* Mon Jun 28 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-7
- kvm-aarch64-rh-devices-add-CONFIG_PXB.patch [bz#1967502] - kvm-virtio-gpu-handle-partial-maps-properly.patch [bz#1974795] - kvm-x86-Add-x86-rhel8.5-machine-types.patch [bz#1957194] - kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch [bz#1957194] - kvm-block-backend-add-drained_poll.patch [bz#1957194] - kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch [bz#1957194] - kvm-disable-CONFIG_USB_STORAGE_BOT.patch [bz#1957194] - kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch [bz#1957194] - kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch [bz#1957194] - kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch [bz#1957194] - kvm-qga-drop-StandardError-syslog.patch [bz#1947977] - kvm-Remove-iscsi-support.patch [bz#1967133] - Resolves: bz#1967502 ([aarch64] [qemu] Compile the PCIe expander bridge) - Resolves: bz#1974795 ([RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes "virtio_gpu_dequeue_ctrl_func" ERROR) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1947977 (remove StandardError=syslog from qemu-guest-agent.service) - Resolves: bz#1967133 (QEMU: disable libiscsi in RHEL-9)
This commit is contained in:
		
							parent
							
								
									73d2f941db
								
							
						
					
					
						commit
						0253757df8
					
				
							
								
								
									
										37
									
								
								kvm-aarch64-rh-devices-add-CONFIG_PXB.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								kvm-aarch64-rh-devices-add-CONFIG_PXB.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | ||||
| From d05ba1e2208cb17b8cf7dac050d95137a67dd988 Mon Sep 17 00:00:00 2001 | ||||
| From: Eric Auger <eric.auger@redhat.com> | ||||
| Date: Thu, 24 Jun 2021 10:32:08 +0200 | ||||
| Subject: [PATCH 01/12] aarch64-rh-devices: add CONFIG_PXB | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Eric Auger <eric.auger@redhat.com> | ||||
| RH-MergeRequest: 14: aarch64-rh-devices: add CONFIG_PXB | ||||
| RH-Commit: [1/1] 6a9e6a96ea6ba1bee220a60e5a691a174a0a044b (eauger1/centos-qemu-kvm) | ||||
| RH-Bugzilla: 1967502 | ||||
| RH-Acked-by: Gavin Shan <gshan@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| RH-Acked-by: Andrew Jones <drjones@redhat.com> | ||||
| 
 | ||||
| We want to enable the PCIe expander bridge on aarch64. So let's | ||||
| set CONFIG_PXB. | ||||
| 
 | ||||
| Signed-off-by: Eric Auger <eric.auger@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  default-configs/devices/aarch64-rh-devices.mak | 1 + | ||||
|  1 file changed, 1 insertion(+) | ||||
| 
 | ||||
| diff --git a/default-configs/devices/aarch64-rh-devices.mak b/default-configs/devices/aarch64-rh-devices.mak
 | ||||
| index 4220469178..d8ce902720 100644
 | ||||
| --- a/default-configs/devices/aarch64-rh-devices.mak
 | ||||
| +++ b/default-configs/devices/aarch64-rh-devices.mak
 | ||||
| @@ -27,3 +27,4 @@ CONFIG_TPM_TIS_SYSBUS=y
 | ||||
|  CONFIG_PTIMER=y | ||||
|  CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y | ||||
|  CONFIG_PVPANIC_PCI=y | ||||
| +CONFIG_PXB=y
 | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										74
									
								
								kvm-block-backend-add-drained_poll.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										74
									
								
								kvm-block-backend-add-drained_poll.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,74 @@ | ||||
| From e23a2be8c57666e091d9192e113a30ea06cd83ef Mon Sep 17 00:00:00 2001 | ||||
| From: Sergio Lopez Pascual <slp@redhat.com> | ||||
| Date: Thu, 17 Jun 2021 09:13:20 -0400 | ||||
| Subject: [PATCH 05/12] block-backend: add drained_poll | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [3/8] 4ad1f536b00a762a1b094d76383b74826228892a (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| Allow block backends to poll their devices/users to check if they have | ||||
| been quiesced when entering a drained section. | ||||
| 
 | ||||
| This will be used in the next patch to wait for the NBD server to be | ||||
| completely quiesced. | ||||
| 
 | ||||
| Suggested-by: Kevin Wolf <kwolf@redhat.com> | ||||
| Reviewed-by: Kevin Wolf <kwolf@redhat.com> | ||||
| Reviewed-by: Eric Blake <eblake@redhat.com> | ||||
| Signed-off-by: Sergio Lopez <slp@redhat.com> | ||||
| Message-Id: <20210602060552.17433-2-slp@redhat.com> | ||||
| Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> | ||||
| Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||||
| (cherry picked from commit 095cc4d0f62513d75e9bc1da37f08d9e97f267c4) | ||||
| Signed-off-by: Sergio Lopez <slp@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  block/block-backend.c          | 7 ++++++- | ||||
|  include/sysemu/block-backend.h | 4 ++++ | ||||
|  2 files changed, 10 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/block/block-backend.c b/block/block-backend.c
 | ||||
| index 413af51f3b..05d8e5fb5d 100644
 | ||||
| --- a/block/block-backend.c
 | ||||
| +++ b/block/block-backend.c
 | ||||
| @@ -2378,8 +2378,13 @@ static void blk_root_drained_begin(BdrvChild *child)
 | ||||
|  static bool blk_root_drained_poll(BdrvChild *child) | ||||
|  { | ||||
|      BlockBackend *blk = child->opaque; | ||||
| +    bool busy = false;
 | ||||
|      assert(blk->quiesce_counter); | ||||
| -    return !!blk->in_flight;
 | ||||
| +
 | ||||
| +    if (blk->dev_ops && blk->dev_ops->drained_poll) {
 | ||||
| +        busy = blk->dev_ops->drained_poll(blk->dev_opaque);
 | ||||
| +    }
 | ||||
| +    return busy || !!blk->in_flight;
 | ||||
|  } | ||||
|   | ||||
|  static void blk_root_drained_end(BdrvChild *child, int *drained_end_counter) | ||||
| diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
 | ||||
| index 880e903293..5423e3d9c6 100644
 | ||||
| --- a/include/sysemu/block-backend.h
 | ||||
| +++ b/include/sysemu/block-backend.h
 | ||||
| @@ -66,6 +66,10 @@ typedef struct BlockDevOps {
 | ||||
|       * Runs when the backend's last drain request ends. | ||||
|       */ | ||||
|      void (*drained_end)(void *opaque); | ||||
| +    /*
 | ||||
| +     * Is the device still busy?
 | ||||
| +     */
 | ||||
| +    bool (*drained_poll)(void *opaque);
 | ||||
|  } BlockDevOps; | ||||
|   | ||||
|  /* This struct is embedded in (the private) BlockBackend struct and contains | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										49
									
								
								kvm-disable-CONFIG_USB_STORAGE_BOT.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								kvm-disable-CONFIG_USB_STORAGE_BOT.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,49 @@ | ||||
| From 64ec0505fccf6f277430f3be1829a9e44cd00dbb Mon Sep 17 00:00:00 2001 | ||||
| From: Gerd Hoffmann <kraxel@redhat.com> | ||||
| Date: Fri, 18 Jun 2021 12:04:24 -0400 | ||||
| Subject: [PATCH 07/12] disable CONFIG_USB_STORAGE_BOT | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [5/8] 73d3ee0a17590c8cddf6bd812e6a758951c36ea4 (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  default-configs/devices/ppc64-rh-devices.mak  | 1 - | ||||
|  default-configs/devices/x86_64-rh-devices.mak | 1 - | ||||
|  2 files changed, 2 deletions(-) | ||||
| 
 | ||||
| diff --git a/default-configs/devices/ppc64-rh-devices.mak b/default-configs/devices/ppc64-rh-devices.mak
 | ||||
| index 5b01b7fac0..3ec5603ace 100644
 | ||||
| --- a/default-configs/devices/ppc64-rh-devices.mak
 | ||||
| +++ b/default-configs/devices/ppc64-rh-devices.mak
 | ||||
| @@ -15,7 +15,6 @@ CONFIG_USB=y
 | ||||
|  CONFIG_USB_OHCI=y | ||||
|  CONFIG_USB_OHCI_PCI=y | ||||
|  CONFIG_USB_SMARTCARD=y | ||||
| -CONFIG_USB_STORAGE_BOT=y
 | ||||
|  CONFIG_USB_STORAGE_CORE=y | ||||
|  CONFIG_USB_STORAGE_CLASSIC=y | ||||
|  CONFIG_USB_XHCI=y | ||||
| diff --git a/default-configs/devices/x86_64-rh-devices.mak b/default-configs/devices/x86_64-rh-devices.mak
 | ||||
| index d09c138fc6..81bda09f4c 100644
 | ||||
| --- a/default-configs/devices/x86_64-rh-devices.mak
 | ||||
| +++ b/default-configs/devices/x86_64-rh-devices.mak
 | ||||
| @@ -74,7 +74,6 @@ CONFIG_USB=y
 | ||||
|  CONFIG_USB_EHCI=y | ||||
|  CONFIG_USB_EHCI_PCI=y | ||||
|  CONFIG_USB_SMARTCARD=y | ||||
| -CONFIG_USB_STORAGE_BOT=y
 | ||||
|  CONFIG_USB_STORAGE_CORE=y | ||||
|  CONFIG_USB_STORAGE_CLASSIC=y | ||||
|  CONFIG_USB_UHCI=y | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										151
									
