* Mon Jun 28 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-7
- kvm-aarch64-rh-devices-add-CONFIG_PXB.patch [bz#1967502] - kvm-virtio-gpu-handle-partial-maps-properly.patch [bz#1974795] - kvm-x86-Add-x86-rhel8.5-machine-types.patch [bz#1957194] - kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch [bz#1957194] - kvm-block-backend-add-drained_poll.patch [bz#1957194] - kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch [bz#1957194] - kvm-disable-CONFIG_USB_STORAGE_BOT.patch [bz#1957194] - kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch [bz#1957194] - kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch [bz#1957194] - kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch [bz#1957194] - kvm-qga-drop-StandardError-syslog.patch [bz#1947977] - kvm-Remove-iscsi-support.patch [bz#1967133] - Resolves: bz#1967502 ([aarch64] [qemu] Compile the PCIe expander bridge) - Resolves: bz#1974795 ([RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes "virtio_gpu_dequeue_ctrl_func" ERROR) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1947977 (remove StandardError=syslog from qemu-guest-agent.service) - Resolves: bz#1967133 (QEMU: disable libiscsi in RHEL-9)
This commit is contained in:
parent
73d2f941db
commit
0253757df8
37
kvm-aarch64-rh-devices-add-CONFIG_PXB.patch
Normal file
37
kvm-aarch64-rh-devices-add-CONFIG_PXB.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From d05ba1e2208cb17b8cf7dac050d95137a67dd988 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Auger <eric.auger@redhat.com>
|
||||
Date: Thu, 24 Jun 2021 10:32:08 +0200
|
||||
Subject: [PATCH 01/12] aarch64-rh-devices: add CONFIG_PXB
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 14: aarch64-rh-devices: add CONFIG_PXB
|
||||
RH-Commit: [1/1] 6a9e6a96ea6ba1bee220a60e5a691a174a0a044b (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 1967502
|
||||
RH-Acked-by: Gavin Shan <gshan@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Andrew Jones <drjones@redhat.com>
|
||||
|
||||
We want to enable the PCIe expander bridge on aarch64. So let's
|
||||
set CONFIG_PXB.
|
||||
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
default-configs/devices/aarch64-rh-devices.mak | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/default-configs/devices/aarch64-rh-devices.mak b/default-configs/devices/aarch64-rh-devices.mak
|
||||
index 4220469178..d8ce902720 100644
|
||||
--- a/default-configs/devices/aarch64-rh-devices.mak
|
||||
+++ b/default-configs/devices/aarch64-rh-devices.mak
|
||||
@@ -27,3 +27,4 @@ CONFIG_TPM_TIS_SYSBUS=y
|
||||
CONFIG_PTIMER=y
|
||||
CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
|
||||
CONFIG_PVPANIC_PCI=y
|
||||
+CONFIG_PXB=y
|
||||
--
|
||||
2.27.0
|
||||
|
74
kvm-block-backend-add-drained_poll.patch
Normal file
74
kvm-block-backend-add-drained_poll.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From e23a2be8c57666e091d9192e113a30ea06cd83ef Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Lopez Pascual <slp@redhat.com>
|
||||
Date: Thu, 17 Jun 2021 09:13:20 -0400
|
||||
Subject: [PATCH 05/12] block-backend: add drained_poll
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [3/8] 4ad1f536b00a762a1b094d76383b74826228892a (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Allow block backends to poll their devices/users to check if they have
|
||||
been quiesced when entering a drained section.
|
||||
|
||||
This will be used in the next patch to wait for the NBD server to be
|
||||
completely quiesced.
|
||||
|
||||
Suggested-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Signed-off-by: Sergio Lopez <slp@redhat.com>
|
||||
Message-Id: <20210602060552.17433-2-slp@redhat.com>
|
||||
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit 095cc4d0f62513d75e9bc1da37f08d9e97f267c4)
|
||||
Signed-off-by: Sergio Lopez <slp@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
block/block-backend.c | 7 ++++++-
|
||||
include/sysemu/block-backend.h | 4 ++++
|
||||
2 files changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/block/block-backend.c b/block/block-backend.c
|
||||
index 413af51f3b..05d8e5fb5d 100644
|
||||
--- a/block/block-backend.c
|
||||
+++ b/block/block-backend.c
|
||||
@@ -2378,8 +2378,13 @@ static void blk_root_drained_begin(BdrvChild *child)
|
||||
static bool blk_root_drained_poll(BdrvChild *child)
|
||||
{
|
||||
BlockBackend *blk = child->opaque;
|
||||
+ bool busy = false;
|
||||
assert(blk->quiesce_counter);
|
||||
- return !!blk->in_flight;
|
||||
+
|
||||
+ if (blk->dev_ops && blk->dev_ops->drained_poll) {
|
||||
+ busy = blk->dev_ops->drained_poll(blk->dev_opaque);
|
||||
+ }
|
||||
+ return busy || !!blk->in_flight;
|
||||
}
|
||||
|
||||
static void blk_root_drained_end(BdrvChild *child, int *drained_end_counter)
|
||||
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
|
||||
index 880e903293..5423e3d9c6 100644
|
||||
--- a/include/sysemu/block-backend.h
|
||||
+++ b/include/sysemu/block-backend.h
|
||||
@@ -66,6 +66,10 @@ typedef struct BlockDevOps {
|
||||
* Runs when the backend's last drain request ends.
|
||||
*/
|
||||
void (*drained_end)(void *opaque);
|
||||
+ /*
|
||||
+ * Is the device still busy?
|
||||
+ */
|
||||
+ bool (*drained_poll)(void *opaque);
|
||||
} BlockDevOps;
|
||||
|
||||
/* This struct is embedded in (the private) BlockBackend struct and contains
|
||||
--
|
||||
2.27.0
|
||||
|
49
kvm-disable-CONFIG_USB_STORAGE_BOT.patch
Normal file
49
kvm-disable-CONFIG_USB_STORAGE_BOT.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From 64ec0505fccf6f277430f3be1829a9e44cd00dbb Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri, 18 Jun 2021 12:04:24 -0400
|
||||
Subject: [PATCH 07/12] disable CONFIG_USB_STORAGE_BOT
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [5/8] 73d3ee0a17590c8cddf6bd812e6a758951c36ea4 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
default-configs/devices/ppc64-rh-devices.mak | 1 -
|
||||
default-configs/devices/x86_64-rh-devices.mak | 1 -
|
||||
2 files changed, 2 deletions(-)
|
||||
|
||||
diff --git a/default-configs/devices/ppc64-rh-devices.mak b/default-configs/devices/ppc64-rh-devices.mak
|
||||
index 5b01b7fac0..3ec5603ace 100644
|
||||
--- a/default-configs/devices/ppc64-rh-devices.mak
|
||||
+++ b/default-configs/devices/ppc64-rh-devices.mak
|
||||
@@ -15,7 +15,6 @@ CONFIG_USB=y
|
||||
CONFIG_USB_OHCI=y
|
||||
CONFIG_USB_OHCI_PCI=y
|
||||
CONFIG_USB_SMARTCARD=y
|
||||
-CONFIG_USB_STORAGE_BOT=y
|
||||
CONFIG_USB_STORAGE_CORE=y
|
||||
CONFIG_USB_STORAGE_CLASSIC=y
|
||||
CONFIG_USB_XHCI=y
|
||||
diff --git a/default-configs/devices/x86_64-rh-devices.mak b/default-configs/devices/x86_64-rh-devices.mak
|
||||
index d09c138fc6..81bda09f4c 100644
|
||||
--- a/default-configs/devices/x86_64-rh-devices.mak
|
||||
+++ b/default-configs/devices/x86_64-rh-devices.mak
|
||||
@@ -74,7 +74,6 @@ CONFIG_USB=y
|
||||
CONFIG_USB_EHCI=y
|
||||
CONFIG_USB_EHCI_PCI=y
|
||||
CONFIG_USB_SMARTCARD=y
|
||||
-CONFIG_USB_STORAGE_BOT=y
|
||||
CONFIG_USB_STORAGE_CORE=y
|
||||
CONFIG_USB_STORAGE_CLASSIC=y
|
||||
CONFIG_USB_UHCI=y
|
||||
--
|
||||
2.27.0
|
||||
|
151
kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch
Normal file
151
kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch
Normal file
@ -0,0 +1,151 @@
|
||||
From 17c1559139d6a58794944901f84dd4e8cd1f5335 Mon Sep 17 00:00:00 2001
|
||||
From: Connor Kuehl <ckuehl@redhat.com>
|
||||
Date: Tue, 22 Jun 2021 20:00:20 -0400
|
||||
Subject: [PATCH 08/12] doc: Fix some mistakes in the SEV documentation
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [6/8] ce828f81de1320a1833241700cb13dfdcf7d82e7 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
From: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
|
||||
Fix some spelling and grammar mistakes in the amd-memory-encryption.txt
|
||||
file. No new information added.
