rpms
/
qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import qemu-kvm-6.2.0-9.el9

This commit is contained in:
CentOS Sources 2022-03-01 05:43:39 -05:00 committed by Stepan Oksanichenko
parent 2f4e381c12
commit 08c43ad4d9
31 changed files with 3436 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
SOURCES/kvm-Enable-SGX-RH-Only.patch Normal file
View File

@ -0,0 +1,28 @@
From f4f7c62a4658a570d3ad694b64463665fa4b80a7 Mon Sep 17 00:00:00 2001
From: Paul Lai <plai@redhat.com>
Date: Fri, 21 Jan 2022 13:14:42 -0500
Subject: [PATCH 04/12] Enable SGX -- RH Only
RH-Author: Paul Lai <plai@redhat.com>
RH-MergeRequest: 65: Enable SGX and add SGX Numa support
RH-Commit: [4/5] 2cd4ee4a429f5e7b1c32e83a10bf488503603795
RH-Bugzilla: 2033708
RH-Acked-by: Paolo Bonzini <None>
RH-Acked-by: Bandan Das <None>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
---
configs/devices/x86_64-softmmu/x86_64-rh-devices.mak | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
index dc03fbb671..327b1bee62 100644
--- a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
+++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak
@@ -101,3 +101,4 @@ CONFIG_TPM=y
CONFIG_TPM_CRB=y
CONFIG_TPM_TIS_ISA=y
CONFIG_TPM_EMULATOR=y
+CONFIG_SGX=y
--
2.27.0

63
SOURCES/kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch Normal file
View File

@ -0,0 +1,63 @@
From 7b973b9cb7b890eaf9a31c99f5c272b513322ac1 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 3 Feb 2022 15:05:33 +0100
Subject: [PATCH 1/8] block: Lock AioContext for drain_end in blockdev-reopen
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 73: block: Lock AioContext for drain_end in blockdev-reopen
RH-Commit: [1/2] db25e999152b0e4f09decade1ac76b9f56cd9706 (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 2046659
RH-Acked-by: Sergio Lopez <None>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
bdrv_subtree_drained_end() requires the caller to hold the AioContext
lock for the drained node. Not doing this for nodes outside of the main
AioContext leads to crashes when AIO_WAIT_WHILE() needs to wait and
tries to temporarily release the lock.
Fixes: 3908b7a8994fa5ef7a89aa58cd5a02fc58141592
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2046659
Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220203140534.36522-2-kwolf@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit aba8205be0707b9d108e32254e186ba88107a869)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
blockdev.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/blockdev.c b/blockdev.c
index b35072644e..565f6a81fd 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3562,6 +3562,7 @@ void qmp_blockdev_reopen(BlockdevOptionsList *reopen_list, Error **errp)
{
BlockReopenQueue *queue = NULL;
GSList *drained = NULL;
+ GSList *p;
/* Add each one of the BDS that we want to reopen to the queue */
for (; reopen_list != NULL; reopen_list = reopen_list->next) {
@@ -3611,7 +3612,15 @@ void qmp_blockdev_reopen(BlockdevOptionsList *reopen_list, Error **errp)
fail:
bdrv_reopen_queue_free(queue);
- g_slist_free_full(drained, (GDestroyNotify) bdrv_subtree_drained_end);
+ for (p = drained; p; p = p->next) {
+ BlockDriverState *bs = p->data;
+ AioContext *ctx = bdrv_get_aio_context(bs);
+
+ aio_context_acquire(ctx);
+ bdrv_subtree_drained_end(bs);
+ aio_context_release(ctx);
+ }
+ g_slist_free(drained);
}
void qmp_blockdev_del(const char *node_name, Error **errp)
--
2.27.0

