Merge ~paelzer/ubuntu/+source/qemu:lp-1867519-stabilize-4.2 into ubuntu/+source/qemu:ubuntu/focal-devel
- Git
- lp:~paelzer/ubuntu/+source/qemu
- lp-1867519-stabilize-4.2
- Merge into ubuntu/focal-devel
Status: | Merged | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Christian Ehrhardt | ||||||||||||
Merged at revision: | 9f5874b0fa11c6738c4629273527d8b216f297e3 | ||||||||||||
Proposed branch: | ~paelzer/ubuntu/+source/qemu:lp-1867519-stabilize-4.2 | ||||||||||||
Merge into: | ubuntu/+source/qemu:ubuntu/focal-devel | ||||||||||||
Diff against target: |
3765 lines (+3470/-0) 43 files modified
debian/changelog (+21/-0) debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch (+78/-0) debian/patches/series (+38/-0) debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch (+48/-0) debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch (+49/-0) debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch (+46/-0) debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch (+108/-0) debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch (+97/-0) debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch (+201/-0) debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch (+107/-0) debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch (+44/-0) debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch (+76/-0) debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch (+79/-0) debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch (+58/-0) debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch (+44/-0) debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch (+202/-0) debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch (+138/-0) debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch (+230/-0) debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch (+41/-0) debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch (+39/-0) debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch (+44/-0) debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch (+102/-0) debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch (+54/-0) debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch (+40/-0) debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch (+46/-0) debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch (+42/-0) debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch (+79/-0) debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch (+127/-0) debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch (+169/-0) debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch (+98/-0) debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch (+47/-0) debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch (+50/-0) debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch (+331/-0) debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch (+40/-0) debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch (+41/-0) debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch (+40/-0) debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch (+125/-0) debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch (+61/-0) debian/qemu-block-extra.postrm.in (+43/-0) debian/qemu-block-extra.prerm.in (+45/-0) debian/qemu-system-gui.postrm.in (+44/-0) debian/qemu-system-gui.prerm.in (+46/-0) debian/rules (+12/-0) |
||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andreas Hasenack | Approve | ||
Canonical Server | Pending | ||
git-ubuntu developers | Pending | ||
Review via email: mp+380874@code.launchpad.net |
Commit message
Description of the change
Christian Ehrhardt (paelzer) wrote : | # |
Andreas Hasenack (ahasenack) wrote : | # |
Holy 33 patches, batman :)
I wonder if qemu shouldn't do more point releases, more often :)
+1 from a packaging viewpoint, and I don't think this warrants an FFe.
Christian Ehrhardt (paelzer) wrote : | # |
Thanks I did some quick checks (given it is only minor fixes).
But we accrued enough changes that after the next coming known big qmeu change I'll do a full virt-regression
To ssh://git.
* [new tag] upload/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading qemu_4.
Uploading qemu_4.
Uploading qemu_4.
Uploading qemu_4.
Successfully uploaded packages.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 89089bb..11efbaa 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,24 @@ |
6 | +qemu (1:4.2-3ubuntu3) focal; urgency=medium |
7 | + |
8 | + * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream |
9 | + patches @qemu-stable (LP: #1867519) |
10 | + |
11 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100 |
12 | + |
13 | +qemu (1:4.2-3ubuntu2) focal; urgency=medium |
14 | + |
15 | + * allow qemu to load old modules post upgrade (LP: #1847361) |
16 | + - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module |
17 | + load to a versioned path |
18 | + - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on |
19 | + upgrade |
20 | + - d/rules: generate maintainer scripts matching package version on build |
21 | + - d/rules: enable --enable-module-upgrades where --enable-modules is set |
22 | + * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch: |
23 | + avoid unnecessary IOTLB transactions (LP: #1866207) |
24 | + |
25 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100 |
26 | + |
27 | qemu (1:4.2-3ubuntu1) focal; urgency=medium |
28 | |
29 | * Merge with Debian testing, remaining changes: |
30 | diff --git a/debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch b/debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch |
31 | new file mode 100644 |
32 | index 0000000..8dc2409 |
33 | --- /dev/null |
34 | +++ b/debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch |
35 | @@ -0,0 +1,78 @@ |
36 | +From 7f493662be4045146a8f45119d8834c9088a0ad6 Mon Sep 17 00:00:00 2001 |
37 | +From: Pan Nengyuan <pannengyuan@huawei.com> |
38 | +Date: Thu, 5 Dec 2019 11:45:27 +0800 |
39 | +Subject: [PATCH] block/nbd: extract the common cleanup code |
40 | + |
41 | +The BDRVNBDState cleanup code is common in two places, add |
42 | +nbd_clear_bdrvstate() function to do these cleanups. |
43 | + |
44 | +Suggested-by: Stefano Garzarella <sgarzare@redhat.com> |
45 | +Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> |
46 | +Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
47 | +Message-Id: <1575517528-44312-2-git-send-email-pannengyuan@huawei.com> |
48 | +Reviewed-by: Eric Blake <eblake@redhat.com> |
49 | +[eblake: fix compilation error and commit message] |
50 | +Signed-off-by: Eric Blake <eblake@redhat.com> |
51 | + |
52 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=7f493662be4045146a8f45119d8834c9088a0ad6 |
53 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
54 | +Last-Update: 2020-03-18 |
55 | + |
56 | +--- |
57 | + block/nbd.c | 26 +++++++++++++++----------- |
58 | + 1 file changed, 15 insertions(+), 11 deletions(-) |
59 | + |
60 | +diff --git a/block/nbd.c b/block/nbd.c |
61 | +index f69e61e68a..ed0f93ab27 100644 |
62 | +--- a/block/nbd.c |
63 | ++++ b/block/nbd.c |
64 | +@@ -95,6 +95,19 @@ typedef struct BDRVNBDState { |
65 | + |
66 | + static int nbd_client_connect(BlockDriverState *bs, Error **errp); |
67 | + |
68 | ++static void nbd_clear_bdrvstate(BDRVNBDState *s) |
69 | ++{ |
70 | ++ object_unref(OBJECT(s->tlscreds)); |
71 | ++ qapi_free_SocketAddress(s->saddr); |
72 | ++ s->saddr = NULL; |
73 | ++ g_free(s->export); |
74 | ++ s->export = NULL; |
75 | ++ g_free(s->tlscredsid); |
76 | ++ s->tlscredsid = NULL; |
77 | ++ g_free(s->x_dirty_bitmap); |
78 | ++ s->x_dirty_bitmap = NULL; |
79 | ++} |
80 | ++ |
81 | + static void nbd_channel_error(BDRVNBDState *s, int ret) |
82 | + { |
83 | + if (ret == -EIO) { |
84 | +@@ -1879,11 +1892,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options, |
85 | + |
86 | + error: |
87 | + if (ret < 0) { |
88 | +- object_unref(OBJECT(s->tlscreds)); |
89 | +- qapi_free_SocketAddress(s->saddr); |
90 | +- g_free(s->export); |
91 | +- g_free(s->tlscredsid); |
92 | +- g_free(s->x_dirty_bitmap); |
93 | ++ nbd_clear_bdrvstate(s); |
94 | + } |
95 | + qemu_opts_del(opts); |
96 | + return ret; |
97 | +@@ -1962,12 +1971,7 @@ static void nbd_close(BlockDriverState *bs) |
98 | + BDRVNBDState *s = bs->opaque; |
99 | + |
100 | + nbd_client_close(bs); |
101 | +- |
102 | +- object_unref(OBJECT(s->tlscreds)); |
103 | +- qapi_free_SocketAddress(s->saddr); |
104 | +- g_free(s->export); |
105 | +- g_free(s->tlscredsid); |
106 | +- g_free(s->x_dirty_bitmap); |
107 | ++ nbd_clear_bdrvstate(s); |
108 | + } |
109 | + |
110 | + static int64_t nbd_getlength(BlockDriverState *bs) |
111 | +-- |
112 | +2.25.1 |
113 | + |
114 | diff --git a/debian/patches/series b/debian/patches/series |
115 | index c9fce99..f01fa16 100644 |
116 | --- a/debian/patches/series |
117 | +++ b/debian/patches/series |
118 | @@ -13,3 +13,41 @@ ubuntu/lp-1857033-i386-Add-macro-for-stibp.patch |
119 | ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch |
120 | lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch |
121 | ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch |
122 | +ubuntu/lp-1847361-modules-load-upgrade.patch |
123 | +ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch |
124 | + |
125 | +# stabilize 4.2 with patches sent to qemu-stable since 4.2 released |
126 | +stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch |
127 | +stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch |
128 | +stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch |
129 | +stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch |
130 | +stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch |
131 | +stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch |
132 | +stable/lp-1867519-backup-top-Begin-drain-earlier.patch |
133 | +stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch |
134 | +stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch |
135 | +stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch |
136 | +stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch |
137 | +stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch |
138 | +stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch |
139 | +stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch |
140 | +stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch |
141 | +stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch |
142 | +stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch |
143 | +stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch |
144 | +stable/lp-1867519-block-backup-top-fix-failure-path.patch |
145 | +stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch |
146 | +stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch |
147 | +stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch |
148 | +stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch |
149 | +stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch |
150 | +stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch |
151 | +stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch |
152 | +stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch |
153 | +stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch |
154 | +stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch |
155 | +stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch |
156 | +stable/lp-1867519-job-refactor-progress-to-separate-object.patch |
157 | +stable/lp-1867519-block-block-copy-fix-progress-calculation.patch |
158 | +stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch |
159 | +lp-1867519-block-nbd-extract-the-common-cleanup-code.patch |
160 | diff --git a/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch b/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch |
161 | new file mode 100644 |
162 | index 0000000..c980ed6 |
163 | --- /dev/null |
164 | +++ b/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch |
165 | @@ -0,0 +1,48 @@ |
166 | +From c8fa6079eb35888587f1be27c1590da4edcc5098 Mon Sep 17 00:00:00 2001 |
167 | +From: Niek Linnenbank <nieklinnenbank@gmail.com> |
168 | +Date: Fri, 20 Dec 2019 14:03:00 +0000 |
169 | +Subject: [PATCH] arm/arm-powerctl: rebuild hflags after setting CP15 bits in |
170 | + arm_set_cpu_on() |
171 | + |
172 | +After setting CP15 bits in arm_set_cpu_on() the cached hflags must |
173 | +be rebuild to reflect the changed processor state. Without rebuilding, |
174 | +the cached hflags would be inconsistent until the next call to |
175 | +arm_rebuild_hflags(). When QEMU is compiled with debugging enabled |
176 | +(--enable-debug), this problem is captured shortly after the first |
177 | +call to arm_set_cpu_on() for CPUs running in ARM 32-bit non-secure mode: |
178 | + |
179 | + qemu-system-arm: target/arm/helper.c:11359: cpu_get_tb_cpu_state: |
180 | + Assertion `flags == rebuild_hflags_internal(env)' failed. |
181 | + Aborted (core dumped) |
182 | + |
183 | +Fixes: 0c7f8c43daf65 |
184 | +Cc: qemu-stable@nongnu.org |
185 | +Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com> |
186 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
187 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
188 | + |
189 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c8fa6079eb35888587f1be27c1590da4edcc5098 |
190 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
191 | +Last-Update: 2020-03-18 |
192 | + |
193 | +--- |
194 | + target/arm/arm-powerctl.c | 3 +++ |
195 | + 1 file changed, 3 insertions(+) |
196 | + |
197 | +diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c |
198 | +index b064513d44..b75f813b40 100644 |
199 | +--- a/target/arm/arm-powerctl.c |
200 | ++++ b/target/arm/arm-powerctl.c |
201 | +@@ -127,6 +127,9 @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state, |
202 | + target_cpu->env.regs[0] = info->context_id; |
203 | + } |
204 | + |
205 | ++ /* CP15 update requires rebuilding hflags */ |
206 | ++ arm_rebuild_hflags(&target_cpu->env); |
207 | ++ |
208 | + /* Start the new CPU at the requested address */ |
209 | + cpu_set_pc(target_cpu_state, info->entry); |
210 | + |
211 | +-- |
212 | +2.25.1 |
213 | + |
214 | diff --git a/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch b/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch |
215 | new file mode 100644 |
216 | index 0000000..b2fa47c |
217 | --- /dev/null |
218 | +++ b/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch |
219 | @@ -0,0 +1,49 @@ |
220 | +From 0c7f8c43daf6556078e51de98aa13f069e505985 Mon Sep 17 00:00:00 2001 |
221 | +From: Niek Linnenbank <nieklinnenbank@gmail.com> |
222 | +Date: Mon, 2 Dec 2019 22:09:43 +0100 |
223 | +Subject: [PATCH] arm/arm-powerctl: set NSACR.{CP11, CP10} bits in |
224 | + arm_set_cpu_on() |
225 | + |
226 | +This change ensures that the FPU can be accessed in Non-Secure mode |
227 | +when the CPU core is reset using the arm_set_cpu_on() function call. |
228 | +The NSACR.{CP11,CP10} bits define the exception level required to |
229 | +access the FPU in Non-Secure mode. Without these bits set, the CPU |
230 | +will give an undefined exception trap on the first FPU access for the |
231 | +secondary cores under Linux. |
232 | + |
233 | +This is necessary because in this power-control codepath QEMU |
234 | +is effectively emulating a bit of EL3 firmware, and has to set |
235 | +the CPU up as the EL3 firmware would. |
236 | + |
237 | +Fixes: fc1120a7f5 |
238 | +Cc: qemu-stable@nongnu.org |
239 | +Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com> |
240 | +[PMM: added clarifying para to commit message] |
241 | +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
242 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
243 | + |
244 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0c7f8c43daf6556078e51de98aa13f069e505985 |
245 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
246 | +Last-Update: 2020-03-18 |
247 | + |
248 | +--- |
249 | + target/arm/arm-powerctl.c | 3 +++ |
250 | + 1 file changed, 3 insertions(+) |
251 | + |
252 | +diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c |
253 | +index f77a950db6..b064513d44 100644 |
254 | +--- a/target/arm/arm-powerctl.c |
255 | ++++ b/target/arm/arm-powerctl.c |
256 | +@@ -104,6 +104,9 @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state, |
257 | + /* Processor is not in secure mode */ |
258 | + target_cpu->env.cp15.scr_el3 |= SCR_NS; |
259 | + |
260 | ++ /* Set NSACR.{CP11,CP10} so NS can access the FPU */ |
261 | ++ target_cpu->env.cp15.nsacr |= 3 << 10; |
262 | ++ |
263 | + /* |
264 | + * If QEMU is providing the equivalent of EL3 firmware, then we need |
265 | + * to make sure a CPU targeting EL2 comes out of reset with a |
266 | +-- |
267 | +2.25.1 |
268 | + |
269 | diff --git a/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch b/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch |
270 | new file mode 100644 |
271 | index 0000000..d534297 |
272 | --- /dev/null |
273 | +++ b/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch |
274 | @@ -0,0 +1,46 @@ |
275 | +From 503ca1262bab2c11c533a4816d1ff4297d4f58a6 Mon Sep 17 00:00:00 2001 |
276 | +From: Max Reitz <mreitz@redhat.com> |
277 | +Date: Thu, 19 Dec 2019 19:26:38 +0100 |
278 | +Subject: [PATCH] backup-top: Begin drain earlier |
279 | + |
280 | +When dropping backup-top, we need to drain the node before freeing the |
281 | +BlockCopyState. Otherwise, requests may still be in flight and then the |
282 | +assertion in shres_destroy() will fail. |
283 | + |
284 | +(This becomes visible in intermittent failure of 056.) |
285 | + |
286 | +Cc: qemu-stable@nongnu.org |
287 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
288 | +Message-id: 20191219182638.104621-1-mreitz@redhat.com |
289 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
290 | + |
291 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=503ca1262bab2c11c533a4816d1ff4297d4f58a6 |
292 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
293 | +Last-Update: 2020-03-18 |
294 | + |
295 | +--- |
296 | + block/backup-top.c | 4 ++-- |
297 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
298 | + |
299 | +diff --git a/block/backup-top.c b/block/backup-top.c |
300 | +index 7cdb1f8eba..818d3f26b4 100644 |
301 | +--- a/block/backup-top.c |
302 | ++++ b/block/backup-top.c |
303 | +@@ -257,12 +257,12 @@ void bdrv_backup_top_drop(BlockDriverState *bs) |
304 | + BDRVBackupTopState *s = bs->opaque; |
305 | + AioContext *aio_context = bdrv_get_aio_context(bs); |
306 | + |
307 | +- block_copy_state_free(s->bcs); |
308 | +- |
309 | + aio_context_acquire(aio_context); |
310 | + |
311 | + bdrv_drained_begin(bs); |
312 | + |
313 | ++ block_copy_state_free(s->bcs); |
314 | ++ |
315 | + s->active = false; |
316 | + bdrv_child_refresh_perms(bs, bs->backing, &error_abort); |
317 | + bdrv_replace_node(bs, backing_bs(bs), &error_abort); |
318 | +-- |
319 | +2.25.1 |
320 | + |
321 | diff --git a/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch b/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch |
322 | new file mode 100644 |
323 | index 0000000..0a9d490 |
324 | --- /dev/null |
325 | +++ b/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch |
326 | @@ -0,0 +1,108 @@ |
327 | +From 7bb4941ace471fc7dd6ded4749b95b9622baa6ed Mon Sep 17 00:00:00 2001 |
328 | +From: Kevin Wolf <kwolf@redhat.com> |
329 | +Date: Tue, 17 Dec 2019 15:06:38 +0100 |
330 | +Subject: [PATCH] block: Activate recursively even for already active nodes |
331 | + |
332 | +bdrv_invalidate_cache_all() assumes that all nodes in a given subtree |
333 | +are either active or inactive when it starts. Therefore, as soon as it |
334 | +arrives at an already active node, it stops. |
335 | + |
336 | +However, this assumption is wrong. For example, it's possible to take a |
337 | +snapshot of an inactive node, which results in an active overlay over an |
338 | +inactive backing file. The active overlay is probably also the root node |
339 | +of an inactive BlockBackend (blk->disable_perm == true). |
340 | + |
341 | +In this case, bdrv_invalidate_cache_all() does not need to do anything |
342 | +to activate the overlay node, but it still needs to recurse into the |
343 | +children and the parents to make sure that after returning success, |
344 | +really everything is activated. |
345 | + |
346 | +Cc: qemu-stable@nongnu.org |
347 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
348 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
349 | + |
350 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=7bb4941ace471fc7dd6ded4749b95b9622baa6ed |
351 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
352 | +Last-Update: 2020-03-18 |
353 | + |
354 | +--- |
355 | + block.c | 50 ++++++++++++++++++++++++-------------------------- |
356 | + 1 file changed, 24 insertions(+), 26 deletions(-) |
357 | + |
358 | +diff --git a/block.c b/block.c |
359 | +index 73029fad64..1b6f7c86e8 100644 |
360 | +--- a/block.c |
