Merge ~paelzer/ubuntu/+source/qemu:lp-1835546-s390x-protvirt-final into ubuntu/+source/qemu:ubuntu/focal-devel
- Git
- lp:~paelzer/ubuntu/+source/qemu
- lp-1835546-s390x-protvirt-final
- Merge into ubuntu/focal-devel
Status: | Merged | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Approved by: | Christian Ehrhardt | ||||||||||||||||
Approved revision: | 36d2633e22db8e585e2e8f2099144f4bb6d64121 | ||||||||||||||||
Merge reported by: | Christian Ehrhardt | ||||||||||||||||
Merged at revision: | 8173c35832629eff7c983b284f34f86f3c0c9ce9 | ||||||||||||||||
Proposed branch: | ~paelzer/ubuntu/+source/qemu:lp-1835546-s390x-protvirt-final | ||||||||||||||||
Merge into: | ubuntu/+source/qemu:ubuntu/focal-devel | ||||||||||||||||
Diff against target: |
7167 lines (+6697/-18) 68 files modified
debian/changelog (+29/-0) debian/patches/series (+64/-1) debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch (+48/-0) debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch (+49/-0) debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch (+46/-0) debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch (+108/-0) debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch (+97/-0) debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch (+201/-0) debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch (+107/-0) debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch (+44/-0) debian/patches/stable/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch (+78/-0) debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch (+76/-0) debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch (+79/-0) debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch (+58/-0) debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch (+44/-0) debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch (+202/-0) debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch (+138/-0) debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch (+230/-0) debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch (+41/-0) debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch (+39/-0) debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch (+44/-0) debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch (+102/-0) debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch (+54/-0) debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch (+40/-0) debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch (+46/-0) debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch (+42/-0) debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch (+79/-0) debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch (+127/-0) debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch (+169/-0) debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch (+98/-0) debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch (+47/-0) debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch (+50/-0) debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch (+331/-0) debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch (+40/-0) debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch (+41/-0) debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch (+40/-0) debian/patches/ubuntu/lp-1835546-Sync-pv.patch (+98/-0) debian/patches/ubuntu/lp-1835546-pc-bios-s390x-Save-iplb-location-in-lowcore.patch (+138/-0) debian/patches/ubuntu/lp-1835546-s390x-Add-SIDA-memory-ops.patch (+141/-0) debian/patches/ubuntu/lp-1835546-s390x-Add-missing-vcpu-reset-functions.patch (+165/-0) debian/patches/ubuntu/lp-1835546-s390x-Add-unpack-facility-feature-to-GA1.patch (+67/-0) debian/patches/ubuntu/lp-1835546-s390x-Beautify-diag308-handling.patch (+119/-0) debian/patches/ubuntu/lp-1835546-s390x-Don-t-do-a-normal-reset-on-the-initial-cpu.patch (+41/-0) debian/patches/ubuntu/lp-1835546-s390x-Move-clear-reset.patch (+135/-0) debian/patches/ubuntu/lp-1835546-s390x-Move-diagnose-308-subcodes-and-rcs-into-ipl.h.patch (+67/-0) debian/patches/ubuntu/lp-1835546-s390x-Move-initial-reset.patch (+148/-0) debian/patches/ubuntu/lp-1835546-s390x-Move-reset-normal-to-shared-reset-handler.patch (+134/-0) debian/patches/ubuntu/lp-1835546-s390x-ipl-Consolidate-iplb-validity-check-into-one-f.patch (+70/-0) debian/patches/ubuntu/lp-1835546-s390x-kvm-Make-kvm_sclp_service_call-void.patch (+72/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Add-migration-blocker.patch (+70/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Disable-address-checks-for-PV-guest-I.patch (+126/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Handle-SIGP-store-status-correctly.patch (+50/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Inhibit-balloon-when-switching-to-pro.patch (+91/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-KVM-intercept-changes.patch (+66/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Move-IO-control-structures-over-SIDA.patch (+162/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Move-STSI-data-over-SIDAD.patch (+61/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Move-diag-308-data-over-SIDA.patch (+84/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-SCLP-interpretation.patch (+162/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Set-guest-IPL-PSW.patch (+51/-0) debian/patches/ubuntu/lp-1835546-s390x-protvirt-Support-unpack-facility.patch (+875/-0) debian/patches/ubuntu/lp-1847361-modules-load-upgrade.patch (+125/-0) debian/patches/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch (+61/-0) debian/qemu-block-extra.postrm.in (+43/-0) debian/qemu-block-extra.prerm.in (+45/-0) debian/qemu-system-gui.postrm.in (+44/-0) debian/qemu-system-gui.prerm.in (+46/-0) debian/rules (+12/-0) dev/null (+0/-17) |
||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Rafael David Tinoco (community) | Approve | ||
Canonical Server | Pending | ||
git-ubuntu developers | Pending | ||
Review via email: mp+381033@code.launchpad.net |
Commit message
Description of the change
Christian Ehrhardt (paelzer) wrote : | # |
Rafael David Tinoco (rafaeldtinoco) wrote : | # |
I'll review this one.
- 947abf0... by Christian Ehrhardt
-
d/p/ubuntu/
expose- vmx_qemu64cpu. patch: Stop adding VMX to qemu64 to avoid broken nesting (LP: #1868692) Signed-off-by: Christian Ehrhardt <email address hidden>
- 8173c35... by Christian Ehrhardt
-
changelog: Stop adding VMX to qemu64 to avoid broken nesting (LP: #1868692)
Signed-off-by: Christian Ehrhardt <email address hidden>
Christian Ehrhardt (paelzer) wrote : | # |
Added a fix for bug 1868692 to the MP
Rafael David Tinoco (rafaeldtinoco) wrote : | # |
TL;DR => Jump to my last commits for conclusions.
1:1 mapping with IBM repo:
patches/
upstream - 0723cc8a5558c94
patches/
ibm - 5081c651c9e12d5
patches/
ibm - 6c657fba3b138ad
patches/
ibm - 7d1c3eddae6fa68
patches/
ibm - cdb7c92623442b8
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
patches/
Rafael David Tinoco (rafaeldtinoco) wrote : | # |
STATUS: +1 (after information on topics 1-4 as they're not blockers)
# checklist for fixes
-------
[.] changelog entry correct, targeted to correct codename
[.] update-maintainer has been run previously
----
[x] changes forwarded upstream/debian (if appropriate)
[.] patches match what was proposed upstream
----
[.] patches correctly included in debian/
[?] patches have correct DEP3 metadata
----
[-] verified dpkg-buildpackage -S and -b
[-] autopkgtest against PPA or built package passes
----
[-] testcase provided
[-] was able to reproduce
[-] fix solved provided testcase
-------
[.] = ok
[x] = not ok
[?] = question
[!] = note
[-] = n/a
-------
Observations:
(1)
- For all commits coming from borntraeger/
and point where each of those were forwarded to. Based on DEP3 guidelines, when
patch is vendor specific DEP3 Forwarded flag becomes obligatory => this will
help me out when reducing the delta.
(2)
- For the same set of commits, I'm afraid the "cherry-picked from commit XXXX",
from both Cornelia and Christian, means nothing to external - to s390x -
repositories and confuses whoever is trying to find origin. Can/Should we just
get rid of those ?
(3)
- What about these patches coming from the same IBM s390 patchset:
3c664ea0a6d4196
ae150759a9de200
9da000ea0ae75fb
just checking you saw those and are ignoring them deliberately... is that so ?
(4)
- Your debian/
...
# LP 1867519 s390x protvirt
lp-1867519-
ubuntu/
ubuntu/
ubuntu/
ubuntu/
...
protvirt feature is being added in LP: #1835546 and FFe is in LP: #1866866. LP:
#1867519 is about seg faults on VFIO detach as it looks like.
Putting things the way I understand:
LP: #1868692 - qemu64 cpu type VMX feature adverstise fix
LP: #1835546 - s390x protvirt feature
and that seems correctly informed in changelog for 1:4.2-3ubuntu4.
It seems you should put line:
lp-1867519-
in the previous block of patches.
Rafael David Tinoco (rafaeldtinoco) wrote : | # |
After information on previous comment, consider this a +1.
- a1641f6... by Christian Ehrhardt
-
Fixup protvirt patches
Signed-off-by: Christian Ehrhardt <email address hidden>
- e86627e... by Christian Ehrhardt
-
fix stable patch file names for 1867519
Signed-off-by: Christian Ehrhardt <email address hidden>
- 57d22cf... by Christian Ehrhardt
-
d/p/ubuntu/
lp-1835546- *: backport the s390x protvirt feature (LP: #1835546) Signed-off-by: Christian Ehrhardt <email address hidden>
Christian Ehrhardt (paelzer) wrote : | # |
>
> (1)
> - For all commits coming from borntraeger/
> flag
> and point where each of those were forwarded to. Based on DEP3 guidelines,
> when
> patch is vendor specific DEP3 Forwarded flag becomes obligatory => this
> will
> help me out when reducing the delta.
>
Agreed, that will be better - I added this to all of them.
v12 exists only internally atm.
Forwarded:
https:/
> (2)
> - For the same set of commits, I'm afraid the "cherry-picked from commit
> XXXX",
> from both Cornelia and Christian, means nothing to external - to s390x -
> repositories and confuses whoever is trying to find origin. Can/Should we
> just
> get rid of those ?
>
While the "cherry picked" isn't confusing to mee I can see what you mean,
removed.
The important bit is the Origin tag and in those I have correct entries
already in all headers, like
Origin: backport, https:/
(3)
> - What about these patches coming from the same IBM s390 patchset:
>
> 3c664ea0a6d4196
> VIRTIO_
> ae150759a9de200
> psw logic
> 9da000ea0ae75fb
>
> just checking you saw those and are ignoring them deliberately... is that
> so ?
>
Yes it is intentional and ok, I explained to IBM why on:
https:/
> (4)
> - Your debian/
>
> ...
> # LP 1867519 s390x protvirt
> lp-1867519-
> ubuntu/
> ubuntu/
> ubuntu/
> ubuntu/
> ...
>
> protvirt feature is being added in LP: #1835546 and FFe is in LP:
> #1866866. LP:
> #1867519 is about seg faults on VFIO detach as it looks like.
>
> Putting things the way I understand:
>
> LP: #1868692 - qemu64 cpu type VMX feature adverstise fix
> LP: #1835546 - s390x protvirt feature
>
> and that seems correctly informed in changelog for 1:4.2-3ubuntu4.
>
> It seems you should put line:
>
> lp-1867519-
>
> in the previous block of patches.
>
Agreed, it also needs a rename to have the stable prefix dir.
Done
Thanks for the review!
Christian Ehrhardt (paelzer) wrote : | # |
Replied via email to the review, thanks.
I pushed the updated branch and consider this approved.
Just waiting for the FFe now (and maybe that upstream accepts it as I'd prefer that before upload).
Christian Ehrhardt (paelzer) wrote : | # |
I have re-pushed the branch and asked Rafael to re-review the bits for bug 1868692.
Comment #4 and later in that bug will explain why and the pro/cons.
Rafael David Tinoco (rafaeldtinoco) wrote : | # |
+1 again on my side.
Christian Ehrhardt (paelzer) wrote : | # |
Thank you, tests are good as well and the FFe is in.
I think we did as much as we can upfront, can upload before the Beta freeze happens and worst case fix hopefully minor things later.
Christian Ehrhardt (paelzer) wrote : | # |
To ssh://git.
* [new tag] upload/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading qemu_4.
Uploading qemu_4.
Uploading qemu_4.
Uploading qemu_4.
Successfully uploaded packages.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 89089bb..4338791 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,32 @@ |
6 | +qemu (1:4.2-3ubuntu4) focal; urgency=medium |
7 | + |
8 | + * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546) |
9 | + * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64 |
10 | + to avoid broken nesting (LP: #1868692) |
11 | + |
12 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 08:02:16 +0100 |
13 | + |
14 | +qemu (1:4.2-3ubuntu3) focal; urgency=medium |
15 | + |
16 | + * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream |
17 | + patches @qemu-stable (LP: #1867519) |
18 | + |
19 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 18 Mar 2020 13:57:57 +0100 |
20 | + |
21 | +qemu (1:4.2-3ubuntu2) focal; urgency=medium |
22 | + |
23 | + * allow qemu to load old modules post upgrade (LP: #1847361) |
24 | + - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module |
25 | + load to a versioned path |
26 | + - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on |
27 | + upgrade |
28 | + - d/rules: generate maintainer scripts matching package version on build |
29 | + - d/rules: enable --enable-module-upgrades where --enable-modules is set |
30 | + * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch: |
31 | + avoid unnecessary IOTLB transactions (LP: #1866207) |
32 | + |
33 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 15:21:27 +0100 |
34 | + |
35 | qemu (1:4.2-3ubuntu1) focal; urgency=medium |
36 | |
37 | * Merge with Debian testing, remaining changes: |
38 | diff --git a/debian/patches/series b/debian/patches/series |
39 | index c9fce99..5e9c946 100644 |
40 | --- a/debian/patches/series |
41 | +++ b/debian/patches/series |
42 | @@ -4,7 +4,6 @@ qboot-no-jump-tables.diff |
43 | iscsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch |
44 | |
45 | # ubuntu patches |
46 | -ubuntu/expose-vmx_qemu64cpu.patch |
47 | ubuntu/enable-svm-by-default.patch |
48 | ubuntu/define-ubuntu-machine-types.patch |
49 | ubuntu/pre-bionic-256k-ipxe-efi-roms.patch |
50 | @@ -13,3 +12,67 @@ ubuntu/lp-1857033-i386-Add-macro-for-stibp.patch |
51 | ubuntu/lp-1857033-i386-Add-new-CPU-model-Cooperlake.patch |
52 | lp-1859527-virtio-blk-fix-out-of-bounds-access-to-bitmap-in-not.patch |
53 | ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch |
54 | +ubuntu/lp-1847361-modules-load-upgrade.patch |
55 | +ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch |
56 | + |
57 | +# stabilize 4.2 with patches sent to qemu-stable since 4.2 released |
58 | +stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch |
59 | +stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch |
60 | +stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch |
61 | +stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch |
62 | +stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch |
63 | +stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch |
64 | +stable/lp-1867519-backup-top-Begin-drain-earlier.patch |
65 | +stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch |
66 | +stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch |
67 | +stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch |
68 | +stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch |
69 | +stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch |
70 | +stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch |
71 | +stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch |
72 | +stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch |
73 | +stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch |
74 | +stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch |
75 | +stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch |
76 | +stable/lp-1867519-block-backup-top-fix-failure-path.patch |
77 | +stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch |
78 | +stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch |
79 | +stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch |
80 | +stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch |
81 | +stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch |
82 | +stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch |
83 | +stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch |
84 | +stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch |
85 | +stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch |
86 | +stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch |
87 | +stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch |
88 | +stable/lp-1867519-job-refactor-progress-to-separate-object.patch |
89 | +stable/lp-1867519-block-block-copy-fix-progress-calculation.patch |
90 | +stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch |
91 | +stable/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch |
92 | + |
93 | +# LP 1867519 s390x protvirt |
94 | +ubuntu/lp-1835546-s390x-Don-t-do-a-normal-reset-on-the-initial-cpu.patch |
95 | +ubuntu/lp-1835546-s390x-Move-reset-normal-to-shared-reset-handler.patch |
96 | +ubuntu/lp-1835546-s390x-Move-initial-reset.patch |
97 | +ubuntu/lp-1835546-s390x-Move-clear-reset.patch |
98 | +ubuntu/lp-1835546-s390x-kvm-Make-kvm_sclp_service_call-void.patch |
99 | +ubuntu/lp-1835546-s390x-ipl-Consolidate-iplb-validity-check-into-one-f.patch |
100 | +ubuntu/lp-1835546-s390x-Beautify-diag308-handling.patch |
101 | +ubuntu/lp-1835546-s390x-Add-missing-vcpu-reset-functions.patch |
102 | +ubuntu/lp-1835546-pc-bios-s390x-Save-iplb-location-in-lowcore.patch |
103 | +ubuntu/lp-1835546-s390x-Move-diagnose-308-subcodes-and-rcs-into-ipl.h.patch |
104 | +ubuntu/lp-1835546-Sync-pv.patch |
105 | +ubuntu/lp-1835546-s390x-protvirt-Support-unpack-facility.patch |
106 | +ubuntu/lp-1835546-s390x-protvirt-Add-migration-blocker.patch |
107 | +ubuntu/lp-1835546-s390x-protvirt-Inhibit-balloon-when-switching-to-pro.patch |
108 | +ubuntu/lp-1835546-s390x-protvirt-KVM-intercept-changes.patch |
109 | +ubuntu/lp-1835546-s390x-Add-SIDA-memory-ops.patch |
110 | +ubuntu/lp-1835546-s390x-protvirt-Move-STSI-data-over-SIDAD.patch |
111 | +ubuntu/lp-1835546-s390x-protvirt-SCLP-interpretation.patch |
112 | +ubuntu/lp-1835546-s390x-protvirt-Set-guest-IPL-PSW.patch |
113 | +ubuntu/lp-1835546-s390x-protvirt-Move-diag-308-data-over-SIDA.patch |
114 | +ubuntu/lp-1835546-s390x-protvirt-Disable-address-checks-for-PV-guest-I.patch |
115 | +ubuntu/lp-1835546-s390x-protvirt-Move-IO-control-structures-over-SIDA.patch |
116 | +ubuntu/lp-1835546-s390x-protvirt-Handle-SIGP-store-status-correctly.patch |
117 | +ubuntu/lp-1835546-s390x-Add-unpack-facility-feature-to-GA1.patch |
118 | diff --git a/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch b/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch |
119 | new file mode 100644 |
120 | index 0000000..c980ed6 |
121 | --- /dev/null |
122 | +++ b/debian/patches/stable/lp-1867519-arm-arm-powerctl-rebuild-hflags-after-setting-CP15-b.patch |
123 | @@ -0,0 +1,48 @@ |
124 | +From c8fa6079eb35888587f1be27c1590da4edcc5098 Mon Sep 17 00:00:00 2001 |
125 | +From: Niek Linnenbank <nieklinnenbank@gmail.com> |
126 | +Date: Fri, 20 Dec 2019 14:03:00 +0000 |
127 | +Subject: [PATCH] arm/arm-powerctl: rebuild hflags after setting CP15 bits in |
128 | + arm_set_cpu_on() |
129 | + |
130 | +After setting CP15 bits in arm_set_cpu_on() the cached hflags must |
131 | +be rebuild to reflect the changed processor state. Without rebuilding, |
132 | +the cached hflags would be inconsistent until the next call to |
133 | +arm_rebuild_hflags(). When QEMU is compiled with debugging enabled |
134 | +(--enable-debug), this problem is captured shortly after the first |
135 | +call to arm_set_cpu_on() for CPUs running in ARM 32-bit non-secure mode: |
136 | + |
137 | + qemu-system-arm: target/arm/helper.c:11359: cpu_get_tb_cpu_state: |
138 | + Assertion `flags == rebuild_hflags_internal(env)' failed. |
139 | + Aborted (core dumped) |
140 | + |
141 | +Fixes: 0c7f8c43daf65 |
142 | +Cc: qemu-stable@nongnu.org |
143 | +Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com> |
144 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
145 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
146 | + |
147 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c8fa6079eb35888587f1be27c1590da4edcc5098 |
148 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
149 | +Last-Update: 2020-03-18 |
150 | + |
151 | +--- |
152 | + target/arm/arm-powerctl.c | 3 +++ |
153 | + 1 file changed, 3 insertions(+) |
154 | + |
155 | +diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c |
156 | +index b064513d44..b75f813b40 100644 |
157 | +--- a/target/arm/arm-powerctl.c |
158 | ++++ b/target/arm/arm-powerctl.c |
159 | +@@ -127,6 +127,9 @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state, |
160 | + target_cpu->env.regs[0] = info->context_id; |
161 | + } |
162 | + |
163 | ++ /* CP15 update requires rebuilding hflags */ |
164 | ++ arm_rebuild_hflags(&target_cpu->env); |
165 | ++ |
166 | + /* Start the new CPU at the requested address */ |
167 | + cpu_set_pc(target_cpu_state, info->entry); |
168 | + |
169 | +-- |
170 | +2.25.1 |
171 | + |
172 | diff --git a/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch b/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch |
173 | new file mode 100644 |
174 | index 0000000..b2fa47c |
175 | --- /dev/null |
176 | +++ b/debian/patches/stable/lp-1867519-arm-arm-powerctl-set-NSACR.-CP11-CP10-bits-in-arm_se.patch |
177 | @@ -0,0 +1,49 @@ |
178 | +From 0c7f8c43daf6556078e51de98aa13f069e505985 Mon Sep 17 00:00:00 2001 |
179 | +From: Niek Linnenbank <nieklinnenbank@gmail.com> |
180 | +Date: Mon, 2 Dec 2019 22:09:43 +0100 |
181 | +Subject: [PATCH] arm/arm-powerctl: set NSACR.{CP11, CP10} bits in |
182 | + arm_set_cpu_on() |
183 | + |
184 | +This change ensures that the FPU can be accessed in Non-Secure mode |
185 | +when the CPU core is reset using the arm_set_cpu_on() function call. |
186 | +The NSACR.{CP11,CP10} bits define the exception level required to |
187 | +access the FPU in Non-Secure mode. Without these bits set, the CPU |
188 | +will give an undefined exception trap on the first FPU access for the |
189 | +secondary cores under Linux. |
190 | + |
191 | +This is necessary because in this power-control codepath QEMU |
192 | +is effectively emulating a bit of EL3 firmware, and has to set |
193 | +the CPU up as the EL3 firmware would. |
194 | + |
195 | +Fixes: fc1120a7f5 |
196 | +Cc: qemu-stable@nongnu.org |
197 | +Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com> |
198 | +[PMM: added clarifying para to commit message] |
199 | +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
200 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
201 | + |
202 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0c7f8c43daf6556078e51de98aa13f069e505985 |
203 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
204 | +Last-Update: 2020-03-18 |
205 | + |
206 | +--- |
207 | + target/arm/arm-powerctl.c | 3 +++ |
208 | + 1 file changed, 3 insertions(+) |
209 | + |
210 | +diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c |
211 | +index f77a950db6..b064513d44 100644 |
212 | +--- a/target/arm/arm-powerctl.c |
213 | ++++ b/target/arm/arm-powerctl.c |
214 | +@@ -104,6 +104,9 @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state, |
215 | + /* Processor is not in secure mode */ |
216 | + target_cpu->env.cp15.scr_el3 |= SCR_NS; |
217 | + |
218 | ++ /* Set NSACR.{CP11,CP10} so NS can access the FPU */ |
219 | ++ target_cpu->env.cp15.nsacr |= 3 << 10; |
220 | ++ |
221 | + /* |
222 | + * If QEMU is providing the equivalent of EL3 firmware, then we need |
223 | + * to make sure a CPU targeting EL2 comes out of reset with a |
224 | +-- |
225 | +2.25.1 |
226 | + |
227 | diff --git a/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch b/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch |
228 | new file mode 100644 |
229 | index 0000000..d534297 |
230 | --- /dev/null |
231 | +++ b/debian/patches/stable/lp-1867519-backup-top-Begin-drain-earlier.patch |
232 | @@ -0,0 +1,46 @@ |
233 | +From 503ca1262bab2c11c533a4816d1ff4297d4f58a6 Mon Sep 17 00:00:00 2001 |
234 | +From: Max Reitz <mreitz@redhat.com> |
235 | +Date: Thu, 19 Dec 2019 19:26:38 +0100 |
236 | +Subject: [PATCH] backup-top: Begin drain earlier |
237 | + |
238 | +When dropping backup-top, we need to drain the node before freeing the |
239 | +BlockCopyState. Otherwise, requests may still be in flight and then the |
240 | +assertion in shres_destroy() will fail. |
241 | + |
242 | +(This becomes visible in intermittent failure of 056.) |
243 | + |
244 | +Cc: qemu-stable@nongnu.org |
245 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
246 | +Message-id: 20191219182638.104621-1-mreitz@redhat.com |
247 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
248 | + |
249 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=503ca1262bab2c11c533a4816d1ff4297d4f58a6 |
250 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
251 | +Last-Update: 2020-03-18 |
252 | + |
253 | +--- |
254 | + block/backup-top.c | 4 ++-- |
255 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
256 | + |
257 | +diff --git a/block/backup-top.c b/block/backup-top.c |
258 | +index 7cdb1f8eba..818d3f26b4 100644 |
259 | +--- a/block/backup-top.c |
260 | ++++ b/block/backup-top.c |
261 | +@@ -257,12 +257,12 @@ void bdrv_backup_top_drop(BlockDriverState *bs) |
262 | + BDRVBackupTopState *s = bs->opaque; |
263 | + AioContext *aio_context = bdrv_get_aio_context(bs); |
264 | + |
265 | +- block_copy_state_free(s->bcs); |
266 | +- |
267 | + aio_context_acquire(aio_context); |
268 | + |
269 | + bdrv_drained_begin(bs); |
270 | + |
271 | ++ block_copy_state_free(s->bcs); |
272 | ++ |
273 | + s->active = false; |
274 | + bdrv_child_refresh_perms(bs, bs->backing, &error_abort); |
275 | + bdrv_replace_node(bs, backing_bs(bs), &error_abort); |
276 | +-- |
277 | +2.25.1 |
278 | + |
279 | diff --git a/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch b/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch |
280 | new file mode 100644 |
281 | index 0000000..0a9d490 |
282 | --- /dev/null |
283 | +++ b/debian/patches/stable/lp-1867519-block-Activate-recursively-even-for-already-active-n.patch |
284 | @@ -0,0 +1,108 @@ |
285 | +From 7bb4941ace471fc7dd6ded4749b95b9622baa6ed Mon Sep 17 00:00:00 2001 |
286 | +From: Kevin Wolf <kwolf@redhat.com> |
287 | +Date: Tue, 17 Dec 2019 15:06:38 +0100 |
288 | +Subject: [PATCH] block: Activate recursively even for already active nodes |
289 | + |
290 | +bdrv_invalidate_cache_all() assumes that all nodes in a given subtree |
291 | +are either active or inactive when it starts. Therefore, as soon as it |
292 | +arrives at an already active node, it stops. |
293 | + |
294 | +However, this assumption is wrong. For example, it's possible to take a |
295 | +snapshot of an inactive node, which results in an active overlay over an |
296 | +inactive backing file. The active overlay is probably also the root node |
297 | +of an inactive BlockBackend (blk->disable_perm == true). |
298 | + |
299 | +In this case, bdrv_invalidate_cache_all() does not need to do anything |
300 | +to activate the overlay node, but it still needs to recurse into the |
301 | +children and the parents to make sure that after returning success, |
302 | +really everything is activated. |
303 | + |
304 | +Cc: qemu-stable@nongnu.org |
305 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
306 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
307 | + |
308 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=7bb4941ace471fc7dd6ded4749b95b9622baa6ed |
309 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
310 | +Last-Update: 2020-03-18 |
311 | + |
312 | +--- |
313 | + block.c | 50 ++++++++++++++++++++++++-------------------------- |
314 | + 1 file changed, 24 insertions(+), 26 deletions(-) |
315 | + |
316 | +diff --git a/block.c b/block.c |
317 | +index 73029fad64..1b6f7c86e8 100644 |
318 | +--- a/block.c |
319 | ++++ b/block.c |
320 | +@@ -5335,10 +5335,6 @@ static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, |
321 | + return; |
322 | + } |
323 | + |
324 | +- if (!(bs->open_flags & BDRV_O_INACTIVE)) { |
325 | +- return; |
326 | +- } |
327 | +- |
328 | + QLIST_FOREACH(child, &bs->children, next) { |
329 | + bdrv_co_invalidate_cache(child->bs, &local_err); |
330 | + if (local_err) { |
331 | +@@ -5360,34 +5356,36 @@ static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, |
332 | + * just keep the extended permissions for the next time that an activation |
333 | + * of the image is tried. |
334 | + */ |
335 | +- bs->open_flags &= ~BDRV_O_INACTIVE; |
336 | +- bdrv_get_cumulative_perm(bs, &perm, &shared_perm); |