129
SOURCES/kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch Normal file
View File

@ -0,0 +1,129 @@
From 87f3b10dc600ac12272ee6cdc67571910ea722f6 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Tue, 11 Jan 2022 15:36:12 +0000
Subject: [PATCH 10/12] block-backend: prevent dangling BDS pointers across
aio_poll()
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 71: block-backend: prevent dangling BDS pointers across aio_poll()
RH-Commit: [1/2] 1b4cab39bf8c933ab910293a29bfceaa9e821068 (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2040123
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
The BlockBackend root child can change when aio_poll() is invoked. This
happens when a temporary filter node is removed upon blockjob
completion, for example.
Functions in block/block-backend.c must be aware of this when using a
blk_bs() pointer across aio_poll() because the BlockDriverState refcnt
may reach 0, resulting in a stale pointer.
One example is scsi_device_purge_requests(), which calls blk_drain() to
wait for in-flight requests to cancel. If the backup blockjob is active,
then the BlockBackend root child is a temporary filter BDS owned by the
blockjob. The blockjob can complete during bdrv_drained_begin() and the
last reference to the BDS is released when the temporary filter node is
removed. This results in a use-after-free when blk_drain() calls
bdrv_drained_end(bs) on the dangling pointer.
Explicitly hold a reference to bs across block APIs that invoke
aio_poll().
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2021778
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2036178
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220111153613.25453-2-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1e3552dbd28359d35967b7c28dc86cde1bc29205)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
block/block-backend.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 12ef80ea17..23e727199b 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -822,16 +822,22 @@ BlockBackend *blk_by_public(BlockBackendPublic *public)
void blk_remove_bs(BlockBackend *blk)
{
ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
- BlockDriverState *bs;
BdrvChild *root;
notifier_list_notify(&blk->remove_bs_notifiers, blk);
if (tgm->throttle_state) {
- bs = blk_bs(blk);
+ BlockDriverState *bs = blk_bs(blk);
+
+ /*
+ * Take a ref in case blk_bs() changes across bdrv_drained_begin(), for
+ * example, if a temporary filter node is removed by a blockjob.
+ */
+ bdrv_ref(bs);
bdrv_drained_begin(bs);
throttle_group_detach_aio_context(tgm);
throttle_group_attach_aio_context(tgm, qemu_get_aio_context());
bdrv_drained_end(bs);
+ bdrv_unref(bs);
}
blk_update_root_state(blk);
@@ -1705,6 +1711,7 @@ void blk_drain(BlockBackend *blk)
BlockDriverState *bs = blk_bs(blk);
if (bs) {
+ bdrv_ref(bs);
bdrv_drained_begin(bs);
}
@@ -1714,6 +1721,7 @@ void blk_drain(BlockBackend *blk)
if (bs) {
bdrv_drained_end(bs);
+ bdrv_unref(bs);
}
}
@@ -2044,10 +2052,13 @@ static int blk_do_set_aio_context(BlockBackend *blk, AioContext *new_context,
int ret;
if (bs) {
+ bdrv_ref(bs);
+
if (update_root_node) {
ret = bdrv_child_try_set_aio_context(bs, new_context, blk->root,
errp);
if (ret < 0) {
+ bdrv_unref(bs);
return ret;
}
}
@@ -2057,6 +2068,8 @@ static int blk_do_set_aio_context(BlockBackend *blk, AioContext *new_context,
throttle_group_attach_aio_context(tgm, new_context);
bdrv_drained_end(bs);
}
+
+ bdrv_unref(bs);
}
blk->ctx = new_context;
@@ -2326,11 +2339,13 @@ void blk_io_limits_disable(BlockBackend *blk)
ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
assert(tgm->throttle_state);
if (bs) {
+ bdrv_ref(bs);
bdrv_drained_begin(bs);
}
throttle_group_unregister_tgm(tgm);
if (bs) {
bdrv_drained_end(bs);
+ bdrv_unref(bs);
}
}
--
2.27.0

56
SOURCES/kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch Normal file
View File

@ -0,0 +1,56 @@
From a6b472de71f6ebbe44025e1348c90e6f1f2b2326 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Tue, 18 Jan 2022 17:59:59 +0100
Subject: [PATCH 06/12] block/io: Update BSC only if want_zero is true
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 69: block/io: Update BSC only if want_zero is true
RH-Commit: [1/2] ad19ff86c3420cafe5a9e785ee210e482fbc8cd7 (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2041461
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
We update the block-status cache whenever we get new information from a
bdrv_co_block_status() call to the block driver. However, if we have
passed want_zero=false to that call, it may flag areas containing zeroes
as data, and so we would update the block-status cache with wrong
information.
Therefore, we should not update the cache with want_zero=false.
Reported-by: Nir Soffer <nsoffer@redhat.com>
Fixes: 0bc329fbb00 ("block: block-status cache for data regions")
Reviewed-by: Nir Soffer <nsoffer@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220118170000.49423-2-hreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 113b727ce788335cf76f65355d670c9bc130fd75)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
block/io.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/block/io.c b/block/io.c
index bb0a254def..4e4cb556c5 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2497,8 +2497,12 @@ static int coroutine_fn bdrv_co_block_status(BlockDriverState *bs,
* non-protocol nodes, and then it is never used. However, filling
* the cache requires an RCU update, so double check here to avoid
* such an update if possible.
+ *
+ * Check want_zero, because we only want to update the cache when we
+ * have accurate information about what is zero and what is data.
*/
- if (ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
+ if (want_zero &&
+ ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
QLIST_EMPTY(&bs->children))
{
/*
--
2.27.0