|
||||
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Message-Id: <a7c5ee6c056d840f46028f4a817c16a9862bdd9e.1619208498.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit f538adeccf4554e6402fe661a0a51bcc8d6bd227)
|
||||
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
docs/amd-memory-encryption.txt | 59 +++++++++++++++++-----------------
|
||||
1 file changed, 29 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
|
||||
index 145896aec7..ed85159ea7 100644
|
||||
--- a/docs/amd-memory-encryption.txt
|
||||
+++ b/docs/amd-memory-encryption.txt
|
||||
@@ -1,38 +1,38 @@
|
||||
Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
|
||||
|
||||
SEV is an extension to the AMD-V architecture which supports running encrypted
|
||||
-virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages
|
||||
+virtual machines (VMs) under the control of KVM. Encrypted VMs have their pages
|
||||
(code and data) secured such that only the guest itself has access to the
|
||||
unencrypted version. Each encrypted VM is associated with a unique encryption
|
||||
-key; if its data is accessed to a different entity using a different key the
|
||||
+key; if its data is accessed by a different entity using a different key the
|
||||
encrypted guests data will be incorrectly decrypted, leading to unintelligible
|
||||
data.
|
||||
|
||||
-The key management of this feature is handled by separate processor known as
|
||||
-AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running
|
||||
-inside the AMD-SP provide commands to support common VM lifecycle. This
|
||||
+Key management for this feature is handled by a separate processor known as the
|
||||
+AMD secure processor (AMD-SP), which is present in AMD SOCs. Firmware running
|
||||
+inside the AMD-SP provides commands to support a common VM lifecycle. This
|
||||
includes commands for launching, snapshotting, migrating and debugging the
|
||||
-encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP
|
||||
+encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
|
||||
ioctls.
|
||||
|
||||
Launching
|
||||
---------
|
||||
-Boot images (such as bios) must be encrypted before guest can be booted.
|
||||
-MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START,
|
||||
+Boot images (such as bios) must be encrypted before a guest can be booted. The
|
||||
+MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images: LAUNCH_START,
|
||||
LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands
|
||||
together generate a fresh memory encryption key for the VM, encrypt the boot
|
||||
-images and provide a measurement than can be used as an attestation of the
|
||||
+images and provide a measurement than can be used as an attestation of a
|
||||
successful launch.
|
||||
|
||||
LAUNCH_START is called first to create a cryptographic launch context within
|
||||
-the firmware. To create this context, guest owner must provides guest policy,
|
||||
+the firmware. To create this context, guest owner must provide a guest policy,
|
||||
its public Diffie-Hellman key (PDH) and session parameters. These inputs
|
||||
-should be treated as binary blob and must be passed as-is to the SEV firmware.
|
||||
+should be treated as a binary blob and must be passed as-is to the SEV firmware.
|
||||
|
||||
-The guest policy is passed as plaintext and hypervisor may able to read it
|
||||
+The guest policy is passed as plaintext. A hypervisor may choose to read it,
|
||||
but should not modify it (any modification of the policy bits will result
|
||||
in bad measurement). The guest policy is a 4-byte data structure containing
|
||||
-several flags that restricts what can be done on running SEV guest.
|
||||
+several flags that restricts what can be done on a running SEV guest.
|
||||
See KM Spec section 3 and 6.2 for more details.
|
||||
|
||||
The guest policy can be provided via the 'policy' property (see below)
|
||||
@@ -40,31 +40,30 @@ The guest policy can be provided via the 'policy' property (see below)
|
||||
# ${QEMU} \
|
||||
sev-guest,id=sev0,policy=0x1...\
|
||||
|
||||
-Guest owners provided DH certificate and session parameters will be used to
|
||||
+The guest owner provided DH certificate and session parameters will be used to
|
||||
establish a cryptographic session with the guest owner to negotiate keys used
|
||||
for the attestation.
|
||||
|
||||
-The DH certificate and session blob can be provided via 'dh-cert-file' and
|
||||
-'session-file' property (see below
|
||||
+The DH certificate and session blob can be provided via the 'dh-cert-file' and
|
||||
+'session-file' properties (see below)
|
||||
|
||||
# ${QEMU} \
|
||||
sev-guest,id=sev0,dh-cert-file=<file1>,session-file=<file2>
|
||||
|
||||
LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context
|
||||
-created via LAUNCH_START command. If required, this command can be called
|
||||
+created via the LAUNCH_START command. If required, this command can be called
|
||||
multiple times to encrypt different memory regions. The command also calculates
|
||||
the measurement of the memory contents as it encrypts.
|
||||
|
||||
-LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted
|
||||
-memory. This measurement is a signature of the memory contents that can be
|
||||
-sent to the guest owner as an attestation that the memory was encrypted
|
||||
-correctly by the firmware. The guest owner may wait to provide the guest
|
||||
-confidential information until it can verify the attestation measurement.
|
||||
-Since the guest owner knows the initial contents of the guest at boot, the
|
||||
-attestation measurement can be verified by comparing it to what the guest owner
|
||||
-expects.
|
||||
+LAUNCH_MEASURE can be used to retrieve the measurement of encrypted memory.
|
||||
+This measurement is a signature of the memory contents that can be sent to the
|
||||
+guest owner as an attestation that the memory was encrypted correctly by the
|
||||
+firmware. The guest owner may wait to provide the guest confidential information
|
||||
+until it can verify the attestation measurement. Since the guest owner knows the
|
||||
+initial contents of the guest at boot, the attestation measurement can be
|
||||
+verified by comparing it to what the guest owner expects.
|
||||
|
||||
-LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic
|
||||
+LAUNCH_FINISH finalizes the guest launch and destroys the cryptographic
|
||||
context.