								
								kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										151
									
								
								kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,151 @@ | ||||
| From 17c1559139d6a58794944901f84dd4e8cd1f5335 Mon Sep 17 00:00:00 2001 | ||||
| From: Connor Kuehl <ckuehl@redhat.com> | ||||
| Date: Tue, 22 Jun 2021 20:00:20 -0400 | ||||
| Subject: [PATCH 08/12] doc: Fix some mistakes in the SEV documentation | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [6/8] ce828f81de1320a1833241700cb13dfdcf7d82e7 (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| From: Tom Lendacky <thomas.lendacky@amd.com> | ||||
| 
 | ||||
| Fix some spelling and grammar mistakes in the amd-memory-encryption.txt | ||||
| file. No new information added. | ||||
| 
 | ||||
| Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> | ||||
| Reviewed-by: Laszlo Ersek <lersek@redhat.com> | ||||
| Reviewed-by: Connor Kuehl <ckuehl@redhat.com> | ||||
| Message-Id: <a7c5ee6c056d840f46028f4a817c16a9862bdd9e.1619208498.git.thomas.lendacky@amd.com> | ||||
| Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> | ||||
| (cherry picked from commit f538adeccf4554e6402fe661a0a51bcc8d6bd227) | ||||
| Signed-off-by: Connor Kuehl <ckuehl@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  docs/amd-memory-encryption.txt | 59 +++++++++++++++++----------------- | ||||
|  1 file changed, 29 insertions(+), 30 deletions(-) | ||||
| 
 | ||||
| diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
 | ||||
| index 145896aec7..ed85159ea7 100644
 | ||||
| --- a/docs/amd-memory-encryption.txt
 | ||||
| +++ b/docs/amd-memory-encryption.txt
 | ||||
| @@ -1,38 +1,38 @@
 | ||||
|  Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. | ||||
|   | ||||
|  SEV is an extension to the AMD-V architecture which supports running encrypted | ||||
| -virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages
 | ||||
| +virtual machines (VMs) under the control of KVM. Encrypted VMs have their pages
 | ||||
|  (code and data) secured such that only the guest itself has access to the | ||||
|  unencrypted version. Each encrypted VM is associated with a unique encryption | ||||
| -key; if its data is accessed to a different entity using a different key the
 | ||||
| +key; if its data is accessed by a different entity using a different key the
 | ||||
|  encrypted guests data will be incorrectly decrypted, leading to unintelligible | ||||
|  data. | ||||
|   | ||||
| -The key management of this feature is handled by separate processor known as
 | ||||
| -AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running
 | ||||
| -inside the AMD-SP provide commands to support common VM lifecycle. This
 | ||||
| +Key management for this feature is handled by a separate processor known as the
 | ||||
| +AMD secure processor (AMD-SP), which is present in AMD SOCs. Firmware running
 | ||||
| +inside the AMD-SP provides commands to support a common VM lifecycle. This
 | ||||
|  includes commands for launching, snapshotting, migrating and debugging the | ||||
| -encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP
 | ||||
| +encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
 | ||||
|  ioctls. | ||||
|   | ||||
|  Launching | ||||
|  --------- | ||||
| -Boot images (such as bios) must be encrypted before guest can be booted.
 | ||||
| -MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START,
 | ||||
| +Boot images (such as bios) must be encrypted before a guest can be booted. The
 | ||||
| +MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images: LAUNCH_START,
 | ||||
|  LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands | ||||
|  together generate a fresh memory encryption key for the VM, encrypt the boot | ||||
| -images and provide a measurement than can be used as an attestation of the
 | ||||
| +images and provide a measurement than can be used as an attestation of a
 | ||||
|  successful launch. | ||||
|   | ||||
|  LAUNCH_START is called first to create a cryptographic launch context within | ||||
| -the firmware. To create this context, guest owner must provides guest policy,
 | ||||
| +the firmware. To create this context, guest owner must provide a guest policy,
 | ||||
|  its public Diffie-Hellman key (PDH) and session parameters. These inputs | ||||
| -should be treated as binary blob and must be passed as-is to the SEV firmware.
 | ||||
| +should be treated as a binary blob and must be passed as-is to the SEV firmware.
 | ||||
|   | ||||
| -The guest policy is passed as plaintext and hypervisor may able to read it
 | ||||
| +The guest policy is passed as plaintext. A hypervisor may choose to read it,
 | ||||
|  but should not modify it (any modification of the policy bits will result | ||||
|  in bad measurement). The guest policy is a 4-byte data structure containing | ||||
| -several flags that restricts what can be done on running SEV guest.
 | ||||
| +several flags that restricts what can be done on a running SEV guest.
 | ||||
|  See KM Spec section 3 and 6.2 for more details. | ||||
|   | ||||
|  The guest policy can be provided via the 'policy' property (see below) | ||||
| @@ -40,31 +40,30 @@ The guest policy can be provided via the 'policy' property (see below)
 | ||||
|  # ${QEMU} \ | ||||
|     sev-guest,id=sev0,policy=0x1...\ | ||||
|   | ||||
| -Guest owners provided DH certificate and session parameters will be used to
 | ||||
| +The guest owner provided DH certificate and session parameters will be used to
 | ||||
|  establish a cryptographic session with the guest owner to negotiate keys used | ||||
|  for the attestation. | ||||
|   | ||||
| -The DH certificate and session blob can be provided via 'dh-cert-file' and
 | ||||
| -'session-file' property (see below
 | ||||
| +The DH certificate and session blob can be provided via the 'dh-cert-file' and
 | ||||
| +'session-file' properties (see below)
 | ||||
|   | ||||
|  # ${QEMU} \ | ||||
|       sev-guest,id=sev0,dh-cert-file=<file1>,session-file=<file2> | ||||
|   | ||||
|  LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context | ||||
| -created via LAUNCH_START command. If required, this command can be called
 | ||||
| +created via the LAUNCH_START command. If required, this command can be called
 | ||||
|  multiple times to encrypt different memory regions. The command also calculates | ||||
|  the measurement of the memory contents as it encrypts. | ||||
|   | ||||
| -LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted
 | ||||
| -memory. This measurement is a signature of the memory contents that can be
 | ||||
| -sent to the guest owner as an attestation that the memory was encrypted
 | ||||
| -correctly by the firmware. The guest owner may wait to provide the guest
 | ||||
| -confidential information until it can verify the attestation measurement.
 | ||||
| -Since the guest owner knows the initial contents of the guest at boot, the
 | ||||
| -attestation measurement can be verified by comparing it to what the guest owner
 | ||||
| -expects.
 | ||||
| +LAUNCH_MEASURE can be used to retrieve the measurement of encrypted memory.
 | ||||
| +This measurement is a signature of the memory contents that can be sent to the
 | ||||
| +guest owner as an attestation that the memory was encrypted correctly by the
 | ||||
| +firmware. The guest owner may wait to provide the guest confidential information
 | ||||
| +until it can verify the attestation measurement. Since the guest owner knows the
 | ||||
| +initial contents of the guest at boot, the attestation measurement can be
 | ||||
| +verified by comparing it to what the guest owner expects.
 | ||||
|   | ||||
| -LAUNCH_FINISH command finalizes the guest launch and destroy's the cryptographic
 | ||||
| +LAUNCH_FINISH finalizes the guest launch and destroys the cryptographic
 | ||||
|  context. | ||||
|   | ||||
|  See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the | ||||
| @@ -78,10 +77,10 @@ To launch a SEV guest
 | ||||
|   | ||||
|  Debugging | ||||
|  ----------- | ||||
| -Since memory contents of SEV guest is encrypted hence hypervisor access to the
 | ||||
| -guest memory will get a cipher text. If guest policy allows debugging, then
 | ||||
| -hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest
 | ||||
| -memory region for debug purposes.  This is not supported in QEMU yet.
 | ||||
| +Since the memory contents of a SEV guest are encrypted, hypervisor access to
 | ||||
| +the guest memory will return cipher text. If the guest policy allows debugging,
 | ||||
| +then a hypervisor can use the DEBUG_DECRYPT and DEBUG_ENCRYPT commands to access
 | ||||
| +the guest memory region for debug purposes.  This is not supported in QEMU yet.
 | ||||
|   | ||||
|  Snapshot/Restore | ||||
|  ----------------- | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										141
									