361 | ++++ b/block.c |
362 | +@@ -5335,10 +5335,6 @@ static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, |
363 | + return; |
364 | + } |
365 | + |
366 | +- if (!(bs->open_flags & BDRV_O_INACTIVE)) { |
367 | +- return; |
368 | +- } |
369 | +- |
370 | + QLIST_FOREACH(child, &bs->children, next) { |
371 | + bdrv_co_invalidate_cache(child->bs, &local_err); |
372 | + if (local_err) { |
373 | +@@ -5360,34 +5356,36 @@ static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, |
374 | + * just keep the extended permissions for the next time that an activation |
375 | + * of the image is tried. |
376 | + */ |
377 | +- bs->open_flags &= ~BDRV_O_INACTIVE; |
378 | +- bdrv_get_cumulative_perm(bs, &perm, &shared_perm); |
379 | +- ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err); |
380 | +- if (ret < 0) { |
381 | +- bs->open_flags |= BDRV_O_INACTIVE; |
382 | +- error_propagate(errp, local_err); |
383 | +- return; |
384 | +- } |
385 | +- bdrv_set_perm(bs, perm, shared_perm); |
386 | +- |
387 | +- if (bs->drv->bdrv_co_invalidate_cache) { |
388 | +- bs->drv->bdrv_co_invalidate_cache(bs, &local_err); |
389 | +- if (local_err) { |
390 | ++ if (bs->open_flags & BDRV_O_INACTIVE) { |
391 | ++ bs->open_flags &= ~BDRV_O_INACTIVE; |
392 | ++ bdrv_get_cumulative_perm(bs, &perm, &shared_perm); |
393 | ++ ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err); |
394 | ++ if (ret < 0) { |
395 | + bs->open_flags |= BDRV_O_INACTIVE; |
396 | + error_propagate(errp, local_err); |
397 | + return; |
398 | + } |
399 | +- } |
400 | ++ bdrv_set_perm(bs, perm, shared_perm); |
401 | + |
402 | +- FOR_EACH_DIRTY_BITMAP(bs, bm) { |
403 | +- bdrv_dirty_bitmap_skip_store(bm, false); |
404 | +- } |
405 | ++ if (bs->drv->bdrv_co_invalidate_cache) { |
406 | ++ bs->drv->bdrv_co_invalidate_cache(bs, &local_err); |
407 | ++ if (local_err) { |
408 | ++ bs->open_flags |= BDRV_O_INACTIVE; |
409 | ++ error_propagate(errp, local_err); |
410 | ++ return; |
411 | ++ } |
412 | ++ } |
413 | + |
414 | +- ret = refresh_total_sectors(bs, bs->total_sectors); |
415 | +- if (ret < 0) { |
416 | +- bs->open_flags |= BDRV_O_INACTIVE; |
417 | +- error_setg_errno(errp, -ret, "Could not refresh total sector count"); |
418 | +- return; |
419 | ++ FOR_EACH_DIRTY_BITMAP(bs, bm) { |
420 | ++ bdrv_dirty_bitmap_skip_store(bm, false); |
421 | ++ } |
422 | ++ |
423 | ++ ret = refresh_total_sectors(bs, bs->total_sectors); |
424 | ++ if (ret < 0) { |
425 | ++ bs->open_flags |= BDRV_O_INACTIVE; |
426 | ++ error_setg_errno(errp, -ret, "Could not refresh total sector count"); |
427 | ++ return; |
428 | ++ } |
429 | + } |
430 | + |
431 | + QLIST_FOREACH(parent, &bs->parents, next_parent) { |
432 | +-- |
433 | +2.25.1 |
434 | + |
435 | diff --git a/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch b/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch |
436 | new file mode 100644 |
437 | index 0000000..0ea91e8 |
438 | --- /dev/null |
439 | +++ b/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch |
440 | @@ -0,0 +1,97 @@ |
441 | +From 0df62f45c1de6c020f1e6fba4eeafd248209b003 Mon Sep 17 00:00:00 2001 |
442 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
443 | +Date: Tue, 21 Jan 2020 17:28:01 +0300 |
444 | +Subject: [PATCH] block/backup-top: fix failure path |
445 | + |
446 | +We can't access top after call bdrv_backup_top_drop, as it is already |
447 | +freed at this time. |
448 | + |
449 | +Also, no needs to unref target child by hand, it will be unrefed on |
450 | +bdrv_close() automatically. |
451 | + |
452 | +So, just do bdrv_backup_top_drop if append succeed and one bdrv_unref |
453 | +otherwise. |
454 | + |
455 | +Note, that in !appended case bdrv_unref(top) moved into drained section |
456 | +on source. It doesn't really matter, but just for code simplicity. |
457 | + |
458 | +Fixes: 7df7868b96404 |
459 | +Cc: qemu-stable@nongnu.org # v4.2.0 |
460 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
461 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
462 | +Message-id: 20200121142802.21467-2-vsementsov@virtuozzo.com |
463 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
464 | + |
465 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0df62f45c1de6c020f1e6fba4eeafd248209b003 |
466 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
467 | +Last-Update: 2020-03-18 |
468 | + |
469 | +--- |
470 | + block/backup-top.c | 21 ++++++++++++--------- |
471 | + 1 file changed, 12 insertions(+), 9 deletions(-) |
472 | + |
473 | +diff --git a/block/backup-top.c b/block/backup-top.c |
474 | +index 9aed2eb4c0..fa78f3256d 100644 |
475 | +--- a/block/backup-top.c |
476 | ++++ b/block/backup-top.c |
477 | +@@ -190,6 +190,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
478 | + BlockDriverState *top = bdrv_new_open_driver(&bdrv_backup_top_filter, |
479 | + filter_node_name, |
480 | + BDRV_O_RDWR, errp); |
481 | ++ bool appended = false; |
482 | + |
483 | + if (!top) { |
484 | + return NULL; |
485 | +@@ -212,8 +213,9 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
486 | + bdrv_append(top, source, &local_err); |
487 | + if (local_err) { |
488 | + error_prepend(&local_err, "Cannot append backup-top filter: "); |
489 | +- goto append_failed; |
490 | ++ goto fail; |
491 | + } |
492 | ++ appended = true; |
493 | + |
494 | + /* |
495 | + * bdrv_append() finished successfully, now we can require permissions |
496 | +@@ -224,14 +226,14 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
497 | + if (local_err) { |
498 | + error_prepend(&local_err, |
499 | + "Cannot set permissions for backup-top filter: "); |
500 | +- goto failed_after_append; |
501 | ++ goto fail; |
502 | + } |
503 | + |
504 | + state->bcs = block_copy_state_new(top->backing, state->target, |
505 | + cluster_size, write_flags, &local_err); |
506 | + if (local_err) { |
507 | + error_prepend(&local_err, "Cannot create block-copy-state: "); |
508 | +- goto failed_after_append; |
509 | ++ goto fail; |
510 | + } |
511 | + *bcs = state->bcs; |
512 | + |
513 | +@@ -239,14 +241,15 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
514 | + |
515 | + return top; |
516 | + |
517 | +-failed_after_append: |
518 | +- state->active = false; |
519 | +- bdrv_backup_top_drop(top); |
520 | ++fail: |
521 | ++ if (appended) { |
522 | ++ state->active = false; |
523 | ++ bdrv_backup_top_drop(top); |
524 | ++ } else { |
525 | ++ bdrv_unref(top); |
526 | ++ } |
527 | + |
528 | +-append_failed: |
529 | + bdrv_drained_end(source); |
530 | +- bdrv_unref_child(top, state->target); |
531 | +- bdrv_unref(top); |
532 | + error_propagate(errp, local_err); |
533 | + |
534 | + return NULL; |
535 | +-- |
536 | +2.25.1 |
537 | + |
538 | diff --git a/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch b/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch |
539 | new file mode 100644 |
540 | index 0000000..6eb7652 |
541 | --- /dev/null |
542 | +++ b/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch |
543 | @@ -0,0 +1,201 @@ |
544 | +From d0ebeca14a585f352938062ef8ddde47fe4d39f9 Mon Sep 17 00:00:00 2001 |
545 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
546 | +Date: Wed, 11 Mar 2020 13:29:57 +0300 |
547 | +Subject: [PATCH] block/block-copy: fix progress calculation |
548 | + |
549 | +Assume we have two regions, A and B, and region B is in-flight now, |
550 | +region A is not yet touched, but it is unallocated and should be |
551 | +skipped. |
552 | + |
553 | +Correspondingly, as progress we have |
554 | + |
555 | + total = A + B |
556 | + current = 0 |
557 | + |
558 | +If we reset unallocated region A and call progress_reset_callback, |
559 | +it will calculate 0 bytes dirty in the bitmap and call |
560 | +job_progress_set_remaining, which will set |
561 | + |
562 | + total = current + 0 = 0 + 0 = 0 |
563 | + |
564 | +So, B bytes are actually removed from total accounting. When job |
565 | +finishes we'll have |
566 | + |
567 | + total = 0 |
568 | + current = B |
569 | + |
570 | +, which doesn't sound good. |
571 | + |
572 | +This is because we didn't considered in-flight bytes, actually when |
573 | +calculating remaining, we should have set (in_flight + dirty_bytes) |
574 | +as remaining, not only dirty_bytes. |
575 | + |
576 | +To fix it, let's refactor progress calculation, moving it to block-copy |
577 | +itself instead of fixing callback. And, of course, track in_flight |
578 | +bytes count. |
579 | + |
580 | +We still have to keep one callback, to maintain backup job bytes_read |
581 | +calculation, but it will go on soon, when we turn the whole backup |
582 | +process into one block_copy call. |
583 | + |
584 | +Cc: qemu-stable@nongnu.org |
585 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
586 | +Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> |
587 | +Message-Id: <20200311103004.7649-3-vsementsov@virtuozzo.com> |
588 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
589 | + |
590 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d0ebeca14a585f352938062ef8ddde47fe4d39f9 |
591 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
592 | +Last-Update: 2020-03-18 |
593 | + |
594 | +--- |
595 | + block/backup.c | 13 ++----------- |
596 | + block/block-copy.c | 16 ++++++++++++---- |
597 | + include/block/block-copy.h | 15 +++++---------- |
598 | + 3 files changed, 19 insertions(+), 25 deletions(-) |
599 | + |
600 | +diff --git a/block/backup.c b/block/backup.c |
601 | +index 1383e219f5..8694e0394b 100644 |
602 | +--- a/block/backup.c |
603 | ++++ b/block/backup.c |
604 | +@@ -57,15 +57,6 @@ static void backup_progress_bytes_callback(int64_t bytes, void *opaque) |
605 | + BackupBlockJob *s = opaque; |
606 | + |
607 | + s->bytes_read += bytes; |
608 | +- job_progress_update(&s->common.job, bytes); |
609 | +-} |
610 | +- |
611 | +-static void backup_progress_reset_callback(void *opaque) |
612 | +-{ |
613 | +- BackupBlockJob *s = opaque; |
614 | +- uint64_t estimate = bdrv_get_dirty_count(s->bcs->copy_bitmap); |
615 | +- |
616 | +- job_progress_set_remaining(&s->common.job, estimate); |
617 | + } |
618 | + |
619 | + static int coroutine_fn backup_do_cow(BackupBlockJob *job, |
620 | +@@ -464,8 +455,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, |
621 | + job->cluster_size = cluster_size; |
622 | + job->len = len; |
623 | + |
624 | +- block_copy_set_callbacks(bcs, backup_progress_bytes_callback, |
625 | +- backup_progress_reset_callback, job); |
626 | ++ block_copy_set_progress_callback(bcs, backup_progress_bytes_callback, job); |
627 | ++ block_copy_set_progress_meter(bcs, &job->common.job.progress); |
628 | + |
629 | + /* Required permissions are already taken by backup-top target */ |
630 | + block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, |
631 | +diff --git a/block/block-copy.c b/block/block-copy.c |
632 | +index 79798a1567..e2d7b3b887 100644 |
633 | +--- a/block/block-copy.c |
634 | ++++ b/block/block-copy.c |
635 | +@@ -127,17 +127,20 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, |
636 | + return s; |
637 | + } |
638 | + |
639 | +-void block_copy_set_callbacks( |
640 | ++void block_copy_set_progress_callback( |
641 | + BlockCopyState *s, |
642 | + ProgressBytesCallbackFunc progress_bytes_callback, |
643 | +- ProgressResetCallbackFunc progress_reset_callback, |
644 | + void *progress_opaque) |
645 | + { |
646 | + s->progress_bytes_callback = progress_bytes_callback; |
647 | +- s->progress_reset_callback = progress_reset_callback; |
648 | + s->progress_opaque = progress_opaque; |
649 | + } |
650 | + |
651 | ++void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm) |
652 | ++{ |
653 | ++ s->progress = pm; |
654 | ++} |
655 | ++ |
656 | + /* |
657 | + * block_copy_do_copy |
658 | + * |
659 | +@@ -269,7 +272,9 @@ int64_t block_copy_reset_unallocated(BlockCopyState *s, |
660 | + |
661 | + if (!ret) { |
662 | + bdrv_reset_dirty_bitmap(s->copy_bitmap, offset, bytes); |
663 | +- s->progress_reset_callback(s->progress_opaque); |
664 | ++ progress_set_remaining(s->progress, |
665 | ++ bdrv_get_dirty_count(s->copy_bitmap) + |
666 | ++ s->in_flight_bytes); |
667 | + } |
668 | + |
669 | + *count = bytes; |
670 | +@@ -331,15 +336,18 @@ int coroutine_fn block_copy(BlockCopyState *s, |
671 | + trace_block_copy_process(s, start); |
672 | + |
673 | + bdrv_reset_dirty_bitmap(s->copy_bitmap, start, chunk_end - start); |
674 | ++ s->in_flight_bytes += chunk_end - start; |
675 | + |
676 | + co_get_from_shres(s->mem, chunk_end - start); |
677 | + ret = block_copy_do_copy(s, start, chunk_end, error_is_read); |
678 | + co_put_to_shres(s->mem, chunk_end - start); |
679 | ++ s->in_flight_bytes -= chunk_end - start; |
680 | + if (ret < 0) { |
681 | + bdrv_set_dirty_bitmap(s->copy_bitmap, start, chunk_end - start); |
682 | + break; |
683 | + } |
684 | + |
685 | ++ progress_work_done(s->progress, chunk_end - start); |
686 | + s->progress_bytes_callback(chunk_end - start, s->progress_opaque); |
687 | + start = chunk_end; |
688 | + ret = 0; |
689 | +diff --git a/include/block/block-copy.h b/include/block/block-copy.h |
690 | +index 0a161724d7..9def00068c 100644 |
691 | +--- a/include/block/block-copy.h |
692 | ++++ b/include/block/block-copy.h |
693 | +@@ -26,7 +26,6 @@ typedef struct BlockCopyInFlightReq { |
694 | + } BlockCopyInFlightReq; |
695 | + |
696 | + typedef void (*ProgressBytesCallbackFunc)(int64_t bytes, void *opaque); |
697 | +-typedef void (*ProgressResetCallbackFunc)(void *opaque); |
698 | + typedef struct BlockCopyState { |
699 | + /* |
700 | + * BdrvChild objects are not owned or managed by block-copy. They are |
701 | +@@ -36,6 +35,7 @@ typedef struct BlockCopyState { |
702 | + BdrvChild *source; |
703 | + BdrvChild *target; |
704 | + BdrvDirtyBitmap *copy_bitmap; |
705 | ++ int64_t in_flight_bytes; |
706 | + int64_t cluster_size; |
707 | + bool use_copy_range; |
708 | + int64_t copy_size; |
709 | +@@ -60,15 +60,9 @@ typedef struct BlockCopyState { |
710 | + */ |
711 | + bool skip_unallocated; |
712 | + |
713 | ++ ProgressMeter *progress; |
714 | + /* progress_bytes_callback: called when some copying progress is done. */ |
715 | + ProgressBytesCallbackFunc progress_bytes_callback; |
716 | +- |
717 | +- /* |
718 | +- * progress_reset_callback: called when some bytes reset from copy_bitmap |
719 | +- * (see @skip_unallocated above). The callee is assumed to recalculate how |
720 | +- * many bytes remain based on the dirty bit count of copy_bitmap. |
721 | +- */ |
722 | +- ProgressResetCallbackFunc progress_reset_callback; |
723 | + void *progress_opaque; |
724 | + |
725 | + SharedResource *mem; |
726 | +@@ -79,12 +73,13 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, |
727 | + BdrvRequestFlags write_flags, |
728 | + Error **errp); |
729 | + |
730 | +-void block_copy_set_callbacks( |
731 | ++void block_copy_set_progress_callback( |
732 | + BlockCopyState *s, |
733 | + ProgressBytesCallbackFunc progress_bytes_callback, |
734 | +- ProgressResetCallbackFunc progress_reset_callback, |
735 | + void *progress_opaque); |
736 | + |
737 | ++void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm); |
738 | ++ |
739 | + void block_copy_state_free(BlockCopyState *s); |
740 | + |
741 | + int64_t block_copy_reset_unallocated(BlockCopyState *s, |
742 | +-- |
743 | +2.25.1 |
744 | + |
745 | diff --git a/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch b/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch |
746 | new file mode 100644 |
747 | index 0000000..a84fdd7 |
748 | --- /dev/null |
749 | +++ b/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch |
750 | @@ -0,0 +1,107 @@ |
751 | +From ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8 Mon Sep 17 00:00:00 2001 |
752 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
753 | +Date: Thu, 6 Feb 2020 19:42:45 +0300 |
754 | +Subject: [PATCH] block: fix crash on zero-length unaligned write and read |
755 | + |
756 | +Commit 7a3f542fbd "block/io: refactor padding" occasionally dropped |
757 | +aligning for zero-length request: bdrv_init_padding() blindly return |
758 | +false if bytes == 0, like there is nothing to align. |
759 | + |
760 | +This leads the following command to crash: |
761 | + |
762 | +./qemu-io --image-opts -c 'write 1 0' \ |
763 | + driver=blkdebug,align=512,image.driver=null-co,image.size=512 |
764 | + |
765 | +>> qemu-io: block/io.c:1955: bdrv_aligned_pwritev: Assertion |
766 | + `(offset & (align - 1)) == 0' failed. |
767 | +>> Aborted (core dumped) |
768 | + |
769 | +Prior to 7a3f542fbd we does aligning of such zero requests. Instead of |
770 | +recovering this behavior let's just do nothing on such requests as it |
771 | +is useless. |
772 | + |
773 | +Note that driver may have special meaning of zero-length reqeusts, like |
774 | +qcow2_co_pwritev_compressed_part, so we can't skip any zero-length |
775 | +operation. But for unaligned ones, we can't pass it to driver anyway. |
776 | + |
777 | +This commit also fixes crash in iotest 80 running with -nocache: |
778 | + |
779 | +./check -nocache -qcow2 80 |
780 | + |
781 | +which crashes on same assertion due to trying to read empty extra data |
782 | +in qcow2_do_read_snapshots(). |
783 | + |
784 | +Cc: qemu-stable@nongnu.org # v4.2 |
785 | +Fixes: 7a3f542fbd |
786 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
787 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
788 | +Message-id: 20200206164245.17781-1-vsementsov@virtuozzo.com |
789 | +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
790 | + |
791 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8 |
792 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
793 | +Last-Update: 2020-03-18 |
794 | + |
795 | +--- |
796 | + block/io.c | 28 +++++++++++++++++++++++++++- |
797 | + 1 file changed, 27 insertions(+), 1 deletion(-) |
798 | + |
799 | +diff --git a/block/io.c b/block/io.c |
800 | +index 1eb2b2bddc..7e4cb74cf4 100644 |
801 | +--- a/block/io.c |
802 | ++++ b/block/io.c |
803 | +@@ -1565,10 +1565,12 @@ static bool bdrv_init_padding(BlockDriverState *bs, |
804 | + pad->tail = align - pad->tail; |
805 | + } |
806 | + |
807 | +- if ((!pad->head && !pad->tail) || !bytes) { |
808 | ++ if (!pad->head && !pad->tail) { |
809 | + return false; |
810 | + } |
811 | + |
812 | ++ assert(bytes); /* Nothing good in aligning zero-length requests */ |
813 | ++ |
814 | + sum = pad->head + bytes + pad->tail; |
815 | + pad->buf_len = (sum > align && pad->head && pad->tail) ? 2 * align : align; |
816 | + pad->buf = qemu_blockalign(bs, pad->buf_len); |
817 | +@@ -1706,6 +1708,18 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child, |
818 | + return ret; |
819 | + } |
820 | + |
821 | ++ if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) { |
822 | ++ /* |
823 | ++ * Aligning zero request is nonsense. Even if driver has special meaning |
824 | ++ * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass |
825 | ++ * it to driver due to request_alignment. |
826 | ++ * |
827 | ++ * Still, no reason to return an error if someone do unaligned |
828 | ++ * zero-length read occasionally. |
829 | ++ */ |
830 | ++ return 0; |
831 | ++ } |
832 | ++ |
833 | + bdrv_inc_in_flight(bs); |
834 | + |
835 | + /* Don't do copy-on-read if we read data before write operation */ |
836 | +@@ -2116,6 +2130,18 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child, |
837 | + return -ENOTSUP; |
838 | + } |
839 | + |
840 | ++ if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) { |
841 | ++ /* |
842 | ++ * Aligning zero request is nonsense. Even if driver has special meaning |
843 | ++ * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass |
844 | ++ * it to driver due to request_alignment. |
845 | ++ * |
846 | ++ * Still, no reason to return an error if someone do unaligned |
847 | ++ * zero-length write occasionally. |
848 | ++ */ |
849 | ++ return 0; |
850 | ++ } |
851 | ++ |
852 | + bdrv_inc_in_flight(bs); |
853 | + /* |
854 | + * Align write if necessary by performing a read-modify-write cycle. |
855 | +-- |
856 | +2.25.1 |
857 | + |
858 | diff --git a/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch b/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch |
859 | new file mode 100644 |
860 | index 0000000..84335eb |
861 | --- /dev/null |
862 | +++ b/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch |
863 | @@ -0,0 +1,44 @@ |
864 | +From 4ab78b19189a81038e744728ed949d09aa477550 Mon Sep 17 00:00:00 2001 |
865 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
866 | +Date: Thu, 12 Mar 2020 11:19:49 +0300 |
867 | +Subject: [PATCH] block/io: fix bdrv_co_do_copy_on_readv |
868 | + |
869 | +Prior to 1143ec5ebf4 it was OK to qemu_iovec_from_buf() from aligned-up |
870 | +buffer to original qiov, as qemu_iovec_from_buf() will stop at qiov end |
871 | +anyway. |
872 | + |
873 | +But after 1143ec5ebf4 we assume that bdrv_co_do_copy_on_readv works on |
