diff --git a/kvm-pc-bios-s390-ccw-Abort-IPL-on-invalid-loadparm.patch b/kvm-pc-bios-s390-ccw-Abort-IPL-on-invalid-loadparm.patch new file mode 100644 index 0000000..204b045 --- /dev/null +++ b/kvm-pc-bios-s390-ccw-Abort-IPL-on-invalid-loadparm.patch @@ -0,0 +1,71 @@ +From df7e7db91357db9f4abd07d2bc5fb44216a2f286 Mon Sep 17 00:00:00 2001 +From: Jared Rossi +Date: Fri, 17 Jan 2025 16:22:35 -0500 +Subject: [PATCH 1/4] pc-bios/s390-ccw: Abort IPL on invalid loadparm +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 332: Fix boot problems when falling back from network to another boot device on s390x [RHEL9] +RH-Jira: RHEL-72716 +RH-Acked-by: Cédric Le Goater +RH-Acked-by: Jon Maloy +RH-Commit: [1/4] 4d19e5051374f8939bc86c5fc9eb02dede6d83d3 (thuth/qemu-kvm-cs) + +Because the loadparm specifies an exact kernel the user wants to boot, if the +loadparm is invalid it must represent a misconfiguration of the guest. Thus we +should abort the IPL immediately, without attempting to use other devices, to +avoid booting into an unintended guest image. + +Signed-off-by: Jared Rossi +Message-ID: <20250117212235.1324063-2-jrossi@linux.ibm.com> +Signed-off-by: Thomas Huth +(cherry picked from commit 64fa0de46ee3cc972af5d3ce8c5dc0db8198cd2b) +--- + pc-bios/s390-ccw/bootmap.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c +index 56f2f75640..0f8baa0198 100644 +--- a/pc-bios/s390-ccw/bootmap.c ++++ b/pc-bios/s390-ccw/bootmap.c +@@ -336,8 +336,7 @@ static int run_eckd_boot_script(block_number_t bmt_block_nr, + + debug_print_int("loadparm", loadparm); + if (loadparm >= MAX_BOOT_ENTRIES) { +- puts("loadparm value greater than max number of boot entries allowed"); +- return -EINVAL; ++ panic("loadparm value greater than max number of boot entries allowed"); + } + + memset(sec, FREE_SPACE_FILLER, sizeof(sec)); +@@ -348,8 +347,8 @@ static int run_eckd_boot_script(block_number_t bmt_block_nr, + + block_nr = gen_eckd_block_num(&bmt->entry[loadparm].xeckd, ldipl); + if (block_nr == NULL_BLOCK_NR) { +- puts("Cannot find Boot Map Table Entry"); +- return -EIO; ++ printf("The requested boot entry (%d) is invalid\n", loadparm); ++ panic("Invalid loadparm"); + } + + memset(sec, FREE_SPACE_FILLER, sizeof(sec)); +@@ -792,8 +791,12 @@ static int ipl_scsi(void) + + debug_print_int("loadparm", loadparm); + if (loadparm >= MAX_BOOT_ENTRIES) { +- puts("loadparm value greater than max number of boot entries allowed"); +- return -EINVAL; ++ panic("loadparm value greater than max number of boot entries allowed"); ++ } ++ ++ if (!valid_entries[loadparm]) { ++ printf("The requested boot entry (%d) is invalid\n", loadparm); ++ panic("Invalid loadparm"); + } + + return zipl_run(&prog_table->entry[loadparm].scsi); +-- +2.48.0 + diff --git a/kvm-pc-bios-s390-ccw-Fix-boot-problem-with-virtio-net-de.patch b/kvm-pc-bios-s390-ccw-Fix-boot-problem-with-virtio-net-de.patch new file mode 100644 index 0000000..ef42b92 --- /dev/null +++ b/kvm-pc-bios-s390-ccw-Fix-boot-problem-with-virtio-net-de.patch @@ -0,0 +1,159 @@ +From 7059f85f0f29707de0115cd05d951592137d9814 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Thu, 16 Jan 2025 12:58:25 +0100 +Subject: [PATCH 3/4] pc-bios/s390-ccw: Fix boot problem with virtio-net + devices +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 332: Fix boot problems when falling back from network to another boot device on s390x [RHEL9] +RH-Jira: RHEL-72716 +RH-Acked-by: Cédric Le Goater +RH-Acked-by: Jon Maloy +RH-Commit: [3/4] e7428f24f109aeade9fe0622ecc259dd251cd08e (thuth/qemu-kvm-cs) + +When we are trying to boot from virtio-net devices, the +s390-ccw bios currently leaves the virtio-net device enabled +after using it. That means that