								
								kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										141
									
								
								kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,141 @@ | ||||
| From 1bd5660666d2a1f704ebabeed8a2bbfa02410f41 Mon Sep 17 00:00:00 2001 | ||||
| From: Connor Kuehl <ckuehl@redhat.com> | ||||
| Date: Tue, 22 Jun 2021 20:00:21 -0400 | ||||
| Subject: [PATCH 09/12] docs: Add SEV-ES documentation to | ||||
|  amd-memory-encryption.txt | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [7/8] 36e49577484813866132b90c64cf99779326db74 (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| From: Tom Lendacky <thomas.lendacky@amd.com> | ||||
| 
 | ||||
| Update the amd-memory-encryption.txt file with information about SEV-ES, | ||||
| including how to launch an SEV-ES guest and some of the differences | ||||
| between SEV and SEV-ES guests in regards to launching and measuring the | ||||
| guest. | ||||
| 
 | ||||
| Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> | ||||
| Acked-by: Laszlo Ersek <lersek@redhat.com> | ||||
| Reviewed-by: Connor Kuehl <ckuehl@redhat.com> | ||||
| Message-Id: <fa1825a5eb0290eac4712cde75ba4c6829946eac.1619208498.git.thomas.lendacky@amd.com> | ||||
| Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> | ||||
| (cherry picked from commit 61b7d7098cd53dd386939610d534f8bd79240881) | ||||
| Signed-off-by: Connor Kuehl <ckuehl@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  docs/amd-memory-encryption.txt | 54 +++++++++++++++++++++++++++++----- | ||||
|  1 file changed, 47 insertions(+), 7 deletions(-) | ||||
| 
 | ||||
| diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
 | ||||
| index ed85159ea7..ffca382b5f 100644
 | ||||
| --- a/docs/amd-memory-encryption.txt
 | ||||
| +++ b/docs/amd-memory-encryption.txt
 | ||||
| @@ -15,6 +15,13 @@ includes commands for launching, snapshotting, migrating and debugging the
 | ||||
|  encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP | ||||
|  ioctls. | ||||
|   | ||||
| +Secure Encrypted Virtualization - Encrypted State (SEV-ES) builds on the SEV
 | ||||
| +support to additionally protect the guest register state. In order to allow a
 | ||||
| +hypervisor to perform functions on behalf of a guest, there is architectural
 | ||||
| +support for notifying a guest's operating system when certain types of VMEXITs
 | ||||
| +are about to occur. This allows the guest to selectively share information with
 | ||||
| +the hypervisor to satisfy the requested function.
 | ||||
| +
 | ||||
|  Launching | ||||
|  --------- | ||||
|  Boot images (such as bios) must be encrypted before a guest can be booted. The | ||||
| @@ -24,6 +31,9 @@ together generate a fresh memory encryption key for the VM, encrypt the boot
 | ||||
|  images and provide a measurement than can be used as an attestation of a | ||||
|  successful launch. | ||||
|   | ||||
| +For a SEV-ES guest, the LAUNCH_UPDATE_VMSA command is also used to encrypt the
 | ||||
| +guest register state, or VM save area (VMSA), for all of the guest vCPUs.
 | ||||
| +
 | ||||
|  LAUNCH_START is called first to create a cryptographic launch context within | ||||
|  the firmware. To create this context, guest owner must provide a guest policy, | ||||
|  its public Diffie-Hellman key (PDH) and session parameters. These inputs | ||||
| @@ -40,6 +50,12 @@ The guest policy can be provided via the 'policy' property (see below)
 | ||||
|  # ${QEMU} \ | ||||
|     sev-guest,id=sev0,policy=0x1...\ | ||||
|   | ||||
| +Setting the "SEV-ES required" policy bit (bit 2) will launch the guest as a
 | ||||
| +SEV-ES guest (see below)
 | ||||
| +
 | ||||
| +# ${QEMU} \
 | ||||
| +   sev-guest,id=sev0,policy=0x5...\
 | ||||
| +
 | ||||
|  The guest owner provided DH certificate and session parameters will be used to | ||||
|  establish a cryptographic session with the guest owner to negotiate keys used | ||||
|  for the attestation. | ||||
| @@ -55,13 +71,19 @@ created via the LAUNCH_START command. If required, this command can be called
 | ||||
|  multiple times to encrypt different memory regions. The command also calculates | ||||
|  the measurement of the memory contents as it encrypts. | ||||
|   | ||||
| -LAUNCH_MEASURE can be used to retrieve the measurement of encrypted memory.
 | ||||
| -This measurement is a signature of the memory contents that can be sent to the
 | ||||
| -guest owner as an attestation that the memory was encrypted correctly by the
 | ||||
| -firmware. The guest owner may wait to provide the guest confidential information
 | ||||
| -until it can verify the attestation measurement. Since the guest owner knows the
 | ||||
| -initial contents of the guest at boot, the attestation measurement can be
 | ||||
| -verified by comparing it to what the guest owner expects.
 | ||||
| +LAUNCH_UPDATE_VMSA encrypts all the vCPU VMSAs for a SEV-ES guest using the
 | ||||
| +cryptographic context created via the LAUNCH_START command. The command also
 | ||||
| +calculates the measurement of the VMSAs as it encrypts them.
 | ||||
| +
 | ||||
| +LAUNCH_MEASURE can be used to retrieve the measurement of encrypted memory and,
 | ||||
| +for a SEV-ES guest, encrypted VMSAs. This measurement is a signature of the
 | ||||
| +memory contents and, for a SEV-ES guest, the VMSA contents, that can be sent
 | ||||
| +to the guest owner as an attestation that the memory and VMSAs were encrypted
 | ||||
| +correctly by the firmware. The guest owner may wait to provide the guest
 | ||||
| +confidential information until it can verify the attestation measurement.
 | ||||
| +Since the guest owner knows the initial contents of the guest at boot, the
 | ||||
| +attestation measurement can be verified by comparing it to what the guest owner
 | ||||
| +expects.
 | ||||
|   | ||||
|  LAUNCH_FINISH finalizes the guest launch and destroys the cryptographic | ||||
|  context. | ||||
| @@ -75,6 +97,22 @@ To launch a SEV guest
 | ||||
|      -machine ...,confidential-guest-support=sev0 \ | ||||
|      -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 | ||||
|   | ||||
| +To launch a SEV-ES guest
 | ||||
| +
 | ||||
| +# ${QEMU} \
 | ||||
| +    -machine ...,confidential-guest-support=sev0 \
 | ||||
| +    -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x5
 | ||||
| +
 | ||||
| +An SEV-ES guest has some restrictions as compared to a SEV guest. Because the
 | ||||
| +guest register state is encrypted and cannot be updated by the VMM/hypervisor,
 | ||||
| +a SEV-ES guest:
 | ||||
| + - Does not support SMM - SMM support requires updating the guest register
 | ||||
| +   state.
 | ||||
| + - Does not support reboot - a system reset requires updating the guest register
 | ||||
| +   state.
 | ||||
| + - Requires in-kernel irqchip - the burden is placed on the hypervisor to
 | ||||
| +   manage booting APs.
 | ||||
| +
 | ||||
|  Debugging | ||||
|  ----------- | ||||
|  Since the memory contents of a SEV guest are encrypted, hypervisor access to | ||||
| @@ -101,8 +139,10 @@ Secure Encrypted Virtualization Key Management:
 | ||||
|   | ||||
|  KVM Forum slides: | ||||
|  http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf | ||||
| +https://www.linux-kvm.org/images/9/94/Extending-Secure-Encrypted-Virtualization-with-SEV-ES-Thomas-Lendacky-AMD.pdf
 | ||||
|   | ||||
|  AMD64 Architecture Programmer's Manual: | ||||
|     http://support.amd.com/TechDocs/24593.pdf | ||||
|     SME is section 7.10 | ||||
|     SEV is section 15.34 | ||||
| +   SEV-ES is section 15.35
 | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										110
									