337 | +- ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err); |
338 | +- if (ret < 0) { |
339 | +- bs->open_flags |= BDRV_O_INACTIVE; |
340 | +- error_propagate(errp, local_err); |
341 | +- return; |
342 | +- } |
343 | +- bdrv_set_perm(bs, perm, shared_perm); |
344 | +- |
345 | +- if (bs->drv->bdrv_co_invalidate_cache) { |
346 | +- bs->drv->bdrv_co_invalidate_cache(bs, &local_err); |
347 | +- if (local_err) { |
348 | ++ if (bs->open_flags & BDRV_O_INACTIVE) { |
349 | ++ bs->open_flags &= ~BDRV_O_INACTIVE; |
350 | ++ bdrv_get_cumulative_perm(bs, &perm, &shared_perm); |
351 | ++ ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err); |
352 | ++ if (ret < 0) { |
353 | + bs->open_flags |= BDRV_O_INACTIVE; |
354 | + error_propagate(errp, local_err); |
355 | + return; |
356 | + } |
357 | +- } |
358 | ++ bdrv_set_perm(bs, perm, shared_perm); |
359 | + |
360 | +- FOR_EACH_DIRTY_BITMAP(bs, bm) { |
361 | +- bdrv_dirty_bitmap_skip_store(bm, false); |
362 | +- } |
363 | ++ if (bs->drv->bdrv_co_invalidate_cache) { |
364 | ++ bs->drv->bdrv_co_invalidate_cache(bs, &local_err); |
365 | ++ if (local_err) { |
366 | ++ bs->open_flags |= BDRV_O_INACTIVE; |
367 | ++ error_propagate(errp, local_err); |
368 | ++ return; |
369 | ++ } |
370 | ++ } |
371 | + |
372 | +- ret = refresh_total_sectors(bs, bs->total_sectors); |
373 | +- if (ret < 0) { |
374 | +- bs->open_flags |= BDRV_O_INACTIVE; |
375 | +- error_setg_errno(errp, -ret, "Could not refresh total sector count"); |
376 | +- return; |
377 | ++ FOR_EACH_DIRTY_BITMAP(bs, bm) { |
378 | ++ bdrv_dirty_bitmap_skip_store(bm, false); |
379 | ++ } |
380 | ++ |
381 | ++ ret = refresh_total_sectors(bs, bs->total_sectors); |
382 | ++ if (ret < 0) { |
383 | ++ bs->open_flags |= BDRV_O_INACTIVE; |
384 | ++ error_setg_errno(errp, -ret, "Could not refresh total sector count"); |
385 | ++ return; |
386 | ++ } |
387 | + } |
388 | + |
389 | + QLIST_FOREACH(parent, &bs->parents, next_parent) { |
390 | +-- |
391 | +2.25.1 |
392 | + |
393 | diff --git a/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch b/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch |
394 | new file mode 100644 |
395 | index 0000000..0ea91e8 |
396 | --- /dev/null |
397 | +++ b/debian/patches/stable/lp-1867519-block-backup-top-fix-failure-path.patch |
398 | @@ -0,0 +1,97 @@ |
399 | +From 0df62f45c1de6c020f1e6fba4eeafd248209b003 Mon Sep 17 00:00:00 2001 |
400 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
401 | +Date: Tue, 21 Jan 2020 17:28:01 +0300 |
402 | +Subject: [PATCH] block/backup-top: fix failure path |
403 | + |
404 | +We can't access top after call bdrv_backup_top_drop, as it is already |
405 | +freed at this time. |
406 | + |
407 | +Also, no needs to unref target child by hand, it will be unrefed on |
408 | +bdrv_close() automatically. |
409 | + |
410 | +So, just do bdrv_backup_top_drop if append succeed and one bdrv_unref |
411 | +otherwise. |
412 | + |
413 | +Note, that in !appended case bdrv_unref(top) moved into drained section |
414 | +on source. It doesn't really matter, but just for code simplicity. |
415 | + |
416 | +Fixes: 7df7868b96404 |
417 | +Cc: qemu-stable@nongnu.org # v4.2.0 |
418 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
419 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
420 | +Message-id: 20200121142802.21467-2-vsementsov@virtuozzo.com |
421 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
422 | + |
423 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0df62f45c1de6c020f1e6fba4eeafd248209b003 |
424 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
425 | +Last-Update: 2020-03-18 |
426 | + |
427 | +--- |
428 | + block/backup-top.c | 21 ++++++++++++--------- |
429 | + 1 file changed, 12 insertions(+), 9 deletions(-) |
430 | + |
431 | +diff --git a/block/backup-top.c b/block/backup-top.c |
432 | +index 9aed2eb4c0..fa78f3256d 100644 |
433 | +--- a/block/backup-top.c |
434 | ++++ b/block/backup-top.c |
435 | +@@ -190,6 +190,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
436 | + BlockDriverState *top = bdrv_new_open_driver(&bdrv_backup_top_filter, |
437 | + filter_node_name, |
438 | + BDRV_O_RDWR, errp); |
439 | ++ bool appended = false; |
440 | + |
441 | + if (!top) { |
442 | + return NULL; |
443 | +@@ -212,8 +213,9 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
444 | + bdrv_append(top, source, &local_err); |
445 | + if (local_err) { |
446 | + error_prepend(&local_err, "Cannot append backup-top filter: "); |
447 | +- goto append_failed; |
448 | ++ goto fail; |
449 | + } |
450 | ++ appended = true; |
451 | + |
452 | + /* |
453 | + * bdrv_append() finished successfully, now we can require permissions |
454 | +@@ -224,14 +226,14 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
455 | + if (local_err) { |
456 | + error_prepend(&local_err, |
457 | + "Cannot set permissions for backup-top filter: "); |
458 | +- goto failed_after_append; |
459 | ++ goto fail; |
460 | + } |
461 | + |
462 | + state->bcs = block_copy_state_new(top->backing, state->target, |
463 | + cluster_size, write_flags, &local_err); |
464 | + if (local_err) { |
465 | + error_prepend(&local_err, "Cannot create block-copy-state: "); |
466 | +- goto failed_after_append; |
467 | ++ goto fail; |
468 | + } |
469 | + *bcs = state->bcs; |
470 | + |
471 | +@@ -239,14 +241,15 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, |
472 | + |
473 | + return top; |
474 | + |
475 | +-failed_after_append: |
476 | +- state->active = false; |
477 | +- bdrv_backup_top_drop(top); |
478 | ++fail: |
479 | ++ if (appended) { |
480 | ++ state->active = false; |
481 | ++ bdrv_backup_top_drop(top); |
482 | ++ } else { |
483 | ++ bdrv_unref(top); |
484 | ++ } |
485 | + |
486 | +-append_failed: |
487 | + bdrv_drained_end(source); |
488 | +- bdrv_unref_child(top, state->target); |
489 | +- bdrv_unref(top); |
490 | + error_propagate(errp, local_err); |
491 | + |
492 | + return NULL; |
493 | +-- |
494 | +2.25.1 |
495 | + |
496 | diff --git a/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch b/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch |
497 | new file mode 100644 |
498 | index 0000000..6eb7652 |
499 | --- /dev/null |
500 | +++ b/debian/patches/stable/lp-1867519-block-block-copy-fix-progress-calculation.patch |
501 | @@ -0,0 +1,201 @@ |
502 | +From d0ebeca14a585f352938062ef8ddde47fe4d39f9 Mon Sep 17 00:00:00 2001 |
503 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
504 | +Date: Wed, 11 Mar 2020 13:29:57 +0300 |
505 | +Subject: [PATCH] block/block-copy: fix progress calculation |
506 | + |
507 | +Assume we have two regions, A and B, and region B is in-flight now, |
508 | +region A is not yet touched, but it is unallocated and should be |
509 | +skipped. |
510 | + |
511 | +Correspondingly, as progress we have |
512 | + |
513 | + total = A + B |
514 | + current = 0 |
515 | + |
516 | +If we reset unallocated region A and call progress_reset_callback, |
517 | +it will calculate 0 bytes dirty in the bitmap and call |
518 | +job_progress_set_remaining, which will set |
519 | + |
520 | + total = current + 0 = 0 + 0 = 0 |
521 | + |
522 | +So, B bytes are actually removed from total accounting. When job |
523 | +finishes we'll have |
524 | + |
525 | + total = 0 |
526 | + current = B |
527 | + |
528 | +, which doesn't sound good. |
529 | + |
530 | +This is because we didn't considered in-flight bytes, actually when |
531 | +calculating remaining, we should have set (in_flight + dirty_bytes) |
532 | +as remaining, not only dirty_bytes. |
533 | + |
534 | +To fix it, let's refactor progress calculation, moving it to block-copy |
535 | +itself instead of fixing callback. And, of course, track in_flight |
536 | +bytes count. |
537 | + |
538 | +We still have to keep one callback, to maintain backup job bytes_read |
539 | +calculation, but it will go on soon, when we turn the whole backup |
540 | +process into one block_copy call. |
541 | + |
542 | +Cc: qemu-stable@nongnu.org |
543 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
544 | +Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> |
545 | +Message-Id: <20200311103004.7649-3-vsementsov@virtuozzo.com> |
546 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
547 | + |
548 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d0ebeca14a585f352938062ef8ddde47fe4d39f9 |
549 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
550 | +Last-Update: 2020-03-18 |
551 | + |
552 | +--- |
553 | + block/backup.c | 13 ++----------- |
554 | + block/block-copy.c | 16 ++++++++++++---- |
555 | + include/block/block-copy.h | 15 +++++---------- |
556 | + 3 files changed, 19 insertions(+), 25 deletions(-) |
557 | + |
558 | +diff --git a/block/backup.c b/block/backup.c |
559 | +index 1383e219f5..8694e0394b 100644 |
560 | +--- a/block/backup.c |
561 | ++++ b/block/backup.c |
562 | +@@ -57,15 +57,6 @@ static void backup_progress_bytes_callback(int64_t bytes, void *opaque) |
563 | + BackupBlockJob *s = opaque; |
564 | + |
565 | + s->bytes_read += bytes; |
566 | +- job_progress_update(&s->common.job, bytes); |
567 | +-} |
568 | +- |
569 | +-static void backup_progress_reset_callback(void *opaque) |
570 | +-{ |
571 | +- BackupBlockJob *s = opaque; |
572 | +- uint64_t estimate = bdrv_get_dirty_count(s->bcs->copy_bitmap); |
573 | +- |
574 | +- job_progress_set_remaining(&s->common.job, estimate); |
575 | + } |
576 | + |
577 | + static int coroutine_fn backup_do_cow(BackupBlockJob *job, |
578 | +@@ -464,8 +455,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, |
579 | + job->cluster_size = cluster_size; |
580 | + job->len = len; |
581 | + |
582 | +- block_copy_set_callbacks(bcs, backup_progress_bytes_callback, |
583 | +- backup_progress_reset_callback, job); |
584 | ++ block_copy_set_progress_callback(bcs, backup_progress_bytes_callback, job); |
585 | ++ block_copy_set_progress_meter(bcs, &job->common.job.progress); |
586 | + |
587 | + /* Required permissions are already taken by backup-top target */ |
588 | + block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, |
589 | +diff --git a/block/block-copy.c b/block/block-copy.c |
590 | +index 79798a1567..e2d7b3b887 100644 |
591 | +--- a/block/block-copy.c |
592 | ++++ b/block/block-copy.c |
593 | +@@ -127,17 +127,20 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, |
594 | + return s; |
595 | + } |
596 | + |
597 | +-void block_copy_set_callbacks( |
598 | ++void block_copy_set_progress_callback( |
599 | + BlockCopyState *s, |
600 | + ProgressBytesCallbackFunc progress_bytes_callback, |
601 | +- ProgressResetCallbackFunc progress_reset_callback, |
602 | + void *progress_opaque) |
603 | + { |
604 | + s->progress_bytes_callback = progress_bytes_callback; |
605 | +- s->progress_reset_callback = progress_reset_callback; |
606 | + s->progress_opaque = progress_opaque; |
607 | + } |
608 | + |
609 | ++void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm) |
610 | ++{ |
611 | ++ s->progress = pm; |
612 | ++} |
613 | ++ |
614 | + /* |
615 | + * block_copy_do_copy |
616 | + * |
617 | +@@ -269,7 +272,9 @@ int64_t block_copy_reset_unallocated(BlockCopyState *s, |
618 | + |
619 | + if (!ret) { |
620 | + bdrv_reset_dirty_bitmap(s->copy_bitmap, offset, bytes); |
621 | +- s->progress_reset_callback(s->progress_opaque); |
622 | ++ progress_set_remaining(s->progress, |
623 | ++ bdrv_get_dirty_count(s->copy_bitmap) + |
624 | ++ s->in_flight_bytes); |
625 | + } |
626 | + |
627 | + *count = bytes; |
628 | +@@ -331,15 +336,18 @@ int coroutine_fn block_copy(BlockCopyState *s, |
629 | + trace_block_copy_process(s, start); |
630 | + |
631 | + bdrv_reset_dirty_bitmap(s->copy_bitmap, start, chunk_end - start); |
632 | ++ s->in_flight_bytes += chunk_end - start; |
633 | + |
634 | + co_get_from_shres(s->mem, chunk_end - start); |
635 | + ret = block_copy_do_copy(s, start, chunk_end, error_is_read); |
636 | + co_put_to_shres(s->mem, chunk_end - start); |
637 | ++ s->in_flight_bytes -= chunk_end - start; |
638 | + if (ret < 0) { |
639 | + bdrv_set_dirty_bitmap(s->copy_bitmap, start, chunk_end - start); |
640 | + break; |
641 | + } |
642 | + |
643 | ++ progress_work_done(s->progress, chunk_end - start); |
644 | + s->progress_bytes_callback(chunk_end - start, s->progress_opaque); |
645 | + start = chunk_end; |
646 | + ret = 0; |
647 | +diff --git a/include/block/block-copy.h b/include/block/block-copy.h |
648 | +index 0a161724d7..9def00068c 100644 |
649 | +--- a/include/block/block-copy.h |
650 | ++++ b/include/block/block-copy.h |
651 | +@@ -26,7 +26,6 @@ typedef struct BlockCopyInFlightReq { |
652 | + } BlockCopyInFlightReq; |
653 | + |
654 | + typedef void (*ProgressBytesCallbackFunc)(int64_t bytes, void *opaque); |
655 | +-typedef void (*ProgressResetCallbackFunc)(void *opaque); |
656 | + typedef struct BlockCopyState { |
657 | + /* |
658 | + * BdrvChild objects are not owned or managed by block-copy. They are |
659 | +@@ -36,6 +35,7 @@ typedef struct BlockCopyState { |
660 | + BdrvChild *source; |
661 | + BdrvChild *target; |
662 | + BdrvDirtyBitmap *copy_bitmap; |
663 | ++ int64_t in_flight_bytes; |
664 | + int64_t cluster_size; |
665 | + bool use_copy_range; |
666 | + int64_t copy_size; |
667 | +@@ -60,15 +60,9 @@ typedef struct BlockCopyState { |
668 | + */ |
669 | + bool skip_unallocated; |
670 | + |
671 | ++ ProgressMeter *progress; |
672 | + /* progress_bytes_callback: called when some copying progress is done. */ |
673 | + ProgressBytesCallbackFunc progress_bytes_callback; |
674 | +- |
675 | +- /* |
676 | +- * progress_reset_callback: called when some bytes reset from copy_bitmap |
677 | +- * (see @skip_unallocated above). The callee is assumed to recalculate how |
678 | +- * many bytes remain based on the dirty bit count of copy_bitmap. |
679 | +- */ |
680 | +- ProgressResetCallbackFunc progress_reset_callback; |
681 | + void *progress_opaque; |
682 | + |
683 | + SharedResource *mem; |
684 | +@@ -79,12 +73,13 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, |
685 | + BdrvRequestFlags write_flags, |
686 | + Error **errp); |
687 | + |
688 | +-void block_copy_set_callbacks( |
689 | ++void block_copy_set_progress_callback( |
690 | + BlockCopyState *s, |
691 | + ProgressBytesCallbackFunc progress_bytes_callback, |
692 | +- ProgressResetCallbackFunc progress_reset_callback, |
693 | + void *progress_opaque); |
694 | + |
695 | ++void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm); |
696 | ++ |
697 | + void block_copy_state_free(BlockCopyState *s); |
698 | + |
699 | + int64_t block_copy_reset_unallocated(BlockCopyState *s, |
700 | +-- |
701 | +2.25.1 |
702 | + |
703 | diff --git a/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch b/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch |
704 | new file mode 100644 |
705 | index 0000000..a84fdd7 |
706 | --- /dev/null |
707 | +++ b/debian/patches/stable/lp-1867519-block-fix-crash-on-zero-length-unaligned-write-and-r.patch |
708 | @@ -0,0 +1,107 @@ |
709 | +From ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8 Mon Sep 17 00:00:00 2001 |
710 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
711 | +Date: Thu, 6 Feb 2020 19:42:45 +0300 |
712 | +Subject: [PATCH] block: fix crash on zero-length unaligned write and read |
713 | + |
714 | +Commit 7a3f542fbd "block/io: refactor padding" occasionally dropped |
715 | +aligning for zero-length request: bdrv_init_padding() blindly return |
716 | +false if bytes == 0, like there is nothing to align. |
717 | + |
718 | +This leads the following command to crash: |
719 | + |
720 | +./qemu-io --image-opts -c 'write 1 0' \ |
721 | + driver=blkdebug,align=512,image.driver=null-co,image.size=512 |
722 | + |
723 | +>> qemu-io: block/io.c:1955: bdrv_aligned_pwritev: Assertion |
724 | + `(offset & (align - 1)) == 0' failed. |
725 | +>> Aborted (core dumped) |
726 | + |
727 | +Prior to 7a3f542fbd we does aligning of such zero requests. Instead of |
728 | +recovering this behavior let's just do nothing on such requests as it |
729 | +is useless. |
730 | + |
731 | +Note that driver may have special meaning of zero-length reqeusts, like |
732 | +qcow2_co_pwritev_compressed_part, so we can't skip any zero-length |
733 | +operation. But for unaligned ones, we can't pass it to driver anyway. |
734 | + |
735 | +This commit also fixes crash in iotest 80 running with -nocache: |
736 | + |
737 | +./check -nocache -qcow2 80 |
738 | + |
739 | +which crashes on same assertion due to trying to read empty extra data |
740 | +in qcow2_do_read_snapshots(). |
741 | + |
742 | +Cc: qemu-stable@nongnu.org # v4.2 |
743 | +Fixes: 7a3f542fbd |
744 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
745 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
746 | +Message-id: 20200206164245.17781-1-vsementsov@virtuozzo.com |
747 | +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
748 | + |
749 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8 |
750 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
751 | +Last-Update: 2020-03-18 |
752 | + |
753 | +--- |
754 | + block/io.c | 28 +++++++++++++++++++++++++++- |
755 | + 1 file changed, 27 insertions(+), 1 deletion(-) |
756 | + |
757 | +diff --git a/block/io.c b/block/io.c |
758 | +index 1eb2b2bddc..7e4cb74cf4 100644 |
759 | +--- a/block/io.c |
760 | ++++ b/block/io.c |
761 | +@@ -1565,10 +1565,12 @@ static bool bdrv_init_padding(BlockDriverState *bs, |
762 | + pad->tail = align - pad->tail; |
763 | + } |
764 | + |
765 | +- if ((!pad->head && !pad->tail) || !bytes) { |
766 | ++ if (!pad->head && !pad->tail) { |
767 | + return false; |
768 | + } |
769 | + |
770 | ++ assert(bytes); /* Nothing good in aligning zero-length requests */ |
771 | ++ |
772 | + sum = pad->head + bytes + pad->tail; |
773 | + pad->buf_len = (sum > align && pad->head && pad->tail) ? 2 * align : align; |
774 | + pad->buf = qemu_blockalign(bs, pad->buf_len); |
775 | +@@ -1706,6 +1708,18 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child, |
776 | + return ret; |
777 | + } |
778 | + |
779 | ++ if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) { |
780 | ++ /* |
781 | ++ * Aligning zero request is nonsense. Even if driver has special meaning |
782 | ++ * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass |
783 | ++ * it to driver due to request_alignment. |
784 | ++ * |
785 | ++ * Still, no reason to return an error if someone do unaligned |
786 | ++ * zero-length read occasionally. |
787 | ++ */ |
788 | ++ return 0; |
789 | ++ } |
790 | ++ |
791 | + bdrv_inc_in_flight(bs); |
792 | + |
793 | + /* Don't do copy-on-read if we read data before write operation */ |
794 | +@@ -2116,6 +2130,18 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child, |
795 | + return -ENOTSUP; |
796 | + } |
797 | + |
798 | ++ if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) { |
799 | ++ /* |
800 | ++ * Aligning zero request is nonsense. Even if driver has special meaning |
801 | ++ * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass |
802 | ++ * it to driver due to request_alignment. |
803 | ++ * |
804 | ++ * Still, no reason to return an error if someone do unaligned |
805 | ++ * zero-length write occasionally. |
806 | ++ */ |
807 | ++ return 0; |
808 | ++ } |
809 | ++ |
810 | + bdrv_inc_in_flight(bs); |
811 | + /* |
812 | + * Align write if necessary by performing a read-modify-write cycle. |
813 | +-- |
814 | +2.25.1 |
815 | + |
816 | diff --git a/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch b/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch |
817 | new file mode 100644 |
818 | index 0000000..84335eb |
819 | --- /dev/null |
820 | +++ b/debian/patches/stable/lp-1867519-block-io-fix-bdrv_co_do_copy_on_readv.patch |
821 | @@ -0,0 +1,44 @@ |
822 | +From 4ab78b19189a81038e744728ed949d09aa477550 Mon Sep 17 00:00:00 2001 |
823 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
824 | +Date: Thu, 12 Mar 2020 11:19:49 +0300 |
825 | +Subject: [PATCH] block/io: fix bdrv_co_do_copy_on_readv |
826 | + |
827 | +Prior to 1143ec5ebf4 it was OK to qemu_iovec_from_buf() from aligned-up |
828 | +buffer to original qiov, as qemu_iovec_from_buf() will stop at qiov end |
829 | +anyway. |
830 | + |
831 | +But after 1143ec5ebf4 we assume that bdrv_co_do_copy_on_readv works on |
832 | +part of original qiov, defined by qiov_offset and bytes. So we must not |
833 | +touch qiov behind qiov_offset+bytes bound. Fix it. |
834 | + |
835 | +Cc: qemu-stable@nongnu.org # v4.2 |
836 | +Fixes: 1143ec5ebf4 |
837 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
838 | +Reviewed-by: John Snow <jsnow@redhat.com> |
839 | +Message-id: 20200312081949.5350-1-vsementsov@virtuozzo.com |
840 | +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
841 | + |
842 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=4ab78b19189a81038e744728ed949d09aa477550 |
843 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
844 | +Last-Update: 2020-03-18 |
845 | + |
846 | +--- |
847 | + block/io.c | 2 +- |
848 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
849 | + |
850 | +diff --git a/block/io.c b/block/io.c |
851 | +index 7e4cb74cf4..aba67f66b9 100644 |
852 | +--- a/block/io.c |
853 | ++++ b/block/io.c |
854 | +@@ -1399,7 +1399,7 @@ static int coroutine_fn bdrv_co_do_copy_on_readv(BdrvChild *child, |
855 | + if (!(flags & BDRV_REQ_PREFETCH)) { |
856 | + qemu_iovec_from_buf(qiov, qiov_offset + progress, |
857 | + bounce_buffer + skip_bytes, |
858 | +- pnum - skip_bytes); |
859 | ++ MIN(pnum - skip_bytes, bytes - progress)); |
860 | + } |
861 | + } else if (!(flags & BDRV_REQ_PREFETCH)) { |
862 | + /* Read directly into the destination */ |
863 | +-- |
864 | +2.25.1 |
865 | + |
866 | diff --git a/debian/patches/stable/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch b/debian/patches/stable/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch |
867 | new file mode 100644 |
868 | index 0000000..8dc2409 |
869 | --- /dev/null |
870 | +++ b/debian/patches/stable/lp-1867519-block-nbd-extract-the-common-cleanup-code.patch |
871 | @@ -0,0 +1,78 @@ |
872 | +From 7f493662be4045146a8f45119d8834c9088a0ad6 Mon Sep 17 00:00:00 2001 |
873 | +From: Pan Nengyuan <pannengyuan@huawei.com> |
874 | +Date: Thu, 5 Dec 2019 11:45:27 +0800 |
875 | +Subject: [PATCH] block/nbd: extract the common cleanup code |
876 | + |
877 | +The BDRVNBDState cleanup code is common in two places, add |
878 | +nbd_clear_bdrvstate() function to do these cleanups. |
879 | + |
880 | +Suggested-by: Stefano Garzarella <sgarzare@redhat.com> |
881 | +Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> |
882 | +Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
883 | +Message-Id: <1575517528-44312-2-git-send-email-pannengyuan@huawei.com> |
884 | +Reviewed-by: Eric Blake <eblake@redhat.com> |
885 | +[eblake: fix compilation error and commit message] |
886 | +Signed-off-by: Eric Blake <eblake@redhat.com> |
887 | + |
888 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=7f493662be4045146a8f45119d8834c9088a0ad6 |
889 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
890 | +Last-Update: 2020-03-18 |
891 | + |
892 | +--- |
893 | + block/nbd.c | 26 +++++++++++++++----------- |
894 | + 1 file changed, 15 insertions(+), 11 deletions(-) |
895 | + |
896 | +diff --git a/block/nbd.c b/block/nbd.c |
897 | +index f69e61e68a..ed0f93ab27 100644 |
898 | +--- a/block/nbd.c |
899 | ++++ b/block/nbd.c |
900 | +@@ -95,6 +95,19 @@ typedef struct BDRVNBDState { |
901 | + |
902 | + static int nbd_client_connect(BlockDriverState *bs, Error **errp); |
903 | + |
904 | ++static void nbd_clear_bdrvstate(BDRVNBDState *s) |
905 | ++{ |
906 | ++ object_unref(OBJECT(s->tlscreds)); |
907 | ++ qapi_free_SocketAddress(s->saddr); |
908 | ++ s->saddr = NULL; |
909 | ++ g_free(s->export); |
910 | ++ s->export = NULL; |
911 | ++ g_free(s->tlscredsid); |
912 | ++ s->tlscredsid = NULL; |
913 | ++ g_free(s->x_dirty_bitmap); |
914 | ++ s->x_dirty_bitmap = NULL; |
915 | ++} |
916 | ++ |
917 | + static void nbd_channel_error(BDRVNBDState *s, int ret) |
918 | + { |
919 | + if (ret == -EIO) { |
920 | +@@ -1879,11 +1892,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options, |
921 | + |
922 | + error: |
923 | + if (ret < 0) { |
924 | +- object_unref(OBJECT(s->tlscreds)); |
925 | +- qapi_free_SocketAddress(s->saddr); |
926 | +- g_free(s->export); |
927 | +- g_free(s->tlscredsid); |
928 | +- g_free(s->x_dirty_bitmap); |
929 | ++ nbd_clear_bdrvstate(s); |
930 | + } |
931 | + qemu_opts_del(opts); |
932 | + return ret; |
933 | +@@ -1962,12 +1971,7 @@ static void nbd_close(BlockDriverState *bs) |
934 | + BDRVNBDState *s = bs->opaque; |
935 | + |
936 | + nbd_client_close(bs); |
937 | +- |
938 | +- object_unref(OBJECT(s->tlscreds)); |
939 | +- qapi_free_SocketAddress(s->saddr); |
940 | +- g_free(s->export); |
941 | +- g_free(s->tlscredsid); |
942 | +- g_free(s->x_dirty_bitmap); |
943 | ++ nbd_clear_bdrvstate(s); |
944 | + } |
945 | + |
946 | + static int64_t nbd_getlength(BlockDriverState *bs) |
947 | +-- |
948 | +2.25.1 |
949 | + |
950 | diff --git a/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch b/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch |
951 | new file mode 100644 |
952 | index 0000000..dde008d |
953 | --- /dev/null |
954 | +++ b/debian/patches/stable/lp-1867519-block-nbd-fix-memory-leak-in-nbd_open.patch |
955 | @@ -0,0 +1,76 @@ |
956 | +From 8198cf5ef0ef98118b4176970d1cd998d93ec849 Mon Sep 17 00:00:00 2001 |
957 | +From: Pan Nengyuan <pannengyuan@huawei.com> |
958 | +Date: Thu, 5 Dec 2019 11:45:28 +0800 |
959 | +Subject: [PATCH] block/nbd: fix memory leak in nbd_open() |
960 | + |
961 | +In currently implementation there will be a memory leak when |
962 | +nbd_client_connect() returns error status. Here is an easy way to |
963 | +reproduce: |
964 | + |
965 | +1. run qemu-iotests as follow and check the result with asan: |
966 | + ./check -raw 143 |
967 | + |
968 | +Following is the asan output backtrack: |
969 | +Direct leak of 40 byte(s) in 1 object(s) allocated from: |
970 | + #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560) |
971 | + #1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015) |
972 | + #2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295 |
973 | + #3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49 |
974 | + #4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386 |
975 | + #5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716 |
976 | + #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829 |
977 | + #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 |
978 | + |
979 | +Direct leak of 15 byte(s) in 1 object(s) allocated from: |
980 | + #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0) |
981 | + #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd) |
982 | + #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace) |
983 | + #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834 |
984 | + #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 |
985 | + |
986 | +Indirect leak of 24 byte(s) in 1 object(s) allocated from: |
987 | + #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0) |
988 | + #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd) |
989 | + #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace) |
990 | + #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536 |
991 | + #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297 |
992 | + #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141 |
993 | + #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366 |
994 | + #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393 |
995 | + #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716 |
996 | + #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829 |
997 | + #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 |
998 | + |
999 | +Fixes: 8f071c9db506e03ab |
1000 | +Reported-by: Euler Robot <euler.robot@huawei.com> |
1001 | +Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> |
1002 | +Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1003 | +Cc: qemu-stable <qemu-stable@nongnu.org> |
1004 | +Cc: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1005 | +Message-Id: <1575517528-44312-3-git-send-email-pannengyuan@huawei.com> |
1006 | +Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> |
1007 | +Signed-off-by: Eric Blake <eblake@redhat.com> |
1008 | + |
1009 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=8198cf5ef0ef98118b4176970d1cd998d93ec849 |
1010 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1011 | +Last-Update: 2020-03-18 |
1012 | + |
1013 | +--- |
1014 | + block/nbd.c | 1 + |
1015 | + 1 file changed, 1 insertion(+) |
1016 | + |
1017 | +diff --git a/block/nbd.c b/block/nbd.c |
1018 | +index ed0f93ab27..976be76647 100644 |
1019 | +--- a/block/nbd.c |
1020 | ++++ b/block/nbd.c |
1021 | +@@ -1915,6 +1915,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags, |
1022 | + |
1023 | + ret = nbd_client_connect(bs, errp); |
