdd5 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h @@ -307,7 +307,11 @@ @@ -65,7 +65,7 @@ index d855ae3..705cd66 100644 #define MSR_IA32_TSCDEADLINE 0x6e0 #define MSR_P6_PERFCTR0 0xc1 -@@ -1063,6 +1067,7 @@ typedef struct CPUX86State { +@@ -1067,6 +1071,7 @@ typedef struct CPUX86State { uint64_t xss; uint32_t pkru; @@ -74,10 +74,10 @@ index d855ae3..705cd66 100644 uint64_t spec_ctrl; uint64_t virt_ssbd; diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 0374b7a..689b37c 100644 +index c79b0ea..7df2b28 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -79,6 +79,7 @@ static bool has_msr_hv_tsc; +@@ -80,6 +80,7 @@ static bool has_msr_hv_tsc; static bool has_msr_mtrr; static bool has_msr_xss; static bool has_msr_spec_ctrl; @@ -85,7 +85,7 @@ index 0374b7a..689b37c 100644 static bool has_msr_virt_ssbd; static bool has_msr_arch_capabs; -@@ -894,6 +895,10 @@ static int kvm_get_supported_msrs(KVMState *s) +@@ -908,6 +909,10 @@ static int kvm_get_supported_msrs(KVMState *s) has_msr_spec_ctrl = true; continue; } @@ -96,7 +96,7 @@ index 0374b7a..689b37c 100644 if (kvm_msr_list->indices[i] == MSR_VIRT_SSBD) { has_msr_virt_ssbd = true; continue; -@@ -1316,6 +1321,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) +@@ -1330,6 +1335,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) if (has_msr_spec_ctrl) { kvm_msr_entry_set(&msrs[n++], MSR_IA32_SPEC_CTRL, env->spec_ctrl); } @@ -106,7 +106,7 @@ index 0374b7a..689b37c 100644 if (has_msr_virt_ssbd) { kvm_msr_entry_set(&msrs[n++], MSR_VIRT_SSBD, env->virt_ssbd); } -@@ -1685,6 +1693,9 @@ static int kvm_get_msrs(X86CPU *cpu) +@@ -1699,6 +1707,9 @@ static int kvm_get_msrs(X86CPU *cpu) if (has_msr_spec_ctrl) { msrs[n++].index = MSR_IA32_SPEC_CTRL; } @@ -116,7 +116,7 @@ index 0374b7a..689b37c 100644 if (has_msr_virt_ssbd) { msrs[n++].index = MSR_VIRT_SSBD; } -@@ -1931,6 +1942,9 @@ static int kvm_get_msrs(X86CPU *cpu) +@@ -1945,6 +1956,9 @@ static int kvm_get_msrs(X86CPU *cpu) case MSR_IA32_SPEC_CTRL: env->spec_ctrl = msrs[i].data; break; @@ -127,7 +127,7 @@ index 0374b7a..689b37c 100644 env->virt_ssbd = msrs[i].data; break; diff --git a/target-i386/machine.c b/target-i386/machine.c -index 507ab1a..266797a 100644 +index cd2cf6f..892c8f4 100644 --- a/target-i386/machine.c +++ b/target-i386/machine.c @@ -778,6 +778,24 @@ static const VMStateDescription vmstate_msr_virt_ssbd = { @@ -152,10 +152,10 @@ index 507ab1a..266797a 100644 + } +}; + - const VMStateDescription vmstate_x86_cpu = { + VMStateDescription vmstate_x86_cpu = { .name = "cpu", .version_id = 12, -@@ -938,6 +956,9 @@ const VMStateDescription vmstate_x86_cpu = { +@@ -938,6 +956,9 @@ VMStateDescription vmstate_x86_cpu = { }, { .vmsd = &vmstate_msr_virt_ssbd, .needed = virt_ssbd_needed, diff --git a/SOURCES/kvm-target-i386-block-migration-and-savevm-if-invariant-.patch b/SOURCES/kvm-target-i386-block-migration-and-savevm-if-invariant-.patch new file mode 100644 index 0000000..d2ff0b7 --- /dev/null +++ b/SOURCES/kvm-target-i386-block-migration-and-savevm-if-invariant-.patch @@ -0,0 +1,111 @@ +From f53b97e4cda28b911c11400a985bcff587b2df34 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 21 Aug 2019 14:30:06 +0200 +Subject: [PATCH 2/3] target-i386: block migration and savevm if invariant tsc + is exposed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eduardo Habkost +Message-id: <20190821143006.23516-3-ehabkost@redhat.com> +Patchwork-id: 90102 +O-Subject: [RHEL-7.8 qemu-kvm PATCH 2/2] target-i386: block migration and savevm if invariant tsc is exposed +Bugzilla: 1626871 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Bandan Das +RH-Acked-by: Igor Mammedov + +From: Marcelo Tosatti + +Invariant TSC documentation mentions that "invariant TSC will run at a +constant rate in all ACPI P-, C-. and T-states". + +This is not the case if migration to a host with different TSC frequency +is allowed, or if savevm is performed. So block migration/savevm. + +Signed-off-by: Marcelo Tosatti +Reviewed-by: Eduardo Habkost +Signed-off-by: Eduardo Habkost +Reviewed-by: Juan Quintela +[AF+mtosatti: Updated error message] +Signed-off-by: Andreas Färber +(cherry picked from commit 68bfd0ad4a1dcc4c328d5db85dc746b49c1ec07e) +Signed-off-by: Eduardo Habkost + +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu-qom.h | 2 +- + target-i386/kvm.c | 15 +++++++++++++++ + target-i386/machine.c | 2 +- + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h +index 0b01e8f..89dd29a 100644 +--- a/target-i386/cpu-qom.h ++++ b/target-i386/cpu-qom.h +@@ -94,7 +94,7 @@ static inline X86CPU *x86_env_get_cpu(CPUX86State *env) + #define ENV_OFFSET offsetof(X86CPU, env) + + #ifndef CONFIG_USER_ONLY +-extern const struct VMStateDescription vmstate_x86_cpu; ++extern struct VMStateDescription vmstate_x86_cpu; + #endif + + /** +diff --git a/target-i386/kvm.c b/target-i386/kvm.c +index d5f6deb..b6c76f1 100644 +--- a/target-i386/kvm.c ++++ b/target-i386/kvm.c +@@ -33,6 +33,8 @@ + #include "exec/ioport.h" + #include + #include "hw/pci/pci.h" ++#include "migration/migration.h" ++#include "qapi/qmp/qerror.h" + + //#define DEBUG_KVM + +@@ -449,6 +451,8 @@ static bool hyperv_enabled(X86CPU *cpu) + cpu->hyperv_relaxed_timing); + } + ++static Error *invtsc_mig_blocker; ++ + #define KVM_MAX_CPUID_ENTRIES 100 + + int kvm_arch_init_vcpu(CPUState *cs) +@@ -698,6 +702,17 @@ int kvm_arch_init_vcpu(CPUState *cs) + + qemu_add_vm_change_state_handler(cpu_update_state, env); + ++ c = cpuid_find_entry(&cpuid_data.cpuid, 0x80000007, 0); ++ if (c && (c->edx & 1<<8) && invtsc_mig_blocker == NULL) { ++ /* for migration */ ++ error_setg(&invtsc_mig_blocker, ++ "State blocked by non-migratable CPU device" ++ " (invtsc flag)"); ++ migrate_add_blocker(invtsc_mig_blocker); ++ /* for savevm */ ++ vmstate_x86_cpu.unmigratable = 1; ++ } ++ + cpuid_data.cpuid.padding = 0; + r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, &cpuid_data); + if (r) { +diff --git a/target-i386/machine.c b/target-i386/machine.c +index 507ab1a..cd2cf6f 100644 +--- a/target-i386/machine.c ++++ b/target-i386/machine.c +@@ -778,7 +778,7 @@ static const VMStateDescription vmstate_msr_virt_ssbd = { + } + }; + +-const VMStateDescription vmstate_x86_cpu = { ++VMStateDescription vmstate_x86_cpu = { + .name = "cpu", + .version_id = 12, + .minimum_version_id = 3, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-tcp_emu-Fix-oob-access.patch b/SOURCES/kvm-tcp_emu-Fix-oob-access.patch new file mode 100644 index 0000000..55119f9 --- /dev/null +++ b/SOURCES/kvm-tcp_emu-Fix-oob-access.patch @@ -0,0 +1,60 @@ +From dea2f95979cc0ba0c36f07b8e9cc709bd1ef1eb4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 17 Jan 2020 12:00:35 +0100 +Subject: [PATCH 1/3] tcp_emu: Fix oob access +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20200117120037.12800-2-philmd@redhat.com> +Patchwork-id: 93395 +O-Subject: [RHEL-7.7.z qemu-kvm + RHEL-7.8 qemu-kvm + RHEL-7.9 qemu-kvm PATCH v2 1/3] tcp_emu: Fix oob access +Bugzilla: 1791560 +RH-Acked-by: Stefano Garzarella +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Thomas Huth + +From: Samuel Thibault + +The main loop only checks for one available byte, while we sometimes +need two bytes. + +(cherry picked from libslirp commit 2655fffed7a9e765bcb4701dd876e9dab975f289) +[PMD: backported with style conflicts, + CHANGELOG.md absent in downstream] +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Miroslav Rezanina +--- + slirp/tcp_subr.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c +index d49a366..70a4c83 100644 +--- a/slirp/tcp_subr.c ++++ b/slirp/tcp_subr.c +@@ -837,6 +837,9 @@ tcp_emu(struct socket *so, struct mbuf *m) + break; + + case 5: ++ if (bptr == m->m_data + m->m_len - 1) ++ return 1; /* We need two bytes */ ++ + /* + * The difference between versions 1.0 and + * 2.0 is here. For future versions of +@@ -852,6 +855,10 @@ tcp_emu(struct socket *so, struct mbuf *m) + /* This is the field containing the port + * number that RA-player is listening to. + */ ++ ++ if (bptr == m->m_data + m->m_len - 1) ++ return 1; /* We need two bytes */ ++ + lport = (((u_char*)bptr)[0] << 8) + + ((u_char *)bptr)[1]; + if (lport < 6970) +-- +1.8.3.1 + diff --git a/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch b/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch index c8ad7fc..e647bf6 100644 --- a/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch +++ b/SOURCES/kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch @@ -1,17 +1,17 @@ -From c238d465b43fa575e2571f54813ca44a8709168d Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:44 +0200 -Subject: [PATCH 06/10] x86: Data structure changes to support MSR based +From e2f14f95ccb04db5f470d3593e2a2f2dc69187d8 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:23 +0200 +Subject: [PATCH 07/12] x86: Data structure changes to support MSR based features -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-7-ehabkost@redhat.com> -Patchwork-id: 91364 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 06/10] x86: Data structure changes to support MSR based features -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-7-git-send-email-plai@redhat.com> +Patchwork-id: 90863 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 06/10] x86: Data structure changes to support MSR based features +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina From: Robert Hoo @@ -19,34 +19,31 @@ Add FeatureWordType indicator in struct FeatureWordInfo. Change feature_word_info[] accordingly. Change existing functions that refer to feature_word_info[] accordingly. -7.8 backport conflicts (plai): - target/i386/cpu.c changes to target-i386/cpu.c - - x86_cpu_get_supported_feature_word() updated @ 07585923485 - dropped hvf_enabled(), tcg_enabled(), and migratable_only checks - -7.7.z backport notes (ehabkost): -* Cherry pick from 7.8 tree with no conflicts - Signed-off-by: Robert Hoo Message-Id: <1539578845-37944-3-git-send-email-robert.hu@linux.intel.com> [ehabkost: fixed hvf_enabled() case] Signed-off-by: Eduardo Habkost + (cherry picked from commit 07585923485952bf4cb7da563c9f91fecc85d09c) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost + +Resolved Conflicts: + target/i386/cpu.c changes to target-i386/cpu.c + + x86_cpu_get_supported_feature_word() updated @ 07585923485 + dropped hvf_enabled(), tcg_enabled(), and migratable_only checks Signed-off-by: Miroslav Rezanina --- - target-i386/cpu.c | 160 ++++++++++++++++++++++++++++++++++++++++-------------- - 1 file changed, 118 insertions(+), 42 deletions(-) + target-i386/cpu.c | 163 +++++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 119 insertions(+), 44 deletions(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index ba2ce8e..7fecd21 100644 +index 838c616..488634c 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -260,83 +260,120 @@ static const char *cpuid_xsave_feature_name[] = { - #define TCG_7_0_EDX_FEATURES 0 +@@ -272,89 +272,125 @@ static const char *cpuid_apm_edx_feature_name[] = { + #define TCG_APM_FEATURES 0 +typedef enum FeatureWordType { @@ -170,6 +167,13 @@ index ba2ce8e..7fecd21 100644 + }, .tcg_features = TCG_7_0_EDX_FEATURES, }, + [FEAT_8000_0007_EDX] = { + .feat_names = cpuid_apm_edx_feature_name, +- .cpuid_eax = 0x80000007, +- .cpuid_reg = R_EDX, ++ .cpuid = { .eax = 0x80000007, .reg = R_EDX, }, + .tcg_features = TCG_APM_FEATURES, + }, [FEAT_8000_0008_EBX] = { + .type = CPUID_FEATURE_WORD, .feat_names = cpuid_80000008_ebx_feature_name, @@ -192,7 +196,7 @@ index ba2ce8e..7fecd21 100644 }, }; -@@ -366,6 +403,8 @@ typedef struct ExtSaveArea { +@@ -384,6 +420,8 @@ typedef struct ExtSaveArea { uint32_t offset, size; } ExtSaveArea; @@ -201,7 +205,7 @@ index ba2ce8e..7fecd21 100644 static const ExtSaveArea ext_save_areas[] = { [2] = { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX, .offset = 0x240, .size = 0x100 }, -@@ -1737,10 +1776,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) +@@ -1755,10 +1793,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) FeatureWord w; for (w = 0; w < FEATURE_WORDS; w++) { @@ -213,7 +217,7 @@ index ba2ce8e..7fecd21 100644 } /* -@@ -1754,19 +1790,40 