1
diff --git a/debian/changelog b/debian/changelog
2
index 89089bb..11efbaa 100644
3
--- a/debian/changelog
4
+++ b/debian/changelog
5
@@ -1,3 +1,24 @@
6
1
qemu (1:4.2-3ubuntu3) focal; urgency=medium
7
2
8
3
  * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
9
4
    patches @qemu-stable (LP: #1867519)
10
5
11
6
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 18 Mar 2020 13:57:57 +0100
12
7
13
8
qemu (1:4.2-3ubuntu2) focal; urgency=medium
14
9
15
10
  * allow qemu to load old modules post upgrade (LP: #1847361)
16
11
    - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
17
12
      load to a versioned path
18
13
    - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
19
14
      upgrade
20
15
    - d/rules: generate maintainer scripts matching package version on build
21
16
    - d/rules: enable --enable-module-upgrades where --enable-modules is set
22
17
  * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
23
18
    avoid unnecessary IOTLB transactions (LP: #1866207)
24
19
25
20
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Mar 2020 15:21:27 +0100
26
21
27
1
qemu (1:4.2-3ubuntu1) focal; urgency=medium
22
qemu (1:4.2-3ubuntu1) focal; urgency=medium
28
2
23
29
3
  * Merge with Debian testing, remaining changes:
24
  * Merge with Debian testing, remaining changes:
30
diff --git a/debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch b/debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch
31
4
new file mode 100644
25
new file mode 100644
32
index 0000000..8dc2409
33
--- /dev/null
34
+++ b/debian/patches/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch
35
@@ -0,0 +1,78 @@
36
1
From 7f493662be4045146a8f45119d8834c9088a0ad6 Mon Sep 17 00:00:00 2001
37
2
From: Pan Nengyuan <pannengyuan@huawei.com>
38
3
Date: Thu, 5 Dec 2019 11:45:27 +0800
39
4
Subject: [PATCH] block/nbd: extract the common cleanup code
40
5
41
6
The BDRVNBDState cleanup code is common in two places, add
42
7
nbd_clear_bdrvstate() function to do these cleanups.
43
8
44
9
Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
45
10
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
46
11
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
47
12
Message-Id: <1575517528-44312-2-git-send-email-pannengyuan@huawei.com>
48
13
Reviewed-by: Eric Blake <eblake@redhat.com>
49
14
[eblake: fix compilation error and commit message]
50
15
Signed-off-by: Eric Blake <eblake@redhat.com>
51
16
52
17
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=7f493662be4045146a8f45119d8834c9088a0ad6
53
18
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
54
19
Last-Update: 2020-03-18
55
20
56
21
---
57
22
 block/nbd.c | 26 +++++++++++++++-----------
58
23
 1 file changed, 15 insertions(+), 11 deletions(-)
59
24
60
25
diff --git a/block/nbd.c b/block/nbd.c
61
26
index f69e61e68a..ed0f93ab27 100644
62
27
--- a/block/nbd.c
63
28
+++ b/block/nbd.c
64
29
@@ -95,6 +95,19 @@ typedef struct BDRVNBDState {
65
30
 
66
31
 static int nbd_client_connect(BlockDriverState *bs, Error **errp);
67
32
 
68
33
+static void nbd_clear_bdrvstate(BDRVNBDState *s)
69
34
+{
70
35
+    object_unref(OBJECT(s->tlscreds));
71
36
+    qapi_free_SocketAddress(s->saddr);
72
37
+    s->saddr = NULL;
73
38
+    g_free(s->export);
74
39
+    s->export = NULL;
75
40
+    g_free(s->tlscredsid);
76
41
+    s->tlscredsid = NULL;
77
42
+    g_free(s->x_dirty_bitmap);
78
43
+    s->x_dirty_bitmap = NULL;
79
44
+}
80
45
+
81
46
 static void nbd_channel_error(BDRVNBDState *s, int ret)
82
47
 {
83
48
     if (ret == -EIO) {
84
49
@@ -1879,11 +1892,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options,
85
50
 
86
51
  error:
87
52
     if (ret < 0) {
88
53
-        object_unref(OBJECT(s->tlscreds));
89
54
-        qapi_free_SocketAddress(s->saddr);
90
55
-        g_free(s->export);
91
56
-        g_free(s->tlscredsid);
92
57
-        g_free(s->x_dirty_bitmap);
93
58
+        nbd_clear_bdrvstate(s);
94
59
     }
95
60
     qemu_opts_del(opts);
96
61
     return ret;
97
62
@@ -1962,12 +1971,7 @@ static void nbd_close(BlockDriverState *bs)
98
63
     BDRVNBDState *s = bs->opaque;
99
64
 
100
65
     nbd_client_close(bs);
101
66
-
102
67
-    object_unref(OBJECT(s->tlscreds));
103
68
-    qapi_free_SocketAddress(s->saddr);
104
69
-    g_free(s->export);
105
70
-    g_free(s->tlscredsid);
106
71
-    g_free(s->x_dirty_bitmap);
107
72
+    nbd_clear_bdrvstate(s);
108
73
 }
109
74
 
110
75
 static int64_t nbd_getlength(BlockDriverState *bs)
111
76
-- 
112
77
2.25.1
113
78
114
diff --git a/debian/patches/series b/debian/patches/series
115
index c9fce99..f01fa16 100644
116
--- a/debian/patches/series
117
+++ b/debian/patches/series
118
@@ -13,3 +13,41 @@ ubuntu/lp-1857033-i386-Add-macro-for-stibp.patch
119
13
ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch
13
ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch
120
14
lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch
14
lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch
121
15
ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch
15
ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch
122
16
ubuntu/lp-1847361-modules-load-upgrade.patch
123
17
ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch
124
18
125
19
# stabilize 4.2 with patches sent to qemu-stable since 4.2 released
126
20
stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch
127
21
stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch
128
22
stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch
129
23
stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch
130
24
stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch
131
25
stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch
132
26
stable/lp-1867519-backup-top-Begin-drain-earlier.patch
133
27
stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch
134
28
stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch
135
29
stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch
136
30
stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch
137
31
stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch
138
32
stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch
139
33
stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch
140
34
stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch
141
35
stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch
142
36
stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch
143
37
stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch
144
38
stable/lp-1867519-block-backup-top-fix-failure-path.patch
145
39
stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch
146
40
stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch
147
41
stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch
148
42
stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch
149
43
stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch
150
44
stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch
151
45
stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch
152
46
stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch
153
47
stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch
154
48
stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch
155
49
stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch
156
50
stable/lp-1867519-job-refactor-progress-to-separate-object.patch
157
51
stable/lp-1867519-block-block-copy-fix-progress-calculation.patch
158
52
stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch
159
53
lp-1867519-block-nbd-extract-the-common-cleanup-code.patch
160
diff --git a/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch b/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch
161
16
new file mode 100644
54
new file mode 100644
162
index 0000000..c980ed6
163
--- /dev/null
164
+++ b/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch
165
@@ -0,0 +1,48 @@
166
1
From c8fa6079eb35888587f1be27c1590da4edcc5098 Mon Sep 17 00:00:00 2001
167
2
From: Niek Linnenbank <nieklinnenbank@gmail.com>
168
3
Date: Fri, 20 Dec 2019 14:03:00 +0000
169
4
Subject: [PATCH] arm/arm-powerctl: rebuild hflags after setting CP15 bits in
170
5
 arm_set_cpu_on()
171
6
172
7
After setting CP15 bits in arm_set_cpu_on() the cached hflags must
173
8
be rebuild to reflect the changed processor state. Without rebuilding,
174
9
the cached hflags would be inconsistent until the next call to
175
10
arm_rebuild_hflags(). When QEMU is compiled with debugging enabled
176
11
(--enable-debug), this problem is captured shortly after the first
177
12
call to arm_set_cpu_on() for CPUs running in ARM 32-bit non-secure mode:
178
13
179
14
  qemu-system-arm: target/arm/helper.c:11359: cpu_get_tb_cpu_state:
180
15
  Assertion `flags == rebuild_hflags_internal(env)' failed.
181
16
  Aborted (core dumped)
182
17
183
18
Fixes: 0c7f8c43daf65
184
19
Cc: qemu-stable@nongnu.org
185
20
Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com>
186
21
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
187
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
188
23
189
24
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c8fa6079eb35888587f1be27c1590da4edcc5098
190
25
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
191
26
Last-Update: 2020-03-18
192
27
193
28
---
194
29
 target/arm/arm-powerctl.c | 3 +++
195
30
 1 file changed, 3 insertions(+)
196
31
197
32
diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
198
33
index b064513d44..b75f813b40 100644
199
34
--- a/target/arm/arm-powerctl.c
200
35
+++ b/target/arm/arm-powerctl.c
201
36
@@ -127,6 +127,9 @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state,
202
37
         target_cpu->env.regs[0] = info->context_id;
203
38
     }
204
39
 
205
40
+    /* CP15 update requires rebuilding hflags */
206
41
+    arm_rebuild_hflags(&target_cpu->env);
207
42
+
208
43
     /* Start the new CPU at the requested address */
209
44
     cpu_set_pc(target_cpu_state, info->entry);
210
45
 
211
46
-- 
212
47
2.25.1
213
48
214
diff --git a/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch b/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch
215
0
new file mode 100644
49
new file mode 100644
216
index 0000000..b2fa47c
217
--- /dev/null
218
+++ b/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch
219
@@ -0,0 +1,49 @@
220
1
From 0c7f8c43daf6556078e51de98aa13f069e505985 Mon Sep 17 00:00:00 2001
221
2
From: Niek Linnenbank <nieklinnenbank@gmail.com>
222
3
Date: Mon, 2 Dec 2019 22:09:43 +0100
223
4
Subject: [PATCH] arm/arm-powerctl: set NSACR.{CP11, CP10} bits in
224
5
 arm_set_cpu_on()
225
6
226
7
This change ensures that the FPU can be accessed in Non-Secure mode
227
8
when the CPU core is reset using the arm_set_cpu_on() function call.
228
9
The NSACR.{CP11,CP10} bits define the exception level required to
229
10
access the FPU in Non-Secure mode. Without these bits set, the CPU
230
11
will give an undefined exception trap on the first FPU access for the
231
12
secondary cores under Linux.
232
13
233
14
This is necessary because in this power-control codepath QEMU
234
15
is effectively emulating a bit of EL3 firmware, and has to set
235
16
the CPU up as the EL3 firmware would.
236
17
237
18
Fixes: fc1120a7f5
238
19
Cc: qemu-stable@nongnu.org
239
20
Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com>
240
21
[PMM: added clarifying para to commit message]
241
22
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
242
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
243
24
244
25
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0c7f8c43daf6556078e51de98aa13f069e505985
245
26
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
246
27
Last-Update: 2020-03-18
247
28
248
29
---
249
30
 target/arm/arm-powerctl.c | 3 +++
250
31
 1 file changed, 3 insertions(+)
251
32
252
33
diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
253
34
index f77a950db6..b064513d44 100644
254
35
--- a/target/arm/arm-powerctl.c
255
36
+++ b/target/arm/arm-powerctl.c
256
37
@@ -104,6 +104,9 @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state,
257
38
         /* Processor is not in secure mode */
258
39
         target_cpu->env.cp15.scr_el3 |= SCR_NS;
259
40
 
260
41
+        /* Set NSACR.{CP11,CP10} so NS can access the FPU */
261
42
+        target_cpu->env.cp15.nsacr |= 3 << 10;
262
43
+
263
44
         /*
264
45
          * If QEMU is providing the equivalent of EL3 firmware, then we need
265
46
          * to make sure a CPU targeting EL2 comes out of reset with a
266
47
-- 
267
48
2.25.1
268
49
269
diff --git a/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch b/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch
270
0
new file mode 100644
50
new file mode 100644
271
index 0000000..d534297
272
--- /dev/null
273
+++ b/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch
274
@@ -0,0 +1,46 @@
275
1
From 503ca1262bab2c11c533a4816d1ff4297d4f58a6 Mon Sep 17 00:00:00 2001
276
2
From: Max Reitz <mreitz@redhat.com>
277
3
Date: Thu, 19 Dec 2019 19:26:38 +0100
278
4
Subject: [PATCH] backup-top: Begin drain earlier
279
5
280
6
When dropping backup-top, we need to drain the node before freeing the
281
7
BlockCopyState.  Otherwise, requests may still be in flight and then the
282
8
assertion in shres_destroy() will fail.
283
9
284
10
(This becomes visible in intermittent failure of 056.)
285
11
286
12
Cc: qemu-stable@nongnu.org
287
13
Signed-off-by: Max Reitz <mreitz@redhat.com>
288
14
Message-id: 20191219182638.104621-1-mreitz@redhat.com
289
15
Signed-off-by: Max Reitz <mreitz@redhat.com>
290
16
291
17
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=503ca1262bab2c11c533a4816d1ff4297d4f58a6
292
18
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
293
19
Last-Update: 2020-03-18
294
20
295
21
---
296
22
 block/backup-top.c | 4 ++--
297
23
 1 file changed, 2 insertions(+), 2 deletions(-)
298
24
299
25
diff --git a/block/backup-top.c b/block/backup-top.c
300
26
index 7cdb1f8eba..818d3f26b4 100644
301
27
--- a/block/backup-top.c
302
28
+++ b/block/backup-top.c
303
29
@@ -257,12 +257,12 @@ void bdrv_backup_top_drop(BlockDriverState *bs)
304
30
     BDRVBackupTopState *s = bs->opaque;
305
31
     AioContext *aio_context = bdrv_get_aio_context(bs);
306
32
 
307
33
-    block_copy_state_free(s->bcs);
308
34
-
309
35
     aio_context_acquire(aio_context);
310
36
 
311
37
     bdrv_drained_begin(bs);
312
38
 
313
39
+    block_copy_state_free(s->bcs);
314
40
+
315
41
     s->active = false;
316
42
     bdrv_child_refresh_perms(bs, bs->backing, &error_abort);
317
43
     bdrv_replace_node(bs, backing_bs(bs), &error_abort);
318
44
-- 
319
45
2.25.1
320
46
321
diff --git a/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch b/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch
322
0
new file mode 100644
47
new file mode 100644
323
index 0000000..0a9d490
324
--- /dev/null
325
+++ b/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch
326
@@ -0,0 +1,108 @@
327
1
From 7bb4941ace471fc7dd6ded4749b95b9622baa6ed Mon Sep 17 00:00:00 2001
328
2
From: Kevin Wolf <kwolf@redhat.com>
329
3
Date: Tue, 17 Dec 2019 15:06:38 +0100
330
4
Subject: [PATCH] block: Activate recursively even for already active nodes
331
5
332
6
bdrv_invalidate_cache_all() assumes that all nodes in a given subtree
333
7
are either active or inactive when it starts. Therefore, as soon as it
334
8
arrives at an already active node, it stops.
335
9
336
10
However, this assumption is wrong. For example, it's possible to take a
337
11
snapshot of an inactive node, which results in an active overlay over an
338
12
inactive backing file. The active overlay is probably also the root node
339
13
of an inactive BlockBackend (blk->disable_perm == true).
340
14
341
15
In this case, bdrv_invalidate_cache_all() does not need to do anything
342
16
to activate the overlay node, but it still needs to recurse into the
343
17
children and the parents to make sure that after returning success,
344
18
really everything is activated.
345
19
346
20
Cc: qemu-stable@nongnu.org
347
21
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
348
22
Reviewed-by: Max Reitz <mreitz@redhat.com>
349
23
350
24
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=7bb4941ace471fc7dd6ded4749b95b9622baa6ed
351
25
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
352
26
Last-Update: 2020-03-18
353
27
354
28
---
355
29
 block.c | 50 ++++++++++++++++++++++++--------------------------
356
30
 1 file changed, 24 insertions(+), 26 deletions(-)
357
31
358
32
diff --git a/block.c b/block.c
359
33
index 73029fad64..1b6f7c86e8 100644
360
34
--- a/block.c
361
35
+++ b/block.c
362
36
@@ -5335,10 +5335,6 @@ static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs,
363
37
         return;
364
38
     }
365
39
 
366
40
-    if (!(bs->open_flags & BDRV_O_INACTIVE)) {
367
41
-        return;
368
42
-    }
369
43
-
370
44
     QLIST_FOREACH(child, &bs->children, next) {
371
45
         bdrv_co_invalidate_cache(child->bs, &local_err);
372
46
         if (local_err) {
373
47
@@ -5360,34 +5356,36 @@ static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs,
374
48
      * just keep the extended permissions for the next time that an activation
375
49
      * of the image is tried.
376
50
      */
377
51
-    bs->open_flags &= ~BDRV_O_INACTIVE;
378
52
-    bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
379
53
-    ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err);
380
54
-    if (ret < 0) {
381
55
-        bs->open_flags |= BDRV_O_INACTIVE;
382
56
-        error_propagate(errp, local_err);
383
57
-        return;
384
58
-    }
385
59
-    bdrv_set_perm(bs, perm, shared_perm);
386
60
-
387
61
-    if (bs->drv->bdrv_co_invalidate_cache) {
388
62
-        bs->drv->bdrv_co_invalidate_cache(bs, &local_err);
389
63
-        if (local_err) {
390
64
+    if (bs->open_flags & BDRV_O_INACTIVE) {
391
65
+        bs->open_flags &= ~BDRV_O_INACTIVE;
392
66
+        bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
393
67
+        ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err);
394
68
+        if (ret < 0) {
395
69
             bs->open_flags |= BDRV_O_INACTIVE;
396
70
             error_propagate(errp, local_err);
397
71
             return;
398
72
         }
399
73
-    }
400
74
+        bdrv_set_perm(bs, perm, shared_perm);
401
75
 
402
76
-    FOR_EACH_DIRTY_BITMAP(bs, bm) {
403
77
-        bdrv_dirty_bitmap_skip_store(bm, false);
404
78
-    }
405
79
+        if (bs->drv->bdrv_co_invalidate_cache) {
406
80
+            bs->drv->bdrv_co_invalidate_cache(bs, &local_err);
407
81
+            if (local_err) {
408
82
+                bs->open_flags |= BDRV_O_INACTIVE;
409
83
+                error_propagate(errp, local_err);
410
84
+                return;
411
85
+            }
412
86
+        }
413
87
 
414
88
-    ret = refresh_total_sectors(bs, bs->total_sectors);
415
89
-    if (ret < 0) {
416
90
-        bs->open_flags |= BDRV_O_INACTIVE;
417
91
-        error_setg_errno(errp, -ret, "Could not refresh total sector count");
418
92
-        return;
419
93
+        FOR_EACH_DIRTY_BITMAP(bs, bm) {
420
94
+            bdrv_dirty_bitmap_skip_store(bm, false);
421
95
+        }
422
96
+
423
97
+        ret = refresh_total_sectors(bs, bs->total_sectors);
424
98
+        if (ret < 0) {
425
99
+            bs->open_flags |= BDRV_O_INACTIVE;
426
100
+            error_setg_errno(errp, -ret, "Could not refresh total sector count");
427
101
+            return;
428
102
+        }
429
103
     }
430
104
 
431
105
     QLIST_FOREACH(parent, &bs->parents, next_parent) {
432
106
-- 
433
107
2.25.1
434
108
435
diff --git a/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch b/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch
436
0
new file mode 100644
109
new file mode 100644
437
index 0000000..0ea91e8
438
--- /dev/null
439
+++ b/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch
440
@@ -0,0 +1,97 @@
441
1
From 0df62f45c1de6c020f1e6fba4eeafd248209b003 Mon Sep 17 00:00:00 2001
442
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
443
3
Date: Tue, 21 Jan 2020 17:28:01 +0300
444
4
Subject: [PATCH] block/backup-top: fix failure path
445
5
446
6
We can't access top after call bdrv_backup_top_drop, as it is already
447
7
freed at this time.
448
8
449
9
Also, no needs to unref target child by hand, it will be unrefed on
450
10
bdrv_close() automatically.
451
11
452
12
So, just do bdrv_backup_top_drop if append succeed and one bdrv_unref
453
13
otherwise.
454
14
455
15
Note, that in !appended case bdrv_unref(top) moved into drained section
456
16
on source. It doesn't really matter, but just for code simplicity.
457
17
458
18
Fixes: 7df7868b96404
459
19
Cc: qemu-stable@nongnu.org # v4.2.0
460
20
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
461
21
Reviewed-by: Max Reitz <mreitz@redhat.com>
462
22
Message-id: 20200121142802.21467-2-vsementsov@virtuozzo.com
463
23
Signed-off-by: Max Reitz <mreitz@redhat.com>
464
24
465
25
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0df62f45c1de6c020f1e6fba4eeafd248209b003
466
26
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
467
27
Last-Update: 2020-03-18
468
28
469
29
---
470
30
 block/backup-top.c | 21 ++++++++++++---------
471
31
 1 file changed, 12 insertions(+), 9 deletions(-)
472
32
473
33
diff --git a/block/backup-top.c b/block/backup-top.c
474
34
index 9aed2eb4c0..fa78f3256d 100644
475
35
--- a/block/backup-top.c
476
36
+++ b/block/backup-top.c
477
37
@@ -190,6 +190,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
478
38
     BlockDriverState *top = bdrv_new_open_driver(&bdrv_backup_top_filter,
479
39
                                                  filter_node_name,
480
40
                                                  BDRV_O_RDWR, errp);
481
41
+    bool appended = false;
482
42
 
483
43
     if (!top) {
484
44
         return NULL;
485
45
@@ -212,8 +213,9 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
486
46
     bdrv_append(top, source, &local_err);
487
47
     if (local_err) {
488
48
         error_prepend(&local_err, "Cannot append backup-top filter: ");
489
49
-        goto append_failed;
490
50
+        goto fail;
491
51
     }
492
52
+    appended = true;
493
53
 
494
54
     /*
495
55
      * bdrv_append() finished successfully, now we can require permissions
496
56
@@ -224,14 +226,14 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
497
57
     if (local_err) {
498
58
         error_prepend(&local_err,
499
59
                       "Cannot set permissions for backup-top filter: ");
500
60
-        goto failed_after_append;
501
61
+        goto fail;
502
62
     }
503
63
 