1024 | + if (ret < 0) { |
1025 | ++ nbd_clear_bdrvstate(s); |
1026 | + return ret; |
1027 | + } |
1028 | + /* successfully connected */ |
1029 | +-- |
1030 | +2.25.1 |
1031 | + |
1032 | diff --git a/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch b/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch |
1033 | new file mode 100644 |
1034 | index 0000000..bf4169e |
1035 | --- /dev/null |
1036 | +++ b/debian/patches/stable/lp-1867519-block-qcow2-threads-fix-qcow2_decompress.patch |
1037 | @@ -0,0 +1,79 @@ |
1038 | +From e7266570f2cf7b3ca2a156c677ee0a59d563458b Mon Sep 17 00:00:00 2001 |
1039 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1040 | +Date: Mon, 2 Mar 2020 18:09:30 +0300 |
1041 | +Subject: [PATCH] block/qcow2-threads: fix qcow2_decompress |
1042 | +MIME-Version: 1.0 |
1043 | +Content-Type: text/plain; charset=UTF-8 |
1044 | +Content-Transfer-Encoding: 8bit |
1045 | + |
1046 | +On success path we return what inflate() returns instead of 0. And it |
1047 | +most probably works for Z_STREAM_END as it is positive, but is |
1048 | +definitely broken for Z_BUF_ERROR. |
1049 | + |
1050 | +While being here, switch to errno return code, to be closer to |
1051 | +qcow2_compress API (and usual expectations). |
1052 | + |
1053 | +Revert condition in if to be more positive. Drop dead initialization of |
1054 | +ret. |
1055 | + |
1056 | +Cc: qemu-stable@nongnu.org # v4.0 |
1057 | +Fixes: 341926ab83e2b |
1058 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1059 | +Message-Id: <20200302150930.16218-1-vsementsov@virtuozzo.com> |
1060 | +Reviewed-by: Alberto Garcia <berto@igalia.com> |
1061 | +Reviewed-by: Ján Tomko <jtomko@redhat.com> |
1062 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1063 | + |
1064 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=e7266570f2cf7b3ca2a156c677ee0a59d563458b |
1065 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1066 | +Last-Update: 2020-03-18 |
1067 | + |
1068 | +--- |
1069 | + block/qcow2-threads.c | 12 +++++++----- |
1070 | + 1 file changed, 7 insertions(+), 5 deletions(-) |
1071 | + |
1072 | +diff --git a/block/qcow2-threads.c b/block/qcow2-threads.c |
1073 | +index 77bb578cdf..a68126f291 100644 |
1074 | +--- a/block/qcow2-threads.c |
1075 | ++++ b/block/qcow2-threads.c |
1076 | +@@ -128,12 +128,12 @@ static ssize_t qcow2_compress(void *dest, size_t dest_size, |
1077 | + * @src - source buffer, @src_size bytes |
1078 | + * |
1079 | + * Returns: 0 on success |
1080 | +- * -1 on fail |
1081 | ++ * -EIO on fail |
1082 | + */ |
1083 | + static ssize_t qcow2_decompress(void *dest, size_t dest_size, |
1084 | + const void *src, size_t src_size) |
1085 | + { |
1086 | +- int ret = 0; |
1087 | ++ int ret; |
1088 | + z_stream strm; |
1089 | + |
1090 | + memset(&strm, 0, sizeof(strm)); |
1091 | +@@ -144,17 +144,19 @@ static ssize_t qcow2_decompress(void *dest, size_t dest_size, |
1092 | + |
1093 | + ret = inflateInit2(&strm, -12); |
1094 | + if (ret != Z_OK) { |
1095 | +- return -1; |
1096 | ++ return -EIO; |
1097 | + } |
1098 | + |
1099 | + ret = inflate(&strm, Z_FINISH); |
1100 | +- if ((ret != Z_STREAM_END && ret != Z_BUF_ERROR) || strm.avail_out != 0) { |
1101 | ++ if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) { |
1102 | + /* |
1103 | + * We approve Z_BUF_ERROR because we need @dest buffer to be filled, but |
1104 | + * @src buffer may be processed partly (because in qcow2 we know size of |
1105 | + * compressed data with precision of one sector) |
1106 | + */ |
1107 | +- ret = -1; |
1108 | ++ ret = 0; |
1109 | ++ } else { |
1110 | ++ ret = -EIO; |
1111 | + } |
1112 | + |
1113 | + inflateEnd(&strm); |
1114 | +-- |
1115 | +2.25.1 |
1116 | + |
1117 | diff --git a/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch b/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch |
1118 | new file mode 100644 |
1119 | index 0000000..c6aa3a3 |
1120 | --- /dev/null |
1121 | +++ b/debian/patches/stable/lp-1867519-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch |
1122 | @@ -0,0 +1,58 @@ |
1123 | +From a88c40f02ace88f09b2a85a64831b277b2ebc88c Mon Sep 17 00:00:00 2001 |
1124 | +From: Peter Wu <peter@lekensteyn.nl> |
1125 | +Date: Sat, 21 Dec 2019 17:21:24 +0100 |
1126 | +Subject: [PATCH] hw/i386/pc: fix regression in parsing vga cmdline parameter |
1127 | + |
1128 | +When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0 |
1129 | +would refuse to start with a rather cryptic message: |
1130 | + |
1131 | + $ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet' |
1132 | + qemu: can't parse 'vga' parameter: Invalid argument |
1133 | + |
1134 | +It was not clear whether this applied to the '-vga std' parameter or the |
1135 | +'-append' one. Fix the parsing regression and clarify the error. |
1136 | + |
1137 | +Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()") |
1138 | +Cc: Sergio Lopez <slp@redhat.com> |
1139 | +Signed-off-by: Peter Wu <peter@lekensteyn.nl> |
1140 | +Message-Id: <20191221162124.1159291-1-peter@lekensteyn.nl> |
1141 | +Cc: qemu-stable@nongnu.org |
1142 | +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
1143 | + |
1144 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a88c40f02ace88f09b2a85a64831b277b2ebc88c |
1145 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1146 | +Last-Update: 2020-03-18 |
1147 | + |
1148 | +--- |
1149 | + hw/i386/x86.c | 8 ++++---- |
1150 | + 1 file changed, 4 insertions(+), 4 deletions(-) |
1151 | + |
1152 | +diff --git a/hw/i386/x86.c b/hw/i386/x86.c |
1153 | +index d8bb5c2a96..9b9a4d5837 100644 |
1154 | +--- a/hw/i386/x86.c |
1155 | ++++ b/hw/i386/x86.c |
1156 | +@@ -612,6 +612,7 @@ void x86_load_linux(X86MachineState *x86ms, |
1157 | + vmode = strstr(kernel_cmdline, "vga="); |
1158 | + if (vmode) { |
1159 | + unsigned int video_mode; |
1160 | ++ const char *end; |
1161 | + int ret; |
1162 | + /* skip "vga=" */ |
1163 | + vmode += 4; |
1164 | +@@ -622,10 +623,9 @@ void x86_load_linux(X86MachineState *x86ms, |
1165 | + } else if (!strncmp(vmode, "ask", 3)) { |
1166 | + video_mode = 0xfffd; |
1167 | + } else { |
1168 | +- ret = qemu_strtoui(vmode, NULL, 0, &video_mode); |
1169 | +- if (ret != 0) { |
1170 | +- fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n", |
1171 | +- strerror(-ret)); |
1172 | ++ ret = qemu_strtoui(vmode, &end, 0, &video_mode); |
1173 | ++ if (ret != 0 || (*end && *end != ' ')) { |
1174 | ++ fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n"); |
1175 | + exit(1); |
1176 | + } |
1177 | + } |
1178 | +-- |
1179 | +2.25.1 |
1180 | + |
1181 | diff --git a/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch b/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch |
1182 | new file mode 100644 |
1183 | index 0000000..4d13d20 |
1184 | --- /dev/null |
1185 | +++ b/debian/patches/stable/lp-1867519-intel_iommu-a-fix-to-vtd_find_as_from_bus_num.patch |
1186 | @@ -0,0 +1,44 @@ |
1187 | +From a2e1cd41ccfe796529abfd1b6aeb1dd4393762a2 Mon Sep 17 00:00:00 2001 |
1188 | +From: Liu Yi L <yi.l.liu@intel.com> |
1189 | +Date: Fri, 3 Jan 2020 21:28:05 +0800 |
1190 | +Subject: [PATCH] intel_iommu: a fix to vtd_find_as_from_bus_num() |
1191 | + |
1192 | +Ensure the return value of vtd_find_as_from_bus_num() is NULL by |
1193 | +enforcing vtd_bus=NULL. This would help caller of vtd_find_as_from_bus_num() |
1194 | +to decide if any further operation on the returned vtd_bus. |
1195 | + |
1196 | +Cc: qemu-stable@nongnu.org |
1197 | +Cc: Kevin Tian <kevin.tian@intel.com> |
1198 | +Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> |
1199 | +Cc: Peter Xu <peterx@redhat.com> |
1200 | +Cc: Yi Sun <yi.y.sun@linux.intel.com> |
1201 | +Signed-off-by: Liu Yi L <yi.l.liu@intel.com> |
1202 | +Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com> |
1203 | +Message-Id: <1578058086-4288-2-git-send-email-yi.l.liu@intel.com> |
1204 | +Reviewed-by: Peter Xu <peterx@redhat.com> |
1205 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
1206 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
1207 | + |
1208 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a2e1cd41ccfe796529abfd1b6aeb1dd4393762a2 |
1209 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1210 | +Last-Update: 2020-03-18 |
1211 | + |
1212 | +--- |
1213 | + hw/i386/intel_iommu.c | 1 + |
1214 | + 1 file changed, 1 insertion(+) |
1215 | + |
1216 | +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c |
1217 | +index ee06993675..609b80750a 100644 |
1218 | +--- a/hw/i386/intel_iommu.c |
1219 | ++++ b/hw/i386/intel_iommu.c |
1220 | +@@ -948,6 +948,7 @@ static VTDBus *vtd_find_as_from_bus_num(IntelIOMMUState *s, uint8_t bus_num) |
1221 | + return vtd_bus; |
1222 | + } |
1223 | + } |
1224 | ++ vtd_bus = NULL; |
1225 | + } |
1226 | + return vtd_bus; |
1227 | + } |
1228 | +-- |
1229 | +2.25.1 |
1230 | + |
1231 | diff --git a/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch b/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch |
1232 | new file mode 100644 |
1233 | index 0000000..02548a2 |
1234 | --- /dev/null |
1235 | +++ b/debian/patches/stable/lp-1867519-intel_iommu-add-present-bit-check-for-pasid-table-en.patch |
1236 | @@ -0,0 +1,202 @@ |
1237 | +From 56fc1e6ac6bde95bc0369d358587f2234d4dddad Mon Sep 17 00:00:00 2001 |
1238 | +From: Liu Yi L <yi.l.liu@intel.com> |
1239 | +Date: Fri, 3 Jan 2020 21:28:06 +0800 |
1240 | +Subject: [PATCH] intel_iommu: add present bit check for pasid table entries |
1241 | + |
1242 | +The present bit check for pasid entry (pe) and pasid directory |
1243 | +entry (pdire) were missed in previous commits as fpd bit check |
1244 | +doesn't require present bit as "Set". This patch adds the present |
1245 | +bit check for callers which wants to get a valid pe/pdire. |
1246 | + |
1247 | +Cc: qemu-stable@nongnu.org |
1248 | +Cc: Kevin Tian <kevin.tian@intel.com> |
1249 | +Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> |
1250 | +Cc: Peter Xu <peterx@redhat.com> |
1251 | +Cc: Yi Sun <yi.y.sun@linux.intel.com> |
1252 | +Reviewed-by: Peter Xu <peterx@redhat.com> |
1253 | +Signed-off-by: Liu Yi L <yi.l.liu@intel.com> |
1254 | +Message-Id: <1578058086-4288-3-git-send-email-yi.l.liu@intel.com> |
1255 | +Reviewed-by: Peter Xu <peterx@redhat.com> |
1256 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
1257 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
1258 | + |
1259 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=56fc1e6ac6bde95bc0369d358587f2234d4dddad |
1260 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1261 | +Last-Update: 2020-03-18 |
1262 | + |
1263 | +--- |
1264 | + hw/i386/intel_iommu.c | 92 +++++++++++++++++++++++++++------- |
1265 | + hw/i386/intel_iommu_internal.h | 1 + |
1266 | + 2 files changed, 74 insertions(+), 19 deletions(-) |
1267 | + |
1268 | +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c |
1269 | +index 609b80750a..a523ef0e65 100644 |
1270 | +--- a/hw/i386/intel_iommu.c |
1271 | ++++ b/hw/i386/intel_iommu.c |
1272 | +@@ -686,9 +686,18 @@ static inline bool vtd_pe_type_check(X86IOMMUState *x86_iommu, |
1273 | + return true; |
1274 | + } |
1275 | + |
1276 | +-static int vtd_get_pasid_dire(dma_addr_t pasid_dir_base, |
1277 | +- uint32_t pasid, |
1278 | +- VTDPASIDDirEntry *pdire) |
1279 | ++static inline bool vtd_pdire_present(VTDPASIDDirEntry *pdire) |
1280 | ++{ |
1281 | ++ return pdire->val & 1; |
1282 | ++} |
1283 | ++ |
1284 | ++/** |
1285 | ++ * Caller of this function should check present bit if wants |
1286 | ++ * to use pdir entry for futher usage except for fpd bit check. |
1287 | ++ */ |
1288 | ++static int vtd_get_pdire_from_pdir_table(dma_addr_t pasid_dir_base, |
1289 | ++ uint32_t pasid, |
1290 | ++ VTDPASIDDirEntry *pdire) |
1291 | + { |
1292 | + uint32_t index; |
1293 | + dma_addr_t addr, entry_size; |
1294 | +@@ -703,18 +712,22 @@ static int vtd_get_pasid_dire(dma_addr_t pasid_dir_base, |
1295 | + return 0; |
1296 | + } |
1297 | + |
1298 | +-static int vtd_get_pasid_entry(IntelIOMMUState *s, |
1299 | +- uint32_t pasid, |
1300 | +- VTDPASIDDirEntry *pdire, |
1301 | +- VTDPASIDEntry *pe) |
1302 | ++static inline bool vtd_pe_present(VTDPASIDEntry *pe) |
1303 | ++{ |
1304 | ++ return pe->val[0] & VTD_PASID_ENTRY_P; |
1305 | ++} |
1306 | ++ |
1307 | ++static int vtd_get_pe_in_pasid_leaf_table(IntelIOMMUState *s, |
1308 | ++ uint32_t pasid, |
1309 | ++ dma_addr_t addr, |
1310 | ++ VTDPASIDEntry *pe) |
1311 | + { |
1312 | + uint32_t index; |
1313 | +- dma_addr_t addr, entry_size; |
1314 | ++ dma_addr_t entry_size; |
1315 | + X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s); |
1316 | + |
1317 | + index = VTD_PASID_TABLE_INDEX(pasid); |
1318 | + entry_size = VTD_PASID_ENTRY_SIZE; |
1319 | +- addr = pdire->val & VTD_PASID_TABLE_BASE_ADDR_MASK; |
1320 | + addr = addr + index * entry_size; |
1321 | + if (dma_memory_read(&address_space_memory, addr, pe, entry_size)) { |
1322 | + return -VTD_FR_PASID_TABLE_INV; |
1323 | +@@ -732,25 +745,54 @@ static int vtd_get_pasid_entry(IntelIOMMUState *s, |
1324 | + return 0; |
1325 | + } |
1326 | + |
1327 | +-static int vtd_get_pasid_entry_from_pasid(IntelIOMMUState *s, |
1328 | +- dma_addr_t pasid_dir_base, |
1329 | +- uint32_t pasid, |
1330 | +- VTDPASIDEntry *pe) |
1331 | ++/** |
1332 | ++ * Caller of this function should check present bit if wants |
1333 | ++ * to use pasid entry for futher usage except for fpd bit check. |
1334 | ++ */ |
1335 | ++static int vtd_get_pe_from_pdire(IntelIOMMUState *s, |
1336 | ++ uint32_t pasid, |
1337 | ++ VTDPASIDDirEntry *pdire, |
1338 | ++ VTDPASIDEntry *pe) |
1339 | ++{ |
1340 | ++ dma_addr_t addr = pdire->val & VTD_PASID_TABLE_BASE_ADDR_MASK; |
1341 | ++ |
1342 | ++ return vtd_get_pe_in_pasid_leaf_table(s, pasid, addr, pe); |
1343 | ++} |
1344 | ++ |
1345 | ++/** |
1346 | ++ * This function gets a pasid entry from a specified pasid |
1347 | ++ * table (includes dir and leaf table) with a specified pasid. |
1348 | ++ * Sanity check should be done to ensure return a present |
1349 | ++ * pasid entry to caller. |
1350 | ++ */ |
1351 | ++static int vtd_get_pe_from_pasid_table(IntelIOMMUState *s, |
1352 | ++ dma_addr_t pasid_dir_base, |
1353 | ++ uint32_t pasid, |
1354 | ++ VTDPASIDEntry *pe) |
1355 | + { |
1356 | + int ret; |
1357 | + VTDPASIDDirEntry pdire; |
1358 | + |
1359 | +- ret = vtd_get_pasid_dire(pasid_dir_base, pasid, &pdire); |
1360 | ++ ret = vtd_get_pdire_from_pdir_table(pasid_dir_base, |
1361 | ++ pasid, &pdire); |
1362 | + if (ret) { |
1363 | + return ret; |
1364 | + } |
1365 | + |
1366 | +- ret = vtd_get_pasid_entry(s, pasid, &pdire, pe); |
1367 | ++ if (!vtd_pdire_present(&pdire)) { |
1368 | ++ return -VTD_FR_PASID_TABLE_INV; |
1369 | ++ } |
1370 | ++ |
1371 | ++ ret = vtd_get_pe_from_pdire(s, pasid, &pdire, pe); |
1372 | + if (ret) { |
1373 | + return ret; |
1374 | + } |
1375 | + |
1376 | +- return ret; |
1377 | ++ if (!vtd_pe_present(pe)) { |
1378 | ++ return -VTD_FR_PASID_TABLE_INV; |
1379 | ++ } |
1380 | ++ |
1381 | ++ return 0; |
1382 | + } |
1383 | + |
1384 | + static int vtd_ce_get_rid2pasid_entry(IntelIOMMUState *s, |
1385 | +@@ -763,7 +805,7 @@ static int vtd_ce_get_rid2pasid_entry(IntelIOMMUState *s, |
1386 | + |
1387 | + pasid = VTD_CE_GET_RID2PASID(ce); |
1388 | + pasid_dir_base = VTD_CE_GET_PASID_DIR_TABLE(ce); |
1389 | +- ret = vtd_get_pasid_entry_from_pasid(s, pasid_dir_base, pasid, pe); |
1390 | ++ ret = vtd_get_pe_from_pasid_table(s, pasid_dir_base, pasid, pe); |
1391 | + |
1392 | + return ret; |
1393 | + } |
1394 | +@@ -781,7 +823,11 @@ static int vtd_ce_get_pasid_fpd(IntelIOMMUState *s, |
1395 | + pasid = VTD_CE_GET_RID2PASID(ce); |
1396 | + pasid_dir_base = VTD_CE_GET_PASID_DIR_TABLE(ce); |
1397 | + |
1398 | +- ret = vtd_get_pasid_dire(pasid_dir_base, pasid, &pdire); |
1399 | ++ /* |
1400 | ++ * No present bit check since fpd is meaningful even |
1401 | ++ * if the present bit is clear. |
1402 | ++ */ |
1403 | ++ ret = vtd_get_pdire_from_pdir_table(pasid_dir_base, pasid, &pdire); |
1404 | + if (ret) { |
1405 | + return ret; |
1406 | + } |
1407 | +@@ -791,7 +837,15 @@ static int vtd_ce_get_pasid_fpd(IntelIOMMUState *s, |
1408 | + return 0; |
1409 | + } |
1410 | + |
1411 | +- ret = vtd_get_pasid_entry(s, pasid, &pdire, &pe); |
1412 | ++ if (!vtd_pdire_present(&pdire)) { |
1413 | ++ return -VTD_FR_PASID_TABLE_INV; |
1414 | ++ } |
1415 | ++ |
1416 | ++ /* |
1417 | ++ * No present bit check since fpd is meaningful even |
1418 | ++ * if the present bit is clear. |
1419 | ++ */ |
1420 | ++ ret = vtd_get_pe_from_pdire(s, pasid, &pdire, &pe); |
1421 | + if (ret) { |
1422 | + return ret; |
1423 | + } |
1424 | +diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h |
1425 | +index edcf9fc9bb..862033ebe6 100644 |
1426 | +--- a/hw/i386/intel_iommu_internal.h |
1427 | ++++ b/hw/i386/intel_iommu_internal.h |
1428 | +@@ -479,6 +479,7 @@ typedef struct VTDRootEntry VTDRootEntry; |
1429 | + #define VTD_PASID_ENTRY_FPD (1ULL << 1) /* Fault Processing Disable */ |
1430 | + |
1431 | + /* PASID Granular Translation Type Mask */ |
1432 | ++#define VTD_PASID_ENTRY_P 1ULL |
1433 | + #define VTD_SM_PASID_ENTRY_PGTT (7ULL << 6) |
1434 | + #define VTD_SM_PASID_ENTRY_FLT (1ULL << 6) |
1435 | + #define VTD_SM_PASID_ENTRY_SLT (2ULL << 6) |
1436 | +-- |
1437 | +2.25.1 |
1438 | + |
1439 | diff --git a/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch b/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch |
1440 | new file mode 100644 |
1441 | index 0000000..790c5d4 |
1442 | --- /dev/null |
1443 | +++ b/debian/patches/stable/lp-1867519-iotests-add-test-for-backup-top-failure-on-permissio.patch |
1444 | @@ -0,0 +1,138 @@ |
1445 | +From a541fcc27c98b96da187c7d4573f3270f3ddd283 Mon Sep 17 00:00:00 2001 |
1446 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1447 | +Date: Tue, 21 Jan 2020 17:28:02 +0300 |
1448 | +Subject: [PATCH] iotests: add test for backup-top failure on permission |
1449 | + activation |
1450 | + |
1451 | +This test checks that bug is really fixed by previous commit. |
1452 | + |
1453 | +Cc: qemu-stable@nongnu.org # v4.2.0 |
1454 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1455 | +Message-id: 20200121142802.21467-3-vsementsov@virtuozzo.com |
1456 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1457 | + |
1458 | +Origin: backport, https://git.qemu.org/?p=qemu.git;a=commit;h=a541fcc27c98b96da187c7d4573f3270f3ddd283 |
1459 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1460 | +Last-Update: 2020-03-18 |
1461 | + |
1462 | +--- |
1463 | + tests/qemu-iotests/283 | 92 ++++++++++++++++++++++++++++++++++++++ |
1464 | + tests/qemu-iotests/283.out | 8 ++++ |
1465 | + tests/qemu-iotests/group | 1 + |
1466 | + 3 files changed, 101 insertions(+) |
1467 | + create mode 100644 tests/qemu-iotests/283 |
1468 | + create mode 100644 tests/qemu-iotests/283.out |
1469 | + |
1470 | +--- /dev/null |
1471 | ++++ b/tests/qemu-iotests/283 |
1472 | +@@ -0,0 +1,92 @@ |
1473 | ++#!/usr/bin/env python |
1474 | ++# |
1475 | ++# Test for backup-top filter permission activation failure |
1476 | ++# |
1477 | ++# Copyright (c) 2019 Virtuozzo International GmbH. |
1478 | ++# |
1479 | ++# This program is free software; you can redistribute it and/or modify |
1480 | ++# it under the terms of the GNU General Public License as published by |
1481 | ++# the Free Software Foundation; either version 2 of the License, or |
1482 | ++# (at your option) any later version. |
1483 | ++# |
1484 | ++# This program is distributed in the hope that it will be useful, |
1485 | ++# but WITHOUT ANY WARRANTY; without even the implied warranty of |
1486 | ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
1487 | ++# GNU General Public License for more details. |
1488 | ++# |
1489 | ++# You should have received a copy of the GNU General Public License |
1490 | ++# along with this program. If not, see <http://www.gnu.org/licenses/>. |
1491 | ++# |
1492 | ++ |
1493 | ++import iotests |
1494 | ++ |
1495 | ++# The test is unrelated to formats, restrict it to qcow2 to avoid extra runs |
1496 | ++iotests.verify_image_format(supported_fmts=['qcow2']) |
1497 | ++ |
1498 | ++size = 1024 * 1024 |
1499 | ++ |
1500 | ++""" Test description |
1501 | ++ |
1502 | ++When performing a backup, all writes on the source subtree must go through the |
1503 | ++backup-top filter so it can copy all data to the target before it is changed. |
1504 | ++backup-top filter is appended above source node, to achieve this thing, so all |
1505 | ++parents of source node are handled. A configuration with side parents of source |
1506 | ++sub-tree with write permission is unsupported (we'd have append several |
1507 | ++backup-top filter like nodes to handle such parents). The test create an |
1508 | ++example of such configuration and checks that a backup is then not allowed |
1509 | ++(blockdev-backup command should fail). |
1510 | ++ |
1511 | ++The configuration: |
1512 | ++ |
1513 | ++ ┌────────┐ target ┌─────────────┐ |
1514 | ++ │ target │ ◀─────── │ backup_top │ |
1515 | ++ └────────┘ └─────────────┘ |
1516 | ++ │ |
1517 | ++ │ backing |
1518 | ++ ▼ |
1519 | ++ ┌─────────────┐ |
1520 | ++ │ source │ |
1521 | ++ └─────────────┘ |
1522 | ++ │ |
1523 | ++ │ file |
1524 | ++ ▼ |
1525 | ++ ┌─────────────┐ write perm ┌───────┐ |
1526 | ++ │ base │ ◀──────────── │ other │ |
1527 | ++ └─────────────┘ └───────┘ |
1528 | ++ |
1529 | ++On activation (see .active field of backup-top state in block/backup-top.c), |
1530 | ++backup-top is going to unshare write permission on its source child. Write |
1531 | ++unsharing will be propagated to the "source->base" link and will conflict with |
1532 | ++other node write permission. So permission update will fail and backup job will |
1533 | ++not be started. |
1534 | ++ |
1535 | ++Note, that the only thing which prevents backup of running on such |
1536 | ++configuration is default permission propagation scheme. It may be altered by |
1537 | ++different block drivers, so backup will run in invalid configuration. But |
1538 | ++something is better than nothing. Also, before the previous commit (commit |
1539 | ++preceding this test creation), starting backup on such configuration led to |
1540 | ++crash, so current "something" is a lot better, and this test actual goal is |
1541 | ++to check that crash is fixed :) |
1542 | ++""" |
1543 | ++ |
1544 | ++vm = iotests.VM() |
1545 | ++vm.launch() |
1546 | ++ |
1547 | ++vm.qmp_log('blockdev-add', **{'node-name': 'target', 'driver': 'null-co'}) |
1548 | ++ |
1549 | ++vm.qmp_log('blockdev-add', **{ |
1550 | ++ 'node-name': 'source', |
1551 | ++ 'driver': 'blkdebug', |
1552 | ++ 'image': {'node-name': 'base', 'driver': 'null-co', 'size': size} |
1553 | ++}) |
1554 | ++ |
1555 | ++vm.qmp_log('blockdev-add', **{ |
1556 | ++ 'node-name': 'other', |
1557 | ++ 'driver': 'blkdebug', |
1558 | ++ 'image': 'base', |
1559 | ++ 'take-child-perms': ['write'] |
1560 | ++}) |
1561 | ++ |
1562 | ++vm.qmp_log('blockdev-backup', sync='full', device='source', target='target') |
1563 | ++ |
1564 | ++vm.shutdown() |
1565 | +--- /dev/null |
1566 | ++++ b/tests/qemu-iotests/283.out |
1567 | +@@ -0,0 +1,8 @@ |
1568 | ++{"execute": "blockdev-add", "arguments": {"driver": "null-co", "node-name": "target"}} |
1569 | ++{"return": {}} |
1570 | ++{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": {"driver": "null-co", "node-name": "base", "size": 1048576}, "node-name": "source"}} |
1571 | ++{"return": {}} |
1572 | ++{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": "base", "node-name": "other", "take-child-perms": ["write"]}} |
1573 | ++{"return": {}} |
1574 | ++{"execute": "blockdev-backup", "arguments": {"device": "source", "sync": "full", "target": "target"}} |
1575 | ++{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by other as 'image', which uses 'write' on base"}} |
1576 | +--- a/tests/qemu-iotests/group |
1577 | ++++ b/tests/qemu-iotests/group |
1578 | +@@ -286,3 +286,4 @@ |
1579 | + 272 rw |
1580 | + 273 backing quick |
1581 | + 277 rw quick |
1582 | ++283 auto quick |
1583 | diff --git a/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch b/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch |
1584 | new file mode 100644 |
1585 | index 0000000..a31cf9f |
1586 | --- /dev/null |
1587 | +++ b/debian/patches/stable/lp-1867519-job-refactor-progress-to-separate-object.patch |
1588 | @@ -0,0 +1,230 @@ |
1589 | +From 01fe1ca945345d3dc420d70c69488143dc0451b1 Mon Sep 17 00:00:00 2001 |
1590 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1591 | +Date: Wed, 11 Mar 2020 13:29:56 +0300 |
1592 | +Subject: [PATCH] job: refactor progress to separate object |
1593 | + |
1594 | +We need it in separate to pass to the block-copy object in the next |
1595 | +commit. |
1596 | + |
1597 | +Cc: qemu-stable@nongnu.org |
1598 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1599 | +Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> |
1600 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
1601 | +Message-Id: <20200311103004.7649-2-vsementsov@virtuozzo.com> |
1602 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1603 | + |
1604 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=01fe1ca945345d3dc420d70c69488143dc0451b1 |
1605 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1606 | +Last-Update: 2020-03-18 |
1607 | + |
1608 | +--- |
1609 | + blockjob.c | 16 +++++----- |
1610 | + include/qemu/job.h | 11 ++----- |
1611 | + include/qemu/progress_meter.h | 58 +++++++++++++++++++++++++++++++++++ |
1612 | + job-qmp.c | 4 +-- |
1613 | + job.c | 6 ++-- |
1614 | + qemu-img.c | 6 ++-- |
1615 | + 6 files changed, 76 insertions(+), 25 deletions(-) |
1616 | + create mode 100644 include/qemu/progress_meter.h |
1617 | + |
1618 | +diff --git a/blockjob.c b/blockjob.c |
1619 | +index 5d63b1e89d..fc850312c1 100644 |
1620 | +--- a/blockjob.c |
1621 | ++++ b/blockjob.c |
1622 | +@@ -299,8 +299,8 @@ BlockJobInfo *block_job_query(BlockJob *job, Error **errp) |
1623 | + info->device = g_strdup(job->job.id); |
1624 | + info->busy = atomic_read(&job->job.busy); |
1625 | + info->paused = job->job.pause_count > 0; |
1626 | +- info->offset = job->job.progress_current; |
1627 | +- info->len = job->job.progress_total; |
1628 | ++ info->offset = job->job.progress.current; |
1629 | ++ info->len = job->job.progress.total; |
1630 | + info->speed = job->speed; |
1631 | + info->io_status = job->iostatus; |
1632 | + info->ready = job_is_ready(&job->job), |
1633 | +@@ -330,8 +330,8 @@ static void block_job_event_cancelled(Notifier *n, void *opaque) |
1634 | + |
1635 | + qapi_event_send_block_job_cancelled(job_type(&job->job), |
1636 | + job->job.id, |
1637 | +- job->job.progress_total, |
1638 | +- job->job.progress_current, |
1639 | ++ job->job.progress.total, |
1640 | ++ job->job.progress.current, |
1641 | + job->speed); |
1642 | + } |
1643 | + |
1644 | +@@ -350,8 +350,8 @@ static void block_job_event_completed(Notifier *n, void *opaque) |
1645 | + |
1646 | + qapi_event_send_block_job_completed(job_type(&job->job), |
1647 | + job->job.id, |
1648 | +- job->job.progress_total, |
1649 | +- job->job.progress_current, |
1650 | ++ job->job.progress.total, |
1651 | ++ job->job.progress.current, |
1652 | + job->speed, |
1653 | + !!msg, |
1654 | + msg); |
1655 | +@@ -379,8 +379,8 @@ static void block_job_event_ready(Notifier *n, void *opaque) |
1656 | + |
1657 | + qapi_event_send_block_job_ready(job_type(&job->job), |
1658 | + job->job.id, |
1659 | +- job->job.progress_total, |
1660 | +- job->job.progress_current, |
1661 | ++ job->job.progress.total, |
1662 | ++ job->job.progress.current, |
1663 | + job->speed); |
1664 | + } |
1665 | + |
1666 | +diff --git a/include/qemu/job.h b/include/qemu/job.h |
1667 | +index bd59cd8944..32aabb1c60 100644 |
1668 | +--- a/include/qemu/job.h |
1669 | ++++ b/include/qemu/job.h |
1670 | +@@ -28,6 +28,7 @@ |
1671 | + |
1672 | + #include "qapi/qapi-types-job.h" |
1673 | + #include "qemu/queue.h" |
1674 | ++#include "qemu/progress_meter.h" |
1675 | + #include "qemu/coroutine.h" |
1676 | + #include "block/aio.h" |
1677 | + |
1678 | +@@ -117,15 +118,7 @@ typedef struct Job { |
1679 | + /** True if this job should automatically dismiss itself */ |
1680 | + bool auto_dismiss; |
1681 | + |
1682 | +- /** |
1683 | +- * Current progress. The unit is arbitrary as long as the ratio between |
1684 | +- * progress_current and progress_total represents the estimated percentage |
1685 | +- * of work already done. |
1686 | +- */ |
1687 | +- int64_t progress_current; |
1688 | +- |
1689 | +- /** Estimated progress_current value at the completion of the job */ |
1690 | +- int64_t progress_total; |
1691 | ++ ProgressMeter progress; |
1692 | + |
1693 | + /** |
1694 | + * Return code from @run and/or @prepare callback(s). |
1695 | +diff --git a/include/qemu/progress_meter.h b/include/qemu/progress_meter.h |
1696 | +new file mode 100644 |
1697 | +index 0000000000..9a23ff071c |
1698 | +--- /dev/null |
