Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:fix-1848556-qemu-img-curl-hang-1848497-virt-balloon-migrate-EOAN into ubuntu/+source/qemu:ubuntu/eoan-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. fix-1848556-qemu-img-curl-hang-1848497-virt-balloon-migrate-EOAN
  4. Merge into ubuntu/eoan-devel
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 0ba9755b24716b71d94acae605a255299cb48a32
Merge reported by: Christian Ehrhardt 
Merged at revision: 0ba9755b24716b71d94acae605a255299cb48a32
Proposed branch: ~paelzer/ubuntu/+source/qemu:fix-1848556-qemu-img-curl-hang-1848497-virt-balloon-migrate-EOAN
Merge into: ubuntu/+source/qemu:ubuntu/eoan-devel
Diff against target: 329 lines (+301/-0)
4 files modified
debian/changelog (+10/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch (+137/-0)
debian/patches/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch (+152/-0)
Reviewer Review Type Date Requested Status
Rafael David Tinoco (community) Approve
Canonical Server packageset reviewers Pending
git-ubuntu developers Pending
Review via email: mp+374771@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

SRU part of https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/374770

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/bug-1848556-qemu-img-curl-hang-eoan-1848497-virt-balloon-migrate

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

I have reviewed the same change for Focal and I'm +1 for this change, including the backport changes for virtio balloon that Christian made regarding hw_compat.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tagged and uploaded