								
								kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										110
									
								
								kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,110 @@ | ||||
| From e408203bab17e32f8d42ae9ad61e94a73bfaec67 Mon Sep 17 00:00:00 2001 | ||||
| From: Connor Kuehl <ckuehl@redhat.com> | ||||
| Date: Tue, 22 Jun 2021 20:00:22 -0400 | ||||
| Subject: [PATCH 10/12] docs/interop/firmware.json: Add SEV-ES support | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [8/8] b49ebbaf40b56d95c67475a0373d6906a3e4f0e3 (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| From: Tom Lendacky <thomas.lendacky@amd.com> | ||||
| 
 | ||||
| Create an enum definition, '@amd-sev-es', for SEV-ES and add documention | ||||
| for the new enum. Add an example that shows some of the requirements for | ||||
| SEV-ES, including not having SMM support and the requirement for an | ||||
| X64-only build. | ||||
| 
 | ||||
| Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> | ||||
| Reviewed-by: Laszlo Ersek <lersek@redhat.com> | ||||
| Reviewed-by: Connor Kuehl <ckuehl@redhat.com> | ||||
| Message-Id: <b941a7ee105dfeb67607cf2d24dafcb82658b212.1619208498.git.thomas.lendacky@amd.com> | ||||
| Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> | ||||
| (cherry picked from commit d44df1d73ce04d7f4b8f94cba5f715e2dadc998b) | ||||
| Signed-off-by: Connor Kuehl <ckuehl@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  docs/interop/firmware.json | 47 +++++++++++++++++++++++++++++++++++++- | ||||
|  1 file changed, 46 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json
 | ||||
| index 9d94ccafa9..8d8b0be030 100644
 | ||||
| --- a/docs/interop/firmware.json
 | ||||
| +++ b/docs/interop/firmware.json
 | ||||
| @@ -115,6 +115,12 @@
 | ||||
|  #           this feature are documented in | ||||
|  #           "docs/amd-memory-encryption.txt". | ||||
|  # | ||||
| +# @amd-sev-es: The firmware supports running under AMD Secure Encrypted
 | ||||
| +#              Virtualization - Encrypted State, as specified in the AMD64
 | ||||
| +#              Architecture Programmer's Manual. QEMU command line options
 | ||||
| +#              related to this feature are documented in
 | ||||
| +#              "docs/amd-memory-encryption.txt".
 | ||||
| +#
 | ||||
|  # @enrolled-keys: The variable store (NVRAM) template associated with | ||||
|  #                 the firmware binary has the UEFI Secure Boot | ||||
|  #                 operational mode turned on, with certificates | ||||
| @@ -179,7 +185,7 @@
 | ||||
|  # Since: 3.0 | ||||
|  ## | ||||
|  { 'enum' : 'FirmwareFeature', | ||||
| -  'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'enrolled-keys',
 | ||||
| +  'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'amd-sev-es', 'enrolled-keys',
 | ||||
|               'requires-smm', 'secure-boot', 'verbose-dynamic', | ||||
|               'verbose-static' ] } | ||||
|   | ||||
| @@ -504,6 +510,45 @@
 | ||||
|  # } | ||||
|  # | ||||
|  # { | ||||
| +#     "description": "OVMF with SEV-ES support",
 | ||||
| +#     "interface-types": [
 | ||||
| +#         "uefi"
 | ||||
| +#     ],
 | ||||
| +#     "mapping": {
 | ||||
| +#         "device": "flash",
 | ||||
| +#         "executable": {
 | ||||
| +#             "filename": "/usr/share/OVMF/OVMF_CODE.fd",
 | ||||
| +#             "format": "raw"
 | ||||
| +#         },
 | ||||
| +#         "nvram-template": {
 | ||||
| +#             "filename": "/usr/share/OVMF/OVMF_VARS.fd",
 | ||||
| +#             "format": "raw"
 | ||||
| +#         }
 | ||||
| +#     },
 | ||||
| +#     "targets": [
 | ||||
| +#         {
 | ||||
| +#             "architecture": "x86_64",
 | ||||
| +#             "machines": [
 | ||||
| +#                 "pc-q35-*"
 | ||||
| +#             ]
 | ||||
| +#         }
 | ||||
| +#     ],
 | ||||
| +#     "features": [
 | ||||
| +#         "acpi-s3",
 | ||||
| +#         "amd-sev",
 | ||||
| +#         "amd-sev-es",
 | ||||
| +#         "verbose-dynamic"
 | ||||
| +#     ],
 | ||||
| +#     "tags": [
 | ||||
| +#         "-a X64",
 | ||||
| +#         "-p OvmfPkg/OvmfPkgX64.dsc",
 | ||||
| +#         "-t GCC48",
 | ||||
| +#         "-b DEBUG",
 | ||||
| +#         "-D FD_SIZE_4MB"
 | ||||
| +#     ]
 | ||||
| +# }
 | ||||
| +#
 | ||||
| +# {
 | ||||
|  #     "description": "UEFI firmware for ARM64 virtual machines", | ||||
|  #     "interface-types": [ | ||||
|  #         "uefi" | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										191
									