1699 | ++++ b/include/qemu/progress_meter.h |
1700 | +@@ -0,0 +1,58 @@ |
1701 | ++/* |
1702 | ++ * Helper functionality for some process progress tracking. |
1703 | ++ * |
1704 | ++ * Copyright (c) 2011 IBM Corp. |
1705 | ++ * Copyright (c) 2012, 2018 Red Hat, Inc. |
1706 | ++ * Copyright (c) 2020 Virtuozzo International GmbH |
1707 | ++ * |
1708 | ++ * Permission is hereby granted, free of charge, to any person obtaining a copy |
1709 | ++ * of this software and associated documentation files (the "Software"), to deal |
1710 | ++ * in the Software without restriction, including without limitation the rights |
1711 | ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
1712 | ++ * copies of the Software, and to permit persons to whom the Software is |
1713 | ++ * furnished to do so, subject to the following conditions: |
1714 | ++ * |
1715 | ++ * The above copyright notice and this permission notice shall be included in |
1716 | ++ * all copies or substantial portions of the Software. |
1717 | ++ * |
1718 | ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
1719 | ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
1720 | ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
1721 | ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
1722 | ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
1723 | ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
1724 | ++ * THE SOFTWARE. |
1725 | ++ */ |
1726 | ++ |
1727 | ++#ifndef QEMU_PROGRESS_METER_H |
1728 | ++#define QEMU_PROGRESS_METER_H |
1729 | ++ |
1730 | ++typedef struct ProgressMeter { |
1731 | ++ /** |
1732 | ++ * Current progress. The unit is arbitrary as long as the ratio between |
1733 | ++ * current and total represents the estimated percentage |
1734 | ++ * of work already done. |
1735 | ++ */ |
1736 | ++ uint64_t current; |
1737 | ++ |
1738 | ++ /** Estimated current value at the completion of the process */ |
1739 | ++ uint64_t total; |
1740 | ++} ProgressMeter; |
1741 | ++ |
1742 | ++static inline void progress_work_done(ProgressMeter *pm, uint64_t done) |
1743 | ++{ |
1744 | ++ pm->current += done; |
1745 | ++} |
1746 | ++ |
1747 | ++static inline void progress_set_remaining(ProgressMeter *pm, uint64_t remaining) |
1748 | ++{ |
1749 | ++ pm->total = pm->current + remaining; |
1750 | ++} |
1751 | ++ |
1752 | ++static inline void progress_increase_remaining(ProgressMeter *pm, |
1753 | ++ uint64_t delta) |
1754 | ++{ |
1755 | ++ pm->total += delta; |
1756 | ++} |
1757 | ++ |
1758 | ++#endif /* QEMU_PROGRESS_METER_H */ |
1759 | +diff --git a/job-qmp.c b/job-qmp.c |
1760 | +index fbfed25a00..fecc939ebd 100644 |
1761 | +--- a/job-qmp.c |
1762 | ++++ b/job-qmp.c |
1763 | +@@ -143,8 +143,8 @@ static JobInfo *job_query_single(Job *job, Error **errp) |
1764 | + .id = g_strdup(job->id), |
1765 | + .type = job_type(job), |
1766 | + .status = job->status, |
1767 | +- .current_progress = job->progress_current, |
1768 | +- .total_progress = job->progress_total, |
1769 | ++ .current_progress = job->progress.current, |
1770 | ++ .total_progress = job->progress.total, |
1771 | + .has_error = !!job->err, |
1772 | + .error = job->err ? \ |
1773 | + g_strdup(error_get_pretty(job->err)) : NULL, |
1774 | +diff --git a/job.c b/job.c |
1775 | +index 04409b40aa..134a07b92e 100644 |
1776 | +--- a/job.c |
1777 | ++++ b/job.c |
1778 | +@@ -369,17 +369,17 @@ void job_unref(Job *job) |
1779 | + |
1780 | + void job_progress_update(Job *job, uint64_t done) |
1781 | + { |
1782 | +- job->progress_current += done; |
1783 | ++ progress_work_done(&job->progress, done); |
1784 | + } |
1785 | + |
1786 | + void job_progress_set_remaining(Job *job, uint64_t remaining) |
1787 | + { |
1788 | +- job->progress_total = job->progress_current + remaining; |
1789 | ++ progress_set_remaining(&job->progress, remaining); |
1790 | + } |
1791 | + |
1792 | + void job_progress_increase_remaining(Job *job, uint64_t delta) |
1793 | + { |
1794 | +- job->progress_total += delta; |
1795 | ++ progress_increase_remaining(&job->progress, delta); |
1796 | + } |
1797 | + |
1798 | + void job_event_cancelled(Job *job) |
1799 | +diff --git a/qemu-img.c b/qemu-img.c |
1800 | +index 7b7087dd60..afddf33f08 100644 |
1801 | +--- a/qemu-img.c |
1802 | ++++ b/qemu-img.c |
1803 | +@@ -884,9 +884,9 @@ static void run_block_job(BlockJob *job, Error **errp) |
1804 | + do { |
1805 | + float progress = 0.0f; |
1806 | + aio_poll(aio_context, true); |
1807 | +- if (job->job.progress_total) { |
1808 | +- progress = (float)job->job.progress_current / |
1809 | +- job->job.progress_total * 100.f; |
1810 | ++ if (job->job.progress.total) { |
1811 | ++ progress = (float)job->job.progress.current / |
1812 | ++ job->job.progress.total * 100.f; |
1813 | + } |
1814 | + qemu_progress_print(progress, 0); |
1815 | + } while (!job_is_ready(&job->job) && !job_is_completed(&job->job)); |
1816 | +-- |
1817 | +2.25.1 |
1818 | + |
1819 | diff --git a/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch b/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch |
1820 | new file mode 100644 |
1821 | index 0000000..5047c62 |
1822 | --- /dev/null |
1823 | +++ b/debian/patches/stable/lp-1867519-plugins-core-add-missing-break-in-cb_to_tcg_flags.patch |
1824 | @@ -0,0 +1,41 @@ |
1825 | +From dcc474c69e6a59044b9bb54624bd636cbfd98aa9 Mon Sep 17 00:00:00 2001 |
1826 | +From: "Emilio G. Cota" <cota@braap.org> |
1827 | +Date: Tue, 25 Feb 2020 12:47:02 +0000 |
1828 | +Subject: [PATCH] plugins/core: add missing break in cb_to_tcg_flags |
1829 | +MIME-Version: 1.0 |
1830 | +Content-Type: text/plain; charset=UTF-8 |
1831 | +Content-Transfer-Encoding: 8bit |
1832 | + |
1833 | +Fixes: 54cb65d8588 |
1834 | +Reported-by: Robert Henry <robhenry@microsoft.com> |
1835 | +Signed-off-by: Emilio G. Cota <cota@braap.org> |
1836 | +Signed-off-by: Alex Bennée <alex.bennee@linaro.org> |
1837 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
1838 | +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> |
1839 | +Message-Id: <20200105072940.32204-1-cota@braap.org> |
1840 | +Cc: qemu-stable@nongnu.org |
1841 | +Message-Id: <20200225124710.14152-12-alex.bennee@linaro.org> |
1842 | + |
1843 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=dcc474c69e6a59044b9bb54624bd636cbfd98aa9 |
1844 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1845 | +Last-Update: 2020-03-18 |
1846 | + |
1847 | +--- |
1848 | + plugins/core.c | 1 + |
1849 | + 1 file changed, 1 insertion(+) |
1850 | + |
1851 | +diff --git a/plugins/core.c b/plugins/core.c |
1852 | +index 9e1b9e7a91..ed863011ba 100644 |
1853 | +--- a/plugins/core.c |
1854 | ++++ b/plugins/core.c |
1855 | +@@ -286,6 +286,7 @@ static inline uint32_t cb_to_tcg_flags(enum qemu_plugin_cb_flags flags) |
1856 | + switch (flags) { |
1857 | + case QEMU_PLUGIN_CB_RW_REGS: |
1858 | + ret = 0; |
1859 | ++ break; |
1860 | + case QEMU_PLUGIN_CB_R_REGS: |
1861 | + ret = TCG_CALL_NO_WG; |
1862 | + break; |
1863 | +-- |
1864 | +2.25.1 |
1865 | + |
1866 | diff --git a/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch b/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch |
1867 | new file mode 100644 |
1868 | index 0000000..ed7560a |
1869 | --- /dev/null |
1870 | +++ b/debian/patches/stable/lp-1867519-qcow2-Fix-alloc_cluster_abort-for-pre-existing-clust.patch |
1871 | @@ -0,0 +1,39 @@ |
1872 | +From 3ede935fdbbd5f7b24b4724bbfb8938acb5956d8 Mon Sep 17 00:00:00 2001 |
1873 | +From: Max Reitz <mreitz@redhat.com> |
1874 | +Date: Tue, 25 Feb 2020 15:31:28 +0100 |
1875 | +Subject: [PATCH] qcow2: Fix alloc_cluster_abort() for pre-existing clusters |
1876 | + |
1877 | +handle_alloc() reuses preallocated zero clusters. If anything goes |
1878 | +wrong during the data write, we do not change their L2 entry, so we |
1879 | +must not let qcow2_alloc_cluster_abort() free them. |
1880 | + |
1881 | +Fixes: 8b24cd141549b5b264baeddd4e72902cfb5de23b |
1882 | +Cc: qemu-stable@nongnu.org |
1883 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1884 | +Message-Id: <20200225143130.111267-2-mreitz@redhat.com> |
1885 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
1886 | + |
1887 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=3ede935fdbbd5f7b24b4724bbfb8938acb5956d8 |
1888 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1889 | +Last-Update: 2020-03-18 |
1890 | + |
1891 | +--- |
1892 | + block/qcow2-cluster.c | 2 +- |
1893 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1894 | + |
1895 | +diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c |
1896 | +index 78c95dfa16..17f1363279 100644 |
1897 | +--- a/block/qcow2-cluster.c |
1898 | ++++ b/block/qcow2-cluster.c |
1899 | +@@ -1026,7 +1026,7 @@ err: |
1900 | + void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m) |
1901 | + { |
1902 | + BDRVQcow2State *s = bs->opaque; |
1903 | +- if (!has_data_file(bs)) { |
1904 | ++ if (!has_data_file(bs) && !m->keep_old_clusters) { |
1905 | + qcow2_free_clusters(bs, m->alloc_offset, |
1906 | + m->nb_clusters << s->cluster_bits, |
1907 | + QCOW2_DISCARD_NEVER); |
1908 | +-- |
1909 | +2.25.1 |
1910 | + |
1911 | diff --git a/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch b/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch |
1912 | new file mode 100644 |
1913 | index 0000000..b7acd5b |
1914 | --- /dev/null |
1915 | +++ b/debian/patches/stable/lp-1867519-qcow2-Fix-qcow2_alloc_cluster_abort-for-external-dat.patch |
1916 | @@ -0,0 +1,44 @@ |
1917 | +From c3b6658c1a5a3fb24d6c27b2594cf86146f75b22 Mon Sep 17 00:00:00 2001 |
1918 | +From: Kevin Wolf <kwolf@redhat.com> |
1919 | +Date: Tue, 11 Feb 2020 10:48:59 +0100 |
1920 | +Subject: [PATCH] qcow2: Fix qcow2_alloc_cluster_abort() for external data file |
1921 | + |
1922 | +For external data file, cluster allocations return an offset in the data |
1923 | +file and are not refcounted. In this case, there is nothing to do for |
1924 | +qcow2_alloc_cluster_abort(). Freeing the same offset in the qcow2 file |
1925 | +is wrong and causes crashes in the better case or image corruption in |
1926 | +the worse case. |
1927 | + |
1928 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
1929 | +Message-Id: <20200211094900.17315-3-kwolf@redhat.com> |
1930 | +Signed-off-by: Kevin Wolf <kwolf@redhat.com> |
1931 | + |
1932 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c3b6658c1a5a3fb24d6c27b2594cf86146f75b22 |
1933 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1934 | +Last-Update: 2020-03-18 |
1935 | + |
1936 | +--- |
1937 | + block/qcow2-cluster.c | 7 +++++-- |
1938 | + 1 file changed, 5 insertions(+), 2 deletions(-) |
1939 | + |
1940 | +diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c |
1941 | +index 1947f13a2d..78c95dfa16 100644 |
1942 | +--- a/block/qcow2-cluster.c |
1943 | ++++ b/block/qcow2-cluster.c |
1944 | +@@ -1026,8 +1026,11 @@ err: |
1945 | + void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m) |
1946 | + { |
1947 | + BDRVQcow2State *s = bs->opaque; |
1948 | +- qcow2_free_clusters(bs, m->alloc_offset, m->nb_clusters << s->cluster_bits, |
1949 | +- QCOW2_DISCARD_NEVER); |
1950 | ++ if (!has_data_file(bs)) { |
1951 | ++ qcow2_free_clusters(bs, m->alloc_offset, |
1952 | ++ m->nb_clusters << s->cluster_bits, |
1953 | ++ QCOW2_DISCARD_NEVER); |
1954 | ++ } |
1955 | + } |
1956 | + |
1957 | + /* |
1958 | +-- |
1959 | +2.25.1 |
1960 | + |
1961 | diff --git a/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch b/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch |
1962 | new file mode 100644 |
1963 | index 0000000..b1b1869 |
1964 | --- /dev/null |
1965 | +++ b/debian/patches/stable/lp-1867519-qcow2-bitmaps-fix-qcow2_can_store_new_dirty_bitmap.patch |
1966 | @@ -0,0 +1,102 @@ |
1967 | +From a1db8733d28d615bc0daeada6c406a6dd5c5d5ef Mon Sep 17 00:00:00 2001 |
1968 | +From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1969 | +Date: Mon, 14 Oct 2019 14:51:25 +0300 |
1970 | +Subject: [PATCH] qcow2-bitmaps: fix qcow2_can_store_new_dirty_bitmap |
1971 | + |
1972 | +qcow2_can_store_new_dirty_bitmap works wrong, as it considers only |
1973 | +bitmaps already stored in the qcow2 image and ignores persistent |
1974 | +BdrvDirtyBitmap objects. |
1975 | + |
1976 | +So, let's instead count persistent BdrvDirtyBitmaps. We load all qcow2 |
1977 | +bitmaps on open, so there should not be any bitmap in the image for |
1978 | +which we don't have BdrvDirtyBitmaps version. If it is - it's a kind of |
1979 | +corruption, and no reason to check for corruptions here (open() and |
1980 | +close() are better places for it). |
1981 | + |
1982 | +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> |
1983 | +Message-id: 20191014115126.15360-2-vsementsov@virtuozzo.com |
1984 | +Reviewed-by: Max Reitz <mreitz@redhat.com> |
1985 | +Cc: qemu-stable@nongnu.org |
1986 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
1987 | + |
1988 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=a1db8733d28d615bc0daeada6c406a6dd5c5d5ef |
1989 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
1990 | +Last-Update: 2020-03-18 |
1991 | + |
1992 | +--- |
1993 | + block/qcow2-bitmap.c | 41 ++++++++++++++++++----------------------- |
1994 | + 1 file changed, 18 insertions(+), 23 deletions(-) |
1995 | + |
1996 | +diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c |
1997 | +index c6c8ebbe89..d41f5d049b 100644 |
1998 | +--- a/block/qcow2-bitmap.c |
1999 | ++++ b/block/qcow2-bitmap.c |
2000 | +@@ -1703,8 +1703,14 @@ bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs, |
2001 | + Error **errp) |
2002 | + { |
2003 | + BDRVQcow2State *s = bs->opaque; |
2004 | +- bool found; |
2005 | +- Qcow2BitmapList *bm_list; |
2006 | ++ BdrvDirtyBitmap *bitmap; |
2007 | ++ uint64_t bitmap_directory_size = 0; |
2008 | ++ uint32_t nb_bitmaps = 0; |
2009 | ++ |
2010 | ++ if (bdrv_find_dirty_bitmap(bs, name)) { |
2011 | ++ error_setg(errp, "Bitmap already exists: %s", name); |
2012 | ++ return false; |
2013 | ++ } |
2014 | + |
2015 | + if (s->qcow_version < 3) { |
2016 | + /* Without autoclear_features, we would always have to assume |
2017 | +@@ -1720,38 +1726,27 @@ bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs, |
2018 | + goto fail; |
2019 | + } |
2020 | + |
2021 | +- if (s->nb_bitmaps == 0) { |
2022 | +- return true; |
2023 | ++ FOR_EACH_DIRTY_BITMAP(bs, bitmap) { |
2024 | ++ if (bdrv_dirty_bitmap_get_persistence(bitmap)) { |
2025 | ++ nb_bitmaps++; |
2026 | ++ bitmap_directory_size += |
2027 | ++ calc_dir_entry_size(strlen(bdrv_dirty_bitmap_name(bitmap)), 0); |
2028 | ++ } |
2029 | + } |
2030 | ++ nb_bitmaps++; |
2031 | ++ bitmap_directory_size += calc_dir_entry_size(strlen(name), 0); |
2032 | + |
2033 | +- if (s->nb_bitmaps >= QCOW2_MAX_BITMAPS) { |
2034 | ++ if (nb_bitmaps > QCOW2_MAX_BITMAPS) { |
2035 | + error_setg(errp, |
2036 | + "Maximum number of persistent bitmaps is already reached"); |
2037 | + goto fail; |
2038 | + } |
2039 | + |
2040 | +- if (s->bitmap_directory_size + calc_dir_entry_size(strlen(name), 0) > |
2041 | +- QCOW2_MAX_BITMAP_DIRECTORY_SIZE) |
2042 | +- { |
2043 | ++ if (bitmap_directory_size > QCOW2_MAX_BITMAP_DIRECTORY_SIZE) { |
2044 | + error_setg(errp, "Not enough space in the bitmap directory"); |
2045 | + goto fail; |
2046 | + } |
2047 | + |
2048 | +- qemu_co_mutex_lock(&s->lock); |
2049 | +- bm_list = bitmap_list_load(bs, s->bitmap_directory_offset, |
2050 | +- s->bitmap_directory_size, errp); |
2051 | +- qemu_co_mutex_unlock(&s->lock); |
2052 | +- if (bm_list == NULL) { |
2053 | +- goto fail; |
2054 | +- } |
2055 | +- |
2056 | +- found = find_bitmap_by_name(bm_list, name); |
2057 | +- bitmap_list_free(bm_list); |
2058 | +- if (found) { |
2059 | +- error_setg(errp, "Bitmap with the same name is already stored"); |
2060 | +- goto fail; |
2061 | +- } |
2062 | +- |
2063 | + return true; |
2064 | + |
2065 | + fail: |
2066 | +-- |
2067 | +2.25.1 |
2068 | + |
2069 | diff --git a/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch b/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch |
2070 | new file mode 100644 |
2071 | index 0000000..ed8ab96 |
2072 | --- /dev/null |
2073 | +++ b/debian/patches/stable/lp-1867519-qemu-img-Fix-convert-n-B-for-backing-less-targets.patch |
2074 | @@ -0,0 +1,54 @@ |
2075 | +From c69291e712ae4ef95f628424db6586473da61d43 Mon Sep 17 00:00:00 2001 |
2076 | +From: Max Reitz <mreitz@redhat.com> |
2077 | +Date: Tue, 21 Jan 2020 16:59:14 +0100 |
2078 | +Subject: [PATCH] qemu-img: Fix convert -n -B for backing-less targets |
2079 | + |
2080 | +s.target_has_backing does not reflect whether the target BDS has a |
2081 | +backing file; it only tells whether we should use a backing file during |
2082 | +conversion (specified by -B). |
2083 | + |
2084 | +As such, if you use convert -n, the target does not necessarily actually |
2085 | +have a backing file, and then dereferencing out_bs->backing fails here. |
2086 | + |
2087 | +When converting to an existing file, we should set |
2088 | +target_backing_sectors to a negative value, because first, as the |
2089 | +comment explains, this value is only used for optimization, so it is |
2090 | +always fine to do that. |
2091 | + |
2092 | +Second, we use this value to determine where the target must be |
2093 | +initialized to zeroes (overlays are initialized to zero after the end of |
2094 | +their backing file). When converting to an existing file, we cannot |
2095 | +assume that to be true. |
2096 | + |
2097 | +Cc: qemu-stable@nongnu.org |
2098 | +Fixes: 351c8efff9ad809c822d55620df54d575d536f68 |
2099 | + ("qemu-img: Special post-backing convert handling") |
2100 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
2101 | +Message-Id: <20200121155915.98232-2-mreitz@redhat.com> |
2102 | +Reviewed-by: John Snow <jsnow@redhat.com> |
2103 | +Signed-off-by: Max Reitz <mreitz@redhat.com> |
2104 | + |
2105 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=c69291e712ae4ef95f628424db6586473da61d43 |
2106 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2107 | +Last-Update: 2020-03-18 |
2108 | + |
2109 | +--- |
2110 | + qemu-img.c | 2 +- |
2111 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2112 | + |
2113 | +diff --git a/qemu-img.c b/qemu-img.c |
2114 | +index 0faf2cd2f5..804630a368 100644 |
2115 | +--- a/qemu-img.c |
2116 | ++++ b/qemu-img.c |
2117 | +@@ -2523,7 +2523,7 @@ static int img_convert(int argc, char **argv) |
2118 | + } |
2119 | + } |
2120 | + |
2121 | +- if (s.target_has_backing) { |
2122 | ++ if (s.target_has_backing && s.target_is_new) { |
2123 | + /* Errors are treated as "backing length unknown" (which means |
2124 | + * s.target_backing_sectors has to be negative, which it will |
2125 | + * be automatically). The backing file length is used only |
2126 | +-- |
2127 | +2.25.1 |
2128 | + |
2129 | diff --git a/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch b/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch |
2130 | new file mode 100644 |
2131 | index 0000000..fb21432 |
2132 | --- /dev/null |
2133 | +++ b/debian/patches/stable/lp-1867519-s390-sclp-improve-special-wait-psw-logic.patch |
2134 | @@ -0,0 +1,40 @@ |
2135 | +From 8b51c0961cc13e55b26bb6665ec3a341abdc7658 Mon Sep 17 00:00:00 2001 |
2136 | +From: Christian Borntraeger <borntraeger@de.ibm.com> |
2137 | +Date: Thu, 20 Feb 2020 14:16:22 +0100 |
2138 | +Subject: [PATCH] s390/sclp: improve special wait psw logic |
2139 | + |
2140 | +There is a special quiesce PSW that we check for "shutdown". Otherwise disabled |
2141 | +wait is detected as "crashed". Architecturally we must only check PSW bits |
2142 | +116-127. Fix this. |
2143 | + |
2144 | +Cc: qemu-stable@nongnu.org |
2145 | +Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> |
2146 | +Message-Id: <1582204582-22995-1-git-send-email-borntraeger@de.ibm.com> |
2147 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
2148 | +Acked-by: Janosch Frank <frankja@linux.ibm.com> |
2149 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
2150 | + |
2151 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=8b51c0961cc13e55b26bb6665ec3a341abdc7658 |
2152 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2153 | +Last-Update: 2020-03-18 |
2154 | + |
2155 | +--- |
2156 | + target/s390x/helper.c | 2 +- |
2157 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2158 | + |
2159 | +diff --git a/target/s390x/helper.c b/target/s390x/helper.c |
2160 | +index b810ad431e..ed72684911 100644 |
2161 | +--- a/target/s390x/helper.c |
2162 | ++++ b/target/s390x/helper.c |
2163 | +@@ -89,7 +89,7 @@ hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr vaddr) |
2164 | + static inline bool is_special_wait_psw(uint64_t psw_addr) |
2165 | + { |
2166 | + /* signal quiesce */ |
2167 | +- return psw_addr == 0xfffUL; |
2168 | ++ return (psw_addr & 0xfffUL) == 0xfffUL; |
2169 | + } |
2170 | + |
2171 | + void s390_handle_wait(S390CPU *cpu) |
2172 | +-- |
2173 | +2.25.1 |
2174 | + |
2175 | diff --git a/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch b/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch |
2176 | new file mode 100644 |
2177 | index 0000000..6c4bce9 |
2178 | --- /dev/null |
2179 | +++ b/debian/patches/stable/lp-1867519-target-arm-Return-correct-IL-bit-in-merge_syn_data_a.patch |
2180 | @@ -0,0 +1,46 @@ |
2181 | +From 30d544839e278dc76017b9a42990c41e84a34377 Mon Sep 17 00:00:00 2001 |
2182 | +From: Jeff Kubascik <jeff.kubascik@dornerworks.com> |
2183 | +Date: Fri, 17 Jan 2020 14:09:31 +0000 |
2184 | +Subject: [PATCH] target/arm: Return correct IL bit in merge_syn_data_abort |
2185 | + |
2186 | +The IL bit is set for 32-bit instructions, thus passing false |
2187 | +with the is_16bit parameter to syn_data_abort_with_iss() makes |
2188 | +a syn mask that always has the IL bit set. |
2189 | + |
2190 | +Pass is_16bit as true to make the initial syn mask have IL=0, |
2191 | +so that the final IL value comes from or'ing template_syn. |
2192 | + |
2193 | +Cc: qemu-stable@nongnu.org |
2194 | +Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts") |
2195 | +Signed-off-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> |
2196 | +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
2197 | +Message-id: 20200117004618.2742-2-richard.henderson@linaro.org |
2198 | +[rth: Extracted this as a self-contained bug fix from a larger patch] |
2199 | +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
2200 | +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
2201 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2202 | + |
2203 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=30d544839e278dc76017b9a42990c41e84a34377 |
2204 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2205 | +Last-Update: 2020-03-18 |
2206 | + |
2207 | +--- |
2208 | + target/arm/tlb_helper.c | 2 +- |
2209 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2210 | + |
2211 | +diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c |
2212 | +index 5feb312941..e63f8bda29 100644 |
2213 | +--- a/target/arm/tlb_helper.c |
2214 | ++++ b/target/arm/tlb_helper.c |
2215 | +@@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, |
2216 | + syn = syn_data_abort_with_iss(same_el, |
2217 | + 0, 0, 0, 0, 0, |
2218 | + ea, 0, s1ptw, is_write, fsc, |
2219 | +- false); |
2220 | ++ true); |
2221 | + /* Merge the runtime syndrome with the template syndrome. */ |
2222 | + syn |= template_syn; |
2223 | + } |
2224 | +-- |
2225 | +2.25.1 |
2226 | + |
2227 | diff --git a/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch b/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch |
2228 | new file mode 100644 |
2229 | index 0000000..46f0f6d |
2230 | --- /dev/null |
2231 | +++ b/debian/patches/stable/lp-1867519-target-arm-Set-ISSIs16Bit-in-make_issinfo.patch |
2232 | @@ -0,0 +1,42 @@ |
2233 | +From 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 Mon Sep 17 00:00:00 2001 |
2234 | +From: Richard Henderson <richard.henderson@linaro.org> |
2235 | +Date: Fri, 17 Jan 2020 14:09:31 +0000 |
2236 | +Subject: [PATCH] target/arm: Set ISSIs16Bit in make_issinfo |
2237 | + |
2238 | +During the conversion to decodetree, the setting of |
2239 | +ISSIs16Bit got lost. This causes the guest os to |
2240 | +incorrectly adjust trapping memory operations. |
2241 | + |
2242 | +Cc: qemu-stable@nongnu.org |
2243 | +Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)") |
2244 | +Reported-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> |
2245 | +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
2246 | +Message-id: 20200117004618.2742-3-richard.henderson@linaro.org |
2247 | +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
2248 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2249 | + |
2250 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 |
2251 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2252 | +Last-Update: 2020-03-18 |
2253 | + |
2254 | +--- |
2255 | + target/arm/translate.c | 3 +++ |
2256 | + 1 file changed, 3 insertions(+) |
2257 | + |
2258 | +diff --git a/target/arm/translate.c b/target/arm/translate.c |
2259 | +index 0c8624fb42..2f4aea927f 100644 |
2260 | +--- a/target/arm/translate.c |
2261 | ++++ b/target/arm/translate.c |
2262 | +@@ -8556,6 +8556,9 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w) |
2263 | + /* ISS not valid if writeback */ |
2264 | + if (p && !w) { |
2265 | + ret = rd; |
2266 | ++ if (s->base.pc_next - s->pc_curr == 2) { |
2267 | ++ ret |= ISSIs16Bit; |
2268 | ++ } |
2269 | + } else { |
2270 | + ret = ISSInvalid; |
2271 | + } |
2272 | +-- |
2273 | +2.25.1 |
2274 | + |
2275 | diff --git a/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch b/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch |
2276 | new file mode 100644 |
2277 | index 0000000..4f7a731 |
2278 | --- /dev/null |
2279 | +++ b/debian/patches/stable/lp-1867519-target-arm-arm-semi-fix-SYS_OPEN-to-return-nonzero-f.patch |
2280 | @@ -0,0 +1,79 @@ |
2281 | +From 21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db Mon Sep 17 00:00:00 2001 |
2282 | +From: Masahiro Yamada <masahiroy@kernel.org> |
2283 | +Date: Fri, 17 Jan 2020 14:09:30 +0000 |
2284 | +Subject: [PATCH] target/arm/arm-semi: fix SYS_OPEN to return nonzero |
2285 | + filehandle |
2286 | + |
2287 | +According to the specification "Semihosting for AArch32 and Aarch64", |
2288 | +the SYS_OPEN operation should return: |
2289 | + |
2290 | + - A nonzero handle if the call is successful |
2291 | + - -1 if the call is not successful |
2292 | + |
2293 | +So, it should never return 0. |
2294 | + |
2295 | +Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting |
2296 | +code hand out its own file descriptors"), the guest fd matched to the |
2297 | +host fd. It returned a nonzero handle on success since the fd 0 is |
2298 | +already used for stdin. |
2299 | + |
2300 | +Now that the guest fd is the index of guestfd_array, it starts from 0. |
2301 | + |
2302 | +I noticed this issue particularly because Trusted Firmware-A built with |
2303 | +PLAT=qemu is no longer working. Its io_semihosting driver only handles |
2304 | +a positive return value as a valid filehandle. |
2305 | + |
2306 | +Basically, there are two ways to fix this: |
2307 | + |
2308 | + - Use (guestfd - 1) as the index of guestfs_arrary. We need to insert |
2309 | + increment/decrement to convert the guestfd and the array index back |
2310 | + and forth. |
2311 | + |
2312 | + - Keep using guestfd as the index of guestfs_array. The first entry |
2313 | + of guestfs_array is left unused. |
2314 | + |
2315 | +I thought the latter is simpler. We end up with wasting a small piece |
2316 | +of memory for the unused first entry of guestfd_array, but this is |
2317 | +probably not a big deal. |
2318 | + |
2319 | +Fixes: 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors") |
2320 | +Cc: qemu-stable@nongnu.org |
2321 | +Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
2322 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
2323 | +Message-id: 20200109041228.10131-1-masahiroy@kernel.org |
2324 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2325 | + |
2326 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=21bf9b06cb6d07c6cc437dfd47b47b28c2bb79db |
2327 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2328 | +Last-Update: 2020-03-18 |
2329 | + |
2330 | +--- |
2331 | + target/arm/arm-semi.c | 5 +++-- |
2332 | + 1 file changed, 3 insertions(+), 2 deletions(-) |
2333 | + |
2334 | +diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c |
2335 | +index 47d61f6fe1..788fe61b51 100644 |
2336 | +--- a/target/arm/arm-semi.c |
2337 | ++++ b/target/arm/arm-semi.c |
2338 | +@@ -144,7 +144,8 @@ static int alloc_guestfd(void) |
2339 | + guestfd_array = g_array_new(FALSE, TRUE, sizeof(GuestFD)); |
2340 | + } |
2341 | + |
2342 | +- for (i = 0; i < guestfd_array->len; i++) { |
2343 | ++ /* SYS_OPEN should return nonzero handle on success. Start guestfd from 1 */ |
2344 | ++ for (i = 1; i < guestfd_array->len; i++) { |