52
SOURCES/kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch Normal file
View File

@ -0,0 +1,52 @@
From 76b03619435d0b2f0125ee7aa5c94f2b889247de Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Fri, 4 Feb 2022 12:10:08 +0100
Subject: [PATCH 4/8] block/nbd: Assert there are no timers when closed
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 74: block/nbd: Handle AioContext changes
RH-Commit: [2/6] 56903457ca35d9c596aeb6827a48f80e8eabd66a (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2033626
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
they will access freed data when they fire.
This patch is separate from the patches that actually fix the issue
(HEAD^^ and HEAD^) so that you can run the associated regression iotest
(281) on a configuration that reproducibly exposes the bug.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit 8a39c381e5e407d2fe5500324323f90a8540fa90)
Conflict:
- block/nbd.c: open_timer was introduced after the 6.2 release (for
nbd's @open-timeout parameter), and has not been backported, so drop
the assertion that it is NULL
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
block/nbd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/nbd.c b/block/nbd.c
index b8e5a9b4cc..aab20125d8 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
+ /* Must not leave timers behind that would access freed data */
+ assert(!s->reconnect_delay_timer);
+
object_unref(OBJECT(s->tlscreds));
qapi_free_SocketAddress(s->saddr);
s->saddr = NULL;
--
2.27.0

54
SOURCES/kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch Normal file
View File

@ -0,0 +1,54 @@
From eeb4683ad8c40a03a4e91463ec1d1b651974b744 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Fri, 4 Feb 2022 12:10:06 +0100
Subject: [PATCH 3/8] block/nbd: Delete reconnect delay timer when done
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 74: block/nbd: Handle AioContext changes
RH-Commit: [1/6] 34f92910b6ffd256d781109a2b39737fc6ab449c (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2033626
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
We start the reconnect delay timer to cancel the reconnection attempt
after a while. Once nbd_co_do_establish_connection() has returned, this
attempt is over, and we no longer need the timer.
Delete it before returning from nbd_reconnect_attempt(), so that it does
not persist beyond the I/O request that was paused for reconnecting; we
do not want it to fire in a drained section, because all sort of things
can happen in such a section (e.g. the AioContext might be changed, and
we do not want the timer to fire in the wrong context; or the BDS might
even be deleted, and so the timer CB would access already-freed data).
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit 3ce1fc16bad9c3f8b7b10b451a224d6d76e5c551)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
block/nbd.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/block/nbd.c b/block/nbd.c
index 5ef462db1b..b8e5a9b4cc 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -353,6 +353,13 @@ static coroutine_fn void nbd_reconnect_attempt(BDRVNBDState *s)
}
nbd_co_do_establish_connection(s->bs, NULL);
+
+ /*
+ * The reconnect attempt is done (maybe successfully, maybe not), so
+ * we no longer need this timer. Delete it so it will not outlive
+ * this I/O request (so draining removes all timers).
+ */
+ reconnect_delay_timer_del(s);
}
static coroutine_fn int nbd_receive_replies(BDRVNBDState *s, uint64_t handle)
--
2.27.0