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Migrated, setting merged

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 430c149..79ff220 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
1qemu (1:4.0+dfsg-0ubuntu9.1) eoan; urgency=medium
2
3 * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch:
4 fix a potential hang when qemu or qemu-img where accessing http backed
5 disks via libcurl (LP: #1848556)
6 * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch:
7 fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497)
8
9 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Oct 2019 14:51:45 +0200
10
1qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium11qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium
212
3 * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:13 * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch:
diff --git a/debian/patches/series b/debian/patches/series
index 72b9e84..4f2418d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,5 @@ ubuntu/lp-1836154-s390x-cpumodel-also-change-name-of-vxbeh.patch
31ubuntu/lp-1841066-i386-x86_cpu_list_feature_names-function.patch31ubuntu/lp-1841066-i386-x86_cpu_list_feature_names-function.patch
32ubuntu/lp-1841066-i386-unavailable-features-QOM-property.patch32ubuntu/lp-1841066-i386-unavailable-features-QOM-property.patch
33lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch33lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch
34ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch
35ubuntu/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch
diff --git a/debian/patches/ubuntu/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch b/debian/patches/ubuntu/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch
34new file mode 10064436new file mode 100644
index 0000000..37e5f34
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch
@@ -0,0 +1,137 @@
1From 2bbadb08ce272d65e1f78621002008b07d1e0f03 Mon Sep 17 00:00:00 2001
2From: Stefan Hajnoczi <stefanha@redhat.com>
3Date: Wed, 10 Jul 2019 16:14:40 +0200
4Subject: [PATCH] virtio-balloon: fix QEMU 4.0 config size migration
5 incompatibility
6
7The virtio-balloon config size changed in QEMU 4.0 even for existing
8machine types. Migration from QEMU 3.1 to 4.0 can fail in some
9circumstances with the following error:
10
11 qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10 read: a1 device: 1 cmask: ff wmask: c0 w1cmask:0
12
13This happens because the virtio-balloon config size affects the VIRTIO
14Legacy I/O Memory PCI BAR size.
15
16Introduce a qdev property called "qemu-4-0-config-size" and enable it
17only for the QEMU 4.0 machine types. This way <4.0 machine types use
18the old size, 4.0 uses the larger size, and >4.0 machine types use the
19appropriate size depending on enabled virtio-balloon features.
20
21Live migration to and from old QEMUs to QEMU 4.1 works again as long as
22a versioned machine type is specified (do not use just "pc"!).
23
24Originally-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
25Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
26Message-Id: <20190710141440.27635-1-stefanha@redhat.com>
27Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
28Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
29Tested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
30Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
31Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
32
33Backport-Note: upstream commit was targetted for 4.1, needed changes to
34work in 4.0 as HW_COMPAT code has the understanding of the "current"
35level and when backported that is 4.0 and not 4.1 anymore.
36Origin: backport, https://git.qemu.org/?p=qemu.git;a=commit;h=2bbadb08ce272d65e1f78621002008b07d1e0f03
37Bug-Ubuntu: https://bugs.launchpad.net/bugs/1848497
38Last-Update: 2019-10-21
39
40---
41 hw/core/machine.c | 2 ++
42 hw/virtio/virtio-balloon.c | 28 +++++++++++++++++++++++++---
43 include/hw/virtio/virtio-balloon.h | 2 ++
44 3 files changed, 29 insertions(+), 3 deletions(-)
45
46--- a/hw/core/machine.c
47+++ b/hw/core/machine.c
48@@ -36,6 +36,7 @@ GlobalProperty hw_compat_3_1[] = {
49 { "usb-kbd", "serial", "42" },
50 { "virtio-blk-device", "discard", "false" },
51 { "virtio-blk-device", "write-zeroes", "false" },
52+ { "virtio-balloon-device", "qemu-4-0-config-size", "false" },
53 };
54 const size_t hw_compat_3_1_len = G_N_ELEMENTS(hw_compat_3_1);
55
56--- a/hw/virtio/virtio-balloon.c
57+++ b/hw/virtio/virtio-balloon.c
58@@ -615,6 +615,22 @@ virtio_balloon_free_page_report_notify(N
59 return 0;
60 }
61
62+static size_t virtio_balloon_config_size(VirtIOBalloon *s)
63+{
64+ uint64_t features = s->host_features;
65+
66+ if (s->qemu_4_0_config_size) {
67+ return sizeof(struct virtio_balloon_config);
68+ }
69+ if (virtio_has_feature(features, VIRTIO_BALLOON_F_PAGE_POISON)) {
70+ return sizeof(struct virtio_balloon_config);
71+ }
72+ if (virtio_has_feature(features, VIRTIO_BALLOON_F_FREE_PAGE_HINT)) {
73+ return offsetof(struct virtio_balloon_config, poison_val);
74+ }
75+ return offsetof(struct virtio_balloon_config, free_page_report_cmd_id);
76+}
77+
78 static void virtio_balloon_get_config(VirtIODevice *vdev, uint8_t *config_data)
79 {
80 VirtIOBalloon *dev = VIRTIO_BALLOON(vdev);
81@@ -635,7 +651,7 @@ static void virtio_balloon_get_config(Vi
82 }
83
84 trace_virtio_balloon_get_config(config.num_pages, config.actual);
85- memcpy(config_data, &config, sizeof(struct virtio_balloon_config));
86+ memcpy(config_data, &config, virtio_balloon_config_size(dev));
87 }
88
89 static int build_dimm_list(Object *obj, void *opaque)
90@@ -679,7 +695,7 @@ static void virtio_balloon_set_config(Vi
91 uint32_t oldactual = dev->actual;
92 ram_addr_t vm_ram_size = get_current_ram_size();
93
94- memcpy(&config, config_data, sizeof(struct virtio_balloon_config));
95+ memcpy(&config, config_data, virtio_balloon_config_size(dev));
96 dev->actual = le32_to_cpu(config.actual);
97 if (dev->actual != oldactual) {
98 qapi_event_send_balloon_change(vm_ram_size -
99@@ -766,7 +782,7 @@ static void virtio_balloon_device_realiz
100 int ret;
101
102 virtio_init(vdev, "virtio-balloon", VIRTIO_ID_BALLOON,
103- sizeof(struct virtio_balloon_config));
104+ virtio_balloon_config_size(s));
105
106 ret = qemu_add_balloon_handler(virtio_balloon_to_target,
107 virtio_balloon_stat, s);