2345 | + GuestFD *gf = &g_array_index(guestfd_array, GuestFD, i); |
2346 | + |
2347 | + if (gf->type == GuestFDUnused) { |
2348 | +@@ -168,7 +169,7 @@ static GuestFD *do_get_guestfd(int guestfd) |
2349 | + return NULL; |
2350 | + } |
2351 | + |
2352 | +- if (guestfd < 0 || guestfd >= guestfd_array->len) { |
2353 | ++ if (guestfd <= 0 || guestfd >= guestfd_array->len) { |
2354 | + return NULL; |
2355 | + } |
2356 | + |
2357 | +-- |
2358 | +2.25.1 |
2359 | + |
2360 | diff --git a/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch b/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch |
2361 | new file mode 100644 |
2362 | index 0000000..896de43 |
2363 | --- /dev/null |
2364 | +++ b/debian/patches/stable/lp-1867519-target-arm-ensure-we-use-current-exception-state-aft.patch |
2365 | @@ -0,0 +1,127 @@ |
2366 | +From f80741d107673f162e3b097fc76a1590036cc9d1 Mon Sep 17 00:00:00 2001 |
2367 | +From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org> |
2368 | +Date: Thu, 12 Dec 2019 11:47:34 +0000 |
2369 | +Subject: [PATCH] target/arm: ensure we use current exception state after SCR |
2370 | + update |
2371 | +MIME-Version: 1.0 |
2372 | +Content-Type: text/plain; charset=UTF-8 |
2373 | +Content-Transfer-Encoding: 8bit |
2374 | + |
2375 | +A write to the SCR can change the effective EL by droppping the system |
2376 | +from secure to non-secure mode. However if we use a cached current_el |
2377 | +from before the change we'll rebuild the flags incorrectly. To fix |
2378 | +this we introduce the ARM_CP_NEWEL CP flag to indicate the new EL |
2379 | +should be used when recomputing the flags. |
2380 | + |
2381 | +Signed-off-by: Alex Bennée <alex.bennee@linaro.org> |
2382 | +Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
2383 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
2384 | +Message-id: 20191212114734.6962-1-alex.bennee@linaro.org |
2385 | +Cc: Richard Henderson <richard.henderson@linaro.org> |
2386 | +Message-Id: <20191209143723.6368-1-alex.bennee@linaro.org> |
2387 | +Cc: qemu-stable@nongnu.org |
2388 | +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
2389 | + |
2390 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=f80741d107673f162e3b097fc76a1590036cc9d1 |
2391 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2392 | +Last-Update: 2020-03-18 |
2393 | + |
2394 | +--- |
2395 | + target/arm/cpu.h | 8 ++++++-- |
2396 | + target/arm/helper.c | 14 +++++++++++++- |
2397 | + target/arm/helper.h | 1 + |
2398 | + target/arm/translate.c | 6 +++++- |
2399 | + 4 files changed, 25 insertions(+), 4 deletions(-) |
2400 | + |
2401 | +diff --git a/target/arm/cpu.h b/target/arm/cpu.h |
2402 | +index 4106e4ae59..5f70e9e043 100644 |
2403 | +--- a/target/arm/cpu.h |
2404 | ++++ b/target/arm/cpu.h |
2405 | +@@ -2238,6 +2238,9 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid) |
2406 | + * RAISES_EXC is for when the read or write hook might raise an exception; |
2407 | + * the generated code will synchronize the CPU state before calling the hook |
2408 | + * so that it is safe for the hook to call raise_exception(). |
2409 | ++ * NEWEL is for writes to registers that might change the exception |
2410 | ++ * level - typically on older ARM chips. For those cases we need to |
2411 | ++ * re-read the new el when recomputing the translation flags. |
2412 | + */ |
2413 | + #define ARM_CP_SPECIAL 0x0001 |
2414 | + #define ARM_CP_CONST 0x0002 |
2415 | +@@ -2257,10 +2260,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid) |
2416 | + #define ARM_CP_SVE 0x2000 |
2417 | + #define ARM_CP_NO_GDB 0x4000 |
2418 | + #define ARM_CP_RAISES_EXC 0x8000 |
2419 | ++#define ARM_CP_NEWEL 0x10000 |
2420 | + /* Used only as a terminator for ARMCPRegInfo lists */ |
2421 | +-#define ARM_CP_SENTINEL 0xffff |
2422 | ++#define ARM_CP_SENTINEL 0xfffff |
2423 | + /* Mask of only the flag bits in a type field */ |
2424 | +-#define ARM_CP_FLAG_MASK 0xf0ff |
2425 | ++#define ARM_CP_FLAG_MASK 0x1f0ff |
2426 | + |
2427 | + /* Valid values for ARMCPRegInfo state field, indicating which of |
2428 | + * the AArch32 and AArch64 execution states this register is visible in. |
2429 | +diff --git a/target/arm/helper.c b/target/arm/helper.c |
2430 | +index 3a93844a3b..5074b5f69c 100644 |
2431 | +--- a/target/arm/helper.c |
2432 | ++++ b/target/arm/helper.c |
2433 | +@@ -5133,7 +5133,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = { |
2434 | + .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0, |
2435 | + .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3), |
2436 | + .resetvalue = 0, .writefn = scr_write }, |
2437 | +- { .name = "SCR", .type = ARM_CP_ALIAS, |
2438 | ++ { .name = "SCR", .type = ARM_CP_ALIAS | ARM_CP_NEWEL, |
2439 | + .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0, |
2440 | + .access = PL1_RW, .accessfn = access_trap_aa32s_el1, |
2441 | + .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3), |
2442 | +@@ -11472,6 +11472,18 @@ void HELPER(rebuild_hflags_m32)(CPUARMState *env, int el) |
2443 | + env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx); |
2444 | + } |
2445 | + |
2446 | ++/* |
2447 | ++ * If we have triggered a EL state change we can't rely on the |
2448 | ++ * translator having passed it too us, we need to recompute. |
2449 | ++ */ |
2450 | ++void HELPER(rebuild_hflags_a32_newel)(CPUARMState *env) |
2451 | ++{ |
2452 | ++ int el = arm_current_el(env); |
2453 | ++ int fp_el = fp_exception_el(env, el); |
2454 | ++ ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el); |
2455 | ++ env->hflags = rebuild_hflags_a32(env, fp_el, mmu_idx); |
2456 | ++} |
2457 | ++ |
2458 | + void HELPER(rebuild_hflags_a32)(CPUARMState *env, int el) |
2459 | + { |
2460 | + int fp_el = fp_exception_el(env, el); |
2461 | +diff --git a/target/arm/helper.h b/target/arm/helper.h |
2462 | +index 7ce5169afb..aa3d8cd08f 100644 |
2463 | +--- a/target/arm/helper.h |
2464 | ++++ b/target/arm/helper.h |
2465 | +@@ -91,6 +91,7 @@ DEF_HELPER_2(get_user_reg, i32, env, i32) |
2466 | + DEF_HELPER_3(set_user_reg, void, env, i32, i32) |
2467 | + |
2468 | + DEF_HELPER_FLAGS_2(rebuild_hflags_m32, TCG_CALL_NO_RWG, void, env, int) |
2469 | ++DEF_HELPER_FLAGS_1(rebuild_hflags_a32_newel, TCG_CALL_NO_RWG, void, env) |
2470 | + DEF_HELPER_FLAGS_2(rebuild_hflags_a32, TCG_CALL_NO_RWG, void, env, int) |
2471 | + DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, void, env, int) |
2472 | + |
2473 | +diff --git a/target/arm/translate.c b/target/arm/translate.c |
2474 | +index f162be8434..2b6c1f91bf 100644 |
2475 | +--- a/target/arm/translate.c |
2476 | ++++ b/target/arm/translate.c |
2477 | +@@ -7083,7 +7083,11 @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn) |
2478 | + if (arm_dc_feature(s, ARM_FEATURE_M)) { |
2479 | + gen_helper_rebuild_hflags_m32(cpu_env, tcg_el); |
2480 | + } else { |
2481 | +- gen_helper_rebuild_hflags_a32(cpu_env, tcg_el); |
2482 | ++ if (ri->type & ARM_CP_NEWEL) { |
2483 | ++ gen_helper_rebuild_hflags_a32_newel(cpu_env); |
2484 | ++ } else { |
2485 | ++ gen_helper_rebuild_hflags_a32(cpu_env, tcg_el); |
2486 | ++ } |
2487 | + } |
2488 | + tcg_temp_free_i32(tcg_el); |
2489 | + /* |
2490 | +-- |
2491 | +2.25.1 |
2492 | + |
2493 | diff --git a/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch b/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch |
2494 | new file mode 100644 |
2495 | index 0000000..9316575 |
2496 | --- /dev/null |
2497 | +++ b/debian/patches/stable/lp-1867519-target-i386-kvm-initialize-feature-MSRs-very-early.patch |
2498 | @@ -0,0 +1,169 @@ |
2499 | +From 420ae1fc51c99abfd03b1c590f55617edd2a2bed Mon Sep 17 00:00:00 2001 |
2500 | +From: Paolo Bonzini <pbonzini@redhat.com> |
2501 | +Date: Mon, 20 Jan 2020 19:21:42 +0100 |
2502 | +Subject: [PATCH] target/i386: kvm: initialize feature MSRs very early |
2503 | + |
2504 | +Some read-only MSRs affect the behavior of ioctls such as |
2505 | +KVM_SET_NESTED_STATE. We can initialize them once and for all |
2506 | +right after the CPU is realized, since they will never be modified |
2507 | +by the guest. |
2508 | + |
2509 | +Reported-by: Qingua Cheng <qcheng@redhat.com> |
2510 | +Cc: qemu-stable@nongnu.org |
2511 | +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
2512 | +Message-Id: <1579544504-3616-2-git-send-email-pbonzini@redhat.com> |
2513 | +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
2514 | + |
2515 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=420ae1fc51c99abfd03b1c590f55617edd2a2bed |
2516 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2517 | +Last-Update: 2020-03-18 |
2518 | + |
2519 | +--- |
2520 | + target/i386/kvm.c | 81 +++++++++++++++++++++++++----------------- |
2521 | + target/i386/kvm_i386.h | 1 + |
2522 | + 2 files changed, 49 insertions(+), 33 deletions(-) |
2523 | + |
2524 | +diff --git a/target/i386/kvm.c b/target/i386/kvm.c |
2525 | +index 7ee3202634..f6dd6b790e 100644 |
2526 | +--- a/target/i386/kvm.c |
2527 | ++++ b/target/i386/kvm.c |
2528 | +@@ -67,6 +67,8 @@ |
2529 | + * 255 kvm_msr_entry structs */ |
2530 | + #define MSR_BUF_SIZE 4096 |
2531 | + |
2532 | ++static void kvm_init_msrs(X86CPU *cpu); |
2533 | ++ |
2534 | + const KVMCapabilityInfo kvm_arch_required_capabilities[] = { |
2535 | + KVM_CAP_INFO(SET_TSS_ADDR), |
2536 | + KVM_CAP_INFO(EXT_CPUID), |
2537 | +@@ -1842,6 +1844,8 @@ int kvm_arch_init_vcpu(CPUState *cs) |
2538 | + has_msr_tsc_aux = false; |
2539 | + } |
2540 | + |
2541 | ++ kvm_init_msrs(cpu); |
2542 | ++ |
2543 | + r = hyperv_init_vcpu(cpu); |
2544 | + if (r) { |
2545 | + goto fail; |
2546 | +@@ -2660,11 +2664,53 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f) |
2547 | + VMCS12_MAX_FIELD_INDEX << 1); |
2548 | + } |
2549 | + |
2550 | ++static int kvm_buf_set_msrs(X86CPU *cpu) |
2551 | ++{ |
2552 | ++ int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); |
2553 | ++ if (ret < 0) { |
2554 | ++ return ret; |
2555 | ++ } |
2556 | ++ |
2557 | ++ if (ret < cpu->kvm_msr_buf->nmsrs) { |
2558 | ++ struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; |
2559 | ++ error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, |
2560 | ++ (uint32_t)e->index, (uint64_t)e->data); |
2561 | ++ } |
2562 | ++ |
2563 | ++ assert(ret == cpu->kvm_msr_buf->nmsrs); |
2564 | ++ return 0; |
2565 | ++} |
2566 | ++ |
2567 | ++static void kvm_init_msrs(X86CPU *cpu) |
2568 | ++{ |
2569 | ++ CPUX86State *env = &cpu->env; |
2570 | ++ |
2571 | ++ kvm_msr_buf_reset(cpu); |
2572 | ++ if (has_msr_arch_capabs) { |
2573 | ++ kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, |
2574 | ++ env->features[FEAT_ARCH_CAPABILITIES]); |
2575 | ++ } |
2576 | ++ |
2577 | ++ if (has_msr_core_capabs) { |
2578 | ++ kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, |
2579 | ++ env->features[FEAT_CORE_CAPABILITY]); |
2580 | ++ } |
2581 | ++ |
2582 | ++ /* |
2583 | ++ * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but |
2584 | ++ * all kernels with MSR features should have them. |
2585 | ++ */ |
2586 | ++ if (kvm_feature_msrs && cpu_has_vmx(env)) { |
2587 | ++ kvm_msr_entry_add_vmx(cpu, env->features); |
2588 | ++ } |
2589 | ++ |
2590 | ++ assert(kvm_buf_set_msrs(cpu) == 0); |
2591 | ++} |
2592 | ++ |
2593 | + static int kvm_put_msrs(X86CPU *cpu, int level) |
2594 | + { |
2595 | + CPUX86State *env = &cpu->env; |
2596 | + int i; |
2597 | +- int ret; |
2598 | + |
2599 | + kvm_msr_buf_reset(cpu); |
2600 | + |
2601 | +@@ -2722,17 +2768,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) |
2602 | + } |
2603 | + #endif |
2604 | + |
2605 | +- /* If host supports feature MSR, write down. */ |
2606 | +- if (has_msr_arch_capabs) { |
2607 | +- kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, |
2608 | +- env->features[FEAT_ARCH_CAPABILITIES]); |
2609 | +- } |
2610 | +- |
2611 | +- if (has_msr_core_capabs) { |
2612 | +- kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, |
2613 | +- env->features[FEAT_CORE_CAPABILITY]); |
2614 | +- } |
2615 | +- |
2616 | + /* |
2617 | + * The following MSRs have side effects on the guest or are too heavy |
2618 | + * for normal writeback. Limit them to reset or full state updates. |
2619 | +@@ -2910,14 +2945,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) |
2620 | + |
2621 | + /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see |
2622 | + * kvm_put_msr_feature_control. */ |
2623 | +- |
2624 | +- /* |
2625 | +- * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but |
2626 | +- * all kernels with MSR features should have them. |
2627 | +- */ |
2628 | +- if (kvm_feature_msrs && cpu_has_vmx(env)) { |
2629 | +- kvm_msr_entry_add_vmx(cpu, env->features); |
2630 | +- } |
2631 | + } |
2632 | + |
2633 | + if (env->mcg_cap) { |
2634 | +@@ -2933,19 +2960,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level) |
2635 | + } |
2636 | + } |
2637 | + |
2638 | +- ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); |
2639 | +- if (ret < 0) { |
2640 | +- return ret; |
2641 | +- } |
2642 | +- |
2643 | +- if (ret < cpu->kvm_msr_buf->nmsrs) { |
2644 | +- struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; |
2645 | +- error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, |
2646 | +- (uint32_t)e->index, (uint64_t)e->data); |
2647 | +- } |
2648 | +- |
2649 | +- assert(ret == cpu->kvm_msr_buf->nmsrs); |
2650 | +- return 0; |
2651 | ++ return kvm_buf_set_msrs(cpu); |
2652 | + } |
2653 | + |
2654 | + |
2655 | +diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h |
2656 | +index 7d0242f5fb..00bde7acaf 100644 |
2657 | +--- a/target/i386/kvm_i386.h |
2658 | ++++ b/target/i386/kvm_i386.h |
2659 | +@@ -46,4 +46,5 @@ bool kvm_enable_x2apic(void); |
2660 | + bool kvm_has_x2apic_api(void); |
2661 | + |
2662 | + bool kvm_hv_vpindex_settable(void); |
2663 | ++ |
2664 | + #endif |
2665 | +-- |
2666 | +2.25.1 |
2667 | + |
2668 | diff --git a/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch b/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch |
2669 | new file mode 100644 |
2670 | index 0000000..5d0bbf2 |
2671 | --- /dev/null |
2672 | +++ b/debian/patches/stable/lp-1867519-tcg-save-vaddr-temp-for-plugin-usage.patch |
2673 | @@ -0,0 +1,98 @@ |
2674 | +From fcc54ab5c7ca84ae72e8bf3781c33c9193a911aa Mon Sep 17 00:00:00 2001 |
2675 | +From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org> |
2676 | +Date: Tue, 25 Feb 2020 17:49:08 +0000 |
2677 | +Subject: [PATCH] tcg: save vaddr temp for plugin usage |
2678 | +MIME-Version: 1.0 |
2679 | +Content-Type: text/plain; charset=UTF-8 |
2680 | +Content-Transfer-Encoding: 8bit |
2681 | + |
2682 | +While do_gen_mem_cb does copy (via extu_tl_i64) vaddr into a new temp |
2683 | +this won't help if the vaddr temp gets clobbered by the actual |
2684 | +load/store op. To avoid this clobbering we explicitly copy vaddr |
2685 | +before the op to ensure it is live my the time we do the |
2686 | +instrumentation. |
2687 | + |
2688 | +Suggested-by: Richard Henderson <richard.henderson@linaro.org> |
2689 | +Signed-off-by: Alex Bennée <alex.bennee@linaro.org> |
2690 | +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
2691 | +Reviewed-by: Emilio G. Cota <cota@braap.org> |
2692 | +Cc: qemu-stable@nongnu.org |
2693 | +Message-Id: <20200225124710.14152-18-alex.bennee@linaro.org> |
2694 | + |
2695 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=fcc54ab5c7ca84ae72e8bf3781c33c9193a911aa |
2696 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2697 | +Last-Update: 2020-03-18 |
2698 | + |
2699 | +--- |
2700 | + tcg/tcg-op.c | 23 ++++++++++++++++++++--- |
2701 | + 1 file changed, 20 insertions(+), 3 deletions(-) |
2702 | + |
2703 | +diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c |
2704 | +index 7d782002e3..e2e25ebf7d 100644 |
2705 | +--- a/tcg/tcg-op.c |
2706 | ++++ b/tcg/tcg-op.c |
2707 | +@@ -2794,13 +2794,26 @@ static void tcg_gen_req_mo(TCGBar type) |
2708 | + } |
2709 | + } |
2710 | + |
2711 | ++static inline TCGv plugin_prep_mem_callbacks(TCGv vaddr) |
2712 | ++{ |
2713 | ++#ifdef CONFIG_PLUGIN |
2714 | ++ if (tcg_ctx->plugin_insn != NULL) { |
2715 | ++ /* Save a copy of the vaddr for use after a load. */ |
2716 | ++ TCGv temp = tcg_temp_new(); |
2717 | ++ tcg_gen_mov_tl(temp, vaddr); |
2718 | ++ return temp; |
2719 | ++ } |
2720 | ++#endif |
2721 | ++ return vaddr; |
2722 | ++} |
2723 | ++ |
2724 | + static inline void plugin_gen_mem_callbacks(TCGv vaddr, uint16_t info) |
2725 | + { |
2726 | + #ifdef CONFIG_PLUGIN |
2727 | +- if (tcg_ctx->plugin_insn == NULL) { |
2728 | +- return; |
2729 | ++ if (tcg_ctx->plugin_insn != NULL) { |
2730 | ++ plugin_gen_empty_mem_callback(vaddr, info); |
2731 | ++ tcg_temp_free(vaddr); |
2732 | + } |
2733 | +- plugin_gen_empty_mem_callback(vaddr, info); |
2734 | + #endif |
2735 | + } |
2736 | + |
2737 | +@@ -2822,6 +2835,7 @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) |
2738 | + } |
2739 | + } |
2740 | + |
2741 | ++ addr = plugin_prep_mem_callbacks(addr); |
2742 | + gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx); |
2743 | + plugin_gen_mem_callbacks(addr, info); |
2744 | + |
2745 | +@@ -2868,6 +2882,7 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) |
2746 | + memop &= ~MO_BSWAP; |
2747 | + } |
2748 | + |
2749 | ++ addr = plugin_prep_mem_callbacks(addr); |
2750 | + gen_ldst_i32(INDEX_op_qemu_st_i32, val, addr, memop, idx); |
2751 | + plugin_gen_mem_callbacks(addr, info); |
2752 | + |
2753 | +@@ -2905,6 +2920,7 @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop) |
2754 | + } |
2755 | + } |
2756 | + |
2757 | ++ addr = plugin_prep_mem_callbacks(addr); |
2758 | + gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx); |
2759 | + plugin_gen_mem_callbacks(addr, info); |
2760 | + |
2761 | +@@ -2967,6 +2983,7 @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop) |
2762 | + memop &= ~MO_BSWAP; |
2763 | + } |
2764 | + |
2765 | ++ addr = plugin_prep_mem_callbacks(addr); |
2766 | + gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx); |
2767 | + plugin_gen_mem_callbacks(addr, info); |
2768 | + |
2769 | +-- |
2770 | +2.25.1 |
2771 | + |
2772 | diff --git a/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch b/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch |
2773 | new file mode 100644 |
2774 | index 0000000..209bd3e |
2775 | --- /dev/null |
2776 | +++ b/debian/patches/stable/lp-1867519-tpm-ppi-page-align-PPI-RAM.patch |
2777 | @@ -0,0 +1,47 @@ |
2778 | +From 71e415c8a75c130875f14d6b2136825789feb297 Mon Sep 17 00:00:00 2001 |
2779 | +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com> |
2780 | +Date: Fri, 3 Jan 2020 11:39:59 +0400 |
2781 | +Subject: [PATCH] tpm-ppi: page-align PPI RAM |
2782 | +MIME-Version: 1.0 |
2783 | +Content-Type: text/plain; charset=UTF-8 |
2784 | +Content-Transfer-Encoding: 8bit |
2785 | + |
2786 | +post-copy migration fails on destination with error such as: |
2787 | +2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range: |
2788 | +Unaligned start address: 0x559d2afae9a0 |
2789 | + |
2790 | +Use qemu_memalign() to constrain the PPI RAM memory alignment. |
2791 | + |
2792 | +Cc: qemu-stable@nongnu.org |
2793 | +Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> |
2794 | +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
2795 | +Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> |
2796 | +Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> |
2797 | +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> |
2798 | +Message-id: 20200103074000.1006389-3-marcandre.lureau@redhat.com |
2799 | + |
2800 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=71e415c8a75c130875f14d6b2136825789feb297 |
2801 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2802 | +Last-Update: 2020-03-18 |
2803 | + |
2804 | +--- |
2805 | + hw/tpm/tpm_ppi.c | 3 ++- |
2806 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
2807 | + |
2808 | +diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c |
2809 | +index ff314592b4..6d9c1a3e40 100644 |
2810 | +--- a/hw/tpm/tpm_ppi.c |
2811 | ++++ b/hw/tpm/tpm_ppi.c |
2812 | +@@ -43,7 +43,8 @@ void tpm_ppi_reset(TPMPPI *tpmppi) |
2813 | + void tpm_ppi_init(TPMPPI *tpmppi, struct MemoryRegion *m, |
2814 | + hwaddr addr, Object *obj) |
2815 | + { |
2816 | +- tpmppi->buf = g_malloc0(HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE)); |
2817 | ++ tpmppi->buf = qemu_memalign(qemu_real_host_page_size, |
2818 | ++ HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE)); |
2819 | + memory_region_init_ram_device_ptr(&tpmppi->ram, obj, "tpm-ppi", |
2820 | + TPM_PPI_ADDR_SIZE, tpmppi->buf); |
2821 | + vmstate_register_ram(&tpmppi->ram, DEVICE(obj)); |
2822 | +-- |
2823 | +2.25.1 |
2824 | + |
2825 | diff --git a/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch b/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch |
2826 | new file mode 100644 |
2827 | index 0000000..f52b1bd |
2828 | --- /dev/null |
2829 | +++ b/debian/patches/stable/lp-1867519-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch |
2830 | @@ -0,0 +1,50 @@ |
2831 | +From 0446f8121723b134ca1d1ed0b73e96d4a0a8689d Mon Sep 17 00:00:00 2001 |
2832 | +From: Peter Xu <peterx@redhat.com> |
2833 | +Date: Mon, 6 Jan 2020 13:34:45 -0700 |
2834 | +Subject: [PATCH] vfio/pci: Don't remove irqchip notifier if not registered |
2835 | + |
2836 | +The kvm irqchip notifier is only registered if the device supports |
2837 | +INTx, however it's unconditionally removed. If the assigned device |
2838 | +does not support INTx, this will cause QEMU to crash when unplugging |
2839 | +the device from the system. Change it to conditionally remove the |
2840 | +notifier only if the notify hook is setup. |
2841 | + |
2842 | +CC: Eduardo Habkost <ehabkost@redhat.com> |
2843 | +CC: David Gibson <david@gibson.dropbear.id.au> |
2844 | +CC: Alex Williamson <alex.williamson@redhat.com> |
2845 | +Cc: qemu-stable@nongnu.org # v4.2 |
2846 | +Reported-by: yanghliu@redhat.com |
2847 | +Debugged-by: Eduardo Habkost <ehabkost@redhat.com> |
2848 | +Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier") |
2849 | +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1782678 |
2850 | +Signed-off-by: Peter Xu <peterx@redhat.com> |
2851 | +Reviewed-by: David Gibson <david@gibson.dropbear.id.au> |
2852 | +Reviewed-by: Greg Kurz <groug@kaod.org> |
2853 | +Signed-off-by: Alex Williamson <alex.williamson@redhat.com> |
2854 | + |
2855 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=0446f8121723b134ca1d1ed0b73e96d4a0a8689d |
2856 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2857 | +Last-Update: 2020-03-18 |
2858 | + |
2859 | +--- |
2860 | + hw/vfio/pci.c | 4 +++- |
2861 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
2862 | + |
2863 | +diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c |
2864 | +index 2d40b396f2..337a173ce7 100644 |
2865 | +--- a/hw/vfio/pci.c |
2866 | ++++ b/hw/vfio/pci.c |
2867 | +@@ -3076,7 +3076,9 @@ static void vfio_exitfn(PCIDevice *pdev) |
2868 | + vfio_unregister_req_notifier(vdev); |
2869 | + vfio_unregister_err_notifier(vdev); |
2870 | + pci_device_set_intx_routing_notifier(&vdev->pdev, NULL); |
2871 | +- kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier); |
2872 | ++ if (vdev->irqchip_change_notifier.notify) { |
2873 | ++ kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier); |
2874 | ++ } |
2875 | + vfio_disable_interrupts(vdev); |
2876 | + if (vdev->intx.mmap_timer) { |
2877 | + timer_free(vdev->intx.mmap_timer); |
2878 | +-- |
2879 | +2.25.1 |
2880 | + |
2881 | diff --git a/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch b/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch |
2882 | new file mode 100644 |
2883 | index 0000000..177cafe |
2884 | --- /dev/null |
2885 | +++ b/debian/patches/stable/lp-1867519-virtio-gracefully-handle-invalid-region-caches.patch |
2886 | @@ -0,0 +1,331 @@ |
2887 | +From abdd16f4681cc4d6bf84990227b5c9b98e869ccd Mon Sep 17 00:00:00 2001 |
2888 | +From: Stefan Hajnoczi <stefanha@redhat.com> |
2889 | +Date: Fri, 7 Feb 2020 10:46:19 +0000 |
2890 | +Subject: [PATCH] virtio: gracefully handle invalid region caches |
2891 | + |
2892 | +The virtqueue code sets up MemoryRegionCaches to access the virtqueue |
2893 | +guest RAM data structures. The code currently assumes that |
2894 | +VRingMemoryRegionCaches is initialized before device emulation code |
2895 | +accesses the virtqueue. An assertion will fail in |
2896 | +vring_get_region_caches() when this is not true. Device fuzzing found a |
2897 | +case where this assumption is false (see below). |
2898 | + |
2899 | +Virtqueue guest RAM addresses can also be changed from a vCPU thread |
2900 | +while an IOThread is accessing the virtqueue. This breaks the same |
2901 | +assumption but this time the caches could become invalid partway through |
2902 | +the virtqueue code. The code fetches the caches RCU pointer multiple |
2903 | +times so we will need to validate the pointer every time it is fetched. |
2904 | + |
2905 | +Add checks each time we call vring_get_region_caches() and treat invalid |
2906 | +caches as a nop: memory stores are ignored and memory reads return 0. |
2907 | + |
2908 | +The fuzz test failure is as follows: |
2909 | + |
2910 | + $ qemu -M pc -device virtio-blk-pci,id=drv0,drive=drive0,addr=4.0 \ |
2911 | + -drive if=none,id=drive0,file=null-co://,format=raw,auto-read-only=off \ |
2912 | + -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw \ |
2913 | + -display none \ |
2914 | + -qtest stdio |
2915 | + endianness |
2916 | + outl 0xcf8 0x80002020 |
2917 | + outl 0xcfc 0xe0000000 |
2918 | + outl 0xcf8 0x80002004 |
2919 | + outw 0xcfc 0x7 |
2920 | + write 0xe0000000 0x24 0x00ffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffab5cffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffabffffffab0000000001 |
2921 | + inb 0x4 |
2922 | + writew 0xe000001c 0x1 |
2923 | + write 0xe0000014 0x1 0x0d |
2924 | + |
2925 | +The following error message is produced: |
2926 | + |
2927 | + qemu-system-x86_64: /home/stefanha/qemu/hw/virtio/virtio.c:286: vring_get_region_caches: Assertion `caches != NULL' failed. |
2928 | + |
2929 | +The backtrace looks like this: |
2930 | + |
2931 | + #0 0x00007ffff5520625 in raise () at /lib64/libc.so.6 |
2932 | + #1 0x00007ffff55098d9 in abort () at /lib64/libc.so.6 |
2933 | + #2 0x00007ffff55097a9 in _nl_load_domain.cold () at /lib64/libc.so.6 |
2934 | + #3 0x00007ffff5518a66 in annobin_assert.c_end () at /lib64/libc.so.6 |
2935 | + #4 0x00005555559073da in vring_get_region_caches (vq=<optimized out>) at qemu/hw/virtio/virtio.c:286 |
2936 | + #5 vring_get_region_caches (vq=<optimized out>) at qemu/hw/virtio/virtio.c:283 |
2937 | + #6 0x000055555590818d in vring_used_flags_set_bit (mask=1, vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:398 |
2938 | + #7 virtio_queue_split_set_notification (enable=0, vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:398 |
2939 | + #8 virtio_queue_set_notification (vq=vq@entry=0x5555575ceea0, enable=enable@entry=0) at qemu/hw/virtio/virtio.c:451 |
2940 | + #9 0x0000555555908512 in virtio_queue_set_notification (vq=vq@entry=0x5555575ceea0, enable=enable@entry=0) at qemu/hw/virtio/virtio.c:444 |
2941 | + #10 0x00005555558c697a in virtio_blk_handle_vq (s=0x5555575c57e0, vq=0x5555575ceea0) at qemu/hw/block/virtio-blk.c:775 |
2942 | + #11 0x0000555555907836 in virtio_queue_notify_aio_vq (vq=0x5555575ceea0) at qemu/hw/virtio/virtio.c:2244 |
2943 | + #12 0x0000555555cb5dd7 in aio_dispatch_handlers (ctx=ctx@entry=0x55555671a420) at util/aio-posix.c:429 |
2944 | + #13 0x0000555555cb67a8 in aio_dispatch (ctx=0x55555671a420) at util/aio-posix.c:460 |
2945 | + #14 0x0000555555cb307e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:260 |
2946 | + #15 0x00007ffff7bbc510 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 |
2947 | + #16 0x0000555555cb5848 in glib_pollfds_poll () at util/main-loop.c:219 |
2948 | + #17 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:242 |
2949 | + #18 main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:518 |
2950 | + #19 0x00005555559b20c9 in main_loop () at vl.c:1683 |
2951 | + #20 0x0000555555838115 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4441 |
2952 | + |
2953 | +Reported-by: Alexander Bulekov <alxndr@bu.edu> |
2954 | +Cc: Michael Tsirkin <mst@redhat.com> |
2955 | +Cc: Cornelia Huck <cohuck@redhat.com> |
2956 | +Cc: Paolo Bonzini <pbonzini@redhat.com> |
2957 | +Cc: qemu-stable@nongnu.org |
2958 | +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
2959 | +Message-Id: <20200207104619.164892-1-stefanha@redhat.com> |
2960 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
2961 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
2962 | + |
2963 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=abdd16f4681cc4d6bf84990227b5c9b98e869ccd |
2964 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
2965 | +Last-Update: 2020-03-18 |
2966 | + |
2967 | +--- |
2968 | + hw/virtio/virtio.c | 99 ++++++++++++++++++++++++++++++++++++++++++---- |