107
SOURCES/kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch Normal file
View File

@ -0,0 +1,107 @@
From 6d9d86cc4e6149d4c0793e8ceb65dab7535a4561 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Fri, 4 Feb 2022 12:10:11 +0100
Subject: [PATCH 7/8] block/nbd: Move s->ioc on AioContext change
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 74: block/nbd: Handle AioContext changes
RH-Commit: [5/6] b3c1eb21ac70d64fdac6094468a72cfbe50a30a9 (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2033626
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
s->ioc must always be attached to the NBD node's AioContext. If that
context changes, s->ioc must be attached to the new context.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2033626
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit e15f3a66c830e3fce99c9d56c493c2f7078a1225)
Conflict:
- block/nbd.c: open_timer was added after the 6.2 release, so we need
not (and cannot) assert it is NULL here.
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
block/nbd.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/block/nbd.c b/block/nbd.c
index aab20125d8..a3896c7f5f 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -2003,6 +2003,38 @@ static void nbd_cancel_in_flight(BlockDriverState *bs)
nbd_co_establish_connection_cancel(s->conn);
}
+static void nbd_attach_aio_context(BlockDriverState *bs,
+ AioContext *new_context)
+{
+ BDRVNBDState *s = bs->opaque;
+
+ /*
+ * The reconnect_delay_timer is scheduled in I/O paths when the
+ * connection is lost, to cancel the reconnection attempt after a
+ * given time. Once this attempt is done (successfully or not),
+ * nbd_reconnect_attempt() ensures the timer is deleted before the
+ * respective I/O request is resumed.
+ * Since the AioContext can only be changed when a node is drained,
+ * the reconnect_delay_timer cannot be active here.
+ */
+ assert(!s->reconnect_delay_timer);
+
+ if (s->ioc) {
+ qio_channel_attach_aio_context(s->ioc, new_context);
+ }
+}
+
+static void nbd_detach_aio_context(BlockDriverState *bs)
+{
+ BDRVNBDState *s = bs->opaque;
+
+ assert(!s->reconnect_delay_timer);
+
+ if (s->ioc) {
+ qio_channel_detach_aio_context(s->ioc);
+ }
+}
+
static BlockDriver bdrv_nbd = {
.format_name = "nbd",
.protocol_name = "nbd",
@@ -2026,6 +2058,9 @@ static BlockDriver bdrv_nbd = {
.bdrv_dirname = nbd_dirname,
.strong_runtime_opts = nbd_strong_runtime_opts,
.bdrv_cancel_in_flight = nbd_cancel_in_flight,
+
+ .bdrv_attach_aio_context = nbd_attach_aio_context,
+ .bdrv_detach_aio_context = nbd_detach_aio_context,
};
static BlockDriver bdrv_nbd_tcp = {
@@ -2051,6 +2086,9 @@ static BlockDriver bdrv_nbd_tcp = {
.bdrv_dirname = nbd_dirname,
.strong_runtime_opts = nbd_strong_runtime_opts,
.bdrv_cancel_in_flight = nbd_cancel_in_flight,
+
+ .bdrv_attach_aio_context = nbd_attach_aio_context,
+ .bdrv_detach_aio_context = nbd_detach_aio_context,
};
static BlockDriver bdrv_nbd_unix = {
@@ -2076,6 +2114,9 @@ static BlockDriver bdrv_nbd_unix = {
.bdrv_dirname = nbd_dirname,
.strong_runtime_opts = nbd_strong_runtime_opts,
.bdrv_cancel_in_flight = nbd_cancel_in_flight,
+
+ .bdrv_attach_aio_context = nbd_attach_aio_context,
+ .bdrv_detach_aio_context = nbd_detach_aio_context,
};
static void bdrv_nbd_init(void)
--
2.27.0

71
SOURCES/kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch Normal file
View File

@ -0,0 +1,71 @@
From 6989be9d0aa08470f8b287c243dc4bf027d5fbcf Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 8 Dec 2021 15:22:46 +0000
Subject: [PATCH 1/2] block/nvme: fix infinite loop in nvme_free_req_queue_cb()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
RH-MergeRequest: 58: block/nvme: fix infinite loop in nvme_free_req_queue_cb()
RH-Commit: [1/1] 544b3f310d791a20c63b51947de0c6cbb60b0d5b (stefanha/centos-stream-qemu-kvm)
RH-Bugzilla: 2024544
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
When the request free list is exhausted the coroutine waits on
q->free_req_queue for the next free request. Whenever a request is
completed a BH is scheduled to invoke nvme_free_req_queue_cb() and wake
up waiting coroutines.
1. nvme_get_free_req() waits for a free request:
while (q->free_req_head == -1) {
...
trace_nvme_free_req_queue_wait(q->s, q->index);
qemu_co_queue_wait(&q->free_req_queue, &q->lock);
...
}
2. nvme_free_req_queue_cb() wakes up the coroutine:
while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
^--- infinite loop when free_req_head == -1
}
nvme_free_req_queue_cb() and the coroutine form an infinite loop when
q->free_req_head == -1. Fix this by checking q->free_req_head in
nvme_free_req_queue_cb(). If the free request list is exhausted, don't
wake waiting coroutines. Eventually an in-flight request will complete
and the BH will be scheduled again, guaranteeing forward progress.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211208152246.244585-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit cf4fbc3030c974fff726756a7ceef8386cdf500b)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
block/nvme.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/block/nvme.c b/block/nvme.c
index e4f336d79c..fa360b9b3c 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -206,8 +206,9 @@ static void nvme_free_req_queue_cb(void *opaque)
NVMeQueuePair *q = opaque;
qemu_mutex_lock(&q->lock);
- while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
- /* Retry all pending requests */
+ while (q->free_req_head != -1 &&
+ qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
+ /* Retry waiting requests */
}
qemu_mutex_unlock(&q->lock);
}
--
2.27.0