|
||||
|
||||
See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the
|
||||
@@ -78,10 +77,10 @@ To launch a SEV guest
|
||||
|
||||
Debugging
|
||||
-----------
|
||||
-Since memory contents of SEV guest is encrypted hence hypervisor access to the
|
||||
-guest memory will get a cipher text. If guest policy allows debugging, then
|
||||
-hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest
|
||||
-memory region for debug purposes. This is not supported in QEMU yet.
|
||||
+Since the memory contents of a SEV guest are encrypted, hypervisor access to
|
||||
+the guest memory will return cipher text. If the guest policy allows debugging,
|
||||
+then a hypervisor can use the DEBUG_DECRYPT and DEBUG_ENCRYPT commands to access
|
||||
+the guest memory region for debug purposes. This is not supported in QEMU yet.
|
||||
|
||||
Snapshot/Restore
|
||||
-----------------
|
||||
--
|
||||
2.27.0
|
||||
|
141
kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch
Normal file
141
kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch
Normal file
@ -0,0 +1,141 @@
|
||||
From 1bd5660666d2a1f704ebabeed8a2bbfa02410f41 Mon Sep 17 00:00:00 2001
|
||||
From: Connor Kuehl <ckuehl@redhat.com>
|
||||
Date: Tue, 22 Jun 2021 20:00:21 -0400
|
||||
Subject: [PATCH 09/12] docs: Add SEV-ES documentation to
|
||||
amd-memory-encryption.txt
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [7/8] 36e49577484813866132b90c64cf99779326db74 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
From: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
|
||||
Update the amd-memory-encryption.txt file with information about SEV-ES,
|
||||
including how to launch an SEV-ES guest and some of the differences
|
||||
between SEV and SEV-ES guests in regards to launching and measuring the
|
||||
guest.
|
||||
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Message-Id: <fa1825a5eb0290eac4712cde75ba4c6829946eac.1619208498.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit 61b7d7098cd53dd386939610d534f8bd79240881)
|
||||
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
docs/amd-memory-encryption.txt | 54 +++++++++++++++++++++++++++++-----
|
||||
1 file changed, 47 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
|
||||
index ed85159ea7..ffca382b5f 100644
|
||||
--- a/docs/amd-memory-encryption.txt
|
||||
+++ b/docs/amd-memory-encryption.txt
|
||||
@@ -15,6 +15,13 @@ includes commands for launching, snapshotting, migrating and debugging the
|
||||
encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
|
||||
ioctls.
|
||||
|
||||
+Secure Encrypted Virtualization - Encrypted State (SEV-ES) builds on the SEV
|
||||
+support to additionally protect the guest register state. In order to allow a
|
||||
+hypervisor to perform functions on behalf of a guest, there is architectural
|
||||
+support for notifying a guest's operating system when certain types of VMEXITs
|
||||
+are about to occur. This allows the guest to selectively share information with
|
||||
+the hypervisor to satisfy the requested function.
|
||||
+
|
||||
Launching
|
||||
---------
|
||||
Boot images (such as bios) must be encrypted before a guest can be booted. The
|
||||
@@ -24,6 +31,9 @@ together generate a fresh memory encryption key for the VM, encrypt the boot
|
||||
images and provide a measurement than can be used as an attestation of a
|
||||
successful launch.
|
||||
|
||||
+For a SEV-ES guest, the LAUNCH_UPDATE_VMSA command is also used to encrypt the
|
||||
+guest register state, or VM save area (VMSA), for all of the guest vCPUs.
|
||||
+
|
||||
LAUNCH_START is called first to create a cryptographic launch context within
|
||||
the firmware. To create this context, guest owner must provide a guest policy,
|
||||
its public Diffie-Hellman key (PDH) and session parameters. These inputs
|
||||
@@ -40,6 +50,12 @@ The guest policy can be provided via the 'policy' property (see below)
|
||||
# ${QEMU} \
|
||||
sev-guest,id=sev0,policy=0x1...\
|
||||
|
||||
+Setting the "SEV-ES required" policy bit (bit 2) will launch the guest as a
|
||||
+SEV-ES guest (see below)
|
||||
+
|
||||
+# ${QEMU} \
|
||||
+ sev-guest,id=sev0,policy=0x5...\
|
||||
+
|
||||
The guest owner provided DH certificate and session parameters will be used to
|
||||
establish a cryptographic session with the guest owner to negotiate keys used
|
||||
for the attestation.
|
||||
@@ -55,13 +71,19 @@ created via the LAUNCH_START command. If required, this command can be called
|
||||
multiple times to encrypt different memory regions. The command also calculates
|
||||
the measurement of the memory contents as it encrypts.
|
||||
|
||||
-LAUNCH_MEASURE can be used to retrieve the measurement of encrypted memory.
|
||||
-This measurement is a signature of the memory contents that can be sent to the
|
||||
-guest owner as an attestation that the memory was encrypted correctly by the
|
||||
-firmware. The guest owner may wait to provide the guest confidential information
|
||||
-until it can verify the attestation measurement. Since the guest owner knows the
|
||||
-initial contents of the guest at boot, the attestation measurement can be
|
||||
-verified by comparing it to what the guest owner expects.
|
||||
+LAUNCH_UPDATE_VMSA encrypts all the vCPU VMSAs for a SEV-ES guest using the
|
||||
+cryptographic context created via the LAUNCH_START command. The command also
|
||||
+calculates the measurement of the VMSAs as it encrypts them.
|
||||
+
|
||||
+LAUNCH_MEASURE can be used to retrieve the measurement of encrypted memory and,
|
||||
+for a SEV-ES guest, encrypted VMSAs. This measurement is a signature of the
|
||||
+memory contents and, for a SEV-ES guest, the VMSA contents, that can be sent
|
||||
+to the guest owner as an attestation that the memory and VMSAs were encrypted
|
||||
+correctly by the firmware. The guest owner may wait to provide the guest
|
||||
+confidential information until it can verify the attestation measurement.
|
||||
+Since the guest owner knows the initial contents of the guest at boot, the
|
||||
+attestation measurement can be verified by comparing it to what the guest owner
|
||||
+expects.
|
||||
|
||||
LAUNCH_FINISH finalizes the guest launch and destroys the cryptographic
|
||||
context.
|
||||
@@ -75,6 +97,22 @@ To launch a SEV guest
|
||||
-machine ...,confidential-guest-support=sev0 \
|
||||
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1
|
||||
|
||||
+To launch a SEV-ES guest
|
||||
+
|
||||
+# ${QEMU} \
|
||||
+ -machine ...,confidential-guest-support=sev0 \
|
||||
+ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x5
|
||||
+
|
||||
+An SEV-ES guest has some restrictions as compared to a SEV guest. Because the
|
||||
+guest register state is encrypted and cannot be updated by the VMM/hypervisor,
|
||||
+a SEV-ES guest:
|
||||
+ - Does not support SMM - SMM support requires updating the guest register
|
||||
+ state.
|
||||
+ - Does not support reboot - a system reset requires updating the guest register
|
||||
+ state.
|
||||
+ - Requires in-kernel irqchip - the burden is placed on the hypervisor to
|
||||
+ manage booting APs.