								
								kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										191
									
								
								kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,191 @@ | ||||
| From 9182af6a819e60a079349fd6d8b28a28adea90b1 Mon Sep 17 00:00:00 2001 | ||||
| From: Sergio Lopez Pascual <slp@redhat.com> | ||||
| Date: Thu, 17 Jun 2021 09:13:21 -0400 | ||||
| Subject: [PATCH 06/12] nbd/server: Use drained block ops to quiesce the server | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [4/8] ca32c99563254a8a31104948e41fa691453d0399 (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| Before switching between AioContexts we need to make sure that we're | ||||
| fully quiesced ("nb_requests == 0" for every client) when entering the | ||||
| drained section. | ||||
| 
 | ||||
| To do this, we set "quiescing = true" for every client on | ||||
| ".drained_begin" to prevent new coroutines from being created, and | ||||
| check if "nb_requests == 0" on ".drained_poll". Finally, once we're | ||||
| exiting the drained section, on ".drained_end" we set "quiescing = | ||||
| false" and call "nbd_client_receive_next_request()" to resume the | ||||
| processing of new requests. | ||||
| 
 | ||||
| With these changes, "blk_aio_attach()" and "blk_aio_detach()" can be | ||||
| reverted to be as simple as they were before f148ae7d36. | ||||
| 
 | ||||
| RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1960137 | ||||
| Suggested-by: Kevin Wolf <kwolf@redhat.com> | ||||
| Signed-off-by: Sergio Lopez <slp@redhat.com> | ||||
| Message-Id: <20210602060552.17433-3-slp@redhat.com> | ||||
| Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> | ||||
| Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||||
| (cherry picked from commit fd6afc501a019682d1b8468b562355a2887087bd) | ||||
| Signed-off-by: Sergio Lopez <slp@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  nbd/server.c | 82 ++++++++++++++++++++++++++++++++++++++-------------- | ||||
|  1 file changed, 61 insertions(+), 21 deletions(-) | ||||
| 
 | ||||
| diff --git a/nbd/server.c b/nbd/server.c
 | ||||
| index 86a44a9b41..b60ebc3ab6 100644
 | ||||
| --- a/nbd/server.c
 | ||||
| +++ b/nbd/server.c
 | ||||
| @@ -1513,6 +1513,11 @@ static void nbd_request_put(NBDRequestData *req)
 | ||||
|      g_free(req); | ||||
|   | ||||
|      client->nb_requests--; | ||||
| +
 | ||||
| +    if (client->quiescing && client->nb_requests == 0) {
 | ||||
| +        aio_wait_kick();
 | ||||
| +    }
 | ||||
| +
 | ||||
|      nbd_client_receive_next_request(client); | ||||
|   | ||||
|      nbd_client_put(client); | ||||
| @@ -1530,49 +1535,68 @@ static void blk_aio_attached(AioContext *ctx, void *opaque)
 | ||||
|      QTAILQ_FOREACH(client, &exp->clients, next) { | ||||
|          qio_channel_attach_aio_context(client->ioc, ctx); | ||||
|   | ||||
| +        assert(client->nb_requests == 0);
 | ||||
|          assert(client->recv_coroutine == NULL); | ||||
|          assert(client->send_coroutine == NULL); | ||||
| -
 | ||||
| -        if (client->quiescing) {
 | ||||
| -            client->quiescing = false;
 | ||||
| -            nbd_client_receive_next_request(client);
 | ||||
| -        }
 | ||||
|      } | ||||
|  } | ||||
|   | ||||
| -static void nbd_aio_detach_bh(void *opaque)
 | ||||
| +static void blk_aio_detach(void *opaque)
 | ||||
|  { | ||||
|      NBDExport *exp = opaque; | ||||
|      NBDClient *client; | ||||
|   | ||||
| +    trace_nbd_blk_aio_detach(exp->name, exp->common.ctx);
 | ||||
| +
 | ||||
|      QTAILQ_FOREACH(client, &exp->clients, next) { | ||||
|          qio_channel_detach_aio_context(client->ioc); | ||||
| +    }
 | ||||
| +
 | ||||
| +    exp->common.ctx = NULL;
 | ||||
| +}
 | ||||
| +
 | ||||
| +static void nbd_drained_begin(void *opaque)
 | ||||
| +{
 | ||||
| +    NBDExport *exp = opaque;
 | ||||
| +    NBDClient *client;
 | ||||
| +
 | ||||
| +    QTAILQ_FOREACH(client, &exp->clients, next) {
 | ||||
|          client->quiescing = true; | ||||
| +    }
 | ||||
| +}
 | ||||
|   | ||||
| -        if (client->recv_coroutine) {
 | ||||
| -            if (client->read_yielding) {
 | ||||
| -                qemu_aio_coroutine_enter(exp->common.ctx,
 | ||||
| -                                         client->recv_coroutine);
 | ||||
| -            } else {
 | ||||
| -                AIO_WAIT_WHILE(exp->common.ctx, client->recv_coroutine != NULL);
 | ||||
| -            }
 | ||||
| -        }
 | ||||
| +static void nbd_drained_end(void *opaque)
 | ||||
| +{
 | ||||
| +    NBDExport *exp = opaque;
 | ||||
| +    NBDClient *client;
 | ||||
|   | ||||
| -        if (client->send_coroutine) {
 | ||||
| -            AIO_WAIT_WHILE(exp->common.ctx, client->send_coroutine != NULL);
 | ||||
| -        }
 | ||||
| +    QTAILQ_FOREACH(client, &exp->clients, next) {
 | ||||
| +        client->quiescing = false;
 | ||||
| +        nbd_client_receive_next_request(client);
 | ||||
|      } | ||||
|  } | ||||
|   | ||||
| -static void blk_aio_detach(void *opaque)
 | ||||
| +static bool nbd_drained_poll(void *opaque)
 | ||||
|  { | ||||
|      NBDExport *exp = opaque; | ||||
| +    NBDClient *client;
 | ||||
|   | ||||
| -    trace_nbd_blk_aio_detach(exp->name, exp->common.ctx);
 | ||||
| +    QTAILQ_FOREACH(client, &exp->clients, next) {
 | ||||
| +        if (client->nb_requests != 0) {
 | ||||
| +            /*
 | ||||
| +             * If there's a coroutine waiting for a request on nbd_read_eof()
 | ||||
| +             * enter it here so we don't depend on the client to wake it up.
 | ||||
| +             */
 | ||||
| +            if (client->recv_coroutine != NULL && client->read_yielding) {
 | ||||
| +                qemu_aio_coroutine_enter(exp->common.ctx,
 | ||||
| +                                         client->recv_coroutine);
 | ||||
| +            }
 | ||||
|   | ||||
| -    aio_wait_bh_oneshot(exp->common.ctx, nbd_aio_detach_bh, exp);
 | ||||
| +            return true;
 | ||||
| +        }
 | ||||
| +    }
 | ||||
|   | ||||
| -    exp->common.ctx = NULL;
 | ||||
| +    return false;
 | ||||
|  } | ||||
|   | ||||
|  static void nbd_eject_notifier(Notifier *n, void *data) | ||||
| @@ -1594,6 +1618,12 @@ void nbd_export_set_on_eject_blk(BlockExport *exp, BlockBackend *blk)
 | ||||
|      blk_add_remove_bs_notifier(blk, &nbd_exp->eject_notifier); | ||||
|  } | ||||
|   | ||||
| +static const BlockDevOps nbd_block_ops = {
 | ||||
| +    .drained_begin = nbd_drained_begin,
 | ||||
| +    .drained_end = nbd_drained_end,
 | ||||
| +    .drained_poll = nbd_drained_poll,
 | ||||
| +};
 | ||||
| +
 | ||||
|  static int nbd_export_create(BlockExport *blk_exp, BlockExportOptions *exp_args, | ||||
|                               Error **errp) | ||||
|  { | ||||
| @@ -1715,8 +1745,17 @@ static int nbd_export_create(BlockExport *blk_exp, BlockExportOptions *exp_args,
 | ||||
|   | ||||
|      exp->allocation_depth = arg->allocation_depth; | ||||
|   | ||||
| +    /*
 | ||||
| +     * We need to inhibit request queuing in the block layer to ensure we can
 | ||||
| +     * be properly quiesced when entering a drained section, as our coroutines
 | ||||
| +     * servicing pending requests might enter blk_pread().
 | ||||
| +     */
 | ||||
| +    blk_set_disable_request_queuing(blk, true);
 | ||||
| +
 | ||||
|      blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp); | ||||
|   | ||||
| +    blk_set_dev_ops(blk, &nbd_block_ops, exp);
 | ||||
| +
 | ||||
|      QTAILQ_INSERT_TAIL(&exports, exp, next); | ||||
|   | ||||
|      return 0; | ||||
| @@ -1788,6 +1827,7 @@ static void nbd_export_delete(BlockExport *blk_exp)
 | ||||
|          } | ||||
|          blk_remove_aio_context_notifier(exp->common.blk, blk_aio_attached, | ||||
|                                          blk_aio_detach, exp); | ||||
| +        blk_set_disable_request_queuing(exp->common.blk, false);
 | ||||
|      } | ||||
|   | ||||
|      for (i = 0; i < exp->nr_export_bitmaps; i++) { | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										49
									
								
								kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,49 @@ | ||||
| From a9546384e1fe8b4dad9ab00c52f45dac3a8fbc00 Mon Sep 17 00:00:00 2001 | ||||
| From: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| Date: Tue, 8 Jun 2021 10:29:07 -0400 | ||||
| Subject: [PATCH 04/12] redhat: x86: Enable 'kvm-asyncpf-int' by default | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [2/8] 2ea940445291df74dfed2d2f9f2b1f88a3eca31b (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| 'kvm-asyncpf-int' feature is supported by KVM starting with RHEL-8.4 | ||||
| kernel, enable the feature by default starting with RHEL-8.5 machine | ||||
| type. | ||||
| 
 | ||||
| Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  hw/i386/pc.c | 3 +++ | ||||
|  1 file changed, 3 insertions(+) | ||||
| 
 | ||||
| diff --git a/hw/i386/pc.c b/hw/i386/pc.c
 | ||||
| index 0a374dec39..cdbfa84d2e 100644
 | ||||
| --- a/hw/i386/pc.c
 | ||||
| +++ b/hw/i386/pc.c
 | ||||
| @@ -366,12 +366,15 @@ GlobalProperty pc_rhel_compat[] = {
 | ||||
|      { TYPE_X86_CPU, "vmx-exit-load-perf-global-ctrl", "off" }, | ||||
|      /* bz 1508330 */  | ||||
|      { "vfio-pci", "x-no-geforce-quirks", "on" }, | ||||
| +    /* bz 1941397 */
 | ||||
| +    { TYPE_X86_CPU, "kvm-asyncpf-int", "on" },
 | ||||
|  }; | ||||
|  const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat); | ||||
|   | ||||
|  GlobalProperty pc_rhel_8_4_compat[] = { | ||||
|      /* pc_rhel_8_4_compat from pc_compat_5_2 */ | ||||
|      { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" }, | ||||
| +    { TYPE_X86_CPU, "kvm-asyncpf-int", "off" },
 | ||||
|  }; | ||||
|  const size_t pc_rhel_8_4_compat_len = G_N_ELEMENTS(pc_rhel_8_4_compat); | ||||
|   | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										201
									
								
								kvm-virtio-gpu-handle-partial-maps-properly.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										201
									