874 | +part of original qiov, defined by qiov_offset and bytes. So we must not |
875 | +touch qiov behind qiov_offset+bytes bound. Fix it. |
876 | + |
877 | +Cc: qemu-stable@nongnu.org # v4.2 |
878 | +Fixes: 1143ec5ebf4 |
879 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
880 | +Reviewed-by: John Snow <jsnow@redhat.com> |
881 | +Message-id: 20200312081949.5350-1-vsementsov@virtuozzo.com |
882 | +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
883 | + |
884 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=4ab78b19189a81038e744728ed949d09aa477550 |
885 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
886 | +Last-Update: 2020-03-18 |
887 | + |
888 | +--- |
889 | + block/io.c | 2 +- |
890 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
891 | + |
892 | +diff --git a/block/io.c b/block/io.c |
893 | +index 7e4cb74cf4..aba67f66b9 100644 |
894 | +--- a/block/io.c |
895 | ++++ b/block/io.c |
896 | +@@ -1399,7 +1399,7 @@ static int coroutine_fn bdrv_co_do_copy_on_readv(BdrvChild *child, |
897 | + if (!(flags & BDRV_REQ_PREFETCH)) { |
898 | + qemu_iovec_from_buf(qiov, qiov_offset + progress, |
899 | + bounce_buffer + skip_bytes, |
900 | +- pnum - skip_bytes); |
901 | ++ MIN(pnum - skip_bytes, bytes - progress)); |
902 | + } |
903 | + } else if (!(flags & BDRV_REQ_PREFETCH)) { |
904 | + /* Read directly into the destination */ |
905 | +-- |
906 | +2.25.1 |
907 | + |
908 | diff --git a/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch b/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch |
909 | new file mode 100644 |
910 | index 0000000..dde008d |
911 | --- /dev/null |
912 | +++ b/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch |
913 | @@ -0,0 +1,76 @@ |
914 | +From 8198cf5ef0ef98118b4176970d1cd998d93ec849 Mon Sep 17 00:00:00 2001 |
915 | +From: Pan Nengyuan <pannengyuan@huawei.com> |
916 | +Date: Thu, 5 Dec 2019 11:45:28 +0800 |
917 | +Subject: [PATCH] block/nbd: fix memory leak in nbd_open() |
918 | + |
919 | +In currently implementation there will be a memory leak when |
920 | +nbd_client_connect() returns error status. Here is an easy way to |
921 | +reproduce: |
922 | + |
923 | +1. run qemu-iotests as follow and check the result with asan: |
924 | + ./check -raw 143 |
925 | + |
926 | +Following is the asan output backtrack: |
927 | +Direct leak of 40 byte(s) in 1 object(s) allocated from: |
928 | + #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560) |
929 | + #1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015) |
930 | + #2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295 |
931 | + #3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49 |
932 | + #4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386 |
933 | + #5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716 |
934 | + #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829 |
935 | + #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 |
936 | + |
937 | +Direct leak of 15 byte(s) in 1 object(s) allocated from: |
938 | + #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0) |
939 | + #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd) |
940 | + #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace) |
941 | + #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834 |
942 | + #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 |
943 | + |
944 | +Indirect leak of 24 byte(s) in 1 object(s) allocated from: |
945 | + #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0) |
946 | + #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd) |
947 | + #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace) |
948 | + #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536 |
949 | + #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297 |
950 | + #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141 |
951 | + #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366 |
952 | + #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393 |
953 | + #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716 |
954 | + #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829 |
955 | + #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 |
956 | + |
957 | +Fixes: 8f071c9db506e03ab |
958 | +Reported-by: Euler Robot <euler.robot@huawei.com> |
959 | +Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> |
960 | +Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
961 | +Cc: qemu-stable <qemu-stable@nongnu.org> |
962 | +Cc: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
963 | +Message-Id: <1575517528-44312-3-git-send-email-pannengyuan@huawei.com> |
964 | +Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> |
965 | +Signed-off-by: Eric Blake <eblake@redhat.com> |
966 | + |
967 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=8198cf5ef0ef98118b4176970d1cd998d93ec849 |
968 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
969 | +Last-Update: 2020-03-18 |
970 | + |
971 | +--- |
972 | + block/nbd.c | 1 + |
973 | + 1 file changed, 1 insertion(+) |
974 | + |
975 | +diff --git a/block/nbd.c b/block/nbd.c |
976 | +index ed0f93ab27..976be76647 100644 |
977 | +--- a/block/nbd.c |
978 | ++++ b/block/nbd.c |
979 | +@@ -1915,6 +1915,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags, |
980 | + |
981 | + ret = nbd_client_connect(bs, errp); |
982 | + if (ret < 0) { |
983 | ++ nbd_clear_bdrvstate(s); |
984 | + return ret; |
985 | + } |
986 | + /* successfully connected */ |
987 | +-- |
988 | +2.25.1 |
989 | + |
990 | diff --git a/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch b/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch |
991 | new file mode 100644 |
992 | index 0000000..bf4169e |
993 | --- /dev/null |
994 | +++ b/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch |
995 | @@ -0,0 +1,79 @@ |
996 | +From e7266570f2cf7b3ca2a156c677ee0a59d563458b Mon Sep 17 00:00:00 2001 |
997 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
998 | +Date: Mon, 2 Mar 2020 18:09:30 +0300 |
999 | +Subject: [PATCH] block/qcow2-threads: fix qcow2_decompress |
1000 | +MIME-Version: 1.0 |
1001 | +Content-Type: text/plain; charset=UTF-8 |
1002 | +Content-Transfer-Encoding: 8bit |
1003 | + |
1004 | +On success path we return what inflate() returns instead of 0. And it |
1005 | +most probably works for Z_STREAM_END as it is positive, but is |
1006 | +definitely broken for Z_BUF_ERROR. |
1007 | + |
1008 | +While being here, switch to errno return code, to be closer to |
1009 | +qcow2_compress API (and usual expectations). |
1010 | + |
1011 | +Revert condition in if to be more positive. Drop dead initialization of |
1012 | +ret. |
1013 | + |
1014 | +Cc: qemu-stable@nongnu.org # v4.0 |
1015 | +Fixes: 341926ab83e2b |
1016 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1017 | +Message-Id: <20200302150930.16218-1-vsementsov@virtuozzo.com> |
1018 | +Reviewed-by: Alberto Garcia <berto@igalia.com> |
1019 | +Reviewed-by: Ján Tomko <jtomko@redhat.com> |
1020 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1021 | + |
1022 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=e7266570f2cf7b3ca2a156c677ee0a59d563458b |
1023 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1024 | +Last-Update: 2020-03-18 |
1025 | + |
1026 | +--- |
1027 | + block/qcow2-threads.c | 12 +++++++----- |
1028 | + 1 file changed, 7 insertions(+), 5 deletions(-) |
1029 | + |
1030 | +diff --git a/block/qcow2-threads.c b/block/qcow2-threads.c |
1031 | +index 77bb578cdf..a68126f291 100644 |
1032 | +--- a/block/qcow2-threads.c |
1033 | ++++ b/block/qcow2-threads.c |
1034 | +@@ -128,12 +128,12 @@ static ssize_t qcow2_compress(void *dest, size_t dest_size, |
1035 | + * @src - source buffer, @src_size bytes |
1036 | + * |
1037 | + * Returns: 0 on success |
1038 | +- * -1 on fail |
1039 | ++ * -EIO on fail |
1040 | + */ |
1041 | + static ssize_t qcow2_decompress(void *dest, size_t dest_size, |
1042 | + const void *src, size_t src_size) |
1043 | + { |
1044 | +- int ret = 0; |
1045 | ++ int ret; |
1046 | + z_stream strm; |
1047 | + |
1048 | + memset(&strm, 0, sizeof(strm)); |
1049 | +@@ -144,17 +144,19 @@ static ssize_t qcow2_decompress(void *dest, size_t dest_size, |
1050 | + |
1051 | + ret = inflateInit2(&strm, -12); |
1052 | + if (ret != Z_OK) { |
1053 | +- return -1; |
1054 | ++ return -EIO; |
1055 | + } |
1056 | + |
1057 | + ret = inflate(&strm, Z_FINISH); |
1058 | +- if ((ret != Z_STREAM_END && ret != Z_BUF_ERROR) || strm.avail_out != 0) { |
1059 | ++ if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) { |
1060 | + /* |
1061 | + * We approve Z_BUF_ERROR because we need @dest buffer to be filled, but |
1062 | + * @src buffer may be processed partly (because in qcow2 we know size of |
1063 | + * compressed data with precision of one sector) |
1064 | + */ |
1065 | +- ret = -1; |
1066 | ++ ret = 0; |
1067 | ++ } else { |
1068 | ++ ret = -EIO; |
1069 | + } |
1070 | + |
1071 | + inflateEnd(&strm); |
1072 | +-- |
1073 | +2.25.1 |
1074 | + |
1075 | diff --git a/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch b/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch |
1076 | new file mode 100644 |
1077 | index 0000000..c6aa3a3 |
1078 | --- /dev/null |
1079 | +++ b/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch |
1080 | @@ -0,0 +1,58 @@ |
1081 | +From a88c40f02ace88f09b2a85a64831b277b2ebc88c Mon Sep 17 00:00:00 2001 |
1082 | +From: Peter Wu <peter@lekensteyn.nl> |
1083 | +Date: Sat, 21 Dec 2019 17:21:24 +0100 |
1084 | +Subject: [PATCH] hw/i386/pc: fix regression in parsing vga cmdline parameter |
1085 | + |
1086 | +When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0 |
1087 | +would refuse to start with a rather cryptic message: |
1088 | + |
1089 | + $ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet' |
1090 | + qemu: can't parse 'vga' parameter: Invalid argument |
1091 | + |
1092 | +It was not clear whether this applied to the '-vga std' parameter or the |
1093 | +'-append' one. Fix the parsing regression and clarify the error. |
1094 | + |
1095 | +Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()") |
1096 | +Cc: Sergio Lopez <slp@redhat.com> |
1097 | +Signed-off-by: Peter Wu <peter@lekensteyn.nl> |
1098 | +Message-Id: <20191221162124.1159291-1-peter@lekensteyn.nl> |
1099 | +Cc: qemu-stable@nongnu.org |
1100 | +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
1101 | + |
1102 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a88c40f02ace88f09b2a85a64831b277b2ebc88c |
1103 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1104 | +Last-Update: 2020-03-18 |
1105 | + |
1106 | +--- |
1107 | + hw/i386/x86.c | 8 ++++---- |
1108 | + 1 file changed, 4 insertions(+), 4 deletions(-) |
1109 | + |
1110 | +diff --git a/hw/i386/x86.c b/hw/i386/x86.c |
1111 | +index d8bb5c2a96..9b9a4d5837 100644 |
1112 | +--- a/hw/i386/x86.c |
1113 | ++++ b/hw/i386/x86.c |
1114 | +@@ -612,6 +612,7 @@ void x86_load_linux(X86MachineState *x86ms, |
1115 | + vmode = strstr(kernel_cmdline, "vga="); |
1116 | + if (vmode) { |
1117 | + unsigned int video_mode; |
1118 | ++ const char *end; |
1119 | + int ret; |
1120 | + /* skip "vga=" */ |
1121 | + vmode += 4; |
1122 | +@@ -622,10 +623,9 @@ void x86_load_linux(X86MachineState *x86ms, |
1123 | + } else if (!strncmp(vmode, "ask", 3)) { |
1124 | + video_mode = 0xfffd; |
1125 | + } else { |
1126 | +- ret = qemu_strtoui(vmode, NULL, 0, &video_mode); |
1127 | +- if (ret != 0) { |
1128 | +- fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n", |
1129 | +- strerror(-ret)); |
1130 | ++ ret = qemu_strtoui(vmode, &end, 0, &video_mode); |
1131 | ++ if (ret != 0 || (*end && *end != ' ')) { |
1132 | ++ fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n"); |
1133 | + exit(1); |
1134 | + } |
1135 | + } |
1136 | +-- |
1137 | +2.25.1 |
1138 | + |
1139 | diff --git a/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch b/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch |
1140 | new file mode 100644 |
1141 | index 0000000..4d13d20 |
1142 | --- /dev/null |
1143 | +++ b/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch |
1144 | @@ -0,0 +1,44 @@ |
1145 | +From a2e1cd41ccfe796529abfd1b6aeb1dd4393762a2 Mon Sep 17 00:00:00 2001 |
1146 | +From: Liu Yi L <yi.l.liu@intel.com> |
1147 | +Date: Fri, 3 Jan 2020 21:28:05 +0800 |
1148 | +Subject: [PATCH] intel_iommu: a fix to vtd_find_as_from_bus_num() |
1149 | + |
1150 | +Ensure the return value of vtd_find_as_from_bus_num() is NULL by |
1151 | +enforcing vtd_bus=NULL. This would help caller of vtd_find_as_from_bus_num() |
1152 | +to decide if any further operation on the returned vtd_bus. |
1153 | + |
1154 | +Cc: qemu-stable@nongnu.org |
1155 | +Cc: Kevin Tian <kevin.tian@intel.com> |
1156 | +Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> |
1157 | +Cc: Peter Xu <peterx@redhat.com> |
1158 | +Cc: Yi Sun <yi.y.sun@linux.intel.com> |
1159 | +Signed-off-by: Liu Yi L <yi.l.liu@intel.com> |
1160 | +Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com> |
1161 | +Message-Id: <1578058086-4288-2-git-send-email-yi.l.liu@intel.com> |
1162 | +Reviewed-by: Peter Xu <peterx@redhat.com> |
1163 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
1164 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
1165 | + |
1166 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a2e1cd41ccfe796529abfd1b6aeb1dd4393762a2 |
1167 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1168 | +Last-Update: 2020-03-18 |
1169 | + |
1170 | +--- |
1171 | + hw/i386/intel_iommu.c | 1 + |
1172 | + 1 file changed, 1 insertion(+) |
1173 | + |
1174 | +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c |
1175 | +index ee06993675..609b80750a 100644 |
1176 | +--- a/hw/i386/intel_iommu.c |
1177 | ++++ b/hw/i386/intel_iommu.c |
1178 | +@@ -948,6 +948,7 @@ static VTDBus *vtd_find_as_from_bus_num(IntelIOMMUState *s, uint8_t bus_num) |
1179 | + return vtd_bus; |
1180 | + } |
1181 | + } |
1182 | ++ vtd_bus = NULL; |
1183 | + } |
1184 | + return vtd_bus; |
1185 | + } |
1186 | +-- |
1187 | +2.25.1 |
1188 | + |
1189 | diff --git a/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch b/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch |
1190 | new file mode 100644 |
1191 | index 0000000..02548a2 |
1192 | --- /dev/null |
1193 | +++ b/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch |
1194 | @@ -0,0 +1,202 @@ |
1195 | +From 56fc1e6ac6bde95bc0369d358587f2234d4dddad Mon Sep 17 00:00:00 2001 |
1196 | +From: Liu Yi L <yi.l.liu@intel.com> |
1197 | +Date: Fri, 3 Jan 2020 21:28:06 +0800 |
1198 | +Subject: [PATCH] intel_iommu: add present bit check for pasid table entries |
1199 | + |
1200 | +The present bit check for pasid entry (pe) and pasid directory |
1201 | +entry (pdire) were missed in previous commits as fpd bit check |
1202 | +doesn't require present bit as "Set". This patch adds the present |
1203 | +bit check for callers which wants to get a valid pe/pdire. |
1204 | + |
1205 | +Cc: qemu-stable@nongnu.org |
1206 | +Cc: Kevin Tian <kevin.tian@intel.com> |
1207 | +Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> |
1208 | +Cc: Peter Xu <peterx@redhat.com> |
1209 | +Cc: Yi Sun <yi.y.sun@linux.intel.com> |
1210 | +Reviewed-by: Peter Xu <peterx@redhat.com> |
1211 | +Signed-off-by: Liu Yi L <yi.l.liu@intel.com> |
1212 | +Message-Id: <1578058086-4288-3-git-send-email-yi.l.liu@intel.com> |
1213 | +Reviewed-by: Peter Xu <peterx@redhat.com> |
1214 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
1215 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
1216 | + |
1217 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=56fc1e6ac6bde95bc0369d358587f2234d4dddad |
1218 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1219 | +Last-Update: 2020-03-18 |
1220 | + |
1221 | +--- |
1222 | + hw/i386/intel_iommu.c | 92 +++++++++++++++++++++++++++------- |
1223 | + hw/i386/intel_iommu_internal.h | 1 + |
1224 | + 2 files changed, 74 insertions(+), 19 deletions(-) |
1225 | + |
1226 | +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c |
1227 | +index 609b80750a..a523ef0e65 100644 |
1228 | +--- a/hw/i386/intel_iommu.c |
1229 | ++++ b/hw/i386/intel_iommu.c |
1230 | +@@ -686,9 +686,18 @@ static inline bool vtd_pe_type_check(X86IOMMUState *x86_iommu, |
1231 | + return true; |
1232 | + } |
1233 | + |
1234 | +-static int vtd_get_pasid_dire(dma_addr_t pasid_dir_base, |
1235 | +- uint32_t pasid, |
1236 | +- VTDPASIDDirEntry *pdire) |
1237 | ++static inline bool vtd_pdire_present(VTDPASIDDirEntry *pdire) |
1238 | ++{ |
1239 | ++ return pdire->val & 1; |
1240 | ++} |
1241 | ++ |
1242 | ++/** |
1243 | ++ * Caller of this function should check present bit if wants |
1244 | ++ * to use pdir entry for futher usage except for fpd bit check. |
1245 | ++ */ |
1246 | ++static int vtd_get_pdire_from_pdir_table(dma_addr_t pasid_dir_base, |
1247 | ++ uint32_t pasid, |
1248 | ++ VTDPASIDDirEntry *pdire) |
1249 | + { |
1250 | + uint32_t index; |
1251 | + dma_addr_t addr, entry_size; |
1252 | +@@ -703,18 +712,22 @@ static int vtd_get_pasid_dire(dma_addr_t pasid_dir_base, |
1253 | + return 0; |
1254 | + } |
1255 | + |
1256 | +-static int vtd_get_pasid_entry(IntelIOMMUState *s, |
1257 | +- uint32_t pasid, |
1258 | +- VTDPASIDDirEntry *pdire, |
1259 | +- VTDPASIDEntry *pe) |
1260 | ++static inline bool vtd_pe_present(VTDPASIDEntry *pe) |
1261 | ++{ |
1262 | ++ return pe->val[0] & VTD_PASID_ENTRY_P; |
1263 | ++} |
1264 | ++ |
1265 | ++static int vtd_get_pe_in_pasid_leaf_table(IntelIOMMUState *s, |
1266 | ++ uint32_t pasid, |
1267 | ++ dma_addr_t addr, |
1268 | ++ VTDPASIDEntry *pe) |
1269 | + { |
1270 | + uint32_t index; |
1271 | +- dma_addr_t addr, entry_size; |
1272 | ++ dma_addr_t entry_size; |
1273 | + X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s); |
1274 | + |
1275 | + index = VTD_PASID_TABLE_INDEX(pasid); |
1276 | + entry_size = VTD_PASID_ENTRY_SIZE; |
1277 | +- addr = pdire->val & VTD_PASID_TABLE_BASE_ADDR_MASK; |
1278 | + addr = addr + index * entry_size; |
1279 | + if (dma_memory_read(&address_space_memory, addr, pe, entry_size)) { |
1280 | + return -VTD_FR_PASID_TABLE_INV; |
1281 | +@@ -732,25 +745,54 @@ static int vtd_get_pasid_entry(IntelIOMMUState *s, |
1282 | + return 0; |
1283 | + } |
1284 | + |
1285 | +-static int vtd_get_pasid_entry_from_pasid(IntelIOMMUState *s, |
1286 | +- dma_addr_t pasid_dir_base, |
1287 | +- uint32_t pasid, |
1288 | +- VTDPASIDEntry *pe) |
1289 | ++/** |
1290 | ++ * Caller of this function should check present bit if wants |
1291 | ++ * to use pasid entry for futher usage except for fpd bit check. |
1292 | ++ */ |
1293 | ++static int vtd_get_pe_from_pdire(IntelIOMMUState *s, |
1294 | ++ uint32_t pasid, |
1295 | ++ VTDPASIDDirEntry *pdire, |
1296 | ++ VTDPASIDEntry *pe) |
1297 | ++{ |
1298 | ++ dma_addr_t addr = pdire->val & VTD_PASID_TABLE_BASE_ADDR_MASK; |
1299 | ++ |
1300 | ++ return vtd_get_pe_in_pasid_leaf_table(s, pasid, addr, pe); |
1301 | ++} |
1302 | ++ |
1303 | ++/** |
1304 | ++ * This function gets a pasid entry from a specified pasid |
1305 | ++ * table (includes dir and leaf table) with a specified pasid. |
1306 | ++ * Sanity check should be done to ensure return a present |
1307 | ++ * pasid entry to caller. |
1308 | ++ */ |
1309 | ++static int vtd_get_pe_from_pasid_table(IntelIOMMUState *s, |
1310 | ++ dma_addr_t pasid_dir_base, |
1311 | ++ uint32_t pasid, |
1312 | ++ VTDPASIDEntry *pe) |
1313 | + { |
1314 | + int ret; |
1315 | + VTDPASIDDirEntry pdire; |
1316 | + |
1317 | +- ret = vtd_get_pasid_dire(pasid_dir_base, pasid, &pdire); |
1318 | ++ ret = vtd_get_pdire_from_pdir_table(pasid_dir_base, |
1319 | ++ pasid, &pdire); |
1320 | + if (ret) { |
1321 | + return ret; |
1322 | + } |
1323 | + |
1324 | +- ret = vtd_get_pasid_entry(s, pasid, &pdire, pe); |
1325 | ++ if (!vtd_pdire_present(&pdire)) { |
1326 | ++ return -VTD_FR_PASID_TABLE_INV; |
1327 | ++ } |
1328 | ++ |
1329 | ++ ret = vtd_get_pe_from_pdire(s, pasid, &pdire, pe); |
1330 | + if (ret) { |
1331 | + return ret; |
1332 | + } |
1333 | + |
1334 | +- return ret; |
1335 | ++ if (!vtd_pe_present(pe)) { |
1336 | ++ return -VTD_FR_PASID_TABLE_INV; |
1337 | ++ } |
1338 | ++ |
1339 | ++ return 0; |
1340 | + } |
1341 | + |
1342 | + static int vtd_ce_get_rid2pasid_entry(IntelIOMMUState *s, |
1343 | +@@ -763,7 +805,7 @@ static int vtd_ce_get_rid2pasid_entry(IntelIOMMUState *s, |
1344 | + |
1345 | + pasid = VTD_CE_GET_RID2PASID(ce); |
1346 | + pasid_dir_base = VTD_CE_GET_PASID_DIR_TABLE(ce); |
1347 | +- ret = vtd_get_pasid_entry_from_pasid(s, pasid_dir_base, pasid, pe); |
1348 | ++ ret = vtd_get_pe_from_pasid_table(s, pasid_dir_base, pasid, pe); |
1349 | + |
1350 | + return ret; |
1351 | + } |
1352 | +@@ -781,7 +823,11 @@ static int vtd_ce_get_pasid_fpd(IntelIOMMUState *s, |
1353 | + pasid = VTD_CE_GET_RID2PASID(ce); |
1354 | + pasid_dir_base = VTD_CE_GET_PASID_DIR_TABLE(ce); |
1355 | + |
1356 | +- ret = vtd_get_pasid_dire(pasid_dir_base, pasid, &pdire); |
1357 | ++ /* |