|
||||
+
|
||||
Debugging
|
||||
-----------
|
||||
Since the memory contents of a SEV guest are encrypted, hypervisor access to
|
||||
@@ -101,8 +139,10 @@ Secure Encrypted Virtualization Key Management:
|
||||
|
||||
KVM Forum slides:
|
||||
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
|
||||
+https://www.linux-kvm.org/images/9/94/Extending-Secure-Encrypted-Virtualization-with-SEV-ES-Thomas-Lendacky-AMD.pdf
|
||||
|
||||
AMD64 Architecture Programmer's Manual:
|
||||
http://support.amd.com/TechDocs/24593.pdf
|
||||
SME is section 7.10
|
||||
SEV is section 15.34
|
||||
+ SEV-ES is section 15.35
|
||||
--
|
||||
2.27.0
|
||||
|
110
kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch
Normal file
110
kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch
Normal file
@ -0,0 +1,110 @@
|
||||
From e408203bab17e32f8d42ae9ad61e94a73bfaec67 Mon Sep 17 00:00:00 2001
|
||||
From: Connor Kuehl <ckuehl@redhat.com>
|
||||
Date: Tue, 22 Jun 2021 20:00:22 -0400
|
||||
Subject: [PATCH 10/12] docs/interop/firmware.json: Add SEV-ES support
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [8/8] b49ebbaf40b56d95c67475a0373d6906a3e4f0e3 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
From: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
|
||||
Create an enum definition, '@amd-sev-es', for SEV-ES and add documention
|
||||
for the new enum. Add an example that shows some of the requirements for
|
||||
SEV-ES, including not having SMM support and the requirement for an
|
||||
X64-only build.
|
||||
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Message-Id: <b941a7ee105dfeb67607cf2d24dafcb82658b212.1619208498.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit d44df1d73ce04d7f4b8f94cba5f715e2dadc998b)
|
||||
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
docs/interop/firmware.json | 47 +++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 46 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json
|
||||
index 9d94ccafa9..8d8b0be030 100644
|
||||
--- a/docs/interop/firmware.json
|
||||
+++ b/docs/interop/firmware.json
|
||||
@@ -115,6 +115,12 @@
|
||||
# this feature are documented in
|
||||
# "docs/amd-memory-encryption.txt".
|
||||
#
|
||||
+# @amd-sev-es: The firmware supports running under AMD Secure Encrypted
|
||||
+# Virtualization - Encrypted State, as specified in the AMD64
|
||||
+# Architecture Programmer's Manual. QEMU command line options
|
||||
+# related to this feature are documented in
|
||||
+# "docs/amd-memory-encryption.txt".
|
||||
+#
|
||||
# @enrolled-keys: The variable store (NVRAM) template associated with
|
||||
# the firmware binary has the UEFI Secure Boot
|
||||
# operational mode turned on, with certificates
|
||||
@@ -179,7 +185,7 @@
|
||||
# Since: 3.0
|
||||
##
|
||||
{ 'enum' : 'FirmwareFeature',
|
||||
- 'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'enrolled-keys',
|
||||
+ 'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'amd-sev-es', 'enrolled-keys',
|
||||
'requires-smm', 'secure-boot', 'verbose-dynamic',
|
||||
'verbose-static' ] }
|
||||
|
||||
@@ -504,6 +510,45 @@
|
||||
# }
|
||||
#
|
||||
# {
|
||||
+# "description": "OVMF with SEV-ES support",
|
||||
+# "interface-types": [
|
||||
+# "uefi"
|
||||
+# ],
|
||||
+# "mapping": {
|
||||
+# "device": "flash",
|
||||
+# "executable": {
|
||||
+# "filename": "/usr/share/OVMF/OVMF_CODE.fd",
|
||||
+# "format": "raw"
|
||||
+# },
|
||||
+# "nvram-template": {
|
||||
+# "filename": "/usr/share/OVMF/OVMF_VARS.fd",
|
||||
+# "format": "raw"
|
||||
+# }
|
||||
+# },
|
||||
+# "targets": [
|
||||
+# {
|
||||
+# "architecture": "x86_64",
|
||||
+# "machines": [
|
||||
+# "pc-q35-*"
|
||||
+# ]
|
||||
+# }
|
||||
+# ],
|
||||
+# "features": [
|
||||
+# "acpi-s3",
|
||||
+# "amd-sev",
|
||||
+# "amd-sev-es",
|
||||
+# "verbose-dynamic"
|
||||
+# ],
|
||||
+# "tags": [
|
||||
+# "-a X64",
|
||||
+# "-p OvmfPkg/OvmfPkgX64.dsc",
|
||||
+# "-t GCC48",
|
||||
+# "-b DEBUG",
|
||||
+# "-D FD_SIZE_4MB"
|
||||
+# ]
|
||||
+# }
|
||||
+#
|
||||
+# {
|
||||
# "description": "UEFI firmware for ARM64 virtual machines",
|
||||
# "interface-types": [
|
||||
# "uefi"
|
||||
--
|
||||
2.27.0
|
||||
|
191
kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch
Normal file
191
kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch
Normal file
@ -0,0 +1,191 @@
|
||||
From 9182af6a819e60a079349fd6d8b28a28adea90b1 Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Lopez Pascual <slp@redhat.com>
|
||||
Date: Thu, 17 Jun 2021 09:13:21 -0400
|
||||
Subject: [PATCH 06/12] nbd/server: Use drained block ops to quiesce the server
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [4/8] ca32c99563254a8a31104948e41fa691453d0399 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Before switching between AioContexts we need to make sure that we're
|
||||
fully quiesced ("nb_requests == 0" for every client) when entering the
|
||||
drained section.
|
||||
|
||||
To do this, we set "quiescing = true" for every client on
|
||||
".drained_begin" to prevent new coroutines from being created, and
|
||||
check if "nb_requests == 0" on ".drained_poll". Finally, once we're
|
||||
exiting the drained section, on ".drained_end" we set "quiescing =
|
||||
false" and call "nbd_client_receive_next_request()" to resume the
|
||||
processing of new requests.
|
||||
|
||||
With these changes, "blk_aio_attach()" and "blk_aio_detach()" can be
|
||||
reverted to be as simple as they were before f148ae7d36.
