diff --git a/0001-Remove-problematic-evdev-86-key-from-en-us-keymap.patch b/0001-Remove-problematic-evdev-86-key-from-en-us-keymap.patch
deleted file mode 100644
index 837be82..0000000
--- a/0001-Remove-problematic-evdev-86-key-from-en-us-keymap.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 2c25ad161d7714f15b1951c69c50844ea81f4186 Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam@redhat.com>
-Date: Wed, 20 Dec 2017 15:43:07 -0800
-Subject: [PATCH] Remove problematic 'evdev 86' key from en-us keymap
-
-This causes LP#1738283. Gerd will have to come up with a better
-fix, but just hacking out the problematic key definition should
-work for now.
----
- pc-bios/keymaps/en-us | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/pc-bios/keymaps/en-us b/pc-bios/keymaps/en-us
-index a70e03adc0..e518a9dc35 100644
---- a/pc-bios/keymaps/en-us
-+++ b/pc-bios/keymaps/en-us
-@@ -343,12 +343,6 @@ KP_Decimal 0x53 numlock
-
- # evdev 85 (0x55): no evdev -> QKeyCode mapping (xkb keysym NoSymbol)
-
--# evdev 86 (0x56), QKeyCode "less", number 0x56
--less 0x56
--greater 0x56 shift
--bar 0x56 altgr
--brokenbar 0x56 shift altgr
--
- # evdev 87 (0x57), QKeyCode "f11", number 0x57
- F11 0x57
-
---
-2.15.1
-
diff --git a/0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch b/0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
new file mode 100644
index 0000000..c550be2
--- /dev/null
+++ b/0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
@@ -0,0 +1,46 @@
+From: Cole Robinson <crobinso@redhat.com>
+Date: Tue, 16 Apr 2019 20:14:12 -0400
+Subject: [PATCH] Revert "target/i386: kvm: add VMX migration blocker"
+
+This reverts commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8.
+
+As is, it rejects libvirt managedsave and virt-manager snapshots
+for default installed VMs on intel hosts. Upstream Paolo says that
+the missing kernel bits are already queued up, and until then it's
+fine to revert this.
+
+https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg02326.html
+---
+ target/i386/kvm.c | 12 ------------
+ 1 file changed, 12 deletions(-)
+
+diff --git a/target/i386/kvm.c b/target/i386/kvm.c
+index 3b29ce5c0d..6ad450d9f1 100644
+--- a/target/i386/kvm.c
++++ b/target/i386/kvm.c
+@@ -906,7 +906,6 @@ static int hyperv_init_vcpu(X86CPU *cpu)
+ }
+
+ static Error *invtsc_mig_blocker;
+-static Error *vmx_mig_blocker;
+
+ #define KVM_MAX_CPUID_ENTRIES 100
+
+@@ -1270,17 +1269,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
+ !!(c->ecx & CPUID_EXT_SMX);
+ }
+
+- if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
+- error_setg(&vmx_mig_blocker,
+- "Nested VMX virtualization does not support live migration yet");
+- r = migrate_add_blocker(vmx_mig_blocker, &local_err);
+- if (local_err) {
+- error_report_err(local_err);
+- error_free(vmx_mig_blocker);
+- return r;
+- }
+- }
+-
+ if (env->mcg_cap & MCG_LMCE_P) {
+ has_msr_mcg_ext_ctl = has_msr_feature_control = true;
+ }
diff --git a/0001-qemu-seccomp-dont-kill-process-for-resource-contro.patch b/0001-qemu-seccomp-dont-kill-process-for-resource-contro.patch
deleted file mode 100644
index e91274a..0000000
--- a/0001-qemu-seccomp-dont-kill-process-for-resource-contro.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From: Daniel P. Berrangé <berrange@redhat.com>
-Date: Wed, 13 Mar 2019 09:49:03 +0000
-Subject: [PATCH RFC] seccomp: don't kill process for resource control syscalls
-
-The Mesa library tries to set process affinity on some of its threads in
-order to optimize its performance. Currently this results in QEMU being
-immediately terminated when seccomp is enabled.
-
-Mesa doesn't consider failure of the process affinity settings to be
-fatal to its operation, but our seccomp policy gives it no choice in
-gracefully handling this denial.
-
-It is reasonable to consider that malicious code using the resource
-control syscalls to be a less serious attack than if they were trying
-to spawn processes or change UIDs and other such things. Generally
-speaking changing the resource control setting will "merely" affect
-quality of service of processes on the host. With this in mind, rather
-than kill the process, we can relax the policy for these syscalls to
-return the EPERM errno value. This allows callers to detect that QEMU
-does not want them to change resource allocations, and apply some
-reasonable fallback logic.