								
								kvm-virtio-gpu-handle-partial-maps-properly.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,201 @@ | ||||
| From cdc537ada9528e09f8c70219f5a9a1ce8a4efa7e Mon Sep 17 00:00:00 2001 | ||||
| From: Gerd Hoffmann <kraxel@redhat.com> | ||||
| Date: Thu, 6 May 2021 11:10:01 +0200 | ||||
| Subject: [PATCH 02/12] virtio-gpu: handle partial maps properly | ||||
| 
 | ||||
| RH-Author: Eric Auger <eric.auger@redhat.com> | ||||
| RH-MergeRequest: 15: virtio-gpu: handle partial maps properly | ||||
| RH-Commit: [1/1] f2b0fd9758251d1f3a5ff9563911c8bdb4b191f0 (eauger1/centos-qemu-kvm) | ||||
| RH-Bugzilla: 1974795 | ||||
| RH-Acked-by: Gavin Shan <gshan@redhat.com> | ||||
| RH-Acked-by: Andrew Jones <drjones@redhat.com> | ||||
| RH-Acked-by: Peter Xu <Peter Xu <peterx@redhat.com> | ||||
| 
 | ||||
| dma_memory_map() may map only a part of the request.  Happens if the | ||||
| request can't be mapped in one go, for example due to a iommu creating | ||||
| a linear dma mapping for scattered physical pages.  Should that be the | ||||
| case virtio-gpu must call dma_memory_map() again with the remaining | ||||
| range instead of simply throwing an error. | ||||
| 
 | ||||
| Note that this change implies the number of iov entries may differ from | ||||
| the number of mapping entries sent by the guest.  Therefore the iov_len | ||||
| bookkeeping needs some updates too, we have to explicitly pass around | ||||
| the iov length now. | ||||
| 
 | ||||
| Reported-by: Auger Eric <eric.auger@redhat.com> | ||||
| Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||||
| Message-id: 20210506091001.1301250-1-kraxel@redhat.com | ||||
| Reviewed-by: Eric Auger <eric.auger@redhat.com> | ||||
| Tested-by: Eric Auger <eric.auger@redhat.com> | ||||
| Message-Id: <20210506091001.1301250-1-kraxel@redhat.com> | ||||
| (cherry picked from commit 9049f8bc445d50c0b5fe5500c0ec51fcc821c2ef) | ||||
| Signed-off-by: Eric Auger <eric.auger@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  hw/display/virtio-gpu-3d.c     |  7 ++-- | ||||
|  hw/display/virtio-gpu.c        | 76 ++++++++++++++++++++-------------- | ||||
|  include/hw/virtio/virtio-gpu.h |  3 +- | ||||
|  3 files changed, 52 insertions(+), 34 deletions(-) | ||||
| 
 | ||||
| diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
 | ||||
| index d98964858e..72c14d9132 100644
 | ||||
| --- a/hw/display/virtio-gpu-3d.c
 | ||||
| +++ b/hw/display/virtio-gpu-3d.c
 | ||||
| @@ -283,22 +283,23 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
 | ||||
|  { | ||||
|      struct virtio_gpu_resource_attach_backing att_rb; | ||||
|      struct iovec *res_iovs; | ||||
| +    uint32_t res_niov;
 | ||||
|      int ret; | ||||
|   | ||||
|      VIRTIO_GPU_FILL_CMD(att_rb); | ||||
|      trace_virtio_gpu_cmd_res_back_attach(att_rb.resource_id); | ||||
|   | ||||
| -    ret = virtio_gpu_create_mapping_iov(g, &att_rb, cmd, NULL, &res_iovs);
 | ||||
| +    ret = virtio_gpu_create_mapping_iov(g, &att_rb, cmd, NULL, &res_iovs, &res_niov);
 | ||||
|      if (ret != 0) { | ||||
|          cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; | ||||
|          return; | ||||
|      } | ||||
|   | ||||
|      ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, | ||||
| -                                             res_iovs, att_rb.nr_entries);
 | ||||
| +                                             res_iovs, res_niov);
 | ||||
|   | ||||
|      if (ret != 0) | ||||
| -        virtio_gpu_cleanup_mapping_iov(g, res_iovs, att_rb.nr_entries);
 | ||||
| +        virtio_gpu_cleanup_mapping_iov(g, res_iovs, res_niov);
 | ||||
|  } | ||||
|   | ||||
|  static void virgl_resource_detach_backing(VirtIOGPU *g, | ||||
| diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
 | ||||
| index c9f5e36fd0..6f3791deb3 100644
 | ||||
| --- a/hw/display/virtio-gpu.c
 | ||||
| +++ b/hw/display/virtio-gpu.c
 | ||||
| @@ -608,11 +608,12 @@ static void virtio_gpu_set_scanout(VirtIOGPU *g,
 | ||||
|  int virtio_gpu_create_mapping_iov(VirtIOGPU *g, | ||||
|                                    struct virtio_gpu_resource_attach_backing *ab, | ||||
|                                    struct virtio_gpu_ctrl_command *cmd, | ||||
| -                                  uint64_t **addr, struct iovec **iov)
 | ||||
| +                                  uint64_t **addr, struct iovec **iov,
 | ||||
| +                                  uint32_t *niov)
 | ||||
|  { | ||||
|      struct virtio_gpu_mem_entry *ents; | ||||
|      size_t esize, s; | ||||
| -    int i;
 | ||||
| +    int e, v;
 | ||||
|   | ||||
|      if (ab->nr_entries > 16384) { | ||||
|          qemu_log_mask(LOG_GUEST_ERROR, | ||||
| @@ -633,37 +634,53 @@ int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
 | ||||
|          return -1; | ||||
|      } | ||||
|   | ||||
| -    *iov = g_malloc0(sizeof(struct iovec) * ab->nr_entries);
 | ||||
| +    *iov = NULL;
 | ||||
|      if (addr) { | ||||
| -        *addr = g_malloc0(sizeof(uint64_t) * ab->nr_entries);
 | ||||
| +        *addr = NULL;
 | ||||
|      } | ||||
| -    for (i = 0; i < ab->nr_entries; i++) {
 | ||||
| -        uint64_t a = le64_to_cpu(ents[i].addr);
 | ||||
| -        uint32_t l = le32_to_cpu(ents[i].length);
 | ||||
| -        hwaddr len = l;
 | ||||
| -        (*iov)[i].iov_base = dma_memory_map(VIRTIO_DEVICE(g)->dma_as,
 | ||||
| -                                            a, &len, DMA_DIRECTION_TO_DEVICE);
 | ||||
| -        (*iov)[i].iov_len = len;
 | ||||
| -        if (addr) {
 | ||||
| -            (*addr)[i] = a;
 | ||||
| -        }
 | ||||
| -        if (!(*iov)[i].iov_base || len != l) {
 | ||||
| -            qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
 | ||||
| -                          " resource %d element %d\n",
 | ||||
| -                          __func__, ab->resource_id, i);
 | ||||
| -            if ((*iov)[i].iov_base) {
 | ||||
| -                i++; /* cleanup the 'i'th map */
 | ||||
| +    for (e = 0, v = 0; e < ab->nr_entries; e++) {
 | ||||
| +        uint64_t a = le64_to_cpu(ents[e].addr);
 | ||||
| +        uint32_t l = le32_to_cpu(ents[e].length);
 | ||||
| +        hwaddr len;
 | ||||
| +        void *map;
 | ||||
| +
 | ||||
| +        do {
 | ||||
| +            len = l;
 | ||||
| +            map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as,
 | ||||
| +                                 a, &len, DMA_DIRECTION_TO_DEVICE);
 | ||||
| +            if (!map) {
 | ||||
| +                qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
 | ||||
| +                              " resource %d element %d\n",
 | ||||
| +                              __func__, ab->resource_id, e);
 | ||||
| +                virtio_gpu_cleanup_mapping_iov(g, *iov, v);
 | ||||
| +                g_free(ents);
 | ||||
| +                *iov = NULL;
 | ||||
| +                if (addr) {
 | ||||
| +                    g_free(*addr);
 | ||||
| +                    *addr = NULL;
 | ||||
| +                }
 | ||||
| +                return -1;
 | ||||
| +            }
 | ||||
| +
 | ||||
| +            if (!(v % 16)) {
 | ||||
| +                *iov = g_realloc(*iov, sizeof(struct iovec) * (v + 16));
 | ||||
| +                if (addr) {
 | ||||
| +                    *addr = g_realloc(*addr, sizeof(uint64_t) * (v + 16));
 | ||||
| +                }
 | ||||
|              } | ||||
| -            virtio_gpu_cleanup_mapping_iov(g, *iov, i);
 | ||||
| -            g_free(ents);
 | ||||
| -            *iov = NULL;
 | ||||
| +            (*iov)[v].iov_base = map;
 | ||||
| +            (*iov)[v].iov_len = len;
 | ||||
|              if (addr) { | ||||
| -                g_free(*addr);
 | ||||
| -                *addr = NULL;
 | ||||
| +                (*addr)[v] = a;
 | ||||
|              } | ||||
| -            return -1;
 | ||||
| -        }
 | ||||
| +
 | ||||
| +            a += len;
 | ||||
| +            l -= len;
 | ||||
| +            v += 1;
 | ||||
| +        } while (l > 0);
 | ||||
|      } | ||||
| +    *niov = v;
 | ||||
| +
 | ||||
|      g_free(ents); | ||||
|      return 0; | ||||
|  } | ||||
| @@ -717,13 +734,12 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
 | ||||
|          return; | ||||
|      } | ||||
|   | ||||
| -    ret = virtio_gpu_create_mapping_iov(g, &ab, cmd, &res->addrs, &res->iov);
 | ||||
| +    ret = virtio_gpu_create_mapping_iov(g, &ab, cmd, &res->addrs,
 | ||||
| +                                        &res->iov, &res->iov_cnt);
 | ||||
|      if (ret != 0) { | ||||
|          cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; | ||||
|          return; | ||||
|      } | ||||
| -
 | ||||
| -    res->iov_cnt = ab.nr_entries;
 | ||||
|  } | ||||
|   | ||||
|  static void | ||||
| diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
 | ||||
| index fae149235c..0d15af41d9 100644
 | ||||
| --- a/include/hw/virtio/virtio-gpu.h
 | ||||
| +++ b/include/hw/virtio/virtio-gpu.h
 | ||||
| @@ -209,7 +209,8 @@ void virtio_gpu_get_edid(VirtIOGPU *g,
 | ||||
|  int virtio_gpu_create_mapping_iov(VirtIOGPU *g, | ||||
|                                    struct virtio_gpu_resource_attach_backing *ab, | ||||
|                                    struct virtio_gpu_ctrl_command *cmd, | ||||
| -                                  uint64_t **addr, struct iovec **iov);
 | ||||
| +                                  uint64_t **addr, struct iovec **iov,
 | ||||
| +                                  uint32_t *niov);
 | ||||
|  void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, | ||||
|                                      struct iovec *iov, uint32_t count); | ||||
|  void virtio_gpu_process_cmdq(VirtIOGPU *g); | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
							