2969 | + 1 file changed, 91 insertions(+), 8 deletions(-) |
2970 | + |
2971 | +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c |
2972 | +index 2c5410e981..00d444699d 100644 |
2973 | +--- a/hw/virtio/virtio.c |
2974 | ++++ b/hw/virtio/virtio.c |
2975 | +@@ -282,15 +282,19 @@ static void vring_packed_flags_write(VirtIODevice *vdev, |
2976 | + /* Called within rcu_read_lock(). */ |
2977 | + static VRingMemoryRegionCaches *vring_get_region_caches(struct VirtQueue *vq) |
2978 | + { |
2979 | +- VRingMemoryRegionCaches *caches = atomic_rcu_read(&vq->vring.caches); |
2980 | +- assert(caches != NULL); |
2981 | +- return caches; |
2982 | ++ return atomic_rcu_read(&vq->vring.caches); |
2983 | + } |
2984 | ++ |
2985 | + /* Called within rcu_read_lock(). */ |
2986 | + static inline uint16_t vring_avail_flags(VirtQueue *vq) |
2987 | + { |
2988 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
2989 | + hwaddr pa = offsetof(VRingAvail, flags); |
2990 | ++ |
2991 | ++ if (!caches) { |
2992 | ++ return 0; |
2993 | ++ } |
2994 | ++ |
2995 | + return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa); |
2996 | + } |
2997 | + |
2998 | +@@ -299,6 +303,11 @@ static inline uint16_t vring_avail_idx(VirtQueue *vq) |
2999 | + { |
3000 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3001 | + hwaddr pa = offsetof(VRingAvail, idx); |
3002 | ++ |
3003 | ++ if (!caches) { |
3004 | ++ return 0; |
3005 | ++ } |
3006 | ++ |
3007 | + vq->shadow_avail_idx = virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa); |
3008 | + return vq->shadow_avail_idx; |
3009 | + } |
3010 | +@@ -308,6 +317,11 @@ static inline uint16_t vring_avail_ring(VirtQueue *vq, int i) |
3011 | + { |
3012 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3013 | + hwaddr pa = offsetof(VRingAvail, ring[i]); |
3014 | ++ |
3015 | ++ if (!caches) { |
3016 | ++ return 0; |
3017 | ++ } |
3018 | ++ |
3019 | + return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa); |
3020 | + } |
3021 | + |
3022 | +@@ -323,6 +337,11 @@ static inline void vring_used_write(VirtQueue *vq, VRingUsedElem *uelem, |
3023 | + { |
3024 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3025 | + hwaddr pa = offsetof(VRingUsed, ring[i]); |
3026 | ++ |
3027 | ++ if (!caches) { |
3028 | ++ return; |
3029 | ++ } |
3030 | ++ |
3031 | + virtio_tswap32s(vq->vdev, &uelem->id); |
3032 | + virtio_tswap32s(vq->vdev, &uelem->len); |
3033 | + address_space_write_cached(&caches->used, pa, uelem, sizeof(VRingUsedElem)); |
3034 | +@@ -334,6 +353,11 @@ static uint16_t vring_used_idx(VirtQueue *vq) |
3035 | + { |
3036 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3037 | + hwaddr pa = offsetof(VRingUsed, idx); |
3038 | ++ |
3039 | ++ if (!caches) { |
3040 | ++ return 0; |
3041 | ++ } |
3042 | ++ |
3043 | + return virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3044 | + } |
3045 | + |
3046 | +@@ -342,8 +366,12 @@ static inline void vring_used_idx_set(VirtQueue *vq, uint16_t val) |
3047 | + { |
3048 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3049 | + hwaddr pa = offsetof(VRingUsed, idx); |
3050 | +- virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val); |
3051 | +- address_space_cache_invalidate(&caches->used, pa, sizeof(val)); |
3052 | ++ |
3053 | ++ if (caches) { |
3054 | ++ virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val); |
3055 | ++ address_space_cache_invalidate(&caches->used, pa, sizeof(val)); |
3056 | ++ } |
3057 | ++ |
3058 | + vq->used_idx = val; |
3059 | + } |
3060 | + |
3061 | +@@ -353,8 +381,13 @@ static inline void vring_used_flags_set_bit(VirtQueue *vq, int mask) |
3062 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3063 | + VirtIODevice *vdev = vq->vdev; |
3064 | + hwaddr pa = offsetof(VRingUsed, flags); |
3065 | +- uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3066 | ++ uint16_t flags; |
3067 | + |
3068 | ++ if (!caches) { |
3069 | ++ return; |
3070 | ++ } |
3071 | ++ |
3072 | ++ flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3073 | + virtio_stw_phys_cached(vdev, &caches->used, pa, flags | mask); |
3074 | + address_space_cache_invalidate(&caches->used, pa, sizeof(flags)); |
3075 | + } |
3076 | +@@ -365,8 +398,13 @@ static inline void vring_used_flags_unset_bit(VirtQueue *vq, int mask) |
3077 | + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq); |
3078 | + VirtIODevice *vdev = vq->vdev; |
3079 | + hwaddr pa = offsetof(VRingUsed, flags); |
3080 | +- uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3081 | ++ uint16_t flags; |
3082 | + |
3083 | ++ if (!caches) { |
3084 | ++ return; |
3085 | ++ } |
3086 | ++ |
3087 | ++ flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa); |
3088 | + virtio_stw_phys_cached(vdev, &caches->used, pa, flags & ~mask); |
3089 | + address_space_cache_invalidate(&caches->used, pa, sizeof(flags)); |
3090 | + } |
3091 | +@@ -381,6 +419,10 @@ static inline void vring_set_avail_event(VirtQueue *vq, uint16_t val) |
3092 | + } |
3093 | + |
3094 | + caches = vring_get_region_caches(vq); |
3095 | ++ if (!caches) { |
3096 | ++ return; |
3097 | ++ } |
3098 | ++ |
3099 | + pa = offsetof(VRingUsed, ring[vq->vring.num]); |
3100 | + virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val); |
3101 | + address_space_cache_invalidate(&caches->used, pa, sizeof(val)); |
3102 | +@@ -410,7 +452,11 @@ static void virtio_queue_packed_set_notification(VirtQueue *vq, int enable) |
3103 | + VRingMemoryRegionCaches *caches; |
3104 | + |
3105 | + RCU_READ_LOCK_GUARD(); |
3106 | +- caches = vring_get_region_caches(vq); |
3107 | ++ caches = vring_get_region_caches(vq); |
3108 | ++ if (!caches) { |
3109 | ++ return; |
3110 | ++ } |
3111 | ++ |
3112 | + vring_packed_event_read(vq->vdev, &caches->used, &e); |
3113 | + |
3114 | + if (!enable) { |
3115 | +@@ -597,6 +643,10 @@ static int virtio_queue_packed_empty_rcu(VirtQueue *vq) |
3116 | + } |
3117 | + |
3118 | + cache = vring_get_region_caches(vq); |
3119 | ++ if (!cache) { |
3120 | ++ return 1; |
3121 | ++ } |
3122 | ++ |
3123 | + vring_packed_desc_read_flags(vq->vdev, &desc.flags, &cache->desc, |
3124 | + vq->last_avail_idx); |
3125 | + |
3126 | +@@ -777,6 +827,10 @@ static void virtqueue_packed_fill_desc(VirtQueue *vq, |
3127 | + } |
3128 | + |
3129 | + caches = vring_get_region_caches(vq); |
3130 | ++ if (!caches) { |
3131 | ++ return; |
3132 | ++ } |
3133 | ++ |
3134 | + vring_packed_desc_write(vq->vdev, &desc, &caches->desc, head, strict_order); |
3135 | + } |
3136 | + |
3137 | +@@ -949,6 +1003,10 @@ static void virtqueue_split_get_avail_bytes(VirtQueue *vq, |
3138 | + |
3139 | + max = vq->vring.num; |
3140 | + caches = vring_get_region_caches(vq); |
3141 | ++ if (!caches) { |
3142 | ++ goto err; |
3143 | ++ } |
3144 | ++ |
3145 | + while ((rc = virtqueue_num_heads(vq, idx)) > 0) { |
3146 | + MemoryRegionCache *desc_cache = &caches->desc; |
3147 | + unsigned int num_bufs; |
3148 | +@@ -1089,6 +1147,9 @@ static void virtqueue_packed_get_avail_bytes(VirtQueue *vq, |
3149 | + |
3150 | + max = vq->vring.num; |
3151 | + caches = vring_get_region_caches(vq); |
3152 | ++ if (!caches) { |
3153 | ++ goto err; |
3154 | ++ } |
3155 | + |
3156 | + for (;;) { |
3157 | + unsigned int num_bufs = total_bufs; |
3158 | +@@ -1194,6 +1255,10 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, |
3159 | + } |
3160 | + |
3161 | + caches = vring_get_region_caches(vq); |
3162 | ++ if (!caches) { |
3163 | ++ goto err; |
3164 | ++ } |
3165 | ++ |
3166 | + desc_size = virtio_vdev_has_feature(vq->vdev, VIRTIO_F_RING_PACKED) ? |
3167 | + sizeof(VRingPackedDesc) : sizeof(VRingDesc); |
3168 | + if (caches->desc.len < vq->vring.num * desc_size) { |
3169 | +@@ -1387,6 +1452,11 @@ static void *virtqueue_split_pop(VirtQueue *vq, size_t sz) |
3170 | + i = head; |
3171 | + |
3172 | + caches = vring_get_region_caches(vq); |
3173 | ++ if (!caches) { |
3174 | ++ virtio_error(vdev, "Region caches not initialized"); |
3175 | ++ goto done; |
3176 | ++ } |
3177 | ++ |
3178 | + if (caches->desc.len < max * sizeof(VRingDesc)) { |
3179 | + virtio_error(vdev, "Cannot map descriptor ring"); |
3180 | + goto done; |
3181 | +@@ -1509,6 +1579,11 @@ static void *virtqueue_packed_pop(VirtQueue *vq, size_t sz) |
3182 | + i = vq->last_avail_idx; |
3183 | + |
3184 | + caches = vring_get_region_caches(vq); |
3185 | ++ if (!caches) { |
3186 | ++ virtio_error(vdev, "Region caches not initialized"); |
3187 | ++ goto done; |
3188 | ++ } |
3189 | ++ |
3190 | + if (caches->desc.len < max * sizeof(VRingDesc)) { |
3191 | + virtio_error(vdev, "Cannot map descriptor ring"); |
3192 | + goto done; |
3193 | +@@ -1628,6 +1703,10 @@ static unsigned int virtqueue_packed_drop_all(VirtQueue *vq) |
3194 | + VRingPackedDesc desc; |
3195 | + |
3196 | + caches = vring_get_region_caches(vq); |
3197 | ++ if (!caches) { |
3198 | ++ return 0; |
3199 | ++ } |
3200 | ++ |
3201 | + desc_cache = &caches->desc; |
3202 | + |
3203 | + virtio_queue_set_notification(vq, 0); |
3204 | +@@ -2412,6 +2491,10 @@ static bool virtio_packed_should_notify(VirtIODevice *vdev, VirtQueue *vq) |
3205 | + VRingMemoryRegionCaches *caches; |
3206 | + |
3207 | + caches = vring_get_region_caches(vq); |
3208 | ++ if (!caches) { |
3209 | ++ return false; |
3210 | ++ } |
3211 | ++ |
3212 | + vring_packed_event_read(vdev, &caches->avail, &e); |
3213 | + |
3214 | + old = vq->signalled_used; |
3215 | +-- |
3216 | +2.25.1 |
3217 | + |
3218 | diff --git a/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch b/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch |
3219 | new file mode 100644 |
3220 | index 0000000..d18b0ee |
3221 | --- /dev/null |
3222 | +++ b/debian/patches/stable/lp-1867519-virtio-mmio-update-queue-size-on-guest-write.patch |
3223 | @@ -0,0 +1,40 @@ |
3224 | +From 1049f4c62c4070618cc5defc9963c6a17ae7a5ae Mon Sep 17 00:00:00 2001 |
3225 | +From: Denis Plotnikov <dplotnikov@virtuozzo.com> |
3226 | +Date: Tue, 24 Dec 2019 11:14:46 +0300 |
3227 | +Subject: [PATCH] virtio-mmio: update queue size on guest write |
3228 | + |
3229 | +Some guests read back queue size after writing it. |
3230 | +Always update the on size write otherwise they might be confused. |
3231 | + |
3232 | +Cc: qemu-stable@nongnu.org |
3233 | +Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com> |
3234 | +Message-Id: <20191224081446.17003-1-dplotnikov@virtuozzo.com> |
3235 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
3236 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3237 | + |
3238 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=1049f4c62c4070618cc5defc9963c6a17ae7a5ae |
3239 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
3240 | +Last-Update: 2020-03-18 |
3241 | + |
3242 | +--- |
3243 | + hw/virtio/virtio-mmio.c | 3 ++- |
3244 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
3245 | + |
3246 | +diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c |
3247 | +index ef40b7a9b2..872f2cd237 100644 |
3248 | +--- a/hw/virtio/virtio-mmio.c |
3249 | ++++ b/hw/virtio/virtio-mmio.c |
3250 | +@@ -308,8 +308,9 @@ static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value, |
3251 | + break; |
3252 | + case VIRTIO_MMIO_QUEUE_NUM: |
3253 | + trace_virtio_mmio_queue_write(value, VIRTQUEUE_MAX_SIZE); |
3254 | ++ virtio_queue_set_num(vdev, vdev->queue_sel, value); |
3255 | ++ |
3256 | + if (proxy->legacy) { |
3257 | +- virtio_queue_set_num(vdev, vdev->queue_sel, value); |
3258 | + virtio_queue_update_rings(vdev, vdev->queue_sel); |
3259 | + } else { |
3260 | + proxy->vqs[vdev->queue_sel].num = value; |
3261 | +-- |
3262 | +2.25.1 |
3263 | + |
3264 | diff --git a/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch b/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch |
3265 | new file mode 100644 |
3266 | index 0000000..1db89ff |
3267 | --- /dev/null |
3268 | +++ b/debian/patches/stable/lp-1867519-virtio-net-delete-also-control-queue-when-TX-RX-dele.patch |
3269 | @@ -0,0 +1,41 @@ |
3270 | +From d945d9f1731244ef341f74ede93120fc9de35913 Mon Sep 17 00:00:00 2001 |
3271 | +From: Yuri Benditovich <yuri.benditovich@daynix.com> |
3272 | +Date: Thu, 26 Dec 2019 06:36:49 +0200 |
3273 | +Subject: [PATCH] virtio-net: delete also control queue when TX/RX deleted |
3274 | + |
3275 | +https://bugzilla.redhat.com/show_bug.cgi?id=1708480 |
3276 | +If the control queue is not deleted together with TX/RX, it |
3277 | +later will be ignored in freeing cache resources and hot |
3278 | +unplug will not be completed. |
3279 | + |
3280 | +Cc: qemu-stable@nongnu.org |
3281 | +Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com> |
3282 | +Message-Id: <20191226043649.14481-3-yuri.benditovich@daynix.com> |
3283 | +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
3284 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3285 | + |
3286 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d945d9f1731244ef341f74ede93120fc9de35913 |
3287 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
3288 | +Last-Update: 2020-03-18 |
3289 | + |
3290 | +--- |
3291 | + hw/net/virtio-net.c | 3 ++- |
3292 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
3293 | + |
3294 | +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c |
3295 | +index db3d7c38e6..f325440d01 100644 |
3296 | +--- a/hw/net/virtio-net.c |
3297 | ++++ b/hw/net/virtio-net.c |
3298 | +@@ -3101,7 +3101,8 @@ static void virtio_net_device_unrealize(DeviceState *dev, Error **errp) |
3299 | + for (i = 0; i < max_queues; i++) { |
3300 | + virtio_net_del_queue(n, i); |
3301 | + } |
3302 | +- |
3303 | ++ /* delete also control vq */ |
3304 | ++ virtio_del_queue(vdev, max_queues * 2); |
3305 | + qemu_announce_timer_del(&n->announce_timer, false); |
3306 | + g_free(n->vqs); |
3307 | + qemu_del_nic(n->nic); |
3308 | +-- |
3309 | +2.25.1 |
3310 | + |
3311 | diff --git a/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch b/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch |
3312 | new file mode 100644 |
3313 | index 0000000..da81c2c |
3314 | --- /dev/null |
3315 | +++ b/debian/patches/stable/lp-1867519-virtio-update-queue-size-on-guest-write.patch |
3316 | @@ -0,0 +1,40 @@ |
3317 | +From d0c5f643383b9e84316f148affff368ac33d75b9 Mon Sep 17 00:00:00 2001 |
3318 | +From: "Michael S. Tsirkin" <mst@redhat.com> |
3319 | +Date: Fri, 13 Dec 2019 09:22:48 -0500 |
3320 | +Subject: [PATCH] virtio: update queue size on guest write |
3321 | + |
3322 | +Some guests read back queue size after writing it. |
3323 | +Update the size immediatly upon write otherwise |
3324 | +they get confused. |
3325 | + |
3326 | +In particular this is the case for seabios. |
3327 | + |
3328 | +Reported-by: Roman Kagan <rkagan@virtuozzo.com> |
3329 | +Suggested-by: Denis Plotnikov <dplotnikov@virtuozzo.com> |
3330 | +Cc: qemu-stable@nongnu.org |
3331 | +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
3332 | + |
3333 | +Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=d0c5f643383b9e84316f148affff368ac33d75b9 |
3334 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1867519 |
3335 | +Last-Update: 2020-03-18 |
3336 | + |
3337 | +--- |
3338 | + hw/virtio/virtio-pci.c | 2 ++ |
3339 | + 1 file changed, 2 insertions(+) |
3340 | + |
3341 | +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c |
3342 | +index c6b47a9c73..e5c759e19e 100644 |
3343 | +--- a/hw/virtio/virtio-pci.c |
3344 | ++++ b/hw/virtio/virtio-pci.c |
3345 | +@@ -1256,6 +1256,8 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr, |
3346 | + break; |
3347 | + case VIRTIO_PCI_COMMON_Q_SIZE: |
3348 | + proxy->vqs[vdev->queue_sel].num = val; |
3349 | ++ virtio_queue_set_num(vdev, vdev->queue_sel, |
3350 | ++ proxy->vqs[vdev->queue_sel].num); |
3351 | + break; |
3352 | + case VIRTIO_PCI_COMMON_Q_MSIX: |
3353 | + msix_vector_unuse(&proxy->pci_dev, |
3354 | +-- |
3355 | +2.25.1 |
3356 | + |
3357 | diff --git a/debian/patches/ubuntu/expose-vmx_qemu64cpu.patch b/debian/patches/ubuntu/expose-vmx_qemu64cpu.patch |
3358 | deleted file mode 100644 |
3359 | index 5694cd4..0000000 |
3360 | --- a/debian/patches/ubuntu/expose-vmx_qemu64cpu.patch |
3361 | +++ /dev/null |
3362 | @@ -1,17 +0,0 @@ |
3363 | -Description: Expose VMX cpuid feature to the default "qemu64" CPU type, |
3364 | - supporting Intel compatible VMX nested virtualization. |
3365 | -Author: Dave Walker (Daviey) <DaveWalker@ubuntu.com> |
3366 | - |
3367 | -Index: qemu/target/i386/cpu.c |
3368 | -=================================================================== |
3369 | ---- qemu.orig/target/i386/cpu.c |
3370 | -+++ qemu/target/i386/cpu.c |
3371 | -@@ -673,7 +673,7 @@ static X86CPUDefinition builtin_x86_defs |
3372 | - CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | |
3373 | - CPUID_PSE36, |
3374 | - .features[FEAT_1_ECX] = |
3375 | -- CPUID_EXT_SSE3 | CPUID_EXT_CX16, |
3376 | -+ CPUID_EXT_SSE3 | CPUID_EXT_CX16 | CPUID_EXT_VMX, |
3377 | - .features[FEAT_8000_0001_EDX] = |
3378 | - CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX, |
3379 | - .features[FEAT_8000_0001_ECX] = |
3380 | diff --git a/debian/patches/ubuntu/lp-1835546-Sync-pv.patch b/debian/patches/ubuntu/lp-1835546-Sync-pv.patch |
3381 | new file mode 100644 |
3382 | index 0000000..0324a8c |
3383 | --- /dev/null |
3384 | +++ b/debian/patches/ubuntu/lp-1835546-Sync-pv.patch |
3385 | @@ -0,0 +1,98 @@ |
3386 | +From 5081c651c9e12d519597fc2ee6e6162e52051122 Mon Sep 17 00:00:00 2001 |
3387 | +From: Janosch Frank <frankja@linux.ibm.com> |
3388 | +Date: Tue, 25 Feb 2020 06:09:23 -0500 |
3389 | +Subject: [PATCH] Sync pv |
3390 | + |
3391 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
3392 | + |
3393 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
3394 | +Origin: backport, https://github.com/borntraeger/qemu/commit/5081c651c9 |
3395 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
3396 | +Last-Update: 2020-03-20 |
3397 | + |
3398 | +--- |
3399 | + linux-headers/linux/kvm.h | 50 +++++++++++++++++++++++++++++++++++++-- |
3400 | + 1 file changed, 48 insertions(+), 2 deletions(-) |
3401 | + |
3402 | +diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h |
3403 | +index 3d9b18f7f8..18c636070e 100644 |
3404 | +--- a/linux-headers/linux/kvm.h |
3405 | ++++ b/linux-headers/linux/kvm.h |
3406 | +@@ -468,12 +468,17 @@ struct kvm_s390_mem_op { |
3407 | + __u32 size; /* amount of bytes */ |
3408 | + __u32 op; /* type of operation */ |
3409 | + __u64 buf; /* buffer in userspace */ |
3410 | +- __u8 ar; /* the access register number */ |
3411 | +- __u8 reserved[31]; /* should be set to 0 */ |
3412 | ++ union { |
3413 | ++ __u8 ar; /* the access register number */ |
3414 | ++ __u32 sida_offset; /* offset into the sida */ |
3415 | ++ __u8 reserved[32]; /* should be set to 0 */ |
3416 | ++ }; |
3417 | + }; |
3418 | + /* types for kvm_s390_mem_op->op */ |
3419 | + #define KVM_S390_MEMOP_LOGICAL_READ 0 |
3420 | + #define KVM_S390_MEMOP_LOGICAL_WRITE 1 |
3421 | ++#define KVM_S390_MEMOP_SIDA_READ 2 |
3422 | ++#define KVM_S390_MEMOP_SIDA_WRITE 3 |
3423 | + /* flags for kvm_s390_mem_op->flags */ |
3424 | + #define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0) |
3425 | + #define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1) |
3426 | +@@ -1000,6 +1005,8 @@ struct kvm_ppc_resize_hpt { |
3427 | + #define KVM_CAP_PMU_EVENT_FILTER 173 |
3428 | + #define KVM_CAP_ARM_IRQ_LINE_LAYOUT_2 174 |
3429 | + #define KVM_CAP_HYPERV_DIRECT_TLBFLUSH 175 |
3430 | ++#define KVM_CAP_S390_VCPU_RESETS 179 |
3431 | ++#define KVM_CAP_S390_PROTECTED 180 |
3432 | + |
3433 | + #ifdef KVM_CAP_IRQ_ROUTING |
3434 | + |
3435 | +@@ -1461,6 +1468,45 @@ struct kvm_enc_region { |
3436 | + /* Available with KVM_CAP_ARM_SVE */ |
3437 | + #define KVM_ARM_VCPU_FINALIZE _IOW(KVMIO, 0xc2, int) |
3438 | + |
3439 | ++/* Available with KVM_CAP_S390_VCPU_RESETS */ |
3440 | ++#define KVM_S390_NORMAL_RESET _IO(KVMIO, 0xc3) |
3441 | ++#define KVM_S390_CLEAR_RESET _IO(KVMIO, 0xc4) |
3442 | ++ |
3443 | ++struct kvm_s390_pv_sec_parm { |
3444 | ++ __u64 origin; |
3445 | ++ __u64 length; |
3446 | ++}; |
3447 | ++ |
3448 | ++struct kvm_s390_pv_unp { |
3449 | ++ __u64 addr; |
3450 | ++ __u64 size; |
3451 | ++ __u64 tweak; |
3452 | ++}; |
3453 | ++ |
3454 | ++enum pv_cmd_id { |
3455 | ++ KVM_PV_ENABLE, |
3456 | ++ KVM_PV_DISABLE, |
3457 | ++ KVM_PV_VM_SET_SEC_PARMS, |
3458 | ++ KVM_PV_VM_UNPACK, |
3459 | ++ KVM_PV_VM_VERIFY, |
3460 | ++ KVM_PV_VM_PREP_RESET, |
3461 | ++ KVM_PV_VM_UNSHARE_ALL, |
3462 | ++ KVM_PV_VCPU_CREATE, |
3463 | ++ KVM_PV_VCPU_DESTROY, |
3464 | ++}; |
3465 | ++ |
3466 | ++struct kvm_pv_cmd { |
3467 | ++ __u32 cmd; /* Command to be executed */ |
3468 | ++ __u16 rc; /* Ultravisor return code */ |
3469 | ++ __u16 rrc; /* Ultravisor return reason code */ |
3470 | ++ __u64 data; /* Data or address */ |
3471 | ++ __u32 flags; /* flags for future extensions. Must be 0 for now */ |
3472 | ++ __u32 reserved[3]; |
3473 | ++}; |
3474 | ++ |
3475 | ++/* Available with KVM_CAP_S390_PROTECTED */ |
3476 | ++#define KVM_S390_PV_COMMAND _IOWR(KVMIO, 0xc5, struct kvm_pv_cmd) |
3477 | ++ |
3478 | + /* Secure Encrypted Virtualization command */ |
3479 | + enum sev_cmd_id { |
3480 | + /* Guest initialization commands */ |
3481 | +-- |
3482 | +2.25.1 |
3483 | + |
3484 | diff --git a/debian/patches/ubuntu/lp-1835546-pc-bios-s390x-Save-iplb-location-in-lowcore.patch b/debian/patches/ubuntu/lp-1835546-pc-bios-s390x-Save-iplb-location-in-lowcore.patch |
3485 | new file mode 100644 |
3486 | index 0000000..d95587f |
3487 | --- /dev/null |
3488 | +++ b/debian/patches/ubuntu/lp-1835546-pc-bios-s390x-Save-iplb-location-in-lowcore.patch |
3489 | @@ -0,0 +1,138 @@ |
3490 | +From 6c657fba3b138ad43b72e54a3c43a87e170ce615 Mon Sep 17 00:00:00 2001 |
3491 | +From: Janosch Frank <frankja@linux.ibm.com> |
3492 | +Date: Wed, 4 Mar 2020 06:42:31 -0500 |
3493 | +Subject: [PATCH] pc-bios: s390x: Save iplb location in lowcore |
3494 | + |
3495 | +The POP states that for a list directed IPL the IPLB is stored into |
3496 | +memory by the machine loader and its address is stored at offset 0x14 |
3497 | +of the lowcore. |
3498 | + |
3499 | +ZIPL currently uses the address in offset 0x14 to access the IPLB and |
3500 | +acquire flags about secure boot. If the IPLB address points into |
3501 | +memory which has an unsupported mix of flags set, ZIPL will panic |
3502 | +instead of booting the OS. |
3503 | + |
3504 | +As the lowcore can have quite a high entropy for a guest that did drop |
3505 | +out of protected mode (i.e. rebooted) we encountered the ZIPL panic |
3506 | +quite often. |
3507 | + |
3508 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
3509 | +Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com> |
3510 | +Message-Id: <20200304114231.23493-19-frankja@linux.ibm.com> |
3511 | +Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> |
3512 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
3513 | +Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> |
3514 | + |
3515 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
3516 | +Origin: backport, https://github.com/borntraeger/qemu/commit/6c657fba3b |
3517 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
3518 | +Last-Update: 2020-03-20 |
3519 | + |
3520 | +--- |
3521 | + pc-bios/s390-ccw/jump2ipl.c | 1 + |
3522 | + pc-bios/s390-ccw/main.c | 8 +++++++- |
3523 | + pc-bios/s390-ccw/netmain.c | 1 + |
3524 | + pc-bios/s390-ccw/s390-arch.h | 10 ++++++++-- |
3525 | + pc-bios/s390-ccw/s390-ccw.h | 1 + |
3526 | + 5 files changed, 18 insertions(+), 3 deletions(-) |
3527 | + |
3528 | +diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c |
3529 | +index 266f1502b9..1489e5043c 100644 |
3530 | +--- a/pc-bios/s390-ccw/jump2ipl.c |
3531 | ++++ b/pc-bios/s390-ccw/jump2ipl.c |
3532 | +@@ -35,6 +35,7 @@ void jump_to_IPL_code(uint64_t address) |
3533 | + { |
3534 | + /* store the subsystem information _after_ the bootmap was loaded */ |
3535 | + write_subsystem_identification(); |
3536 | ++ write_iplb_location(); |
3537 | + |
3538 | + /* prevent unknown IPL types in the guest */ |
3539 | + if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) { |
3540 | +diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c |
3541 | +index a21b386280..4e65b411e1 100644 |
3542 | +--- a/pc-bios/s390-ccw/main.c |
3543 | ++++ b/pc-bios/s390-ccw/main.c |
3544 | +@@ -9,6 +9,7 @@ |
3545 | + */ |
3546 | + |
3547 | + #include "libc.h" |
3548 | ++#include "helper.h" |
3549 | + #include "s390-arch.h" |
3550 | + #include "s390-ccw.h" |
3551 | + #include "cio.h" |
3552 | +@@ -22,7 +23,7 @@ QemuIplParameters qipl; |
3553 | + IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE))); |
3554 | + static bool have_iplb; |
3555 | + static uint16_t cutype; |
3556 | +-LowCore const *lowcore; /* Yes, this *is* a pointer to address 0 */ |
3557 | ++LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */ |
3558 | + |
3559 | + #define LOADPARM_PROMPT "PROMPT " |
3560 | + #define LOADPARM_EMPTY " " |
3561 | +@@ -42,6 +43,11 @@ void write_subsystem_identification(void) |
3562 | + *zeroes = 0; |
3563 | + } |
3564 | + |
3565 | ++void write_iplb_location(void) |
3566 | ++{ |
3567 | ++ lowcore->ptr_iplb = ptr2u32(&iplb); |
3568 | ++} |
3569 | ++ |
3570 | + void panic(const char *string) |
3571 | + { |
3572 | + sclp_print(string); |
3573 | +diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c |
3574 | +index f2dcc01e27..309ffa30d9 100644 |
3575 | +--- a/pc-bios/s390-ccw/netmain.c |
3576 | ++++ b/pc-bios/s390-ccw/netmain.c |
3577 | +@@ -40,6 +40,7 @@ |
3578 | + #define DEFAULT_TFTP_RETRIES 20 |
3579 | + |
3580 | + extern char _start[]; |
3581 | ++void write_iplb_location(void) {} |
3582 | + |
3583 | + #define KERNEL_ADDR ((void *)0L) |
3584 | + #define KERNEL_MAX_SIZE ((long)_start) |
3585 | +diff --git a/pc-bios/s390-ccw/s390-arch.h b/pc-bios/s390-ccw/s390-arch.h |
3586 | +index 504fc7c2f0..5f36361c02 100644 |
3587 | +--- a/pc-bios/s390-ccw/s390-arch.h |
3588 | ++++ b/pc-bios/s390-ccw/s390-arch.h |
3589 | +@@ -36,7 +36,13 @@ typedef struct LowCore { |
3590 | + /* prefix area: defined by architecture */ |
3591 | + PSWLegacy ipl_psw; /* 0x000 */ |
3592 | + uint32_t ccw1[2]; /* 0x008 */ |
3593 | +- uint32_t ccw2[2]; /* 0x010 */ |
3594 | ++ union { |
3595 | ++ uint32_t ccw2[2]; /* 0x010 */ |
3596 | ++ struct { |
3597 | ++ uint32_t reserved10; |
3598 | ++ uint32_t ptr_iplb; |
3599 | ++ }; |
3600 | ++ }; |
3601 | + uint8_t pad1[0x80 - 0x18]; /* 0x018 */ |
3602 | + uint32_t ext_params; /* 0x080 */ |
3603 | + uint16_t cpu_addr; /* 0x084 */ |
3604 | +@@ -85,7 +91,7 @@ typedef struct LowCore { |
3605 | + PSW io_new_psw; /* 0x1f0 */ |
3606 | + } __attribute__((packed, aligned(8192))) LowCore; |
3607 | + |
3608 | +-extern LowCore const *lowcore; |
3609 | ++extern LowCore *lowcore; |
3610 | + |
3611 | + static inline void set_prefix(uint32_t address) |
3612 | + { |
3613 | +diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h |
3614 | +index 11bce7d73c..21f27e7990 100644 |
3615 | +--- a/pc-bios/s390-ccw/s390-ccw.h |
3616 | ++++ b/pc-bios/s390-ccw/s390-ccw.h |
3617 | +@@ -57,6 +57,7 @@ void consume_io_int(void); |
3618 | + /* main.c */ |
3619 | + void panic(const char *string); |
3620 | + void write_subsystem_identification(void); |
3621 | ++void write_iplb_location(void); |
3622 | + extern char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE))); |
3623 | + unsigned int get_loadparm_index(void); |
3624 | + |
3625 | +-- |
3626 | +2.25.1 |
3627 | + |
3628 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Add-SIDA-memory-ops.patch b/debian/patches/ubuntu/lp-1835546-s390x-Add-SIDA-memory-ops.patch |
3629 | new file mode 100644 |
3630 | index 0000000..ba58e8a |
3631 | --- /dev/null |
3632 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Add-SIDA-memory-ops.patch |
3633 | @@ -0,0 +1,141 @@ |
3634 | +From f3673a4cba21dae20c2a87bd6639a2e03ef7ff39 Mon Sep 17 00:00:00 2001 |
3635 | +From: Janosch Frank <frankja@linux.ibm.com> |
3636 | +Date: Wed, 5 Feb 2020 06:57:35 -0500 |
3637 | +Subject: [PATCH] s390x: Add SIDA memory ops |
3638 | + |
3639 | +Protected guests save the instruction control blocks in the SIDA |
3640 | +instead of QEMU/KVM directly accessing the guest's memory. |
3641 | + |
3642 | +Let's introduce new functions to access the SIDA. |
3643 | + |
3644 | +The memops for doing so are available with KVM_CAP_S390_PROTECTED, so |
3645 | +let's check for that. |
3646 | + |
3647 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
3648 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
3649 | +Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> |
3650 | +Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> |
3651 | +Reviewed-by: Cornelia Huck <cohuck@redhat.com> |
3652 | + |
3653 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
3654 | +Origin: backport, https://github.com/borntraeger/qemu/commit/f3673a4cba |
3655 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
3656 | +Last-Update: 2020-03-20 |
3657 | + |
3658 | +--- |
3659 | + target/s390x/cpu.h | 7 ++++++- |