504
64
     state->bcs = block_copy_state_new(top->backing, state->target,
505
65
                                       cluster_size, write_flags, &local_err);
506
66
     if (local_err) {
507
67
         error_prepend(&local_err, "Cannot create block-copy-state: ");
508
68
-        goto failed_after_append;
509
69
+        goto fail;
510
70
     }
511
71
     *bcs = state->bcs;
512
72
 
513
73
@@ -239,14 +241,15 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
514
74
 
515
75
     return top;
516
76
 
517
77
-failed_after_append:
518
78
-    state->active = false;
519
79
-    bdrv_backup_top_drop(top);
520
80
+fail:
521
81
+    if (appended) {
522
82
+        state->active = false;
523
83
+        bdrv_backup_top_drop(top);
524
84
+    } else {
525
85
+        bdrv_unref(top);
526
86
+    }
527
87
 
528
88
-append_failed:
529
89
     bdrv_drained_end(source);
530
90
-    bdrv_unref_child(top, state->target);
531
91
-    bdrv_unref(top);
532
92
     error_propagate(errp, local_err);
533
93
 
534
94
     return NULL;
535
95
-- 
536
96
2.25.1
537
97
538
diff --git a/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch b/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch
539
0
new file mode 100644
98
new file mode 100644
540
index 0000000..6eb7652
541
--- /dev/null
542
+++ b/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch
543
@@ -0,0 +1,201 @@
544
1
From d0ebeca14a585f352938062ef8ddde47fe4d39f9 Mon Sep 17 00:00:00 2001
545
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
546
3
Date: Wed, 11 Mar 2020 13:29:57 +0300
547
4
Subject: [PATCH] block/block-copy: fix progress calculation
548
5
549
6
Assume we have two regions, A and B, and region B is in-flight now,
550
7
region A is not yet touched, but it is unallocated and should be
551
8
skipped.
552
9
553
10
Correspondingly, as progress we have
554
11
555
12
  total = A + B
556
13
  current = 0
557
14
558
15
If we reset unallocated region A and call progress_reset_callback,
559
16
it will calculate 0 bytes dirty in the bitmap and call
560
17
job_progress_set_remaining, which will set
561
18
562
19
   total = current + 0 = 0 + 0 = 0
563
20
564
21
So, B bytes are actually removed from total accounting. When job
565
22
finishes we'll have
566
23
567
24
   total = 0
568
25
   current = B
569
26
570
27
, which doesn't sound good.
571
28
572
29
This is because we didn't considered in-flight bytes, actually when
573
30
calculating remaining, we should have set (in_flight + dirty_bytes)
574
31
as remaining, not only dirty_bytes.
575
32
576
33
To fix it, let's refactor progress calculation, moving it to block-copy
577
34
itself instead of fixing callback. And, of course, track in_flight
578
35
bytes count.
579
36
580
37
We still have to keep one callback, to maintain backup job bytes_read
581
38
calculation, but it will go on soon, when we turn the whole backup
582
39
process into one block_copy call.
583
40
584
41
Cc: qemu-stable@nongnu.org
585
42
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
586
43
Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
587
44
Message-Id: <20200311103004.7649-3-vsementsov@virtuozzo.com>
588
45
Signed-off-by: Max Reitz <mreitz@redhat.com>
589
46
590
47
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d0ebeca14a585f352938062ef8ddde47fe4d39f9
591
48
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
592
49
Last-Update: 2020-03-18
593
50
594
51
---
595
52
 block/backup.c             | 13 ++-----------
596
53
 block/block-copy.c         | 16 ++++++++++++----
597
54
 include/block/block-copy.h | 15 +++++----------
598
55
 3 files changed, 19 insertions(+), 25 deletions(-)
599
56
600
57
diff --git a/block/backup.c b/block/backup.c
601
58
index 1383e219f5..8694e0394b 100644
602
59
--- a/block/backup.c
603
60
+++ b/block/backup.c
604
61
@@ -57,15 +57,6 @@ static void backup_progress_bytes_callback(int64_t bytes, void *opaque)
605
62
     BackupBlockJob *s = opaque;
606
63
 
607
64
     s->bytes_read += bytes;
608
65
-    job_progress_update(&s->common.job, bytes);
609
66
-}
610
67
-
611
68
-static void backup_progress_reset_callback(void *opaque)
612
69
-{
613
70
-    BackupBlockJob *s = opaque;
614
71
-    uint64_t estimate = bdrv_get_dirty_count(s->bcs->copy_bitmap);
615
72
-
616
73
-    job_progress_set_remaining(&s->common.job, estimate);
617
74
 }
618
75
 
619
76
 static int coroutine_fn backup_do_cow(BackupBlockJob *job,
620
77
@@ -464,8 +455,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
621
78
     job->cluster_size = cluster_size;
622
79
     job->len = len;
623
80
 
624
81
-    block_copy_set_callbacks(bcs, backup_progress_bytes_callback,
625
82
-                             backup_progress_reset_callback, job);
626
83
+    block_copy_set_progress_callback(bcs, backup_progress_bytes_callback, job);
627
84
+    block_copy_set_progress_meter(bcs, &job->common.job.progress);
628
85
 
629
86
     /* Required permissions are already taken by backup-top target */
630
87
     block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
631
88
diff --git a/block/block-copy.c b/block/block-copy.c
632
89
index 79798a1567..e2d7b3b887 100644
633
90
--- a/block/block-copy.c
634
91
+++ b/block/block-copy.c
635
92
@@ -127,17 +127,20 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
636
93
     return s;
637
94
 }
638
95
 
639
96
-void block_copy_set_callbacks(
640
97
+void block_copy_set_progress_callback(
641
98
         BlockCopyState *s,
642
99
         ProgressBytesCallbackFunc progress_bytes_callback,
643
100
-        ProgressResetCallbackFunc progress_reset_callback,
644
101
         void *progress_opaque)
645
102
 {
646
103
     s->progress_bytes_callback = progress_bytes_callback;
647
104
-    s->progress_reset_callback = progress_reset_callback;
648
105
     s->progress_opaque = progress_opaque;
649
106
 }
650
107
 
651
108
+void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm)
652
109
+{
653
110
+    s->progress = pm;
654
111
+}
655
112
+
656
113
 /*
657
114
  * block_copy_do_copy
658
115
  *
659
116
@@ -269,7 +272,9 @@ int64_t block_copy_reset_unallocated(BlockCopyState *s,
660
117
 
661
118
     if (!ret) {
662
119
         bdrv_reset_dirty_bitmap(s->copy_bitmap, offset, bytes);
663
120
-        s->progress_reset_callback(s->progress_opaque);
664
121
+        progress_set_remaining(s->progress,
665
122
+                               bdrv_get_dirty_count(s->copy_bitmap) +
666
123
+                               s->in_flight_bytes);
667
124
     }
668
125
 
669
126
     *count = bytes;
670
127
@@ -331,15 +336,18 @@ int coroutine_fn block_copy(BlockCopyState *s,
671
128
         trace_block_copy_process(s, start);
672
129
 
673
130
         bdrv_reset_dirty_bitmap(s->copy_bitmap, start, chunk_end - start);
674
131
+        s->in_flight_bytes += chunk_end - start;
675
132
 
676
133
         co_get_from_shres(s->mem, chunk_end - start);
677
134
         ret = block_copy_do_copy(s, start, chunk_end, error_is_read);
678
135
         co_put_to_shres(s->mem, chunk_end - start);
679
136
+        s->in_flight_bytes -= chunk_end - start;
680
137
         if (ret < 0) {
681
138
             bdrv_set_dirty_bitmap(s->copy_bitmap, start, chunk_end - start);
682
139
             break;
683
140
         }
684
141
 
685
142
+        progress_work_done(s->progress, chunk_end - start);
686
143
         s->progress_bytes_callback(chunk_end - start, s->progress_opaque);
687
144
         start = chunk_end;
688
145
         ret = 0;
689
146
diff --git a/include/block/block-copy.h b/include/block/block-copy.h
690
147
index 0a161724d7..9def00068c 100644
691
148
--- a/include/block/block-copy.h
692
149
+++ b/include/block/block-copy.h
693
150
@@ -26,7 +26,6 @@ typedef struct BlockCopyInFlightReq {
694
151
 } BlockCopyInFlightReq;
695
152
 
696
153
 typedef void (*ProgressBytesCallbackFunc)(int64_t bytes, void *opaque);
697
154
-typedef void (*ProgressResetCallbackFunc)(void *opaque);
698
155
 typedef struct BlockCopyState {
699
156
     /*
700
157
      * BdrvChild objects are not owned or managed by block-copy. They are
701
158
@@ -36,6 +35,7 @@ typedef struct BlockCopyState {
702
159
     BdrvChild *source;
703
160
     BdrvChild *target;
704
161
     BdrvDirtyBitmap *copy_bitmap;
705
162
+    int64_t in_flight_bytes;
706
163
     int64_t cluster_size;
707
164
     bool use_copy_range;
708
165
     int64_t copy_size;
709
166
@@ -60,15 +60,9 @@ typedef struct BlockCopyState {
710
167
      */
711
168
     bool skip_unallocated;
712
169
 
713
170
+    ProgressMeter *progress;
714
171
     /* progress_bytes_callback: called when some copying progress is done. */
715
172
     ProgressBytesCallbackFunc progress_bytes_callback;
716
173
-
717
174
-    /*
718
175
-     * progress_reset_callback: called when some bytes reset from copy_bitmap
719
176
-     * (see @skip_unallocated above). The callee is assumed to recalculate how
720
177
-     * many bytes remain based on the dirty bit count of copy_bitmap.
721
178
-     */
722
179
-    ProgressResetCallbackFunc progress_reset_callback;
723
180
     void *progress_opaque;
724
181
 
725
182
     SharedResource *mem;
726
183
@@ -79,12 +73,13 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
727
184
                                      BdrvRequestFlags write_flags,
728
185
                                      Error **errp);
729
186
 
730
187
-void block_copy_set_callbacks(
731
188
+void block_copy_set_progress_callback(
732
189
         BlockCopyState *s,
733
190
         ProgressBytesCallbackFunc progress_bytes_callback,
734
191
-        ProgressResetCallbackFunc progress_reset_callback,
735
192
         void *progress_opaque);
736
193
 
737
194
+void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm);
738
195
+
739
196
 void block_copy_state_free(BlockCopyState *s);
740
197
 
741
198
 int64_t block_copy_reset_unallocated(BlockCopyState *s,
742
199
-- 
743
200
2.25.1
744
201
745
diff --git a/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch b/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch
746
0
new file mode 100644
202
new file mode 100644
747
index 0000000..a84fdd7
748
--- /dev/null
749
+++ b/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch
750
@@ -0,0 +1,107 @@
751
1
From ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8 Mon Sep 17 00:00:00 2001
752
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
753
3
Date: Thu, 6 Feb 2020 19:42:45 +0300
754
4
Subject: [PATCH] block: fix crash on zero-length unaligned write and read
755
5
756
6
Commit 7a3f542fbd "block/io: refactor padding" occasionally dropped
757
7
aligning for zero-length request: bdrv_init_padding() blindly return
758
8
false if bytes == 0, like there is nothing to align.
759
9
760
10
This leads the following command to crash:
761
11
762
12
./qemu-io --image-opts -c 'write 1 0' \
763
13
  driver=blkdebug,align=512,image.driver=null-co,image.size=512
764
14
765
15
>> qemu-io: block/io.c:1955: bdrv_aligned_pwritev: Assertion
766
16
    `(offset & (align - 1)) == 0' failed.
767
17
>> Aborted (core dumped)
768
18
769
19
Prior to 7a3f542fbd we does aligning of such zero requests. Instead of
770
20
recovering this behavior let's just do nothing on such requests as it
771
21
is useless.
772
22
773
23
Note that driver may have special meaning of zero-length reqeusts, like
774
24
qcow2_co_pwritev_compressed_part, so we can't skip any zero-length
775
25
operation. But for unaligned ones, we can't pass it to driver anyway.
776
26
777
27
This commit also fixes crash in iotest 80 running with -nocache:
778
28
779
29
./check -nocache -qcow2 80
780
30
781
31
which crashes on same assertion due to trying to read empty extra data
782
32
in qcow2_do_read_snapshots().
783
33
784
34
Cc: qemu-stable@nongnu.org # v4.2
785
35
Fixes: 7a3f542fbd
786
36
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
787
37
Reviewed-by: Max Reitz <mreitz@redhat.com>
788
38
Message-id: 20200206164245.17781-1-vsementsov@virtuozzo.com
789
39
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
790
40
791
41
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8
792
42
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
793
43
Last-Update: 2020-03-18
794
44
795
45
---
796
46
 block/io.c | 28 +++++++++++++++++++++++++++-
797
47
 1 file changed, 27 insertions(+), 1 deletion(-)
798
48
799
49
diff --git a/block/io.c b/block/io.c
800
50
index 1eb2b2bddc..7e4cb74cf4 100644
801
51
--- a/block/io.c
802
52
+++ b/block/io.c
803
53
@@ -1565,10 +1565,12 @@ static bool bdrv_init_padding(BlockDriverState *bs,
804
54
         pad->tail = align - pad->tail;
805
55
     }
806
56
 
807
57
-    if ((!pad->head && !pad->tail) || !bytes) {
808
58
+    if (!pad->head && !pad->tail) {
809
59
         return false;
810
60
     }
811
61
 
812
62
+    assert(bytes); /* Nothing good in aligning zero-length requests */
813
63
+
814
64
     sum = pad->head + bytes + pad->tail;
815
65
     pad->buf_len = (sum > align && pad->head && pad->tail) ? 2 * align : align;
816
66
     pad->buf = qemu_blockalign(bs, pad->buf_len);
817
67
@@ -1706,6 +1708,18 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
818
68
         return ret;
819
69
     }
820
70
 
821
71
+    if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) {
822
72
+        /*
823
73
+         * Aligning zero request is nonsense. Even if driver has special meaning
824
74
+         * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass
825
75
+         * it to driver due to request_alignment.
826
76
+         *
827
77
+         * Still, no reason to return an error if someone do unaligned
828
78
+         * zero-length read occasionally.
829
79
+         */
830
80
+        return 0;
831
81
+    }
832
82
+
833
83
     bdrv_inc_in_flight(bs);
834
84
 
835
85
     /* Don't do copy-on-read if we read data before write operation */
836
86
@@ -2116,6 +2130,18 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
837
87
         return -ENOTSUP;
838
88
     }
839
89
 
840
90
+    if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) {
841
91
+        /*
842
92
+         * Aligning zero request is nonsense. Even if driver has special meaning
843
93
+         * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass
844
94
+         * it to driver due to request_alignment.
845
95
+         *
846
96
+         * Still, no reason to return an error if someone do unaligned
847
97
+         * zero-length write occasionally.
848
98
+         */
849
99
+        return 0;
850
100
+    }
851
101
+
852
102
     bdrv_inc_in_flight(bs);
853
103
     /*
854
104
      * Align write if necessary by performing a read-modify-write cycle.
855
105
-- 
856
106
2.25.1
857
107
858
diff --git a/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch b/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch
859
0
new file mode 100644
108
new file mode 100644
860
index 0000000..84335eb
861
--- /dev/null
862
+++ b/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch
863
@@ -0,0 +1,44 @@
864
1
From 4ab78b19189a81038e744728ed949d09aa477550 Mon Sep 17 00:00:00 2001
865
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
866
3
Date: Thu, 12 Mar 2020 11:19:49 +0300
867
4
Subject: [PATCH] block/io: fix bdrv_co_do_copy_on_readv
868
5
869
6
Prior to 1143ec5ebf4 it was OK to qemu_iovec_from_buf() from aligned-up
870
7
buffer to original qiov, as qemu_iovec_from_buf() will stop at qiov end
871
8
anyway.
872
9
873
10
But after 1143ec5ebf4 we assume that bdrv_co_do_copy_on_readv works on
874
11
part of original qiov, defined by qiov_offset and bytes. So we must not
875
12
touch qiov behind qiov_offset+bytes bound. Fix it.
876
13
877
14
Cc: qemu-stable@nongnu.org # v4.2
878
15
Fixes: 1143ec5ebf4
879
16
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
880
17
Reviewed-by: John Snow <jsnow@redhat.com>
881
18
Message-id: 20200312081949.5350-1-vsementsov@virtuozzo.com
882
19
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
883
20
884
21
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=4ab78b19189a81038e744728ed949d09aa477550
885
22
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
886
23
Last-Update: 2020-03-18
887
24
888
25
---
889
26
 block/io.c | 2 +-
890
27
 1 file changed, 1 insertion(+), 1 deletion(-)
891
28
892
29
diff --git a/block/io.c b/block/io.c
893
30
index 7e4cb74cf4..aba67f66b9 100644
894
31
--- a/block/io.c
895
32
+++ b/block/io.c
896
33
@@ -1399,7 +1399,7 @@ static int coroutine_fn bdrv_co_do_copy_on_readv(BdrvChild *child,
897
34
             if (!(flags & BDRV_REQ_PREFETCH)) {
898
35
                 qemu_iovec_from_buf(qiov, qiov_offset + progress,
899
36
                                     bounce_buffer + skip_bytes,
900
37
-                                    pnum - skip_bytes);
901
38
+                                    MIN(pnum - skip_bytes, bytes - progress));
902
39
             }
903
40
         } else if (!(flags & BDRV_REQ_PREFETCH)) {
904
41
             /* Read directly into the destination */
905
42
-- 
906
43
2.25.1
907
44
908
diff --git a/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch b/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch
909
0
new file mode 100644
45
new file mode 100644
910
index 0000000..dde008d
911
--- /dev/null
912
+++ b/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch
913
@@ -0,0 +1,76 @@
914
1
From 8198cf5ef0ef98118b4176970d1cd998d93ec849 Mon Sep 17 00:00:00 2001
915
2
From: Pan Nengyuan <pannengyuan@huawei.com>
916
3
Date: Thu, 5 Dec 2019 11:45:28 +0800
917
4
Subject: [PATCH] block/nbd: fix memory leak in nbd_open()
918
5
919
6
In currently implementation there will be a memory leak when
920
7
nbd_client_connect() returns error status. Here is an easy way to
921
8
reproduce:
922
9
923
10
1. run qemu-iotests as follow and check the result with asan:
924
11
    ./check -raw 143
925
12
926
13
Following is the asan output backtrack:
927
14
Direct leak of 40 byte(s) in 1 object(s) allocated from:
928
15
    #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
929
16
    #1 0x7f6295e7e015 in g_malloc0  (/usr/lib64/libglib-2.0.so.0+0x50015)
930
17
    #2 0x56281dab4642 in qobject_input_start_struct  /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
931
18
    #3 0x56281dab1a04 in visit_start_struct  /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
932
19
    #4 0x56281dad1827 in visit_type_SocketAddress  qapi/qapi-visit-sockets.c:386
933
20
    #5 0x56281da8062f in nbd_config   /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
934
21
    #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
935
22
    #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
936
23
937
24
Direct leak of 15 byte(s) in 1 object(s) allocated from:
938
25
    #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
939
26
    #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
940
27
    #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
941
28
    #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834
942
29
    #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
943
30
944
31
Indirect leak of 24 byte(s) in 1 object(s) allocated from:
945
32
    #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
946
33
    #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
947
34
    #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
948
35
    #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536
949
36
    #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297
950
37
    #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141
951
38
    #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366
952
39
    #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393
953
40
    #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
954
41
    #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
955
42
    #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
956
43
957
44
Fixes: 8f071c9db506e03ab
958
45
Reported-by: Euler Robot <euler.robot@huawei.com>
959
46
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
960
47
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
961
48
Cc: qemu-stable <qemu-stable@nongnu.org>
962
49
Cc: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
963
50
Message-Id: <1575517528-44312-3-git-send-email-pannengyuan@huawei.com>
964
51
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
965
52
Signed-off-by: Eric Blake <eblake@redhat.com>
966
53
967
54
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=8198cf5ef0ef98118b4176970d1cd998d93ec849
968
55
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
969
56
Last-Update: 2020-03-18
970
57
971
58
---
972
59
 block/nbd.c | 1 +
973
60
 1 file changed, 1 insertion(+)
974
61
975
62
diff --git a/block/nbd.c b/block/nbd.c
976
63
index ed0f93ab27..976be76647 100644
977
64
--- a/block/nbd.c
978
65
+++ b/block/nbd.c
979
66
@@ -1915,6 +1915,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags,
980
67
 