								
								
									
										130
									
								
								kvm-x86-Add-x86-rhel8.5-machine-types.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										130
									
								
								kvm-x86-Add-x86-rhel8.5-machine-types.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,130 @@ | ||||
| From 1497b5d371a63dd20d3b14ca2f8cce99845a1c2c Mon Sep 17 00:00:00 2001 | ||||
| From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> | ||||
| Date: Wed, 19 May 2021 15:46:27 -0400 | ||||
| Subject: [PATCH 03/12] x86: Add x86 rhel8.5 machine types | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| RH-Author: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| RH-MergeRequest: 16: Synchronize with RHEL-AV 8.5 release 21 to RHEL 9 | ||||
| RH-Commit: [1/8] db81806d99b545abe4dcba576fb33c02ec283dd7 (mrezanin/centos-src-qemu-kvm) | ||||
| RH-Bugzilla: 1957194 | ||||
| RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com> | ||||
| RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com> | ||||
| 
 | ||||
| From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> | ||||
| 
 | ||||
| Add the 8.5 machine type and the compat entries. | ||||
| 
 | ||||
| Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | ||||
| Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com> | ||||
| Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> | ||||
| ---
 | ||||
|  hw/i386/pc.c         |  6 ++++++ | ||||
|  hw/i386/pc_piix.c    |  2 ++ | ||||
|  hw/i386/pc_q35.c     | 24 ++++++++++++++++++++++-- | ||||
|  include/hw/i386/pc.h |  3 +++ | ||||
|  4 files changed, 33 insertions(+), 2 deletions(-) | ||||
| 
 | ||||
| diff --git a/hw/i386/pc.c b/hw/i386/pc.c
 | ||||
| index edc02a68ca..0a374dec39 100644
 | ||||
| --- a/hw/i386/pc.c
 | ||||
| +++ b/hw/i386/pc.c
 | ||||
| @@ -369,6 +369,12 @@ GlobalProperty pc_rhel_compat[] = {
 | ||||
|  }; | ||||
|  const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat); | ||||
|   | ||||
| +GlobalProperty pc_rhel_8_4_compat[] = {
 | ||||
| +    /* pc_rhel_8_4_compat from pc_compat_5_2 */
 | ||||
| +    { "ICH9-LPC", "x-smi-cpu-hotunplug", "off" },
 | ||||
| +};
 | ||||
| +const size_t pc_rhel_8_4_compat_len = G_N_ELEMENTS(pc_rhel_8_4_compat);
 | ||||
| +
 | ||||
|  GlobalProperty pc_rhel_8_3_compat[] = { | ||||
|      /* pc_rhel_8_3_compat from pc_compat_5_1 */ | ||||
|      { "ICH9-LPC", "x-smi-cpu-hotplug", "off" }, | ||||
| diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
 | ||||
| index d9c5df16d8..5d61c9b833 100644
 | ||||
| --- a/hw/i386/pc_piix.c
 | ||||
| +++ b/hw/i386/pc_piix.c
 | ||||
| @@ -971,6 +971,8 @@ static void pc_machine_rhel760_options(MachineClass *m)
 | ||||
|      pcmc->pci_root_uid = 1; | ||||
|      compat_props_add(m->compat_props, hw_compat_rhel_8_4, | ||||
|                       hw_compat_rhel_8_4_len); | ||||
| +    compat_props_add(m->compat_props, pc_rhel_8_4_compat,
 | ||||
| +                     pc_rhel_8_4_compat_len);
 | ||||
|      compat_props_add(m->compat_props, hw_compat_rhel_8_3, | ||||
|                       hw_compat_rhel_8_3_len); | ||||
|      compat_props_add(m->compat_props, pc_rhel_8_3_compat, | ||||
| diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
 | ||||
| index 44109e4876..01ff3e0544 100644
 | ||||
| --- a/hw/i386/pc_q35.c
 | ||||
| +++ b/hw/i386/pc_q35.c
 | ||||
| @@ -607,6 +607,24 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
 | ||||
|      compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len); | ||||
|  } | ||||
|   | ||||
| +static void pc_q35_init_rhel850(MachineState *machine)
 | ||||
| +{
 | ||||
| +    pc_q35_init(machine);
 | ||||
| +}
 | ||||
| +
 | ||||
| +static void pc_q35_machine_rhel850_options(MachineClass *m)
 | ||||
| +{
 | ||||
| +    PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
 | ||||
| +    pc_q35_machine_rhel_options(m);
 | ||||
| +    m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
 | ||||
| +    pcmc->smbios_stream_product = "RHEL-AV";
 | ||||
| +    pcmc->smbios_stream_version = "8.5.0";
 | ||||
| +}
 | ||||
| +
 | ||||
| +DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
 | ||||
| +                  pc_q35_machine_rhel850_options);
 | ||||
| +
 | ||||
| +
 | ||||
|  static void pc_q35_init_rhel840(MachineState *machine) | ||||
|  { | ||||
|      pc_q35_init(machine); | ||||
| @@ -615,12 +633,15 @@ static void pc_q35_init_rhel840(MachineState *machine)
 | ||||
|  static void pc_q35_machine_rhel840_options(MachineClass *m) | ||||
|  { | ||||
|      PCMachineClass *pcmc = PC_MACHINE_CLASS(m); | ||||
| -    pc_q35_machine_rhel_options(m);
 | ||||
| +    pc_q35_machine_rhel850_options(m);
 | ||||
|      m->desc = "RHEL-8.4.0 PC (Q35 + ICH9, 2009)"; | ||||
| +    m->alias = NULL;
 | ||||
|      pcmc->smbios_stream_product = "RHEL-AV"; | ||||
|      pcmc->smbios_stream_version = "8.4.0"; | ||||
|      compat_props_add(m->compat_props, hw_compat_rhel_8_4, | ||||
|                       hw_compat_rhel_8_4_len); | ||||
| +    compat_props_add(m->compat_props, pc_rhel_8_4_compat,
 | ||||
| +                     pc_rhel_8_4_compat_len);
 | ||||
|  } | ||||
|   | ||||
|  DEFINE_PC_MACHINE(q35_rhel840, "pc-q35-rhel8.4.0", pc_q35_init_rhel840, | ||||
| @@ -637,7 +658,6 @@ static void pc_q35_machine_rhel830_options(MachineClass *m)
 | ||||
|      PCMachineClass *pcmc = PC_MACHINE_CLASS(m); | ||||
|      pc_q35_machine_rhel840_options(m); | ||||
|      m->desc = "RHEL-8.3.0 PC (Q35 + ICH9, 2009)"; | ||||
| -    m->alias = NULL;
 | ||||
|      pcmc->smbios_stream_product = "RHEL-AV"; | ||||
|      pcmc->smbios_stream_version = "8.3.0"; | ||||
|      compat_props_add(m->compat_props, hw_compat_rhel_8_3, | ||||
| diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
 | ||||
| index 79a7803a2f..1980c93f41 100644
 | ||||
| --- a/include/hw/i386/pc.h
 | ||||
| +++ b/include/hw/i386/pc.h
 | ||||
| @@ -281,6 +281,9 @@ extern const size_t pc_compat_1_4_len;
 | ||||
|  extern GlobalProperty pc_rhel_compat[]; | ||||
|  extern const size_t pc_rhel_compat_len; | ||||
|   | ||||
| +extern GlobalProperty pc_rhel_8_4_compat[];
 | ||||
| +extern const size_t pc_rhel_8_4_compat_len;
 | ||||
| +
 | ||||
|  extern GlobalProperty pc_rhel_8_3_compat[]; | ||||
|  extern const size_t pc_rhel_8_3_compat_len; | ||||
|   | ||||
| -- 
 | ||||
| 2.27.0 | ||||
| 
 | ||||