3660 | + target/s390x/kvm.c | 26 ++++++++++++++++++++++++++ |
3661 | + target/s390x/kvm_s390x.h | 2 ++ |
3662 | + target/s390x/mmu_helper.c | 14 ++++++++++++++ |
3663 | + 4 files changed, 48 insertions(+), 1 deletion(-) |
3664 | + |
3665 | +diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h |
3666 | +index d2af13b345..2ec0f78b48 100644 |
3667 | +--- a/target/s390x/cpu.h |
3668 | ++++ b/target/s390x/cpu.h |
3669 | +@@ -821,7 +821,12 @@ int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf, |
3670 | + #define s390_cpu_virt_mem_check_write(cpu, laddr, ar, len) \ |
3671 | + s390_cpu_virt_mem_rw(cpu, laddr, ar, NULL, len, true) |
3672 | + void s390_cpu_virt_mem_handle_exc(S390CPU *cpu, uintptr_t ra); |
3673 | +- |
3674 | ++int s390_cpu_pv_mem_rw(S390CPU *cpu, unsigned int offset, void *hostbuf, |
3675 | ++ int len, bool is_write); |
3676 | ++#define s390_cpu_pv_mem_read(cpu, offset, dest, len) \ |
3677 | ++ s390_cpu_pv_mem_rw(cpu, offset, dest, len, false) |
3678 | ++#define s390_cpu_pv_mem_write(cpu, offset, dest, len) \ |
3679 | ++ s390_cpu_pv_mem_rw(cpu, offset, dest, len, true) |
3680 | + |
3681 | + /* sigp.c */ |
3682 | + int s390_cpu_restart(S390CPU *cpu); |
3683 | +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c |
3684 | +index abeeaaa674..941e4df630 100644 |
3685 | +--- a/target/s390x/kvm.c |
3686 | ++++ b/target/s390x/kvm.c |
3687 | +@@ -154,6 +154,7 @@ static int cap_ri; |
3688 | + static int cap_gs; |
3689 | + static int cap_hpage_1m; |
3690 | + static int cap_vcpu_resets; |
3691 | ++static int cap_protected; |
3692 | + |
3693 | + static int active_cmma; |
3694 | + |
3695 | +@@ -351,6 +352,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) |
3696 | + cap_mem_op = kvm_check_extension(s, KVM_CAP_S390_MEM_OP); |
3697 | + cap_s390_irq = kvm_check_extension(s, KVM_CAP_S390_INJECT_IRQ); |
3698 | + cap_vcpu_resets = kvm_check_extension(s, KVM_CAP_S390_VCPU_RESETS); |
3699 | ++ cap_protected = kvm_check_extension(s, KVM_CAP_S390_PROTECTED); |
3700 | + |
3701 | + if (!kvm_check_extension(s, KVM_CAP_S390_GMAP) |
3702 | + || !kvm_check_extension(s, KVM_CAP_S390_COW)) { |
3703 | +@@ -848,6 +850,30 @@ int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf, |
3704 | + return ret; |
3705 | + } |
3706 | + |
3707 | ++int kvm_s390_mem_op_pv(S390CPU *cpu, uint64_t offset, void *hostbuf, |
3708 | ++ int len, bool is_write) |
3709 | ++{ |
3710 | ++ struct kvm_s390_mem_op mem_op = { |
3711 | ++ .sida_offset = offset, |
3712 | ++ .size = len, |
3713 | ++ .op = is_write ? KVM_S390_MEMOP_SIDA_WRITE |
3714 | ++ : KVM_S390_MEMOP_SIDA_READ, |
3715 | ++ .buf = (uint64_t)hostbuf, |
3716 | ++ }; |
3717 | ++ int ret; |
3718 | ++ |
3719 | ++ if (!cap_mem_op || !cap_protected) { |
3720 | ++ return -ENOSYS; |
3721 | ++ } |
3722 | ++ |
3723 | ++ ret = kvm_vcpu_ioctl(CPU(cpu), KVM_S390_MEM_OP, &mem_op); |
3724 | ++ if (ret < 0) { |
3725 | ++ error_report("KVM_S390_MEM_OP failed: %s", strerror(-ret)); |
3726 | ++ abort(); |
3727 | ++ } |
3728 | ++ return ret; |
3729 | ++} |
3730 | ++ |
3731 | + /* |
3732 | + * Legacy layout for s390: |
3733 | + * Older S390 KVM requires the topmost vma of the RAM to be |
3734 | +diff --git a/target/s390x/kvm_s390x.h b/target/s390x/kvm_s390x.h |
3735 | +index dea813f450..6ab17c81b7 100644 |
3736 | +--- a/target/s390x/kvm_s390x.h |
3737 | ++++ b/target/s390x/kvm_s390x.h |
3738 | +@@ -19,6 +19,8 @@ void kvm_s390_vcpu_interrupt(S390CPU *cpu, struct kvm_s390_irq *irq); |
3739 | + void kvm_s390_access_exception(S390CPU *cpu, uint16_t code, uint64_t te_code); |
3740 | + int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf, |
3741 | + int len, bool is_write); |
3742 | ++int kvm_s390_mem_op_pv(S390CPU *cpu, vaddr addr, void *hostbuf, int len, |
3743 | ++ bool is_write); |
3744 | + void kvm_s390_program_interrupt(S390CPU *cpu, uint16_t code); |
3745 | + int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state); |
3746 | + void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu); |
3747 | +diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c |
3748 | +index c9f3f34750..ec8befbdc8 100644 |
3749 | +--- a/target/s390x/mmu_helper.c |
3750 | ++++ b/target/s390x/mmu_helper.c |
3751 | +@@ -474,6 +474,20 @@ static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages, |
3752 | + return 0; |
3753 | + } |
3754 | + |
3755 | ++int s390_cpu_pv_mem_rw(S390CPU *cpu, unsigned int offset, void *hostbuf, |
3756 | ++ int len, bool is_write) |
3757 | ++{ |
3758 | ++ int ret; |
3759 | ++ |
3760 | ++ if (kvm_enabled()) { |
3761 | ++ ret = kvm_s390_mem_op_pv(cpu, offset, hostbuf, len, is_write); |
3762 | ++ } else { |
3763 | ++ /* Protected Virtualization is a KVM/Hardware only feature */ |
3764 | ++ g_assert_not_reached(); |
3765 | ++ } |
3766 | ++ return ret; |
3767 | ++} |
3768 | ++ |
3769 | + /** |
3770 | + * s390_cpu_virt_mem_rw: |
3771 | + * @laddr: the logical start address |
3772 | +-- |
3773 | +2.25.1 |
3774 | + |
3775 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Add-missing-vcpu-reset-functions.patch b/debian/patches/ubuntu/lp-1835546-s390x-Add-missing-vcpu-reset-functions.patch |
3776 | new file mode 100644 |
3777 | index 0000000..41595f0 |
3778 | --- /dev/null |
3779 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Add-missing-vcpu-reset-functions.patch |
3780 | @@ -0,0 +1,165 @@ |
3781 | +From cdb7c92623442b8a4052011d20ac46dbc17ab064 Mon Sep 17 00:00:00 2001 |
3782 | +From: Janosch Frank <frankja@linux.ibm.com> |
3783 | +Date: Fri, 14 Feb 2020 10:16:21 -0500 |
3784 | +Subject: [PATCH] s390x: Add missing vcpu reset functions |
3785 | + |
3786 | +Up to now we only had an ioctl to reset vcpu data QEMU couldn't reach |
3787 | +for the initial reset, which was also called for the clear reset. To |
3788 | +be architecture compliant, we also need to clear local interrupts on a |
3789 | +normal reset. |
3790 | + |
3791 | +Because of this and the upcoming protvirt support we need to add |
3792 | +ioctls for the missing clear and normal resets. |
3793 | + |
3794 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
3795 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
3796 | +Acked-by: David Hildenbrand <david@redhat.com> |
3797 | +Message-Id: <20200214151636.8764-3-frankja@linux.ibm.com> |
3798 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
3799 | + |
3800 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
3801 | +Origin: backport, https://github.com/borntraeger/qemu/commit/cdb7c92623 |
3802 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
3803 | +Last-Update: 2020-03-20 |
3804 | + |
3805 | +--- |
3806 | + target/s390x/cpu.c | 14 ++++++++++++-- |
3807 | + target/s390x/kvm-stub.c | 10 +++++++++- |
3808 | + target/s390x/kvm.c | 42 ++++++++++++++++++++++++++++++++-------- |
3809 | + target/s390x/kvm_s390x.h | 4 +++- |
3810 | + 4 files changed, 58 insertions(+), 12 deletions(-) |
3811 | + |
3812 | +diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c |
3813 | +index bd39cb54b7..52fefa1586 100644 |
3814 | +--- a/target/s390x/cpu.c |
3815 | ++++ b/target/s390x/cpu.c |
3816 | +@@ -131,8 +131,18 @@ static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
3817 | + } |
3818 | + |
3819 | + /* Reset state inside the kernel that we cannot access yet from QEMU. */ |
3820 | +- if (kvm_enabled() && type != S390_CPU_RESET_NORMAL) { |
3821 | +- kvm_s390_reset_vcpu(cpu); |
3822 | ++ if (kvm_enabled()) { |
3823 | ++ switch (type) { |
3824 | ++ case S390_CPU_RESET_CLEAR: |
3825 | ++ kvm_s390_reset_vcpu_clear(cpu); |
3826 | ++ break; |
3827 | ++ case S390_CPU_RESET_INITIAL: |
3828 | ++ kvm_s390_reset_vcpu_initial(cpu); |
3829 | ++ break; |
3830 | ++ case S390_CPU_RESET_NORMAL: |
3831 | ++ kvm_s390_reset_vcpu_normal(cpu); |
3832 | ++ break; |
3833 | ++ } |
3834 | + } |
3835 | + } |
3836 | + |
3837 | +diff --git a/target/s390x/kvm-stub.c b/target/s390x/kvm-stub.c |
3838 | +index 5152e2bdf1..c4cd497f85 100644 |
3839 | +--- a/target/s390x/kvm-stub.c |
3840 | ++++ b/target/s390x/kvm-stub.c |
3841 | +@@ -83,7 +83,15 @@ void kvm_s390_cmma_reset(void) |
3842 | + { |
3843 | + } |
3844 | + |
3845 | +-void kvm_s390_reset_vcpu(S390CPU *cpu) |
3846 | ++void kvm_s390_reset_vcpu_initial(S390CPU *cpu) |
3847 | ++{ |
3848 | ++} |
3849 | ++ |
3850 | ++void kvm_s390_reset_vcpu_clear(S390CPU *cpu) |
3851 | ++{ |
3852 | ++} |
3853 | ++ |
3854 | ++void kvm_s390_reset_vcpu_normal(S390CPU *cpu) |
3855 | + { |
3856 | + } |
3857 | + |
3858 | +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c |
3859 | +index ad6e38c876..f633472980 100644 |
3860 | +--- a/target/s390x/kvm.c |
3861 | ++++ b/target/s390x/kvm.c |
3862 | +@@ -151,6 +151,7 @@ static int cap_s390_irq; |
3863 | + static int cap_ri; |
3864 | + static int cap_gs; |
3865 | + static int cap_hpage_1m; |
3866 | ++static int cap_vcpu_resets; |
3867 | + |
3868 | + static int active_cmma; |
3869 | + |
3870 | +@@ -342,6 +343,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) |
3871 | + cap_async_pf = kvm_check_extension(s, KVM_CAP_ASYNC_PF); |
3872 | + cap_mem_op = kvm_check_extension(s, KVM_CAP_S390_MEM_OP); |
3873 | + cap_s390_irq = kvm_check_extension(s, KVM_CAP_S390_INJECT_IRQ); |
3874 | ++ cap_vcpu_resets = kvm_check_extension(s, KVM_CAP_S390_VCPU_RESETS); |
3875 | + |
3876 | + if (!kvm_check_extension(s, KVM_CAP_S390_GMAP) |
3877 | + || !kvm_check_extension(s, KVM_CAP_S390_COW)) { |
3878 | +@@ -403,17 +405,41 @@ int kvm_arch_destroy_vcpu(CPUState *cs) |
3879 | + return 0; |
3880 | + } |
3881 | + |
3882 | +-void kvm_s390_reset_vcpu(S390CPU *cpu) |
3883 | ++static void kvm_s390_reset_vcpu(S390CPU *cpu, unsigned long type) |
3884 | + { |
3885 | + CPUState *cs = CPU(cpu); |
3886 | + |
3887 | +- /* The initial reset call is needed here to reset in-kernel |
3888 | +- * vcpu data that we can't access directly from QEMU |
3889 | +- * (i.e. with older kernels which don't support sync_regs/ONE_REG). |
3890 | +- * Before this ioctl cpu_synchronize_state() is called in common kvm |
3891 | +- * code (kvm-all) */ |
3892 | +- if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) { |
3893 | +- error_report("Initial CPU reset failed on CPU %i", cs->cpu_index); |
3894 | ++ /* |
3895 | ++ * The reset call is needed here to reset in-kernel vcpu data that |
3896 | ++ * we can't access directly from QEMU (i.e. with older kernels |
3897 | ++ * which don't support sync_regs/ONE_REG). Before this ioctl |
3898 | ++ * cpu_synchronize_state() is called in common kvm code |
3899 | ++ * (kvm-all). |
3900 | ++ */ |
3901 | ++ if (kvm_vcpu_ioctl(cs, type)) { |
3902 | ++ error_report("CPU reset failed on CPU %i type %lx", |
3903 | ++ cs->cpu_index, type); |
3904 | ++ } |
3905 | ++} |
3906 | ++ |
3907 | ++void kvm_s390_reset_vcpu_initial(S390CPU *cpu) |
3908 | ++{ |
3909 | ++ kvm_s390_reset_vcpu(cpu, KVM_S390_INITIAL_RESET); |
3910 | ++} |
3911 | ++ |
3912 | ++void kvm_s390_reset_vcpu_clear(S390CPU *cpu) |
3913 | ++{ |
3914 | ++ if (cap_vcpu_resets) { |
3915 | ++ kvm_s390_reset_vcpu(cpu, KVM_S390_CLEAR_RESET); |
3916 | ++ } else { |
3917 | ++ kvm_s390_reset_vcpu(cpu, KVM_S390_INITIAL_RESET); |
3918 | ++ } |
3919 | ++} |
3920 | ++ |
3921 | ++void kvm_s390_reset_vcpu_normal(S390CPU *cpu) |
3922 | ++{ |
3923 | ++ if (cap_vcpu_resets) { |
3924 | ++ kvm_s390_reset_vcpu(cpu, KVM_S390_NORMAL_RESET); |
3925 | + } |
3926 | + } |
3927 | + |
3928 | +diff --git a/target/s390x/kvm_s390x.h b/target/s390x/kvm_s390x.h |
3929 | +index caf985955b..0b21789796 100644 |
3930 | +--- a/target/s390x/kvm_s390x.h |
3931 | ++++ b/target/s390x/kvm_s390x.h |
3932 | +@@ -34,7 +34,9 @@ int kvm_s390_assign_subch_ioeventfd(EventNotifier *notifier, uint32_t sch, |
3933 | + int vq, bool assign); |
3934 | + int kvm_s390_cmma_active(void); |
3935 | + void kvm_s390_cmma_reset(void); |
3936 | +-void kvm_s390_reset_vcpu(S390CPU *cpu); |
3937 | ++void kvm_s390_reset_vcpu_clear(S390CPU *cpu); |
3938 | ++void kvm_s390_reset_vcpu_normal(S390CPU *cpu); |
3939 | ++void kvm_s390_reset_vcpu_initial(S390CPU *cpu); |
3940 | + int kvm_s390_set_mem_limit(uint64_t new_limit, uint64_t *hw_limit); |
3941 | + void kvm_s390_set_max_pagesize(uint64_t pagesize, Error **errp); |
3942 | + void kvm_s390_crypto_reset(void); |
3943 | +-- |
3944 | +2.25.1 |
3945 | + |
3946 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Add-unpack-facility-feature-to-GA1.patch b/debian/patches/ubuntu/lp-1835546-s390x-Add-unpack-facility-feature-to-GA1.patch |
3947 | new file mode 100644 |
3948 | index 0000000..d77477d |
3949 | --- /dev/null |
3950 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Add-unpack-facility-feature-to-GA1.patch |
3951 | @@ -0,0 +1,67 @@ |
3952 | +From 8c284a11c5dd980fd2cea00306c18ea644c0754d Mon Sep 17 00:00:00 2001 |
3953 | +From: Christian Borntraeger <borntraeger@de.ibm.com> |
3954 | +Date: Tue, 25 Feb 2020 06:28:51 -0500 |
3955 | +Subject: [PATCH] s390x: Add unpack facility feature to GA1 |
3956 | + |
3957 | +The unpack facility is an indication that diagnose 308 subcodes 8-10 |
3958 | +are available to the guest. That means, that the guest can put itself |
3959 | +into protected mode. |
3960 | + |
3961 | +Once it is in protected mode, the hardware stops any attempt of VM |
3962 | +introspection by the hypervisor. |
3963 | + |
3964 | +Some features are currently not supported in protected mode: |
3965 | + * vfio devices |
3966 | + * Migration |
3967 | + * Huge page backings |
3968 | + |
3969 | +Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> |
3970 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
3971 | +Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> |
3972 | +Reviewed-by: Cornelia Huck <cohuck@redhat.com> |
3973 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
3974 | + |
3975 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
3976 | +Origin: backport, https://github.com/borntraeger/qemu/commit/8c284a11c5 |
3977 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
3978 | +Last-Update: 2020-03-20 |
3979 | + |
3980 | +--- |
3981 | + target/s390x/gen-features.c | 1 + |
3982 | + target/s390x/kvm.c | 8 ++++++++ |
3983 | + 2 files changed, 9 insertions(+) |
3984 | + |
3985 | +diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c |
3986 | +index 6278845b12..8ddeebc544 100644 |
3987 | +--- a/target/s390x/gen-features.c |
3988 | ++++ b/target/s390x/gen-features.c |
3989 | +@@ -562,6 +562,7 @@ static uint16_t full_GEN15_GA1[] = { |
3990 | + S390_FEAT_GROUP_MSA_EXT_9, |
3991 | + S390_FEAT_GROUP_MSA_EXT_9_PCKMO, |
3992 | + S390_FEAT_ETOKEN, |
3993 | ++ S390_FEAT_UNPACK, |
3994 | + }; |
3995 | + |
3996 | + /* Default features (in order of release) |
3997 | +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c |
3998 | +index d94b915da4..8b82e4c93d 100644 |
3999 | +--- a/target/s390x/kvm.c |
4000 | ++++ b/target/s390x/kvm.c |
4001 | +@@ -2407,6 +2407,14 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp) |
4002 | + clear_bit(S390_FEAT_BPB, model->features); |
4003 | + } |
4004 | + |
4005 | ++ /* |
4006 | ++ * If we have support for protected virtualization, indicate |
4007 | ++ * the protected virtualization IPL unpack facility. |
4008 | ++ */ |
4009 | ++ if (cap_protected) { |
4010 | ++ set_bit(S390_FEAT_UNPACK, model->features); |
4011 | ++ } |
4012 | ++ |
4013 | + /* We emulate a zPCI bus and AEN, therefore we don't need HW support */ |
4014 | + set_bit(S390_FEAT_ZPCI, model->features); |
4015 | + set_bit(S390_FEAT_ADAPTER_EVENT_NOTIFICATION, model->features); |
4016 | +-- |
4017 | +2.25.1 |
4018 | + |
4019 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Beautify-diag308-handling.patch b/debian/patches/ubuntu/lp-1835546-s390x-Beautify-diag308-handling.patch |
4020 | new file mode 100644 |
4021 | index 0000000..ab401a1 |
4022 | --- /dev/null |
4023 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Beautify-diag308-handling.patch |
4024 | @@ -0,0 +1,119 @@ |
4025 | +From 4fb238b4b0ba7ba6d42d5d7e1f3da27e619e872c Mon Sep 17 00:00:00 2001 |
4026 | +From: Janosch Frank <frankja@linux.ibm.com> |
4027 | +Date: Wed, 27 Nov 2019 12:50:45 -0500 |
4028 | +Subject: [PATCH] s390x: Beautify diag308 handling |
4029 | + |
4030 | +Let's improve readability by: |
4031 | +* Using constants for the subcodes |
4032 | +* Moving parameter checking into a function |
4033 | +* Removing subcode > 6 check as the default case catches that |
4034 | + |
4035 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4036 | +Reviewed-by: Cornelia Huck <cohuck@redhat.com> |
4037 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
4038 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4039 | +Message-Id: <20191127175046.4911-6-frankja@linux.ibm.com> |
4040 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
4041 | + |
4042 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4043 | +Origin: backport, https://github.com/borntraeger/qemu/commit/4fb238b4b0 |
4044 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4045 | +Last-Update: 2020-03-20 |
4046 | + |
4047 | +--- |
4048 | + target/s390x/diag.c | 54 +++++++++++++++++++++++++++------------------ |
4049 | + 1 file changed, 32 insertions(+), 22 deletions(-) |
4050 | + |
4051 | +diff --git a/target/s390x/diag.c b/target/s390x/diag.c |
4052 | +index 0c81d8e1ef..54e5670b3f 100644 |
4053 | +--- a/target/s390x/diag.c |
4054 | ++++ b/target/s390x/diag.c |
4055 | +@@ -53,6 +53,29 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3) |
4056 | + #define DIAG_308_RC_NO_CONF 0x0102 |
4057 | + #define DIAG_308_RC_INVALID 0x0402 |
4058 | + |
4059 | ++#define DIAG308_RESET_MOD_CLR 0 |
4060 | ++#define DIAG308_RESET_LOAD_NORM 1 |
4061 | ++#define DIAG308_LOAD_CLEAR 3 |
4062 | ++#define DIAG308_LOAD_NORMAL_DUMP 4 |
4063 | ++#define DIAG308_SET 5 |
4064 | ++#define DIAG308_STORE 6 |
4065 | ++ |
4066 | ++static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr, |
4067 | ++ uintptr_t ra, bool write) |
4068 | ++{ |
4069 | ++ if ((r1 & 1) || (addr & ~TARGET_PAGE_MASK)) { |
4070 | ++ s390_program_interrupt(env, PGM_SPECIFICATION, ra); |
4071 | ++ return -1; |
4072 | ++ } |
4073 | ++ if (!address_space_access_valid(&address_space_memory, addr, |
4074 | ++ sizeof(IplParameterBlock), write, |
4075 | ++ MEMTXATTRS_UNSPECIFIED)) { |
4076 | ++ s390_program_interrupt(env, PGM_ADDRESSING, ra); |
4077 | ++ return -1; |
4078 | ++ } |
4079 | ++ return 0; |
4080 | ++} |
4081 | ++ |
4082 | + void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra) |
4083 | + { |
4084 | + CPUState *cs = env_cpu(env); |
4085 | +@@ -65,30 +88,24 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra) |
4086 | + return; |
4087 | + } |
4088 | + |
4089 | +- if ((subcode & ~0x0ffffULL) || (subcode > 6)) { |
4090 | ++ if (subcode & ~0x0ffffULL) { |
4091 | + s390_program_interrupt(env, PGM_SPECIFICATION, ra); |
4092 | + return; |
4093 | + } |
4094 | + |
4095 | + switch (subcode) { |
4096 | +- case 0: |
4097 | ++ case DIAG308_RESET_MOD_CLR: |
4098 | + s390_ipl_reset_request(cs, S390_RESET_MODIFIED_CLEAR); |
4099 | + break; |
4100 | +- case 1: |
4101 | ++ case DIAG308_RESET_LOAD_NORM: |
4102 | + s390_ipl_reset_request(cs, S390_RESET_LOAD_NORMAL); |
4103 | + break; |
4104 | +- case 3: |
4105 | ++ case DIAG308_LOAD_CLEAR: |
4106 | ++ /* Well we still lack the clearing bit... */ |
4107 | + s390_ipl_reset_request(cs, S390_RESET_REIPL); |
4108 | + break; |
4109 | +- case 5: |
4110 | +- if ((r1 & 1) || (addr & 0x0fffULL)) { |
4111 | +- s390_program_interrupt(env, PGM_SPECIFICATION, ra); |
4112 | +- return; |
4113 | +- } |
4114 | +- if (!address_space_access_valid(&address_space_memory, addr, |
4115 | +- sizeof(IplParameterBlock), false, |
4116 | +- MEMTXATTRS_UNSPECIFIED)) { |
4117 | +- s390_program_interrupt(env, PGM_ADDRESSING, ra); |
4118 | ++ case DIAG308_SET: |
4119 | ++ if (diag308_parm_check(env, r1, addr, ra, false)) { |
4120 | + return; |
4121 | + } |
4122 | + iplb = g_new0(IplParameterBlock, 1); |
4123 | +@@ -110,15 +127,8 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra) |
4124 | + out: |
4125 | + g_free(iplb); |
4126 | + return; |
4127 | +- case 6: |
4128 | +- if ((r1 & 1) || (addr & 0x0fffULL)) { |
4129 | +- s390_program_interrupt(env, PGM_SPECIFICATION, ra); |
4130 | +- return; |
4131 | +- } |
4132 | +- if (!address_space_access_valid(&address_space_memory, addr, |
4133 | +- sizeof(IplParameterBlock), true, |
4134 | +- MEMTXATTRS_UNSPECIFIED)) { |
4135 | +- s390_program_interrupt(env, PGM_ADDRESSING, ra); |
4136 | ++ case DIAG308_STORE: |
4137 | ++ if (diag308_parm_check(env, r1, addr, ra, true)) { |
4138 | + return; |
4139 | + } |
4140 | + iplb = s390_ipl_get_iplb(); |
4141 | +-- |
4142 | +2.25.1 |
4143 | + |
4144 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Don-t-do-a-normal-reset-on-the-initial-cpu.patch b/debian/patches/ubuntu/lp-1835546-s390x-Don-t-do-a-normal-reset-on-the-initial-cpu.patch |
4145 | new file mode 100644 |
4146 | index 0000000..0f0d987 |
4147 | --- /dev/null |
4148 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Don-t-do-a-normal-reset-on-the-initial-cpu.patch |
4149 | @@ -0,0 +1,41 @@ |
4150 | +From c300ee105ad5458eb9f8d302e54d8f3cc70963fd Mon Sep 17 00:00:00 2001 |
4151 | +From: Janosch Frank <frankja@linux.ibm.com> |
4152 | +Date: Wed, 27 Nov 2019 12:50:41 -0500 |
4153 | +Subject: [PATCH] s390x: Don't do a normal reset on the initial cpu |
4154 | + |
4155 | +The initiating cpu needs to be reset with an initial reset. While |
4156 | +doing a normal reset followed by a initial reset is not wrong per se, |
4157 | +the Ultravisor will only allow the correct reset to be performed. |
4158 | + |
4159 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4160 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4161 | +Reviewed-by: Cornelia Huck <cohuck@redhat.com> |
4162 | +Message-Id: <20191127175046.4911-2-frankja@linux.ibm.com> |
4163 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
4164 | + |
4165 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4166 | +Origin: backport, https://github.com/borntraeger/qemu/commit/c300ee105a |
4167 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4168 | +Last-Update: 2020-03-20 |
4169 | + |
4170 | +--- |
4171 | + hw/s390x/s390-virtio-ccw.c | 3 +++ |
4172 | + 1 file changed, 3 insertions(+) |
4173 | + |
4174 | +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c |
4175 | +index d3edeef0ad..c1d1440272 100644 |
4176 | +--- a/hw/s390x/s390-virtio-ccw.c |
4177 | ++++ b/hw/s390x/s390-virtio-ccw.c |
4178 | +@@ -348,6 +348,9 @@ static void s390_machine_reset(MachineState *machine) |
4179 | + break; |
4180 | + case S390_RESET_LOAD_NORMAL: |
4181 | + CPU_FOREACH(t) { |
4182 | ++ if (t == cs) { |
4183 | ++ continue; |
4184 | ++ } |
4185 | + run_on_cpu(t, s390_do_cpu_reset, RUN_ON_CPU_NULL); |
4186 | + } |
4187 | + subsystem_reset(); |
4188 | +-- |
4189 | +2.25.1 |
4190 | + |
4191 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Move-clear-reset.patch b/debian/patches/ubuntu/lp-1835546-s390x-Move-clear-reset.patch |
4192 | new file mode 100644 |
4193 | index 0000000..ac56ad5 |
4194 | --- /dev/null |
4195 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Move-clear-reset.patch |
4196 | @@ -0,0 +1,135 @@ |
4197 | +From af3f6e479284aa297ad2a85bb3eab305376d138a Mon Sep 17 00:00:00 2001 |
4198 | +From: Janosch Frank <frankja@linux.ibm.com> |
4199 | +Date: Wed, 27 Nov 2019 12:50:44 -0500 |
4200 | +Subject: [PATCH] s390x: Move clear reset |
4201 | + |
4202 | +Let's also move the clear reset function into the reset handler. |
4203 | + |
4204 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4205 | +Message-Id: <20191127175046.4911-5-frankja@linux.ibm.com> |
4206 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4207 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
4208 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
4209 | + |
4210 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4211 | +Origin: backport, https://github.com/borntraeger/qemu/commit/af3f6e4792 |
4212 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4213 | +Last-Update: 2020-03-20 |
4214 | + |
4215 | +--- |
4216 | + target/s390x/cpu-qom.h | 1 + |
4217 | + target/s390x/cpu.c | 58 +++++++++++++----------------------------- |
4218 | + 2 files changed, 18 insertions(+), 41 deletions(-) |
4219 | + |
4220 | +diff --git a/target/s390x/cpu-qom.h b/target/s390x/cpu-qom.h |
4221 | +index 6f0a12042e..dbe5346ec9 100644 |
4222 | +--- a/target/s390x/cpu-qom.h |
4223 | ++++ b/target/s390x/cpu-qom.h |
4224 | +@@ -37,6 +37,7 @@ typedef struct S390CPUDef S390CPUDef; |
4225 | + typedef enum cpu_reset_type { |
4226 | + S390_CPU_RESET_NORMAL, |
4227 | + S390_CPU_RESET_INITIAL, |
4228 | ++ S390_CPU_RESET_CLEAR, |
4229 | + } cpu_reset_type; |
4230 | + |
4231 | + /** |
4232 | +diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c |
4233 | +index ca62fe7685..bd39cb54b7 100644 |
4234 | +--- a/target/s390x/cpu.c |
4235 | ++++ b/target/s390x/cpu.c |
4236 | +@@ -94,6 +94,9 @@ static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
4237 | + s390_cpu_set_state(S390_CPU_STATE_STOPPED, cpu); |
4238 | + |
4239 | + switch (type) { |
4240 | ++ case S390_CPU_RESET_CLEAR: |
4241 | ++ memset(env, 0, offsetof(CPUS390XState, start_initial_reset_fields)); |
4242 | ++ /* fall through */ |
4243 | + case S390_CPU_RESET_INITIAL: |
4244 | + /* initial reset does not clear everything! */ |
4245 | + memset(&env->start_initial_reset_fields, 0, |
4246 | +@@ -107,6 +110,14 @@ static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
4247 | + env->cregs[0] = CR0_RESET; |
4248 | + env->cregs[14] = CR14_RESET; |
4249 | + |
4250 | ++#if defined(CONFIG_USER_ONLY) |
4251 | ++ /* user mode should always be allowed to use the full FPU */ |
4252 | ++ env->cregs[0] |= CR0_AFP; |
4253 | ++ if (s390_has_feat(S390_FEAT_VECTOR)) { |
4254 | ++ env->cregs[0] |= CR0_VECTOR; |
4255 | ++ } |
4256 | ++#endif |
4257 | ++ |
4258 | + /* tininess for underflow is detected before rounding */ |
4259 | + set_float_detect_tininess(float_tininess_before_rounding, |
4260 | + &env->fpu_status); |
4261 | +@@ -125,46 +136,6 @@ static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
4262 | + } |
4263 | + } |
4264 | + |
4265 | +-/* CPUClass:reset() */ |
4266 | +-static void s390_cpu_full_reset(CPUState *s) |
4267 | +-{ |
4268 | +- S390CPU *cpu = S390_CPU(s); |
4269 | +- S390CPUClass *scc = S390_CPU_GET_CLASS(cpu); |
4270 | +- CPUS390XState *env = &cpu->env; |
4271 | +- |
4272 | +- scc->parent_reset(s); |
4273 | +- cpu->env.sigp_order = 0; |
4274 | +- s390_cpu_set_state(S390_CPU_STATE_STOPPED, cpu); |
4275 | +- |
4276 | +- memset(env, 0, offsetof(CPUS390XState, end_reset_fields)); |
4277 | +- |
4278 | +- /* architectured initial values for CR 0 and 14 */ |
4279 | +- env->cregs[0] = CR0_RESET; |
4280 | +- env->cregs[14] = CR14_RESET; |
4281 | +- |
4282 | +-#if defined(CONFIG_USER_ONLY) |
4283 | +- /* user mode should always be allowed to use the full FPU */ |
4284 | +- env->cregs[0] |= CR0_AFP; |
4285 | +- if (s390_has_feat(S390_FEAT_VECTOR)) { |
4286 | +- env->cregs[0] |= CR0_VECTOR; |
4287 | +- } |
4288 | +-#endif |
4289 | +- |
4290 | +- /* architectured initial value for Breaking-Event-Address register */ |
4291 | +- env->gbea = 1; |
4292 | +- |
4293 | +- env->pfault_token = -1UL; |
4294 | +- |
4295 | +- /* tininess for underflow is detected before rounding */ |
4296 | +- set_float_detect_tininess(float_tininess_before_rounding, |
4297 | +- &env->fpu_status); |
4298 | +- |
4299 | +- /* Reset state inside the kernel that we cannot access yet from QEMU. */ |
4300 | +- if (kvm_enabled()) { |
4301 | +- kvm_s390_reset_vcpu(cpu); |
4302 | +- } |
4303 | +-} |
4304 | +- |
4305 | + #if !defined(CONFIG_USER_ONLY) |
4306 | + static void s390_cpu_machine_reset_cb(void *opaque) |
4307 | + { |
4308 | +@@ -456,6 +427,11 @@ static Property s390x_cpu_properties[] = { |
4309 | + DEFINE_PROP_END_OF_LIST() |
4310 | + }; |
4311 | + |
4312 | ++static void s390_cpu_reset_full(CPUState *s) |
4313 | ++{ |
4314 | ++ return s390_cpu_reset(s, S390_CPU_RESET_CLEAR); |
4315 | ++} |
4316 | ++ |
4317 | + static void s390_cpu_class_init(ObjectClass *oc, void *data) |
4318 | + { |
4319 | + S390CPUClass *scc = S390_CPU_CLASS(oc); |
4320 | +@@ -472,7 +448,7 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data) |
4321 | + scc->load_normal = s390_cpu_load_normal; |
4322 | + #endif |
4323 | + scc->reset = s390_cpu_reset; |
4324 | +- cc->reset = s390_cpu_full_reset; |
4325 | ++ cc->reset = s390_cpu_reset_full; |
4326 | + cc->class_by_name = s390_cpu_class_by_name, |
4327 | + cc->has_work = s390_cpu_has_work; |
4328 | + #ifdef CONFIG_TCG |
4329 | +-- |
4330 | +2.25.1 |
4331 | + |
4332 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Move-diagnose-308-subcodes-and-rcs-into-ipl.h.patch b/debian/patches/ubuntu/lp-1835546-s390x-Move-diagnose-308-subcodes-and-rcs-into-ipl.h.patch |
4333 | new file mode 100644 |
4334 | index 0000000..0bee0cb |
4335 | --- /dev/null |