59
SOURCES/kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch Normal file
View File

@ -0,0 +1,59 @@
From d374d5aa4485a0c62d6b48eec64491cae2fd0873 Mon Sep 17 00:00:00 2001
From: Peter Lieven <pl@kamp.de>
Date: Thu, 13 Jan 2022 15:44:25 +0100
Subject: [PATCH 4/5] block/rbd: fix handling of holes in .bdrv_co_block_status
RH-Author: Stefano Garzarella <sgarzare@redhat.com>
RH-MergeRequest: 68: block/rbd: fix handling of holes in .bdrv_co_block_status
RH-Commit: [1/2] 8ef178b01885e3c292f7844ccff865b1a8d4faf0 (sgarzarella/qemu-kvm-c-9-s)
RH-Bugzilla: 2034791
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
the assumption that we can't hit a hole if we do not diff against a snapshot was wrong.
We can see a hole in an image if we diff against base if there exists an older snapshot
of the image and we have discarded blocks in the image where the snapshot has data.
Fix this by simply handling a hole like an unallocated area. There are no callbacks
for unallocated areas so just bail out if we hit a hole.
Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
Suggested-by: Ilya Dryomov <idryomov@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-Id: <20220113144426.4036493-2-pl@kamp.de>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9e302f64bb407a9bb097b626da97228c2654cfee)
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
block/rbd.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index def96292e0..20bb896c4a 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1279,11 +1279,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
RBDDiffIterateReq *req = opaque;
assert(req->offs + req->bytes <= offs);
- /*
- * we do not diff against a snapshot so we should never receive a callback
- * for a hole.
- */
- assert(exists);
+
+ /* treat a hole like an unallocated area and bail out */
+ if (!exists) {
+ return 0;
+ }
if (!req->exists && offs > req->offs) {
/*
--
2.27.0

103
SOURCES/kvm-block-rbd-workaround-for-ceph-issue-53784.patch Normal file
View File

@ -0,0 +1,103 @@
From f035b5250529eed8d12e0b93b1b6d6f2c50003f6 Mon Sep 17 00:00:00 2001
From: Peter Lieven <pl@kamp.de>
Date: Thu, 13 Jan 2022 15:44:26 +0100
Subject: [PATCH 5/5] block/rbd: workaround for ceph issue #53784
RH-Author: Stefano Garzarella <sgarzare@redhat.com>
RH-MergeRequest: 68: block/rbd: fix handling of holes in .bdrv_co_block_status
RH-Commit: [2/2] 5feaa2e20a77886cc1a84cdf212ade3dcda28289 (sgarzarella/qemu-kvm-c-9-s)
RH-Bugzilla: 2034791
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
librbd had a bug until early 2022 that affected all versions of ceph that
supported fast-diff. This bug results in reporting of incorrect offsets
if the offset parameter to rbd_diff_iterate2 is not object aligned.
This patch works around this bug for pre Quincy versions of librbd.
Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-Id: <20220113144426.4036493-3-pl@kamp.de>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Tested-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit fc176116cdea816ceb8dd969080b2b95f58edbc0)
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
block/rbd.c | 42 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 40 insertions(+), 2 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index 20bb896c4a..8f183eba2a 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1320,6 +1320,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
int status, r;
RBDDiffIterateReq req = { .offs = offset };
uint64_t features, flags;
+ uint64_t head = 0;
assert(offset + bytes <= s->image_size);
@@ -1347,7 +1348,43 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
return status;
}
- r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
+#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
+ /*
+ * librbd had a bug until early 2022 that affected all versions of ceph that
+ * supported fast-diff. This bug results in reporting of incorrect offsets
+ * if the offset parameter to rbd_diff_iterate2 is not object aligned.
+ * Work around this bug by rounding down the offset to object boundaries.
+ * This is OK because we call rbd_diff_iterate2 with whole_object = true.
+ * However, this workaround only works for non cloned images with default
+ * striping.
+ *
+ * See: https://tracker.ceph.com/issues/53784
+ */
+
+ /* check if RBD image has non-default striping enabled */
+ if (features & RBD_FEATURE_STRIPINGV2) {
+ return status;
+ }
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ /*
+ * check if RBD image is a clone (= has a parent).
+ *
+ * rbd_get_parent_info is deprecated from Nautilus onwards, but the
+ * replacement rbd_get_parent is not present in Luminous and Mimic.
+ */
+ if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
+ return status;
+ }
+#pragma GCC diagnostic pop
+
+ head = req.offs & (s->object_size - 1);
+ req.offs -= head;
+ bytes += head;
+#endif
+
+ r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
qemu_rbd_diff_iterate_cb, &req);
if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
return status;
@@ -1366,7 +1403,8 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
}
- *pnum = req.bytes;
+ assert(req.bytes > head);
+ *pnum = req.bytes - head;
return status;
}
--
2.27.0