-
-The main downside to this is for code which uses these syscalls but does
-not check the return value, blindly assuming they will always
-succeeed. Returning an errno could result in sub-optimal behaviour.
-Arguably though such code is already broken & needs fixing regardless.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- qemu-seccomp.c | 32 +++++++++++++++++++++++++-------
- 1 file changed, 25 insertions(+), 7 deletions(-)
-
-diff --git a/qemu-seccomp.c b/qemu-seccomp.c
-index 36d5829831..9776c9ef40 100644
---- a/qemu-seccomp.c
-+++ b/qemu-seccomp.c
-@@ -121,20 +121,37 @@ qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
- #endif
- }
-
--static uint32_t qemu_seccomp_get_kill_action(void)
-+static uint32_t qemu_seccomp_get_kill_action(int set)
- {
-+ switch (set) {
-+ case QEMU_SECCOMP_SET_DEFAULT:
-+ case QEMU_SECCOMP_SET_OBSOLETE:
-+ case QEMU_SECCOMP_SET_PRIVILEGED:
-+ case QEMU_SECCOMP_SET_SPAWN: {
- #if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
- defined(SECCOMP_RET_KILL_PROCESS)
-- {
-- uint32_t action = SECCOMP_RET_KILL_PROCESS;
-+ static int kill_process = -1;
-+ if (kill_process == -1) {
-+ uint32_t action = SECCOMP_RET_KILL_PROCESS;
-
-- if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
-+ if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
-+ kill_process = 1;
-+ }
-+ kill_process = 0;
-+ }
-+ if (kill_process == 1) {
- return SCMP_ACT_KILL_PROCESS;
- }
-- }
- #endif
-+ return SCMP_ACT_TRAP;
-+ }
-+
-+ case QEMU_SECCOMP_SET_RESOURCECTL:
-+ return SCMP_ACT_ERRNO(EPERM);
-
-- return SCMP_ACT_TRAP;
-+ default:
-+ g_assert_not_reached();
-+ }
- }
-
-
-@@ -143,7 +160,6 @@ static int seccomp_start(uint32_t seccomp_opts)
- int rc = 0;
- unsigned int i = 0;
- scmp_filter_ctx ctx;
-- uint32_t action = qemu_seccomp_get_kill_action();
-
- ctx = seccomp_init(SCMP_ACT_ALLOW);
- if (ctx == NULL) {
-@@ -157,10 +173,12 @@ static int seccomp_start(uint32_t seccomp_opts)
- }
-
- for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
-+ uint32_t action;
- if (!(seccomp_opts & blacklist[i].set)) {
- continue;
- }
-
-+ action = qemu_seccomp_get_kill_action(blacklist[i].set);
- rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
- blacklist[i].narg, blacklist[i].arg_cmp);
- if (rc < 0) {
---
-2.20.1
diff --git a/0002-linux-user-assume-__NR_gettid-always-exists.patch b/0002-linux-user-assume-__NR_gettid-always-exists.patch
deleted file mode 100644
index 4895219..0000000
--- a/0002-linux-user-assume-__NR_gettid-always-exists.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 9abb23f799804ed7b30aecac2217f870b229f873 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 20 Mar 2019 15:32:30 +0000
-Subject: [PATCH 1/2] linux-user: assume __NR_gettid always exists
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The gettid syscall was introduced in Linux 2.4.11. This is old enough
-that we can assume it always exists and thus not bother with the
-conditional backcompat logic.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- linux-user/syscall.c | 8 --------
- 1 file changed, 8 deletions(-)
-
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 208fd1813d..11729f382c 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -249,15 +249,7 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5, \
- #define TARGET_NR__llseek TARGET_NR_llseek
- #endif
-
--#ifdef __NR_gettid
- _syscall0(int, gettid)
--#else
--/* This is a replacement for the host gettid() and must return a host
-- errno. */
--static int gettid(void) {
-- return -ENOSYS;
--}
--#endif
-
- /* For the 64-bit guest on 32-bit host case we must emulate
- * getdents using getdents64, because otherwise the host
---
-2.20.1
-
diff --git a/0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch b/0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
deleted file mode 100644
index 7fc85bb..0000000
--- a/0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 7bfee99b5dc6dd971d4e0dec49af7578ea1b405c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 19 Mar 2019 17:04:05 +0000
-Subject: [PATCH 2/2] linux-user: rename gettid() to sys_gettid() to avoid
- clash with glibc
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The glibc-2.29.9000-6.fc31.x86_64 package finally includes the gettid()
-function as part of unistd.h when __USE_GNU is defined. This clashes
-with linux-user code which unconditionally defines this function name
-itself.