1358 | ++ * No present bit check since fpd is meaningful even |
1359 | ++ * if the present bit is clear. |
1360 | ++ */ |
1361 | ++ ret = vtd_get_pdire_from_pdir_table(pasid_dir_base, pasid, &pdire); |
1362 | + if (ret) { |
1363 | + return ret; |
1364 | + } |
1365 | +@@ -791,7 +837,15 @@ static int vtd_ce_get_pasid_fpd(IntelIOMMUState *s, |
1366 | + return 0; |
1367 | + } |
1368 | + |
1369 | +- ret = vtd_get_pasid_entry(s, pasid, &pdire, &pe); |
1370 | ++ if (!vtd_pdire_present(&pdire)) { |
1371 | ++ return -VTD_FR_PASID_TABLE_INV; |
1372 | ++ } |
1373 | ++ |
1374 | ++ /* |
1375 | ++ * No present bit check since fpd is meaningful even |
1376 | ++ * if the present bit is clear. |
1377 | ++ */ |
1378 | ++ ret = vtd_get_pe_from_pdire(s, pasid, &pdire, &pe); |
1379 | + if (ret) { |
1380 | + return ret; |
1381 | + } |
1382 | +diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h |
1383 | +index edcf9fc9bb..862033ebe6 100644 |
1384 | +--- a/hw/i386/intel_iommu_internal.h |
1385 | ++++ b/hw/i386/intel_iommu_internal.h |
1386 | +@@ -479,6 +479,7 @@ typedef struct VTDRootEntry VTDRootEntry; |
1387 | + #define VTD_PASID_ENTRY_FPD (1ULL << 1) /* Fault Processing Disable */ |
1388 | + |
1389 | + /* PASID Granular Translation Type Mask */ |
1390 | ++#define VTD_PASID_ENTRY_P 1ULL |
1391 | + #define VTD_SM_PASID_ENTRY_PGTT (7ULL << 6) |
1392 | + #define VTD_SM_PASID_ENTRY_FLT (1ULL << 6) |
1393 | + #define VTD_SM_PASID_ENTRY_SLT (2ULL << 6) |
1394 | +-- |
1395 | +2.25.1 |
1396 | + |
1397 | diff --git a/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch b/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch |
1398 | new file mode 100644 |
1399 | index 0000000..790c5d4 |
1400 | --- /dev/null |
1401 | +++ b/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch |
1402 | @@ -0,0 +1,138 @@ |
1403 | +From a541fcc27c98b96da187c7d4573f3270f3ddd283 Mon Sep 17 00:00:00 2001 |
1404 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1405 | +Date: Tue, 21 Jan 2020 17:28:02 +0300 |
1406 | +Subject: [PATCH] iotests: add test for backup-top failure on permission |
1407 | + activation |
1408 | + |
1409 | +This test checks that bug is really fixed by previous commit. |
1410 | + |
1411 | +Cc: qemu-stable@nongnu.org # v4.2.0 |
1412 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1413 | +Message-id: 20200121142802.21467-3-vsementsov@virtuozzo.com |
1414 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1415 | + |
1416 | +Origin: backport, https://git.qemu.org/?p=qemu.git;a=commit;h=a541fcc27c98b96da187c7d4573f3270f3ddd283 |
1417 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1418 | +Last-Update: 2020-03-18 |
1419 | + |
1420 | +--- |
1421 | + tests/qemu-iotests/283 | 92 ++++++++++++++++++++++++++++++++++++++ |
1422 | + tests/qemu-iotests/283.out | 8 ++++ |
1423 | + tests/qemu-iotests/group | 1 + |
1424 | + 3 files changed, 101 insertions(+) |
1425 | + create mode 100644 tests/qemu-iotests/283 |
1426 | + create mode 100644 tests/qemu-iotests/283.out |
1427 | + |
1428 | +--- /dev/null |
1429 | ++++ b/tests/qemu-iotests/283 |
1430 | +@@ -0,0 +1,92 @@ |
1431 | ++#!/usr/bin/env python |
1432 | ++# |
1433 | ++# Test for backup-top filter permission activation failure |
1434 | ++# |
1435 | ++# Copyright (c) 2019 Virtuozzo International GmbH. |
1436 | ++# |
1437 | ++# This program is free software; you can redistribute it and/or modify |
1438 | ++# it under the terms of the GNU General Public License as published by |
1439 | ++# the Free Software Foundation; either version 2 of the License, or |
1440 | ++# (at your option) any later version. |
1441 | ++# |
1442 | ++# This program is distributed in the hope that it will be useful, |
1443 | ++# but WITHOUT ANY WARRANTY; without even the implied warranty of |
1444 | ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
1445 | ++# GNU General Public License for more details. |
1446 | ++# |
1447 | ++# You should have received a copy of the GNU General Public License |
1448 | ++# along with this program. If not, see <http://www.gnu.org/licenses/>. |
1449 | ++# |
1450 | ++ |
1451 | ++import iotests |
1452 | ++ |
1453 | ++# The test is unrelated to formats, restrict it to qcow2 to avoid extra runs |
1454 | ++iotests.verify_image_format(supported_fmts=['qcow2']) |
1455 | ++ |
1456 | ++size = 1024 * 1024 |
1457 | ++ |
1458 | ++""" Test description |
1459 | ++ |
1460 | ++When performing a backup, all writes on the source subtree must go through the |
1461 | ++backup-top filter so it can copy all data to the target before it is changed. |
1462 | ++backup-top filter is appended above source node, to achieve this thing, so all |
1463 | ++parents of source node are handled. A configuration with side parents of source |
1464 | ++sub-tree with write permission is unsupported (we'd have append several |
1465 | ++backup-top filter like nodes to handle such parents). The test create an |
1466 | ++example of such configuration and checks that a backup is then not allowed |
1467 | ++(blockdev-backup command should fail). |
1468 | ++ |
1469 | ++The configuration: |
1470 | ++ |
1471 | ++ ┌────────┐ target ┌─────────────┐ |
1472 | ++ │ target │ ◀─────── │ backup_top │ |
1473 | ++ └────────┘ └─────────────┘ |
1474 | ++ │ |
1475 | ++ │ backing |
1476 | ++ ▼ |
1477 | ++ ┌─────────────┐ |
1478 | ++ │ source │ |
1479 | ++ └─────────────┘ |
1480 | ++ │ |
1481 | ++ │ file |
1482 | ++ ▼ |
1483 | ++ ┌─────────────┐ write perm ┌───────┐ |
1484 | ++ │ base │ ◀──────────── │ other │ |
1485 | ++ └─────────────┘ └───────┘ |
1486 | ++ |
1487 | ++On activation (see .active field of backup-top state in block/backup-top.c), |
1488 | ++backup-top is going to unshare write permission on its source child. Write |
1489 | ++unsharing will be propagated to the "source->base" link and will conflict with |
1490 | ++other node write permission. So permission update will fail and backup job will |
1491 | ++not be started. |
1492 | ++ |
1493 | ++Note, that the only thing which prevents backup of running on such |
1494 | ++configuration is default permission propagation scheme. It may be altered by |
1495 | ++different block drivers, so backup will run in invalid configuration. But |
1496 | ++something is better than nothing. Also, before the previous commit (commit |
1497 | ++preceding this test creation), starting backup on such configuration led to |
1498 | ++crash, so current "something" is a lot better, and this test actual goal is |
1499 | ++to check that crash is fixed :) |
1500 | ++""" |
1501 | ++ |
1502 | ++vm = iotests.VM() |
1503 | ++vm.launch() |
1504 | ++ |
1505 | ++vm.qmp_log('blockdev-add', **{'node-name': 'target', 'driver': 'null-co'}) |
1506 | ++ |
1507 | ++vm.qmp_log('blockdev-add', **{ |
1508 | ++ 'node-name': 'source', |
1509 | ++ 'driver': 'blkdebug', |
1510 | ++ 'image': {'node-name': 'base', 'driver': 'null-co', 'size': size} |
1511 | ++}) |
1512 | ++ |
1513 | ++vm.qmp_log('blockdev-add', **{ |
1514 | ++ 'node-name': 'other', |
1515 | ++ 'driver': 'blkdebug', |
1516 | ++ 'image': 'base', |
1517 | ++ 'take-child-perms': ['write'] |
1518 | ++}) |
1519 | ++ |
1520 | ++vm.qmp_log('blockdev-backup', sync='full', device='source', target='target') |
1521 | ++ |
1522 | ++vm.shutdown() |
1523 | +--- /dev/null |
1524 | ++++ b/tests/qemu-iotests/283.out |
1525 | +@@ -0,0 +1,8 @@ |
1526 | ++{"execute": "blockdev-add", "arguments": {"driver": "null-co", "node-name": "target"}} |
1527 | ++{"return": {}} |
1528 | ++{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": {"driver": "null-co", "node-name": "base", "size": 1048576}, "node-name": "source"}} |
1529 | ++{"return": {}} |
1530 | ++{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": "base", "node-name": "other", "take-child-perms": ["write"]}} |
1531 | ++{"return": {}} |
1532 | ++{"execute": "blockdev-backup", "arguments": {"device": "source", "sync": "full", "target": "target"}} |
1533 | ++{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by other as 'image', which uses 'write' on base"}} |
1534 | +--- a/tests/qemu-iotests/group |
1535 | ++++ b/tests/qemu-iotests/group |
1536 | +@@ -286,3 +286,4 @@ |
1537 | + 272 rw |
1538 | + 273 backing quick |
1539 | + 277 rw quick |
1540 | ++283 auto quick |
1541 | diff --git a/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch b/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch |
1542 | new file mode 100644 |
1543 | index 0000000..a31cf9f |
1544 | --- /dev/null |
1545 | +++ b/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch |
1546 | @@ -0,0 +1,230 @@ |
1547 | +From 01fe1ca945345d3dc420d70c69488143dc0451b1 Mon Sep 17 00:00:00 2001 |
1548 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1549 | +Date: Wed, 11 Mar 2020 13:29:56 +0300 |
1550 | +Subject: [PATCH] job: refactor progress to separate object |
1551 | + |
1552 | +We need it in separate to pass to the block-copy object in the next |
1553 | +commit. |
1554 | + |
1555 | +Cc: qemu-stable@nongnu.org |
1556 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1557 | +Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> |
1558 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
1559 | +Message-Id: <20200311103004.7649-2-vsementsov@virtuozzo.com> |
1560 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1561 | + |
1562 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=01fe1ca945345d3dc420d70c69488143dc0451b1 |
1563 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1564 | +Last-Update: 2020-03-18 |
1565 | + |
1566 | +--- |
1567 | + blockjob.c | 16 +++++----- |
1568 | + include/qemu/job.h | 11 ++----- |
1569 | + include/qemu/progress_meter.h | 58 +++++++++++++++++++++++++++++++++++ |
1570 | + job-qmp.c | 4 +-- |
1571 | + job.c | 6 ++-- |
1572 | + qemu-img.c | 6 ++-- |
1573 | + 6 files changed, 76 insertions(+), 25 deletions(-) |
1574 | + create mode 100644 include/qemu/progress_meter.h |
1575 | + |
1576 | +diff --git a/blockjob.c b/blockjob.c |
1577 | +index 5d63b1e89d..fc850312c1 100644 |
1578 | +--- a/blockjob.c |
1579 | ++++ b/blockjob.c |
1580 | +@@ -299,8 +299,8 @@ BlockJobInfo *block_job_query(BlockJob *job, Error **errp) |
1581 | + info->device = g_strdup(job->job.id); |
1582 | + info->busy = atomic_read(&job->job.busy); |
1583 | + info->paused = job->job.pause_count > 0; |
1584 | +- info->offset = job->job.progress_current; |
1585 | +- info->len = job->job.progress_total; |
1586 | ++ info->offset = job->job.progress.current; |
1587 | ++ info->len = job->job.progress.total; |
1588 | + info->speed = job->speed; |
1589 | + info->io_status = job->iostatus; |
1590 | + info->ready = job_is_ready(&job->job), |
1591 | +@@ -330,8 +330,8 @@ static void block_job_event_cancelled(Notifier *n, void *opaque) |
1592 | + |
1593 | + qapi_event_send_block_job_cancelled(job_type(&job->job), |
1594 | + job->job.id, |
1595 | +- job->job.progress_total, |
1596 | +- job->job.progress_current, |
1597 | ++ job->job.progress.total, |
1598 | ++ job->job.progress.current, |
1599 | + job->speed); |
1600 | + } |
1601 | + |
1602 | +@@ -350,8 +350,8 @@ static void block_job_event_completed(Notifier *n, void *opaque) |
1603 | + |
1604 | + qapi_event_send_block_job_completed(job_type(&job->job), |
1605 | + job->job.id, |
1606 | +- job->job.progress_total, |
1607 | +- job->job.progress_current, |
1608 | ++ job->job.progress.total, |
1609 | ++ job->job.progress.current, |
1610 | + job->speed, |
1611 | + !!msg, |
1612 | + msg); |
1613 | +@@ -379,8 +379,8 @@ static void block_job_event_ready(Notifier *n, void *opaque) |
1614 | + |
1615 | + qapi_event_send_block_job_ready(job_type(&job->job), |
1616 | + job->job.id, |
1617 | +- job->job.progress_total, |
1618 | +- job->job.progress_current, |
1619 | ++ job->job.progress.total, |
1620 | ++ job->job.progress.current, |
1621 | + job->speed); |
1622 | + } |
1623 | + |
1624 | +diff --git a/include/qemu/job.h b/include/qemu/job.h |
1625 | +index bd59cd8944..32aabb1c60 100644 |
1626 | +--- a/include/qemu/job.h |
1627 | ++++ b/include/qemu/job.h |
1628 | +@@ -28,6 +28,7 @@ |
1629 | + |
1630 | + #include "qapi/qapi-types-job.h" |
1631 | + #include "qemu/queue.h" |
1632 | ++#include "qemu/progress_meter.h" |
1633 | + #include "qemu/coroutine.h" |
1634 | + #include "block/aio.h" |
1635 | + |
1636 | +@@ -117,15 +118,7 @@ typedef struct Job { |
1637 | + /** True if this job should automatically dismiss itself */ |
1638 | + bool auto_dismiss; |
1639 | + |
1640 | +- /** |
1641 | +- * Current progress. The unit is arbitrary as long as the ratio between |
1642 | +- * progress_current and progress_total represents the estimated percentage |
1643 | +- * of work already done. |
1644 | +- */ |
1645 | +- int64_t progress_current; |
1646 | +- |
1647 | +- /** Estimated progress_current value at the completion of the job */ |
1648 | +- int64_t progress_total; |
1649 | ++ ProgressMeter progress; |
1650 | + |
1651 | + /** |
1652 | + * Return code from @run and/or @prepare callback(s). |
1653 | +diff --git a/include/qemu/progress_meter.h b/include/qemu/progress_meter.h |
1654 | +new file mode 100644 |
1655 | +index 0000000000..9a23ff071c |
1656 | +--- /dev/null |
1657 | ++++ b/include/qemu/progress_meter.h |
1658 | +@@ -0,0 +1,58 @@ |
1659 | ++/* |
1660 | ++ * Helper functionality for some process progress tracking. |
1661 | ++ * |
1662 | ++ * Copyright (c) 2011 IBM Corp. |
1663 | ++ * Copyright (c) 2012, 2018 Red Hat, Inc. |
1664 | ++ * Copyright (c) 2020 Virtuozzo International GmbH |
1665 | ++ * |
1666 | ++ * Permission is hereby granted, free of charge, to any person obtaining a copy |
1667 | ++ * of this software and associated documentation files (the "Software"), to deal |
1668 | ++ * in the Software without restriction, including without limitation the rights |
1669 | ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
1670 | ++ * copies of the Software, and to permit persons to whom the Software is |
1671 | ++ * furnished to do so, subject to the following conditions: |
1672 | ++ * |
1673 | ++ * The above copyright notice and this permission notice shall be included in |
1674 | ++ * all copies or substantial portions of the Software. |
1675 | ++ * |
1676 | ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
1677 | ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
1678 | ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
1679 | ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
1680 | ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
1681 | ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
1682 | ++ * THE SOFTWARE. |
1683 | ++ */ |
1684 | ++ |
1685 | ++#ifndef QEMU_PROGRESS_METER_H |
1686 | ++#define QEMU_PROGRESS_METER_H |
1687 | ++ |
1688 | ++typedef struct ProgressMeter { |
1689 | ++ /** |
1690 | ++ * Current progress. The unit is arbitrary as long as the ratio between |
1691 | ++ * current and total represents the estimated percentage |
1692 | ++ * of work already done. |
1693 | ++ */ |
1694 | ++ uint64_t current; |
1695 | ++ |
1696 | ++ /** Estimated current value at the completion of the process */ |
1697 | ++ uint64_t total; |
1698 | ++} ProgressMeter; |
1699 | ++ |
1700 | ++static inline void progress_work_done(ProgressMeter *pm, uint64_t done) |
1701 | ++{ |
1702 | ++ pm->current += done; |
1703 | ++} |
1704 | ++ |
1705 | ++static inline void progress_set_remaining(ProgressMeter *pm, uint64_t remaining) |
1706 | ++{ |
1707 | ++ pm->total = pm->current + remaining; |
1708 | ++} |
1709 | ++ |
1710 | ++static inline void progress_increase_remaining(ProgressMeter *pm, |
1711 | ++ uint64_t delta) |
1712 | ++{ |
1713 | ++ pm->total += delta; |
1714 | ++} |
1715 | ++ |
1716 | ++#endif /* QEMU_PROGRESS_METER_H */ |
1717 | +diff --git a/job-qmp.c b/job-qmp.c |
1718 | +index fbfed25a00..fecc939ebd 100644 |
1719 | +--- a/job-qmp.c |
1720 | ++++ b/job-qmp.c |
1721 | +@@ -143,8 +143,8 @@ static JobInfo *job_query_single(Job *job, Error **errp) |
1722 | + .id = g_strdup(job->id), |
1723 | + .type = job_type(job), |
1724 | + .status = job->status, |
1725 | +- .current_progress = job->progress_current, |
1726 | +- .total_progress = job->progress_total, |
1727 | ++ .current_progress = job->progress.current, |
1728 | ++ .total_progress = job->progress.total, |
1729 | + .has_error = !!job->err, |
1730 | + .error = job->err ? \ |
1731 | + g_strdup(error_get_pretty(job->err)) : NULL, |
1732 | +diff --git a/job.c b/job.c |
1733 | +index 04409b40aa..134a07b92e 100644 |
1734 | +--- a/job.c |
1735 | ++++ b/job.c |
1736 | +@@ -369,17 +369,17 @@ void job_unref(Job *job) |
1737 | + |
1738 | + void job_progress_update(Job *job, uint64_t done) |
1739 | + { |
1740 | +- job->progress_current += done; |
1741 | ++ progress_work_done(&job->progress, done); |
1742 | + } |
1743 | + |
1744 | + void job_progress_set_remaining(Job *job, uint64_t remaining) |
1745 | + { |
1746 | +- job->progress_total = job->progress_current + remaining; |
1747 | ++ progress_set_remaining(&job->progress, remaining); |
1748 | + } |
1749 | + |
1750 | + void job_progress_increase_remaining(Job *job, uint64_t delta) |
1751 | + { |
1752 | +- job->progress_total += delta; |
1753 | ++ progress_increase_remaining(&job->progress, delta); |
1754 | + } |
1755 | + |
1756 | + void job_event_cancelled(Job *job) |
1757 | +diff --git a/qemu-img.c b/qemu-img.c |
1758 | +index 7b7087dd60..afddf33f08 100644 |
1759 | +--- a/qemu-img.c |
1760 | ++++ b/qemu-img.c |
1761 | +@@ -884,9 +884,9 @@ static void run_block_job(BlockJob *job, Error **errp) |
1762 | + do { |
1763 | + float progress = 0.0f; |
1764 | + aio_poll(aio_context, true); |
1765 | +- if (job->job.progress_total) { |
1766 | +- progress = (float)job->job.progress_current / |
1767 | +- job->job.progress_total * 100.f; |
1768 | ++ if (job->job.progress.total) { |
1769 | ++ progress = (float)job->job.progress.current / |
1770 | ++ job->job.progress.total * 100.f; |
1771 | + } |
1772 | + qemu_progress_print(progress, 0); |
1773 | + } while (!job_is_ready(&job->job) && !job_is_completed(&job->job)); |
1774 | +-- |
1775 | +2.25.1 |
1776 | + |
1777 | diff --git a/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch b/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch |
1778 | new file mode 100644 |
1779 | index 0000000..5047c62 |
1780 | --- /dev/null |
1781 | +++ b/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch |
1782 | @@ -0,0 +1,41 @@ |
1783 | +From dcc474c69e6a59044b9bb54624bd636cbfd98aa9 Mon Sep 17 00:00:00 2001 |
1784 | +From: "Emilio G. Cota" <cota@braap.org> |
1785 | +Date: Tue, 25 Feb 2020 12:47:02 +0000 |
1786 | +Subject: [PATCH] plugins/core: add missing break in cb_to_tcg_flags |
1787 | +MIME-Version: 1.0 |
1788 | +Content-Type: text/plain; charset=UTF-8 |
1789 | +Content-Transfer-Encoding: 8bit |
1790 | + |
1791 | +Fixes: 54cb65d8588 |
1792 | +Reported-by: Robert Henry <robhenry@microsoft.com> |
1793 | +Signed-off-by: Emilio G. Cota <cota@braap.org> |
1794 | +Signed-off-by: Alex Bennée <alex.bennee@linaro.org> |
1795 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
1796 | +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> |
1797 | +Message-Id: <20200105072940.32204-1-cota@braap.org> |
1798 | +Cc: qemu-stable@nongnu.org |
1799 | +Message-Id: <20200225124710.14152-12-alex.bennee@linaro.org> |
1800 | + |
1801 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=dcc474c69e6a59044b9bb54624bd636cbfd98aa9 |
1802 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1803 | +Last-Update: 2020-03-18 |
1804 | + |
1805 | +--- |
1806 | + plugins/core.c | 1 + |
1807 | + 1 file changed, 1 insertion(+) |
1808 | + |
1809 | +diff --git a/plugins/core.c b/plugins/core.c |
1810 | +index 9e1b9e7a91..ed863011ba 100644 |
1811 | +--- a/plugins/core.c |
1812 | ++++ b/plugins/core.c |
1813 | +@@ -286,6 +286,7 @@ static inline uint32_t cb_to_tcg_flags(enum qemu_plugin_cb_flags flags) |
1814 | + switch (flags) { |
1815 | + case QEMU_PLUGIN_CB_RW_REGS: |
1816 | + ret = 0; |
1817 | ++ break; |
1818 | + case QEMU_PLUGIN_CB_R_REGS: |
1819 | + ret = TCG_CALL_NO_WG; |
1820 | + break; |
1821 | +-- |
1822 | +2.25.1 |
1823 | + |
1824 | diff --git a/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch b/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch |
1825 | new file mode 100644 |
1826 | index 0000000..ed7560a |
1827 | --- /dev/null |
1828 | +++ b/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch |
1829 | @@ -0,0 +1,39 @@ |
1830 | +From 3ede935fdbbd5f7b24b4724bbfb8938acb5956d8 Mon Sep 17 00:00:00 2001 |
1831 | +From: Max Reitz <mreitz@redhat.com> |
1832 | +Date: Tue, 25 Feb 2020 15:31:28 +0100 |
1833 | +Subject: [PATCH] qcow2: Fix alloc_cluster_abort() for pre-existing clusters |
1834 | + |
1835 | +handle_alloc() reuses preallocated zero clusters. If anything goes |
1836 | +wrong during the data write, we do not change their L2 entry, so we |
1837 | +must not let qcow2_alloc_cluster_abort() free them. |