77
SOURCES/kvm-doc-Add-the-SGX-numa-description.patch Normal file
View File

@ -0,0 +1,77 @@
From eb88a12ab1ecfe77bcc0d0067c96fce27a3bde01 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Mon, 1 Nov 2021 12:20:08 -0400
Subject: [PATCH 03/12] doc: Add the SGX numa description
RH-Author: Paul Lai <plai@redhat.com>
RH-MergeRequest: 65: Enable SGX and add SGX Numa support
RH-Commit: [3/5] c27b3f6976cbe92cc3c0e1dab0191cdd25de596a
RH-Bugzilla: 2033708
RH-Acked-by: Paolo Bonzini <None>
RH-Acked-by: Bandan Das <None>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
Add the SGX numa reference command and how to check if
SGX numa is support or not with multiple EPC sections.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-5-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d1889b36098c79e2e6ac90faf3d0dc5ec0057677)
Signed-off-by: Paul Lai <plai@redhat.com>
---
docs/system/i386/sgx.rst | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/docs/system/i386/sgx.rst b/docs/system/i386/sgx.rst
index f8fade5ac2..0f0a73f758 100644
--- a/docs/system/i386/sgx.rst
+++ b/docs/system/i386/sgx.rst
@@ -141,8 +141,7 @@ To launch a SGX guest:
|qemu_system_x86| \\
-cpu host,+sgx-provisionkey \\
-object memory-backend-epc,id=mem1,size=64M,prealloc=on \\
- -object memory-backend-epc,id=mem2,size=28M \\
- -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
+ -M sgx-epc.0.memdev=mem1,sgx-epc.0.node=0
Utilizing SGX in the guest requires a kernel/OS with SGX support.
The support can be determined in guest by::
@@ -152,8 +151,32 @@ The support can be determined in guest by::
and SGX epc info by::
$ dmesg | grep sgx
- [ 1.242142] sgx: EPC section 0x180000000-0x181bfffff
- [ 1.242319] sgx: EPC section 0x181c00000-0x1837fffff
+ [ 0.182807] sgx: EPC section 0x140000000-0x143ffffff
+ [ 0.183695] sgx: [Firmware Bug]: Unable to map EPC section to online node. Fallback to the NUMA node 0.
+
+To launch a SGX numa guest:
+
+.. parsed-literal::
+
+ |qemu_system_x86| \\
+ -cpu host,+sgx-provisionkey \\
+ -object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \\
+ -object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \\
+ -numa node,nodeid=0,cpus=0-1,memdev=node0 \\
+ -object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \\
+ -object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \\
+ -numa node,nodeid=1,cpus=2-3,memdev=node1 \\
+ -M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1
+
+and SGX epc numa info by::
+
+ $ dmesg | grep sgx
+ [ 0.369937] sgx: EPC section 0x180000000-0x183ffffff
+ [ 0.370259] sgx: EPC section 0x184000000-0x185bfffff
+
+ $ dmesg | grep SRAT
+ [ 0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff]
+ [ 0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff]
References
----------
--
2.27.0