981
68
     ret = nbd_client_connect(bs, errp);
982
69
     if (ret < 0) {
983
70
+        nbd_clear_bdrvstate(s);
984
71
         return ret;
985
72
     }
986
73
     /* successfully connected */
987
74
-- 
988
75
2.25.1
989
76
990
diff --git a/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch b/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch
991
0
new file mode 100644
77
new file mode 100644
992
index 0000000..bf4169e
993
--- /dev/null
994
+++ b/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch
995
@@ -0,0 +1,79 @@
996
1
From e7266570f2cf7b3ca2a156c677ee0a59d563458b Mon Sep 17 00:00:00 2001
997
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
998
3
Date: Mon, 2 Mar 2020 18:09:30 +0300
999
4
Subject: [PATCH] block/qcow2-threads: fix qcow2_decompress
1000
5
MIME-Version: 1.0
1001
6
Content-Type: text/plain; charset=UTF-8
1002
7
Content-Transfer-Encoding: 8bit
1003
8
1004
9
On success path we return what inflate() returns instead of 0. And it
1005
10
most probably works for Z_STREAM_END as it is positive, but is
1006
11
definitely broken for Z_BUF_ERROR.
1007
12
1008
13
While being here, switch to errno return code, to be closer to
1009
14
qcow2_compress API (and usual expectations).
1010
15
1011
16
Revert condition in if to be more positive. Drop dead initialization of
1012
17
ret.
1013
18
1014
19
Cc: qemu-stable@nongnu.org # v4.0
1015
20
Fixes: 341926ab83e2b
1016
21
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1017
22
Message-Id: <20200302150930.16218-1-vsementsov@virtuozzo.com>
1018
23
Reviewed-by: Alberto Garcia <berto@igalia.com>
1019
24
Reviewed-by: Ján Tomko <jtomko@redhat.com>
1020
25
Signed-off-by: Max Reitz <mreitz@redhat.com>
1021
26
1022
27
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=e7266570f2cf7b3ca2a156c677ee0a59d563458b
1023
28
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1024
29
Last-Update: 2020-03-18
1025
30
1026
31
---
1027
32
 block/qcow2-threads.c | 12 +++++++-----
1028
33
 1 file changed, 7 insertions(+), 5 deletions(-)
1029
34
1030
35
diff --git a/block/qcow2-threads.c b/block/qcow2-threads.c
1031
36
index 77bb578cdf..a68126f291 100644
1032
37
--- a/block/qcow2-threads.c
1033
38
+++ b/block/qcow2-threads.c
1034
39
@@ -128,12 +128,12 @@ static ssize_t qcow2_compress(void *dest, size_t dest_size,
1035
40
  * @src - source buffer, @src_size bytes
1036
41
  *
1037
42
  * Returns: 0 on success
1038
43
- *          -1 on fail
1039
44
+ *          -EIO on fail
1040
45
  */
1041
46
 static ssize_t qcow2_decompress(void *dest, size_t dest_size,
1042
47
                                 const void *src, size_t src_size)
1043
48
 {
1044
49
-    int ret = 0;
1045
50
+    int ret;
1046
51
     z_stream strm;
1047
52
 
1048
53
     memset(&strm, 0, sizeof(strm));
1049
54
@@ -144,17 +144,19 @@ static ssize_t qcow2_decompress(void *dest, size_t dest_size,
1050
55
 
1051
56
     ret = inflateInit2(&strm, -12);
1052
57
     if (ret != Z_OK) {
1053
58
-        return -1;
1054
59
+        return -EIO;
1055
60
     }
1056
61
 
1057
62
     ret = inflate(&strm, Z_FINISH);
1058
63
-    if ((ret != Z_STREAM_END && ret != Z_BUF_ERROR) || strm.avail_out != 0) {
1059
64
+    if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) {
1060
65
         /*
1061
66
          * We approve Z_BUF_ERROR because we need @dest buffer to be filled, but
1062
67
          * @src buffer may be processed partly (because in qcow2 we know size of
1063
68
          * compressed data with precision of one sector)
1064
69
          */
1065
70
-        ret = -1;
1066
71
+        ret = 0;
1067
72
+    } else {
1068
73
+        ret = -EIO;
1069
74
     }
1070
75
 
1071
76
     inflateEnd(&strm);
1072
77
-- 
1073
78
2.25.1
1074
79
1075
diff --git a/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch b/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch
1076
0
new file mode 100644
80
new file mode 100644
1077
index 0000000..c6aa3a3
1078
--- /dev/null
1079
+++ b/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch
1080
@@ -0,0 +1,58 @@
1081
1
From a88c40f02ace88f09b2a85a64831b277b2ebc88c Mon Sep 17 00:00:00 2001
1082
2
From: Peter Wu <peter@lekensteyn.nl>
1083
3
Date: Sat, 21 Dec 2019 17:21:24 +0100
1084
4
Subject: [PATCH] hw/i386/pc: fix regression in parsing vga cmdline parameter
1085
5
1086
6
When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0
1087
7
would refuse to start with a rather cryptic message:
1088
8
1089
9
    $ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet'
1090
10
    qemu: can't parse 'vga' parameter: Invalid argument
1091
11
1092
12
It was not clear whether this applied to the '-vga std' parameter or the
1093
13
'-append' one. Fix the parsing regression and clarify the error.
1094
14
1095
15
Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()")
1096
16
Cc: Sergio Lopez <slp@redhat.com>
1097
17
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1098
18
Message-Id: <20191221162124.1159291-1-peter@lekensteyn.nl>
1099
19
Cc: qemu-stable@nongnu.org
1100
20
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1101
21
1102
22
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a88c40f02ace88f09b2a85a64831b277b2ebc88c
1103
23
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1104
24
Last-Update: 2020-03-18
1105
25
1106
26
---
1107
27
 hw/i386/x86.c | 8 ++++----
1108
28
 1 file changed, 4 insertions(+), 4 deletions(-)
1109
29
1110
30
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
1111
31
index d8bb5c2a96..9b9a4d5837 100644
1112
32
--- a/hw/i386/x86.c
1113
33
+++ b/hw/i386/x86.c
1114
34
@@ -612,6 +612,7 @@ void x86_load_linux(X86MachineState *x86ms,
1115
35
     vmode = strstr(kernel_cmdline, "vga=");
1116
36
     if (vmode) {
1117
37
         unsigned int video_mode;
1118
38
+        const char *end;
1119
39
         int ret;
1120
40
         /* skip "vga=" */
1121
41
         vmode += 4;
1122
42
@@ -622,10 +623,9 @@ void x86_load_linux(X86MachineState *x86ms,
1123
43
         } else if (!strncmp(vmode, "ask", 3)) {
1124
44
             video_mode = 0xfffd;
1125
45
         } else {
1126
46
-            ret = qemu_strtoui(vmode, NULL, 0, &video_mode);
1127
47
-            if (ret != 0) {
1128
48
-                fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n",
1129
49
-                        strerror(-ret));
1130
50
+            ret = qemu_strtoui(vmode, &end, 0, &video_mode);
1131
51
+            if (ret != 0 || (*end && *end != ' ')) {
1132
52
+                fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n");
1133
53
                 exit(1);
1134
54
             }
1135
55
         }
1136
56
-- 
1137
57
2.25.1
1138
58
1139
diff --git a/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch b/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch
1140
0
new file mode 100644
59
new file mode 100644
1141
index 0000000..4d13d20
1142
--- /dev/null
1143
+++ b/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch
1144
@@ -0,0 +1,44 @@
1145
1
From a2e1cd41ccfe796529abfd1b6aeb1dd4393762a2 Mon Sep 17 00:00:00 2001
1146
2
From: Liu Yi L <yi.l.liu@intel.com>
1147
3
Date: Fri, 3 Jan 2020 21:28:05 +0800
1148
4
Subject: [PATCH] intel_iommu: a fix to vtd_find_as_from_bus_num()
1149
5
1150
6
Ensure the return value of vtd_find_as_from_bus_num() is NULL by
1151
7
enforcing vtd_bus=NULL. This would help caller of vtd_find_as_from_bus_num()
1152
8
to decide if any further operation on the returned vtd_bus.
1153
9
1154
10
Cc: qemu-stable@nongnu.org
1155
11
Cc: Kevin Tian <kevin.tian@intel.com>
1156
12
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
1157
13
Cc: Peter Xu <peterx@redhat.com>
1158
14
Cc: Yi Sun <yi.y.sun@linux.intel.com>
1159
15
Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
1160
16
Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
1161
17
Message-Id: <1578058086-4288-2-git-send-email-yi.l.liu@intel.com>
1162
18
Reviewed-by: Peter Xu <peterx@redhat.com>
1163
19
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
1164
20
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
1165
21
1166
22
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a2e1cd41ccfe796529abfd1b6aeb1dd4393762a2
1167
23
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1168
24
Last-Update: 2020-03-18
1169
25
1170
26
---
1171
27
 hw/i386/intel_iommu.c | 1 +
1172
28
 1 file changed, 1 insertion(+)
1173
29
1174
30
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
1175
31
index ee06993675..609b80750a 100644
1176
32
--- a/hw/i386/intel_iommu.c
1177
33
+++ b/hw/i386/intel_iommu.c
1178
34
@@ -948,6 +948,7 @@ static VTDBus *vtd_find_as_from_bus_num(IntelIOMMUState *s, uint8_t bus_num)
1179
35
                 return vtd_bus;
1180
36
             }
1181
37
         }
1182
38
+        vtd_bus = NULL;
1183
39
     }
1184
40
     return vtd_bus;
1185
41
 }
1186
42
-- 
1187
43
2.25.1
1188
44
1189
diff --git a/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch b/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch
1190
0
new file mode 100644
45
new file mode 100644
1191
index 0000000..02548a2
1192
--- /dev/null
1193
+++ b/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch
1194
@@ -0,0 +1,202 @@
1195
1
From 56fc1e6ac6bde95bc0369d358587f2234d4dddad Mon Sep 17 00:00:00 2001
1196
2
From: Liu Yi L <yi.l.liu@intel.com>
1197
3
Date: Fri, 3 Jan 2020 21:28:06 +0800
1198
4
Subject: [PATCH] intel_iommu: add present bit check for pasid table entries
1199
5
1200
6
The present bit check for pasid entry (pe) and pasid directory
1201
7
entry (pdire) were missed in previous commits as fpd bit check
1202
8
doesn't require present bit as "Set". This patch adds the present
1203
9
bit check for callers which wants to get a valid pe/pdire.
1204
10
1205
11
Cc: qemu-stable@nongnu.org
1206
12
Cc: Kevin Tian <kevin.tian@intel.com>
1207
13
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
1208
14
Cc: Peter Xu <peterx@redhat.com>
1209
15
Cc: Yi Sun <yi.y.sun@linux.intel.com>
1210
16
Reviewed-by: Peter Xu <peterx@redhat.com>
1211
17
Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
1212
18
Message-Id: <1578058086-4288-3-git-send-email-yi.l.liu@intel.com>
1213
19
Reviewed-by: Peter Xu <peterx@redhat.com>
1214
20
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
1215
21
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
1216
22
1217
23
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=56fc1e6ac6bde95bc0369d358587f2234d4dddad
1218
24
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1219
25
Last-Update: 2020-03-18
1220
26
1221
27
---
1222
28
 hw/i386/intel_iommu.c          | 92 +++++++++++++++++++++++++++-------
1223
29
 hw/i386/intel_iommu_internal.h |  1 +
1224
30
 2 files changed, 74 insertions(+), 19 deletions(-)
1225
31
1226
32
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
1227
33
index 609b80750a..a523ef0e65 100644
1228
34
--- a/hw/i386/intel_iommu.c
1229
35
+++ b/hw/i386/intel_iommu.c
1230
36
@@ -686,9 +686,18 @@ static inline bool vtd_pe_type_check(X86IOMMUState *x86_iommu,
1231
37
     return true;
1232
38
 }
1233
39
 
1234
40
-static int vtd_get_pasid_dire(dma_addr_t pasid_dir_base,
1235
41
-                              uint32_t pasid,
1236
42
-                              VTDPASIDDirEntry *pdire)
1237
43
+static inline bool vtd_pdire_present(VTDPASIDDirEntry *pdire)
1238
44
+{
1239
45
+    return pdire->val & 1;
1240
46
+}
1241
47
+
1242
48
+/**
1243
49
+ * Caller of this function should check present bit if wants
1244
50
+ * to use pdir entry for futher usage except for fpd bit check.
1245
51
+ */
1246
52
+static int vtd_get_pdire_from_pdir_table(dma_addr_t pasid_dir_base,
1247
53
+                                         uint32_t pasid,
1248
54
+                                         VTDPASIDDirEntry *pdire)
1249
55
 {
1250
56
     uint32_t index;
1251
57
     dma_addr_t addr, entry_size;
1252
58
@@ -703,18 +712,22 @@ static int vtd_get_pasid_dire(dma_addr_t pasid_dir_base,
1253
59
     return 0;
1254
60
 }
1255
61
 
1256
62
-static int vtd_get_pasid_entry(IntelIOMMUState *s,
1257
63
-                               uint32_t pasid,
1258
64
-                               VTDPASIDDirEntry *pdire,
1259
65
-                               VTDPASIDEntry *pe)
1260
66
+static inline bool vtd_pe_present(VTDPASIDEntry *pe)
1261
67
+{
1262
68
+    return pe->val[0] & VTD_PASID_ENTRY_P;
1263
69
+}
1264
70
+
1265
71
+static int vtd_get_pe_in_pasid_leaf_table(IntelIOMMUState *s,
1266
72
+                                          uint32_t pasid,
1267
73
+                                          dma_addr_t addr,
1268
74
+                                          VTDPASIDEntry *pe)
1269
75
 {
1270
76
     uint32_t index;
1271
77
-    dma_addr_t addr, entry_size;
1272
78
+    dma_addr_t entry_size;
1273
79
     X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s);
1274
80
 
1275
81
     index = VTD_PASID_TABLE_INDEX(pasid);
1276
82
     entry_size = VTD_PASID_ENTRY_SIZE;
1277
83
-    addr = pdire->val & VTD_PASID_TABLE_BASE_ADDR_MASK;
1278
84
     addr = addr + index * entry_size;
1279
85
     if (dma_memory_read(&address_space_memory, addr, pe, entry_size)) {
1280
86
         return -VTD_FR_PASID_TABLE_INV;
1281
87
@@ -732,25 +745,54 @@ static int vtd_get_pasid_entry(IntelIOMMUState *s,
1282
88
     return 0;
1283
89
 }
1284
90
 
1285
91
-static int vtd_get_pasid_entry_from_pasid(IntelIOMMUState *s,
1286
92
-                                          dma_addr_t pasid_dir_base,
1287
93
-                                          uint32_t pasid,
1288
94
-                                          VTDPASIDEntry *pe)
1289
95
+/**
1290
96
+ * Caller of this function should check present bit if wants
1291
97
+ * to use pasid entry for futher usage except for fpd bit check.
1292
98
+ */
1293
99
+static int vtd_get_pe_from_pdire(IntelIOMMUState *s,
1294
100
+                                 uint32_t pasid,
1295
101
+                                 VTDPASIDDirEntry *pdire,
1296
102
+                                 VTDPASIDEntry *pe)
1297
103
+{
1298
104
+    dma_addr_t addr = pdire->val & VTD_PASID_TABLE_BASE_ADDR_MASK;
1299
105
+
1300
106
+    return vtd_get_pe_in_pasid_leaf_table(s, pasid, addr, pe);
1301
107
+}
1302
108
+
1303
109
+/**
1304
110
+ * This function gets a pasid entry from a specified pasid
1305
111
+ * table (includes dir and leaf table) with a specified pasid.
1306
112
+ * Sanity check should be done to ensure return a present
1307
113
+ * pasid entry to caller.
1308
114
+ */
1309
115
+static int vtd_get_pe_from_pasid_table(IntelIOMMUState *s,
1310
116
+                                       dma_addr_t pasid_dir_base,
1311
117
+                                       uint32_t pasid,
1312
118
+                                       VTDPASIDEntry *pe)
1313
119
 {
1314
120
     int ret;
1315
121
     VTDPASIDDirEntry pdire;
1316
122
 
1317
123
-    ret = vtd_get_pasid_dire(pasid_dir_base, pasid, &pdire);
1318
124
+    ret = vtd_get_pdire_from_pdir_table(pasid_dir_base,
1319
125
+                                        pasid, &pdire);
1320
126
     if (ret) {
1321
127
         return ret;
1322
128
     }
1323
129
 
1324
130
-    ret = vtd_get_pasid_entry(s, pasid, &pdire, pe);
1325
131
+    if (!vtd_pdire_present(&pdire)) {
1326
132
+        return -VTD_FR_PASID_TABLE_INV;
1327
133
+    }
1328
134
+
1329
135
+    ret = vtd_get_pe_from_pdire(s, pasid, &pdire, pe);
1330
136
     if (ret) {
1331
137
         return ret;
1332
138
     }
1333
139
 
1334
140
-    return ret;
1335
141
+    if (!vtd_pe_present(pe)) {
1336
142
+        return -VTD_FR_PASID_TABLE_INV;
1337
143
+    }
1338
144
+
1339
145
+    return 0;
1340
146
 }
1341
147
 
1342
148
 static int vtd_ce_get_rid2pasid_entry(IntelIOMMUState *s,
1343
149
@@ -763,7 +805,7 @@ static int vtd_ce_get_rid2pasid_entry(IntelIOMMUState *s,
1344
150
 
1345
151
     pasid = VTD_CE_GET_RID2PASID(ce);
1346
152
     pasid_dir_base = VTD_CE_GET_PASID_DIR_TABLE(ce);
1347
153
-    ret = vtd_get_pasid_entry_from_pasid(s, pasid_dir_base, pasid, pe);
1348
154
+    ret = vtd_get_pe_from_pasid_table(s, pasid_dir_base, pasid, pe);
1349
155
 
1350
156
     return ret;
1351
157
 }
1352
158
@@ -781,7 +823,11 @@ static int vtd_ce_get_pasid_fpd(IntelIOMMUState *s,
1353
159
     pasid = VTD_CE_GET_RID2PASID(ce);
1354
160
     pasid_dir_base = VTD_CE_GET_PASID_DIR_TABLE(ce);
1355
161
 
1356
162
-    ret = vtd_get_pasid_dire(pasid_dir_base, pasid, &pdire);
1357
163
+    /*
1358
164
+     * No present bit check since fpd is meaningful even
1359
165
+     * if the present bit is clear.
1360
166
+     */
1361
167
+    ret = vtd_get_pdire_from_pdir_table(pasid_dir_base, pasid, &pdire);
1362
168
     if (ret) {
1363
169
         return ret;
1364
170
     }
1365
171
@@ -791,7 +837,15 @@ static int vtd_ce_get_pasid_fpd(IntelIOMMUState *s,
1366
172
         return 0;
1367
173
     }
1368
174
 
1369
175
-    ret = vtd_get_pasid_entry(s, pasid, &pdire, &pe);
1370
176
+    if (!vtd_pdire_present(&pdire)) {
1371
177
+        return -VTD_FR_PASID_TABLE_INV;
1372
178
+    }
1373
179
+
1374
180
+    /*
1375
181
+     * No present bit check since fpd is meaningful even
1376
182
+     * if the present bit is clear.
1377
183
+     */
1378
184
+    ret = vtd_get_pe_from_pdire(s, pasid, &pdire, &pe);
1379
185
     if (ret) {
1380
186
         return ret;
1381
187
     }
1382
188
diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h
1383
189
index edcf9fc9bb..862033ebe6 100644
1384
190
--- a/hw/i386/intel_iommu_internal.h
1385
191
+++ b/hw/i386/intel_iommu_internal.h
1386
192
@@ -479,6 +479,7 @@ typedef struct VTDRootEntry VTDRootEntry;
1387
193
 #define VTD_PASID_ENTRY_FPD           (1ULL << 1) /* Fault Processing Disable */
1388
194
 