1838 | + |
1839 | +Fixes: 8b24cd141549b5b264baeddd4e72902cfb5de23b |
1840 | +Cc: qemu-stable@nongnu.org |
1841 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1842 | +Message-Id: <20200225143130.111267-2-mreitz@redhat.com> |
1843 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
1844 | + |
1845 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=3ede935fdbbd5f7b24b4724bbfb8938acb5956d8 |
1846 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1847 | +Last-Update: 2020-03-18 |
1848 | + |
1849 | +--- |
1850 | + block/qcow2-cluster.c | 2 +- |
1851 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1852 | + |
1853 | +diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c |
1854 | +index 78c95dfa16..17f1363279 100644 |
1855 | +--- a/block/qcow2-cluster.c |
1856 | ++++ b/block/qcow2-cluster.c |
1857 | +@@ -1026,7 +1026,7 @@ err: |
1858 | + void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m) |
1859 | + { |
1860 | + BDRVQcow2State *s = bs->opaque; |
1861 | +- if (!has_data_file(bs)) { |
1862 | ++ if (!has_data_file(bs) && !m->keep_old_clusters) { |
1863 | + qcow2_free_clusters(bs, m->alloc_offset, |
1864 | + m->nb_clusters << s->cluster_bits, |
1865 | + QCOW2_DISCARD_NEVER); |
1866 | +-- |
1867 | +2.25.1 |
1868 | + |
1869 | diff --git a/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch b/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch |
1870 | new file mode 100644 |
1871 | index 0000000..b7acd5b |
1872 | --- /dev/null |
1873 | +++ b/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch |
1874 | @@ -0,0 +1,44 @@ |
1875 | +From c3b6658c1a5a3fb24d6c27b2594cf86146f75b22 Mon Sep 17 00:00:00 2001 |
1876 | +From: Kevin Wolf <kwolf@redhat.com> |
1877 | +Date: Tue, 11 Feb 2020 10:48:59 +0100 |
1878 | +Subject: [PATCH] qcow2: Fix qcow2_alloc_cluster_abort() for external data file |
1879 | + |
1880 | +For external data file, cluster allocations return an offset in the data |
1881 | +file and are not refcounted. In this case, there is nothing to do for |
1882 | +qcow2_alloc_cluster_abort(). Freeing the same offset in the qcow2 file |
1883 | +is wrong and causes crashes in the better case or image corruption in |
1884 | +the worse case. |
1885 | + |
1886 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
1887 | +Message-Id: <20200211094900.17315-3-kwolf@redhat.com> |
1888 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
1889 | + |
1890 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c3b6658c1a5a3fb24d6c27b2594cf86146f75b22 |
1891 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1892 | +Last-Update: 2020-03-18 |
1893 | + |
1894 | +--- |
1895 | + block/qcow2-cluster.c | 7 +++++-- |
1896 | + 1 file changed, 5 insertions(+), 2 deletions(-) |
1897 | + |
1898 | +diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c |
1899 | +index 1947f13a2d..78c95dfa16 100644 |
1900 | +--- a/block/qcow2-cluster.c |
1901 | ++++ b/block/qcow2-cluster.c |
1902 | +@@ -1026,8 +1026,11 @@ err: |
1903 | + void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m) |
1904 | + { |
1905 | + BDRVQcow2State *s = bs->opaque; |
1906 | +- qcow2_free_clusters(bs, m->alloc_offset, m->nb_clusters << s->cluster_bits, |
1907 | +- QCOW2_DISCARD_NEVER); |
1908 | ++ if (!has_data_file(bs)) { |
1909 | ++ qcow2_free_clusters(bs, m->alloc_offset, |
1910 | ++ m->nb_clusters << s->cluster_bits, |
1911 | ++ QCOW2_DISCARD_NEVER); |
1912 | ++ } |
1913 | + } |
1914 | + |
1915 | + /* |
1916 | +-- |
1917 | +2.25.1 |
1918 | + |
1919 | diff --git a/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch b/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch |
1920 | new file mode 100644 |
1921 | index 0000000..b1b1869 |
1922 | --- /dev/null |
1923 | +++ b/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch |
1924 | @@ -0,0 +1,102 @@ |
1925 | +From a1db8733d28d615bc0daeada6c406a6dd5c5d5ef Mon Sep 17 00:00:00 2001 |
1926 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1927 | +Date: Mon, 14 Oct 2019 14:51:25 +0300 |
1928 | +Subject: [PATCH] qcow2-bitmaps: fix qcow2_can_store_new_dirty_bitmap |
1929 | + |
1930 | +qcow2_can_store_new_dirty_bitmap works wrong, as it considers only |
1931 | +bitmaps already stored in the qcow2 image and ignores persistent |
1932 | +BdrvDirtyBitmap objects. |
1933 | + |
1934 | +So, let's instead count persistent BdrvDirtyBitmaps. We load all qcow2 |
1935 | +bitmaps on open, so there should not be any bitmap in the image for |
1936 | +which we don't have BdrvDirtyBitmaps version. If it is - it's a kind of |
1937 | +corruption, and no reason to check for corruptions here (open() and |
1938 | +close() are better places for it). |
1939 | + |
1940 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1941 | +Message-id: 20191014115126.15360-2-vsementsov@virtuozzo.com |
1942 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
1943 | +Cc: qemu-stable@nongnu.org |
1944 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1945 | + |
1946 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a1db8733d28d615bc0daeada6c406a6dd5c5d5ef |
1947 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1948 | +Last-Update: 2020-03-18 |
1949 | + |
1950 | +--- |
1951 | + block/qcow2-bitmap.c | 41 ++++++++++++++++++----------------------- |
1952 | + 1 file changed, 18 insertions(+), 23 deletions(-) |
1953 | + |
1954 | +diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c |
1955 | +index c6c8ebbe89..d41f5d049b 100644 |
1956 | +--- a/block/qcow2-bitmap.c |
1957 | ++++ b/block/qcow2-bitmap.c |
1958 | +@@ -1703,8 +1703,14 @@ bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs, |
1959 | + Error **errp) |
1960 | + { |
1961 | + BDRVQcow2State *s = bs->opaque; |
1962 | +- bool found; |
1963 | +- Qcow2BitmapList *bm_list; |
1964 | ++ BdrvDirtyBitmap *bitmap; |
1965 | ++ uint64_t bitmap_directory_size = 0; |
1966 | ++ uint32_t nb_bitmaps = 0; |
1967 | ++ |
1968 | ++ if (bdrv_find_dirty_bitmap(bs, name)) { |
1969 | ++ error_setg(errp, "Bitmap already exists: %s", name); |
1970 | ++ return false; |
1971 | ++ } |
1972 | + |
1973 | + if (s->qcow_version < 3) { |
1974 | + /* Without autoclear_features, we would always have to assume |
1975 | +@@ -1720,38 +1726,27 @@ bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs, |
1976 | + goto fail; |
1977 | + } |
1978 | + |
1979 | +- if (s->nb_bitmaps == 0) { |
1980 | +- return true; |
1981 | ++ FOR_EACH_DIRTY_BITMAP(bs, bitmap) { |
1982 | ++ if (bdrv_dirty_bitmap_get_persistence(bitmap)) { |
1983 | ++ nb_bitmaps++; |
1984 | ++ bitmap_directory_size += |
1985 | ++ calc_dir_entry_size(strlen(bdrv_dirty_bitmap_name(bitmap)), 0); |
1986 | ++ } |
1987 | + } |
1988 | ++ nb_bitmaps++; |
1989 | ++ bitmap_directory_size += calc_dir_entry_size(strlen(name), 0); |
1990 | + |
1991 | +- if (s->nb_bitmaps >= QCOW2_MAX_BITMAPS) { |
1992 | ++ if (nb_bitmaps > QCOW2_MAX_BITMAPS) { |
1993 | + error_setg(errp, |
1994 | + "Maximum number of persistent bitmaps is already reached"); |
1995 | + goto fail; |
1996 | + } |
1997 | + |
1998 | +- if (s->bitmap_directory_size + calc_dir_entry_size(strlen(name), 0) > |
1999 | +- QCOW2_MAX_BITMAP_DIRECTORY_SIZE) |
2000 | +- { |
2001 | ++ if (bitmap_directory_size > QCOW2_MAX_BITMAP_DIRECTORY_SIZE) { |
2002 | + error_setg(errp, "Not enough space in the bitmap directory"); |
2003 | + goto fail; |
2004 | + } |
2005 | + |
2006 | +- qemu_co_mutex_lock(&s->lock); |
2007 | +- bm_list = bitmap_list_load(bs, s->bitmap_directory_offset, |
2008 | +- s->bitmap_directory_size, errp); |
2009 | +- qemu_co_mutex_unlock(&s->lock); |
2010 | +- if (bm_list == NULL) { |
2011 | +- goto fail; |
2012 | +- } |
2013 | +- |
2014 | +- found = find_bitmap_by_name(bm_list, name); |
2015 | +- bitmap_list_free(bm_list); |
2016 | +- if (found) { |
2017 | +- error_setg(errp, "Bitmap with the same name is already stored"); |
2018 | +- goto fail; |
2019 | +- } |
2020 | +- |
2021 | + return true; |
2022 | + |
2023 | + fail: |
2024 | +-- |
2025 | +2.25.1 |
2026 | + |
2027 | diff --git a/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch b/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch |
2028 | new file mode 100644 |
2029 | index 0000000..ed8ab96 |
2030 | --- /dev/null |
2031 | +++ b/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch |
2032 | @@ -0,0 +1,54 @@ |
2033 | +From c69291e712ae4ef95f628424db6586473da61d43 Mon Sep 17 00:00:00 2001 |
2034 | +From: Max Reitz <mreitz@redhat.com> |
2035 | +Date: Tue, 21 Jan 2020 16:59:14 +0100 |
2036 | +Subject: [PATCH] qemu-img: Fix convert -n -B for backing-less targets |
2037 | + |
2038 | +s.target_has_backing does not reflect whether the target BDS has a |
2039 | +backing file; it only tells whether we should use a backing file during |
2040 | +conversion (specified by -B). |
2041 | + |
2042 | +As such, if you use convert -n, the target does not necessarily actually |
2043 | +have a backing file, and then dereferencing out_bs->backing fails here. |
2044 | + |
2045 | +When converting to an existing file, we should set |
2046 | +target_backing_sectors to a negative value, because first, as the |
2047 | +comment explains, this value is only used for optimization, so it is |
2048 | +always fine to do that. |
2049 | + |
2050 | +Second, we use this value to determine where the target must be |
2051 | +initialized to zeroes (overlays are initialized to zero after the end of |
2052 | +their backing file). When converting to an existing file, we cannot |
2053 | +assume that to be true. |
2054 | + |
2055 | +Cc: qemu-stable@nongnu.org |
2056 | +Fixes: 351c8efff9ad809c822d55620df54d575d536f68 |
2057 | + ("qemu-img: Special post-backing convert handling") |
2058 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
2059 | +Message-Id: <20200121155915.98232-2-mreitz@redhat.com> |
2060 | +Reviewed-by: John Snow <jsnow@redhat.com> |
2061 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
2062 | + |
2063 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c69291e712ae4ef95f628424db6586473da61d43 |
2064 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2065 | +Last-Update: 2020-03-18 |
2066 | + |
2067 | +--- |
2068 | + qemu-img.c | 2 +- |
2069 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2070 | + |
2071 | +diff --git a/qemu-img.c b/qemu-img.c |
2072 | +index 0faf2cd2f5..804630a368 100644 |
2073 | +--- a/qemu-img.c |
2074 | ++++ b/qemu-img.c |
2075 | +@@ -2523,7 +2523,7 @@ static int img_convert(int argc, char **argv) |
2076 | + } |
2077 | + } |
2078 | + |
2079 | +- if (s.target_has_backing) { |
2080 | ++ if (s.target_has_backing && s.target_is_new) { |
2081 | + /* Errors are treated as "backing length unknown" (which means |
2082 | + * s.target_backing_sectors has to be negative, which it will |
2083 | + * be automatically). The backing file length is used only |
2084 | +-- |
2085 | +2.25.1 |
2086 | + |
2087 | diff --git a/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch b/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch |
2088 | new file mode 100644 |
2089 | index 0000000..fb21432 |
2090 | --- /dev/null |
2091 | +++ b/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch |
2092 | @@ -0,0 +1,40 @@ |
2093 | +From 8b51c0961cc13e55b26bb6665ec3a341abdc7658 Mon Sep 17 00:00:00 2001 |
2094 | +From: Christian Borntraeger <borntraeger@de.ibm.com> |
2095 | +Date: Thu, 20 Feb 2020 14:16:22 +0100 |
2096 | +Subject: [PATCH] s390/sclp: improve special wait psw logic |
2097 | + |
2098 | +There is a special quiesce PSW that we check for "shutdown". Otherwise disabled |
2099 | +wait is detected as "crashed". Architecturally we must only check PSW bits |
2100 | +116-127. Fix this. |
2101 | + |
2102 | +Cc: qemu-stable@nongnu.org |
2103 | +Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> |
2104 | +Message-Id: <1582204582-22995-1-git-send-email-borntraeger@de.ibm.com> |
2105 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
2106 | +Acked-by: Janosch Frank <frankja@linux.ibm.com> |
2107 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
2108 | + |
2109 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=8b51c0961cc13e55b26bb6665ec3a341abdc7658 |
2110 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2111 | +Last-Update: 2020-03-18 |
2112 | + |
2113 | +--- |
2114 | + target/s390x/helper.c | 2 +- |
2115 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2116 | + |
2117 | +diff --git a/target/s390x/helper.c b/target/s390x/helper.c |
2118 | +index b810ad431e..ed72684911 100644 |
2119 | +--- a/target/s390x/helper.c |
2120 | ++++ b/target/s390x/helper.c |
2121 | +@@ -89,7 +89,7 @@ hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr vaddr) |
2122 | + static inline bool is_special_wait_psw(uint64_t psw_addr) |
2123 | + { |
2124 | + /* signal quiesce */ |
2125 | +- return psw_addr == 0xfffUL; |
2126 | ++ return (psw_addr & 0xfffUL) == 0xfffUL; |
2127 | + } |
2128 | + |
2129 | + void s390_handle_wait(S390CPU *cpu) |
2130 | +-- |
2131 | +2.25.1 |
2132 | + |
2133 | diff --git a/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch b/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch |
2134 | new file mode 100644 |
2135 | index 0000000..6c4bce9 |
2136 | --- /dev/null |
2137 | +++ b/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch |
2138 | @@ -0,0 +1,46 @@ |
2139 | +From 30d544839e278dc76017b9a42990c41e84a34377 Mon Sep 17 00:00:00 2001 |
2140 | +From: Jeff Kubascik <jeff.kubascik@dornerworks.com> |
2141 | +Date: Fri, 17 Jan 2020 14:09:31 +0000 |
2142 | +Subject: [PATCH] target/arm: Return correct IL bit in merge_syn_data_abort |
2143 | + |
2144 | +The IL bit is set for 32-bit instructions, thus passing false |
2145 | +with the is_16bit parameter to syn_data_abort_with_iss() makes |
2146 | +a syn mask that always has the IL bit set. |
2147 | + |
2148 | +Pass is_16bit as true to make the initial syn mask have IL=0, |
2149 | +so that the final IL value comes from or'ing template_syn. |
2150 | + |
2151 | +Cc: qemu-stable@nongnu.org |
2152 | +Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts") |
2153 | +Signed-off-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> |
2154 | +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
2155 | +Message-id: 20200117004618.2742-2-richard.henderson@linaro.org |
2156 | +[rth: Extracted this as a self-contained bug fix from a larger patch] |
2157 | +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
2158 | +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
2159 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2160 | + |
2161 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=30d544839e278dc76017b9a42990c41e84a34377 |
2162 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2163 | +Last-Update: 2020-03-18 |
2164 | + |
2165 | +--- |
2166 | + target/arm/tlb_helper.c | 2 +- |
2167 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2168 | + |
2169 | +diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c |
2170 | +index 5feb312941..e63f8bda29 100644 |
2171 | +--- a/target/arm/tlb_helper.c |
2172 | ++++ b/target/arm/tlb_helper.c |
2173 | +@@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, |
2174 | + syn = syn_data_abort_with_iss(same_el, |
2175 | + 0, 0, 0, 0, 0, |
2176 | + ea, 0, s1ptw, is_write, fsc, |
2177 | +- false); |
2178 | ++ true); |
2179 | + /* Merge the runtime syndrome with the template syndrome. */ |
2180 | + syn |= template_syn; |
2181 | + } |
2182 | +-- |
2183 | +2.25.1 |
2184 | + |
2185 | diff --git a/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch b/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch |
2186 | new file mode 100644 |
2187 | index 0000000..46f0f6d |
2188 | --- /dev/null |
2189 | +++ b/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch |
2190 | @@ -0,0 +1,42 @@ |
2191 | +From 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 Mon Sep 17 00:00:00 2001 |
2192 | +From: Richard Henderson <richard.henderson@linaro.org> |
2193 | +Date: Fri, 17 Jan 2020 14:09:31 +0000 |
2194 | +Subject: [PATCH] target/arm: Set ISSIs16Bit in make_issinfo |
2195 | + |
2196 | +During the conversion to decodetree, the setting of |
2197 | +ISSIs16Bit got lost. This causes the guest os to |
2198 | +incorrectly adjust trapping memory operations. |
2199 | + |
2200 | +Cc: qemu-stable@nongnu.org |
2201 | +Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)") |
2202 | +Reported-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> |
2203 | +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
2204 | +Message-id: 20200117004618.2742-3-richard.henderson@linaro.org |
2205 | +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
2206 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2207 | + |
2208 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 |
2209 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2210 | +Last-Update: 2020-03-18 |
2211 | + |
2212 | +--- |
2213 | + target/arm/translate.c | 3 +++ |
2214 | + 1 file changed, 3 insertions(+) |
2215 | + |
2216 | +diff --git a/target/arm/translate.c b/target/arm/translate.c |
2217 | +index 0c8624fb42..2f4aea927f 100644 |
2218 | +--- a/target/arm/translate.c |
2219 | ++++ b/target/arm/translate.c |
2220 | +@@ -8556,6 +8556,9 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w) |
2221 | + /* ISS not valid if writeback */ |
2222 | + if (p && !w) { |
2223 | + ret = rd; |
2224 | ++ if (s->base.pc_next - s->pc_curr == 2) { |
2225 | ++ ret |= ISSIs16Bit; |
2226 | ++ } |
2227 | + } else { |
2228 | + ret = ISSInvalid; |
2229 | + } |
2230 | +-- |
2231 | +2.25.1 |
2232 | + |
2233 | diff --git a/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch b/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch |
2234 | new file mode 100644 |
2235 | index 0000000..4f7a731 |
2236 | --- /dev/null |
2237 | +++ b/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch |
2238 | @@ -0,0 +1,79 @@ |
2239 | +From 21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db Mon Sep 17 00:00:00 2001 |
2240 | +From: Masahiro Yamada <masahiroy@kernel.org> |
2241 | +Date: Fri, 17 Jan 2020 14:09:30 +0000 |
2242 | +Subject: [PATCH] target/arm/arm-semi: fix SYS_OPEN to return nonzero |
2243 | + filehandle |
2244 | + |
2245 | +According to the specification "Semihosting for AArch32 and Aarch64", |
2246 | +the SYS_OPEN operation should return: |
2247 | + |
2248 | + - A nonzero handle if the call is successful |
2249 | + - -1 if the call is not successful |
2250 | + |
2251 | +So, it should never return 0. |
2252 | + |
2253 | +Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting |
2254 | +code hand out its own file descriptors"), the guest fd matched to the |
2255 | +host fd. It returned a nonzero handle on success since the fd 0 is |
2256 | +already used for stdin. |
2257 | + |
2258 | +Now that the guest fd is the index of guestfd_array, it starts from 0. |
2259 | + |
2260 | +I noticed this issue particularly because Trusted Firmware-A built with |
2261 | +PLAT=qemu is no longer working. Its io_semihosting driver only handles |
2262 | +a positive return value as a valid filehandle. |
2263 | + |
2264 | +Basically, there are two ways to fix this: |
2265 | + |
2266 | + - Use (guestfd - 1) as the index of guestfs_arrary. We need to insert |
2267 | + increment/decrement to convert the guestfd and the array index back |
2268 | + and forth. |
2269 | + |
2270 | + - Keep using guestfd as the index of guestfs_array. The first entry |
2271 | + of guestfs_array is left unused. |
2272 | + |
2273 | +I thought the latter is simpler. We end up with wasting a small piece |
2274 | +of memory for the unused first entry of guestfd_array, but this is |
2275 | +probably not a big deal. |
2276 | + |
2277 | +Fixes: 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors") |
2278 | +Cc: qemu-stable@nongnu.org |
2279 | +Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
2280 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
2281 | +Message-id: 20200109041228.10131-1-masahiroy@kernel.org |
2282 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2283 | + |
2284 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db |
2285 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2286 | +Last-Update: 2020-03-18 |
2287 | + |
2288 | +--- |
2289 | + target/arm/arm-semi.c | 5 +++-- |
2290 | + 1 file changed, 3 insertions(+), 2 deletions(-) |
2291 | + |
2292 | +diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c |
2293 | +index 47d61f6fe1..788fe61b51 100644 |
2294 | +--- a/target/arm/arm-semi.c |
2295 | ++++ b/target/arm/arm-semi.c |
2296 | +@@ -144,7 +144,8 @@ static int alloc_guestfd(void) |
2297 | + guestfd_array = g_array_new(FALSE, TRUE, sizeof(GuestFD)); |
2298 | + } |
2299 | + |
2300 | +- for (i = 0; i < guestfd_array->len; i++) { |
2301 | ++ /* SYS_OPEN should return nonzero handle on success. Start guestfd from 1 */ |
2302 | ++ for (i = 1; i < guestfd_array->len; i++) { |
2303 | + GuestFD *gf = &g_array_index(guestfd_array, GuestFD, i); |