|
||||
|
||||
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1960137
|
||||
Suggested-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Sergio Lopez <slp@redhat.com>
|
||||
Message-Id: <20210602060552.17433-3-slp@redhat.com>
|
||||
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit fd6afc501a019682d1b8468b562355a2887087bd)
|
||||
Signed-off-by: Sergio Lopez <slp@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
nbd/server.c | 82 ++++++++++++++++++++++++++++++++++++++--------------
|
||||
1 file changed, 61 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/nbd/server.c b/nbd/server.c
|
||||
index 86a44a9b41..b60ebc3ab6 100644
|
||||
--- a/nbd/server.c
|
||||
+++ b/nbd/server.c
|
||||
@@ -1513,6 +1513,11 @@ static void nbd_request_put(NBDRequestData *req)
|
||||
g_free(req);
|
||||
|
||||
client->nb_requests--;
|
||||
+
|
||||
+ if (client->quiescing && client->nb_requests == 0) {
|
||||
+ aio_wait_kick();
|
||||
+ }
|
||||
+
|
||||
nbd_client_receive_next_request(client);
|
||||
|
||||
nbd_client_put(client);
|
||||
@@ -1530,49 +1535,68 @@ static void blk_aio_attached(AioContext *ctx, void *opaque)
|
||||
QTAILQ_FOREACH(client, &exp->clients, next) {
|
||||
qio_channel_attach_aio_context(client->ioc, ctx);
|
||||
|
||||
+ assert(client->nb_requests == 0);
|
||||
assert(client->recv_coroutine == NULL);
|
||||
assert(client->send_coroutine == NULL);
|
||||
-
|
||||
- if (client->quiescing) {
|
||||
- client->quiescing = false;
|
||||
- nbd_client_receive_next_request(client);
|
||||
- }
|
||||
}
|
||||
}
|
||||
|
||||
-static void nbd_aio_detach_bh(void *opaque)
|
||||
+static void blk_aio_detach(void *opaque)
|
||||
{
|
||||
NBDExport *exp = opaque;
|
||||
NBDClient *client;
|
||||
|
||||
+ trace_nbd_blk_aio_detach(exp->name, exp->common.ctx);
|
||||
+
|
||||
QTAILQ_FOREACH(client, &exp->clients, next) {
|
||||
qio_channel_detach_aio_context(client->ioc);
|
||||
+ }
|
||||
+
|
||||
+ exp->common.ctx = NULL;
|
||||
+}
|
||||
+
|
||||
+static void nbd_drained_begin(void *opaque)
|
||||
+{
|
||||
+ NBDExport *exp = opaque;
|
||||
+ NBDClient *client;
|
||||
+
|
||||
+ QTAILQ_FOREACH(client, &exp->clients, next) {
|
||||
client->quiescing = true;
|
||||
+ }
|
||||
+}
|
||||
|
||||
- if (client->recv_coroutine) {
|
||||
- if (client->read_yielding) {
|
||||
- qemu_aio_coroutine_enter(exp->common.ctx,
|
||||
- client->recv_coroutine);
|
||||
- } else {
|
||||
- AIO_WAIT_WHILE(exp->common.ctx, client->recv_coroutine != NULL);
|
||||
- }
|
||||
- }
|
||||
+static void nbd_drained_end(void *opaque)
|
||||
+{
|
||||
+ NBDExport *exp = opaque;
|
||||
+ NBDClient *client;
|
||||
|
||||
- if (client->send_coroutine) {
|
||||
- AIO_WAIT_WHILE(exp->common.ctx, client->send_coroutine != NULL);
|
||||
- }
|
||||
+ QTAILQ_FOREACH(client, &exp->clients, next) {
|
||||
+ client->quiescing = false;
|
||||
+ nbd_client_receive_next_request(client);
|
||||
}
|
||||
}
|
||||
|
||||
-static void blk_aio_detach(void *opaque)
|
||||
+static bool nbd_drained_poll(void *opaque)
|
||||
{
|
||||
NBDExport *exp = opaque;
|
||||
+ NBDClient *client;
|
||||
|
||||
- trace_nbd_blk_aio_detach(exp->name, exp->common.ctx);
|
||||
+ QTAILQ_FOREACH(client, &exp->clients, next) {
|
||||
+ if (client->nb_requests != 0) {
|
||||
+ /*
|
||||
+ * If there's a coroutine waiting for a request on nbd_read_eof()
|
||||
+ * enter it here so we don't depend on the client to wake it up.
|
||||
+ */
|
||||
+ if (client->recv_coroutine != NULL && client->read_yielding) {
|
||||
+ qemu_aio_coroutine_enter(exp->common.ctx,
|
||||
+ client->recv_coroutine);
|
||||
+ }
|
||||
|
||||
- aio_wait_bh_oneshot(exp->common.ctx, nbd_aio_detach_bh, exp);
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
- exp->common.ctx = NULL;
|
||||
+ return false;
|
||||
}
|
||||
|
||||
static void nbd_eject_notifier(Notifier *n, void *data)
|
||||
@@ -1594,6 +1618,12 @@ void nbd_export_set_on_eject_blk(BlockExport *exp, BlockBackend *blk)
|
||||
blk_add_remove_bs_notifier(blk, &nbd_exp->eject_notifier);
|
||||
}
|
||||
|
||||
+static const BlockDevOps nbd_block_ops = {
|
||||
+ .drained_begin = nbd_drained_begin,
|
||||
+ .drained_end = nbd_drained_end,
|
||||
+ .drained_poll = nbd_drained_poll,
|
||||
+};
|
||||
+
|
||||
static int nbd_export_create(BlockExport *blk_exp, BlockExportOptions *exp_args,
|
||||
Error **errp)
|
||||
{
|
||||
@@ -1715,8 +1745,17 @@ static int nbd_export_create(BlockExport *blk_exp, BlockExportOptions *exp_args,
|
||||
|
||||
exp->allocation_depth = arg->allocation_depth;
|
||||
|
||||
+ /*
|
||||
+ * We need to inhibit request queuing in the block layer to ensure we can
|
||||
+ * be properly quiesced when entering a drained section, as our coroutines
|
||||
+ * servicing pending requests might enter blk_pread().
|
||||
+ */
|
||||
+ blk_set_disable_request_queuing(blk, true);
|
||||
+
|
||||
blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp);
|
||||
|
||||
+ blk_set_dev_ops(blk, &nbd_block_ops, exp);
|
||||
+
|
||||
QTAILQ_INSERT_TAIL(&exports, exp, next);
|
||||
|
||||
return 0;
|
||||
@@ -1788,6 +1827,7 @@ static void nbd_export_delete(BlockExport *blk_exp)
|
||||
}
|
||||
blk_remove_aio_context_notifier(exp->common.blk, blk_aio_attached,
|
||||
blk_aio_detach, exp);
|
||||
+ blk_set_disable_request_queuing(exp->common.blk, false);
|
||||
}
|
||||
|
||||
for (i = 0; i < exp->nr_export_bitmaps; i++) {
|
||||
--
|
||||
2.27.0
|
||||
|
49
kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch
Normal file
49
kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From a9546384e1fe8b4dad9ab00c52f45dac3a8fbc00 Mon Sep 17 00:00:00 2001
|
||||
From: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 10:29:07 -0400
|
||||
Subject: [PATCH 04/12] redhat: x86: Enable 'kvm-asyncpf-int' by default
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [2/8] 2ea940445291df74dfed2d2f9f2b1f88a3eca31b (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
'kvm-asyncpf-int' feature is supported by KVM starting with RHEL-8.4
|
||||
kernel, enable the feature by default starting with RHEL-8.5 machine
|
||||
type.