1389
195
 /* PASID Granular Translation Type Mask */
1390
196
+#define VTD_PASID_ENTRY_P              1ULL
1391
197
 #define VTD_SM_PASID_ENTRY_PGTT        (7ULL << 6)
1392
198
 #define VTD_SM_PASID_ENTRY_FLT         (1ULL << 6)
1393
199
 #define VTD_SM_PASID_ENTRY_SLT         (2ULL << 6)
1394
200
-- 
1395
201
2.25.1
1396
202
1397
diff --git a/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch b/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch
1398
0
new file mode 100644
203
new file mode 100644
1399
index 0000000..790c5d4
1400
--- /dev/null
1401
+++ b/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch
1402
@@ -0,0 +1,138 @@
1403
1
From a541fcc27c98b96da187c7d4573f3270f3ddd283 Mon Sep 17 00:00:00 2001
1404
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1405
3
Date: Tue, 21 Jan 2020 17:28:02 +0300
1406
4
Subject: [PATCH] iotests: add test for backup-top failure on permission
1407
5
 activation
1408
6
1409
7
This test checks that bug is really fixed by previous commit.
1410
8
1411
9
Cc: qemu-stable@nongnu.org # v4.2.0
1412
10
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1413
11
Message-id: 20200121142802.21467-3-vsementsov@virtuozzo.com
1414
12
Signed-off-by: Max Reitz <mreitz@redhat.com>
1415
13
1416
14
Origin: backport, https://git.qemu.org/?p=qemu.git;a=commit;h=a541fcc27c98b96da187c7d4573f3270f3ddd283
1417
15
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1418
16
Last-Update: 2020-03-18
1419
17
1420
18
---
1421
19
 tests/qemu-iotests/283     | 92 ++++++++++++++++++++++++++++++++++++++
1422
20
 tests/qemu-iotests/283.out |  8 ++++
1423
21
 tests/qemu-iotests/group   |  1 +
1424
22
 3 files changed, 101 insertions(+)
1425
23
 create mode 100644 tests/qemu-iotests/283
1426
24
 create mode 100644 tests/qemu-iotests/283.out
1427
25
1428
26
--- /dev/null
1429
27
+++ b/tests/qemu-iotests/283
1430
28
@@ -0,0 +1,92 @@
1431
29
+#!/usr/bin/env python
1432
30
+#
1433
31
+# Test for backup-top filter permission activation failure
1434
32
+#
1435
33
+# Copyright (c) 2019 Virtuozzo International GmbH.
1436
34
+#
1437
35
+# This program is free software; you can redistribute it and/or modify
1438
36
+# it under the terms of the GNU General Public License as published by
1439
37
+# the Free Software Foundation; either version 2 of the License, or
1440
38
+# (at your option) any later version.
1441
39
+#
1442
40
+# This program is distributed in the hope that it will be useful,
1443
41
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
1444
42
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
1445
43
+# GNU General Public License for more details.
1446
44
+#
1447
45
+# You should have received a copy of the GNU General Public License
1448
46
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
1449
47
+#
1450
48
+
1451
49
+import iotests
1452
50
+
1453
51
+# The test is unrelated to formats, restrict it to qcow2 to avoid extra runs
1454
52
+iotests.verify_image_format(supported_fmts=['qcow2'])
1455
53
+
1456
54
+size = 1024 * 1024
1457
55
+
1458
56
+""" Test description
1459
57
+
1460
58
+When performing a backup, all writes on the source subtree must go through the
1461
59
+backup-top filter so it can copy all data to the target before it is changed.
1462
60
+backup-top filter is appended above source node, to achieve this thing, so all
1463
61
+parents of source node are handled. A configuration with side parents of source
1464
62
+sub-tree with write permission is unsupported (we'd have append several
1465
63
+backup-top filter like nodes to handle such parents). The test create an
1466
64
+example of such configuration and checks that a backup is then not allowed
1467
65
+(blockdev-backup command should fail).
1468
66
+
1469
67
+The configuration:
1470
68
+
1471
69
+    ┌────────┐  target  ┌─────────────┐
1472
70
+    │ target │ ◀─────── │ backup_top  │
1473
71
+    └────────┘          └─────────────┘
1474
72
+                            │
1475
73
+                            │ backing
1476
74
+                            ▼
1477
75
+                        ┌─────────────┐
1478
76
+                        │   source    │
1479
77
+                        └─────────────┘
1480
78
+                            │
1481
79
+                            │ file
1482
80
+                            ▼
1483
81
+                        ┌─────────────┐  write perm   ┌───────┐
1484
82
+                        │    base     │ ◀──────────── │ other │
1485
83
+                        └─────────────┘               └───────┘
1486
84
+
1487
85
+On activation (see .active field of backup-top state in block/backup-top.c),
1488
86
+backup-top is going to unshare write permission on its source child. Write
1489
87
+unsharing will be propagated to the "source->base" link and will conflict with
1490
88
+other node write permission. So permission update will fail and backup job will
1491
89
+not be started.
1492
90
+
1493
91
+Note, that the only thing which prevents backup of running on such
1494
92
+configuration is default permission propagation scheme. It may be altered by
1495
93
+different block drivers, so backup will run in invalid configuration. But
1496
94
+something is better than nothing. Also, before the previous commit (commit
1497
95
+preceding this test creation), starting backup on such configuration led to
1498
96
+crash, so current "something" is a lot better, and this test actual goal is
1499
97
+to check that crash is fixed :)
1500
98
+"""
1501
99
+
1502
100
+vm = iotests.VM()
1503
101
+vm.launch()
1504
102
+
1505
103
+vm.qmp_log('blockdev-add', **{'node-name': 'target', 'driver': 'null-co'})
1506
104
+
1507
105
+vm.qmp_log('blockdev-add', **{
1508
106
+    'node-name': 'source',
1509
107
+    'driver': 'blkdebug',
1510
108
+    'image': {'node-name': 'base', 'driver': 'null-co', 'size': size}
1511
109
+})
1512
110
+
1513
111
+vm.qmp_log('blockdev-add', **{
1514
112
+    'node-name': 'other',
1515
113
+    'driver': 'blkdebug',
1516
114
+    'image': 'base',
1517
115
+    'take-child-perms': ['write']
1518
116
+})
1519
117
+
1520
118
+vm.qmp_log('blockdev-backup', sync='full', device='source', target='target')
1521
119
+
1522
120
+vm.shutdown()
1523
121
--- /dev/null
1524
122
+++ b/tests/qemu-iotests/283.out
1525
123
@@ -0,0 +1,8 @@
1526
124
+{"execute": "blockdev-add", "arguments": {"driver": "null-co", "node-name": "target"}}
1527
125
+{"return": {}}
1528
126
+{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": {"driver": "null-co", "node-name": "base", "size": 1048576}, "node-name": "source"}}
1529
127
+{"return": {}}
1530
128
+{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": "base", "node-name": "other", "take-child-perms": ["write"]}}
1531
129
+{"return": {}}
1532
130
+{"execute": "blockdev-backup", "arguments": {"device": "source", "sync": "full", "target": "target"}}
1533
131
+{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by other as 'image', which uses 'write' on base"}}
1534
132
--- a/tests/qemu-iotests/group
1535
133
+++ b/tests/qemu-iotests/group
1536
134
@@ -286,3 +286,4 @@
1537
135
 272 rw
1538
136
 273 backing quick
1539
137
 277 rw quick
1540
138
+283 auto quick
1541
diff --git a/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch b/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch
1542
0
new file mode 100644
139
new file mode 100644
1543
index 0000000..a31cf9f
1544
--- /dev/null
1545
+++ b/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch
1546
@@ -0,0 +1,230 @@
1547
1
From 01fe1ca945345d3dc420d70c69488143dc0451b1 Mon Sep 17 00:00:00 2001
1548
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1549
3
Date: Wed, 11 Mar 2020 13:29:56 +0300
1550
4
Subject: [PATCH] job: refactor progress to separate object
1551
5
1552
6
We need it in separate to pass to the block-copy object in the next
1553
7
commit.
1554
8
1555
9
Cc: qemu-stable@nongnu.org
1556
10
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1557
11
Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
1558
12
Reviewed-by: Max Reitz <mreitz@redhat.com>
1559
13
Message-Id: <20200311103004.7649-2-vsementsov@virtuozzo.com>
1560
14
Signed-off-by: Max Reitz <mreitz@redhat.com>
1561
15
1562
16
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=01fe1ca945345d3dc420d70c69488143dc0451b1
1563
17
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1564
18
Last-Update: 2020-03-18
1565
19
1566
20
---
1567
21
 blockjob.c                    | 16 +++++-----
1568
22
 include/qemu/job.h            | 11 ++-----
1569
23
 include/qemu/progress_meter.h | 58 +++++++++++++++++++++++++++++++++++
1570
24
 job-qmp.c                     |  4 +--
1571
25
 job.c                         |  6 ++--
1572
26
 qemu-img.c                    |  6 ++--
1573
27
 6 files changed, 76 insertions(+), 25 deletions(-)
1574
28
 create mode 100644 include/qemu/progress_meter.h
1575
29
1576
30
diff --git a/blockjob.c b/blockjob.c
1577
31
index 5d63b1e89d..fc850312c1 100644
1578
32
--- a/blockjob.c
1579
33
+++ b/blockjob.c
1580
34
@@ -299,8 +299,8 @@ BlockJobInfo *block_job_query(BlockJob *job, Error **errp)
1581
35
     info->device    = g_strdup(job->job.id);
1582
36
     info->busy      = atomic_read(&job->job.busy);
1583
37
     info->paused    = job->job.pause_count > 0;
1584
38
-    info->offset    = job->job.progress_current;
1585
39
-    info->len       = job->job.progress_total;
1586
40
+    info->offset    = job->job.progress.current;
1587
41
+    info->len       = job->job.progress.total;
1588
42
     info->speed     = job->speed;
1589
43
     info->io_status = job->iostatus;
1590
44
     info->ready     = job_is_ready(&job->job),
1591
45
@@ -330,8 +330,8 @@ static void block_job_event_cancelled(Notifier *n, void *opaque)
1592
46
 
1593
47
     qapi_event_send_block_job_cancelled(job_type(&job->job),
1594
48
                                         job->job.id,
1595
49
-                                        job->job.progress_total,
1596
50
-                                        job->job.progress_current,
1597
51
+                                        job->job.progress.total,
1598
52
+                                        job->job.progress.current,
1599
53
                                         job->speed);
1600
54
 }
1601
55
 
1602
56
@@ -350,8 +350,8 @@ static void block_job_event_completed(Notifier *n, void *opaque)
1603
57
 
1604
58
     qapi_event_send_block_job_completed(job_type(&job->job),
1605
59
                                         job->job.id,
1606
60
-                                        job->job.progress_total,
1607
61
-                                        job->job.progress_current,
1608
62
+                                        job->job.progress.total,
1609
63
+                                        job->job.progress.current,
1610
64
                                         job->speed,
1611
65
                                         !!msg,
1612
66
                                         msg);
1613
67
@@ -379,8 +379,8 @@ static void block_job_event_ready(Notifier *n, void *opaque)
1614
68
 
1615
69
     qapi_event_send_block_job_ready(job_type(&job->job),
1616
70
                                     job->job.id,
1617
71
-                                    job->job.progress_total,
1618
72
-                                    job->job.progress_current,
1619
73
+                                    job->job.progress.total,
1620
74
+                                    job->job.progress.current,
1621
75
                                     job->speed);
1622
76
 }
1623
77
 
1624
78
diff --git a/include/qemu/job.h b/include/qemu/job.h
1625
79
index bd59cd8944..32aabb1c60 100644
1626
80
--- a/include/qemu/job.h
1627
81
+++ b/include/qemu/job.h
1628
82
@@ -28,6 +28,7 @@
1629
83
 
1630
84
 #include "qapi/qapi-types-job.h"
1631
85
 #include "qemu/queue.h"
1632
86
+#include "qemu/progress_meter.h"
1633
87
 #include "qemu/coroutine.h"
1634
88
 #include "block/aio.h"
1635
89
 
1636
90
@@ -117,15 +118,7 @@ typedef struct Job {
1637
91
     /** True if this job should automatically dismiss itself */
1638
92
     bool auto_dismiss;
1639
93
 
1640
94
-    /**
1641
95
-     * Current progress. The unit is arbitrary as long as the ratio between
1642
96
-     * progress_current and progress_total represents the estimated percentage
1643
97
-     * of work already done.
1644
98
-     */
1645
99
-    int64_t progress_current;
1646
100
-
1647
101
-    /** Estimated progress_current value at the completion of the job */
1648
102
-    int64_t progress_total;
1649
103
+    ProgressMeter progress;
1650
104
 
1651
105
     /**
1652
106
      * Return code from @run and/or @prepare callback(s).
1653
107
diff --git a/include/qemu/progress_meter.h b/include/qemu/progress_meter.h
1654
108
new file mode 100644
1655
109
index 0000000000..9a23ff071c
1656
110
--- /dev/null
1657
111
+++ b/include/qemu/progress_meter.h
1658
112
@@ -0,0 +1,58 @@
1659
113
+/*
1660
114
+ * Helper functionality for some process progress tracking.
1661
115
+ *
1662
116
+ * Copyright (c) 2011 IBM Corp.
1663
117
+ * Copyright (c) 2012, 2018 Red Hat, Inc.
1664
118
+ * Copyright (c) 2020 Virtuozzo International GmbH
1665
119
+ *
1666
120
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
1667
121
+ * of this software and associated documentation files (the "Software"), to deal
1668
122
+ * in the Software without restriction, including without limitation the rights
1669
123
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
1670
124
+ * copies of the Software, and to permit persons to whom the Software is
1671
125
+ * furnished to do so, subject to the following conditions:
1672
126
+ *
1673
127
+ * The above copyright notice and this permission notice shall be included in
1674
128
+ * all copies or substantial portions of the Software.
1675
129
+ *
1676
130
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
1677
131
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1678
132
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
1679
133
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
1680
134
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
1681
135
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
1682
136
+ * THE SOFTWARE.
1683
137
+ */
1684
138
+
1685
139
+#ifndef QEMU_PROGRESS_METER_H
1686
140
+#define QEMU_PROGRESS_METER_H
1687
141
+
1688
142
+typedef struct ProgressMeter {
1689
143
+    /**
1690
144
+     * Current progress. The unit is arbitrary as long as the ratio between
1691
145
+     * current and total represents the estimated percentage
1692
146
+     * of work already done.
1693
147
+     */
1694
148
+    uint64_t current;
1695
149
+
1696
150
+    /** Estimated current value at the completion of the process */
1697
151
+    uint64_t total;
1698
152
+} ProgressMeter;
1699
153
+
1700
154
+static inline void progress_work_done(ProgressMeter *pm, uint64_t done)
1701
155
+{
1702
156
+    pm->current += done;
1703
157
+}
1704
158
+
1705
159
+static inline void progress_set_remaining(ProgressMeter *pm, uint64_t remaining)
1706
160
+{
1707
161
+    pm->total = pm->current + remaining;
1708
162
+}
1709
163
+
1710
164
+static inline void progress_increase_remaining(ProgressMeter *pm,
1711
165
+                                               uint64_t delta)
1712
166
+{
1713
167
+    pm->total += delta;
1714
168
+}
1715
169
+
1716
170
+#endif /* QEMU_PROGRESS_METER_H */
1717
171
diff --git a/job-qmp.c b/job-qmp.c
1718
172
index fbfed25a00..fecc939ebd 100644
1719
173
--- a/job-qmp.c
1720
174
+++ b/job-qmp.c
1721
175
@@ -143,8 +143,8 @@ static JobInfo *job_query_single(Job *job, Error **errp)
1722
176
         .id                 = g_strdup(job->id),
1723
177
         .type               = job_type(job),
1724
178
         .status             = job->status,
1725
179
-        .current_progress   = job->progress_current,
1726
180
-        .total_progress     = job->progress_total,
1727
181
+        .current_progress   = job->progress.current,
1728
182
+        .total_progress     = job->progress.total,
1729
183
         .has_error          = !!job->err,
1730
184
         .error              = job->err ? \
1731
185
                               g_strdup(error_get_pretty(job->err)) : NULL,
1732
186
diff --git a/job.c b/job.c
1733
187
index 04409b40aa..134a07b92e 100644
1734
188
--- a/job.c
1735
189
+++ b/job.c
1736
190
@@ -369,17 +369,17 @@ void job_unref(Job *job)
1737
191
 
1738
192
 void job_progress_update(Job *job, uint64_t done)
1739
193
 {
1740
194
-    job->progress_current += done;
1741
195
+    progress_work_done(&job->progress, done);
1742
196
 }
1743
197
 
1744
198
 void job_progress_set_remaining(Job *job, uint64_t remaining)
1745
199
 {
1746
200
-    job->progress_total = job->progress_current + remaining;
1747
201
+    progress_set_remaining(&job->progress, remaining);
1748
202
 }
1749
203
 
1750
204
 void job_progress_increase_remaining(Job *job, uint64_t delta)
1751
205
 {
1752
206
-    job->progress_total += delta;
1753
207
+    progress_increase_remaining(&job->progress, delta);
1754
208
 }
1755
209
 
1756
210
 void job_event_cancelled(Job *job)
1757
211
diff --git a/qemu-img.c b/qemu-img.c
1758
212
index 7b7087dd60..afddf33f08 100644
1759
213
--- a/qemu-img.c
1760
214
+++ b/qemu-img.c
1761
215
@@ -884,9 +884,9 @@ static void run_block_job(BlockJob *job, Error **errp)
1762
216
     do {
1763
217
         float progress = 0.0f;
1764
218
         aio_poll(aio_context, true);
1765
219
-        if (job->job.progress_total) {
1766
220
-            progress = (float)job->job.progress_current /
1767
221
-                       job->job.progress_total * 100.f;
1768
222
+        if (job->job.progress.total) {
1769
223
+            progress = (float)job->job.progress.current /
1770
224
+                       job->job.progress.total * 100.f;
1771
225
         }
1772
226
         qemu_progress_print(progress, 0);
1773
227
     } while (!job_is_ready(&job->job) && !job_is_completed(&job->job));
1774
228
-- 
1775
229
2.25.1
1776
230
1777
diff --git a/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch b/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch
1778
0
new file mode 100644
231
new file mode 100644
1779
index 0000000..5047c62
1780
--- /dev/null
1781
+++ b/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch
1782
@@ -0,0 +1,41 @@
1783
1
From dcc474c69e6a59044b9bb54624bd636cbfd98aa9 Mon Sep 17 00:00:00 2001
1784
2
From: "Emilio G. Cota" <cota@braap.org>
1785
3
Date: Tue, 25 Feb 2020 12:47:02 +0000
1786
4
Subject: [PATCH] plugins/core: add missing break in cb_to_tcg_flags
1787
5
MIME-Version: 1.0
1788
6
Content-Type: text/plain; charset=UTF-8
1789
7
Content-Transfer-Encoding: 8bit
1790
8
1791
9
Fixes: 54cb65d8588
1792
10
Reported-by: Robert Henry <robhenry@microsoft.com>
1793
11
Signed-off-by: Emilio G. Cota <cota@braap.org>
1794
12
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
1795
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
1796
14
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
1797
15
Message-Id: <20200105072940.32204-1-cota@braap.org>
1798
16
Cc: qemu-stable@nongnu.org
1799
17
Message-Id: <20200225124710.14152-12-alex.bennee@linaro.org>
1800
18
1801
19
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=dcc474c69e6a59044b9bb54624bd636cbfd98aa9
1802
20
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1803
21
Last-Update: 2020-03-18
1804
22
1805
23
---
1806
24
 plugins/core.c | 1 +
1807
25
 1 file changed, 1 insertion(+)
1808
26
1809
27
diff --git a/plugins/core.c b/plugins/core.c
1810
28
index 9e1b9e7a91..ed863011ba 100644
1811
29
--- a/plugins/core.c
1812
30
+++ b/plugins/core.c
1813
31
@@ -286,6 +286,7 @@ static inline uint32_t cb_to_tcg_flags(enum qemu_plugin_cb_flags flags)
1814
32
     switch (flags) {
1815
33
     case QEMU_PLUGIN_CB_RW_REGS:
1816
34
         ret = 0;
1817
35
+        break;
1818
36
     case QEMU_PLUGIN_CB_R_REGS:
1819
37
         ret = TCG_CALL_NO_WG;
1820
38
         break;
1821
39
-- 
1822
40
2.25.1
1823
41
1824
diff --git a/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch b/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch
1825
0
new file mode 100644
42
new file mode 100644
1826
index 0000000..ed7560a
1827
--- /dev/null
1828
+++ b/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch
1829
@@ -0,0 +1,39 @@
1830
1
From 3ede935fdbbd5f7b24b4724bbfb8938acb5956d8 Mon Sep 17 00:00:00 2001
1831
2
From: Max Reitz <mreitz@redhat.com>
1832
3
Date: Tue, 25 Feb 2020 15:31:28 +0100
1833
4
Subject: [PATCH] qcow2: Fix alloc_cluster_abort() for pre-existing clusters
1834
5
1835
6
handle_alloc() reuses preallocated zero clusters.  If anything goes
1836
7
wrong during the data write, we do not change their L2 entry, so we
1837
8
must not let qcow2_alloc_cluster_abort() free them.
1838
9
1839
10
Fixes: 8b24cd141549b5b264baeddd4e72902cfb5de23b
1840
11
Cc: qemu-stable@nongnu.org
1841
12
Signed-off-by: Max Reitz <mreitz@redhat.com>
1842
13
Message-Id: <20200225143130.111267-2-mreitz@redhat.com>
1843
14
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
1844
15
1845
16
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=3ede935fdbbd5f7b24b4724bbfb8938acb5956d8
1846
17
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1847
18
Last-Update: 2020-03-18
1848
19
1849
20
---
1850
21
 block/qcow2-cluster.c | 2 +-
1851
22
 1 file changed, 1 insertion(+), 1 deletion(-)
1852
23
1853
24
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
1854
25
index 78c95dfa16..17f1363279 100644
1855
26
--- a/block/qcow2-cluster.c
1856
27
+++ b/block/qcow2-cluster.c
1857
28
@@ -1026,7 +1026,7 @@ err:
1858
29
 void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m)
1859
30
 {
1860
31
     BDRVQcow2State *s = bs->opaque;
1861
32
-    if (!has_data_file(bs)) {
1862
33
+    if (!has_data_file(bs) && !m->keep_old_clusters) {
1863
34
         qcow2_free_clusters(bs, m->alloc_offset,
1864
35
                             m->nb_clusters << s->cluster_bits,
1865
36
                             QCOW2_DISCARD_NEVER);
1866
37
-- 
1867
38
2.25.1
1868
39
1869
diff --git a/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch b/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch
1870
0
new file mode 100644
40
new file mode 100644
1871
index 0000000..b7acd5b
1872
--- /dev/null
1873
+++ b/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch
1874
@@ -0,0 +1,44 @@
1875
1
From c3b6658c1a5a3fb24d6c27b2594cf86146f75b22 Mon Sep 17 00:00:00 2001
1876
2
From: Kevin Wolf <kwolf@redhat.com>
1877
3
Date: Tue, 11 Feb 2020 10:48:59 +0100
1878
4
Subject: [PATCH] qcow2: Fix qcow2_alloc_cluster_abort() for external data file
1879
5
1880
6
For external data file, cluster allocations return an offset in the data
1881
7
file and are not refcounted. In this case, there is nothing to do for
1882
8
qcow2_alloc_cluster_abort(). Freeing the same offset in the qcow2 file
1883
9
is wrong and causes crashes in the better case or image corruption in
1884
10
the worse case.
1885
11
1886
12
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
1887
13
Message-Id: <20200211094900.17315-3-kwolf@redhat.com>
1888
14
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
1889
15
1890
16
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c3b6658c1a5a3fb24d6c27b2594cf86146f75b22
1891
17
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1892
18
Last-Update: 2020-03-18
1893
19
1894
20
---
1895
21
 block/qcow2-cluster.c | 7 +++++--
1896
22
 1 file changed, 5 insertions(+), 2 deletions(-)
1897
23
1898
24
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
1899
25
index 1947f13a2d..78c95dfa16 100644
1900
26
--- a/block/qcow2-cluster.c
1901
27
+++ b/block/qcow2-cluster.c
1902
28
@@ -1026,8 +1026,11 @@ err:
1903
29
 void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m)
1904
30
 {
1905
31
     BDRVQcow2State *s = bs->opaque;
1906
32
-    qcow2_free_clusters(bs, m->alloc_offset, m->nb_clusters << s->cluster_bits,
1907
33
-                        QCOW2_DISCARD_NEVER);
1908
34
+    if (!has_data_file(bs)) {
1909
35
+        qcow2_free_clusters(bs, m->alloc_offset,
1910
36
+                            m->nb_clusters << s->cluster_bits,
1911
37
+                            QCOW2_DISCARD_NEVER);
1912
38
+    }
1913
39
 }
1914
40
 