61
SOURCES/kvm-hw-arm-smmuv3-Fix-device-reset.patch Normal file
View File

@ -0,0 +1,61 @@
From c08c3fbb2bb8494738fd34ec8fc9dc434ce82f4b Mon Sep 17 00:00:00 2001
From: Eric Auger <eric.auger@redhat.com>
Date: Wed, 2 Feb 2022 12:16:02 +0100
Subject: [PATCH 12/12] hw/arm/smmuv3: Fix device reset
RH-Author: Eric Auger <eric.auger@redhat.com>
RH-MergeRequest: 72: hw/arm/smmuv3: Fix device reset
RH-Commit: [1/1] 2cfee2f7a03692681224fed96bb4f28406bf460a (eauger1/centos-qemu-kvm)
RH-Bugzilla: 2042481
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Peter Xu <peterx@redhat.com>
RH-Acked-by: Andrew Jones <drjones@redhat.com>
branch: c9s
Brew: 42958737
Upstream: yes
We currently miss a bunch of register resets in the device reset
function. This sometimes prevents the guest from rebooting after
a system_reset (with virtio-blk-pci). For instance, we may get
the following errors:
invalid STE
smmuv3-iommu-memory-region-0-0 translation failed for iova=0x13a9d2000(SMMU_EVT_C_BAD_STE)
Invalid read at addr 0x13A9D2000, size 2, region '(null)', reason: rejected
invalid STE
smmuv3-iommu-memory-region-0-0 translation failed for iova=0x13a9d2000(SMMU_EVT_C_BAD_STE)
Invalid write at addr 0x13A9D2000, size 2, region '(null)', reason: rejected
invalid STE
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20220202111602.627429-1-eric.auger@redhat.com
Fixes: 10a83cb988 ("hw/arm/smmuv3: Skeleton")
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 43530095e18fd16dcd51a4b385ad2a22c36f5698)
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
hw/arm/smmuv3.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 01b60bee49..1b5640bb98 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -276,6 +276,12 @@ static void smmuv3_init_regs(SMMUv3State *s)
s->features = 0;
s->sid_split = 0;
s->aidr = 0x1;
+ s->cr[0] = 0;
+ s->cr0ack = 0;
+ s->irq_ctrl = 0;
+ s->gerror = 0;
+ s->gerrorn = 0;
+ s->statusr = 0;
}
static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
--
2.27.0

108
SOURCES/kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch Normal file
View File

@ -0,0 +1,108 @@
From 06583ce33fab2976157461ac4503d6f8eeb59e75 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Fri, 4 Feb 2022 12:10:12 +0100
Subject: [PATCH 8/8] iotests/281: Let NBD connection yield in iothread
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 74: block/nbd: Handle AioContext changes
RH-Commit: [6/6] 632b9ef5177a80d1c0c00121e1acc37272076d3e (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2033626
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Put an NBD block device into an I/O thread, and then read data from it,
hoping that the NBD connection will yield during that read. When it
does, the coroutine must be reentered in the block device's I/O thread,
which will only happen if the NBD block driver attaches the connection's
QIOChannel to the new AioContext. It did not do that after 4ddb5d2fde
("block/nbd: drop connection_co") and prior to "block/nbd: Move s->ioc
on AioContext change", which would cause an assertion failure.
To improve our chances of yielding, the NBD server is throttled to
reading 64 kB/s, and the NBD client reads 128 kB, so it should yield at
some point.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit 8cfbe929e8c26050f0a4580a1606a370a947d4ce)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
tests/qemu-iotests/281 | 28 +++++++++++++++++++++++++---
tests/qemu-iotests/281.out | 4 ++--
2 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/tests/qemu-iotests/281 b/tests/qemu-iotests/281
index 13c588be75..b2ead7f388 100755
--- a/tests/qemu-iotests/281
+++ b/tests/qemu-iotests/281
@@ -253,8 +253,9 @@ class TestYieldingAndTimers(iotests.QMPTestCase):
self.create_nbd_export()
# Simple VM with an NBD block device connected to the NBD export
- # provided by the QSD
+ # provided by the QSD, and an (initially unused) iothread
self.vm = iotests.VM()
+ self.vm.add_object('iothread,id=iothr')
self.vm.add_blockdev('nbd,node-name=nbd,server.type=unix,' +
f'server.path={self.sock},export=exp,' +
'reconnect-delay=1')
@@ -293,19 +294,40 @@ class TestYieldingAndTimers(iotests.QMPTestCase):
# thus not see the error, and so the test will pass.)
time.sleep(2)
+ def test_yield_in_iothread(self):
+ # Move the NBD node to the I/O thread; the NBD block driver should
+ # attach the connection's QIOChannel to that thread's AioContext, too
+ result = self.vm.qmp('x-blockdev-set-iothread',
+ node_name='nbd', iothread='iothr')
+ self.assert_qmp(result, 'return', {})
+
+ # Do some I/O that will be throttled by the QSD, so that the network
+ # connection hopefully will yield here. When it is resumed, it must
+ # then be resumed in the I/O thread's AioContext.
+ result = self.vm.qmp('human-monitor-command',
+ command_line='qemu-io nbd "read 0 128K"')
+ self.assert_qmp(result, 'return', '')
+
def create_nbd_export(self):
assert self.qsd is None
- # Simple NBD export of a null-co BDS
+ # Export a throttled null-co BDS: Reads are throttled (max 64 kB/s),
+ # writes are not.
self.qsd = QemuStorageDaemon(
+ '--object',
+ 'throttle-group,id=thrgr,x-bps-read=65536,x-bps-read-max=65536',
+
'--blockdev',
'null-co,node-name=null,read-zeroes=true',
+ '--blockdev',
+ 'throttle,node-name=thr,file=null,throttle-group=thrgr',
+
'--nbd-server',
f'addr.type=unix,addr.path={self.sock}',
'--export',
- 'nbd,id=exp,node-name=null,name=exp,writable=true'
+ 'nbd,id=exp,node-name=thr,name=exp,writable=true'
)
def stop_nbd_export(self):
diff --git a/tests/qemu-iotests/281.out b/tests/qemu-iotests/281.out
index 914e3737bd..3f8a935a08 100644
--- a/tests/qemu-iotests/281.out
+++ b/tests/qemu-iotests/281.out
@@ -1,5 +1,5 @@
-.....
+......
----------------------------------------------------------------------
-Ran 5 tests
+Ran 6 tests
OK
--
2.27.0