-
-/home/berrange/src/virt/qemu/linux-user/syscall.c:253:16: error: static declaration of ‘gettid’ follows non-static declaration
- 253 | _syscall0(int, gettid)
- | ^~~~~~
-/home/berrange/src/virt/qemu/linux-user/syscall.c:184:13: note: in definition of macro ‘_syscall0’
- 184 | static type name (void) \
- | ^~~~
-In file included from /usr/include/unistd.h:1170,
- from /home/berrange/src/virt/qemu/include/qemu/osdep.h:107,
- from /home/berrange/src/virt/qemu/linux-user/syscall.c:20:
-/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here
- 34 | extern __pid_t gettid (void) __THROW;
- | ^~~~~~
- CC aarch64-linux-user/linux-user/signal.o
-make[1]: *** [/home/berrange/src/virt/qemu/rules.mak:69: linux-user/syscall.o] Error 1
-make[1]: *** Waiting for unfinished jobs....
-make: *** [Makefile:449: subdir-aarch64-linux-user] Error 2
-
-While we could make our definition conditional and rely on glibc's impl,
-this patch simply renames our definition to sys_gettid() which is a
-common pattern in this file.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- linux-user/syscall.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 11729f382c..96cd4bf86d 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -249,7 +249,8 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5, \
- #define TARGET_NR__llseek TARGET_NR_llseek
- #endif
-
--_syscall0(int, gettid)
-+#define __NR_sys_gettid __NR_gettid
-+_syscall0(int, sys_gettid)
-
- /* For the 64-bit guest on 32-bit host case we must emulate
- * getdents using getdents64, because otherwise the host
-@@ -5434,7 +5435,7 @@ static void *clone_func(void *arg)
- cpu = ENV_GET_CPU(env);
- thread_cpu = cpu;
- ts = (TaskState *)cpu->opaque;
-- info->tid = gettid();
-+ info->tid = sys_gettid();
- task_settid(ts);
- if (info->child_tidptr)
- put_user_u32(info->tid, info->child_tidptr);
-@@ -5579,9 +5580,9 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
- mapping. We can't repeat the spinlock hack used above because
- the child process gets its own copy of the lock. */
- if (flags & CLONE_CHILD_SETTID)
-- put_user_u32(gettid(), child_tidptr);
-+ put_user_u32(sys_gettid(), child_tidptr);
- if (flags & CLONE_PARENT_SETTID)
-- put_user_u32(gettid(), parent_tidptr);
-+ put_user_u32(sys_gettid(), parent_tidptr);
- ts = (TaskState *)cpu->opaque;
- if (flags & CLONE_SETTLS)
- cpu_set_tls (env, newtls);
-@@ -10621,7 +10622,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
- return TARGET_PAGE_SIZE;
- #endif
- case TARGET_NR_gettid:
-- return get_errno(gettid());
-+ return get_errno(sys_gettid());
- #ifdef TARGET_NR_readahead
- case TARGET_NR_readahead:
- #if TARGET_ABI_BITS == 32
---
-2.20.1
-
diff --git a/qemu.spec b/qemu.spec
index 9be5f66..fd67a5b 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -138,7 +138,7 @@
%{obsoletes_block_rbd}
# Release candidate version tracking
-%global rcver rc2
+%global rcver rc3
%if 0%{?rcver:1}
%global rcrel .%{rcver}
%global rcstr -%{rcver}
@@ -148,7 +148,7 @@
Summary: QEMU is a FAST! processor emulator
Name: qemu
Version: 4.0.0
-Release: 0.6%{?rcrel}%{?dist}
+Release: 0.7%{?rcrel}%{?dist}
Epoch: 2
License: GPLv2 and BSD and MIT and CC-BY
URL: http://www.qemu.org/
@@ -172,9 +172,10 @@ Source20: kvm-x86.modprobe.conf
# /etc/security/limits.d/95-kvm-ppc64-memlock.conf
Source21: 95-kvm-ppc64-memlock.conf
-# Modern glibc has a gettid function
-Patch1: 0002-linux-user-assume-__NR_gettid-always-exists.patch
-Patch2: 0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
+# Don't block migration with nested VMX (bz #1697997)
+# Not upstream: temporary workaround until kernel supports lands for nested
+# VMX migration
+Patch0001: 0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
# documentation deps
@@ -1726,6 +1727,10 @@ getent passwd qemu >/dev/null || \
%changelog
+* Tue Apr 16 2019 Cole Robinson <crobinso@redhat.com> - 2:4.0.0-0.7.rc3
+- Don't block migration with nested VMX (bz #1697997)
+- Update to qemu-4.0.0-rc3
+
* Sat Apr 06 2019 Richard W.M. Jones <rjones@redhat.com> - 2:4.0.0-0.6.rc2
- Rebuild against xen 4.12.