1915
41
 /*
1916
42
-- 
1917
43
2.25.1
1918
44
1919
diff --git a/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch b/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch
1920
0
new file mode 100644
45
new file mode 100644
1921
index 0000000..b1b1869
1922
--- /dev/null
1923
+++ b/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch
1924
@@ -0,0 +1,102 @@
1925
1
From a1db8733d28d615bc0daeada6c406a6dd5c5d5ef Mon Sep 17 00:00:00 2001
1926
2
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1927
3
Date: Mon, 14 Oct 2019 14:51:25 +0300
1928
4
Subject: [PATCH] qcow2-bitmaps: fix qcow2_can_store_new_dirty_bitmap
1929
5
1930
6
qcow2_can_store_new_dirty_bitmap works wrong, as it considers only
1931
7
bitmaps already stored in the qcow2 image and ignores persistent
1932
8
BdrvDirtyBitmap objects.
1933
9
1934
10
So, let's instead count persistent BdrvDirtyBitmaps. We load all qcow2
1935
11
bitmaps on open, so there should not be any bitmap in the image for
1936
12
which we don't have BdrvDirtyBitmaps version. If it is - it's a kind of
1937
13
corruption, and no reason to check for corruptions here (open() and
1938
14
close() are better places for it).
1939
15
1940
16
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
1941
17
Message-id: 20191014115126.15360-2-vsementsov@virtuozzo.com
1942
18
Reviewed-by: Max Reitz <mreitz@redhat.com>
1943
19
Cc: qemu-stable@nongnu.org
1944
20
Signed-off-by: Max Reitz <mreitz@redhat.com>
1945
21
1946
22
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a1db8733d28d615bc0daeada6c406a6dd5c5d5ef
1947
23
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
1948
24
Last-Update: 2020-03-18
1949
25
1950
26
---
1951
27
 block/qcow2-bitmap.c | 41 ++++++++++++++++++-----------------------
1952
28
 1 file changed, 18 insertions(+), 23 deletions(-)
1953
29
1954
30
diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
1955
31
index c6c8ebbe89..d41f5d049b 100644
1956
32
--- a/block/qcow2-bitmap.c
1957
33
+++ b/block/qcow2-bitmap.c
1958
34
@@ -1703,8 +1703,14 @@ bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs,
1959
35
                                                       Error **errp)
1960
36
 {
1961
37
     BDRVQcow2State *s = bs->opaque;
1962
38
-    bool found;
1963
39
-    Qcow2BitmapList *bm_list;
1964
40
+    BdrvDirtyBitmap *bitmap;
1965
41
+    uint64_t bitmap_directory_size = 0;
1966
42
+    uint32_t nb_bitmaps = 0;
1967
43
+
1968
44
+    if (bdrv_find_dirty_bitmap(bs, name)) {
1969
45
+        error_setg(errp, "Bitmap already exists: %s", name);
1970
46
+        return false;
1971
47
+    }
1972
48
 
1973
49
     if (s->qcow_version < 3) {
1974
50
         /* Without autoclear_features, we would always have to assume
1975
51
@@ -1720,38 +1726,27 @@ bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs,
1976
52
         goto fail;
1977
53
     }
1978
54
 
1979
55
-    if (s->nb_bitmaps == 0) {
1980
56
-        return true;
1981
57
+    FOR_EACH_DIRTY_BITMAP(bs, bitmap) {
1982
58
+        if (bdrv_dirty_bitmap_get_persistence(bitmap)) {
1983
59
+            nb_bitmaps++;
1984
60
+            bitmap_directory_size +=
1985
61
+                calc_dir_entry_size(strlen(bdrv_dirty_bitmap_name(bitmap)), 0);
1986
62
+        }
1987
63
     }
1988
64
+    nb_bitmaps++;
1989
65
+    bitmap_directory_size += calc_dir_entry_size(strlen(name), 0);
1990
66
 
1991
67
-    if (s->nb_bitmaps >= QCOW2_MAX_BITMAPS) {
1992
68
+    if (nb_bitmaps > QCOW2_MAX_BITMAPS) {
1993
69
         error_setg(errp,
1994
70
                    "Maximum number of persistent bitmaps is already reached");
1995
71
         goto fail;
1996
72
     }
1997
73
 
1998
74
-    if (s->bitmap_directory_size + calc_dir_entry_size(strlen(name), 0) >
1999
75
-        QCOW2_MAX_BITMAP_DIRECTORY_SIZE)
2000
76
-    {
2001
77
+    if (bitmap_directory_size > QCOW2_MAX_BITMAP_DIRECTORY_SIZE) {
2002
78
         error_setg(errp, "Not enough space in the bitmap directory");
2003
79
         goto fail;
2004
80
     }
2005
81
 
2006
82
-    qemu_co_mutex_lock(&s->lock);
2007
83
-    bm_list = bitmap_list_load(bs, s->bitmap_directory_offset,
2008
84
-                               s->bitmap_directory_size, errp);
2009
85
-    qemu_co_mutex_unlock(&s->lock);
2010
86
-    if (bm_list == NULL) {
2011
87
-        goto fail;
2012
88
-    }
2013
89
-
2014
90
-    found = find_bitmap_by_name(bm_list, name);
2015
91
-    bitmap_list_free(bm_list);
2016
92
-    if (found) {
2017
93
-        error_setg(errp, "Bitmap with the same name is already stored");
2018
94
-        goto fail;
2019
95
-    }
2020
96
-
2021
97
     return true;
2022
98
 
2023
99
 fail:
2024
100
-- 
2025
101
2.25.1
2026
102
2027
diff --git a/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch b/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch
2028
0
new file mode 100644
103
new file mode 100644
2029
index 0000000..ed8ab96
2030
--- /dev/null
2031
+++ b/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch
2032
@@ -0,0 +1,54 @@
2033
1
From c69291e712ae4ef95f628424db6586473da61d43 Mon Sep 17 00:00:00 2001
2034
2
From: Max Reitz <mreitz@redhat.com>
2035
3
Date: Tue, 21 Jan 2020 16:59:14 +0100
2036
4
Subject: [PATCH] qemu-img: Fix convert -n -B for backing-less targets
2037
5
2038
6
s.target_has_backing does not reflect whether the target BDS has a
2039
7
backing file; it only tells whether we should use a backing file during
2040
8
conversion (specified by -B).
2041
9
2042
10
As such, if you use convert -n, the target does not necessarily actually
2043
11
have a backing file, and then dereferencing out_bs->backing fails here.
2044
12
2045
13
When converting to an existing file, we should set
2046
14
target_backing_sectors to a negative value, because first, as the
2047
15
comment explains, this value is only used for optimization, so it is
2048
16
always fine to do that.
2049
17
2050
18
Second, we use this value to determine where the target must be
2051
19
initialized to zeroes (overlays are initialized to zero after the end of
2052
20
their backing file).  When converting to an existing file, we cannot
2053
21
assume that to be true.
2054
22
2055
23
Cc: qemu-stable@nongnu.org
2056
24
Fixes: 351c8efff9ad809c822d55620df54d575d536f68
2057
25
       ("qemu-img: Special post-backing convert handling")
2058
26
Signed-off-by: Max Reitz <mreitz@redhat.com>
2059
27
Message-Id: <20200121155915.98232-2-mreitz@redhat.com>
2060
28
Reviewed-by: John Snow <jsnow@redhat.com>
2061
29
Signed-off-by: Max Reitz <mreitz@redhat.com>
2062
30
2063
31
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c69291e712ae4ef95f628424db6586473da61d43
2064
32
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2065
33
Last-Update: 2020-03-18
2066
34
2067
35
---
2068
36
 qemu-img.c | 2 +-
2069
37
 1 file changed, 1 insertion(+), 1 deletion(-)
2070
38
2071
39
diff --git a/qemu-img.c b/qemu-img.c
2072
40
index 0faf2cd2f5..804630a368 100644
2073
41
--- a/qemu-img.c
2074
42
+++ b/qemu-img.c
2075
43
@@ -2523,7 +2523,7 @@ static int img_convert(int argc, char **argv)
2076
44
         }
2077
45
     }
2078
46
 
2079
47
-    if (s.target_has_backing) {
2080
48
+    if (s.target_has_backing && s.target_is_new) {
2081
49
         /* Errors are treated as "backing length unknown" (which means
2082
50
          * s.target_backing_sectors has to be negative, which it will
2083
51
          * be automatically).  The backing file length is used only
2084
52
-- 
2085
53
2.25.1
2086
54
2087
diff --git a/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch b/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch
2088
0
new file mode 100644
55
new file mode 100644
2089
index 0000000..fb21432
2090
--- /dev/null
2091
+++ b/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch
2092
@@ -0,0 +1,40 @@
2093
1
From 8b51c0961cc13e55b26bb6665ec3a341abdc7658 Mon Sep 17 00:00:00 2001
2094
2
From: Christian Borntraeger <borntraeger@de.ibm.com>
2095
3
Date: Thu, 20 Feb 2020 14:16:22 +0100
2096
4
Subject: [PATCH] s390/sclp: improve special wait psw logic
2097
5
2098
6
There is a special quiesce PSW that we check for "shutdown". Otherwise disabled
2099
7
wait is detected as "crashed". Architecturally we must only check PSW bits
2100
8
116-127. Fix this.
2101
9
2102
10
Cc: qemu-stable@nongnu.org
2103
11
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2104
12
Message-Id: <1582204582-22995-1-git-send-email-borntraeger@de.ibm.com>
2105
13
Reviewed-by: David Hildenbrand <david@redhat.com>
2106
14
Acked-by: Janosch Frank <frankja@linux.ibm.com>
2107
15
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2108
16
2109
17
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=8b51c0961cc13e55b26bb6665ec3a341abdc7658
2110
18
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2111
19
Last-Update: 2020-03-18
2112
20
2113
21
---
2114
22
 target/s390x/helper.c | 2 +-
2115
23
 1 file changed, 1 insertion(+), 1 deletion(-)
2116
24
2117
25
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
2118
26
index b810ad431e..ed72684911 100644
2119
27
--- a/target/s390x/helper.c
2120
28
+++ b/target/s390x/helper.c
2121
29
@@ -89,7 +89,7 @@ hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr vaddr)
2122
30
 static inline bool is_special_wait_psw(uint64_t psw_addr)
2123
31
 {
2124
32
     /* signal quiesce */
2125
33
-    return psw_addr == 0xfffUL;
2126
34
+    return (psw_addr & 0xfffUL) == 0xfffUL;
2127
35
 }
2128
36
 
2129
37
 void s390_handle_wait(S390CPU *cpu)
2130
38
-- 
2131
39
2.25.1
2132
40
2133
diff --git a/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch b/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch
2134
0
new file mode 100644
41
new file mode 100644
2135
index 0000000..6c4bce9
2136
--- /dev/null
2137
+++ b/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch
2138
@@ -0,0 +1,46 @@
2139
1
From 30d544839e278dc76017b9a42990c41e84a34377 Mon Sep 17 00:00:00 2001
2140
2
From: Jeff Kubascik <jeff.kubascik@dornerworks.com>
2141
3
Date: Fri, 17 Jan 2020 14:09:31 +0000
2142
4
Subject: [PATCH] target/arm: Return correct IL bit in merge_syn_data_abort
2143
5
2144
6
The IL bit is set for 32-bit instructions, thus passing false
2145
7
with the is_16bit parameter to syn_data_abort_with_iss() makes
2146
8
a syn mask that always has the IL bit set.
2147
9
2148
10
Pass is_16bit as true to make the initial syn mask have IL=0,
2149
11
so that the final IL value comes from or'ing template_syn.
2150
12
2151
13
Cc: qemu-stable@nongnu.org
2152
14
Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts")
2153
15
Signed-off-by: Jeff Kubascik <jeff.kubascik@dornerworks.com>
2154
16
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2155
17
Message-id: 20200117004618.2742-2-richard.henderson@linaro.org
2156
18
[rth: Extracted this as a self-contained bug fix from a larger patch]
2157
19
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2158
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2159
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2160
22
2161
23
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=30d544839e278dc76017b9a42990c41e84a34377
2162
24
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2163
25
Last-Update: 2020-03-18
2164
26
2165
27
---
2166
28
 target/arm/tlb_helper.c | 2 +-
2167
29
 1 file changed, 1 insertion(+), 1 deletion(-)
2168
30
2169
31
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
2170
32
index 5feb312941..e63f8bda29 100644
2171
33
--- a/target/arm/tlb_helper.c
2172
34
+++ b/target/arm/tlb_helper.c
2173
35
@@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
2174
36
         syn = syn_data_abort_with_iss(same_el,
2175
37
                                       0, 0, 0, 0, 0,
2176
38
                                       ea, 0, s1ptw, is_write, fsc,
2177
39
-                                      false);
2178
40
+                                      true);
2179
41
         /* Merge the runtime syndrome with the template syndrome.  */
2180
42
         syn |= template_syn;
2181
43
     }
2182
44
-- 
2183
45
2.25.1
2184
46
2185
diff --git a/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch b/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch
2186
0
new file mode 100644
47
new file mode 100644
2187
index 0000000..46f0f6d
2188
--- /dev/null
2189
+++ b/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch
2190
@@ -0,0 +1,42 @@
2191
1
From 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 Mon Sep 17 00:00:00 2001
2192
2
From: Richard Henderson <richard.henderson@linaro.org>
2193
3
Date: Fri, 17 Jan 2020 14:09:31 +0000
2194
4
Subject: [PATCH] target/arm: Set ISSIs16Bit in make_issinfo
2195
5
2196
6
During the conversion to decodetree, the setting of
2197
7
ISSIs16Bit got lost.  This causes the guest os to
2198
8
incorrectly adjust trapping memory operations.
2199
9
2200
10
Cc: qemu-stable@nongnu.org
2201
11
Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)")
2202
12
Reported-by: Jeff Kubascik <jeff.kubascik@dornerworks.com>
2203
13
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2204
14
Message-id: 20200117004618.2742-3-richard.henderson@linaro.org
2205
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2206
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2207
17
2208
18
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=1a1fbc6cbb34c26d43d8360c66c1d21681af14a9
2209
19
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2210
20
Last-Update: 2020-03-18
2211
21
2212
22
---
2213
23
 target/arm/translate.c | 3 +++
2214
24
 1 file changed, 3 insertions(+)
2215
25
2216
26
diff --git a/target/arm/translate.c b/target/arm/translate.c
2217
27
index 0c8624fb42..2f4aea927f 100644
2218
28
--- a/target/arm/translate.c
2219
29
+++ b/target/arm/translate.c
2220
30
@@ -8556,6 +8556,9 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w)
2221
31
     /* ISS not valid if writeback */
2222
32
     if (p && !w) {
2223
33
         ret = rd;
2224
34
+        if (s->base.pc_next - s->pc_curr == 2) {
2225
35
+            ret |= ISSIs16Bit;
2226
36
+        }
2227
37
     } else {
2228
38
         ret = ISSInvalid;
2229
39
     }
2230
40
-- 
2231
41
2.25.1
2232
42
2233
diff --git a/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch b/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch
2234
0
new file mode 100644
43
new file mode 100644
2235
index 0000000..4f7a731
2236
--- /dev/null
2237
+++ b/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch
2238
@@ -0,0 +1,79 @@
2239
1
From 21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db Mon Sep 17 00:00:00 2001
2240
2
From: Masahiro Yamada <masahiroy@kernel.org>
2241
3
Date: Fri, 17 Jan 2020 14:09:30 +0000
2242
4
Subject: [PATCH] target/arm/arm-semi: fix SYS_OPEN to return nonzero
2243
5
 filehandle
2244
6
2245
7
According to the specification "Semihosting for AArch32 and Aarch64",
2246
8
the SYS_OPEN operation should return:
2247
9
2248
10
 - A nonzero handle if the call is successful
2249
11
 - -1 if the call is not successful
2250
12
2251
13
So, it should never return 0.
2252
14
2253
15
Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting
2254
16
code hand out its own file descriptors"), the guest fd matched to the
2255
17
host fd. It returned a nonzero handle on success since the fd 0 is
2256
18
already used for stdin.
2257
19
2258
20
Now that the guest fd is the index of guestfd_array, it starts from 0.
2259
21
2260
22
I noticed this issue particularly because Trusted Firmware-A built with
2261
23
PLAT=qemu is no longer working. Its io_semihosting driver only handles
2262
24
a positive return value as a valid filehandle.
2263
25
2264
26
Basically, there are two ways to fix this:
2265
27
2266
28
  - Use (guestfd - 1) as the index of guestfs_arrary. We need to insert
2267
29
    increment/decrement to convert the guestfd and the array index back
2268
30
    and forth.
2269
31
2270
32
  - Keep using guestfd as the index of guestfs_array. The first entry
2271
33
    of guestfs_array is left unused.
2272
34
2273
35
I thought the latter is simpler. We end up with wasting a small piece
2274
36
of memory for the unused first entry of guestfd_array, but this is
2275
37
probably not a big deal.
2276
38
2277
39
Fixes: 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors")
2278
40
Cc: qemu-stable@nongnu.org
2279
41
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2280
42
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2281
43
Message-id: 20200109041228.10131-1-masahiroy@kernel.org
2282
44
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2283
45
2284
46
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db
2285
47
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2286
48
Last-Update: 2020-03-18
2287
49
2288
50
---
2289
51
 target/arm/arm-semi.c | 5 +++--
2290
52
 1 file changed, 3 insertions(+), 2 deletions(-)
2291
53
2292
54
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
2293
55
index 47d61f6fe1..788fe61b51 100644
2294
56
--- a/target/arm/arm-semi.c
2295
57
+++ b/target/arm/arm-semi.c
2296
58
@@ -144,7 +144,8 @@ static int alloc_guestfd(void)
2297
59
         guestfd_array = g_array_new(FALSE, TRUE, sizeof(GuestFD));
2298
60
     }
2299
61
 
2300
62
-    for (i = 0; i < guestfd_array->len; i++) {
2301
63
+    /* SYS_OPEN should return nonzero handle on success. Start guestfd from 1 */
2302
64
+    for (i = 1; i < guestfd_array->len; i++) {
2303
65
         GuestFD *gf = &g_array_index(guestfd_array, GuestFD, i);
2304
66
 
2305
67
         if (gf->type == GuestFDUnused) {
2306
68
@@ -168,7 +169,7 @@ static GuestFD *do_get_guestfd(int guestfd)
2307
69
         return NULL;
2308
70
     }
2309
71
 
2310
72
-    if (guestfd < 0 || guestfd >= guestfd_array->len) {
2311
73
+    if (guestfd <= 0 || guestfd >= guestfd_array->len) {
2312
74
         return NULL;
2313
75
     }
2314
76
 
2315
77
-- 
2316
78
2.25.1
2317
79
2318
diff --git a/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch b/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch
2319
0
new file mode 100644
80
new file mode 100644
2320
index 0000000..896de43
2321
--- /dev/null
2322
+++ b/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch
2323
@@ -0,0 +1,127 @@
2324
1
From f80741d107673f162e3b097fc76a1590036cc9d1 Mon Sep 17 00:00:00 2001
2325
2
From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
2326
3
Date: Thu, 12 Dec 2019 11:47:34 +0000
2327
4
Subject: [PATCH] target/arm: ensure we use current exception state after SCR
2328
5
 update
2329
6
MIME-Version: 1.0
2330
7
Content-Type: text/plain; charset=UTF-8
2331
8
Content-Transfer-Encoding: 8bit
2332
9
2333
10
A write to the SCR can change the effective EL by droppping the system
2334
11
from secure to non-secure mode. However if we use a cached current_el
2335
12
from before the change we'll rebuild the flags incorrectly. To fix
2336
13
this we introduce the ARM_CP_NEWEL CP flag to indicate the new EL
2337
14
should be used when recomputing the flags.
2338
15
2339
16
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2340
17
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2341
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2342
19
Message-id: 20191212114734.6962-1-alex.bennee@linaro.org
2343
20
Cc: Richard Henderson <richard.henderson@linaro.org>
2344
21
Message-Id: <20191209143723.6368-1-alex.bennee@linaro.org>
2345
22
Cc: qemu-stable@nongnu.org
2346
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2347
24
2348
25
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=f80741d107673f162e3b097fc76a1590036cc9d1
2349
26
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2350
27
Last-Update: 2020-03-18
2351
28
2352
29
---
2353
30
 target/arm/cpu.h       |  8 ++++++--
2354
31
 target/arm/helper.c    | 14 +++++++++++++-
2355
32
 target/arm/helper.h    |  1 +
2356
33
 target/arm/translate.c |  6 +++++-
2357
34
 4 files changed, 25 insertions(+), 4 deletions(-)
2358
35
2359
36
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
2360
37
index 4106e4ae59..5f70e9e043 100644
2361
38
--- a/target/arm/cpu.h
2362
39
+++ b/target/arm/cpu.h
2363
40
@@ -2238,6 +2238,9 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
2364
41
  * RAISES_EXC is for when the read or write hook might raise an exception;
2365
42
  * the generated code will synchronize the CPU state before calling the hook
2366
43
  * so that it is safe for the hook to call raise_exception().
2367
44
+ * NEWEL is for writes to registers that might change the exception
2368
45
+ * level - typically on older ARM chips. For those cases we need to
2369
46
+ * re-read the new el when recomputing the translation flags.
2370
47
  */
2371
48
 #define ARM_CP_SPECIAL           0x0001
2372
49
 #define ARM_CP_CONST             0x0002
2373
50
@@ -2257,10 +2260,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
2374
51
 #define ARM_CP_SVE               0x2000
2375
52
 #define ARM_CP_NO_GDB            0x4000
2376
53
 #define ARM_CP_RAISES_EXC        0x8000
2377
54
+#define ARM_CP_NEWEL             0x10000
2378
55
 /* Used only as a terminator for ARMCPRegInfo lists */
2379
56
-#define ARM_CP_SENTINEL          0xffff
2380
57
+#define ARM_CP_SENTINEL          0xfffff
2381
58
 /* Mask of only the flag bits in a type field */
2382
59
-#define ARM_CP_FLAG_MASK         0xf0ff
2383
60
+#define ARM_CP_FLAG_MASK         0x1f0ff
2384
61
 