|
||||
|
||||
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
hw/i386/pc.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
|
||||
index 0a374dec39..cdbfa84d2e 100644
|
||||
--- a/hw/i386/pc.c
|
||||
+++ b/hw/i386/pc.c
|
||||
@@ -366,12 +366,15 @@ GlobalProperty pc_rhel_compat[] = {
|
||||
{ TYPE_X86_CPU, "vmx-exit-load-perf-global-ctrl", "off" },
|
||||
/* bz 1508330 */
|
||||
{ "vfio-pci", "x-no-geforce-quirks", "on" },
|
||||
+ /* bz 1941397 */
|
||||
+ { TYPE_X86_CPU, "kvm-asyncpf-int", "on" },
|
||||
};
|
||||
const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
|
||||
|
||||
GlobalProperty pc_rhel_8_4_compat[] = {
|
||||
/* pc_rhel_8_4_compat from pc_compat_5_2 */
|
||||
{ "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
|
||||
+ { TYPE_X86_CPU, "kvm-asyncpf-int", "off" },
|
||||
};
|
||||
const size_t pc_rhel_8_4_compat_len = G_N_ELEMENTS(pc_rhel_8_4_compat);
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
201
kvm-virtio-gpu-handle-partial-maps-properly.patch
Normal file
201
kvm-virtio-gpu-handle-partial-maps-properly.patch
Normal file
@ -0,0 +1,201 @@
|
||||
From cdc537ada9528e09f8c70219f5a9a1ce8a4efa7e Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Thu, 6 May 2021 11:10:01 +0200
|
||||
Subject: [PATCH 02/12] virtio-gpu: handle partial maps properly
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 15: virtio-gpu: handle partial maps properly
|
||||
RH-Commit: [1/1] f2b0fd9758251d1f3a5ff9563911c8bdb4b191f0 (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 1974795
|
||||
RH-Acked-by: Gavin Shan <gshan@redhat.com>
|
||||
RH-Acked-by: Andrew Jones <drjones@redhat.com>
|
||||
RH-Acked-by: Peter Xu <Peter Xu <peterx@redhat.com>
|
||||
|
||||
dma_memory_map() may map only a part of the request. Happens if the
|
||||
request can't be mapped in one go, for example due to a iommu creating
|
||||
a linear dma mapping for scattered physical pages. Should that be the
|
||||
case virtio-gpu must call dma_memory_map() again with the remaining
|
||||
range instead of simply throwing an error.
|
||||
|
||||
Note that this change implies the number of iov entries may differ from
|
||||
the number of mapping entries sent by the guest. Therefore the iov_len
|
||||
bookkeeping needs some updates too, we have to explicitly pass around
|
||||
the iov length now.
|
||||
|
||||
Reported-by: Auger Eric <eric.auger@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-id: 20210506091001.1301250-1-kraxel@redhat.com
|
||||
Reviewed-by: Eric Auger <eric.auger@redhat.com>
|
||||
Tested-by: Eric Auger <eric.auger@redhat.com>
|
||||
Message-Id: <20210506091001.1301250-1-kraxel@redhat.com>
|
||||
(cherry picked from commit 9049f8bc445d50c0b5fe5500c0ec51fcc821c2ef)
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
hw/display/virtio-gpu-3d.c | 7 ++--
|
||||
hw/display/virtio-gpu.c | 76 ++++++++++++++++++++--------------
|
||||
include/hw/virtio/virtio-gpu.h | 3 +-
|
||||
3 files changed, 52 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
|
||||
index d98964858e..72c14d9132 100644
|
||||
--- a/hw/display/virtio-gpu-3d.c
|
||||
+++ b/hw/display/virtio-gpu-3d.c
|
||||
@@ -283,22 +283,23 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
|
||||
{
|
||||
struct virtio_gpu_resource_attach_backing att_rb;
|
||||
struct iovec *res_iovs;
|
||||
+ uint32_t res_niov;
|
||||
int ret;
|
||||
|
||||
VIRTIO_GPU_FILL_CMD(att_rb);
|
||||
trace_virtio_gpu_cmd_res_back_attach(att_rb.resource_id);
|
||||
|
||||
- ret = virtio_gpu_create_mapping_iov(g, &att_rb, cmd, NULL, &res_iovs);
|
||||
+ ret = virtio_gpu_create_mapping_iov(g, &att_rb, cmd, NULL, &res_iovs, &res_niov);
|
||||
if (ret != 0) {
|
||||
cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
|
||||
return;
|
||||
}
|
||||
|
||||
ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
|
||||
- res_iovs, att_rb.nr_entries);
|
||||
+ res_iovs, res_niov);
|
||||
|
||||
if (ret != 0)
|
||||
- virtio_gpu_cleanup_mapping_iov(g, res_iovs, att_rb.nr_entries);
|
||||
+ virtio_gpu_cleanup_mapping_iov(g, res_iovs, res_niov);
|
||||
}
|
||||
|
||||
static void virgl_resource_detach_backing(VirtIOGPU *g,
|
||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
||||
index c9f5e36fd0..6f3791deb3 100644
|
||||
--- a/hw/display/virtio-gpu.c
|
||||
+++ b/hw/display/virtio-gpu.c
|
||||
@@ -608,11 +608,12 @@ static void virtio_gpu_set_scanout(VirtIOGPU *g,
|
||||
int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
|
||||
struct virtio_gpu_resource_attach_backing *ab,
|
||||
struct virtio_gpu_ctrl_command *cmd,
|
||||
- uint64_t **addr, struct iovec **iov)
|
||||
+ uint64_t **addr, struct iovec **iov,
|
||||
+ uint32_t *niov)
|
||||
{
|
||||
struct virtio_gpu_mem_entry *ents;
|
||||
size_t esize, s;
|
||||
- int i;
|
||||
+ int e, v;
|
||||
|
||||
if (ab->nr_entries > 16384) {
|
||||
qemu_log_mask(LOG_GUEST_ERROR,
|
||||
@@ -633,37 +634,53 @@ int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- *iov = g_malloc0(sizeof(struct iovec) * ab->nr_entries);
|
||||
+ *iov = NULL;
|
||||
if (addr) {
|
||||
- *addr = g_malloc0(sizeof(uint64_t) * ab->nr_entries);
|
||||
+ *addr = NULL;
|
||||
}
|
||||
- for (i = 0; i < ab->nr_entries; i++) {
|
||||
- uint64_t a = le64_to_cpu(ents[i].addr);
|
||||
- uint32_t l = le32_to_cpu(ents[i].length);
|
||||
- hwaddr len = l;
|
||||
- (*iov)[i].iov_base = dma_memory_map(VIRTIO_DEVICE(g)->dma_as,
|
||||
- a, &len, DMA_DIRECTION_TO_DEVICE);
|
||||
- (*iov)[i].iov_len = len;
|
||||
- if (addr) {
|
||||
- (*addr)[i] = a;
|
||||
- }
|
||||
- if (!(*iov)[i].iov_base || len != l) {
|
||||
- qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
|
||||
- " resource %d element %d\n",
|
||||
- __func__, ab->resource_id, i);
|
||||
- if ((*iov)[i].iov_base) {
|
||||
- i++; /* cleanup the 'i'th map */
|
||||
+ for (e = 0, v = 0; e < ab->nr_entries; e++) {
|
||||
+ uint64_t a = le64_to_cpu(ents[e].addr);
|
||||
+ uint32_t l = le32_to_cpu(ents[e].length);
|
||||
+ hwaddr len;
|
||||
+ void *map;
|
||||
+
|
||||
+ do {
|
||||
+ len = l;
|
||||
+ map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as,
|
||||
+ a, &len, DMA_DIRECTION_TO_DEVICE);
|
||||
+ if (!map) {
|
||||
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
|
||||
+ " resource %d element %d\n",
|
||||
+ __func__, ab->resource_id, e);
|
||||
+ virtio_gpu_cleanup_mapping_iov(g, *iov, v);
|
||||
+ g_free(ents);
|
||||
