diff --git a/SOURCES/kvm-Do-not-build-bluetooth-support.patch b/SOURCES/kvm-Do-not-build-bluetooth-support.patch new file mode 100644 index 0000000..d3683df --- /dev/null +++ b/SOURCES/kvm-Do-not-build-bluetooth-support.patch @@ -0,0 +1,117 @@ +From d930ba960a1abaf8b76e507707a7fe081a376741 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Mon, 17 Dec 2018 11:04:15 +0100 +Subject: [PATCH 2/2] Do not build bluetooth support + +RH-Author: Miroslav Rezanina +Message-id: <1545044655-7801-1-git-send-email-mrezanin@redhat.com> +Patchwork-id: 83537 +O-Subject: [RHEL-7.7 qemu-kvm PATCH] Do not build bluetooth support +Bugzilla: 1654627 +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Danilo de Paula +RH-Acked-by: Markus Armbruster + +From: Miroslav Rezanina + +We do not support bt devices however some bt related code is built in. +As this code is deprecated upstream disabling build of this code downstream. + +Signed-off-by: Miroslav Rezanina +--- + Makefile.objs | 2 +- + hw/bt/Makefile.objs | 4 ++-- + qemu-options.hx | 2 ++ + vl.c | 6 ++++++ + 4 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/Makefile.objs b/Makefile.objs +index 74f722e44e..1712ee6133 100644 +--- a/Makefile.objs ++++ b/Makefile.objs +@@ -64,7 +64,7 @@ common-obj-y += audio/ + common-obj-y += hw/ + + common-obj-y += ui/ +-common-obj-y += bt-host.o bt-vhci.o ++#common-obj-y += bt-host.o bt-vhci.o + + common-obj-y += dma-helpers.o + common-obj-y += vl.o +diff --git a/hw/bt/Makefile.objs b/hw/bt/Makefile.objs +index 867a7d2e8a..e678e9ee3c 100644 +--- a/hw/bt/Makefile.objs ++++ b/hw/bt/Makefile.objs +@@ -1,3 +1,3 @@ +-common-obj-y += core.o l2cap.o sdp.o hci.o hid.o +-common-obj-y += hci-csr.o ++#common-obj-y += core.o l2cap.o sdp.o hci.o hid.o ++#common-obj-y += hci-csr.o + +diff --git a/qemu-options.hx b/qemu-options.hx +index 24ffab6a50..bcf1b8f755 100644 +--- a/qemu-options.hx ++++ b/qemu-options.hx +@@ -2157,6 +2157,7 @@ STEXI + @end table + ETEXI + ++#if 0 + DEFHEADING(Bluetooth(R) options:) + STEXI + @table @option +@@ -2231,6 +2232,7 @@ STEXI + @end table + ETEXI + DEFHEADING() ++#endif + + #ifdef CONFIG_TPM + DEFHEADING(TPM device options:) +diff --git a/vl.c b/vl.c +index 7c34b7c64f..5c5cdbe88b 100644 +--- a/vl.c ++++ b/vl.c +@@ -840,6 +840,7 @@ static void configure_rtc(QemuOpts *opts) + } + } + ++#if 0 // Disabled for Red Hat Enterprise Linux + /***********************************************************/ + /* Bluetooth support */ + static int nb_hcis; +@@ -961,6 +962,7 @@ static int bt_parse(const char *opt) + fprintf(stderr, "qemu: bad bluetooth parameter '%s'\n", opt); + return 1; + } ++#endif + + static int parse_sandbox(QemuOpts *opts, void *opaque) + { +@@ -3132,9 +3134,11 @@ int main(int argc, char **argv, char **envp) + exit(1); + break; + #endif ++#if 0 // Disabled for Red Hat Enterprise Linux + case QEMU_OPTION_bt: + add_device_config(DEV_BT, optarg); + break; ++#endif + case QEMU_OPTION_audio_help: + AUD_help (); + exit (0); +@@ -4113,9 +4117,11 @@ int main(int argc, char **argv, char **envp) + } + #endif + ++#if 0 // Disabled for Red Hat Enterprise Linux + /* init the bluetooth world */ + if (foreach_device_config(DEV_BT, bt_parse)) + exit(1); ++#endif + + if (!xen_enabled()) { + /* On 32-bit hosts, QEMU is limited by virtual address space */ +-- +2.19.1 + diff --git a/SOURCES/kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch b/SOURCES/kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch new file mode 100644 index 0000000..699e2f5 --- /dev/null +++ b/SOURCES/kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch @@ -0,0 +1,51 @@ +From 9903f2031b13dfeff37514197cdd56cbcb3431f4 Mon Sep 17 00:00:00 2001 +From: Eduardo Habkost +Date: Wed, 15 May 2019 15:53:55 +0200 +Subject: [PATCH 1/4] kvm: Fix eax for cpuid leaf 0x40000000 + +RH-Author: Eduardo Habkost +Message-id: <20190515155355.22182-2-ehabkost@redhat.com> +Patchwork-id: 87888 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/1] kvm: Fix eax for cpuid leaf 0x40000000 +Bugzilla: 1709495 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Sergio Lopez Pascual + +From: Jidong Xiao + +Since Linux kernel 3.5, KVM has documented eax for leaf 0x40000000 +to be KVM_CPUID_FEATURES: + +https://github.com/torvalds/linux/commit/57c22e5f35aa4b9b2fe11f73f3e62bbf9ef36190 + +But qemu still tries to set it to 0. It would be better to make qemu +and kvm consistent. This patch just fixes this issue. + +Signed-off-by: Jidong Xiao +[Include kvm_base in the value. - Paolo] +Signed-off-by: Paolo Bonzini +(cherry picked from commit 79b6f2f651d64a122dd647c1456635d5a6a176ac) +Signed-off-by: Eduardo Habkost + +Signed-off-by: Miroslav Rezanina +--- + target-i386/kvm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target-i386/kvm.c b/target-i386/kvm.c +index 35a9cf4..d5f6deb 100644 +--- a/target-i386/kvm.c ++++ b/target-i386/kvm.c +@@ -532,7 +532,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + memcpy(signature, "KVMKVMKVM\0\0\0", 12); + c = &cpuid_data.entries[cpuid_i++]; + c->function = KVM_CPUID_SIGNATURE | kvm_base; +- c->eax = 0; ++ c->eax = KVM_CPUID_FEATURES | kvm_base; + c->ebx = signature[0]; + c->ecx = signature[1]; + c->edx = signature[2]; +-- +1.8.3.1 + diff --git a/SOURCES/kvm-Inhibit-ballooning-during-postcopy.patch b/SOURCES/kvm-Inhibit-ballooning-during-postcopy.patch new file mode 100644 index 0000000..bd1a2e5 --- /dev/null +++ b/SOURCES/kvm-Inhibit-ballooning-during-postcopy.patch @@ -0,0 +1,110 @@ +From cc224bcb3c12238466f8a6a366d3f813fb866a16 Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Thu, 13 Dec 2018 21:54:28 +0100 +Subject: [PATCH 1/5] Inhibit ballooning during postcopy + +RH-Author: Alex Williamson +Message-id: <154473806860.22725.2305869657628116679.stgit@gimli.home> +Patchwork-id: 83493 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/5] Inhibit ballooning during postcopy +Bugzilla: 1659229 +RH-Acked-by: Peter Xu +RH-Acked-by: Cornelia Huck +RH-Acked-by: Auger Eric + +From: Dr. David Alan Gilbert + +Bugzilla: 1659229 +Notes: Dropped all but balloon inhibitor infrastructure + +Postcopy detects accesses to pages that haven't been transferred yet +using userfaultfd, and it causes exceptions on pages that are 'not +present'. +Ballooning also causes pages to be marked as 'not present' when the +guest inflates the balloon. +Potentially a balloon could be inflated to discard pages that are +currently inflight during postcopy and that may be arriving at about +the same time. + +To avoid this confusion, disable ballooning during postcopy. + +When disabled we drop balloon requests from the guest. Since ballooning +is generally initiated by the host, the management system should avoid +initiating any balloon instructions to the guest during migration, +although it's not possible to know how long it would take a guest to +process a request made prior to the start of migration. +Guest initiated ballooning will not know if it's really freed a page +of host memory or not. + +Queueing the requests until after migration would be nice, but is +non-trivial, since the set of inflate/deflate requests have to +be compared with the state of the page to know what the final +outcome is allowed to be. + +Signed-off-by: Dr. David Alan Gilbert +Reviewed-by: Juan Quintela +Reviewed-by: Amit Shah +Signed-off-by: Juan Quintela +(cherry picked from commit 371ff5a3f04cd7d05bab49ac6e80da319026d95b) +Signed-off-by: Miroslav Rezanina +--- + balloon.c | 11 +++++++++++ + hw/virtio/virtio-balloon.c | 4 +++- + include/sysemu/balloon.h | 2 ++ + 3 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/balloon.c b/balloon.c +index e321f2c..c7a0cf1 100644 +--- a/balloon.c ++++ b/balloon.c +@@ -35,6 +35,17 @@ + static QEMUBalloonEvent *balloon_event_fn; + static QEMUBalloonStatus *balloon_stat_fn; + static void *balloon_opaque; ++static bool balloon_inhibited; ++ ++bool qemu_balloon_is_inhibited(void) ++{ ++ return balloon_inhibited; ++} ++ ++void qemu_balloon_inhibit(bool state) ++{ ++ balloon_inhibited = state; ++} + + int qemu_add_balloon_handler(QEMUBalloonEvent *event_func, + QEMUBalloonStatus *stat_func, void *opaque) +diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c +index 1a60d3c..c9562ef 100644 +--- a/hw/virtio/virtio-balloon.c ++++ b/hw/virtio/virtio-balloon.c +@@ -34,9 +34,11 @@ + static void balloon_page(void *addr, int deflate) + { + #if defined(__linux__) +- if (!kvm_enabled() || kvm_has_sync_mmu()) ++ if (!qemu_balloon_is_inhibited() && (!kvm_enabled() || ++ kvm_has_sync_mmu())) { + qemu_madvise(addr, TARGET_PAGE_SIZE, + deflate ? QEMU_MADV_WILLNEED : QEMU_MADV_DONTNEED); ++ } + #endif + } + +diff --git a/include/sysemu/balloon.h b/include/sysemu/balloon.h +index bd9d395..eb5af19 100644 +--- a/include/sysemu/balloon.h ++++ b/include/sysemu/balloon.h +@@ -23,6 +23,8 @@ typedef void (QEMUBalloonStatus)(void *opaque, BalloonInfo *info); + int qemu_add_balloon_handler(QEMUBalloonEvent *event_func, + QEMUBalloonStatus *stat_func, void *opaque); + void qemu_remove_balloon_handler(void *opaque); ++bool qemu_balloon_is_inhibited(void); ++void qemu_balloon_inhibit(bool state); + + void qemu_balloon_changed(int64_t actual); + +-- +1.8.3.1 + diff --git a/SOURCES/kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch b/SOURCES/kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch new file mode 100644 index 0000000..6f6c985 --- /dev/null +++ b/SOURCES/kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch @@ -0,0 +1,79 @@ +From 56e7f4a46b448ec40f72272658296df226ff0b5a Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Thu, 13 Dec 2018 21:55:20 +0100 +Subject: [PATCH 4/5] kvm: Use inhibit to prevent ballooning without + synchronous mmu + +RH-Author: Alex Williamson +Message-id: <154473812068.22725.2716400707312373292.stgit@gimli.home> +Patchwork-id: 83496 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 4/5] kvm: Use inhibit to prevent ballooning without synchronous mmu +Bugzilla: 1659229 +RH-Acked-by: Peter Xu +RH-Acked-by: Cornelia Huck +RH-Acked-by: Auger Eric + +Bugzilla: 1659229 + +Remove KVM specific tests in balloon_page(), instead marking +ballooning as inhibited without KVM_CAP_SYNC_MMU support. + +Reviewed-by: David Hildenbrand +Reviewed-by: Peter Xu +Reviewed-by: Cornelia Huck +Acked-by: Paolo Bonzini +Signed-off-by: Alex Williamson +(cherry picked from commit f59489423ab79852e98d9b3025b7d99ba8da584f) +Signed-off-by: Miroslav Rezanina +--- + hw/virtio/virtio-balloon.c | 4 +--- + kvm-all.c | 4 ++++ + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c +index c9562ef..d8add23 100644 +--- a/hw/virtio/virtio-balloon.c ++++ b/hw/virtio/virtio-balloon.c +@@ -21,7 +21,6 @@ + #include "cpu.h" + #include "sysemu/balloon.h" + #include "hw/virtio/virtio-balloon.h" +-#include "sysemu/kvm.h" + #include "exec/address-spaces.h" + #include "qapi/visitor.h" + +@@ -34,8 +33,7 @@ + static void balloon_page(void *addr, int deflate) + { + #if defined(__linux__) +- if (!qemu_balloon_is_inhibited() && (!kvm_enabled() || +- kvm_has_sync_mmu())) { ++ if (!qemu_balloon_is_inhibited()) { + qemu_madvise(addr, TARGET_PAGE_SIZE, + deflate ? QEMU_MADV_WILLNEED : QEMU_MADV_DONTNEED); + } +diff --git a/kvm-all.c b/kvm-all.c +index f5b7958..572275e 100644 +--- a/kvm-all.c ++++ b/kvm-all.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include "sysemu/balloon.h" + + #include + +@@ -1481,6 +1482,9 @@ int kvm_init(void) + cpu_interrupt_handler = kvm_handle_interrupt; + + s->sync_mmu = !!kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU); ++ if (!s->sync_mmu) { ++ qemu_balloon_inhibit(true); ++ } + + return 0; + +-- +1.8.3.1 + diff --git a/SOURCES/kvm-balloon-Allow-multiple-inhibit-users.patch b/SOURCES/kvm-balloon-Allow-multiple-inhibit-users.patch new file mode 100644 index 0000000..453160b --- /dev/null +++ b/SOURCES/kvm-balloon-Allow-multiple-inhibit-users.patch @@ -0,0 +1,71 @@ +From 8e0778982e9a71000c6a1d999e0caf5934bebd61 Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Thu, 13 Dec 2018 21:54:44 +0100 +Subject: [PATCH 2/5] balloon: Allow multiple inhibit users + +RH-Author: Alex Williamson +Message-id: <154473808463.22725.5535931320059757090.stgit@gimli.home> +Patchwork-id: 83494 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 2/5] balloon: Allow multiple inhibit users +Bugzilla: 1659229 +RH-Acked-by: Peter Xu +RH-Acked-by: Cornelia Huck +RH-Acked-by: Auger Eric + +Bugzilla: 1659229 + +A simple true/false internal state does not allow multiple users. Fix +this within the existing interface by converting to a counter, so long +as the counter is elevated, ballooning is inhibited. + +Reviewed-by: David Hildenbrand +Reviewed-by: Peter Xu +Reviewed-by: Cornelia Huck +Signed-off-by: Alex Williamson +(cherry picked from commit 01ccbec7bdf6f89f1b7d46dda05e4c1fd2dd5ade) +Signed-off-by: Miroslav Rezanina +--- + balloon.