2385
62
 /* Valid values for ARMCPRegInfo state field, indicating which of
2386
63
  * the AArch32 and AArch64 execution states this register is visible in.
2387
64
diff --git a/target/arm/helper.c b/target/arm/helper.c
2388
65
index 3a93844a3b..5074b5f69c 100644
2389
66
--- a/target/arm/helper.c
2390
67
+++ b/target/arm/helper.c
2391
68
@@ -5133,7 +5133,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
2392
69
       .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0,
2393
70
       .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3),
2394
71
       .resetvalue = 0, .writefn = scr_write },
2395
72
-    { .name = "SCR",  .type = ARM_CP_ALIAS,
2396
73
+    { .name = "SCR",  .type = ARM_CP_ALIAS | ARM_CP_NEWEL,
2397
74
       .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
2398
75
       .access = PL1_RW, .accessfn = access_trap_aa32s_el1,
2399
76
       .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3),
2400
77
@@ -11472,6 +11472,18 @@ void HELPER(rebuild_hflags_m32)(CPUARMState *env, int el)
2401
78
     env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx);
2402
79
 }
2403
80
 
2404
81
+/*
2405
82
+ * If we have triggered a EL state change we can't rely on the
2406
83
+ * translator having passed it too us, we need to recompute.
2407
84
+ */
2408
85
+void HELPER(rebuild_hflags_a32_newel)(CPUARMState *env)
2409
86
+{
2410
87
+    int el = arm_current_el(env);
2411
88
+    int fp_el = fp_exception_el(env, el);
2412
89
+    ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
2413
90
+    env->hflags = rebuild_hflags_a32(env, fp_el, mmu_idx);
2414
91
+}
2415
92
+
2416
93
 void HELPER(rebuild_hflags_a32)(CPUARMState *env, int el)
2417
94
 {
2418
95
     int fp_el = fp_exception_el(env, el);
2419
96
diff --git a/target/arm/helper.h b/target/arm/helper.h
2420
97
index 7ce5169afb..aa3d8cd08f 100644
2421
98
--- a/target/arm/helper.h
2422
99
+++ b/target/arm/helper.h
2423
100
@@ -91,6 +91,7 @@ DEF_HELPER_2(get_user_reg, i32, env, i32)
2424
101
 DEF_HELPER_3(set_user_reg, void, env, i32, i32)
2425
102
 
2426
103
 DEF_HELPER_FLAGS_2(rebuild_hflags_m32, TCG_CALL_NO_RWG, void, env, int)
2427
104
+DEF_HELPER_FLAGS_1(rebuild_hflags_a32_newel, TCG_CALL_NO_RWG, void, env)
2428
105
 DEF_HELPER_FLAGS_2(rebuild_hflags_a32, TCG_CALL_NO_RWG, void, env, int)
2429
106
 DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, void, env, int)
2430
107
 
2431
108
diff --git a/target/arm/translate.c b/target/arm/translate.c
2432
109
index f162be8434..2b6c1f91bf 100644
2433
110
--- a/target/arm/translate.c
2434
111
+++ b/target/arm/translate.c
2435
112
@@ -7083,7 +7083,11 @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
2436
113
             if (arm_dc_feature(s, ARM_FEATURE_M)) {
2437
114
                 gen_helper_rebuild_hflags_m32(cpu_env, tcg_el);
2438
115
             } else {
2439
116
-                gen_helper_rebuild_hflags_a32(cpu_env, tcg_el);
2440
117
+                if (ri->type & ARM_CP_NEWEL) {
2441
118
+                    gen_helper_rebuild_hflags_a32_newel(cpu_env);
2442
119
+                } else {
2443
120
+                    gen_helper_rebuild_hflags_a32(cpu_env, tcg_el);
2444
121
+                }
2445
122
             }
2446
123
             tcg_temp_free_i32(tcg_el);
2447
124
             /*
2448
125
-- 
2449
126
2.25.1
2450
127
2451
diff --git a/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch b/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch
2452
0
new file mode 100644
128
new file mode 100644
2453
index 0000000..9316575
2454
--- /dev/null
2455
+++ b/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch
2456
@@ -0,0 +1,169 @@
2457
1
From 420ae1fc51c99abfd03b1c590f55617edd2a2bed Mon Sep 17 00:00:00 2001
2458
2
From: Paolo Bonzini <pbonzini@redhat.com>
2459
3
Date: Mon, 20 Jan 2020 19:21:42 +0100
2460
4
Subject: [PATCH] target/i386: kvm: initialize feature MSRs very early
2461
5
2462
6
Some read-only MSRs affect the behavior of ioctls such as
2463
7
KVM_SET_NESTED_STATE.  We can initialize them once and for all
2464
8
right after the CPU is realized, since they will never be modified
2465
9
by the guest.
2466
10
2467
11
Reported-by: Qingua Cheng <qcheng@redhat.com>
2468
12
Cc: qemu-stable@nongnu.org
2469
13
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2470
14
Message-Id: <1579544504-3616-2-git-send-email-pbonzini@redhat.com>
2471
15
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2472
16
2473
17
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=420ae1fc51c99abfd03b1c590f55617edd2a2bed
2474
18
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2475
19
Last-Update: 2020-03-18
2476
20
2477
21
---
2478
22
 target/i386/kvm.c      | 81 +++++++++++++++++++++++++-----------------
2479
23
 target/i386/kvm_i386.h |  1 +
2480
24
 2 files changed, 49 insertions(+), 33 deletions(-)
2481
25
2482
26
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
2483
27
index 7ee3202634..f6dd6b790e 100644
2484
28
--- a/target/i386/kvm.c
2485
29
+++ b/target/i386/kvm.c
2486
30
@@ -67,6 +67,8 @@
2487
31
  * 255 kvm_msr_entry structs */
2488
32
 #define MSR_BUF_SIZE 4096
2489
33
 
2490
34
+static void kvm_init_msrs(X86CPU *cpu);
2491
35
+
2492
36
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
2493
37
     KVM_CAP_INFO(SET_TSS_ADDR),
2494
38
     KVM_CAP_INFO(EXT_CPUID),
2495
39
@@ -1842,6 +1844,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
2496
40
         has_msr_tsc_aux = false;
2497
41
     }
2498
42
 
2499
43
+    kvm_init_msrs(cpu);
2500
44
+
2501
45
     r = hyperv_init_vcpu(cpu);
2502
46
     if (r) {
2503
47
         goto fail;
2504
48
@@ -2660,11 +2664,53 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f)
2505
49
                       VMCS12_MAX_FIELD_INDEX << 1);
2506
50
 }
2507
51
 
2508
52
+static int kvm_buf_set_msrs(X86CPU *cpu)
2509
53
+{
2510
54
+    int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf);
2511
55
+    if (ret < 0) {
2512
56
+        return ret;
2513
57
+    }
2514
58
+
2515
59
+    if (ret < cpu->kvm_msr_buf->nmsrs) {
2516
60
+        struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret];
2517
61
+        error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64,
2518
62
+                     (uint32_t)e->index, (uint64_t)e->data);
2519
63
+    }
2520
64
+
2521
65
+    assert(ret == cpu->kvm_msr_buf->nmsrs);
2522
66
+    return 0;
2523
67
+}
2524
68
+
2525
69
+static void kvm_init_msrs(X86CPU *cpu)
2526
70
+{
2527
71
+    CPUX86State *env = &cpu->env;
2528
72
+
2529
73
+    kvm_msr_buf_reset(cpu);
2530
74
+    if (has_msr_arch_capabs) {
2531
75
+        kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
2532
76
+                          env->features[FEAT_ARCH_CAPABILITIES]);
2533
77
+    }
2534
78
+
2535
79
+    if (has_msr_core_capabs) {
2536
80
+        kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
2537
81
+                          env->features[FEAT_CORE_CAPABILITY]);
2538
82
+    }
2539
83
+
2540
84
+    /*
2541
85
+     * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
2542
86
+     * all kernels with MSR features should have them.
2543
87
+     */
2544
88
+    if (kvm_feature_msrs && cpu_has_vmx(env)) {
2545
89
+        kvm_msr_entry_add_vmx(cpu, env->features);
2546
90
+    }
2547
91
+
2548
92
+    assert(kvm_buf_set_msrs(cpu) == 0);
2549
93
+}
2550
94
+
2551
95
 static int kvm_put_msrs(X86CPU *cpu, int level)
2552
96
 {
2553
97
     CPUX86State *env = &cpu->env;
2554
98
     int i;
2555
99
-    int ret;
2556
100
 
2557
101
     kvm_msr_buf_reset(cpu);
2558
102
 
2559
103
@@ -2722,17 +2768,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
2560
104
     }
2561
105
 #endif
2562
106
 
2563
107
-    /* If host supports feature MSR, write down. */
2564
108
-    if (has_msr_arch_capabs) {
2565
109
-        kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
2566
110
-                          env->features[FEAT_ARCH_CAPABILITIES]);
2567
111
-    }
2568
112
-
2569
113
-    if (has_msr_core_capabs) {
2570
114
-        kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
2571
115
-                          env->features[FEAT_CORE_CAPABILITY]);
2572
116
-    }
2573
117
-
2574
118
     /*
2575
119
      * The following MSRs have side effects on the guest or are too heavy
2576
120
      * for normal writeback. Limit them to reset or full state updates.
2577
121
@@ -2910,14 +2945,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
2578
122
 
2579
123
         /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
2580
124
          *       kvm_put_msr_feature_control. */
2581
125
-
2582
126
-        /*
2583
127
-         * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
2584
128
-         * all kernels with MSR features should have them.
2585
129
-         */
2586
130
-        if (kvm_feature_msrs && cpu_has_vmx(env)) {
2587
131
-            kvm_msr_entry_add_vmx(cpu, env->features);
2588
132
-        }
2589
133
     }
2590
134
 
2591
135
     if (env->mcg_cap) {
2592
136
@@ -2933,19 +2960,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
2593
137
         }
2594
138
     }
2595
139
 
2596
140
-    ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf);
2597
141
-    if (ret < 0) {
2598
142
-        return ret;
2599
143
-    }
2600
144
-
2601
145
-    if (ret < cpu->kvm_msr_buf->nmsrs) {
2602
146
-        struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret];
2603
147
-        error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64,
2604
148
-                     (uint32_t)e->index, (uint64_t)e->data);
2605
149
-    }
2606
150
-
2607
151
-    assert(ret == cpu->kvm_msr_buf->nmsrs);
2608
152
-    return 0;
2609
153
+    return kvm_buf_set_msrs(cpu);
2610
154
 }
2611
155
 
2612
156
 
2613
157
diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h
2614
158
index 7d0242f5fb..00bde7acaf 100644
2615
159
--- a/target/i386/kvm_i386.h
2616
160
+++ b/target/i386/kvm_i386.h
2617
161
@@ -46,4 +46,5 @@ bool kvm_enable_x2apic(void);
2618
162
 bool kvm_has_x2apic_api(void);
2619
163
 
2620
164
 bool kvm_hv_vpindex_settable(void);
2621
165
+
2622
166
 #endif
2623
167
-- 
2624
168
2.25.1
2625
169
2626
diff --git a/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch b/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch
2627
0
new file mode 100644
170
new file mode 100644
2628
index 0000000..5d0bbf2
2629
--- /dev/null
2630
+++ b/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch
2631
@@ -0,0 +1,98 @@
2632
1
From fcc54ab5c7ca84ae72e8bf3781c33c9193a911aa Mon Sep 17 00:00:00 2001
2633
2
From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
2634
3
Date: Tue, 25 Feb 2020 17:49:08 +0000
2635
4
Subject: [PATCH] tcg: save vaddr temp for plugin usage
2636
5
MIME-Version: 1.0
2637
6
Content-Type: text/plain; charset=UTF-8
2638
7
Content-Transfer-Encoding: 8bit
2639
8
2640
9
While do_gen_mem_cb does copy (via extu_tl_i64) vaddr into a new temp
2641
10
this won't help if the vaddr temp gets clobbered by the actual
2642
11
load/store op. To avoid this clobbering we explicitly copy vaddr
2643
12
before the op to ensure it is live my the time we do the
2644
13
instrumentation.
2645
14
2646
15
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
2647
16
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2648
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2649
18
Reviewed-by: Emilio G. Cota <cota@braap.org>
2650
19
Cc: qemu-stable@nongnu.org
2651
20
Message-Id: <20200225124710.14152-18-alex.bennee@linaro.org>
2652
21
2653
22
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=fcc54ab5c7ca84ae72e8bf3781c33c9193a911aa
2654
23
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2655
24
Last-Update: 2020-03-18
2656
25
2657
26
---
2658
27
 tcg/tcg-op.c | 23 ++++++++++++++++++++---
2659
28
 1 file changed, 20 insertions(+), 3 deletions(-)
2660
29
2661
30
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
2662
31
index 7d782002e3..e2e25ebf7d 100644
2663
32
--- a/tcg/tcg-op.c
2664
33
+++ b/tcg/tcg-op.c
2665
34
@@ -2794,13 +2794,26 @@ static void tcg_gen_req_mo(TCGBar type)
2666
35
     }
2667
36
 }
2668
37
 
2669
38
+static inline TCGv plugin_prep_mem_callbacks(TCGv vaddr)
2670
39
+{
2671
40
+#ifdef CONFIG_PLUGIN
2672
41
+    if (tcg_ctx->plugin_insn != NULL) {
2673
42
+        /* Save a copy of the vaddr for use after a load.  */
2674
43
+        TCGv temp = tcg_temp_new();
2675
44
+        tcg_gen_mov_tl(temp, vaddr);
2676
45
+        return temp;
2677
46
+    }
2678
47
+#endif
2679
48
+    return vaddr;
2680
49
+}
2681
50
+
2682
51
 static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info)
2683
52
 {
2684
53
 #ifdef CONFIG_PLUGIN
2685
54
-    if (tcg_ctx->plugin_insn == NULL) {
2686
55
-        return;
2687
56
+    if (tcg_ctx->plugin_insn != NULL) {
2688
57
+        plugin_gen_empty_mem_callback(vaddr, info);
2689
58
+        tcg_temp_free(vaddr);
2690
59
     }
2691
60
-    plugin_gen_empty_mem_callback(vaddr, info);
2692
61
 #endif
2693
62
 }
2694
63
 
2695
64
@@ -2822,6 +2835,7 @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
2696
65
         }
2697
66
     }
2698
67
 
2699
68
+    addr = plugin_prep_mem_callbacks(addr);
2700
69
     gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx);
2701
70
     plugin_gen_mem_callbacks(addr, info);
2702
71
 
2703
72
@@ -2868,6 +2882,7 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
2704
73
         memop &= ~MO_BSWAP;
2705
74
     }
2706
75
 
2707
76
+    addr = plugin_prep_mem_callbacks(addr);
2708
77
     gen_ldst_i32(INDEX_op_qemu_st_i32, val, addr, memop, idx);
2709
78
     plugin_gen_mem_callbacks(addr, info);
2710
79
 
2711
80
@@ -2905,6 +2920,7 @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
2712
81
         }
2713
82
     }
2714
83
 
2715
84
+    addr = plugin_prep_mem_callbacks(addr);
2716
85
     gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx);
2717
86
     plugin_gen_mem_callbacks(addr, info);
2718
87
 
2719
88
@@ -2967,6 +2983,7 @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
2720
89
         memop &= ~MO_BSWAP;
2721
90
     }
2722
91
 
2723
92
+    addr = plugin_prep_mem_callbacks(addr);
2724
93
     gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx);
2725
94
     plugin_gen_mem_callbacks(addr, info);
2726
95
 
2727
96
-- 
2728
97
2.25.1
2729
98
2730
diff --git a/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch b/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch
2731
0
new file mode 100644
99
new file mode 100644
2732
index 0000000..209bd3e
2733
--- /dev/null
2734
+++ b/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch
2735
@@ -0,0 +1,47 @@
2736
1
From 71e415c8a75c130875f14d6b2136825789feb297 Mon Sep 17 00:00:00 2001
2737
2
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
2738
3
Date: Fri, 3 Jan 2020 11:39:59 +0400
2739
4
Subject: [PATCH] tpm-ppi: page-align PPI RAM
2740
5
MIME-Version: 1.0
2741
6
Content-Type: text/plain; charset=UTF-8
2742
7
Content-Transfer-Encoding: 8bit
2743
8
2744
9
post-copy migration fails on destination with error such as:
2745
10
2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range:
2746
11
Unaligned start address: 0x559d2afae9a0
2747
12
2748
13
Use qemu_memalign() to constrain the PPI RAM memory alignment.
2749
14
2750
15
Cc: qemu-stable@nongnu.org
2751
16
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2752
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2753
18
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2754
19
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
2755
20
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2756
21
Message-id: 20200103074000.1006389-3-marcandre.lureau@redhat.com
2757
22
2758
23
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=71e415c8a75c130875f14d6b2136825789feb297
2759
24
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2760
25
Last-Update: 2020-03-18
2761
26
2762
27
---
2763
28
 hw/tpm/tpm_ppi.c | 3 ++-
2764
29
 1 file changed, 2 insertions(+), 1 deletion(-)
2765
30
2766
31
diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c
2767
32
index ff314592b4..6d9c1a3e40 100644
2768
33
--- a/hw/tpm/tpm_ppi.c
2769
34
+++ b/hw/tpm/tpm_ppi.c
2770
35
@@ -43,7 +43,8 @@ void tpm_ppi_reset(TPMPPI *tpmppi)
2771
36
 void tpm_ppi_init(TPMPPI *tpmppi, struct MemoryRegion *m,
2772
37
                   hwaddr addr, Object *obj)
2773
38
 {
2774
39
-    tpmppi->buf = g_malloc0(HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
2775
40
+    tpmppi->buf = qemu_memalign(qemu_real_host_page_size,
2776
41
+                                HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
2777
42
     memory_region_init_ram_device_ptr(&tpmppi->ram, obj, "tpm-ppi",
2778
43
                                       TPM_PPI_ADDR_SIZE, tpmppi->buf);
2779
44
     vmstate_register_ram(&tpmppi->ram, DEVICE(obj));
2780
45
-- 
2781
46
2.25.1
2782
47
2783
diff --git a/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch b/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch
2784
0
new file mode 100644
48
new file mode 100644
2785
index 0000000..f52b1bd
2786
--- /dev/null
2787
+++ b/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch
2788
@@ -0,0 +1,50 @@
2789
1
From 0446f8121723b134ca1d1ed0b73e96d4a0a8689d Mon Sep 17 00:00:00 2001
2790
2
From: Peter Xu <peterx@redhat.com>
2791
3
Date: Mon, 6 Jan 2020 13:34:45 -0700
2792
4
Subject: [PATCH] vfio/pci: Don't remove irqchip notifier if not registered
2793
5
2794
6
The kvm irqchip notifier is only registered if the device supports
2795
7
INTx, however it's unconditionally removed.  If the assigned device
2796
8
does not support INTx, this will cause QEMU to crash when unplugging
2797
9
the device from the system.  Change it to conditionally remove the
2798
10
notifier only if the notify hook is setup.
2799
11
2800
12
CC: Eduardo Habkost <ehabkost@redhat.com>
2801
13
CC: David Gibson <david@gibson.dropbear.id.au>
2802
14
CC: Alex Williamson <alex.williamson@redhat.com>
2803
15
Cc: qemu-stable@nongnu.org # v4.2
2804
16
Reported-by: yanghliu@redhat.com
2805
17
Debugged-by: Eduardo Habkost <ehabkost@redhat.com>
2806
18
Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier")
2807
19
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1782678
2808
20
Signed-off-by: Peter Xu <peterx@redhat.com>
2809
21
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
2810
22
Reviewed-by: Greg Kurz <groug@kaod.org>
2811
23
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2812
24
2813
25
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0446f8121723b134ca1d1ed0b73e96d4a0a8689d
2814
26
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2815
27
Last-Update: 2020-03-18
2816
28
2817
29
---
2818
30
 hw/vfio/pci.c | 4 +++-
2819
31
 1 file changed, 3 insertions(+), 1 deletion(-)
2820
32
2821
33
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
2822
34
index 2d40b396f2..337a173ce7 100644
2823
35
--- a/hw/vfio/pci.c
2824
36
+++ b/hw/vfio/pci.c
2825
37
@@ -3076,7 +3076,9 @@ static void vfio_exitfn(PCIDevice *pdev)
2826
38
     vfio_unregister_req_notifier(vdev);
2827
39
     vfio_unregister_err_notifier(vdev);
2828
40
     pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
2829
41
-    kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
2830
42
+    if (vdev->irqchip_change_notifier.notify) {
2831
43
+        kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
2832
44
+    }
2833
45
     vfio_disable_interrupts(vdev);
2834
46
     if (vdev->intx.mmap_timer) {
2835
47
         timer_free(vdev->intx.mmap_timer);
2836
48
-- 
2837
49
2.25.1
2838
50
2839
diff --git a/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch b/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch
2840
0
new file mode 100644
51
new file mode 100644
2841
index 0000000..177cafe
2842
--- /dev/null
2843
+++ b/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch
2844
@@ -0,0 +1,331 @@
2845
1
From abdd16f4681cc4d6bf84990227b5c9b98e869ccd Mon Sep 17 00:00:00 2001
2846
2
From: Stefan Hajnoczi <stefanha@redhat.com>
2847
3
Date: Fri, 7 Feb 2020 10:46:19 +0000
2848
4
Subject: [PATCH] virtio: gracefully handle invalid region caches
2849
5
2850
6
The virtqueue code sets up MemoryRegionCaches to access the virtqueue
2851
7
guest RAM data structures.  The code currently assumes that
2852
8
VRingMemoryRegionCaches is initialized before device emulation code
2853
9
accesses the virtqueue.  An assertion will fail in
2854
10
vring_get_region_caches() when this is not true.  Device fuzzing found a
2855
11
case where this assumption is false (see below).
2856
12
2857
13
Virtqueue guest RAM addresses can also be changed from a vCPU thread
2858
14
while an IOThread is accessing the virtqueue.  This breaks the same
2859
15
assumption but this time the caches could become invalid partway through
2860
16
the virtqueue code.  The code fetches the caches RCU pointer multiple
2861
17
times so we will need to validate the pointer every time it is fetched.
2862
18
2863
19
Add checks each time we call vring_get_region_caches() and treat invalid
2864
20
caches as a nop: memory stores are ignored and memory reads return 0.
2865
21
2866
22
The fuzz test failure is as follows:
2867
23
2868
24
  $ qemu -M pc -device virtio-blk-pci,id=drv0,drive=drive0,addr=4.0 \
2869
25
         -drive if=none,id=drive0,file=null-co://,format=raw,auto-read-only=off \
2870
26
         -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw \
2871
27
         -display none \
2872
28
         -qtest stdio
2873
29
  endianness
2874
30
  outl 0xcf8 0x80002020
2875
31
  outl 0xcfc 0xe0000000
2876
32
  outl 0xcf8 0x80002004
2877
33
  outw 0xcfc 0x7
2878
34
  write 0xe0000000 0x24 0x00ffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffab5cffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffab0000000001
2879
35
  inb 0x4
2880
36
  writew 0xe000001c 0x1
2881
37
  write 0xe0000014 0x1 0x0d
2882
38
2883
39
The following error message is produced:
2884
40
2885
41
  qemu-system-x86_64: /home/stefanha/qemu/hw/virtio/virtio.c:286: vring_get_region_caches: Assertion `caches != NULL' failed.
2886
42
2887
43
The backtrace looks like this:
2888
44
2889
45
  #0  0x00007ffff5520625 in raise () at /lib64/libc.so.6
2890
46
  #1  0x00007ffff55098d9 in abort () at /lib64/libc.so.6
2891
47
  #2  0x00007ffff55097a9 in _nl_load_domain.cold () at /lib64/libc.so.6
2892
48
  #3  0x00007ffff5518a66 in annobin_assert.c_end () at /lib64/libc.so.6
2893
49
  #4  0x00005555559073da in vring_get_region_caches (vq=<optimized out>) at qemu/hw/virtio/virtio.c:286
2894
50
  #5  vring_get_region_caches (vq=<optimized out>) at qemu/hw/virtio/virtio.c:283
2895
51
  #6  0x000055555590818d in vring_used_flags_set_bit (mask=1, vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:398
2896
52
  #7  virtio_queue_split_set_notification (enable=0, vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:398
2897
53
  #8  virtio_queue_set_notification (vq=vq@entry=0x5555575ceea0, enable=enable@entry=0) at qemu/hw/virtio/virtio.c:451
2898
54
  #9  0x0000555555908512 in virtio_queue_set_notification (vq=vq@entry=0x5555575ceea0, enable=enable@entry=0) at qemu/hw/virtio/virtio.c:444
2899
55
  #10 0x00005555558c697a in virtio_blk_handle_vq (s=0x5555575c57e0, vq=0x5555575ceea0) at qemu/hw/block/virtio-blk.c:775
2900
56
  #11 0x0000555555907836 in virtio_queue_notify_aio_vq (vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:2244
2901
57
  #12 0x0000555555cb5dd7 in aio_dispatch_handlers (ctx=ctx@entry=0x55555671a420) at util/aio-posix.c:429
2902
58
  #13 0x0000555555cb67a8 in aio_dispatch (ctx=0x55555671a420) at util/aio-posix.c:460
2903
59
  #14 0x0000555555cb307e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:260
2904
60
  #15 0x00007ffff7bbc510 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
2905
61
  #16 0x0000555555cb5848 in glib_pollfds_poll () at util/main-loop.c:219
2906
62
  #17 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:242
2907
63
  #18 main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:518
2908
64
  #19 0x00005555559b20c9 in main_loop () at vl.c:1683
2909
65
  #20 0x0000555555838115 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4441
2910
66
2911
67
Reported-by: Alexander Bulekov <alxndr@bu.edu>
2912
68
Cc: Michael Tsirkin <mst@redhat.com>
2913
69
Cc: Cornelia Huck <cohuck@redhat.com>
2914
70
Cc: Paolo Bonzini <pbonzini@redhat.com>
2915
71
Cc: qemu-stable@nongnu.org
2916
72
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2917
73
Message-Id: <20200207104619.164892-1-stefanha@redhat.com>
2918
74
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2919
75
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2920
76
2921
77
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=abdd16f4681cc4d6bf84990227b5c9b98e869ccd
2922
78
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
2923
79
Last-Update: 2020-03-18
2924
80
2925
81
---
2926
82
 hw/virtio/virtio.c | 99 ++++++++++++++++++++++++++++++++++++++++++----
2927
83
 1 file changed, 91 insertions(+), 8 deletions(-)
2928
84
2929
85
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
2930
86
index 2c5410e981..00d444699d 100644
2931
87
--- a/hw/virtio/virtio.c
2932
88
+++ b/hw/virtio/virtio.c
2933
89
@@ -282,15 +282,19 @@ static void vring_packed_flags_write(VirtIODevice *vdev,
2934
90
 /* Called within rcu_read_lock().  */
2935
91
 static VRingMemoryRegionCaches *vring_get_region_caches(struct VirtQueue *vq)
2936
92
 {
2937
93
-    VRingMemoryRegionCaches *caches = atomic_rcu_read(&vq->vring.caches);
2938
94
-    assert(caches != NULL);
2939
95
-    return caches;
2940
96
+    return atomic_rcu_read(&vq->vring.caches);
2941
97
 }
2942
98
+
2943
99
 /* Called within rcu_read_lock().  */
2944
100
 static inline uint16_t vring_avail_flags(VirtQueue *vq)
2945
101
 {
2946
102
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
2947
103
     hwaddr pa = offsetof(VRingAvail, flags);
2948
104
+
2949
105
+    if (!caches) {
2950
106
+        return 0;
2951
107
+    }
2952
108
+
2953
109
     return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
2954
110
 }
2955
111
 