the receiving virt queues will +continue to happily write incoming network packets into memory. +This can corrupt data of the following boot process. For example, +if you set up a second guest on a virtual network and create a +lot of broadcast traffic there, e.g. with: + + ping -i 0.02 -s 1400 -b 192.168.1.255 + +and then you try to boot a guest with two boot devices, a network +device first (which should not be bootable) and e.g. a bootable SCSI +CD second, then this guest will fail to load the kernel from the CD +image: + + $ qemu-system-s390x -m 2G -nographic -device virtio-scsi-ccw \ + -netdev tap,id=net0 -device virtio-net-ccw,netdev=net0,bootindex=1 \ + -drive if=none,file=test.iso,format=raw,id=cd1 \ + -device scsi-cd,drive=cd1,bootindex=2 + LOADPARM=[ ] + + Network boot device detected + Network boot starting... + Using MAC address: 52:54:00:12:34:56 + Requesting information via DHCP: done + Using IPv4 address: 192.168.1.76 + Using TFTP server: 192.168.1.1 + Trying pxelinux.cfg files... + TFTP error: ICMP ERROR "port unreachable" + Receiving data: 0 KBytes + Repeating TFTP read request... + TFTP error: ICMP ERROR "port unreachable" + Failed to load OS from network. + Failed to IPL from this network! + LOADPARM=[ ] + + Using virtio-scsi. + + ! virtio-scsi:setup:inquiry: response VS RESP=ff ! + ERROR: No suitable device for IPL. Halting... + +We really have to shut up the virtio-net devices after we're not +using it anymore. The easiest way to do this is to simply reset +the device, so let's do that now. + +Reviewed-by: Jared Rossi +Reviewed-by: Eric Farman +Tested-by: Jared Rossi +Message-ID: <20250116115826.192047-3-thuth@redhat.com> +Signed-off-by: Thomas Huth +(cherry picked from commit 68c95ed1db070f7545e487e742715f01a545aab0) +--- + pc-bios/s390-ccw/netmain.c | 33 +++++++++++++++++++++++---------- + pc-bios/s390-ccw/virtio-net.c | 5 +++++ + pc-bios/s390-ccw/virtio.h | 1 + + 3 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c +index e46e470db4..335ea9b63e 100644 +--- a/pc-bios/s390-ccw/netmain.c ++++ b/pc-bios/s390-ccw/netmain.c +@@ -153,19 +153,10 @@ static int tftp_load(filename_ip_t *fnip, void *buffer, int len) + return rc; + } + +-static int net_init(filename_ip_t *fn_ip) ++static int net_init_ip(filename_ip_t *fn_ip) + { + int rc; + +- memset(fn_ip, 0, sizeof(filename_ip_t)); +- +- rc = virtio_net_init(mac); +- if (rc < 0) { +- puts("Could not initialize network device"); +- return -101; +- } +- fn_ip->fd = rc; +- + printf(" Using MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n", + mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); + +@@ -221,11 +212,33 @@ static int net_init(filename_ip_t *fn_ip) + return rc; + } + ++static int net_init(filename_ip_t *fn_ip) ++{ ++ int rc; ++ ++ memset(fn_ip, 0, sizeof(filename_ip_t)); ++ ++ rc = virtio_net_init(mac); ++ if (rc < 0) { ++ puts("Could not initialize network device"); ++ return -101; ++ } ++ fn_ip->fd = rc; ++ ++ rc = net_init_ip(fn_ip); ++ if (rc < 0) { ++ virtio_net_deinit(); ++ } ++ ++ return rc; ++} ++ + static void net_release(filename_ip_t *fn_ip) + { + if (fn_ip->ip_version == 4) { + dhcp_send_release(fn_ip->fd); + } ++ virtio_net_deinit(); + } + + /** +diff --git a/pc-bios/s390-ccw/virtio-net.c b/pc-bios/s390-ccw/virtio-net.c +index 578c89d0c5..301445bf97 100644 +--- a/pc-bios/s390-ccw/virtio-net.c ++++ b/pc-bios/s390-ccw/virtio-net.c +@@ -140,3 +140,8 @@ int recv(int fd, void *buf, int maxlen, int flags) + + return len; + } ++ ++void virtio_net_deinit(void) ++{ ++ virtio_reset(virtio_get_device()); ++} +diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h +index f13fa6f5fe..5c5e808a50 100644 +--- a/pc-bios/s390-ccw/virtio.h ++++ b/pc-bios/s390-ccw/virtio.h +@@ -278,5 +278,6 @@ int virtio_reset(VDev *vdev); + int virtio_setup_ccw(VDev *vdev); + + int virtio_net_init(void *mac_addr); ++void virtio_net_deinit(void); + + #endif /* VIRTIO_H */ +-- +2.48.0 + diff --git a/kvm-pc-bios-s390-ccw-netmain-Fix-error-messages-with-reg.patch b/kvm-pc-bios-s390-ccw-netmain-Fix-error-messages-with-reg.patch new file mode 100644 index 0000000..137eec6 --- /dev/null +++ b/kvm-pc-bios-s390-ccw-netmain-Fix-error-messages-with-reg.patch @@ -0,0 +1,72 @@ +From 77d5de6e13404df1cb5c3beb0e656ee328732457 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Thu, 16 Jan 2025 12:58:26 +0100 +Subject: [PATCH 4/4] pc-bios/s390-ccw/netmain: Fix error messages with regards + to the TFTP server +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 332: Fix boot problems when falling back from network to another boot device on s390x [RHEL9] +RH-Jira: RHEL-72716 +RH-Acked-by: Cédric Le Goater +RH-Acked-by: Jon Maloy +RH-Commit: [4/4] a4ce330588044d40b94da46905d1021e7610cbf6 (thuth/qemu-kvm-cs) + +The code in net_init_ip() currently bails out early if "rc" is less +than 0, so the if-statements that check for negative "rc" codes to +print out some specific error messages with regards to the TFTP server +are never reached. Move them earlier to bring that dead code back to +life. + +Reviewed-by: Jared Rossi +Reviewed-by: Eric Farman +Tested-by: Jared Rossi +Message-ID: <20250116115826.192047-4-thuth@redhat.com> +Signed-off-by: Thomas Huth +(cherry picked from commit bbfa7f8558d5346b6884108ad50df3517fe17358) +--- + pc-bios/s390-ccw/netmain.c | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c +index 335ea9b63e..719a547ada 100644 +--- a/pc-bios/s390-ccw/netmain.c ++++ b/pc-bios/s390-ccw/netmain.c +@@ -168,6 +168,14 @@ static int net_init_ip(filename_ip_t *fn_ip) + if (fn_ip->ip_version == 4) { + set_ipv4_address(fn_ip->own_ip); + } ++ } else if (rc == -2) { ++ printf("ARP request to TFTP server (%d.%d.%d.%d) failed\n", ++ (fn_ip->server_ip >> 24) & 0xFF, (fn_ip->server_ip >> 16) & 0xFF, ++ (fn_ip->server_ip >> 8) & 0xFF, fn_ip->server_ip & 0xFF); ++ return -102; ++ } else if (rc == -4 || rc == -3) { ++ puts("Can't obtain TFTP server IP address"); ++ return -107; + } else { + puts("Could not get IP address"); + return -101; +@@ -183,17 +191,6 @@ static int net_init_ip(filename_ip_t *fn_ip) + printf(" Using IPv6 address: %s\n", ip6_str); + } + +- if (rc == -2) { +- printf("ARP request to TFTP server (%d.%d.%d.%d) failed\n", +- (fn_ip->server_ip >> 24) & 0xFF, (fn_ip->server_ip >> 16) & 0xFF, +- (fn_ip->server_ip >> 8) & 0xFF, fn_ip->server_ip & 0xFF); +- return -102; +- } +- if (rc == -4 || rc == -3) { +- puts("Can't obtain TFTP server IP address"); +- return -107; +- } +- + printf(" Using TFTP server: "); + if (fn_ip->ip_version == 4) { + printf("%d.%d.%d.%d\n", +-- +2.48.0 + diff --git a/kvm-pc-bios-s390-ccw-virtio-Add-a-function-to-reset-a-vi.patch b/kvm-pc-bios-s390-ccw-virtio-Add-a-function-to-reset-a-vi.patch new file mode 100644 index 0000000..7a511b0 --- /dev/null +++ b/kvm-pc-bios-s390-ccw-virtio-Add-a-function-to-reset-a-vi.patch @@ -0,0 +1,70 @@ +From ede25f511ad49a8a7cc2d18a613775c1f706cf36 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Thu, 16 Jan 2025 12:58:24 +0100 +Subject: [PATCH 2/4] pc-bios/s390-ccw/virtio: Add a function to reset a virtio + device +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 332: Fix boot problems when falling back from network to another boot device on s390x [RHEL9] +RH-Jira: RHEL-72716 +RH-Acked-by: Cédric Le Goater +RH-Acked-by: Jon Maloy +RH-Commit: [2/4] 99a826ae269ca45cf3092c75c45eaf2f8704576a (thuth/qemu-kvm-cs) + +To be able to