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/balloon.c b/balloon.c +index c7a0cf1..6a17096 100644 +--- a/balloon.c ++++ b/balloon.c +@@ -25,6 +25,7 @@ + */ + + #include "monitor/monitor.h" ++#include "qemu/atomic.h" + #include "exec/cpu-common.h" + #include "sysemu/kvm.h" + #include "sysemu/balloon.h" +@@ -35,16 +36,22 @@ + static QEMUBalloonEvent *balloon_event_fn; + static QEMUBalloonStatus *balloon_stat_fn; + static void *balloon_opaque; +-static bool balloon_inhibited; ++static int balloon_inhibit_count; + + bool qemu_balloon_is_inhibited(void) + { +- return balloon_inhibited; ++ return atomic_read(&balloon_inhibit_count) > 0; + } + + void qemu_balloon_inhibit(bool state) + { +- balloon_inhibited = state; ++ if (state) { ++ atomic_inc(&balloon_inhibit_count); ++ } else { ++ atomic_dec(&balloon_inhibit_count); ++ } ++ ++ assert(atomic_read(&balloon_inhibit_count) >= 0); + } + + int qemu_add_balloon_handler(QEMUBalloonEvent *event_func, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch b/SOURCES/kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch new file mode 100644 index 0000000..32dae59 --- /dev/null +++ b/SOURCES/kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch @@ -0,0 +1,116 @@ +From 53c0d0dcad838ef8b9b0faf0c8066d47380f2cf1 Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Thu, 13 Dec 2018 21:55:04 +0100 +Subject: [PATCH 3/5] kvm: check KVM_CAP_SYNC_MMU with kvm_vm_check_extension() + +RH-Author: Alex Williamson +Message-id: <154473810399.22725.17809569801460658619.stgit@gimli.home> +Patchwork-id: 83495 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 3/5] kvm: check KVM_CAP_SYNC_MMU with kvm_vm_check_extension() +Bugzilla: 1659229 +RH-Acked-by: Peter Xu +RH-Acked-by: Cornelia Huck +RH-Acked-by: Auger Eric + +From: Greg Kurz + +Bugzilla: 1659229 +Notes: We don't have kvm_vm_check_extension() but we can still + cache the result, which gives us the same hook to trigger + the balloon inhibitor here. + +On a server-class ppc host, this capability depends on the KVM type, +ie, HV or PR. If both KVM are present in the kernel, we will always +get the HV specific value, even if we explicitely requested PR on +the command line. + +This can have an impact if we're using hugepages or a balloon device. + +Since we've already created the VM at the time any user calls +kvm_has_sync_mmu(), switching to kvm_vm_check_extension() is +enough to fix any potential issue. + +It is okay for the other archs that also implement KVM_CAP_SYNC_MMU, +ie, mips, s390, x86 and arm, because they don't depend on the VM being +created or not. + +While here, let's cache the state of this extension in a bool variable, +since it has several users in the code, as suggested by Thomas Huth. + +Signed-off-by: Greg Kurz +Message-Id: <150600965332.30533.14702405809647835716.stgit@bahia.lan> +Reviewed-by: David Gibson +Signed-off-by: Paolo Bonzini +(cherry picked from commit 62dd4edaaf859b60f74a51f2a526d4d3d85d0248) +Signed-off-by: Miroslav Rezanina +--- + include/sysemu/kvm.h | 2 +- + kvm-all.c | 7 +++++-- + kvm-stub.c | 4 ++-- + 3 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h +index 49cfc42..e4403be 100644 +--- a/include/sysemu/kvm.h ++++ b/include/sysemu/kvm.h +@@ -135,7 +135,7 @@ extern KVMState *kvm_state; + + int kvm_init(void); + +-int kvm_has_sync_mmu(void); ++bool kvm_has_sync_mmu(void); + int kvm_has_vcpu_events(void); + int kvm_has_robust_singlestep(void); + int kvm_has_debugregs(void); +diff --git a/kvm-all.c b/kvm-all.c +index 9486b9a..f5b7958 100644 +--- a/kvm-all.c ++++ b/kvm-all.c +@@ -92,6 +92,7 @@ struct KVMState + int xsave, xcrs; + int many_ioeventfds; + int intx_set_mask; ++ bool sync_mmu; + /* The man page (and posix) say ioctl numbers are signed int, but + * they're not. Linux, glibc and *BSD all treat ioctl numbers as + * unsigned, and treating them as signed here can break things */ +@@ -1479,6 +1480,8 @@ int kvm_init(void) + + cpu_interrupt_handler = kvm_handle_interrupt; + ++ s->sync_mmu = !!kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU); ++ + return 0; + + err: +@@ -1775,9 +1778,9 @@ int kvm_vcpu_ioctl(CPUState *cpu, int type, ...) + return ret; + } + +-int kvm_has_sync_mmu(void) ++bool kvm_has_sync_mmu(void) + { +- return kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU); ++ return kvm_state->sync_mmu; + } + + int kvm_has_vcpu_events(void) +diff --git a/kvm-stub.c b/kvm-stub.c +index 22eaff0..ca6ddd7 100644 +--- a/kvm-stub.c ++++ b/kvm-stub.c +@@ -59,9 +59,9 @@ int kvm_cpu_exec(CPUArchState *env) + abort (); + } + +-int kvm_has_sync_mmu(void) ++bool kvm_has_sync_mmu(void) + { +- return 0; ++ return false; + } + + int kvm_has_many_ioeventfds(void) +-- +1.8.3.1 + diff --git a/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch b/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch index 75a1165..8011d2d 100644 --- a/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch +++ b/SOURCES/kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch @@ -1,14 +1,14 @@ -From 8cafea931977e494797584610664279ea21ef427 Mon Sep 17 00:00:00 2001 +From 59c1aecdd92dc66e92f8ffe8a2a5e121031a2ae7 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost Date: Fri, 21 Dec 2018 00:31:11 +0100 -Subject: [PATCH] i386: Deprecate arch-facilities and make it block live +Subject: [PATCH 1/2] i386: Deprecate arch-facilities and make it block live migration RH-Author: Eduardo Habkost Message-id: <20181221003111.32374-1-ehabkost@redhat.com> Patchwork-id: 83733 O-Subject: [RHEL-7.7 qemu-kvm PATCH] i386: Deprecate arch-facilities and make it block live migration -Bugzilla: 1664792 +Bugzilla: 1658407 RH-Acked-by: Bandan Das RH-Acked-by: Dr. David Alan Gilbert RH-Acked-by: Jiri Denemark diff --git a/SOURCES/kvm-slirp-check-sscanf-result-when-emulating-ident.patch b/SOURCES/kvm-slirp-check-sscanf-result-when-emulating-ident.patch index e4347b0..dc98e6f 100644 --- a/SOURCES/kvm-slirp-check-sscanf-result-when-emulating-ident.patch +++ b/SOURCES/kvm-slirp-check-sscanf-result-when-emulating-ident.patch @@ -1,19 +1,19 @@ -From 5cba04974b46608f462b7ce711c8eb0966f5d101 Mon Sep 17 00:00:00 2001 +From 013f795cb54d42e6b057689f7d51fd27e1730197 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 20 May 2019 17:00:52 +0200 -Subject: [PATCH 1/4] slirp: check sscanf result when emulating ident +Date: Tue, 2 Apr 2019 13:39:01 +0200 +Subject: [PATCH 3/3] slirp: check sscanf result when emulating ident MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Marc-André Lureau -Message-id: <20190520170055.15404-2-marcandre.lureau@redhat.com> -Patchwork-id: 88098 -O-Subject: [RHEL-7.6.z qemu-kvm PATCH 1/4] slirp: check sscanf result when emulating ident -Bugzilla: 1669067 +Message-id: <20190402133901.28238-1-marcandre.lureau@redhat.com> +Patchwork-id: 85305 +O-Subject: [RHEL-7.7 qemu-kvm PATCH] slirp: check sscanf result when emulating ident +Bugzilla: 1689791 RH-Acked-by: Philippe Mathieu-Daudé -RH-Acked-by: Stefan Hajnoczi -RH-Acked-by: Thomas Huth +RH-Acked-by: Markus Armbruster +RH-Acked-by: Dr. David Alan Gilbert From: William Bowling diff --git a/SOURCES/kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch b/SOURCES/kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch index 8ab4afc..7ba8686 100644 --- a/SOURCES/kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch +++ b/SOURCES/kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch @@ -1,16 +1,16 @@ -From dae1fad6e93e6bdff0d5366fdb269904cd00c83c Mon Sep 17 00:00:00 2001 +From 5e805decf566e71cd315243de9a037d99becb074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 20 May 2019 17:00:55 +0200 +Date: Mon, 20 May 2019 16:43:15 +0200 Subject: [PATCH 4/4] slirp: don't manipulate so_rcv in tcp_emu() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Marc-André Lureau -Message-id: <20190520170055.15404-5-marcandre.lureau@redhat.com> -Patchwork-id: 88097 -O-Subject: [RHEL-7.6.z qemu-kvm PATCH 4/4] slirp: don't manipulate so_rcv in tcp_emu() -Bugzilla: 1669067 +Message-id: <20190520164315.22140-4-marcandre.lureau@redhat.com> +Patchwork-id: 88095 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 3/3] slirp: don't manipulate so_rcv in tcp_emu() +Bugzilla: 1669068 RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Thomas Huth diff --git a/SOURCES/kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch b/SOURCES/kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch index ceb2fc0..9971280 100644 --- a/SOURCES/kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch +++ b/SOURCES/kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch @@ -1,6 +1,6 @@ -From 16725ff1e92b21449017a6e3aa9b1621d06c84a4 Mon Sep 17 00:00:00 2001 +From e80c12dfdbde349dcd225771a4801b47be0b3b5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 20 May 2019 17:00:54 +0200 +Date: Mon, 20 May 2019 16:43:14 +0200 Subject: [PATCH 3/4] slirp: ensure there is enough space in mbuf to null-terminate MIME-Version: 1.0 @@ -8,10 +8,10 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Marc-André Lureau -Message-id: <20190520170055.15404-4-marcandre.lureau@redhat.com> -Patchwork-id: 88099 -O-Subject: [RHEL-7.6.z qemu-kvm PATCH 3/4] slirp: ensure there is enough space in mbuf to null-terminate -Bugzilla: 1669067 +Message-id: <20190520164315.22140-3-marcandre.lureau@redhat.com> +Patchwork-id: 88094 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 2/3] slirp: ensure there is enough space in mbuf to null-terminate +Bugzilla: 1669068 RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Thomas Huth diff --git a/SOURCES/kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch b/SOURCES/kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch index 861404e..4d7e4ed 100644 --- a/SOURCES/kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch +++ b/SOURCES/kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch @@ -1,16 +1,16 @@ -From 6e4dad9d915f8de71e1695720398160c97e8ebd0 Mon Sep 17 00:00:00 2001 +From 91ca04a8a1df19f73e50733190175e137eeba933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 20 May 2019 17:00:53 +0200 +Date: Mon, 20 May 2019 16:43:13 +0200 Subject: [PATCH 2/4] slirp: fix big/little endian conversion in ident protocol MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Marc-André Lureau -Message-id: <20190520170055.15404-3-marcandre.lureau@redhat.com> -Patchwork-id: 88100 -O-Subject: [RHEL-7.6.z qemu-kvm PATCH 2/4] slirp: fix big/little endian conversion in ident protocol -Bugzilla: 1669067 +Message-id: <20190520164315.22140-2-marcandre.lureau@redhat.com> +Patchwork-id: 88093 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 1/3] slirp: fix big/little endian conversion in ident protocol +Bugzilla: 1669068 RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Thomas Huth @@ -20,10 +20,12 @@ From: Samuel Thibault Signed-off-by: Samuel Thibault Reviewed-by: Philippe Mathieu-Daudé -[ MA - backported to ease backport of CVE-2019-6778 ] +[ MA - backported to ease backport of + https://bugzilla.redhat.com/show_bug.cgi?id=1669068 ] -(cherry picked from commit 1fd71067dae501f1c78618e9583c6cc72db0cfa6) +(cherry picked from 1fd71067dae501f1c78618e9583c6cc72db0cfa6) Signed-off-by: Marc-André Lureau + Signed-off-by: Miroslav Rezanina --- slirp/tcp_subr.c | 4 +++- diff --git a/SOURCES/kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch b/SOURCES/kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch new file mode 100644 index 0000000..c766450 --- /dev/null +++ b/SOURCES/kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch @@ -0,0 +1,169 @@ +From e9148733cef44bebb0d74a731a70b3304e720634 Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Thu, 13 Dec 2018 21:55:26 +0100 +Subject: [PATCH 5/5] vfio: Inhibit ballooning based on group attachment to a + container + +RH-Author: Alex Williamson +Message-id: <154473812659.22725.6814768117383324849.stgit@gimli.home> +Patchwork-id: 83497 +O-Subject: [RHEL-7.7 qemu-kvm PATCH 5/5] vfio: Inhibit ballooning based on group attachment to a container +Bugzilla: 1659229 +RH-Acked-by: Peter Xu +RH-Acked-by: Cornelia Huck +RH-Acked-by: Auger Eric + +Bugzilla: 1659229 +Notes: Error path has more exit paths versus upstream + +We use a VFIOContainer to associate an AddressSpace to one or more +VFIOGroups. The VFIOContainer represents the DMA context for that +AdressSpace for those VFIOGroups and is synchronized to changes in +that AddressSpace via a MemoryListener. For IOMMU backed devices, +maintaining the DMA context for a VFIOGroup generally involves +pinning a host virtual address in order to create a stable host +physical address and then mapping a translation from the associated +guest physical address to that host physical address into the IOMMU. + +While the above maintains the VFIOContainer synchronized to the QEMU +memory API of the VM, memory ballooning occurs outside of that API. +Inflating the memory balloon (ie. cooperatively capturing pages from +the guest for use by the host) simply uses MADV_DONTNEED to "zap" +pages from QEMU's host virtual address space. The page pinning and +IOMMU mapping above remains in place, negating the host's ability to +reuse the page, but the host virtual to host physical mapping of the +page is invalidated outside of QEMU's memory API. + +When the balloon is later deflated, attempting to cooperatively +return pages to the guest, the page is simply freed by the guest +balloon driver, allowing it to be used in the guest and incurring a +page fault when that occurs. The page fault maps a new host physical +page backing the existing host virtual address, meanwhile the +VFIOContainer still maintains the translation to the original host +physical address. At this point the guest vCPU and any assigned +devices will map different host physical addresses to the same guest +physical address. Badness. + +The IOMMU typically does not have page level granularity with which +it can track this mapping without also incurring inefficiencies in +using page size mappings throughout. MMU notifiers in the host +kernel also provide indicators for invalidating the mapping on +balloon inflation, not for updating the mapping when the balloon is +deflated. For these reasons we assume a default behavior that the +mapping of each VFIOGroup into the VFIOContainer is incompatible +with memory ballooning and increment the balloon inhibitor to match +the attached VFIOGroups. + +Reviewed-by: Peter Xu +Signed-off-by: Alex Williamson +(cherry picked from commit c65ee433153b5925e183a00ebf568e160077c694) +Signed-off-by: Miroslav Rezanina +--- + hw/misc/vfio.c | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c +index f91eecb..f7360bf 100644 +--- a/hw/misc/vfio.c ++++ b/hw/misc/vfio.c +@@ -37,6 +37,7 @@ + #include "qemu/event_notifier.h" + #include "qemu/queue.h" + #include "qemu/range.h" ++#include "sysemu/balloon.h" + #include "sysemu/kvm.h" + #include "sysemu/sysemu.h" + #include "trace.h" +@@ -3667,6 +3668,33 @@ static int vfio_connect_container(VFIOGroup *group) + return 0; + } + ++ /* ++ * VFIO is currently incompatible with memory ballooning insofar as the ++ * madvise to purge (zap) the page from QEMU's address space does not ++ * interact with the memory API and therefore leaves stale virtual to ++ * physical mappings in the IOMMU if the page was previously pinned. We ++ * therefore add a balloon inhibit for each group added to a container, ++ * whether the container is used individually or shared. This provides ++ * us with options to allow devices within a group to opt-in and allow ++ * ballooning, so long as it is done consistently for a group (for instance ++ * if the device is an mdev device where it is known that the host vendor ++ * driver will never pin pages outside of the working set of the guest ++ * driver, which would thus not be ballooning candidates). ++ * ++ * The first opportunity to induce pinning occurs here where we attempt to ++ * attach the group to existing containers within the AddressSpace. If any ++ * pages are already zapped from the virtual address space, such as from a ++ * previous ballooning opt-in, new pinning will cause valid mappings to be ++ * re-established. Likewise, when the overall MemoryListener for a new ++ * container is registered, a replay of mappings within the AddressSpace ++ * will occur, re-establishing any previously zapped pages as well. ++ * ++ * NB. Balloon inhibiting does not currently block operation of the ++ * balloon driver or revoke previously pinned pages, it only prevents ++ * calling madvise to modify the virtual mapping of ballooned pages. ++ */ ++ qemu_balloon_inhibit(true); ++ + QLIST_FOREACH(container, &container_list, next) { + if (!ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &container->fd)) { + group->container = container; +@@ -3678,6 +3706,7 @@ static int vfio_connect_container(VFIOGroup *group) + fd = qemu_open("/dev/vfio/vfio", O_RDWR); + if (fd < 0) { + error_report("vfio: failed to open /dev/vfio/vfio: %m"); ++ qemu_balloon_inhibit(false); + return -errno; + } + +@@ -3686,6 +3715,7 @@ static int vfio_connect_container(VFIOGroup *group) + error_report("vfio: supported vfio version: %d, " + "reported version: %d", VFIO_API_VERSION, ret); + close(fd); ++ qemu_balloon_inhibit(false); + return -EINVAL; + } + +@@ -3701,6 +3731,7 @@ static int vfio_connect_container(VFIOGroup *group) + error_report("vfio: failed to set group container: %m"); + g_free(container); + close(fd); ++ qemu_balloon_inhibit(false); + return -errno; + } + +@@ -3710,6 +3741,7 @@ static int vfio_connect_container(VFIOGroup *group) + error_report("vfio: failed to set iommu for container: %m"); + g_free(container); + close(fd); ++ qemu_balloon_inhibit(false); + return -errno; + } + +@@ -3724,6 +3756,7 @@ static int vfio_connect_container(VFIOGroup *group) + vfio_listener_release(container); + g_free(container); + close(fd); ++ qemu_balloon_inhibit(false); + error_report("vfio: memory listener initialization failed for container\n"); + return ret; + } +@@ -3734,6 +3767,7 @@ static int vfio_connect_container(VFIOGroup *group) + error_report("vfio: No available IOMMU models"); + g_free(container); + close(fd); ++ qemu_balloon_inhibit(false); + return -EINVAL; + } + +@@ -3834,6 +3868,7 @@ static void vfio_put_group(VFIOGroup *group) + return; + } + ++ qemu_balloon_inhibit(false); + vfio_kvm_device_del_group(group); + vfio_disconnect_container(group); + QLIST_REMOVE(group, next); +-- +1.8.3.1 + diff --git a/SOURCES/kvm-vfio-pci-Lazy-PBA-emulation.patch b/SOURCES/kvm-vfio-pci-Lazy-PBA-emulation.patch new file mode 100644 index 0000000..a009b88 --- /dev/null +++ b/SOURCES/kvm-vfio-pci-Lazy-PBA-emulation.patch @@ -0,0 +1,163 @@ +From 1cdac7e143db48d28605da1feb85a229197d9692 Mon Sep 17 00:00:00 2001 +From: Alex Williamson +Date: Mon, 18 Mar 2019 19:41:40 +0100 +Subject: [PATCH 2/3] vfio/pci: Lazy PBA emulation + +RH-Author: Alex Williamson +Message-id: <155293738623.17152.7817154338901863813.stgit@gimli.home> +Patchwork-id: 84905 +O-Subject: [RHEL7.7 qemu-kvm PATCH] vfio/pci: Lazy PBA emulation +Bugzilla: 1459077 +RH-Acked-by: Auger Eric +RH-Acked-by: Laurent Vivier +RH-Acked-by: Cornelia Huck + +Bugzilla: 1459077 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20652144 + +Notes: Intel's Omnipath card seems to depend on direct access to the + MSI-X PBA, when it's emulated the driver in the guest will + report: + + hfi1_0: Interrupt registers not properly mapped by VMM + + The patch here disables the PBA memory region except when + vectors are masked, which is essentially never, and therefore + provides that direct access. Tested against an "Omni-Path + HFI Silicon 100 Series" card as well as regression tested + against a Intel 82576 PF and VF, both of which also use MSI-X. + +The PCI spec recommends devices use additional alignment for MSI-X +data structures to allow software to map them to separate processor +pages. One advantage of doing this is that we can emulate those data +structures without a significant performance impact to the operation +of the device. Some devices fail to implement that suggestion and +assigned device performance suffers. + +One such case of this is a Mellanox MT27500 series, ConnectX-3 VF, +where the MSI-X vector table and PBA are aligned on separate 4K +pages. If PBA emulation is enabled, performance suffers. It's not +clear how much value we get from PBA emulation, but the solution here +is to only lazily enable the emulated PBA when a masked MSI-X vector +fires. We then attempt to more aggresively disable the PBA memory +region any time a vector is unmasked. The expectation is then that +a typical VM will run entirely with PBA emulation disabled, and only +when used is that emulation re-enabled. + +Reported-by: Shyam Kaushik +Tested-by: Shyam Kaushik +Signed-off-by: Alex Williamson +(cherry picked from 95239e162518dc6577164be3d9a789aba7f591a3) + +Signed-off-by: Miroslav Rezanina +--- + hw/misc/vfio.c | 40 ++++++++++++++++++++++++++++++++++++++++ + trace-events | 2 ++ + 2 files changed, 42 insertions(+) + +diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c +index f7360bf..781acd9 100644 +--- a/hw/misc/vfio.c ++++ b/hw/misc/vfio.c +@@ -190,6 +190,7 @@ typedef struct VFIOMSIXInfo { + uint32_t pba_offset; + MemoryRegion mmap_mem; + void *mmap; ++ unsigned long *pending; + } VFIOMSIXInfo; + + typedef struct VFIODeviceOps VFIODeviceOps; +@@ -691,6 +692,13 @@ static void vfio_msi_interrupt(void *opaque) + #endif + + if (vdev->interrupt == VFIO_INT_MSIX) { ++ /* A masked vector firing needs to use the PBA, enable it */ ++ if (msix_is_masked(&vdev->pdev, nr)) { ++ set_bit(nr, vdev->msix->pending); ++ memory_region_set_enabled(&vdev->pdev.msix_pba_mmio, true); ++ trace_vfio_msix_pba_enable(vdev->vbasedev.name); ++ } ++ + msix_notify(&vdev->pdev, nr); + } else if (vdev->interrupt == VFIO_INT_MSI) { + msi_notify(&vdev->pdev, nr); +@@ -866,6 +874,14 @@ static int vfio_msix_vector_do_use(PCIDevice *pdev, unsigned int nr, + } + } + ++ /* Disable PBA emulation when nothing more is pending. */ ++ clear_bit(nr, vdev->msix->pending); ++ if (find_first_bit(vdev->msix->pending, ++ vdev->nr_vectors) == vdev->nr_vectors) { ++ memory_region_set_enabled(&vdev->pdev.msix_pba_mmio, false); ++ trace_vfio_msix_pba_disable(vdev->vbasedev.name); ++ } ++ + return 0; + } + +@@ -1070,6 +1086,9 @@ static void vfio_disable_msix(VFIOPCIDevice *vdev) + + vfio_disable_msi_common(vdev); + ++ memset(vdev->msix->pending, 0, ++ BITS_TO_LONGS(vdev->msix->entries) * sizeof(unsigned long)); ++ + DPRINTF("%s(%s)\n", __func__, vdev->vbasedev.name); + } + +@@ -2561,6 +2580,8 @@ static int vfio_setup_msix(VFIOPCIDevice *vdev, int pos) + { + int ret; + ++ vdev->msix->pending = g_malloc0(BITS_TO_LONGS(vdev->msix->entries) * ++ sizeof(unsigned long)); + ret = msix_init(&vdev->pdev, vdev->msix->entries, + vdev->bars[vdev->msix->table_bar].region.mem, + vdev->msix->table_bar, vdev->msix->table_offset, +@@ -2574,6 +2595,24 @@ static int vfio_setup_msix(VFIOPCIDevice *vdev, int pos) + return ret; + } + ++ /* ++ * The PCI spec suggests that devices provide additional alignment for ++ * MSI-X structures and avoid overlapping non-MSI-X related registers. ++ * For an assigned device, this hopefully means that emulation of MSI-X ++ * structures does not affect the performance of the device. If devices ++ * fail to provide that alignment, a significant performance penalty may ++ * result, for instance Mellanox MT27500 VFs: ++ * http://www.spinics.net/lists/kvm/msg125881.html ++ * ++ * The PBA is simply not that important for such a serious regression and ++ * most drivers do not appear to look at it. The solution for