2956
112
@@ -299,6 +303,11 @@ static inline uint16_t vring_avail_idx(VirtQueue *vq)
2957
113
 {
2958
114
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
2959
115
     hwaddr pa = offsetof(VRingAvail, idx);
2960
116
+
2961
117
+    if (!caches) {
2962
118
+        return 0;
2963
119
+    }
2964
120
+
2965
121
     vq->shadow_avail_idx = virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
2966
122
     return vq->shadow_avail_idx;
2967
123
 }
2968
124
@@ -308,6 +317,11 @@ static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
2969
125
 {
2970
126
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
2971
127
     hwaddr pa = offsetof(VRingAvail, ring[i]);
2972
128
+
2973
129
+    if (!caches) {
2974
130
+        return 0;
2975
131
+    }
2976
132
+
2977
133
     return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
2978
134
 }
2979
135
 
2980
136
@@ -323,6 +337,11 @@ static inline void vring_used_write(VirtQueue *vq, VRingUsedElem *uelem,
2981
137
 {
2982
138
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
2983
139
     hwaddr pa = offsetof(VRingUsed, ring[i]);
2984
140
+
2985
141
+    if (!caches) {
2986
142
+        return;
2987
143
+    }
2988
144
+
2989
145
     virtio_tswap32s(vq->vdev, &uelem->id);
2990
146
     virtio_tswap32s(vq->vdev, &uelem->len);
2991
147
     address_space_write_cached(&caches->used, pa, uelem, sizeof(VRingUsedElem));
2992
148
@@ -334,6 +353,11 @@ static uint16_t vring_used_idx(VirtQueue *vq)
2993
149
 {
2994
150
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
2995
151
     hwaddr pa = offsetof(VRingUsed, idx);
2996
152
+
2997
153
+    if (!caches) {
2998
154
+        return 0;
2999
155
+    }
3000
156
+
3001
157
     return virtio_lduw_phys_cached(vq->vdev, &caches->used, pa);
3002
158
 }
3003
159
 
3004
160
@@ -342,8 +366,12 @@ static inline void vring_used_idx_set(VirtQueue *vq, uint16_t val)
3005
161
 {
3006
162
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
3007
163
     hwaddr pa = offsetof(VRingUsed, idx);
3008
164
-    virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val);
3009
165
-    address_space_cache_invalidate(&caches->used, pa, sizeof(val));
3010
166
+
3011
167
+    if (caches) {
3012
168
+        virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val);
3013
169
+        address_space_cache_invalidate(&caches->used, pa, sizeof(val));
3014
170
+    }
3015
171
+
3016
172
     vq->used_idx = val;
3017
173
 }
3018
174
 
3019
175
@@ -353,8 +381,13 @@ static inline void vring_used_flags_set_bit(VirtQueue *vq, int mask)
3020
176
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
3021
177
     VirtIODevice *vdev = vq->vdev;
3022
178
     hwaddr pa = offsetof(VRingUsed, flags);
3023
179
-    uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa);
3024
180
+    uint16_t flags;
3025
181
 
3026
182
+    if (!caches) {
3027
183
+        return;
3028
184
+    }
3029
185
+
3030
186
+    flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa);
3031
187
     virtio_stw_phys_cached(vdev, &caches->used, pa, flags | mask);
3032
188
     address_space_cache_invalidate(&caches->used, pa, sizeof(flags));
3033
189
 }
3034
190
@@ -365,8 +398,13 @@ static inline void vring_used_flags_unset_bit(VirtQueue *vq, int mask)
3035
191
     VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
3036
192
     VirtIODevice *vdev = vq->vdev;
3037
193
     hwaddr pa = offsetof(VRingUsed, flags);
3038
194
-    uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa);
3039
195
+    uint16_t flags;
3040
196
 
3041
197
+    if (!caches) {
3042
198
+        return;
3043
199
+    }
3044
200
+
3045
201
+    flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa);
3046
202
     virtio_stw_phys_cached(vdev, &caches->used, pa, flags & ~mask);
3047
203
     address_space_cache_invalidate(&caches->used, pa, sizeof(flags));
3048
204
 }
3049
205
@@ -381,6 +419,10 @@ static inline void vring_set_avail_event(VirtQueue *vq, uint16_t val)
3050
206
     }
3051
207
 
3052
208
     caches = vring_get_region_caches(vq);
3053
209
+    if (!caches) {
3054
210
+        return;
3055
211
+    }
3056
212
+
3057
213
     pa = offsetof(VRingUsed, ring[vq->vring.num]);
3058
214
     virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val);
3059
215
     address_space_cache_invalidate(&caches->used, pa, sizeof(val));
3060
216
@@ -410,7 +452,11 @@ static void virtio_queue_packed_set_notification(VirtQueue *vq, int enable)
3061
217
     VRingMemoryRegionCaches *caches;
3062
218
 
3063
219
     RCU_READ_LOCK_GUARD();
3064
220
-    caches  = vring_get_region_caches(vq);
3065
221
+    caches = vring_get_region_caches(vq);
3066
222
+    if (!caches) {
3067
223
+        return;
3068
224
+    }
3069
225
+
3070
226
     vring_packed_event_read(vq->vdev, &caches->used, &e);
3071
227
 
3072
228
     if (!enable) {
3073
229
@@ -597,6 +643,10 @@ static int virtio_queue_packed_empty_rcu(VirtQueue *vq)
3074
230
     }
3075
231
 
3076
232
     cache = vring_get_region_caches(vq);
3077
233
+    if (!cache) {
3078
234
+        return 1;
3079
235
+    }
3080
236
+
3081
237
     vring_packed_desc_read_flags(vq->vdev, &desc.flags, &cache->desc,
3082
238
                                  vq->last_avail_idx);
3083
239
 
3084
240
@@ -777,6 +827,10 @@ static void virtqueue_packed_fill_desc(VirtQueue *vq,
3085
241
     }
3086
242
 
3087
243
     caches = vring_get_region_caches(vq);
3088
244
+    if (!caches) {
3089
245
+        return;
3090
246
+    }
3091
247
+
3092
248
     vring_packed_desc_write(vq->vdev, &desc, &caches->desc, head, strict_order);
3093
249
 }
3094
250
 
3095
251
@@ -949,6 +1003,10 @@ static void virtqueue_split_get_avail_bytes(VirtQueue *vq,
3096
252
 
3097
253
     max = vq->vring.num;
3098
254
     caches = vring_get_region_caches(vq);
3099
255
+    if (!caches) {
3100
256
+        goto err;
3101
257
+    }
3102
258
+
3103
259
     while ((rc = virtqueue_num_heads(vq, idx)) > 0) {
3104
260
         MemoryRegionCache *desc_cache = &caches->desc;
3105
261
         unsigned int num_bufs;
3106
262
@@ -1089,6 +1147,9 @@ static void virtqueue_packed_get_avail_bytes(VirtQueue *vq,
3107
263
 
3108
264
     max = vq->vring.num;
3109
265
     caches = vring_get_region_caches(vq);
3110
266
+    if (!caches) {
3111
267
+        goto err;
3112
268
+    }
3113
269
 
3114
270
     for (;;) {
3115
271
         unsigned int num_bufs = total_bufs;
3116
272
@@ -1194,6 +1255,10 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
3117
273
     }
3118
274
 
3119
275
     caches = vring_get_region_caches(vq);
3120
276
+    if (!caches) {
3121
277
+        goto err;
3122
278
+    }
3123
279
+
3124
280
     desc_size = virtio_vdev_has_feature(vq->vdev, VIRTIO_F_RING_PACKED) ?
3125
281
                                 sizeof(VRingPackedDesc) : sizeof(VRingDesc);
3126
282
     if (caches->desc.len < vq->vring.num * desc_size) {
3127
283
@@ -1387,6 +1452,11 @@ static void *virtqueue_split_pop(VirtQueue *vq, size_t sz)
3128
284
     i = head;
3129
285
 
3130
286
     caches = vring_get_region_caches(vq);
3131
287
+    if (!caches) {
3132
288
+        virtio_error(vdev, "Region caches not initialized");
3133
289
+        goto done;
3134
290
+    }
3135
291
+
3136
292
     if (caches->desc.len < max * sizeof(VRingDesc)) {
3137
293
         virtio_error(vdev, "Cannot map descriptor ring");
3138
294
         goto done;
3139
295
@@ -1509,6 +1579,11 @@ static void *virtqueue_packed_pop(VirtQueue *vq, size_t sz)
3140
296
     i = vq->last_avail_idx;
3141
297
 
3142
298
     caches = vring_get_region_caches(vq);
3143
299
+    if (!caches) {
3144
300
+        virtio_error(vdev, "Region caches not initialized");
3145
301
+        goto done;
3146
302
+    }
3147
303
+
3148
304
     if (caches->desc.len < max * sizeof(VRingDesc)) {
3149
305
         virtio_error(vdev, "Cannot map descriptor ring");
3150
306
         goto done;
3151
307
@@ -1628,6 +1703,10 @@ static unsigned int virtqueue_packed_drop_all(VirtQueue *vq)
3152
308
     VRingPackedDesc desc;
3153
309
 
3154
310
     caches = vring_get_region_caches(vq);
3155
311
+    if (!caches) {
3156
312
+        return 0;
3157
313
+    }
3158
314
+
3159
315
     desc_cache = &caches->desc;
3160
316
 
3161
317
     virtio_queue_set_notification(vq, 0);
3162
318
@@ -2412,6 +2491,10 @@ static bool virtio_packed_should_notify(VirtIODevice *vdev, VirtQueue *vq)
3163
319
     VRingMemoryRegionCaches *caches;
3164
320
 
3165
321
     caches = vring_get_region_caches(vq);
3166
322
+    if (!caches) {
3167
323
+        return false;
3168
324
+    }
3169
325
+
3170
326
     vring_packed_event_read(vdev, &caches->avail, &e);
3171
327
 
3172
328
     old = vq->signalled_used;
3173
329
-- 
3174
330
2.25.1
3175
331
3176
diff --git a/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch b/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch
3177
0
new file mode 100644
332
new file mode 100644
3178
index 0000000..d18b0ee
3179
--- /dev/null
3180
+++ b/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch
3181
@@ -0,0 +1,40 @@
3182
1
From 1049f4c62c4070618cc5defc9963c6a17ae7a5ae Mon Sep 17 00:00:00 2001
3183
2
From: Denis Plotnikov <dplotnikov@virtuozzo.com>
3184
3
Date: Tue, 24 Dec 2019 11:14:46 +0300
3185
4
Subject: [PATCH] virtio-mmio: update queue size on guest write
3186
5
3187
6
Some guests read back queue size after writing it.
3188
7
Always update the on size write otherwise they might be confused.
3189
8
3190
9
Cc: qemu-stable@nongnu.org
3191
10
Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com>
3192
11
Message-Id: <20191224081446.17003-1-dplotnikov@virtuozzo.com>
3193
12
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
3194
13
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3195
14
3196
15
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=1049f4c62c4070618cc5defc9963c6a17ae7a5ae
3197
16
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
3198
17
Last-Update: 2020-03-18
3199
18
3200
19
---
3201
20
 hw/virtio/virtio-mmio.c | 3 ++-
3202
21
 1 file changed, 2 insertions(+), 1 deletion(-)
3203
22
3204
23
diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
3205
24
index ef40b7a9b2..872f2cd237 100644
3206
25
--- a/hw/virtio/virtio-mmio.c
3207
26
+++ b/hw/virtio/virtio-mmio.c
3208
27
@@ -308,8 +308,9 @@ static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value,
3209
28
         break;
3210
29
     case VIRTIO_MMIO_QUEUE_NUM:
3211
30
         trace_virtio_mmio_queue_write(value, VIRTQUEUE_MAX_SIZE);
3212
31
+        virtio_queue_set_num(vdev, vdev->queue_sel, value);
3213
32
+
3214
33
         if (proxy->legacy) {
3215
34
-            virtio_queue_set_num(vdev, vdev->queue_sel, value);
3216
35
             virtio_queue_update_rings(vdev, vdev->queue_sel);
3217
36
         } else {
3218
37
             proxy->vqs[vdev->queue_sel].num = value;
3219
38
-- 
3220
39
2.25.1
3221
40
3222
diff --git a/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch b/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch
3223
0
new file mode 100644
41
new file mode 100644
3224
index 0000000..1db89ff
3225
--- /dev/null
3226
+++ b/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch
3227
@@ -0,0 +1,41 @@
3228
1
From d945d9f1731244ef341f74ede93120fc9de35913 Mon Sep 17 00:00:00 2001
3229
2
From: Yuri Benditovich <yuri.benditovich@daynix.com>
3230
3
Date: Thu, 26 Dec 2019 06:36:49 +0200
3231
4
Subject: [PATCH] virtio-net: delete also control queue when TX/RX deleted
3232
5
3233
6
https://bugzilla.redhat.com/show_bug.cgi?id=1708480
3234
7
If the control queue is not deleted together with TX/RX, it
3235
8
later will be ignored in freeing cache resources and hot
3236
9
unplug will not be completed.
3237
10
3238
11
Cc: qemu-stable@nongnu.org
3239
12
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
3240
13
Message-Id: <20191226043649.14481-3-yuri.benditovich@daynix.com>
3241
14
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
3242
15
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3243
16
3244
17
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d945d9f1731244ef341f74ede93120fc9de35913
3245
18
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
3246
19
Last-Update: 2020-03-18
3247
20
3248
21
---
3249
22
 hw/net/virtio-net.c | 3 ++-
3250
23
 1 file changed, 2 insertions(+), 1 deletion(-)
3251
24
3252
25
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
3253
26
index db3d7c38e6..f325440d01 100644
3254
27
--- a/hw/net/virtio-net.c
3255
28
+++ b/hw/net/virtio-net.c
3256
29
@@ -3101,7 +3101,8 @@ static void virtio_net_device_unrealize(DeviceState *dev, Error **errp)
3257
30
     for (i = 0; i < max_queues; i++) {
3258
31
         virtio_net_del_queue(n, i);
3259
32
     }
3260
33
-
3261
34
+    /* delete also control vq */
3262
35
+    virtio_del_queue(vdev, max_queues * 2);
3263
36
     qemu_announce_timer_del(&n->announce_timer, false);
3264
37
     g_free(n->vqs);
3265
38
     qemu_del_nic(n->nic);
3266
39
-- 
3267
40
2.25.1
3268
41
3269
diff --git a/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch b/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch
3270
0
new file mode 100644
42
new file mode 100644
3271
index 0000000..da81c2c
3272
--- /dev/null
3273
+++ b/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch
3274
@@ -0,0 +1,40 @@
3275
1
From d0c5f643383b9e84316f148affff368ac33d75b9 Mon Sep 17 00:00:00 2001
3276
2
From: "Michael S. Tsirkin" <mst@redhat.com>
3277
3
Date: Fri, 13 Dec 2019 09:22:48 -0500
3278
4
Subject: [PATCH] virtio: update queue size on guest write
3279
5
3280
6
Some guests read back queue size after writing it.
3281
7
Update the size immediatly upon write otherwise
3282
8
they get confused.
3283
9
3284
10
In particular this is the case for seabios.
3285
11
3286
12
Reported-by: Roman Kagan <rkagan@virtuozzo.com>
3287
13
Suggested-by: Denis Plotnikov <dplotnikov@virtuozzo.com>
3288
14
Cc: qemu-stable@nongnu.org
3289
15
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3290
16
3291
17
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d0c5f643383b9e84316f148affff368ac33d75b9
3292
18
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519
3293
19
Last-Update: 2020-03-18
3294
20
3295
21
---
3296
22
 hw/virtio/virtio-pci.c | 2 ++
3297
23
 1 file changed, 2 insertions(+)
3298
24
3299
25
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
3300
26
index c6b47a9c73..e5c759e19e 100644
3301
27
--- a/hw/virtio/virtio-pci.c
3302
28
+++ b/hw/virtio/virtio-pci.c
3303
29
@@ -1256,6 +1256,8 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
3304
30
         break;
3305
31
     case VIRTIO_PCI_COMMON_Q_SIZE:
3306
32
         proxy->vqs[vdev->queue_sel].num = val;
3307
33
+        virtio_queue_set_num(vdev, vdev->queue_sel,
3308
34
+                             proxy->vqs[vdev->queue_sel].num);
3309
35
         break;
3310
36
     case VIRTIO_PCI_COMMON_Q_MSIX:
3311
37
         msix_vector_unuse(&proxy->pci_dev,
3312
38
-- 
3313
39
2.25.1
3314
40
3315
diff --git a/debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch b/debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch
3316
0
new file mode 100644
41
new file mode 100644
3317
index 0000000..056f2e0
3318
--- /dev/null
3319
+++ b/debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch
3320
@@ -0,0 +1,125 @@
3321
1
From ab7e28b0905b1e2daeb5d582cf0f0ce33ea47317 Mon Sep 17 00:00:00 2001
3322
2
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
3323
3
Date: Mon, 2 Mar 2020 15:12:53 +0100
3324
4
Subject: [PATCH] modules: load modules from versioned /var/run dir
3325
5
3326
6
On upgrades the old .so files usually are replaced. But on the other
3327
7
hand since a qemu process represents a guest instance it is usually kept
3328
8
around.
3329
9
3330
10
That makes late addition of dynamic features e.g. 'hot-attach of a ceph
3331
11
disk' fail by trying to load a new version of e.f. block-rbd.so into an
3332
12
old still running qemu binary.
3333
13
3334
14
This adds a fallback to also load modules from a versioned directory in the
3335
15
temporary /var/run path. That way qemu is providing a way for packaging
3336
16
to store modules of an upgraded qemu package as needed until the next reboot.
3337
17
3338
18
Fixes: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1847361
3339
19
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
3340
20
3341
21
Forwarded: yes, https://lists.nongnu.org/archive/html/qemu-devel/2020-03/msg01593.html
3342
22
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1847361
3343
23
Last-Update: 2020-03-02
3344
24
3345
25
---
3346
26
 configure     | 15 +++++++++++++++
3347
27
 util/module.c | 14 ++++++++++++++
3348
28
 2 files changed, 29 insertions(+)
3349
29
3350
30
--- a/configure
3351
31
+++ b/configure
3352
32
@@ -404,6 +404,7 @@ EXESUF=""
3353
33
 DSOSUF=".so"
3354
34
 LDFLAGS_SHARED="-shared"
3355
35
 modules="no"
3356
36
+module_upgrades="no"
3357
37
 prefix="/usr/local"
3358
38
 mandir="\${prefix}/share/man"
3359
39
 datadir="\${prefix}/share"
3360
40
@@ -995,6 +996,10 @@ for opt do
3361
41
   --disable-modules)
3362
42
       modules="no"
3363
43
   ;;
3364
44
+  --disable-module-upgrades) module_upgrades="no"
3365
45
+  ;;
3366
46
+  --enable-module-upgrades) module_upgrades="yes"
3367
47
+  ;;
3368
48
   --cpu=*)
3369
49
   ;;
3370
50
   --target-list=*) target_list="$optarg"
3371
51
@@ -1735,6 +1740,7 @@ disabled with --disable-FEATURE, default
3372
52
   guest-agent-msi build guest agent Windows MSI installation package
3373
53
   pie             Position Independent Executables
3374
54
   modules         modules support (non-Windows)
3375
55
+  module-upgrades try to load modules from alternate paths for upgrades
3376
56
   debug-tcg       TCG debugging (default is disabled)
3377
57
   debug-info      debugging information
3378
58
   sparse          sparse checker
3379
59
@@ -1995,6 +2001,11 @@ if test "$modules" = "yes" && test "$min
3380
60
   error_exit "Modules are not available for Windows"
3381
61
 fi
3382
62
 