108@@ -897,6 +913,18 @@ static Property virtio_balloon_propertie
109 VIRTIO_BALLOON_F_DEFLATE_ON_OOM, false),
110 DEFINE_PROP_BIT("free-page-hint", VirtIOBalloon, host_features,
111 VIRTIO_BALLOON_F_FREE_PAGE_HINT, false),
112+ /* QEMU 4.0 accidentally changed the config size even when free-page-hint
113+ * is disabled, resulting in QEMU 3.1 migration incompatibility. This
114+ * property retains this quirk for QEMU 4.1 machine types.
115+ * Backport:
116+ * Original patch is for 4.1 and sets "false", but in HW_COMPAT sets
117+ * 4.0 to "true" and 3.1 (and former) to "false".
118+ * Emulate that in the 4.0 code by setting true here, and keeping the
119+ * HW_COMPAT for 3.1 (4.0 HW_COMPAT doesn't exist yet anyway).
120+ * That way it will be forward compatible to qemu >=4.1
121+ */
122+ DEFINE_PROP_BOOL("qemu-4-0-config-size", VirtIOBalloon,
123+ qemu_4_0_config_size, true),
124 DEFINE_PROP_LINK("iothread", VirtIOBalloon, iothread, TYPE_IOTHREAD,
125 IOThread *),
126 DEFINE_PROP_END_OF_LIST(),
127--- a/include/hw/virtio/virtio-balloon.h
128+++ b/include/hw/virtio/virtio-balloon.h
129@@ -71,6 +71,8 @@ typedef struct VirtIOBalloon {
130 int64_t stats_poll_interval;
131 uint32_t host_features;
132 PartiallyBalloonedPage *pbp;
133+
134+ bool qemu_4_0_config_size;
135 } VirtIOBalloon;
136
137 #endif
diff --git a/debian/patches/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch b/debian/patches/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch
0new file mode 100644138new file mode 100644
index 0000000..37d4407
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch
@@ -0,0 +1,152 @@
1From bfb23b480a49114315877aacf700b49453e0f9d9 Mon Sep 17 00:00:00 2001
2From: Max Reitz <mreitz@redhat.com>
3Date: Tue, 10 Sep 2019 14:41:35 +0200
4Subject: [PATCH] curl: Handle success in multi_check_completion
5
6Background: As of cURL 7.59.0, it verifies that several functions are
7not called from within a callback. Among these functions is
8curl_multi_add_handle().
9
10curl_read_cb() is a callback from cURL and not a coroutine. Waking up
11acb->co will lead to entering it then and there, which means the current
12request will settle and the caller (if it runs in the same coroutine)
13may then issue the next request. In such a case, we will enter
14curl_setup_preadv() effectively from within curl_read_cb().
15
16Calling curl_multi_add_handle() will then fail and the new request will
17not be processed.
18
19Fix this by not letting curl_read_cb() wake up acb->co. Instead, leave
20the whole business of settling the AIOCB objects to
21curl_multi_check_completion() (which is called from our timer callback
22and our FD handler, so not from any cURL callbacks).
23
24Reported-by: Natalie Gavrielov <ngavrilo@redhat.com>
25Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1740193
26Cc: qemu-stable@nongnu.org
27Signed-off-by: Max Reitz <mreitz@redhat.com>
28Message-id: 20190910124136.10565-7-mreitz@redhat.com
29Reviewed-by: John Snow <jsnow@redhat.com>
30Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
31Signed-off-by: Max Reitz <mreitz@redhat.com>
32
33Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=bfb23b48
34Bug-Ubuntu: https://bugs.launchpad.net/bugs/1848556
35Last-Update: 2019-10-21
36
37---
38 block/curl.c | 69 ++++++++++++++++++++++------------------------------
39 1 file changed, 29 insertions(+), 40 deletions(-)
40
41diff --git a/block/curl.c b/block/curl.c
42index fd70f1ebc4..c343c7ed3d 100644
43--- a/block/curl.c
44+++ b/block/curl.c
45@@ -229,7 +229,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
46 {
47 CURLState *s = ((CURLState*)opaque);
48 size_t realsize = size * nmemb;
49- int i;
50
51 trace_curl_read_cb(realsize);
52
53@@ -245,32 +244,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
54 memcpy(s->orig_buf + s->buf_off, ptr, realsize);
55 s->buf_off += realsize;
56
57- for(i=0; i<CURL_NUM_ACB; i++) {
58- CURLAIOCB *acb = s->acb[i];
59-
60- if (!acb)
61- continue;
62-
63- if ((s->buf_off >= acb->end)) {
64- size_t request_length = acb->bytes;
65-
66- qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start,
67- acb->end - acb->start);
68-
69- if (acb->end - acb->start < request_length) {
70- size_t offset = acb->end - acb->start;
71- qemu_iovec_memset(acb->qiov, offset, 0,
72- request_length - offset);
73- }
74-
75- acb->ret = 0;
76- s->acb[i] = NULL;
77- qemu_mutex_unlock(&s->s->mutex);
78- aio_co_wake(acb->co);
79- qemu_mutex_lock(&s->s->mutex);
80- }
81- }
82-
83 read_end:
84 /* curl will error out if we do not return this value */
85 return size * nmemb;
86@@ -351,13 +324,14 @@ static void curl_multi_check_completion(BDRVCURLState *s)
87 break;
88
89 if (msg->msg == CURLMSG_DONE) {
90+ int i;
91 CURLState *state = NULL;
92+ bool error = msg->data.result != CURLE_OK;
93+
94 curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE,
95 (char **)&state);
96
97- /* ACBs for successful messages get completed in curl_read_cb */
98- if (msg->data.result != CURLE_OK) {
99- int i;
100+ if (error) {
101 static int errcount = 100;
102
103 /* Don't lose the original error message from curl, since
104@@ -369,20 +343,35 @@ static void curl_multi_check_completion(BDRVCURLState *s)
105 error_report("curl: further errors suppressed");
106 }
107 }
108+ }
109
110- for (i = 0; i < CURL_NUM_ACB; i++) {
111- CURLAIOCB *acb = state->acb[i];
112+ for (i = 0; i < CURL_NUM_ACB; i++) {
113+ CURLAIOCB *acb = state->acb[i];
114
115- if (acb == NULL) {
116- continue;
117- }
118+ if (acb == NULL) {
119+ continue;
120+ }
121+
122+ if (!error) {
123+ /* Assert that we have read all data */
124+ assert(state->buf_off >= acb->end);
125+
126+ qemu_iovec_from_buf(acb->qiov, 0,
127+ state->orig_buf + acb->start,
128+ acb->end - acb->start);
129
130- acb->ret = -EIO;
131- state->acb[i] = NULL;
132- qemu_mutex_unlock(&s->mutex);
133- aio_co_wake(acb->co);
134- qemu_mutex_lock(&s->mutex);
135+ if (acb->end - acb->start < acb->bytes) {
136+ size_t offset = acb->end - acb->start;
137+ qemu_iovec_memset(acb->qiov, offset, 0,
138+ acb->bytes - offset);
139+ }
140 }
141+
142+ acb->ret = error ? -EIO : 0;
143+ state->acb[i] = NULL;
144+ qemu_mutex_unlock(&s->mutex);
145+ aio_co_wake(acb->co);
146+ qemu_mutex_lock(&s->mutex);
147 }
148
149 curl_clean_state(state);
150--
1512.23.0
152

Subscribers

People subscribed via source and target branches