| @ -12,7 +12,6 @@ ExecStart=/usr/bin/qemu-ga \ | ||||
|   --path=/dev/virtio-ports/org.qemu.guest_agent.0 \ | ||||
|   --blacklist=${BLACKLIST_RPC} \ | ||||
|   -F${FSFREEZE_HOOK_PATHNAME} | ||||
| StandardError=syslog | ||||
| Restart=always | ||||
| RestartSec=0 | ||||
| 
 | ||||
|  | ||||
| @ -67,14 +67,13 @@ | ||||
| Requires: %{name}-ui-opengl = %{epoch}:%{version}-%{release}     \ | ||||
| %endif                                                           \ | ||||
| Requires: %{name}-block-curl = %{epoch}:%{version}-%{release}    \ | ||||
| Requires: %{name}-block-iscsi = %{epoch}:%{version}-%{release}   \ | ||||
| Requires: %{name}-block-rbd = %{epoch}:%{version}-%{release}     \ | ||||
| Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release} | ||||
| 
 | ||||
| Summary: QEMU is a machine emulator and virtualizer | ||||
| Name: qemu-kvm | ||||
| Version: 6.0.0 | ||||
| Release: 6%{?rcversion}%{?dist} | ||||
| Release: 7%{?rcversion}%{?dist} | ||||
| # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped | ||||
| # Epoch 15 used for RHEL 8 | ||||
| # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) | ||||
| @ -173,6 +172,26 @@ Patch40: kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch | ||||
| Patch41: kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch42: kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch | ||||
| # For bz#1967502 - [aarch64] [qemu] Compile the PCIe expander bridge | ||||
| Patch43: kvm-aarch64-rh-devices-add-CONFIG_PXB.patch | ||||
| # For bz#1974795 - [RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes "virtio_gpu_dequeue_ctrl_func" ERROR | ||||
| Patch44: kvm-virtio-gpu-handle-partial-maps-properly.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch45: kvm-x86-Add-x86-rhel8.5-machine-types.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch46: kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch47: kvm-block-backend-add-drained_poll.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch48: kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch49: kvm-disable-CONFIG_USB_STORAGE_BOT.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch50: kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch51: kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch | ||||
| # For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta | ||||
| Patch52: kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch | ||||
| 
 | ||||
| # Source-git patches | ||||
| 
 | ||||
| @ -183,7 +202,6 @@ BuildRequires: gnutls-devel | ||||
| BuildRequires: cyrus-sasl-devel | ||||
| BuildRequires: libaio-devel | ||||
| BuildRequires: python3-devel | ||||
| BuildRequires: libiscsi-devel | ||||
| BuildRequires: libattr-devel | ||||
| BuildRequires: libusbx-devel >= %{libusbx_version} | ||||
| %if %{have_usbredir} | ||||
| @ -281,6 +299,7 @@ Requires: libfdt >= %{libfdt_version} | ||||
| # other words RHEL-9 rebases are done together/before RHEL-8 ones) | ||||
| Obsoletes: qemu-kvm-ui-spice <= %{version} | ||||
| Obsoletes: qemu-kvm-block-gluster <= %{version} | ||||
| Obsoletes: %{name}-block-iscsi <= %{version} | ||||
| 
 | ||||
| %description -n qemu-kvm-core | ||||
| qemu-kvm is an open source virtualizer that provides hardware | ||||
| @ -363,16 +382,6 @@ Install this package if you want to access remote disks over | ||||
| http, https, ftp and other transports provided by the CURL library. | ||||
| 
 | ||||
| 
 | ||||
| %package  block-iscsi | ||||
| Summary: QEMU iSCSI block driver | ||||
| Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} | ||||
| 
 | ||||
| %description block-iscsi | ||||
| This package provides the additional iSCSI block driver for QEMU. | ||||
| 
 | ||||
| Install this package if you want to access iSCSI volumes. | ||||
| 
 | ||||
| 
 | ||||
| %package  block-rbd | ||||
| Summary: QEMU Ceph/RBD block driver | ||||
| Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} | ||||
| @ -592,7 +601,6 @@ pushd %{qemu_kvm_build} | ||||
|   --enable-guest-agent \ | ||||
|   --enable-iconv \ | ||||
|   --enable-kvm \ | ||||
|   --enable-libiscsi \ | ||||
| %if %{have_pmem} | ||||
|   --enable-libpmem \ | ||||
| %endif | ||||
| @ -1196,9 +1204,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : | ||||
| %files block-curl | ||||
| %{_libdir}/qemu-kvm/block-curl.so | ||||
| 
 | ||||
| %files block-iscsi | ||||
| %{_libdir}/qemu-kvm/block-iscsi.so | ||||
| 
 | ||||
| %files block-rbd | ||||
| %{_libdir}/qemu-kvm/block-rbd.so | ||||
| 
 | ||||
| @ -1213,6 +1218,30 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : | ||||
| %endif | ||||
| 
 | ||||
| %changelog | ||||
| * Mon Jun 28 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-7 | ||||
| - kvm-aarch64-rh-devices-add-CONFIG_PXB.patch [bz#1967502] | ||||
| - kvm-virtio-gpu-handle-partial-maps-properly.patch [bz#1974795] | ||||
| - kvm-x86-Add-x86-rhel8.5-machine-types.patch [bz#1957194] | ||||
| - kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch [bz#1957194] | ||||
| - kvm-block-backend-add-drained_poll.patch [bz#1957194] | ||||
| - kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch [bz#1957194] | ||||
| - kvm-disable-CONFIG_USB_STORAGE_BOT.patch [bz#1957194] | ||||
| - kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch [bz#1957194] | ||||
| - kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch [bz#1957194] | ||||
| - kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch [bz#1957194] | ||||
| - kvm-qga-drop-StandardError-syslog.patch [bz#1947977] | ||||
| - kvm-Remove-iscsi-support.patch [bz#1967133] | ||||
| - Resolves: bz#1967502 | ||||
|   ([aarch64] [qemu] Compile the PCIe expander bridge) | ||||
| - Resolves: bz#1974795 | ||||
|   ([RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes "virtio_gpu_dequeue_ctrl_func" ERROR) | ||||
| - Resolves: bz#1957194 | ||||
|   (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) | ||||
| - Resolves: bz#1947977 | ||||
|   (remove StandardError=syslog from qemu-guest-agent.service) | ||||
| - Resolves: bz#1967133 | ||||
|   (QEMU: disable libiscsi in RHEL-9) | ||||
| 
 | ||||
| * Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-6 | ||||
| - kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462] | ||||
| - kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194] | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user