3383
63
+# module_upgrades is only reasonable if modules are enabled
3384
64
+if test "$modules" = "no" && test "$module_upgrades" = "yes" ; then
3385
65
+  error_exit "Can't enable module-upgrades as Modules are not enabled"
3386
66
+fi
3387
67
+
3388
68
 # Static linking is not possible with modules or PIE
3389
69
 if test "$static" = "yes" ; then
3390
70
   if test "$modules" = "yes" ; then
3391
71
@@ -6457,6 +6468,7 @@ if test "$slirp" != "no" ; then
3392
72
     echo "smbd              $smbd"
3393
73
 fi
3394
74
 echo "module support    $modules"
3395
75
+echo "alt path mod load $module_upgrades"
3396
76
 echo "host CPU          $cpu"
3397
77
 echo "host big endian   $bigendian"
3398
78
 echo "target list       $target_list"
3399
79
@@ -6814,6 +6826,9 @@ if test "$modules" = "yes"; then
3400
80
   echo "CONFIG_STAMP=_$( (echo $qemu_version; echo $pkgversion; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
3401
81
   echo "CONFIG_MODULES=y" >> $config_host_mak
3402
82
 fi
3403
83
+if test "$module_upgrades" = "yes"; then
3404
84
+  echo "CONFIG_MODULE_UPGRADES=y" >> $config_host_mak
3405
85
+fi
3406
86
 if test "$have_x11" = "yes" && test "$need_x11" = "yes"; then
3407
87
   echo "CONFIG_X11=y" >> $config_host_mak
3408
88
   echo "X11_CFLAGS=$x11_cflags" >> $config_host_mak
3409
89
--- a/util/module.c
3410
90
+++ b/util/module.c
3411
91
@@ -19,6 +19,9 @@
3412
92
 #endif
3413
93
 #include "qemu/queue.h"
3414
94
 #include "qemu/module.h"
3415
95
+#ifdef CONFIG_MODULE_UPGRADES
3416
96
+#include "qemu-version.h"
3417
97
+#endif
3418
98
 
3419
99
 typedef struct ModuleEntry
3420
100
 {
3421
101
@@ -163,6 +166,9 @@ bool module_load_one(const char *prefix,
3422
102
 #ifdef CONFIG_MODULES
3423
103
     char *fname = NULL;
3424
104
     char *exec_dir;
3425
105
+#ifdef CONFIG_MODULE_UPGRADES
3426
106
+    char *version_dir;
3427
107
+#endif
3428
108
     const char *search_dir;
3429
109
     char *dirs[4];
3430
110
     char *module_name;
3431
111
@@ -194,6 +200,14 @@ bool module_load_one(const char *prefix,
3432
112
     dirs[n_dirs++] = g_strdup_printf("%s", CONFIG_QEMU_MODDIR);
3433
113
     dirs[n_dirs++] = g_strdup_printf("%s/..", exec_dir ? : "");
3434
114
     dirs[n_dirs++] = g_strdup_printf("%s", exec_dir ? : "");
3435
115
+
3436
116
+#ifdef CONFIG_MODULE_UPGRADES
3437
117
+    version_dir = g_strcanon(g_strdup(QEMU_PKGVERSION),
3438
118
+                             G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS "+-.~",
3439
119
+                             '_');
3440
120
+    dirs[n_dirs++] = g_strdup_printf("/var/run/qemu/%s", version_dir);
3441
121
+#endif
3442
122
+
3443
123
     assert(n_dirs <= ARRAY_SIZE(dirs));
3444
124
 
3445
125
     g_free(exec_dir);
3446
diff --git a/debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch b/debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch
3447
0
new file mode 100644
126
new file mode 100644
3448
index 0000000..6ef5d49
3449
--- /dev/null
3450
+++ b/debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch
3451
@@ -0,0 +1,61 @@
3452
1
From f7ef7e6e3ba6e994e070cc609eb154339d1c4a11 Mon Sep 17 00:00:00 2001
3453
2
From: Jason Wang <jasowang@redhat.com>
3454
3
Date: Mon, 2 Mar 2020 12:24:54 +0800
3455
4
Subject: [PATCH] vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM
3456
5
3457
6
We turn on device IOTLB via VIRTIO_F_IOMMU_PLATFORM unconditionally on
3458
7
platform without IOMMU support. This can lead unnecessary IOTLB
3459
8
transactions which will damage the performance.
3460
9
3461
10
Fixing this by check whether the device is backed by IOMMU and disable
3462
11
device IOTLB.
3463
12
3464
13
Reported-by: Halil Pasic <pasic@linux.ibm.com>
3465
14
Tested-by: Halil Pasic <pasic@linux.ibm.com>
3466
15
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
3467
16
Signed-off-by: Jason Wang <jasowang@redhat.com>
3468
17
Message-Id: <20200302042454.24814-1-jasowang@redhat.com>
3469
18
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
3470
19
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3471
20
3472
21
Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=f7ef7e6e3ba6e994e070cc609eb154339d1c4a11
3473
22
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1847361
3474
23
Last-Update: 2020-03-13
3475
24
3476
25
---
3477
26
 hw/virtio/vhost.c | 12 +++++++++++-
3478
27
 1 file changed, 11 insertions(+), 1 deletion(-)
3479
28
3480
29
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
3481
30
index 0d226dae10..01ebe12f28 100644
3482
31
--- a/hw/virtio/vhost.c
3483
32
+++ b/hw/virtio/vhost.c
3484
33
@@ -290,7 +290,14 @@ static int vhost_dev_has_iommu(struct vhost_dev *dev)
3485
34
 {
3486
35
     VirtIODevice *vdev = dev->vdev;
3487
36
 
3488
37
-    return virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
3489
38
+    /*
3490
39
+     * For vhost, VIRTIO_F_IOMMU_PLATFORM means the backend support
3491
40
+     * incremental memory mapping API via IOTLB API. For platform that
3492
41
+     * does not have IOMMU, there's no need to enable this feature
3493
42
+     * which may cause unnecessary IOTLB miss/update trnasactions.
3494
43
+     */
3495
44
+    return vdev->dma_as != &address_space_memory &&
3496
45
+           virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
3497
46
 }
3498
47
 
3499
48
 static void *vhost_memory_map(struct vhost_dev *dev, hwaddr addr,
3500
49
@@ -765,6 +772,9 @@ static int vhost_dev_set_features(struct vhost_dev *dev,
3501
50
     if (enable_log) {
3502
51
         features |= 0x1ULL << VHOST_F_LOG_ALL;
3503
52
     }
3504
53
+    if (!vhost_dev_has_iommu(dev)) {
3505
54
+        features &= ~(0x1ULL << VIRTIO_F_IOMMU_PLATFORM);
3506
55
+    }
3507
56
     r = dev->vhost_ops->vhost_set_features(dev, features);
3508
57
     if (r < 0) {
3509
58
         VHOST_OPS_DEBUG("vhost_set_features failed");
3510
59
-- 
3511
60
2.25.1
3512
61
3513
diff --git a/debian/qemu-block-extra.postrm.in b/debian/qemu-block-extra.postrm.in
3514
0
new file mode 100644
62
new file mode 100644
3515
index 0000000..ef2126a
3516
--- /dev/null
3517
+++ b/debian/qemu-block-extra.postrm.in
3518
@@ -0,0 +1,43 @@
3519
1
#!/bin/sh
3520
2
# postrm script for brrr
3521
3
#
3522
4
# see: dh_installdeb(1)
3523
5
3524
6
set -e
3525
7
3526
8
# summary of how this script can be called:
3527
9
#        * <postrm> `remove'
3528
10
#        * <postrm> `purge'
3529
11
#        * <old-postrm> `upgrade' <new-version>
3530
12
#        * <new-postrm> `failed-upgrade' <old-version>
3531
13
#        * <new-postrm> `abort-install'
3532
14
#        * <new-postrm> `abort-install' <old-version>
3533
15
#        * <new-postrm> `abort-upgrade' <old-version>
3534
16
#        * <disappearer's-postrm> `disappear' <overwriter>
3535
17
#          <overwriter-version>
3536
18
# for details, see https://www.debian.org/doc/debian-policy/ or
3537
19
# the debian-policy package
3538
20
3539
21
3540
22
case "$1" in
3541
23
    purge|remove)
3542
24
        # remove .so files for still running qemu instances in /var/run
3543
25
        # for details see bug LP: #1847361
3544
26
        rm -f /var/run/qemu/@PKGVERSION@/block-*.so
3545
27
    ;;
3546
28
3547
29
    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
3548
30
    ;;
3549
31
3550
32
    *)
3551
33
        echo "postrm called with unknown argument \`$1'" >&2
3552
34
        exit 1
3553
35
    ;;
3554
36
esac
3555
37
3556
38
# dh_installdeb will replace this with shell code automatically
3557
39
# generated by other debhelper scripts.
3558
40
3559
41
#DEBHELPER#
3560
42
3561
43
exit 0
3562
diff --git a/debian/qemu-block-extra.prerm.in b/debian/qemu-block-extra.prerm.in
3563
0
new file mode 100644
44
new file mode 100644
3564
index 0000000..dee25a8
3565
--- /dev/null
3566
+++ b/debian/qemu-block-extra.prerm.in
3567
@@ -0,0 +1,45 @@
3568
1
#!/bin/sh
3569
2
# prerm script for qemu-block-extra
3570
3
#
3571
4
# see: dh_installdeb(1)
3572
5
3573
6
set -e
3574
7
3575
8
# summary of how this script can be called:
3576
9
#        * <prerm> `remove'
3577
10
#        * <old-prerm> `upgrade' <new-version>
3578
11
#        * <new-prerm> `failed-upgrade' <old-version>
3579
12
#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
3580
13
#        * <deconfigured's-prerm> `deconfigure' `in-favour'
3581
14
#          <package-being-installed> <version> `removing'
3582
15
#          <conflicting-package> <version>
3583
16
# for details, see https://www.debian.org/doc/debian-policy/ or
3584
17
# the debian-policy package
3585
18
3586
19
3587
20
case "$1" in
3588
21
    remove)
3589
22
    ;;
3590
23
3591
24
    upgrade|deconfigure)
3592
25
        # retain .so files for still running qemu instances in /var/run
3593
26
        # for details see bug LP: #1847361
3594
27
        mkdir -p /var/run/qemu/@PKGVERSION@
3595
28
        cp /usr/lib/@ARCH@/qemu/block-*.so /var/run/qemu/@PKGVERSION@/
3596
29
    ;;
3597
30
3598
31
    failed-upgrade)
3599
32
    ;;
3600
33
3601
34
    *)
3602
35
        echo "prerm called with unknown argument \`$1'" >&2
3603
36
        exit 1
3604
37
    ;;
3605
38
esac
3606
39
3607
40
# dh_installdeb will replace this with shell code automatically
3608
41
# generated by other debhelper scripts.
3609
42
3610
43
#DEBHELPER#
3611
44
3612
45
exit 0
3613
diff --git a/debian/qemu-system-gui.postrm.in b/debian/qemu-system-gui.postrm.in
3614
0
new file mode 100644
46
new file mode 100644
3615
index 0000000..48c740a
3616
--- /dev/null
3617
+++ b/debian/qemu-system-gui.postrm.in
3618
@@ -0,0 +1,44 @@
3619
1
#!/bin/sh
3620
2
# postrm script for brrr
3621
3
#
3622
4
# see: dh_installdeb(1)
3623
5
3624
6
set -e
3625
7
3626
8
# summary of how this script can be called:
3627
9
#        * <postrm> `remove'
3628
10
#        * <postrm> `purge'
3629
11
#        * <old-postrm> `upgrade' <new-version>
3630
12
#        * <new-postrm> `failed-upgrade' <old-version>
3631
13
#        * <new-postrm> `abort-install'
3632
14
#        * <new-postrm> `abort-install' <old-version>
3633
15
#        * <new-postrm> `abort-upgrade' <old-version>
3634
16
#        * <disappearer's-postrm> `disappear' <overwriter>
3635
17
#          <overwriter-version>
3636
18
# for details, see https://www.debian.org/doc/debian-policy/ or
3637
19
# the debian-policy package
3638
20
3639
21
3640
22
case "$1" in
3641
23
    purge|remove)
3642
24
        # remove .so files for still running qemu instances in /var/run
3643
25
        # for details see bug LP: #1847361
3644
26
        rm -f /var/run/qemu/@PKGVERSION@/ui-gtk.so
3645
27
        rm -f /var/run/qemu/@PKGVERSION@/audio-*.so
3646
28
    ;;
3647
29
3648
30
    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
3649
31
    ;;
3650
32
3651
33
    *)
3652
34
        echo "postrm called with unknown argument \`$1'" >&2
3653
35
        exit 1
3654
36
    ;;
3655
37
esac
3656
38
3657
39
# dh_installdeb will replace this with shell code automatically
3658
40
# generated by other debhelper scripts.
3659
41
3660
42
#DEBHELPER#
3661
43
3662
44
exit 0
3663
diff --git a/debian/qemu-system-gui.prerm.in b/debian/qemu-system-gui.prerm.in
3664
0
new file mode 100644
45
new file mode 100644
3665
index 0000000..3624362
3666
--- /dev/null
3667
+++ b/debian/qemu-system-gui.prerm.in
3668
@@ -0,0 +1,46 @@
3669
1
#!/bin/sh
3670
2
# prerm script for qemu-system-gui
3671
3
#
3672
4
# see: dh_installdeb(1)
3673
5
3674
6
set -e
3675
7
3676
8
# summary of how this script can be called:
3677
9
#        * <prerm> `remove'
3678
10
#        * <old-prerm> `upgrade' <new-version>
3679
11
#        * <new-prerm> `failed-upgrade' <old-version>
3680
12
#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
3681
13
#        * <deconfigured's-prerm> `deconfigure' `in-favour'
3682
14
#          <package-being-installed> <version> `removing'
3683
15
#          <conflicting-package> <version>
3684
16
# for details, see https://www.debian.org/doc/debian-policy/ or
3685
17
# the debian-policy package
3686
18
3687
19
3688
20
case "$1" in
3689
21
    remove)
3690
22
    ;;
3691
23
3692
24
    upgrade|deconfigure)
3693
25
        # retain .so files for still running qemu instances in /var/run
3694
26
        # for details see bug LP: #1847361
3695
27
        mkdir -p /var/run/qemu/@PKGVERSION@
3696
28
        cp /usr/lib/@ARCH@/qemu/ui-gtk.so /var/run/qemu/@PKGVERSION@/
3697
29
        cp /usr/lib/@ARCH@/qemu/audio-*.so /var/run/qemu/@PKGVERSION@/
3698
30
    ;;
3699
31
3700
32
    failed-upgrade)
3701
33
    ;;
3702
34
3703
35
    *)
3704
36
        echo "prerm called with unknown argument \`$1'" >&2
3705
37
        exit 1
3706
38
    ;;
3707
39
esac
3708
40
3709
41
# dh_installdeb will replace this with shell code automatically
3710
42
# generated by other debhelper scripts.
3711
43
3712
44
#DEBHELPER#
3713
45
3714
46
exit 0
3715
diff --git a/debian/rules b/debian/rules
3716
index 1604d33..58ed6ea 100755
3717
--- a/debian/rules
3718
+++ b/debian/rules
3719
@@ -15,6 +15,9 @@ else
3720
15
VENDOR := DEBIAN
15
VENDOR := DEBIAN
3721
16
endif
16
endif
3722
17
17
3723
18
AUTOGENERATED:= qemu-block-extra.prerm qemu-block-extra.postrm qemu-system-gui.prerm qemu-system-gui.postrm
3724
19
PKGVERSION := $(shell printf "Debian ${DEB_VERSION}" | tr --complement '[:alnum:]+-.~' '_')
3725
20
3726
18
# support parallel build using DEB_BUILD_OPTIONS=parallel=N
21
# support parallel build using DEB_BUILD_OPTIONS=parallel=N
3727
19
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
22
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
3728
20
  MAKEFLAGS += -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
23
  MAKEFLAGS += -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
3729
@@ -103,6 +106,12 @@ endif	# enable_linux_user
3730
103
b/configure-stamp: configure
106
b/configure-stamp: configure
3731
104
	dh_testdir
107
	dh_testdir
3732
105
108
3733
109
	for f in ${AUTOGENERATED} ; do \
3734
110
        sed -e 's%@ARCH@%${DEB_HOST_MULTIARCH}%g' \
3735
111
	        -e 's%@PKGVERSION@%${PKGVERSION}%g' \
3736
112
			< debian/$$f.in  > debian/$$f ; \
3737
113
    done
3738
114
3739
106
	# system build
115
	# system build
3740
107
	rm -rf b/qemu; mkdir -p b/qemu
116
	rm -rf b/qemu; mkdir -p b/qemu
3741
108
	cd b/qemu && \
117
	cd b/qemu && \
3742
@@ -111,6 +120,7 @@ b/configure-stamp: configure
3743
111
		--${enable_linux_user}-linux-user \
120
		--${enable_linux_user}-linux-user \
3744
112
		--disable-xen \
121
		--disable-xen \
3745
113
		--enable-modules \
122
		--enable-modules \
3746
123
		--enable-module-upgrades \
3747
114
		$(shell sh debian/extract-config-opts \
124
		$(shell sh debian/extract-config-opts \
3748
115
		    $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \
125
		    $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \
3749
116
		$(QEMU_CONFIGURE_OPTIONS) || \
126
		$(QEMU_CONFIGURE_OPTIONS) || \
3750
@@ -137,6 +147,7 @@ ifneq ($(filter $(DEB_HOST_ARCH),amd64 i386),)
3751
137
		--enable-xen \
147
		--enable-xen \
3752
138
		--target-list="aarch64-softmmu arm-softmmu i386-softmmu x86_64-softmmu"
148
		--target-list="aarch64-softmmu arm-softmmu i386-softmmu x86_64-softmmu"
3753
139
		--enable-modules \
149
		--enable-modules \
3754
150
		--enable-module-upgrades \
3755
140
		$(shell sh debian/extract-config-opts \
151
		$(shell sh debian/extract-config-opts \
3756
141
		    $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \
152
		    $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \
3757
142
		$(QEMU_CONFIGURE_OPTIONS) || \
153
		$(QEMU_CONFIGURE_OPTIONS) || \
3758
@@ -489,6 +500,7 @@ clean:	debian/control
3759
489
	rm -rf b
500
	rm -rf b
3760
490
	find scripts/ -name '*.pyc' -delete || :
501
	find scripts/ -name '*.pyc' -delete || :
3761
491
	rm -f debian/qemu-user.1
502
	rm -f debian/qemu-user.1
3762
503
	rm -f $(patsubst %, debian/%, ${AUTOGENERATED})
3763
492
	dh_clean
504
	dh_clean
3764
493
505
3765
494
.PHONY: build clean binary-arch binary-indep binary build-arch build-indep build
506
.PHONY: build clean binary-arch binary-indep binary build-arch build-indep build
Reviewer	Date Requested	Status
Andreas Hasenack	2020-03-19	Approve on 2020-03-19
Canonical Server	2020-03-19	Pending
git-ubuntu developers	2020-03-19	Pending
Review via email: mp+380874@code.launchpad.net