+ *iov = NULL;
|
||||
+ if (addr) {
|
||||
+ g_free(*addr);
|
||||
+ *addr = NULL;
|
||||
+ }
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (!(v % 16)) {
|
||||
+ *iov = g_realloc(*iov, sizeof(struct iovec) * (v + 16));
|
||||
+ if (addr) {
|
||||
+ *addr = g_realloc(*addr, sizeof(uint64_t) * (v + 16));
|
||||
+ }
|
||||
}
|
||||
- virtio_gpu_cleanup_mapping_iov(g, *iov, i);
|
||||
- g_free(ents);
|
||||
- *iov = NULL;
|
||||
+ (*iov)[v].iov_base = map;
|
||||
+ (*iov)[v].iov_len = len;
|
||||
if (addr) {
|
||||
- g_free(*addr);
|
||||
- *addr = NULL;
|
||||
+ (*addr)[v] = a;
|
||||
}
|
||||
- return -1;
|
||||
- }
|
||||
+
|
||||
+ a += len;
|
||||
+ l -= len;
|
||||
+ v += 1;
|
||||
+ } while (l > 0);
|
||||
}
|
||||
+ *niov = v;
|
||||
+
|
||||
g_free(ents);
|
||||
return 0;
|
||||
}
|
||||
@@ -717,13 +734,12 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
|
||||
return;
|
||||
}
|
||||
|
||||
- ret = virtio_gpu_create_mapping_iov(g, &ab, cmd, &res->addrs, &res->iov);
|
||||
+ ret = virtio_gpu_create_mapping_iov(g, &ab, cmd, &res->addrs,
|
||||
+ &res->iov, &res->iov_cnt);
|
||||
if (ret != 0) {
|
||||
cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
|
||||
return;
|
||||
}
|
||||
-
|
||||
- res->iov_cnt = ab.nr_entries;
|
||||
}
|
||||
|
||||
static void
|
||||
diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
|
||||
index fae149235c..0d15af41d9 100644
|
||||
--- a/include/hw/virtio/virtio-gpu.h
|
||||
+++ b/include/hw/virtio/virtio-gpu.h
|
||||
@@ -209,7 +209,8 @@ void virtio_gpu_get_edid(VirtIOGPU *g,
|
||||
int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
|
||||
struct virtio_gpu_resource_attach_backing *ab,
|
||||
struct virtio_gpu_ctrl_command *cmd,
|
||||
- uint64_t **addr, struct iovec **iov);
|
||||
+ uint64_t **addr, struct iovec **iov,
|
||||
+ uint32_t *niov);
|
||||
void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
|
||||
struct iovec *iov, uint32_t count);
|
||||
void virtio_gpu_process_cmdq(VirtIOGPU *g);
|
||||
--
|
||||
2.27.0
|
||||
|
130
kvm-x86-Add-x86-rhel8.5-machine-types.patch
Normal file
130
kvm-x86-Add-x86-rhel8.5-machine-types.patch
Normal file
@ -0,0 +1,130 @@
|
||||
From 1497b5d371a63dd20d3b14ca2f8cce99845a1c2c Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Date: Wed, 19 May 2021 15:46:27 -0400
|
||||
Subject: [PATCH 03/12] x86: Add x86 rhel8.5 machine types
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9
|
||||
RH-Commit: [1/8] db81806d99b545abe4dcba576fb33c02ec283dd7 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
|
||||
Add the 8.5 machine type and the compat entries.
|
||||
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
hw/i386/pc.c | 6 ++++++
|
||||
hw/i386/pc_piix.c | 2 ++
|
||||
hw/i386/pc_q35.c | 24 ++++++++++++++++++++++--
|
||||
include/hw/i386/pc.h | 3 +++
|
||||
4 files changed, 33 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
|
||||
index edc02a68ca..0a374dec39 100644
|
||||
--- a/hw/i386/pc.c
|
||||
+++ b/hw/i386/pc.c
|
||||
@@ -369,6 +369,12 @@ GlobalProperty pc_rhel_compat[] = {
|
||||
};
|
||||
const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
|
||||
|
||||
+GlobalProperty pc_rhel_8_4_compat[] = {
|
||||
+ /* pc_rhel_8_4_compat from pc_compat_5_2 */
|
||||
+ { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
|
||||
+};
|
||||
+const size_t pc_rhel_8_4_compat_len = G_N_ELEMENTS(pc_rhel_8_4_compat);
|
||||
+
|
||||
GlobalProperty pc_rhel_8_3_compat[] = {
|
||||
/* pc_rhel_8_3_compat from pc_compat_5_1 */
|
||||
{ "ICH9-LPC", "x-smi-cpu-hotplug", "off" },
|
||||
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
|
||||
index d9c5df16d8..5d61c9b833 100644
|
||||
--- a/hw/i386/pc_piix.c
|
||||
+++ b/hw/i386/pc_piix.c
|
||||
@@ -971,6 +971,8 @@ static void pc_machine_rhel760_options(MachineClass *m)
|
||||
pcmc->pci_root_uid = 1;
|
||||
compat_props_add(m->compat_props, hw_compat_rhel_8_4,
|
||||
hw_compat_rhel_8_4_len);
|
||||
+ compat_props_add(m->compat_props, pc_rhel_8_4_compat,
|
||||
+ pc_rhel_8_4_compat_len);
|
||||
compat_props_add(m->compat_props, hw_compat_rhel_8_3,
|
||||
hw_compat_rhel_8_3_len);
|
||||
compat_props_add(m->compat_props, pc_rhel_8_3_compat,
|
||||
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
|
||||
index 44109e4876..01ff3e0544 100644
|
||||
--- a/hw/i386/pc_q35.c
|
||||
+++ b/hw/i386/pc_q35.c
|
||||
@@ -607,6 +607,24 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
|
||||
compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
|
||||
}
|
||||
|
||||
+static void pc_q35_init_rhel850(MachineState *machine)
|
||||
+{
|
||||
+ pc_q35_init(machine);
|
||||
+}
|
||||
+
|
||||
+static void pc_q35_machine_rhel850_options(MachineClass *m)
|
||||
+{
|
||||
+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
|
||||
+ pc_q35_machine_rhel_options(m);
|
||||
+ m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
|
||||
+ pcmc->smbios_stream_product = "RHEL-AV";
|
||||
+ pcmc->smbios_stream_version = "8.5.0";
|
||||
+}
|
||||
+
|
||||
+DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
|
||||
+ pc_q35_machine_rhel850_options);
|
||||
+
|
||||
+
|
||||
static void pc_q35_init_rhel840(MachineState *machine)
|
||||
{
|
||||
pc_q35_init(machine);
|
||||
@@ -615,12 +633,15 @@ static void pc_q35_init_rhel840(MachineState *machine)
|
||||
static void pc_q35_machine_rhel840_options(MachineClass *m)
|
||||
{
|
||||
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
|
||||
- pc_q35_machine_rhel_options(m);
|
||||
+ pc_q35_machine_rhel850_options(m);
|
||||
m->desc = "RHEL-8.4.0 PC (Q35 + ICH9, 2009)";
|
||||
+ m->alias = NULL;
|
||||
pcmc->smbios_stream_product = "RHEL-AV";
|
||||
pcmc->smbios_stream_version = "8.4.0";
|
||||
compat_props_add(m->compat_props, hw_compat_rhel_8_4,
|
||||
hw_compat_rhel_8_4_len);
|
||||
+ compat_props_add(m->compat_props, pc_rhel_8_4_compat,
|
||||
+ pc_rhel_8_4_compat_len);
|
||||
}
|
||||
|
||||
DEFINE_PC_MACHINE(q35_rhel840, "pc-q35-rhel8.4.0", pc_q35_init_rhel840,
|
||||
@@ -637,7 +658,6 @@ static void pc_q35_machine_rhel830_options(MachineClass *m)
|
||||
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
|
||||
pc_q35_machine_rhel840_options(m);
|
||||
m->desc = "RHEL-8.3.0 PC (Q35 + ICH9, 2009)";
|
||||
- m->alias = NULL;
|
||||
pcmc->smbios_stream_product = "RHEL-AV";
|
||||
pcmc->smbios_stream_version = "8.3.0";
|
||||
compat_props_add(m->compat_props, hw_compat_rhel_8_3,