2304 | + |
2305 | + if (gf->type == GuestFDUnused) { |
2306 | +@@ -168,7 +169,7 @@ static GuestFD *do_get_guestfd(int guestfd) |
2307 | + return NULL; |
2308 | + } |
2309 | + |
2310 | +- if (guestfd < 0 || guestfd >= guestfd_array->len) { |
2311 | ++ if (guestfd <= 0 || guestfd >= guestfd_array->len) { |
2312 | + return NULL; |
2313 | + } |
2314 | + |
2315 | +-- |
2316 | +2.25.1 |
2317 | + |
2318 | diff --git a/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch b/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch |
2319 | new file mode 100644 |
2320 | index 0000000..896de43 |
2321 | --- /dev/null |
2322 | +++ b/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch |
2323 | @@ -0,0 +1,127 @@ |
2324 | +From f80741d107673f162e3b097fc76a1590036cc9d1 Mon Sep 17 00:00:00 2001 |
2325 | +From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org> |
2326 | +Date: Thu, 12 Dec 2019 11:47:34 +0000 |
2327 | +Subject: [PATCH] target/arm: ensure we use current exception state after SCR |
2328 | + update |
2329 | +MIME-Version: 1.0 |
2330 | +Content-Type: text/plain; charset=UTF-8 |
2331 | +Content-Transfer-Encoding: 8bit |
2332 | + |
2333 | +A write to the SCR can change the effective EL by droppping the system |
2334 | +from secure to non-secure mode. However if we use a cached current_el |
2335 | +from before the change we'll rebuild the flags incorrectly. To fix |
2336 | +this we introduce the ARM_CP_NEWEL CP flag to indicate the new EL |
2337 | +should be used when recomputing the flags. |
2338 | + |
2339 | +Signed-off-by: Alex Bennée <alex.bennee@linaro.org> |
2340 | +Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
2341 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
2342 | +Message-id: 20191212114734.6962-1-alex.bennee@linaro.org |
2343 | +Cc: Richard Henderson <richard.henderson@linaro.org> |
2344 | +Message-Id: <20191209143723.6368-1-alex.bennee@linaro.org> |
2345 | +Cc: qemu-stable@nongnu.org |
2346 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2347 | + |
2348 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=f80741d107673f162e3b097fc76a1590036cc9d1 |
2349 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2350 | +Last-Update: 2020-03-18 |
2351 | + |
2352 | +--- |
2353 | + target/arm/cpu.h | 8 ++++++-- |
2354 | + target/arm/helper.c | 14 +++++++++++++- |
2355 | + target/arm/helper.h | 1 + |
2356 | + target/arm/translate.c | 6 +++++- |
2357 | + 4 files changed, 25 insertions(+), 4 deletions(-) |
2358 | + |
2359 | +diff --git a/target/arm/cpu.h b/target/arm/cpu.h |
2360 | +index 4106e4ae59..5f70e9e043 100644 |
2361 | +--- a/target/arm/cpu.h |
2362 | ++++ b/target/arm/cpu.h |
2363 | +@@ -2238,6 +2238,9 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid) |
2364 | + * RAISES_EXC is for when the read or write hook might raise an exception; |
2365 | + * the generated code will synchronize the CPU state before calling the hook |
2366 | + * so that it is safe for the hook to call raise_exception(). |
2367 | ++ * NEWEL is for writes to registers that might change the exception |
2368 | ++ * level - typically on older ARM chips. For those cases we need to |
2369 | ++ * re-read the new el when recomputing the translation flags. |
2370 | + */ |
2371 | + #define ARM_CP_SPECIAL 0x0001 |
2372 | + #define ARM_CP_CONST 0x0002 |
2373 | +@@ -2257,10 +2260,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid) |
2374 | + #define ARM_CP_SVE 0x2000 |
2375 | + #define ARM_CP_NO_GDB 0x4000 |
2376 | + #define ARM_CP_RAISES_EXC 0x8000 |
2377 | ++#define ARM_CP_NEWEL 0x10000 |
2378 | + /* Used only as a terminator for ARMCPRegInfo lists */ |
2379 | +-#define ARM_CP_SENTINEL 0xffff |
2380 | ++#define ARM_CP_SENTINEL 0xfffff |
2381 | + /* Mask of only the flag bits in a type field */ |
2382 | +-#define ARM_CP_FLAG_MASK 0xf0ff |
2383 | ++#define ARM_CP_FLAG_MASK 0x1f0ff |
2384 | + |
2385 | + /* Valid values for ARMCPRegInfo state field, indicating which of |
2386 | + * the AArch32 and AArch64 execution states this register is visible in. |
2387 | +diff --git a/target/arm/helper.c b/target/arm/helper.c |
2388 | +index 3a93844a3b..5074b5f69c 100644 |
2389 | +--- a/target/arm/helper.c |
2390 | ++++ b/target/arm/helper.c |
2391 | +@@ -5133,7 +5133,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = { |
2392 | + .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0, |
2393 | + .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3), |
2394 | + .resetvalue = 0, .writefn = scr_write }, |
2395 | +- { .name = "SCR", .type = ARM_CP_ALIAS, |
2396 | ++ { .name = "SCR", .type = ARM_CP_ALIAS | ARM_CP_NEWEL, |
2397 | + .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0, |
2398 | + .access = PL1_RW, .accessfn = access_trap_aa32s_el1, |
2399 | + .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3), |
2400 | +@@ -11472,6 +11472,18 @@ void HELPER(rebuild_hflags_m32)(CPUARMState *env, int el) |
2401 | + env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx); |
2402 | + } |
2403 | + |
2404 | ++/* |
2405 | ++ * If we have triggered a EL state change we can't rely on the |
2406 | ++ * translator having passed it too us, we need to recompute. |
2407 | ++ */ |
2408 | ++void HELPER(rebuild_hflags_a32_newel)(CPUARMState *env) |
2409 | ++{ |
2410 | ++ int el = arm_current_el(env); |
2411 | ++ int fp_el = fp_exception_el(env, el); |
2412 | ++ ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el); |
2413 | ++ env->hflags = rebuild_hflags_a32(env, fp_el, mmu_idx); |
2414 | ++} |
2415 | ++ |
2416 | + void HELPER(rebuild_hflags_a32)(CPUARMState *env, int el) |
2417 | + { |
2418 | + int fp_el = fp_exception_el(env, el); |
2419 | +diff --git a/target/arm/helper.h b/target/arm/helper.h |
2420 | +index 7ce5169afb..aa3d8cd08f 100644 |
2421 | +--- a/target/arm/helper.h |
2422 | ++++ b/target/arm/helper.h |
2423 | +@@ -91,6 +91,7 @@ DEF_HELPER_2(get_user_reg, i32, env, i32) |
2424 | + DEF_HELPER_3(set_user_reg, void, env, i32, i32) |
2425 | + |
2426 | + DEF_HELPER_FLAGS_2(rebuild_hflags_m32, TCG_CALL_NO_RWG, void, env, int) |
2427 | ++DEF_HELPER_FLAGS_1(rebuild_hflags_a32_newel, TCG_CALL_NO_RWG, void, env) |
2428 | + DEF_HELPER_FLAGS_2(rebuild_hflags_a32, TCG_CALL_NO_RWG, void, env, int) |
2429 | + DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, void, env, int) |
2430 | + |
2431 | +diff --git a/target/arm/translate.c b/target/arm/translate.c |
2432 | +index f162be8434..2b6c1f91bf 100644 |
2433 | +--- a/target/arm/translate.c |
2434 | ++++ b/target/arm/translate.c |
2435 | +@@ -7083,7 +7083,11 @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn) |
2436 | + if (arm_dc_feature(s, ARM_FEATURE_M)) { |
2437 | + gen_helper_rebuild_hflags_m32(cpu_env, tcg_el); |
2438 | + } else { |
2439 | +- gen_helper_rebuild_hflags_a32(cpu_env, tcg_el); |
2440 | ++ if (ri->type & ARM_CP_NEWEL) { |
2441 | ++ gen_helper_rebuild_hflags_a32_newel(cpu_env); |
2442 | ++ } else { |
2443 | ++ gen_helper_rebuild_hflags_a32(cpu_env, tcg_el); |
2444 | ++ } |
2445 | + } |
2446 | + tcg_temp_free_i32(tcg_el); |
2447 | + /* |
2448 | +-- |
2449 | +2.25.1 |
2450 | + |
2451 | diff --git a/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch b/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch |
2452 | new file mode 100644 |
2453 | index 0000000..9316575 |
2454 | --- /dev/null |
2455 | +++ b/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch |
2456 | @@ -0,0 +1,169 @@ |
2457 | +From 420ae1fc51c99abfd03b1c590f55617edd2a2bed Mon Sep 17 00:00:00 2001 |
2458 | +From: Paolo Bonzini <pbonzini@redhat.com> |
2459 | +Date: Mon, 20 Jan 2020 19:21:42 +0100 |
2460 | +Subject: [PATCH] target/i386: kvm: initialize feature MSRs very early |
2461 | + |
2462 | +Some read-only MSRs affect the behavior of ioctls such as |
2463 | +KVM_SET_NESTED_STATE. We can initialize them once and for all |
2464 | +right after the CPU is realized, since they will never be modified |
2465 | +by the guest. |
2466 | + |
2467 | +Reported-by: Qingua Cheng <qcheng@redhat.com> |
2468 | +Cc: qemu-stable@nongnu.org |
2469 | +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
2470 | +Message-Id: <1579544504-3616-2-git-send-email-pbonzini@redhat.com> |
2471 | +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
2472 | + |
2473 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=420ae1fc51c99abfd03b1c590f55617edd2a2bed |
2474 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2475 | +Last-Update: 2020-03-18 |
2476 | + |
2477 | +--- |
2478 | + target/i386/kvm.c | 81 +++++++++++++++++++++++++----------------- |
2479 | + target/i386/kvm_i386.h | 1 + |
2480 | + 2 files changed, 49 insertions(+), 33 deletions(-) |
2481 | + |
2482 | +diff --git a/target/i386/kvm.c b/target/i386/kvm.c |
2483 | +index 7ee3202634..f6dd6b790e 100644 |
2484 | +--- a/target/i386/kvm.c |
2485 | ++++ b/target/i386/kvm.c |
2486 | +@@ -67,6 +67,8 @@ |
2487 | + * 255 kvm_msr_entry structs */ |
2488 | + #define MSR_BUF_SIZE 4096 |
2489 | + |
2490 | ++static void kvm_init_msrs(X86CPU *cpu); |
2491 | ++ |
2492 | + const KVMCapabilityInfo kvm_arch_required_capabilities[] = { |
2493 | + KVM_CAP_INFO(SET_TSS_ADDR), |
2494 | + KVM_CAP_INFO(EXT_CPUID), |
2495 | +@@ -1842,6 +1844,8 @@ int kvm_arch_init_vcpu(CPUState *cs) |
2496 | + has_msr_tsc_aux = false; |
2497 | + } |
2498 | + |
2499 | ++ kvm_init_msrs(cpu); |
2500 | ++ |
2501 | + r = hyperv_init_vcpu(cpu); |
2502 | + if (r) { |
2503 | + goto fail; |
2504 | +@@ -2660,11 +2664,53 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f) |
2505 | + VMCS12_MAX_FIELD_INDEX << 1); |
2506 | + } |
2507 | + |
2508 | ++static int kvm_buf_set_msrs(X86CPU *cpu) |
2509 | ++{ |
2510 | ++ int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); |
2511 | ++ if (ret < 0) { |
2512 | ++ return ret; |
2513 | ++ } |
2514 | ++ |
2515 | ++ if (ret < cpu->kvm_msr_buf->nmsrs) { |
2516 | ++ struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; |
2517 | ++ error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, |
2518 | ++ (uint32_t)e->index, (uint64_t)e->data); |
2519 | ++ } |
2520 | ++ |
2521 | ++ assert(ret == cpu->kvm_msr_buf->nmsrs); |
2522 | ++ return 0; |
2523 | ++} |
2524 | ++ |
2525 | ++static void kvm_init_msrs(X86CPU *cpu) |
2526 | ++{ |
2527 | ++ CPUX86State *env = &cpu->env; |
2528 | ++ |
2529 | ++ kvm_msr_buf_reset(cpu); |
2530 | ++ if (has_msr_arch_capabs) { |
2531 | ++ kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, |
2532 | ++ env->features[FEAT_ARCH_CAPABILITIES]); |
2533 | ++ } |
2534 | ++ |
2535 | ++ if (has_msr_core_capabs) { |
2536 | ++ kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, |
2537 | ++ env->features[FEAT_CORE_CAPABILITY]); |
2538 | ++ } |
2539 | ++ |
2540 | ++ /* |
2541 | ++ * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but |
2542 | ++ * all kernels with MSR features should have them. |
2543 | ++ */ |
2544 | ++ if (kvm_feature_msrs && cpu_has_vmx(env)) { |
2545 | ++ kvm_msr_entry_add_vmx(cpu, env->features); |
2546 | ++ } |
2547 | ++ |
2548 | ++ assert(kvm_buf_set_msrs(cpu) == 0); |
2549 | ++} |
2550 | ++ |
2551 | + static int kvm_put_msrs(X86CPU *cpu, int level) |
2552 | + { |
2553 | + CPUX86State *env = &cpu->env; |
2554 | + int i; |
2555 | +- int ret; |
2556 | + |
2557 | + kvm_msr_buf_reset(cpu); |
2558 | + |
2559 | +@@ -2722,17 +2768,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) |
2560 | + } |
2561 | + #endif |
2562 | + |
2563 | +- /* If host supports feature MSR, write down. */ |
2564 | +- if (has_msr_arch_capabs) { |
2565 | +- kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, |
2566 | +- env->features[FEAT_ARCH_CAPABILITIES]); |
2567 | +- } |
2568 | +- |
2569 | +- if (has_msr_core_capabs) { |
2570 | +- kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, |
2571 | +- env->features[FEAT_CORE_CAPABILITY]); |
2572 | +- } |
2573 | +- |
2574 | + /* |
2575 | + * The following MSRs have side effects on the guest or are too heavy |
2576 | + * for normal writeback. Limit them to reset or full state updates. |
2577 | +@@ -2910,14 +2945,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) |
2578 | + |
2579 | + /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see |
2580 | + * kvm_put_msr_feature_control. */ |
2581 | +- |
2582 | +- /* |
2583 | +- * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but |
2584 | +- * all kernels with MSR features should have them. |
2585 | +- */ |
2586 | +- if (kvm_feature_msrs && cpu_has_vmx(env)) { |
2587 | +- kvm_msr_entry_add_vmx(cpu, env->features); |
2588 | +- } |
2589 | + } |
2590 | + |
2591 | + if (env->mcg_cap) { |
2592 | +@@ -2933,19 +2960,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level) |
2593 | + } |
2594 | + } |
2595 | + |
2596 | +- ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); |
2597 | +- if (ret < 0) { |
2598 | +- return ret; |
2599 | +- } |
2600 | +- |
2601 | +- if (ret < cpu->kvm_msr_buf->nmsrs) { |
2602 | +- struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; |
2603 | +- error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, |
2604 | +- (uint32_t)e->index, (uint64_t)e->data); |
2605 | +- } |
2606 | +- |
2607 | +- assert(ret == cpu->kvm_msr_buf->nmsrs); |
2608 | +- return 0; |
2609 | ++ return kvm_buf_set_msrs(cpu); |
2610 | + } |
2611 | + |
2612 | + |
2613 | +diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h |
2614 | +index 7d0242f5fb..00bde7acaf 100644 |
2615 | +--- a/target/i386/kvm_i386.h |
2616 | ++++ b/target/i386/kvm_i386.h |
2617 | +@@ -46,4 +46,5 @@ bool kvm_enable_x2apic(void); |
2618 | + bool kvm_has_x2apic_api(void); |
2619 | + |
2620 | + bool kvm_hv_vpindex_settable(void); |
2621 | ++ |
2622 | + #endif |
2623 | +-- |
2624 | +2.25.1 |
2625 | + |
2626 | diff --git a/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch b/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch |
2627 | new file mode 100644 |
2628 | index 0000000..5d0bbf2 |
2629 | --- /dev/null |
2630 | +++ b/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch |
2631 | @@ -0,0 +1,98 @@ |
2632 | +From fcc54ab5c7ca84ae72e8bf3781c33c9193a911aa Mon Sep 17 00:00:00 2001 |
2633 | +From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org> |
2634 | +Date: Tue, 25 Feb 2020 17:49:08 +0000 |
2635 | +Subject: [PATCH] tcg: save vaddr temp for plugin usage |
2636 | +MIME-Version: 1.0 |
2637 | +Content-Type: text/plain; charset=UTF-8 |
2638 | +Content-Transfer-Encoding: 8bit |
2639 | + |
2640 | +While do_gen_mem_cb does copy (via extu_tl_i64) vaddr into a new temp |
2641 | +this won't help if the vaddr temp gets clobbered by the actual |
2642 | +load/store op. To avoid this clobbering we explicitly copy vaddr |
2643 | +before the op to ensure it is live my the time we do the |
2644 | +instrumentation. |
2645 | + |
2646 | +Suggested-by: Richard Henderson <richard.henderson@linaro.org> |
2647 | +Signed-off-by: Alex Bennée <alex.bennee@linaro.org> |
2648 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
2649 | +Reviewed-by: Emilio G. Cota <cota@braap.org> |
2650 | +Cc: qemu-stable@nongnu.org |
2651 | +Message-Id: <20200225124710.14152-18-alex.bennee@linaro.org> |
2652 | + |
2653 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=fcc54ab5c7ca84ae72e8bf3781c33c9193a911aa |
2654 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2655 | +Last-Update: 2020-03-18 |
2656 | + |
2657 | +--- |
2658 | + tcg/tcg-op.c | 23 ++++++++++++++++++++--- |
2659 | + 1 file changed, 20 insertions(+), 3 deletions(-) |
2660 | + |
2661 | +diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c |
2662 | +index 7d782002e3..e2e25ebf7d 100644 |
2663 | +--- a/tcg/tcg-op.c |
2664 | ++++ b/tcg/tcg-op.c |
2665 | +@@ -2794,13 +2794,26 @@ static void tcg_gen_req_mo(TCGBar type) |
2666 | + } |
2667 | + } |
2668 | + |
2669 | ++static inline TCGv plugin_prep_mem_callbacks(TCGv vaddr) |
2670 | ++{ |
2671 | ++#ifdef CONFIG_PLUGIN |
2672 | ++ if (tcg_ctx->plugin_insn != NULL) { |
2673 | ++ /* Save a copy of the vaddr for use after a load. */ |
2674 | ++ TCGv temp = tcg_temp_new(); |
2675 | ++ tcg_gen_mov_tl(temp, vaddr); |
2676 | ++ return temp; |
2677 | ++ } |
2678 | ++#endif |
2679 | ++ return vaddr; |
2680 | ++} |
2681 | ++ |
2682 | + static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info) |
2683 | + { |
2684 | + #ifdef CONFIG_PLUGIN |
2685 | +- if (tcg_ctx->plugin_insn == NULL) { |
2686 | +- return; |
2687 | ++ if (tcg_ctx->plugin_insn != NULL) { |
2688 | ++ plugin_gen_empty_mem_callback(vaddr, info); |
2689 | ++ tcg_temp_free(vaddr); |
2690 | + } |
2691 | +- plugin_gen_empty_mem_callback(vaddr, info); |
2692 | + #endif |
2693 | + } |
2694 | + |
2695 | +@@ -2822,6 +2835,7 @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) |
2696 | + } |
2697 | + } |
2698 | + |
2699 | ++ addr = plugin_prep_mem_callbacks(addr); |
2700 | + gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx); |
2701 | + plugin_gen_mem_callbacks(addr, info); |
2702 | + |
2703 | +@@ -2868,6 +2882,7 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) |
2704 | + memop &= ~MO_BSWAP; |
2705 | + } |
2706 | + |
2707 | ++ addr = plugin_prep_mem_callbacks(addr); |
2708 | + gen_ldst_i32(INDEX_op_qemu_st_i32, val, addr, memop, idx); |
2709 | + plugin_gen_mem_callbacks(addr, info); |
2710 | + |
2711 | +@@ -2905,6 +2920,7 @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop) |
2712 | + } |
2713 | + } |
2714 | + |
2715 | ++ addr = plugin_prep_mem_callbacks(addr); |
2716 | + gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx); |
2717 | + plugin_gen_mem_callbacks(addr, info); |
2718 | + |
2719 | +@@ -2967,6 +2983,7 @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop) |
2720 | + memop &= ~MO_BSWAP; |
2721 | + } |
2722 | + |
2723 | ++ addr = plugin_prep_mem_callbacks(addr); |
2724 | + gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx); |
2725 | + plugin_gen_mem_callbacks(addr, info); |
2726 | + |
2727 | +-- |
2728 | +2.25.1 |
2729 | + |
2730 | diff --git a/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch b/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch |
2731 | new file mode 100644 |
2732 | index 0000000..209bd3e |
2733 | --- /dev/null |
2734 | +++ b/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch |
2735 | @@ -0,0 +1,47 @@ |
2736 | +From 71e415c8a75c130875f14d6b2136825789feb297 Mon Sep 17 00:00:00 2001 |
2737 | +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com> |
2738 | +Date: Fri, 3 Jan 2020 11:39:59 +0400 |
2739 | +Subject: [PATCH] tpm-ppi: page-align PPI RAM |
2740 | +MIME-Version: 1.0 |
2741 | +Content-Type: text/plain; charset=UTF-8 |
2742 | +Content-Transfer-Encoding: 8bit |
2743 | + |
2744 | +post-copy migration fails on destination with error such as: |
2745 | +2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range: |
2746 | +Unaligned start address: 0x559d2afae9a0 |
2747 | + |
2748 | +Use qemu_memalign() to constrain the PPI RAM memory alignment. |
2749 | + |
2750 | +Cc: qemu-stable@nongnu.org |
2751 | +Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> |
2752 | +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
2753 | +Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> |
2754 | +Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> |
2755 | +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> |
2756 | +Message-id: 20200103074000.1006389-3-marcandre.lureau@redhat.com |
2757 | + |
2758 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=71e415c8a75c130875f14d6b2136825789feb297 |
2759 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2760 | +Last-Update: 2020-03-18 |
2761 | + |
2762 | +--- |
2763 | + hw/tpm/tpm_ppi.c | 3 ++- |
2764 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
2765 | + |
2766 | +diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c |
2767 | +index ff314592b4..6d9c1a3e40 100644 |
2768 | +--- a/hw/tpm/tpm_ppi.c |
2769 | ++++ b/hw/tpm/tpm_ppi.c |
2770 | +@@ -43,7 +43,8 @@ void tpm_ppi_reset(TPMPPI *tpmppi) |
2771 | + void tpm_ppi_init(TPMPPI *tpmppi, struct MemoryRegion *m, |
2772 | + hwaddr addr, Object *obj) |
2773 | + { |
2774 | +- tpmppi->buf = g_malloc0(HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE)); |
2775 | ++ tpmppi->buf = qemu_memalign(qemu_real_host_page_size, |
2776 | ++ HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE)); |
2777 | + memory_region_init_ram_device_ptr(&tpmppi->ram, obj, "tpm-ppi", |
2778 | + TPM_PPI_ADDR_SIZE, tpmppi->buf); |
2779 | + vmstate_register_ram(&tpmppi->ram, DEVICE(obj)); |
2780 | +-- |
2781 | +2.25.1 |
2782 | + |
2783 | diff --git a/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch b/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch |
2784 | new file mode 100644 |
2785 | index 0000000..f52b1bd |
2786 | --- /dev/null |
2787 | +++ b/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch |
2788 | @@ -0,0 +1,50 @@ |
2789 | +From 0446f8121723b134ca1d1ed0b73e96d4a0a8689d Mon Sep 17 00:00:00 2001 |
2790 | +From: Peter Xu <peterx@redhat.com> |