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) +@@ -1774,19 +1809,40 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def) #endif /* CONFIG_KVM */ } @@ -258,7 +262,7 @@ index ba2ce8e..7fecd21 100644 } } } -@@ -2075,11 +2132,18 @@ static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque, +@@ -2095,11 +2151,18 @@ static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque, for (w = 0; w < FEATURE_WORDS; w++) { FeatureWordInfo *wi = &feature_word_info[w]; @@ -281,7 +285,7 @@ index ba2ce8e..7fecd21 100644 qwi->features = array[w]; /* List will be in reverse order, but order shouldn't matter */ -@@ -2370,11 +2434,23 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) +@@ -2390,11 +2453,23 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp) static uint32_t x86_cpu_get_supported_feature_word(FeatureWord w) { FeatureWordInfo *wi = &feature_word_info[w]; diff --git a/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch b/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch index 7cd7905..71ee4b4 100644 --- a/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch +++ b/SOURCES/kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch @@ -1,39 +1,36 @@ -From 44f5e2649ee37f15607c516c8f9efc58aad708bb Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 9 Oct 2019 17:51:45 +0200 -Subject: [PATCH 07/10] x86: define a new MSR based feature word -- +From a047703bdb55821e77d9a89f484e98e5293dc5bf Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 23 Sep 2019 20:40:24 +0200 +Subject: [PATCH 08/12] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES -RH-Author: Eduardo Habkost -Message-id: <20191009175148.1361-8-ehabkost@redhat.com> -Patchwork-id: 91362 -O-Subject: [RHEL-7.7.z qemu-kvm PATCH 07/10] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES -Bugzilla: 1730606 -RH-Acked-by: Miroslav Rezanina +RH-Author: plai@redhat.com +Message-id: <1569271227-28026-8-git-send-email-plai@redhat.com> +Patchwork-id: 90860 +O-Subject: [RHEL7.8 qemu-kvm PATCH v6 07/10] x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES +Bugzilla: 1709971 +RH-Acked-by: Eduardo Habkost RH-Acked-by: Bandan Das -RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina From: Robert Hoo Note RSBA is specially treated -- no matter host support it or not, qemu pretends it is supported. -7.8 backport conflicts (plai): - target/i386/cpu.c - target/i386/cpu.h - target/i386/kvm.c - -7.7.z backport notes (ehabkost): -* Cherry picked from 7.8 tree with no conflicts - Signed-off-by: Robert Hoo Message-Id: <1539578845-37944-4-git-send-email-robert.hu@linux.intel.com> [ehabkost: removed automatic enabling of RSBA] Reviewed-by: Eduardo Habkost Signed-off-by: Eduardo Habkost + (cherry picked from commit d86f963694df27f11b3681ffd225c9362de1b634) Signed-off-by: Paul Lai -Signed-off-by: Eduardo Habkost + +Resolved Conflicts: + target/i386/cpu.c + target/i386/cpu.h + target/i386/kvm.c Signed-off-by: Miroslav Rezanina --- @@ -43,10 +40,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 41 insertions(+) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 7fecd21..35381f0 100644 +index 488634c..24fc000 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c -@@ -199,6 +199,17 @@ static const char *cpuid_xsave_feature_name[] = { +@@ -210,6 +210,17 @@ static const char *cpuid_apm_edx_feature_name[] = { NULL, NULL, NULL, NULL, }; @@ -64,7 +61,7 @@ index 7fecd21..35381f0 100644 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE) #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \ CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC) -@@ -375,6 +386,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { +@@ -392,6 +403,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { .reg = R_EAX, }, }, @@ -84,10 +81,10 @@ index 7fecd21..35381f0 100644 typedef struct X86RegisterInfo32 { diff --git a/target-i386/cpu.h b/target-i386/cpu.h -index ea5df77..1c62e63 100644 +index 0ce479a..5a86b2c 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h -@@ -415,6 +415,7 @@ typedef enum FeatureWord { +@@ -416,6 +416,7 @@ typedef enum FeatureWord { FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */ FEAT_SVM, /* CPUID[8000_000A].EDX */ FEAT_XSAVE, /* CPUID[EAX=0xd,ECX=1].EAX */ @@ -95,7 +92,7 @@ index ea5df77..1c62e63 100644 FEATURE_WORDS, } FeatureWord; -@@ -632,6 +633,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; +@@ -636,6 +637,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; #define CPUID_MWAIT_IBE (1U << 1) /* Interrupts can exit capability */ #define CPUID_MWAIT_EMX (1U << 0) /* enumeration supported */ @@ -110,10 +107,10 @@ index ea5df77..1c62e63 100644 #define HYPERV_SPINLOCK_NEVER_RETRY 0xFFFFFFFF #endif diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 2b1d7da..180ae56 100644 +index 159ed4c..722cfbc 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -1325,6 +1325,16 @@ static int kvm_put_msrs(X86CPU *cpu, int level) +@@ -1339,6 +1339,16 @@ static int kvm_put_msrs(X86CPU *cpu, int level) kvm_msr_entry_set(&msrs[n++], MSR_IA32_TSC, env->tsc); } } diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec index 80cccfe..78e86ee 100644 --- a/SPECS/qemu-kvm.spec +++ b/SPECS/qemu-kvm.spec @@ -14,7 +14,7 @@ %global have_usbredir 0 %endif -%ifnarch s390 s390x %{arm} +%ifnarch s390 s390x %global have_librdma 1 %global have_tcmalloc 1 %endif @@ -41,9 +41,6 @@ %ifarch aarch64 %global kvm_target aarch64 %endif -%ifarch %{arm} - %global kvm_target arm -%endif #Versions of various parts: @@ -79,13 +76,13 @@ Obsoletes: %1 < %{obsoletes_version} \ Summary: QEMU is a machine emulator and virtualizer Name: %{pkgname}%{?pkgsuffix} Version: 1.5.3 -Release: 167%{?dist}.4 +Release: 173%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 10 License: GPLv2 and GPLv2+ and CC-BY Group: Development/Tools URL: http://www.qemu.org/ -ExclusiveArch: x86_64 %{arm} +ExclusiveArch: x86_64 Requires: seabios-bin >= 1.7.2.2-5 Requires: sgabios-bin Requires: seavgabios-bin @@ -3972,36 +3969,62 @@ Patch1955: kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch Patch1956: kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch # For bz#1669068 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7] Patch1957: kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch -# For bz#1732337 - CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z] +# For bz#1712703 - CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] Patch1958: kvm-qxl-check-release-info-object.patch -# For bz#1734748 - CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z] -Patch1959: kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1960: kvm-target-i386-Merge-feature-filtering-checking-functio.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1961: kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1962: kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1963: kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1964: kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1965: kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1966: kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1967: kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1968: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch -# For bz#1730606 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z] -Patch1969: kvm-Remove-arch-capabilities-deprecation.patch -# For bz#1771960 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z] -Patch1970: kvm-target-i386-Export-TAA_NO-bit-to-guests.patch -# For bz#1771960 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z] -Patch1971: kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch -# For bz#1755333 - [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z] -Patch1972: kvm-target-i386-add-MDS-NO-feature.patch +# For bz#1270166 - UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation. +Patch1959: kvm-bswap.h-Remove-cpu_to_be16wu.patch +# For bz#1270166 - UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation. +Patch1960: kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch +# For bz#1734749 - CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8] +Patch1961: kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch +# For bz#1626871 - [RFE] request for using TscInvariant feature with qemu-kvm. +Patch1962: kvm-target-i386-Support-invariant-tsc-flag.patch +# For bz#1626871 - [RFE] request for using TscInvariant feature with qemu-kvm. +Patch1963: kvm-target-i386-block-migration-and-savevm-if-invariant-.patch +# For bz#1706658 - [Intel 7.8 Bug] qemu-kvm fail with "err:kvm_init_vcpu() invalidate argumant" on ICX platform +Patch1964: kvm-i386-Don-t-copy-host-virtual-address-limit.patch +# For bz#1749735 - CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7] +Patch1965: kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1966: kvm-target-i386-Merge-feature-filtering-checking-functio.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1967: kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1968: kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1969: kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1970: kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1971: kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1972: kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1973: kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1974: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch +# For bz#1709971 - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm +Patch1975: kvm-Remove-arch-capabilities-deprecation.patch +# For bz#1714791 - [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm +Patch1976: kvm-target-i386-add-MDS-NO-feature.patch +# For bz#1638471 - [Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model +Patch1977: kvm-i386-Add-new-model-of-Cascadelake-Server.patch +# For bz#1638471 - [Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model +Patch1978: kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch +# For bz#1638471 - [Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model +Patch1979: kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch +# For bz#1760607 - Corrupted EAX values due to missing brackets at CPUID[0x800000008] code +Patch1980: kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch +# For bz#1771961 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8] +Patch1981: kvm-target-i386-Export-TAA_NO-bit-to-guests.patch +# For bz#1771961 - CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8] +Patch1982: kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch +# For bz#1791560 - CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8] +Patch1983: kvm-tcp_emu-Fix-oob-access.patch +# For bz#1791560 - CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8] +Patch1984: kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch +# For bz#1791560 - CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8] +Patch1985: kvm-slirp-use-correct-size-while-emulating-commands.patch BuildRequires: zlib-devel @@ -6152,6 +6175,19 @@ tar -xf %{SOURCE21} %patch1970 -p1 %patch1971 -p1 %patch1972 -p1 +%patch1973 -p1 +%patch1974 -p1 +%patch1975 -p1 +%patch1976 -p1 +%patch1977 -p1 +%patch1978 -p1 +%patch1979 -p1 +%patch1980 -p1 +%patch1981 -p1 +%patch1982 -p1 +%patch1983 -p1 +%patch1984 -p1 +%patch1985 -p1 %build buildarch="%{kvm_target}-softmmu" @@ -6597,38 +6633,69 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %{_mandir}/man8/qemu-nbd.8* %changelog -* Mon Jan 06 2020 Miroslav Rezanina - 1.5.3-167.el7_7.4 -- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333] -- Resolves: bz#1755333 - ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z]) - -* Tue Dec 10 2019 Miroslav Rezanina - 1.5.3-167.el7_7.3 -- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960] -- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960] -- Resolves: bz#1771960 - (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]) - -* Thu Oct 24 2019 Miroslav Rezanina - 1.5.3-167.el7_7.2 -- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606] -- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606] -- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606] -- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606] -- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606] -- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606] -- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606] -- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606] -- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606] -- kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606] -- Resolves: bz#1730606 - ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]) - -* Mon Aug 12 2019 Miroslav Rezanina - 1.5.3-167.el7_7.1 -- kvm-qxl-check-release-info-object.patch [bz#1732337] -- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748] -- Resolves: bz#1732337 - (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z]) -- Resolves: bz#1734748 - (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z]) +* Thu Jan 23 2020 Miroslav Rezanina - 1.5.3-173.el7 +- kvm-tcp_emu-Fix-oob-access.patch [bz#1791560] +- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560] +- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560] +- Resolves: bz#1791560 + (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8]) + +* Thu Dec 05 2019 Miroslav Rezanina - 1.5.3-172.el7 +- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961] +- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961] +- Resolves: bz#1771961 + (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8]) + +* Tue Oct 15 2019 Miroslav Rezanina - 1.5.3-171.el7 +- kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471] +- kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471] +- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471] +- kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607] +- Resolves: bz#1638471 + ([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model) +- Resolves: bz#1760607 + (Corrupted EAX values due to missing brackets at CPUID[0x800000008] code) + +* Wed Oct 02 2019 Miroslav Rezanina - 1.5.3-170.el7 +- kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735] +- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971] +- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971] +- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971] +- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971] +- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971] +- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971] +- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971] +- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971] +- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971] +- kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971] +- kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791] +- Resolves: bz#1709971 + ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm) +- Resolves: bz#1714791 + ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm) +- Resolves: bz#1749735 + (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7]) + +* Wed Sep 04 2019 Miroslav Rezanina - 1.5.3-169.el7 +- kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871] +- kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871] +- kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658] +- Resolves: bz#1626871 + ([RFE] request for using TscInvariant feature with qemu-kvm.) +- Resolves: bz#1706658 + ([Intel 7.8 Bug] qemu-kvm fail with "err:kvm_init_vcpu() invalidate argumant" on ICX platform) + +* Tue Aug 20 2019 Miroslav Rezanina - 1.5.3-168.el7 +- kvm-qxl-check-release-info-object.patch [bz#1712703] +- kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166] +- kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166] +- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749] +- Resolves: bz#1270166 + (UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.) +- Resolves: bz#1712703 + (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7]) +- Resolves: bz#1734749 + (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8]) * Wed Jun 12 2019 Miroslav Rezanina - 1.5.3-167.el7 - Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]