this is to ++ * disable the PBA MemoryRegion unless it's being used. We disable it ++ * here and only enable it if a masked vector fires through QEMU. As the ++ * vector-use notifier is called, which occurs on unmask, we test whether ++ * PBA emulation is needed and again disable if not. ++ */ ++ memory_region_set_enabled(&vdev->pdev.msix_pba_mmio, false); ++ + return 0; + } + +@@ -2585,6 +2624,7 @@ static void vfio_teardown_msi(VFIOPCIDevice *vdev) + msix_uninit(&vdev->pdev, + vdev->bars[vdev->msix->table_bar].region.mem, + vdev->bars[vdev->msix->pba_bar].region.mem); ++ g_free(vdev->msix->pending); + } + } + +diff --git a/trace-events b/trace-events +index 7b7aad1..0fb2745 100644 +--- a/trace-events ++++ b/trace-events +@@ -1166,3 +1166,5 @@ vfio_region_finalize(const char *name, int index) "Device %s, region %d" + vfio_region_mmaps_set_enabled(const char *name, bool enabled) "Region %s mmaps enabled: %d" + vfio_region_sparse_mmap_header(const char *name, int index, int nr_areas) "Device %s region %d: %d sparse mmap entries" + vfio_region_sparse_mmap_entry(int i, unsigned long start, unsigned long end) "sparse entry %d [0x%lx - 0x%lx]" ++vfio_msix_pba_disable(const char *name) " (%s)" ++vfio_msix_pba_enable(const char *name) " (%s)" +-- +1.8.3.1 + diff --git a/SOURCES/kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch b/SOURCES/kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch new file mode 100644 index 0000000..8404108 --- /dev/null +++ b/SOURCES/kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch @@ -0,0 +1,80 @@ +From 7fa8107debfd4c659b77a8ba12b96144dfbdc113 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Mon, 4 Feb 2019 17:29:44 +0100 +Subject: [PATCH 1/3] x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature + +RH-Author: plai@redhat.com +Message-id: <1549301384-19698-1-git-send-email-plai@redhat.com> +Patchwork-id: 84205 +O-Subject: [RHEL7.7 qemu-kvm PATCH BZ 1537773 RESEND] x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature +Bugzilla: 1537773 +RH-Acked-by: Bandan Das +RH-Acked-by: Eduardo Habkost +RH-Acked-by: Miroslav Rezanina + +From: Jingqi Liu + +The CLDEMOTE instruction hints to hardware that the cache line that +contains the linear address should be moved("demoted") from +the cache(s) closest to the processor core to a level more distant +from the processor core. This may accelerate subsequent accesses +to the line by other cores in the same coherence domain, +especially if the line was written by the core that demotes the line. + +Intel Snow Ridge has added new cpu feature, CLDEMOTE. +The new cpu feature needs to be exposed to guest VM. + +The bit definition: +CPUID.(EAX=7,ECX=0):ECX[bit 25] CLDEMOTE + +The release document ref below link: +https://software.intel.com/sites/default/files/managed/c5/15/\ +architecture-instruction-set-extensions-programming-reference.pdf + +Signed-off-by: Jingqi Liu +Message-Id: <1525406253-54846-1-git-send-email-jingqi.liu@intel.com> +Reviewed-by: Eduardo Habkost +Signed-off-by: Eduardo Habkost +(cherry picked from commit 0da0fb062841d0dcd8ba47e4a989d2e952cdf0ff) +Signed-off-by: Paul Lai + +Resolved Conflicts: + target/i386/cpu.c [doesn't exist] + changes made to target-i386/cpu.c + target/i386/cpu.h [doesn't exist] + changes made to target-i386/cpu.h + +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 2 +- + target-i386/cpu.h | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index a36483e..c9603df 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -162,7 +162,7 @@ static const char *cpuid_7_0_ecx_feature_name[] = { + "avx512bitalg", NULL, "avx512-vpopcntdq", NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, "rdpid", NULL, +- NULL, NULL, NULL, NULL, ++ NULL, "cldemote", NULL, NULL, + NULL, NULL, NULL, NULL, + }; + +diff --git a/target-i386/cpu.h b/target-i386/cpu.h +index 73437f1..5d47ab8 100644 +--- a/target-i386/cpu.h ++++ b/target-i386/cpu.h +@@ -593,6 +593,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_ECX_AVX512BITALG (1U << 12) + #define CPUID_7_0_ECX_AVX512_VPOPCNTDQ (1U << 14) /* POPCNT for vectors of DW/QW */ + #define CPUID_7_0_ECX_RDPID (1U << 22) ++#define CPUID_7_0_ECX_CLDEMOTE (1U << 25) /* CLDEMOTE Instruction */ + + #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ + #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ +-- +1.8.3.1 + diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec index b7e76d5..77a527c 100644 --- a/SPECS/qemu-kvm.spec +++ b/SPECS/qemu-kvm.spec @@ -76,7 +76,7 @@ Obsoletes: %1 < %{obsoletes_version} \ Summary: QEMU is a machine emulator and virtualizer Name: %{pkgname}%{?pkgsuffix} Version: 1.5.3 -Release: 160%{?dist}.3 +Release: 167%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 10 License: GPLv2 and GPLv2+ and CC-BY @@ -3939,18 +3939,36 @@ Patch1940: kvm-ide-support-reporting-of-rotation-rate.patch Patch1941: kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch # For bz#1586253 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6] Patch1942: kvm-slirp-Correct-size-check-in-m_inc.patch -# For bz#1664792 - mode="host-model" VMs include broken "arch-facilities" flag name [qemu-kvm] [rhel-7.6.z] -Patch1943: kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch -# For bz#1693216 - qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-7.6.z] -Patch1944: kvm-target-i386-define-md-clear-bit-rhel.patch -# For bz#1669067 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z] -Patch1945: kvm-slirp-check-sscanf-result-when-emulating-ident.patch -# For bz#1669067 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z] -Patch1946: kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch -# For bz#1669067 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z] -Patch1947: kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch -# For bz#1669067 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z] -Patch1948: kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch +# For bz#1659229 - Ballooning is incompatible with vfio assigned devices, but not prevented +Patch1943: kvm-Inhibit-ballooning-during-postcopy.patch +# For bz#1659229 - Ballooning is incompatible with vfio assigned devices, but not prevented +Patch1944: kvm-balloon-Allow-multiple-inhibit-users.patch +# For bz#1659229 - Ballooning is incompatible with vfio assigned devices, but not prevented +Patch1945: kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch +# For bz#1659229 - Ballooning is incompatible with vfio assigned devices, but not prevented +Patch1946: kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch +# For bz#1659229 - Ballooning is incompatible with vfio assigned devices, but not prevented +Patch1947: kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch +# For bz#1658407 - mode="host-model" VMs include broken "arch-facilities" flag name [qemu-kvm] +Patch1948: kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch +# For bz#1654627 - Qemu: hw: bt: keep bt/* objects from building [rhel-7.7] +Patch1949: kvm-Do-not-build-bluetooth-support.patch +# For bz#1537773 - [Intel 7.7 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm +Patch1950: kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch +# For bz#1459077 - [Intel 7.7 Bug] QEMU version in RHEL7.4 beta does not support KVM passthrough with WFR card +Patch1951: kvm-vfio-pci-Lazy-PBA-emulation.patch +# For bz#1689791 - CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-7] +Patch1952: kvm-slirp-check-sscanf-result-when-emulating-ident.patch +# For bz#1693217 - CVE-2018-12126 qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-7.7] +Patch1953: kvm-target-i386-define-md-clear-bit-rhel.patch +# For bz#1709495 - Change CPUID[0x40000000].EAX from 0 to KVM_CPUID_FE...ATURES (0x40000001) +Patch1954: kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch +# For bz#1669068 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7] +Patch1955: kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch +# For bz#1669068 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7] +Patch1956: kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch +# For bz#1669068 - CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7] +Patch1957: kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch BuildRequires: zlib-devel @@ -6077,6 +6095,15 @@ tar -xf %{SOURCE21} %patch1946 -p1 %patch1947 -p1 %patch1948 -p1 +%patch1949 -p1 +%patch1950 -p1 +%patch1951 -p1 +%patch1952 -p1 +%patch1953 -p1 +%patch1954 -p1 +%patch1955 -p1 +%patch1956 -p1 +%patch1957 -p1 %build buildarch="%{kvm_target}-softmmu" @@ -6522,23 +6549,58 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %{_mandir}/man8/qemu-nbd.8* %changelog -* Tue May 28 2019 Miroslav Rezanina - 1.5.3-160.el7_6.3 -- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1669067] -- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669067] -- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669067] -- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669067] -- Resolves: bz#1669067 - (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z]) - -* Wed Apr 10 2019 Danilo C. L. de Paula - 1.5.3-160.el7_6.2 -- kvm-target-i386-define-md-clear-bit-rhel.patch -- Resolves: bz#1693216 - (qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling) - -* Mon Jan 14 2019 Miroslav Rezanina - 1.5.3-160.el7_6.1 -- kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch [bz#1664792] -- Resolves: bz#1664792 - (mode="host-model" VMs include broken "arch-facilities" flag name [qemu-kvm] [rhel-7.6.z]) +* Wed Jun 12 2019 Miroslav Rezanina - 1.5.3-167.el7 +- Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503] +- Resolves: bz#1618503 + (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7]) + +* Wed Jun 05 2019 Miroslav Rezanina - 1.5.3-166.el7 +- kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503] +- Resolves: bz#1618503 + (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7]) + +* Tue May 28 2019 Miroslav Rezanina - 1.5.3-165.el7 +- kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch [bz#1709495] +- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669068] +- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669068] +- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669068] +- Resolves: bz#1669068 + (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7]) +- Resolves: bz#1709495 + (Change CPUID[0x40000000].EAX from 0 to KVM_CPUID_FE...ATURES (0x40000001)) + +* Wed Apr 10 2019 Miroslav Rezanina - 1.5.3-164.el7 +- kvm-target-i386-define-md-clear-bit-rhel.patch [bz#1693217] +- Resolves: bz#1693217 + (CVE-2018-12126 qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-7.7] ) + +* Wed Apr 03 2019 Miroslav Rezanina - 1.5.3-163.el7 +- kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1537773] +- kvm-vfio-pci-Lazy-PBA-emulation.patch [bz#1459077] +- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689791] +- Resolves: bz#1459077 + ([Intel 7.7 Bug] QEMU version in RHEL7.4 beta does not support KVM passthrough with WFR card) +- Resolves: bz#1537773 + ([Intel 7.7 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm) +- Resolves: bz#1689791 + (CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-7]) + +* Mon Jan 14 2019 Miroslav Rezanina - 1.5.3-162.el7 +- kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch [bz#1658407] +- kvm-Do-not-build-bluetooth-support.patch [bz#1654627] +- Resolves: bz#1654627 + (Qemu: hw: bt: keep bt/* objects from building [rhel-7.7]) +- Resolves: bz#1658407 + (mode="host-model" VMs include broken "arch-facilities" flag name [qemu-kvm]) + +* Wed Jan 02 2019 Miroslav Rezanina - 1.5.3-161.el7 +- kvm-Inhibit-ballooning-during-postcopy.patch [bz#1659229] +- kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1659229] +- kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch [bz#1659229] +- kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1659229] +- kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1659229] +- Resolves: bz#1659229 + (Ballooning is incompatible with vfio assigned devices, but not prevented) * Mon Aug 20 2018 Miroslav Rezanina - 1.5.3-160.el7 - kvm-scsi-disk-support-reporting-of-rotation-rate.patch [bz#1583807]