2791 | +Date: Mon, 6 Jan 2020 13:34:45 -0700 |
2792 | +Subject: [PATCH] vfio/pci: Don't remove irqchip notifier if not registered |
2793 | + |
2794 | +The kvm irqchip notifier is only registered if the device supports |
2795 | +INTx, however it's unconditionally removed. If the assigned device |
2796 | +does not support INTx, this will cause QEMU to crash when unplugging |
2797 | +the device from the system. Change it to conditionally remove the |
2798 | +notifier only if the notify hook is setup. |
2799 | + |
2800 | +CC: Eduardo Habkost <ehabkost@redhat.com> |
2801 | +CC: David Gibson <david@gibson.dropbear.id.au> |
2802 | +CC: Alex Williamson <alex.williamson@redhat.com> |
2803 | +Cc: qemu-stable@nongnu.org # v4.2 |
2804 | +Reported-by: yanghliu@redhat.com |
2805 | +Debugged-by: Eduardo Habkost <ehabkost@redhat.com> |
2806 | +Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier") |
2807 | +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1782678 |
2808 | +Signed-off-by: Peter Xu <peterx@redhat.com> |
2809 | +Reviewed-by: David Gibson <david@gibson.dropbear.id.au> |
2810 | +Reviewed-by: Greg Kurz <groug@kaod.org> |
2811 | +Signed-off-by: Alex Williamson <alex.williamson@redhat.com> |
2812 | + |
2813 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0446f8121723b134ca1d1ed0b73e96d4a0a8689d |
2814 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2815 | +Last-Update: 2020-03-18 |
2816 | + |
2817 | +--- |
2818 | + hw/vfio/pci.c | 4 +++- |
2819 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
2820 | + |
2821 | +diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c |
2822 | +index 2d40b396f2..337a173ce7 100644 |
2823 | +--- a/hw/vfio/pci.c |
2824 | ++++ b/hw/vfio/pci.c |
2825 | +@@ -3076,7 +3076,9 @@ static void vfio_exitfn(PCIDevice *pdev) |
2826 | + vfio_unregister_req_notifier(vdev); |
2827 | + vfio_unregister_err_notifier(vdev); |
2828 | + pci_device_set_intx_routing_notifier(&vdev->pdev, NULL); |
2829 | +- kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier); |
2830 | ++ if (vdev->irqchip_change_notifier.notify) { |
2831 | ++ kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier); |
2832 | ++ } |
2833 | + vfio_disable_interrupts(vdev); |
2834 | + if (vdev->intx.mmap_timer) { |
2835 | + timer_free(vdev->intx.mmap_timer); |
2836 | +-- |
2837 | +2.25.1 |
2838 | + |
2839 | diff --git a/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch b/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch |
2840 | new file mode 100644 |
2841 | index 0000000..177cafe |
2842 | --- /dev/null |
2843 | +++ b/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch |
2844 | @@ -0,0 +1,331 @@ |
2845 | +From abdd16f4681cc4d6bf84990227b5c9b98e869ccd Mon Sep 17 00:00:00 2001 |
2846 | +From: Stefan Hajnoczi <stefanha@redhat.com> |
2847 | +Date: Fri, 7 Feb 2020 10:46:19 +0000 |
2848 | +Subject: [PATCH] virtio: gracefully handle invalid region caches |
2849 | + |
2850 | +The virtqueue code sets up MemoryRegionCaches to access the virtqueue |
2851 | +guest RAM data structures. The code currently assumes that |
2852 | +VRingMemoryRegionCaches is initialized before device emulation code |
2853 | +accesses the virtqueue. An assertion will fail in |
2854 | +vring_get_region_caches() when this is not true. Device fuzzing found a |
2855 | +case where this assumption is false (see below). |
2856 | + |
2857 | +Virtqueue guest RAM addresses can also be changed from a vCPU thread |
2858 | +while an IOThread is accessing the virtqueue. This breaks the same |
2859 | +assumption but this time the caches could become invalid partway through |
2860 | +the virtqueue code. The code fetches the caches RCU pointer multiple |
2861 | +times so we will need to validate the pointer every time it is fetched. |
2862 | + |
2863 | +Add checks each time we call vring_get_region_caches() and treat invalid |
2864 | +caches as a nop: memory stores are ignored and memory reads return 0. |
2865 | + |
2866 | +The fuzz test failure is as follows: |
2867 | + |
2868 | + $ qemu -M pc -device virtio-blk-pci,id=drv0,drive=drive0,addr=4.0 \ |
2869 | + -drive if=none,id=drive0,file=null-co://,format=raw,auto-read-only=off \ |
2870 | + -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw \ |
2871 | + -display none \ |
2872 | + -qtest stdio |
2873 | + endianness |
2874 | + outl 0xcf8 0x80002020 |
2875 | + outl 0xcfc 0xe0000000 |
2876 | + outl 0xcf8 0x80002004 |
2877 | + outw 0xcfc 0x7 |
2878 | + write 0xe0000000 0x24 0x00ffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffab5cffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffab0000000001 |
2879 | + inb 0x4 |
2880 | + writew 0xe000001c 0x1 |
2881 | + write 0xe0000014 0x1 0x0d |
2882 | + |
2883 | +The following error message is produced: |
2884 | + |
2885 | + qemu-system-x86_64: /home/stefanha/qemu/hw/virtio/virtio.c:286: vring_get_region_caches: Assertion `caches != NULL' failed. |
2886 | + |
2887 | +The backtrace looks like this: |
2888 | + |
2889 | + #0 0x00007ffff5520625 in raise () at /lib64/libc.so.6 |
2890 | + #1 0x00007ffff55098d9 in abort () at /lib64/libc.so.6 |
2891 | + #2 0x00007ffff55097a9 in _nl_load_domain.cold () at /lib64/libc.so.6 |
2892 | + #3 0x00007ffff5518a66 in annobin_assert.c_end () at /lib64/libc.so.6 |
2893 | + #4 0x00005555559073da in vring_get_region_caches (vq=<optimized out>) at qemu/hw/virtio/virtio.c:286 |
2894 | + #5 vring_get_region_caches (vq=<optimized out>) at qemu/hw/virtio/virtio.c:283 |
2895 | + #6 0x000055555590818d in vring_used_flags_set_bit (mask=1, vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:398 |
2896 | + #7 virtio_queue_split_set_notification (enable=0, vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:398 |
2897 | + #8 virtio_queue_set_notification (vq=vq@entry=0x5555575ceea0, enable=enable@entry=0) at qemu/hw/virtio/virtio.c:451 |
2898 | + #9 0x0000555555908512 in virtio_queue_set_notification (vq=vq@entry=0x5555575ceea0, enable=enable@entry=0) at qemu/hw/virtio/virtio.c:444 |
2899 | + #10 0x00005555558c697a in virtio_blk_handle_vq (s=0x5555575c57e0, vq=0x5555575ceea0) at qemu/hw/block/virtio-blk.c:775 |
2900 | + #11 0x0000555555907836 in virtio_queue_notify_aio_vq (vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:2244 |
2901 | + #12 0x0000555555cb5dd7 in aio_dispatch_handlers (ctx=ctx@entry=0x55555671a420) at util/aio-posix.c:429 |
2902 | + #13 0x0000555555cb67a8 in aio_dispatch (ctx=0x55555671a420) at util/aio-posix.c:460 |
2903 | + #14 0x0000555555cb307e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:260 |
2904 | + #15 0x00007ffff7bbc510 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 |
2905 | + #16 0x0000555555cb5848 in glib_pollfds_poll () at util/main-loop.c:219 |
2906 | + #17 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:242 |
2907 | + #18 main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:518 |
2908 | + #19 0x00005555559b20c9 in main_loop () at vl.c:1683 |
2909 | + #20 0x0000555555838115 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4441 |
2910 | + |
2911 | +Reported-by: Alexander Bulekov <alxndr@bu.edu> |
2912 | +Cc: Michael Tsirkin <mst@redhat.com> |
2913 | +Cc: Cornelia Huck <cohuck@redhat.com> |
2914 | +Cc: Paolo Bonzini <pbonzini@redhat.com> |
2915 | +Cc: qemu-stable@nongnu.org |
2916 | +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
2917 | +Message-Id: <20200207104619.164892-1-stefanha@redhat.com> |
2918 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
2919 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
2920 | + |
2921 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=abdd16f4681cc4d6bf84990227b5c9b98e869ccd |
2922 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2923 | +Last-Update: 2020-03-18 |
2924 | + |
2925 | +--- |
2926 | + hw/virtio/virtio.c | 99 ++++++++++++++++++++++++++++++++++++++++++---- |
2927 | + 1 file changed, 91 insertions(+), 8 deletions(-) |
2928 | + |
2929 | +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c |
2930 | +index 2c5410e981..00d444699d 100644 |
2931 | +--- a/hw/virtio/virtio.c |
2932 | ++++ b/hw/virtio/virtio.c |
2933 | +@@ -282,15 +282,19 @@ static void vring_packed_flags_write(VirtIODevice *vdev, |
2934 | + /* Called within rcu_read_lock(). */ |
2935 | + static VRingMemoryRegionCaches *vring_get_region_caches(struct VirtQueue *vq) |
2936 | + { |
2937 | +- VRingMemoryRegionCaches *caches = atomic_rcu_read(&vq->vring.caches); |
2938 | +- assert(caches != NULL); |
2939 | +- return caches; |
2940 | ++ return atomic_rcu_read(&vq->vring.caches); |
2941 | + } |
2942 | ++ |
2943 | + /* Called within rcu_read_lock(). */ |
2944 | + static inline uint16_t vring_avail_flags(VirtQueue *vq) |
2945 | + { |
2946 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
2947 | + hwaddr pa = offsetof(VRingAvail, flags); |
2948 | ++ |
2949 | ++ if (!caches) { |
2950 | ++ return 0; |
2951 | ++ } |
2952 | ++ |
2953 | + return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa); |
2954 | + } |
2955 | + |
2956 | +@@ -299,6 +303,11 @@ static inline uint16_t vring_avail_idx(VirtQueue *vq) |
2957 | + { |
2958 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
2959 | + hwaddr pa = offsetof(VRingAvail, idx); |
2960 | ++ |
2961 | ++ if (!caches) { |
2962 | ++ return 0; |
2963 | ++ } |
2964 | ++ |
2965 | + vq->shadow_avail_idx = virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa); |
2966 | + return vq->shadow_avail_idx; |
2967 | + } |
2968 | +@@ -308,6 +317,11 @@ static inline uint16_t vring_avail_ring(VirtQueue *vq, int i) |
2969 | + { |
2970 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
2971 | + hwaddr pa = offsetof(VRingAvail, ring[i]); |
2972 | ++ |
2973 | ++ if (!caches) { |
2974 | ++ return 0; |
2975 | ++ } |
2976 | ++ |
2977 | + return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa); |
2978 | + } |
2979 | + |
2980 | +@@ -323,6 +337,11 @@ static inline void vring_used_write(VirtQueue *vq, VRingUsedElem *uelem, |
2981 | + { |
2982 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
2983 | + hwaddr pa = offsetof(VRingUsed, ring[i]); |
2984 | ++ |
2985 | ++ if (!caches) { |
2986 | ++ return; |
2987 | ++ } |
2988 | ++ |
2989 | + virtio_tswap32s(vq->vdev, &uelem->id); |
2990 | + virtio_tswap32s(vq->vdev, &uelem->len); |
2991 | + address_space_write_cached(&caches->used, pa, uelem, sizeof(VRingUsedElem)); |
2992 | +@@ -334,6 +353,11 @@ static uint16_t vring_used_idx(VirtQueue *vq) |
2993 | + { |
2994 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
2995 | + hwaddr pa = offsetof(VRingUsed, idx); |
2996 | ++ |
2997 | ++ if (!caches) { |
2998 | ++ return 0; |
2999 | ++ } |
3000 | ++ |
3001 | + return virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3002 | + } |
3003 | + |
3004 | +@@ -342,8 +366,12 @@ static inline void vring_used_idx_set(VirtQueue *vq, uint16_t val) |
3005 | + { |
3006 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3007 | + hwaddr pa = offsetof(VRingUsed, idx); |
3008 | +- virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val); |
3009 | +- address_space_cache_invalidate(&caches->used, pa, sizeof(val)); |
3010 | ++ |
3011 | ++ if (caches) { |
3012 | ++ virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val); |
3013 | ++ address_space_cache_invalidate(&caches->used, pa, sizeof(val)); |
3014 | ++ } |
3015 | ++ |
3016 | + vq->used_idx = val; |
3017 | + } |
3018 | + |
3019 | +@@ -353,8 +381,13 @@ static inline void vring_used_flags_set_bit(VirtQueue *vq, int mask) |
3020 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3021 | + VirtIODevice *vdev = vq->vdev; |
3022 | + hwaddr pa = offsetof(VRingUsed, flags); |
3023 | +- uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3024 | ++ uint16_t flags; |
3025 | + |
3026 | ++ if (!caches) { |
3027 | ++ return; |
3028 | ++ } |
3029 | ++ |
3030 | ++ flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3031 | + virtio_stw_phys_cached(vdev, &caches->used, pa, flags | mask); |
3032 | + address_space_cache_invalidate(&caches->used, pa, sizeof(flags)); |
3033 | + } |
3034 | +@@ -365,8 +398,13 @@ static inline void vring_used_flags_unset_bit(VirtQueue *vq, int mask) |
3035 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3036 | + VirtIODevice *vdev = vq->vdev; |
3037 | + hwaddr pa = offsetof(VRingUsed, flags); |
3038 | +- uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3039 | ++ uint16_t flags; |
3040 | + |
3041 | ++ if (!caches) { |
3042 | ++ return; |
3043 | ++ } |
3044 | ++ |
3045 | ++ flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3046 | + virtio_stw_phys_cached(vdev, &caches->used, pa, flags & ~mask); |
3047 | + address_space_cache_invalidate(&caches->used, pa, sizeof(flags)); |
3048 | + } |
3049 | +@@ -381,6 +419,10 @@ static inline void vring_set_avail_event(VirtQueue *vq, uint16_t val) |
3050 | + } |
3051 | + |
3052 | + caches = vring_get_region_caches(vq); |
3053 | ++ if (!caches) { |
3054 | ++ return; |
3055 | ++ } |
3056 | ++ |
3057 | + pa = offsetof(VRingUsed, ring[vq->vring.num]); |
3058 | + virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val); |
3059 | + address_space_cache_invalidate(&caches->used, pa, sizeof(val)); |
3060 | +@@ -410,7 +452,11 @@ static void virtio_queue_packed_set_notification(VirtQueue *vq, int enable) |
3061 | + VRingMemoryRegionCaches *caches; |
3062 | + |
3063 | + RCU_READ_LOCK_GUARD(); |
3064 | +- caches = vring_get_region_caches(vq); |
3065 | ++ caches = vring_get_region_caches(vq); |
3066 | ++ if (!caches) { |
3067 | ++ return; |
3068 | ++ } |
3069 | ++ |
3070 | + vring_packed_event_read(vq->vdev, &caches->used, &e); |
3071 | + |
3072 | + if (!enable) { |
3073 | +@@ -597,6 +643,10 @@ static int virtio_queue_packed_empty_rcu(VirtQueue *vq) |
3074 | + } |
3075 | + |
3076 | + cache = vring_get_region_caches(vq); |
3077 | ++ if (!cache) { |
3078 | ++ return 1; |
3079 | ++ } |
3080 | ++ |
3081 | + vring_packed_desc_read_flags(vq->vdev, &desc.flags, &cache->desc, |
3082 | + vq->last_avail_idx); |
3083 | + |
3084 | +@@ -777,6 +827,10 @@ static void virtqueue_packed_fill_desc(VirtQueue *vq, |
3085 | + } |
3086 | + |
3087 | + caches = vring_get_region_caches(vq); |
3088 | ++ if (!caches) { |
3089 | ++ return; |
3090 | ++ } |
3091 | ++ |
3092 | + vring_packed_desc_write(vq->vdev, &desc, &caches->desc, head, strict_order); |
3093 | + } |
3094 | + |
3095 | +@@ -949,6 +1003,10 @@ static void virtqueue_split_get_avail_bytes(VirtQueue *vq, |
3096 | + |
3097 | + max = vq->vring.num; |
3098 | + caches = vring_get_region_caches(vq); |
3099 | ++ if (!caches) { |
3100 | ++ goto err; |
3101 | ++ } |
3102 | ++ |
3103 | + while ((rc = virtqueue_num_heads(vq, idx)) > 0) { |
3104 | + MemoryRegionCache *desc_cache = &caches->desc; |
3105 | + unsigned int num_bufs; |
3106 | +@@ -1089,6 +1147,9 @@ static void virtqueue_packed_get_avail_bytes(VirtQueue *vq, |
3107 | + |
3108 | + max = vq->vring.num; |
3109 | + caches = vring_get_region_caches(vq); |
3110 | ++ if (!caches) { |
3111 | ++ goto err; |
3112 | ++ } |
3113 | + |
3114 | + for (;;) { |
3115 | + unsigned int num_bufs = total_bufs; |
3116 | +@@ -1194,6 +1255,10 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, |
3117 | + } |
3118 | + |
3119 | + caches = vring_get_region_caches(vq); |
3120 | ++ if (!caches) { |
3121 | ++ goto err; |
3122 | ++ } |
3123 | ++ |
3124 | + desc_size = virtio_vdev_has_feature(vq->vdev, VIRTIO_F_RING_PACKED) ? |
3125 | + sizeof(VRingPackedDesc) : sizeof(VRingDesc); |
3126 | + if (caches->desc.len < vq->vring.num * desc_size) { |
3127 | +@@ -1387,6 +1452,11 @@ static void *virtqueue_split_pop(VirtQueue *vq, size_t sz) |
3128 | + i = head; |
3129 | + |
3130 | + caches = vring_get_region_caches(vq); |
3131 | ++ if (!caches) { |
3132 | ++ virtio_error(vdev, "Region caches not initialized"); |
3133 | ++ goto done; |
3134 | ++ } |
3135 | ++ |
3136 | + if (caches->desc.len < max * sizeof(VRingDesc)) { |
3137 | + virtio_error(vdev, "Cannot map descriptor ring"); |
3138 | + goto done; |
3139 | +@@ -1509,6 +1579,11 @@ static void *virtqueue_packed_pop(VirtQueue *vq, size_t sz) |
3140 | + i = vq->last_avail_idx; |
3141 | + |
3142 | + caches = vring_get_region_caches(vq); |
3143 | ++ if (!caches) { |
3144 | ++ virtio_error(vdev, "Region caches not initialized"); |
3145 | ++ goto done; |
3146 | ++ } |
3147 | ++ |
3148 | + if (caches->desc.len < max * sizeof(VRingDesc)) { |
3149 | + virtio_error(vdev, "Cannot map descriptor ring"); |
3150 | + goto done; |
3151 | +@@ -1628,6 +1703,10 @@ static unsigned int virtqueue_packed_drop_all(VirtQueue *vq) |
3152 | + VRingPackedDesc desc; |
3153 | + |
3154 | + caches = vring_get_region_caches(vq); |
3155 | ++ if (!caches) { |
3156 | ++ return 0; |
3157 | ++ } |
3158 | ++ |
3159 | + desc_cache = &caches->desc; |
3160 | + |
3161 | + virtio_queue_set_notification(vq, 0); |
3162 | +@@ -2412,6 +2491,10 @@ static bool virtio_packed_should_notify(VirtIODevice *vdev, VirtQueue *vq) |
3163 | + VRingMemoryRegionCaches *caches; |
3164 | + |
3165 | + caches = vring_get_region_caches(vq); |
3166 | ++ if (!caches) { |
3167 | ++ return false; |
3168 | ++ } |
3169 | ++ |
3170 | + vring_packed_event_read(vdev, &caches->avail, &e); |
3171 | + |
3172 | + old = vq->signalled_used; |
3173 | +-- |
3174 | +2.25.1 |
3175 | + |
3176 | diff --git a/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch b/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch |
3177 | new file mode 100644 |
3178 | index 0000000..d18b0ee |
3179 | --- /dev/null |
3180 | +++ b/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch |
3181 | @@ -0,0 +1,40 @@ |
3182 | +From 1049f4c62c4070618cc5defc9963c6a17ae7a5ae Mon Sep 17 00:00:00 2001 |
3183 | +From: Denis Plotnikov <dplotnikov@virtuozzo.com> |
3184 | +Date: Tue, 24 Dec 2019 11:14:46 +0300 |
3185 | +Subject: [PATCH] virtio-mmio: update queue size on guest write |
3186 | + |
3187 | +Some guests read back queue size after writing it. |
3188 | +Always update the on size write otherwise they might be confused. |
3189 | + |
3190 | +Cc: qemu-stable@nongnu.org |
3191 | +Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com> |
3192 | +Message-Id: <20191224081446.17003-1-dplotnikov@virtuozzo.com> |
3193 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
3194 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3195 | + |
3196 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=1049f4c62c4070618cc5defc9963c6a17ae7a5ae |
3197 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
3198 | +Last-Update: 2020-03-18 |
3199 | + |
3200 | +--- |
3201 | + hw/virtio/virtio-mmio.c | 3 ++- |
3202 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
3203 | + |
3204 | +diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c |
3205 | +index ef40b7a9b2..872f2cd237 100644 |
3206 | +--- a/hw/virtio/virtio-mmio.c |
3207 | ++++ b/hw/virtio/virtio-mmio.c |
3208 | +@@ -308,8 +308,9 @@ static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value, |
3209 | + break; |
3210 | + case VIRTIO_MMIO_QUEUE_NUM: |
3211 | + trace_virtio_mmio_queue_write(value, VIRTQUEUE_MAX_SIZE); |
3212 | ++ virtio_queue_set_num(vdev, vdev->queue_sel, value); |
3213 | ++ |
3214 | + if (proxy->legacy) { |
3215 | +- virtio_queue_set_num(vdev, vdev->queue_sel, value); |
3216 | + virtio_queue_update_rings(vdev, vdev->queue_sel); |
3217 | + } else { |
3218 | + proxy->vqs[vdev->queue_sel].num = value; |
3219 | +-- |
3220 | +2.25.1 |
3221 | + |
3222 | diff --git a/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch b/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch |
3223 | new file mode 100644 |
3224 | index 0000000..1db89ff |
3225 | --- /dev/null |
3226 | +++ b/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch |
3227 | @@ -0,0 +1,41 @@ |
3228 | +From d945d9f1731244ef341f74ede93120fc9de35913 Mon Sep 17 00:00:00 2001 |
3229 | +From: Yuri Benditovich <yuri.benditovich@daynix.com> |
3230 | +Date: Thu, 26 Dec 2019 06:36:49 +0200 |
3231 | +Subject: [PATCH] virtio-net: delete also control queue when TX/RX deleted |
3232 | + |
3233 | +https://bugzilla.redhat.com/show_bug.cgi?id=1708480 |
3234 | +If the control queue is not deleted together with TX/RX, it |
3235 | +later will be ignored in freeing cache resources and hot |
3236 | +unplug will not be completed. |
3237 | + |
3238 | +Cc: qemu-stable@nongnu.org |
3239 | +Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com> |
3240 | +Message-Id: <20191226043649.14481-3-yuri.benditovich@daynix.com> |
3241 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
3242 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3243 | + |
3244 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d945d9f1731244ef341f74ede93120fc9de35913 |
3245 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
3246 | +Last-Update: 2020-03-18 |
3247 | + |
3248 | +--- |
3249 | + hw/net/virtio-net.c | 3 ++- |
3250 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
3251 | + |