4336 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Move-diagnose-308-subcodes-and-rcs-into-ipl.h.patch |
4337 | @@ -0,0 +1,67 @@ |
4338 | +From f0869bee7c19767fff70794d64f400bb201e82e3 Mon Sep 17 00:00:00 2001 |
4339 | +From: Janosch Frank <frankja@linux.ibm.com> |
4340 | +Date: Fri, 13 Mar 2020 10:35:02 -0400 |
4341 | +Subject: [PATCH] s390x: Move diagnose 308 subcodes and rcs into ipl.h |
4342 | + |
4343 | +They are part of the IPL process, so let's put them into the ipl |
4344 | +header. |
4345 | + |
4346 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4347 | + |
4348 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4349 | +Origin: backport, https://github.com/borntraeger/qemu/commit/f0869bee7c |
4350 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4351 | +Last-Update: 2020-03-20 |
4352 | + |
4353 | +--- |
4354 | + hw/s390x/ipl.h | 11 +++++++++++ |
4355 | + target/s390x/diag.c | 11 ----------- |
4356 | + 2 files changed, 11 insertions(+), 11 deletions(-) |
4357 | + |
4358 | +diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h |
4359 | +index 3e44abe1c6..a5665e6bfd 100644 |
4360 | +--- a/hw/s390x/ipl.h |
4361 | ++++ b/hw/s390x/ipl.h |
4362 | +@@ -159,6 +159,17 @@ struct S390IPLState { |
4363 | + typedef struct S390IPLState S390IPLState; |
4364 | + QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong"); |
4365 | + |
4366 | ++#define DIAG_308_RC_OK 0x0001 |
4367 | ++#define DIAG_308_RC_NO_CONF 0x0102 |
4368 | ++#define DIAG_308_RC_INVALID 0x0402 |
4369 | ++ |
4370 | ++#define DIAG308_RESET_MOD_CLR 0 |
4371 | ++#define DIAG308_RESET_LOAD_NORM 1 |
4372 | ++#define DIAG308_LOAD_CLEAR 3 |
4373 | ++#define DIAG308_LOAD_NORMAL_DUMP 4 |
4374 | ++#define DIAG308_SET 5 |
4375 | ++#define DIAG308_STORE 6 |
4376 | ++ |
4377 | + #define S390_IPL_TYPE_FCP 0x00 |
4378 | + #define S390_IPL_TYPE_CCW 0x02 |
4379 | + #define S390_IPL_TYPE_QEMU_SCSI 0xff |
4380 | +diff --git a/target/s390x/diag.c b/target/s390x/diag.c |
4381 | +index 54e5670b3f..8aba6341f9 100644 |
4382 | +--- a/target/s390x/diag.c |
4383 | ++++ b/target/s390x/diag.c |
4384 | +@@ -49,17 +49,6 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3) |
4385 | + return diag288_class->handle_timer(diag288, func, timeout); |
4386 | + } |
4387 | + |
4388 | +-#define DIAG_308_RC_OK 0x0001 |
4389 | +-#define DIAG_308_RC_NO_CONF 0x0102 |
4390 | +-#define DIAG_308_RC_INVALID 0x0402 |
4391 | +- |
4392 | +-#define DIAG308_RESET_MOD_CLR 0 |
4393 | +-#define DIAG308_RESET_LOAD_NORM 1 |
4394 | +-#define DIAG308_LOAD_CLEAR 3 |
4395 | +-#define DIAG308_LOAD_NORMAL_DUMP 4 |
4396 | +-#define DIAG308_SET 5 |
4397 | +-#define DIAG308_STORE 6 |
4398 | +- |
4399 | + static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr, |
4400 | + uintptr_t ra, bool write) |
4401 | + { |
4402 | +-- |
4403 | +2.25.1 |
4404 | + |
4405 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Move-initial-reset.patch b/debian/patches/ubuntu/lp-1835546-s390x-Move-initial-reset.patch |
4406 | new file mode 100644 |
4407 | index 0000000..05da572 |
4408 | --- /dev/null |
4409 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Move-initial-reset.patch |
4410 | @@ -0,0 +1,148 @@ |
4411 | +From 57b68b74dcb355eee7b1543c70a427d26e04700f Mon Sep 17 00:00:00 2001 |
4412 | +From: Janosch Frank <frankja@linux.ibm.com> |
4413 | +Date: Thu, 28 Nov 2019 03:37:23 -0500 |
4414 | +Subject: [PATCH] s390x: Move initial reset |
4415 | + |
4416 | +Let's move the intial reset into the reset handler and cleanup |
4417 | +afterwards. |
4418 | + |
4419 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4420 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4421 | +Message-Id: <20191128083723.11937-1-frankja@linux.ibm.com> |
4422 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
4423 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
4424 | + |
4425 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4426 | +Origin: backport, https://github.com/borntraeger/qemu/commit/57b68b74dc |
4427 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4428 | +Last-Update: 2020-03-20 |
4429 | + |
4430 | +--- |
4431 | + target/s390x/cpu-qom.h | 2 +- |
4432 | + target/s390x/cpu.c | 46 +++++++++++++++++------------------------- |
4433 | + target/s390x/cpu.h | 2 +- |
4434 | + target/s390x/sigp.c | 2 +- |
4435 | + 4 files changed, 21 insertions(+), 31 deletions(-) |
4436 | + |
4437 | +diff --git a/target/s390x/cpu-qom.h b/target/s390x/cpu-qom.h |
4438 | +index f3b71bac67..6f0a12042e 100644 |
4439 | +--- a/target/s390x/cpu-qom.h |
4440 | ++++ b/target/s390x/cpu-qom.h |
4441 | +@@ -36,6 +36,7 @@ typedef struct S390CPUDef S390CPUDef; |
4442 | + |
4443 | + typedef enum cpu_reset_type { |
4444 | + S390_CPU_RESET_NORMAL, |
4445 | ++ S390_CPU_RESET_INITIAL, |
4446 | + } cpu_reset_type; |
4447 | + |
4448 | + /** |
4449 | +@@ -62,7 +63,6 @@ typedef struct S390CPUClass { |
4450 | + void (*parent_reset)(CPUState *cpu); |
4451 | + void (*load_normal)(CPUState *cpu); |
4452 | + void (*reset)(CPUState *cpu, cpu_reset_type type); |
4453 | +- void (*initial_cpu_reset)(CPUState *cpu); |
4454 | + } S390CPUClass; |
4455 | + |
4456 | + typedef struct S390CPU S390CPU; |
4457 | +diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c |
4458 | +index 67d6fbfa44..ca62fe7685 100644 |
4459 | +--- a/target/s390x/cpu.c |
4460 | ++++ b/target/s390x/cpu.c |
4461 | +@@ -94,6 +94,23 @@ static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
4462 | + s390_cpu_set_state(S390_CPU_STATE_STOPPED, cpu); |
4463 | + |
4464 | + switch (type) { |
4465 | ++ case S390_CPU_RESET_INITIAL: |
4466 | ++ /* initial reset does not clear everything! */ |
4467 | ++ memset(&env->start_initial_reset_fields, 0, |
4468 | ++ offsetof(CPUS390XState, end_reset_fields) - |
4469 | ++ offsetof(CPUS390XState, start_initial_reset_fields)); |
4470 | ++ |
4471 | ++ /* architectured initial value for Breaking-Event-Address register */ |
4472 | ++ env->gbea = 1; |
4473 | ++ |
4474 | ++ /* architectured initial values for CR 0 and 14 */ |
4475 | ++ env->cregs[0] = CR0_RESET; |
4476 | ++ env->cregs[14] = CR14_RESET; |
4477 | ++ |
4478 | ++ /* tininess for underflow is detected before rounding */ |
4479 | ++ set_float_detect_tininess(float_tininess_before_rounding, |
4480 | ++ &env->fpu_status); |
4481 | ++ /* fall through */ |
4482 | + case S390_CPU_RESET_NORMAL: |
4483 | + env->pfault_token = -1UL; |
4484 | + env->bpbc = false; |
4485 | +@@ -101,35 +118,9 @@ static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
4486 | + default: |
4487 | + g_assert_not_reached(); |
4488 | + } |
4489 | +-} |
4490 | +- |
4491 | +-/* S390CPUClass::initial_reset() */ |
4492 | +-static void s390_cpu_initial_reset(CPUState *s) |
4493 | +-{ |
4494 | +- S390CPU *cpu = S390_CPU(s); |
4495 | +- CPUS390XState *env = &cpu->env; |
4496 | +- |
4497 | +- s390_cpu_reset(s, S390_CPU_RESET_NORMAL); |
4498 | +- /* initial reset does not clear everything! */ |
4499 | +- memset(&env->start_initial_reset_fields, 0, |
4500 | +- offsetof(CPUS390XState, end_reset_fields) - |
4501 | +- offsetof(CPUS390XState, start_initial_reset_fields)); |
4502 | +- |
4503 | +- /* architectured initial values for CR 0 and 14 */ |
4504 | +- env->cregs[0] = CR0_RESET; |
4505 | +- env->cregs[14] = CR14_RESET; |
4506 | +- |
4507 | +- /* architectured initial value for Breaking-Event-Address register */ |
4508 | +- env->gbea = 1; |
4509 | +- |
4510 | +- env->pfault_token = -1UL; |
4511 | +- |
4512 | +- /* tininess for underflow is detected before rounding */ |
4513 | +- set_float_detect_tininess(float_tininess_before_rounding, |
4514 | +- &env->fpu_status); |
4515 | + |
4516 | + /* Reset state inside the kernel that we cannot access yet from QEMU. */ |
4517 | +- if (kvm_enabled()) { |
4518 | ++ if (kvm_enabled() && type != S390_CPU_RESET_NORMAL) { |
4519 | + kvm_s390_reset_vcpu(cpu); |
4520 | + } |
4521 | + } |
4522 | +@@ -481,7 +472,6 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data) |
4523 | + scc->load_normal = s390_cpu_load_normal; |
4524 | + #endif |
4525 | + scc->reset = s390_cpu_reset; |
4526 | +- scc->initial_cpu_reset = s390_cpu_initial_reset; |
4527 | + cc->reset = s390_cpu_full_reset; |
4528 | + cc->class_by_name = s390_cpu_class_by_name, |
4529 | + cc->has_work = s390_cpu_has_work; |
4530 | +diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h |
4531 | +index 18123dfd5b..d2af13b345 100644 |
4532 | +--- a/target/s390x/cpu.h |
4533 | ++++ b/target/s390x/cpu.h |
4534 | +@@ -748,7 +748,7 @@ static inline void s390_do_cpu_initial_reset(CPUState *cs, run_on_cpu_data arg) |
4535 | + { |
4536 | + S390CPUClass *scc = S390_CPU_GET_CLASS(cs); |
4537 | + |
4538 | +- scc->initial_cpu_reset(cs); |
4539 | ++ scc->reset(cs, S390_CPU_RESET_INITIAL); |
4540 | + } |
4541 | + |
4542 | + static inline void s390_do_cpu_load_normal(CPUState *cs, run_on_cpu_data arg) |
4543 | +diff --git a/target/s390x/sigp.c b/target/s390x/sigp.c |
4544 | +index 850139b9cd..727875bb4a 100644 |
4545 | +--- a/target/s390x/sigp.c |
4546 | ++++ b/target/s390x/sigp.c |
4547 | +@@ -254,7 +254,7 @@ static void sigp_initial_cpu_reset(CPUState *cs, run_on_cpu_data arg) |
4548 | + SigpInfo *si = arg.host_ptr; |
4549 | + |
4550 | + cpu_synchronize_state(cs); |
4551 | +- scc->initial_cpu_reset(cs); |
4552 | ++ scc->reset(cs, S390_CPU_RESET_INITIAL); |
4553 | + cpu_synchronize_post_reset(cs); |
4554 | + si->cc = SIGP_CC_ORDER_CODE_ACCEPTED; |
4555 | + } |
4556 | +-- |
4557 | +2.25.1 |
4558 | + |
4559 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-Move-reset-normal-to-shared-reset-handler.patch b/debian/patches/ubuntu/lp-1835546-s390x-Move-reset-normal-to-shared-reset-handler.patch |
4560 | new file mode 100644 |
4561 | index 0000000..daed72a |
4562 | --- /dev/null |
4563 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-Move-reset-normal-to-shared-reset-handler.patch |
4564 | @@ -0,0 +1,134 @@ |
4565 | +From bae87d827e0f158900ef25fb6015fa8d535a6c94 Mon Sep 17 00:00:00 2001 |
4566 | +From: Janosch Frank <frankja@linux.ibm.com> |
4567 | +Date: Wed, 27 Nov 2019 12:50:42 -0500 |
4568 | +Subject: [PATCH] s390x: Move reset normal to shared reset handler |
4569 | + |
4570 | +Let's start moving the cpu reset functions into a single function with |
4571 | +a switch/case, so we can later use fallthroughs and share more code |
4572 | +between resets. |
4573 | + |
4574 | +This patch introduces the reset function by renaming cpu_reset(). |
4575 | + |
4576 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4577 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4578 | +Message-Id: <20191127175046.4911-3-frankja@linux.ibm.com> |
4579 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
4580 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
4581 | + |
4582 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4583 | +Origin: backport, https://github.com/borntraeger/qemu/commit/bae87d827e |
4584 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4585 | +Last-Update: 2020-03-20 |
4586 | + |
4587 | +--- |
4588 | + target/s390x/cpu-qom.h | 6 +++++- |
4589 | + target/s390x/cpu.c | 19 +++++++++++++------ |
4590 | + target/s390x/cpu.h | 2 +- |
4591 | + target/s390x/sigp.c | 2 +- |
4592 | + 4 files changed, 20 insertions(+), 9 deletions(-) |
4593 | + |
4594 | +diff --git a/target/s390x/cpu-qom.h b/target/s390x/cpu-qom.h |
4595 | +index b809ec8418..f3b71bac67 100644 |
4596 | +--- a/target/s390x/cpu-qom.h |
4597 | ++++ b/target/s390x/cpu-qom.h |
4598 | +@@ -34,6 +34,10 @@ |
4599 | + typedef struct S390CPUModel S390CPUModel; |
4600 | + typedef struct S390CPUDef S390CPUDef; |
4601 | + |
4602 | ++typedef enum cpu_reset_type { |
4603 | ++ S390_CPU_RESET_NORMAL, |
4604 | ++} cpu_reset_type; |
4605 | ++ |
4606 | + /** |
4607 | + * S390CPUClass: |
4608 | + * @parent_realize: The parent class' realize handler. |
4609 | +@@ -57,7 +61,7 @@ typedef struct S390CPUClass { |
4610 | + DeviceRealize parent_realize; |
4611 | + void (*parent_reset)(CPUState *cpu); |
4612 | + void (*load_normal)(CPUState *cpu); |
4613 | +- void (*cpu_reset)(CPUState *cpu); |
4614 | ++ void (*reset)(CPUState *cpu, cpu_reset_type type); |
4615 | + void (*initial_cpu_reset)(CPUState *cpu); |
4616 | + } S390CPUClass; |
4617 | + |
4618 | +diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c |
4619 | +index 3abe7e80fd..67d6fbfa44 100644 |
4620 | +--- a/target/s390x/cpu.c |
4621 | ++++ b/target/s390x/cpu.c |
4622 | +@@ -82,18 +82,25 @@ static void s390_cpu_load_normal(CPUState *s) |
4623 | + } |
4624 | + #endif |
4625 | + |
4626 | +-/* S390CPUClass::cpu_reset() */ |
4627 | +-static void s390_cpu_reset(CPUState *s) |
4628 | ++/* S390CPUClass::reset() */ |
4629 | ++static void s390_cpu_reset(CPUState *s, cpu_reset_type type) |
4630 | + { |
4631 | + S390CPU *cpu = S390_CPU(s); |
4632 | + S390CPUClass *scc = S390_CPU_GET_CLASS(cpu); |
4633 | + CPUS390XState *env = &cpu->env; |
4634 | + |
4635 | +- env->pfault_token = -1UL; |
4636 | +- env->bpbc = false; |
4637 | + scc->parent_reset(s); |
4638 | + cpu->env.sigp_order = 0; |
4639 | + s390_cpu_set_state(S390_CPU_STATE_STOPPED, cpu); |
4640 | ++ |
4641 | ++ switch (type) { |
4642 | ++ case S390_CPU_RESET_NORMAL: |
4643 | ++ env->pfault_token = -1UL; |
4644 | ++ env->bpbc = false; |
4645 | ++ break; |
4646 | ++ default: |
4647 | ++ g_assert_not_reached(); |
4648 | ++ } |
4649 | + } |
4650 | + |
4651 | + /* S390CPUClass::initial_reset() */ |
4652 | +@@ -102,7 +109,7 @@ static void s390_cpu_initial_reset(CPUState *s) |
4653 | + S390CPU *cpu = S390_CPU(s); |
4654 | + CPUS390XState *env = &cpu->env; |
4655 | + |
4656 | +- s390_cpu_reset(s); |
4657 | ++ s390_cpu_reset(s, S390_CPU_RESET_NORMAL); |
4658 | + /* initial reset does not clear everything! */ |
4659 | + memset(&env->start_initial_reset_fields, 0, |
4660 | + offsetof(CPUS390XState, end_reset_fields) - |
4661 | +@@ -473,7 +480,7 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data) |
4662 | + #if !defined(CONFIG_USER_ONLY) |
4663 | + scc->load_normal = s390_cpu_load_normal; |
4664 | + #endif |
4665 | +- scc->cpu_reset = s390_cpu_reset; |
4666 | ++ scc->reset = s390_cpu_reset; |
4667 | + scc->initial_cpu_reset = s390_cpu_initial_reset; |
4668 | + cc->reset = s390_cpu_full_reset; |
4669 | + cc->class_by_name = s390_cpu_class_by_name, |
4670 | +diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h |
4671 | +index 17460ed7b3..18123dfd5b 100644 |
4672 | +--- a/target/s390x/cpu.h |
4673 | ++++ b/target/s390x/cpu.h |
4674 | +@@ -741,7 +741,7 @@ static inline void s390_do_cpu_reset(CPUState *cs, run_on_cpu_data arg) |
4675 | + { |
4676 | + S390CPUClass *scc = S390_CPU_GET_CLASS(cs); |
4677 | + |
4678 | +- scc->cpu_reset(cs); |
4679 | ++ scc->reset(cs, S390_CPU_RESET_NORMAL); |
4680 | + } |
4681 | + |
4682 | + static inline void s390_do_cpu_initial_reset(CPUState *cs, run_on_cpu_data arg) |
4683 | +diff --git a/target/s390x/sigp.c b/target/s390x/sigp.c |
4684 | +index 2ce22d4dc1..850139b9cd 100644 |
4685 | +--- a/target/s390x/sigp.c |
4686 | ++++ b/target/s390x/sigp.c |
4687 | +@@ -266,7 +266,7 @@ static void sigp_cpu_reset(CPUState *cs, run_on_cpu_data arg) |
4688 | + SigpInfo *si = arg.host_ptr; |
4689 | + |
4690 | + cpu_synchronize_state(cs); |
4691 | +- scc->cpu_reset(cs); |
4692 | ++ scc->reset(cs, S390_CPU_RESET_NORMAL); |
4693 | + cpu_synchronize_post_reset(cs); |
4694 | + si->cc = SIGP_CC_ORDER_CODE_ACCEPTED; |
4695 | + } |
4696 | +-- |
4697 | +2.25.1 |
4698 | + |
4699 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-ipl-Consolidate-iplb-validity-check-into-one-f.patch b/debian/patches/ubuntu/lp-1835546-s390x-ipl-Consolidate-iplb-validity-check-into-one-f.patch |
4700 | new file mode 100644 |
4701 | index 0000000..59ee3d6 |
4702 | --- /dev/null |
4703 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-ipl-Consolidate-iplb-validity-check-into-one-f.patch |
4704 | @@ -0,0 +1,70 @@ |
4705 | +From 2321dddc5f92eea17caed784c960d3c57088fd41 Mon Sep 17 00:00:00 2001 |
4706 | +From: Janosch Frank <frankja@linux.ibm.com> |
4707 | +Date: Tue, 10 Mar 2020 05:09:50 -0400 |
4708 | +Subject: [PATCH] s390x: ipl: Consolidate iplb validity check into one function |
4709 | + |
4710 | +It's nicer to just call one function than calling a function for each |
4711 | +possible iplb type. |
4712 | + |
4713 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4714 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4715 | +Message-Id: <20200310090950.61172-1-frankja@linux.ibm.com> |
4716 | +Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> |
4717 | +Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> |
4718 | + |
4719 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4720 | +Origin: backport, https://github.com/borntraeger/qemu/commit/2321dddc5f |
4721 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4722 | +Last-Update: 2020-03-20 |
4723 | + |
4724 | +--- |
4725 | + hw/s390x/ipl.h | 18 +++++++++--------- |
4726 | + target/s390x/diag.c | 2 +- |
4727 | + 2 files changed, 10 insertions(+), 10 deletions(-) |
4728 | + |
4729 | +diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h |
4730 | +index d4813105db..3e44abe1c6 100644 |
4731 | +--- a/hw/s390x/ipl.h |
4732 | ++++ b/hw/s390x/ipl.h |
4733 | +@@ -173,16 +173,16 @@ static inline bool iplb_valid_len(IplParameterBlock *iplb) |
4734 | + return be32_to_cpu(iplb->len) <= sizeof(IplParameterBlock); |
4735 | + } |
4736 | + |
4737 | +-static inline bool iplb_valid_ccw(IplParameterBlock *iplb) |
4738 | ++static inline bool iplb_valid(IplParameterBlock *iplb) |
4739 | + { |
4740 | +- return be32_to_cpu(iplb->len) >= S390_IPLB_MIN_CCW_LEN && |
4741 | +- iplb->pbt == S390_IPL_TYPE_CCW; |
4742 | +-} |
4743 | +- |
4744 | +-static inline bool iplb_valid_fcp(IplParameterBlock *iplb) |
4745 | +-{ |
4746 | +- return be32_to_cpu(iplb->len) >= S390_IPLB_MIN_FCP_LEN && |
4747 | +- iplb->pbt == S390_IPL_TYPE_FCP; |
4748 | ++ switch (iplb->pbt) { |
4749 | ++ case S390_IPL_TYPE_FCP: |
4750 | ++ return be32_to_cpu(iplb->len) >= S390_IPLB_MIN_FCP_LEN; |
4751 | ++ case S390_IPL_TYPE_CCW: |
4752 | ++ return be32_to_cpu(iplb->len) >= S390_IPLB_MIN_CCW_LEN; |
4753 | ++ default: |
4754 | ++ return false; |
4755 | ++ } |
4756 | + } |
4757 | + |
4758 | + #endif |
4759 | +diff --git a/target/s390x/diag.c b/target/s390x/diag.c |
4760 | +index 53c2f81f2a..0c81d8e1ef 100644 |
4761 | +--- a/target/s390x/diag.c |
4762 | ++++ b/target/s390x/diag.c |
4763 | +@@ -100,7 +100,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra) |
4764 | + |
4765 | + cpu_physical_memory_read(addr, iplb, be32_to_cpu(iplb->len)); |
4766 | + |
4767 | +- if (!iplb_valid_ccw(iplb) && !iplb_valid_fcp(iplb)) { |
4768 | ++ if (!iplb_valid(iplb)) { |
4769 | + env->regs[r1 + 1] = DIAG_308_RC_INVALID; |
4770 | + goto out; |
4771 | + } |
4772 | +-- |
4773 | +2.25.1 |
4774 | + |
4775 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-kvm-Make-kvm_sclp_service_call-void.patch b/debian/patches/ubuntu/lp-1835546-s390x-kvm-Make-kvm_sclp_service_call-void.patch |
4776 | new file mode 100644 |
4777 | index 0000000..55c2974 |
4778 | --- /dev/null |
4779 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-kvm-Make-kvm_sclp_service_call-void.patch |
4780 | @@ -0,0 +1,72 @@ |
4781 | +From 3915257d71c9e64fd4dcd4406996650a7b29baba Mon Sep 17 00:00:00 2001 |
4782 | +From: Janosch Frank <frankja@linux.ibm.com> |
4783 | +Date: Fri, 29 Nov 2019 04:17:13 -0500 |
4784 | +Subject: [PATCH] s390x: kvm: Make kvm_sclp_service_call void |
4785 | + |
4786 | +It defaults to returning 0 anyway and that return value is not |
4787 | +necessary, as 0 is also the default rc that the caller would return. |
4788 | + |
4789 | +While doing that we can simplify the logic a bit and return early if |
4790 | +we inject a PGM exception. |
4791 | + |
4792 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4793 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
4794 | +Message-Id: <20191129091713.4582-1-frankja@linux.ibm.com> |
4795 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4796 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
4797 | + |
4798 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4799 | +Origin: backport, https://github.com/borntraeger/qemu/commit/3915257d71 |
4800 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4801 | +Last-Update: 2020-03-20 |
4802 | + |
4803 | +--- |
4804 | + target/s390x/kvm.c | 12 +++++------- |
4805 | + 1 file changed, 5 insertions(+), 7 deletions(-) |
4806 | + |
4807 | +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c |
4808 | +index 0c9d14b4b1..ad6e38c876 100644 |
4809 | +--- a/target/s390x/kvm.c |
4810 | ++++ b/target/s390x/kvm.c |
4811 | +@@ -1159,13 +1159,13 @@ void kvm_s390_access_exception(S390CPU *cpu, uint16_t code, uint64_t te_code) |
4812 | + kvm_s390_vcpu_interrupt(cpu, &irq); |
4813 | + } |
4814 | + |
4815 | +-static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run, |
4816 | ++static void kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run, |
4817 | + uint16_t ipbh0) |
4818 | + { |
4819 | + CPUS390XState *env = &cpu->env; |
4820 | + uint64_t sccb; |
4821 | + uint32_t code; |
4822 | +- int r = 0; |
4823 | ++ int r; |
4824 | + |
4825 | + sccb = env->regs[ipbh0 & 0xf]; |
4826 | + code = env->regs[(ipbh0 & 0xf0) >> 4]; |
4827 | +@@ -1173,11 +1173,9 @@ static int kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run, |
4828 | + r = sclp_service_call(env, sccb, code); |
4829 | + if (r < 0) { |
4830 | + kvm_s390_program_interrupt(cpu, -r); |
4831 | +- } else { |
4832 | +- setcc(cpu, r); |
4833 | ++ return; |
4834 | + } |
4835 | +- |
4836 | +- return 0; |
4837 | ++ setcc(cpu, r); |
4838 | + } |
4839 | + |
4840 | + static int handle_b2(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1) |
4841 | +@@ -1240,7 +1238,7 @@ static int handle_b2(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1) |
4842 | + setcc(cpu, 3); |
4843 | + break; |
4844 | + case PRIV_B2_SCLP_CALL: |
4845 | +- rc = kvm_sclp_service_call(cpu, run, ipbh0); |
4846 | ++ kvm_sclp_service_call(cpu, run, ipbh0); |
4847 | + break; |
4848 | + default: |
4849 | + rc = -1; |
4850 | +-- |
4851 | +2.25.1 |
4852 | + |
4853 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-protvirt-Add-migration-blocker.patch b/debian/patches/ubuntu/lp-1835546-s390x-protvirt-Add-migration-blocker.patch |
4854 | new file mode 100644 |
4855 | index 0000000..9909233 |
4856 | --- /dev/null |
4857 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-protvirt-Add-migration-blocker.patch |
4858 | @@ -0,0 +1,70 @@ |
4859 | +From 617d3f7be6434962614dc5ee381f3d67aca85578 Mon Sep 17 00:00:00 2001 |
4860 | +From: Janosch Frank <frankja@linux.ibm.com> |
4861 | +Date: Fri, 6 Mar 2020 06:40:13 -0500 |
4862 | +Subject: [PATCH] s390x: protvirt: Add migration blocker |
4863 | + |
4864 | +Migration is not yet supported. |
4865 | + |
4866 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4867 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4868 | +Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> |
4869 | +Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> |
4870 | +Reviewed-by: Cornelia Huck <cohuck@redhat.com> |
4871 | + |
4872 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4873 | +Origin: backport, https://github.com/borntraeger/qemu/commit/617d3f7be6 |
4874 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4875 | +Last-Update: 2020-03-20 |
4876 | + |
4877 | +--- |
4878 | + hw/s390x/s390-virtio-ccw.c | 18 ++++++++++++++++++ |
4879 | + 1 file changed, 18 insertions(+) |
4880 | + |
4881 | +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c |
4882 | +index 5149030d22..ed910a0996 100644 |
4883 | +--- a/hw/s390x/s390-virtio-ccw.c |
4884 | ++++ b/hw/s390x/s390-virtio-ccw.c |
4885 | +@@ -44,6 +44,9 @@ |
4886 | + #include "sysemu/sysemu.h" |
4887 | + #include "hw/s390x/pv.h" |
4888 | + #include <linux/kvm.h> |
4889 | ++#include "migration/blocker.h" |
4890 | ++ |
4891 | ++static Error *pv_mig_blocker; |
4892 | + |
4893 | + S390CPU *s390_cpu_addr2state(uint16_t cpu_addr) |
4894 | + { |
4895 | +@@ -325,15 +328,30 @@ static void s390_machine_unprotect(S390CcwMachineState *ms) |
4896 | + { |
4897 | + s390_pv_vm_disable(); |
4898 | + ms->pv = false; |
4899 | ++ migrate_del_blocker(pv_mig_blocker); |
4900 | ++ error_free_or_abort(&pv_mig_blocker); |
4901 | + } |
4902 | + |
4903 | + static int s390_machine_protect(S390CcwMachineState *ms) |
4904 | + { |
4905 | ++ Error *local_err = NULL; |
4906 | + int rc; |
4907 | + |
4908 | ++ error_setg(&pv_mig_blocker, |
4909 | ++ "protected VMs are currently not migrateable."); |
4910 | ++ rc = migrate_add_blocker(pv_mig_blocker, &local_err); |
4911 | ++ if (rc) { |
4912 | ++ error_report_err(local_err); |
4913 | ++ error_free_or_abort(&pv_mig_blocker); |
4914 | ++ return rc; |
4915 | ++ } |
4916 | ++ |
4917 | + /* Create SE VM */ |
4918 | + rc = s390_pv_vm_enable(); |
4919 | + if (rc) { |
4920 | ++ error_report_err(local_err); |
4921 | ++ migrate_del_blocker(pv_mig_blocker); |
4922 | ++ error_free_or_abort(&pv_mig_blocker); |
4923 | + return rc; |
4924 | + } |
4925 | + |
4926 | +-- |
4927 | +2.25.1 |
4928 | + |
4929 | diff --git a/debian/patches/ubuntu/lp-1835546-s390x-protvirt-Disable-address-checks-for-PV-guest-I.patch b/debian/patches/ubuntu/lp-1835546-s390x-protvirt-Disable-address-checks-for-PV-guest-I.patch |
4930 | new file mode 100644 |
4931 | index 0000000..99b5c6f |
4932 | --- /dev/null |
4933 | +++ b/debian/patches/ubuntu/lp-1835546-s390x-protvirt-Disable-address-checks-for-PV-guest-I.patch |
4934 | @@ -0,0 +1,126 @@ |
4935 | +From ec052c4f954d5a33d06c94d46058c623f65883bb Mon Sep 17 00:00:00 2001 |
4936 | +From: Janosch Frank <frankja@linux.ibm.com> |
4937 | +Date: Fri, 29 Nov 2019 04:22:41 -0500 |
4938 | +Subject: [PATCH] s390x: protvirt: Disable address checks for PV guest IO |
4939 | + emulation |
4940 | + |
4941 | +IO instruction data is routed through SIDAD for protected guests, so |
4942 | +adresses do not need to be checked, as this is kernel memory which is |
4943 | +always available. |
4944 | + |
4945 | +Also the instruction data always starts at offset 0 of the SIDAD. |
4946 | + |
4947 | +Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
4948 | +Reviewed-by: Thomas Huth <thuth@redhat.com> |
4949 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
4950 | +Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> |
4951 | +Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> |
4952 | +Reviewed-by: Cornelia Huck <cohuck@redhat.com> |
4953 | + |
4954 | +Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06247.html |
4955 | +Origin: backport, https://github.com/borntraeger/qemu/commit/ec052c4f95 |
4956 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1835546 |
4957 | +Last-Update: 2020-03-20 |
4958 | + |
4959 | +--- |
4960 | + target/s390x/ioinst.c | 35 ++++++++++++++++++++++++++++------- |
4961 | + 1 file changed, 28 insertions(+), 7 deletions(-) |
4962 | + |
4963 | +diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c |
4964 | +index c437a1d8c6..bbcccf6be2 100644 |
4965 | +--- a/target/s390x/ioinst.c |
4966 | ++++ b/target/s390x/ioinst.c |
4967 | +@@ -16,6 +16,25 @@ |
4968 | + #include "hw/s390x/ioinst.h" |
4969 | + #include "trace.h" |
4970 | + #include "hw/s390x/s390-pci-bus.h" |
4971 | ++#include "hw/s390x/pv.h" |
4972 | ++ |
4973 | ++/* All I/O instructions but chsc use the s format */ |
4974 | ++static uint64_t get_address_from_regs(CPUS390XState *env, uint32_t ipb, |
4975 | ++ uint8_t *ar) |
4976 | ++{ |
4977 | ++ /* |
4978 | ++ * Addresses for protected guests are all offsets into the |
4979 | ++ * satellite block which holds the IO control structures. Those |
4980 | ++ * control structures are always starting at offset 0 and are |
4981 | ++ * always aligned and accessible. So we can return 0 here which |
4982 | ++ * will pass the following address checks. |
4983 | ++ */ |
4984 | ++ if (s390_is_pv()) { |
4985 | ++ *ar = 0; |
4986 | ++ return 0; |
4987 | ++ } |
4988 | ++ return decode_basedisp_s(env, ipb, ar); |
4989 | ++} |
4990 | + |
4991 | + int ioinst_disassemble_sch_ident(uint32_t value, int *m, int *cssid, int *ssid, |
4992 | + int *schid) |
4993 | +@@ -114,7 +133,7 @@ void ioinst_handle_msch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra) |
4994 | + CPUS390XState *env = &cpu->env; |
4995 | + uint8_t ar; |
4996 | + |
4997 | +- addr = decode_basedisp_s(env, ipb, &ar); |
4998 | ++ addr = get_address_from_regs(env, ipb, &ar); |
4999 | + if (addr & 3) { |
5000 | + s390_program_interrupt(env, PGM_SPECIFICATION, ra); |
Notes:
- qemu recently has import issues, so ignore the LP diff - check out the branch itself and compare things changes since the last version there
- once upstream accepted I'll update the origin links, until then it is already pointing to a git that reflects the changes as backported by IBM
FFE still ongoing in bug 1866866
PPA: https:/ /launchpad. net/~ci- train-ppa- service/ +archive/ ubuntu/ 3985/+packages
Bug: 1835546