properly silence a virtio device after using it, +we need a global function to reset the device. + +Reviewed-by: Jared Rossi +Reviewed-by: Eric Farman +Tested-by: Jared Rossi +Message-ID: <20250116115826.192047-2-thuth@redhat.com> +Signed-off-by: Thomas Huth +(cherry picked from commit 3936d0556383829b8db9518aed8badfed6513953) +--- + pc-bios/s390-ccw/virtio.c | 7 ++++++- + pc-bios/s390-ccw/virtio.h | 1 + + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c +index 8b5a370bb3..cd6c99c7e3 100644 +--- a/pc-bios/s390-ccw/virtio.c ++++ b/pc-bios/s390-ccw/virtio.c +@@ -217,6 +217,11 @@ int virtio_run(VDev *vdev, int vqid, VirtioCmd *cmd) + return 0; + } + ++int virtio_reset(VDev *vdev) ++{ ++ return run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0, false); ++} ++ + int virtio_setup_ccw(VDev *vdev) + { + int i, cfg_size = 0; +@@ -235,7 +240,7 @@ int virtio_setup_ccw(VDev *vdev) + vdev->config.blk.blk_size = 0; /* mark "illegal" - setup started... */ + vdev->guessed_disk_nature = VIRTIO_GDN_NONE; + +- run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0, false); ++ virtio_reset(vdev); + + status = VIRTIO_CONFIG_S_ACKNOWLEDGE; + if (run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false)) { +diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h +index 9faf3986b1..f13fa6f5fe 100644 +--- a/pc-bios/s390-ccw/virtio.h ++++ b/pc-bios/s390-ccw/virtio.h +@@ -274,6 +274,7 @@ void vring_send_buf(VRing *vr, void *p, int len, int flags); + int vr_poll(VRing *vr); + int vring_wait_reply(void); + int virtio_run(VDev *vdev, int vqid, VirtioCmd *cmd); ++int virtio_reset(VDev *vdev); + int virtio_setup_ccw(VDev *vdev); + + int virtio_net_init(void *mac_addr); +-- +2.48.0 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index dfdd77a..430fc11 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -149,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 9.1.0 -Release: 12%{?rcrel}%{?dist}%{?cc_suffix} +Release: 13%{?rcrel}%{?dist}%{?cc_suffix} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -383,6 +383,14 @@ Patch116: kvm-target-i386-add-sha512-sm3-sm4-feature-bits.patch Patch117: kvm-arm-disable-pauth-for-virt-rhel9.patch # For RHEL-75782 - [Nvidia "Grace"] Lack of "PAuth" CPU feature results in live migration failure from RHEL 9.6 to 10 Patch118: kvm-tests-qtest-disable-most-pauth-tests.patch +# For RHEL-72716 - Boot fall back to cdrom from network not always working +Patch119: kvm-pc-bios-s390-ccw-Abort-IPL-on-invalid-loadparm.patch +# For RHEL-72716 - Boot fall back to cdrom from network not always working +Patch120: kvm-pc-bios-s390-ccw-virtio-Add-a-function-to-reset-a-vi.patch +# For RHEL-72716 - Boot fall back to cdrom from network not always working +Patch121: kvm-pc-bios-s390-ccw-Fix-boot-problem-with-virtio-net-de.patch +# For RHEL-72716 - Boot fall back to cdrom from network not always working +Patch122: kvm-pc-bios-s390-ccw-netmain-Fix-error-messages-with-reg.patch %if %{have_clang} BuildRequires: clang @@ -1449,6 +1457,14 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Thu Jan 30 2025 Jon Maloy - 9.1.0-13 +- kvm-pc-bios-s390-ccw-Abort-IPL-on-invalid-loadparm.patch [RHEL-72716] +- kvm-pc-bios-s390-ccw-virtio-Add-a-function-to-reset-a-vi.patch [RHEL-72716] +- kvm-pc-bios-s390-ccw-Fix-boot-problem-with-virtio-net-de.patch [RHEL-72716] +- kvm-pc-bios-s390-ccw-netmain-Fix-error-messages-with-reg.patch [RHEL-72716] +- Resolves: RHEL-72716 + (Boot fall back to cdrom from network not always working) + * Mon Jan 27 2025 Jon Maloy - 9.1.0-12 - kvm-target-i386-cpu-set-correct-supported-XCR0-features-.patch [RHEL-30316 RHEL-45111] - kvm-target-i386-do-not-rely-on-ExtSaveArea-for-accelerat.patch [RHEL-30316 RHEL-45111]