3252 | +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c |
3253 | +index db3d7c38e6..f325440d01 100644 |
3254 | +--- a/hw/net/virtio-net.c |
3255 | ++++ b/hw/net/virtio-net.c |
3256 | +@@ -3101,7 +3101,8 @@ static void virtio_net_device_unrealize(DeviceState *dev, Error **errp) |
3257 | + for (i = 0; i < max_queues; i++) { |
3258 | + virtio_net_del_queue(n, i); |
3259 | + } |
3260 | +- |
3261 | ++ /* delete also control vq */ |
3262 | ++ virtio_del_queue(vdev, max_queues * 2); |
3263 | + qemu_announce_timer_del(&n->announce_timer, false); |
3264 | + g_free(n->vqs); |
3265 | + qemu_del_nic(n->nic); |
3266 | +-- |
3267 | +2.25.1 |
3268 | + |
3269 | diff --git a/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch b/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch |
3270 | new file mode 100644 |
3271 | index 0000000..da81c2c |
3272 | --- /dev/null |
3273 | +++ b/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch |
3274 | @@ -0,0 +1,40 @@ |
3275 | +From d0c5f643383b9e84316f148affff368ac33d75b9 Mon Sep 17 00:00:00 2001 |
3276 | +From: "Michael S. Tsirkin" <mst@redhat.com> |
3277 | +Date: Fri, 13 Dec 2019 09:22:48 -0500 |
3278 | +Subject: [PATCH] virtio: update queue size on guest write |
3279 | + |
3280 | +Some guests read back queue size after writing it. |
3281 | +Update the size immediatly upon write otherwise |
3282 | +they get confused. |
3283 | + |
3284 | +In particular this is the case for seabios. |
3285 | + |
3286 | +Reported-by: Roman Kagan <rkagan@virtuozzo.com> |
3287 | +Suggested-by: Denis Plotnikov <dplotnikov@virtuozzo.com> |
3288 | +Cc: qemu-stable@nongnu.org |
3289 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3290 | + |
3291 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d0c5f643383b9e84316f148affff368ac33d75b9 |
3292 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
3293 | +Last-Update: 2020-03-18 |
3294 | + |
3295 | +--- |
3296 | + hw/virtio/virtio-pci.c | 2 ++ |
3297 | + 1 file changed, 2 insertions(+) |
3298 | + |
3299 | +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c |
3300 | +index c6b47a9c73..e5c759e19e 100644 |
3301 | +--- a/hw/virtio/virtio-pci.c |
3302 | ++++ b/hw/virtio/virtio-pci.c |
3303 | +@@ -1256,6 +1256,8 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr, |
3304 | + break; |
3305 | + case VIRTIO_PCI_COMMON_Q_SIZE: |
3306 | + proxy->vqs[vdev->queue_sel].num = val; |
3307 | ++ virtio_queue_set_num(vdev, vdev->queue_sel, |
3308 | ++ proxy->vqs[vdev->queue_sel].num); |
3309 | + break; |
3310 | + case VIRTIO_PCI_COMMON_Q_MSIX: |
3311 | + msix_vector_unuse(&proxy->pci_dev, |
3312 | +-- |
3313 | +2.25.1 |
3314 | + |
3315 | diff --git a/debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch b/debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch |
3316 | new file mode 100644 |
3317 | index 0000000..056f2e0 |
3318 | --- /dev/null |
3319 | +++ b/debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch |
3320 | @@ -0,0 +1,125 @@ |
3321 | +From ab7e28b0905b1e2daeb5d582cf0f0ce33ea47317 Mon Sep 17 00:00:00 2001 |
3322 | +From: Christian Ehrhardt <christian.ehrhardt@canonical.com> |
3323 | +Date: Mon, 2 Mar 2020 15:12:53 +0100 |
3324 | +Subject: [PATCH] modules: load modules from versioned /var/run dir |
3325 | + |
3326 | +On upgrades the old .so files usually are replaced. But on the other |
3327 | +hand since a qemu process represents a guest instance it is usually kept |
3328 | +around. |
3329 | + |
3330 | +That makes late addition of dynamic features e.g. 'hot-attach of a ceph |
3331 | +disk' fail by trying to load a new version of e.f. block-rbd.so into an |
3332 | +old still running qemu binary. |
3333 | + |
3334 | +This adds a fallback to also load modules from a versioned directory in the |
3335 | +temporary /var/run path. That way qemu is providing a way for packaging |
3336 | +to store modules of an upgraded qemu package as needed until the next reboot. |
3337 | + |
3338 | +Fixes: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1847361 |
3339 | +Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> |
3340 | + |
3341 | +Forwarded: yes, https://lists.nongnu.org/archive/html/qemu-devel/2020-03/msg01593.html |
3342 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1847361 |
3343 | +Last-Update: 2020-03-02 |
3344 | + |
3345 | +--- |
3346 | + configure | 15 +++++++++++++++ |
3347 | + util/module.c | 14 ++++++++++++++ |
3348 | + 2 files changed, 29 insertions(+) |
3349 | + |
3350 | +--- a/configure |
3351 | ++++ b/configure |
3352 | +@@ -404,6 +404,7 @@ EXESUF="" |
3353 | + DSOSUF=".so" |
3354 | + LDFLAGS_SHARED="-shared" |
3355 | + modules="no" |
3356 | ++module_upgrades="no" |
3357 | + prefix="/usr/local" |
3358 | + mandir="\${prefix}/share/man" |
3359 | + datadir="\${prefix}/share" |
3360 | +@@ -995,6 +996,10 @@ for opt do |
3361 | + --disable-modules) |
3362 | + modules="no" |
3363 | + ;; |
3364 | ++ --disable-module-upgrades) module_upgrades="no" |
3365 | ++ ;; |
3366 | ++ --enable-module-upgrades) module_upgrades="yes" |
3367 | ++ ;; |
3368 | + --cpu=*) |
3369 | + ;; |
3370 | + --target-list=*) target_list="$optarg" |
3371 | +@@ -1735,6 +1740,7 @@ disabled with --disable-FEATURE, default |
3372 | + guest-agent-msi build guest agent Windows MSI installation package |
3373 | + pie Position Independent Executables |
3374 | + modules modules support (non-Windows) |
3375 | ++ module-upgrades try to load modules from alternate paths for upgrades |
3376 | + debug-tcg TCG debugging (default is disabled) |
3377 | + debug-info debugging information |
3378 | + sparse sparse checker |
3379 | +@@ -1995,6 +2001,11 @@ if test "$modules" = "yes" && test "$min |
3380 | + error_exit "Modules are not available for Windows" |
3381 | + fi |
3382 | + |
3383 | ++# module_upgrades is only reasonable if modules are enabled |
3384 | ++if test "$modules" = "no" && test "$module_upgrades" = "yes" ; then |
3385 | ++ error_exit "Can't enable module-upgrades as Modules are not enabled" |
3386 | ++fi |
3387 | ++ |
3388 | + # Static linking is not possible with modules or PIE |
3389 | + if test "$static" = "yes" ; then |
3390 | + if test "$modules" = "yes" ; then |
3391 | +@@ -6457,6 +6468,7 @@ if test "$slirp" != "no" ; then |
3392 | + echo "smbd $smbd" |
3393 | + fi |
3394 | + echo "module support $modules" |
3395 | ++echo "alt path mod load $module_upgrades" |
3396 | + echo "host CPU $cpu" |
3397 | + echo "host big endian $bigendian" |
3398 | + echo "target list $target_list" |
3399 | +@@ -6814,6 +6826,9 @@ if test "$modules" = "yes"; then |
3400 | + echo "CONFIG_STAMP=_$( (echo $qemu_version; echo $pkgversion; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak |
3401 | + echo "CONFIG_MODULES=y" >> $config_host_mak |
3402 | + fi |
3403 | ++if test "$module_upgrades" = "yes"; then |
3404 | ++ echo "CONFIG_MODULE_UPGRADES=y" >> $config_host_mak |
3405 | ++fi |
3406 | + if test "$have_x11" = "yes" && test "$need_x11" = "yes"; then |
3407 | + echo "CONFIG_X11=y" >> $config_host_mak |
3408 | + echo "X11_CFLAGS=$x11_cflags" >> $config_host_mak |
3409 | +--- a/util/module.c |
3410 | ++++ b/util/module.c |
3411 | +@@ -19,6 +19,9 @@ |
3412 | + #endif |
3413 | + #include "qemu/queue.h" |
3414 | + #include "qemu/module.h" |
3415 | ++#ifdef CONFIG_MODULE_UPGRADES |
3416 | ++#include "qemu-version.h" |
3417 | ++#endif |
3418 | + |
3419 | + typedef struct ModuleEntry |
3420 | + { |
3421 | +@@ -163,6 +166,9 @@ bool module_load_one(const char *prefix, |
3422 | + #ifdef CONFIG_MODULES |
3423 | + char *fname = NULL; |
3424 | + char *exec_dir; |
3425 | ++#ifdef CONFIG_MODULE_UPGRADES |
3426 | ++ char *version_dir; |
3427 | ++#endif |
3428 | + const char *search_dir; |
3429 | + char *dirs[4]; |
3430 | + char *module_name; |
3431 | +@@ -194,6 +200,14 @@ bool module_load_one(const char *prefix, |
3432 | + dirs[n_dirs++] = g_strdup_printf("%s", CONFIG_QEMU_MODDIR); |
3433 | + dirs[n_dirs++] = g_strdup_printf("%s/..", exec_dir ? : ""); |
3434 | + dirs[n_dirs++] = g_strdup_printf("%s", exec_dir ? : ""); |
3435 | ++ |
3436 | ++#ifdef CONFIG_MODULE_UPGRADES |
3437 | ++ version_dir = g_strcanon(g_strdup(QEMU_PKGVERSION), |
3438 | ++ G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS "+-.~", |
3439 | ++ '_'); |
3440 | ++ dirs[n_dirs++] = g_strdup_printf("/var/run/qemu/%s", version_dir); |
3441 | ++#endif |
3442 | ++ |
3443 | + assert(n_dirs <= ARRAY_SIZE(dirs)); |
3444 | + |
3445 | + g_free(exec_dir); |
3446 | diff --git a/debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch b/debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch |
3447 | new file mode 100644 |
3448 | index 0000000..6ef5d49 |
3449 | --- /dev/null |
3450 | +++ b/debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch |
3451 | @@ -0,0 +1,61 @@ |
3452 | +From f7ef7e6e3ba6e994e070cc609eb154339d1c4a11 Mon Sep 17 00:00:00 2001 |
3453 | +From: Jason Wang <jasowang@redhat.com> |
3454 | +Date: Mon, 2 Mar 2020 12:24:54 +0800 |
3455 | +Subject: [PATCH] vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM |
3456 | + |
3457 | +We turn on device IOTLB via VIRTIO_F_IOMMU_PLATFORM unconditionally on |
3458 | +platform without IOMMU support. This can lead unnecessary IOTLB |
3459 | +transactions which will damage the performance. |
3460 | + |
3461 | +Fixing this by check whether the device is backed by IOMMU and disable |
3462 | +device IOTLB. |
3463 | + |
3464 | +Reported-by: Halil Pasic <pasic@linux.ibm.com> |
3465 | +Tested-by: Halil Pasic <pasic@linux.ibm.com> |
3466 | +Reviewed-by: Halil Pasic <pasic@linux.ibm.com> |
3467 | +Signed-off-by: Jason Wang <jasowang@redhat.com> |
3468 | +Message-Id: <20200302042454.24814-1-jasowang@redhat.com> |
3469 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
3470 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3471 | + |
3472 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=f7ef7e6e3ba6e994e070cc609eb154339d1c4a11 |
3473 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1847361 |
3474 | +Last-Update: 2020-03-13 |
3475 | + |
3476 | +--- |
3477 | + hw/virtio/vhost.c | 12 +++++++++++- |
3478 | + 1 file changed, 11 insertions(+), 1 deletion(-) |
3479 | + |
3480 | +diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c |
3481 | +index 0d226dae10..01ebe12f28 100644 |
3482 | +--- a/hw/virtio/vhost.c |
3483 | ++++ b/hw/virtio/vhost.c |
3484 | +@@ -290,7 +290,14 @@ static int vhost_dev_has_iommu(struct vhost_dev *dev) |
3485 | + { |
3486 | + VirtIODevice *vdev = dev->vdev; |
3487 | + |
3488 | +- return virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM); |
3489 | ++ /* |
3490 | ++ * For vhost, VIRTIO_F_IOMMU_PLATFORM means the backend support |
3491 | ++ * incremental memory mapping API via IOTLB API. For platform that |
3492 | ++ * does not have IOMMU, there's no need to enable this feature |
3493 | ++ * which may cause unnecessary IOTLB miss/update trnasactions. |
3494 | ++ */ |
3495 | ++ return vdev->dma_as != &address_space_memory && |
3496 | ++ virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM); |
3497 | + } |
3498 | + |
3499 | + static void *vhost_memory_map(struct vhost_dev *dev, hwaddr addr, |
3500 | +@@ -765,6 +772,9 @@ static int vhost_dev_set_features(struct vhost_dev *dev, |
3501 | + if (enable_log) { |
3502 | + features |= 0x1ULL << VHOST_F_LOG_ALL; |
3503 | + } |
3504 | ++ if (!vhost_dev_has_iommu(dev)) { |
3505 | ++ features &= ~(0x1ULL << VIRTIO_F_IOMMU_PLATFORM); |
3506 | ++ } |
3507 | + r = dev->vhost_ops->vhost_set_features(dev, features); |
3508 | + if (r < 0) { |
3509 | + VHOST_OPS_DEBUG("vhost_set_features failed"); |
3510 | +-- |
3511 | +2.25.1 |
3512 | + |
3513 | diff --git a/debian/qemu-block-extra.postrm.in b/debian/qemu-block-extra.postrm.in |
3514 | new file mode 100644 |
3515 | index 0000000..ef2126a |
3516 | --- /dev/null |
3517 | +++ b/debian/qemu-block-extra.postrm.in |
3518 | @@ -0,0 +1,43 @@ |
3519 | +#!/bin/sh |
3520 | +# postrm script for brrr |
3521 | +# |
3522 | +# see: dh_installdeb(1) |
3523 | + |
3524 | +set -e |
3525 | + |
3526 | +# summary of how this script can be called: |
3527 | +# * <postrm> `remove' |
3528 | +# * <postrm> `purge' |
3529 | +# * <old-postrm> `upgrade' <new-version> |
3530 | +# * <new-postrm> `failed-upgrade' <old-version> |
3531 | +# * <new-postrm> `abort-install' |
3532 | +# * <new-postrm> `abort-install' <old-version> |
3533 | +# * <new-postrm> `abort-upgrade' <old-version> |
3534 | +# * <disappearer's-postrm> `disappear' <overwriter> |
3535 | +# <overwriter-version> |
3536 | +# for details, see https://www.debian.org/doc/debian-policy/ or |
3537 | +# the debian-policy package |
3538 | + |
3539 | + |
3540 | +case "$1" in |
3541 | + purge|remove) |
3542 | + # remove .so files for still running qemu instances in /var/run |
3543 | + # for details see bug LP: #1847361 |
3544 | + rm -f /var/run/qemu/@PKGVERSION@/block-*.so |
3545 | + ;; |
3546 | + |
3547 | + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) |
3548 | + ;; |
3549 | + |
3550 | + *) |
3551 | + echo "postrm called with unknown argument \`$1'" >&2 |
3552 | + exit 1 |
3553 | + ;; |
3554 | +esac |
3555 | + |
3556 | +# dh_installdeb will replace this with shell code automatically |
3557 | +# generated by other debhelper scripts. |
3558 | + |
3559 | +#DEBHELPER# |
3560 | + |
3561 | +exit 0 |
3562 | diff --git a/debian/qemu-block-extra.prerm.in b/debian/qemu-block-extra.prerm.in |
3563 | new file mode 100644 |
3564 | index 0000000..dee25a8 |
3565 | --- /dev/null |
3566 | +++ b/debian/qemu-block-extra.prerm.in |
3567 | @@ -0,0 +1,45 @@ |
3568 | +#!/bin/sh |
3569 | +# prerm script for qemu-block-extra |
3570 | +# |
3571 | +# see: dh_installdeb(1) |
3572 | + |
3573 | +set -e |
3574 | + |
3575 | +# summary of how this script can be called: |
3576 | +# * <prerm> `remove' |
3577 | +# * <old-prerm> `upgrade' <new-version> |
3578 | +# * <new-prerm> `failed-upgrade' <old-version> |
3579 | +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> |
3580 | +# * <deconfigured's-prerm> `deconfigure' `in-favour' |
3581 | +# <package-being-installed> <version> `removing' |
3582 | +# <conflicting-package> <version> |
3583 | +# for details, see https://www.debian.org/doc/debian-policy/ or |
3584 | +# the debian-policy package |
3585 | + |
3586 | + |
3587 | +case "$1" in |
3588 | + remove) |
3589 | + ;; |
3590 | + |
3591 | + upgrade|deconfigure) |
3592 | + # retain .so files for still running qemu instances in /var/run |
3593 | + # for details see bug LP: #1847361 |
3594 | + mkdir -p /var/run/qemu/@PKGVERSION@ |
3595 | + cp /usr/lib/@ARCH@/qemu/block-*.so /var/run/qemu/@PKGVERSION@/ |
3596 | + ;; |
3597 | + |
3598 | + failed-upgrade) |
3599 | + ;; |
3600 | + |
3601 | + *) |
3602 | + echo "prerm called with unknown argument \`$1'" >&2 |
3603 | + exit 1 |
3604 | + ;; |
3605 | +esac |
3606 | + |
3607 | +# dh_installdeb will replace this with shell code automatically |
3608 | +# generated by other debhelper scripts. |
3609 | + |
3610 | +#DEBHELPER# |
3611 | + |
3612 | +exit 0 |
3613 | diff --git a/debian/qemu-system-gui.postrm.in b/debian/qemu-system-gui.postrm.in |
3614 | new file mode 100644 |
3615 | index 0000000..48c740a |
3616 | --- /dev/null |
3617 | +++ b/debian/qemu-system-gui.postrm.in |
3618 | @@ -0,0 +1,44 @@ |
3619 | +#!/bin/sh |
3620 | +# postrm script for brrr |
3621 | +# |
3622 | +# see: dh_installdeb(1) |
3623 | + |
3624 | +set -e |
3625 | + |
3626 | +# summary of how this script can be called: |
3627 | +# * <postrm> `remove' |
3628 | +# * <postrm> `purge' |
3629 | +# * <old-postrm> `upgrade' <new-version> |
3630 | +# * <new-postrm> `failed-upgrade' <old-version> |
3631 | +# * <new-postrm> `abort-install' |
3632 | +# * <new-postrm> `abort-install' <old-version> |
3633 | +# * <new-postrm> `abort-upgrade' <old-version> |
3634 | +# * <disappearer's-postrm> `disappear' <overwriter> |
3635 | +# <overwriter-version> |
3636 | +# for details, see https://www.debian.org/doc/debian-policy/ or |
3637 | +# the debian-policy package |
3638 | + |
3639 | + |
3640 | +case "$1" in |
3641 | + purge|remove) |
3642 | + # remove .so files for still running qemu instances in /var/run |
3643 | + # for details see bug LP: #1847361 |
3644 | + rm -f /var/run/qemu/@PKGVERSION@/ui-gtk.so |
3645 | + rm -f /var/run/qemu/@PKGVERSION@/audio-*.so |
3646 | + ;; |
3647 | + |
3648 | + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) |
3649 | + ;; |
3650 | + |
3651 | + *) |
3652 | + echo "postrm called with unknown argument \`$1'" >&2 |
3653 | + exit 1 |
3654 | + ;; |
3655 | +esac |
3656 | + |
3657 | +# dh_installdeb will replace this with shell code automatically |
3658 | +# generated by other debhelper scripts. |
3659 | + |
3660 | +#DEBHELPER# |
3661 | + |
3662 | +exit 0 |
3663 | diff --git a/debian/qemu-system-gui.prerm.in b/debian/qemu-system-gui.prerm.in |
3664 | new file mode 100644 |
3665 | index 0000000..3624362 |
3666 | --- /dev/null |
3667 | +++ b/debian/qemu-system-gui.prerm.in |
3668 | @@ -0,0 +1,46 @@ |
3669 | +#!/bin/sh |
3670 | +# prerm script for qemu-system-gui |
3671 | +# |
3672 | +# see: dh_installdeb(1) |
3673 | + |
3674 | +set -e |
3675 | + |
3676 | +# summary of how this script can be called: |
3677 | +# * <prerm> `remove' |
3678 | +# * <old-prerm> `upgrade' <new-version> |
3679 | +# * <new-prerm> `failed-upgrade' <old-version> |
3680 | +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> |
3681 | +# * <deconfigured's-prerm> `deconfigure' `in-favour' |
3682 | +# <package-being-installed> <version> `removing' |
3683 | +# <conflicting-package> <version> |
3684 | +# for details, see https://www.debian.org/doc/debian-policy/ or |
3685 | +# the debian-policy package |
3686 | + |
3687 | + |
3688 | +case "$1" in |
3689 | + remove) |
3690 | + ;; |
3691 | + |
3692 | + upgrade|deconfigure) |
3693 | + # retain .so files for still running qemu instances in /var/run |
3694 | + # for details see bug LP: #1847361 |
3695 | + mkdir -p /var/run/qemu/@PKGVERSION@ |
3696 | + cp /usr/lib/@ARCH@/qemu/ui-gtk.so /var/run/qemu/@PKGVERSION@/ |
3697 | + cp /usr/lib/@ARCH@/qemu/audio-*.so /var/run/qemu/@PKGVERSION@/ |
3698 | + ;; |
3699 | + |
3700 | + failed-upgrade) |
3701 | + ;; |
3702 | + |
3703 | + *) |
3704 | + echo "prerm called with unknown argument \`$1'" >&2 |
3705 | + exit 1 |
3706 | + ;; |
3707 | +esac |
3708 | + |
3709 | +# dh_installdeb will replace this with shell code automatically |
3710 | +# generated by other debhelper scripts. |
3711 | + |
3712 | +#DEBHELPER# |
3713 | + |
3714 | +exit 0 |
3715 | diff --git a/debian/rules b/debian/rules |
3716 | index 1604d33..58ed6ea 100755 |
3717 | --- a/debian/rules |
3718 | +++ b/debian/rules |
3719 | @@ -15,6 +15,9 @@ else |
3720 | VENDOR := DEBIAN |
3721 | endif |
3722 | |
3723 | +AUTOGENERATED:= qemu-block-extra.prerm qemu-block-extra.postrm qemu-system-gui.prerm qemu-system-gui.postrm |
3724 | +PKGVERSION := $(shell printf "Debian ${DEB_VERSION}" | tr --complement '[:alnum:]+-.~' '_') |
3725 | + |
3726 | # support parallel build using DEB_BUILD_OPTIONS=parallel=N |
3727 | ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) |
3728 | MAKEFLAGS += -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) |
3729 | @@ -103,6 +106,12 @@ endif # enable_linux_user |
3730 | b/configure-stamp: configure |
3731 | dh_testdir |
3732 | |
3733 | + for f in ${AUTOGENERATED} ; do \ |
3734 | + sed -e 's%@ARCH@%${DEB_HOST_MULTIARCH}%g' \ |
3735 | + -e 's%@PKGVERSION@%${PKGVERSION}%g' \ |
3736 | + < debian/$$f.in > debian/$$f ; \ |
3737 | + done |
3738 | + |
3739 | # system build |
3740 | rm -rf b/qemu; mkdir -p b/qemu |
3741 | cd b/qemu && \ |
3742 | @@ -111,6 +120,7 @@ b/configure-stamp: configure |
3743 | --${enable_linux_user}-linux-user \ |
3744 | --disable-xen \ |
3745 | --enable-modules \ |
3746 | + --enable-module-upgrades \ |
3747 | $(shell sh debian/extract-config-opts \ |
3748 | $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \ |
3749 | $(QEMU_CONFIGURE_OPTIONS) || \ |
3750 | @@ -137,6 +147,7 @@ ifneq ($(filter $(DEB_HOST_ARCH),amd64 i386),) |
3751 | --enable-xen \ |
3752 | --target-list="aarch64-softmmu arm-softmmu i386-softmmu x86_64-softmmu" |
3753 | --enable-modules \ |
3754 | + --enable-module-upgrades \ |
3755 | $(shell sh debian/extract-config-opts \ |
3756 | $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \ |
3757 | $(QEMU_CONFIGURE_OPTIONS) || \ |
3758 | @@ -489,6 +500,7 @@ clean: debian/control |
3759 | rm -rf b |
3760 | find scripts/ -name '*.pyc' -delete || : |
3761 | rm -f debian/qemu-user.1 |
3762 | + rm -f $(patsubst %, debian/%, ${AUTOGENERATED}) |
3763 | dh_clean |
3764 | |
3765 | .PHONY: build clean binary-arch binary-indep binary build-arch build-indep build |
We know qemu had git-ubuntu import errors recently. 1%4.2-3ubuntu2 in history and this MP is only for the coming upload/ 1%4.2-3ubuntu3.
Probably it is best to just look at my proposed branch - that has a proper upload/