|
||||
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
|
||||
index 79a7803a2f..1980c93f41 100644
|
||||
--- a/include/hw/i386/pc.h
|
||||
+++ b/include/hw/i386/pc.h
|
||||
@@ -281,6 +281,9 @@ extern const size_t pc_compat_1_4_len;
|
||||
extern GlobalProperty pc_rhel_compat[];
|
||||
extern const size_t pc_rhel_compat_len;
|
||||
|
||||
+extern GlobalProperty pc_rhel_8_4_compat[];
|
||||
+extern const size_t pc_rhel_8_4_compat_len;
|
||||
+
|
||||
extern GlobalProperty pc_rhel_8_3_compat[];
|
||||
extern const size_t pc_rhel_8_3_compat_len;
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -12,7 +12,6 @@ ExecStart=/usr/bin/qemu-ga \
|
||||
--path=/dev/virtio-ports/org.qemu.guest_agent.0 \
|
||||
--blacklist=${BLACKLIST_RPC} \
|
||||
-F${FSFREEZE_HOOK_PATHNAME}
|
||||
StandardError=syslog
|
||||
Restart=always
|
||||
RestartSec=0
|
||||
|
||||
|
@ -67,14 +67,13 @@
|
||||
Requires: %{name}-ui-opengl = %{epoch}:%{version}-%{release} \
|
||||
%endif \
|
||||
Requires: %{name}-block-curl = %{epoch}:%{version}-%{release} \
|
||||
Requires: %{name}-block-iscsi = %{epoch}:%{version}-%{release} \
|
||||
Requires: %{name}-block-rbd = %{epoch}:%{version}-%{release} \
|
||||
Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
|
||||
|
||||
Summary: QEMU is a machine emulator and virtualizer
|
||||
Name: qemu-kvm
|
||||
Version: 6.0.0
|
||||
Release: 6%{?rcversion}%{?dist}
|
||||
Release: 7%{?rcversion}%{?dist}
|
||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||
# Epoch 15 used for RHEL 8
|
||||
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
|
||||
@ -173,6 +172,26 @@ Patch40: kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch
|
||||
Patch41: kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch42: kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch
|
||||
# For bz#1967502 - [aarch64] [qemu] Compile the PCIe expander bridge
|
||||
Patch43: kvm-aarch64-rh-devices-add-CONFIG_PXB.patch
|
||||
# For bz#1974795 - [RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes "virtio_gpu_dequeue_ctrl_func" ERROR
|
||||
Patch44: kvm-virtio-gpu-handle-partial-maps-properly.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch45: kvm-x86-Add-x86-rhel8.5-machine-types.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch46: kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch47: kvm-block-backend-add-drained_poll.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch48: kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch49: kvm-disable-CONFIG_USB_STORAGE_BOT.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch50: kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch51: kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch52: kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch
|
||||
|
||||
# Source-git patches
|
||||
|
||||
@ -183,7 +202,6 @@ BuildRequires: gnutls-devel
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: libaio-devel
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: libiscsi-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libusbx-devel >= %{libusbx_version}
|
||||
%if %{have_usbredir}
|
||||
@ -281,6 +299,7 @@ Requires: libfdt >= %{libfdt_version}
|
||||
# other words RHEL-9 rebases are done together/before RHEL-8 ones)
|
||||
Obsoletes: qemu-kvm-ui-spice <= %{version}
|
||||
Obsoletes: qemu-kvm-block-gluster <= %{version}
|
||||
Obsoletes: %{name}-block-iscsi <= %{version}
|
||||
|
||||
%description -n qemu-kvm-core
|
||||
qemu-kvm is an open source virtualizer that provides hardware
|
||||
@ -363,16 +382,6 @@ Install this package if you want to access remote disks over
|
||||
http, https, ftp and other transports provided by the CURL library.
|
||||
|
||||
|
||||
%package block-iscsi
|
||||
Summary: QEMU iSCSI block driver
|
||||
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description block-iscsi
|
||||
This package provides the additional iSCSI block driver for QEMU.
|
||||
|
||||
Install this package if you want to access iSCSI volumes.
|
||||
|
||||
|
||||
%package block-rbd
|
||||
Summary: QEMU Ceph/RBD block driver
|
||||
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
@ -592,7 +601,6 @@ pushd %{qemu_kvm_build}
|
||||
--enable-guest-agent \
|
||||
--enable-iconv \
|
||||
--enable-kvm \
|
||||
--enable-libiscsi \
|
||||
%if %{have_pmem}
|
||||
--enable-libpmem \
|
||||
%endif
|
||||
@ -1196,9 +1204,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%files block-curl
|
||||
%{_libdir}/qemu-kvm/block-curl.so
|
||||
|
||||
%files block-iscsi
|
||||
%{_libdir}/qemu-kvm/block-iscsi.so
|
||||
|
||||
%files block-rbd
|
||||
%{_libdir}/qemu-kvm/block-rbd.so
|
||||
|
||||
@ -1213,6 +1218,30 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 28 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-7
|
||||
- kvm-aarch64-rh-devices-add-CONFIG_PXB.patch [bz#1967502]
|
||||
- kvm-virtio-gpu-handle-partial-maps-properly.patch [bz#1974795]
|
||||
- kvm-x86-Add-x86-rhel8.5-machine-types.patch [bz#1957194]
|
||||
- kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch [bz#1957194]
|
||||
- kvm-block-backend-add-drained_poll.patch [bz#1957194]
|
||||
- kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch [bz#1957194]
|
||||
- kvm-disable-CONFIG_USB_STORAGE_BOT.patch [bz#1957194]
|
||||
- kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch [bz#1957194]
|
||||
- kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch [bz#1957194]
|
||||
- kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch [bz#1957194]
|
||||
- kvm-qga-drop-StandardError-syslog.patch [bz#1947977]
|
||||
- kvm-Remove-iscsi-support.patch [bz#1967133]
|
||||
- Resolves: bz#1967502
|
||||
([aarch64] [qemu] Compile the PCIe expander bridge)
|
||||
- Resolves: bz#1974795
|
||||
([RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes "virtio_gpu_dequeue_ctrl_func" ERROR)
|
||||
- Resolves: bz#1957194
|
||||
(Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta)
|
||||
- Resolves: bz#1947977
|
||||
(remove StandardError=syslog from qemu-guest-agent.service)
|
||||
- Resolves: bz#1967133
|
||||
(QEMU: disable libiscsi in RHEL-9)
|
||||
|
||||
* Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-6
|
||||
- kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462]
|
||||
- kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194]
|
||||
|
Loading…
Reference in New Issue
Block a user