174
SOURCES/kvm-iotests-281-Test-lingering-timers.patch Normal file
View File

@ -0,0 +1,174 @@
From 3d2d7a46713d362d2ff5137841e689593da976a3 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Fri, 4 Feb 2022 12:10:10 +0100
Subject: [PATCH 6/8] iotests/281: Test lingering timers
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 74: block/nbd: Handle AioContext changes
RH-Commit: [4/6] d228ba3fcdfaab2d54dd5b023688a1c055cce2c2 (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2033626
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Prior to "block/nbd: Delete reconnect delay timer when done" and
"block/nbd: Delete open timer when done", both of those timers would
remain scheduled even after successfully (re-)connecting to the server,
and they would not even be deleted when the BDS is deleted.
This test constructs exactly this situation:
(1) Configure an @open-timeout, so the open timer is armed, and
(2) Configure a @reconnect-delay and trigger a reconnect situation
(which succeeds immediately), so the reconnect delay timer is armed.
Then we immediately delete the BDS, and sleep for longer than the
@open-timeout and @reconnect-delay. Prior to said patches, this caused
one (or both) of the timer CBs to access already-freed data.
Accessing freed data may or may not crash, so this test can produce
false successes, but I do not know how to show the problem in a better
or more reliable way. If you run this test on "block/nbd: Assert there
are no timers when closed" and without the fix patches mentioned above,
you should reliably see an assertion failure.
(But all other tests that use the reconnect delay timer (264 and 277)
will fail in that configuration, too; as will nbd-reconnect-on-open,
which uses the open timer.)
Remove this test from the quick group because of the two second sleep
this patch introduces.
(I decided to put this test case into 281, because the main bug this
series addresses is in the interaction of the NBD block driver and I/O
threads, which is precisely the scope of 281. The test case for that
other bug will also be put into the test class added here.
Also, excuse the test class's name, I couldn't come up with anything
better. The "yield" part will make sense two patches from now.)
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit eaf1e85d4ddefdbd197f393fa9c5acc7ba8133b0)
Conflict:
- @open-timeout was introduced after the 6.2 release, and has not been
backported. Consequently, there is no open_timer, and we can (and
must) drop the respective parts of the test here.
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
tests/qemu-iotests/281 | 73 ++++++++++++++++++++++++++++++++++++--
tests/qemu-iotests/281.out | 4 +--
2 files changed, 73 insertions(+), 4 deletions(-)
diff --git a/tests/qemu-iotests/281 b/tests/qemu-iotests/281
index 956698083f..13c588be75 100755
--- a/tests/qemu-iotests/281
+++ b/tests/qemu-iotests/281
@@ -1,5 +1,5 @@
#!/usr/bin/env python3
-# group: rw quick
+# group: rw
#
# Test cases for blockdev + IOThread interactions
#
@@ -20,8 +20,9 @@
#
import os
+import time
import iotests
-from iotests import qemu_img
+from iotests import qemu_img, QemuStorageDaemon
image_len = 64 * 1024 * 1024
@@ -243,6 +244,74 @@ class TestBlockdevBackupAbort(iotests.QMPTestCase):
# Hangs on failure, we expect this error.
self.assert_qmp(result, 'error/class', 'GenericError')
+# Test for RHBZ#2033626
+class TestYieldingAndTimers(iotests.QMPTestCase):
+ sock = os.path.join(iotests.sock_dir, 'nbd.sock')
+ qsd = None
+
+ def setUp(self):
+ self.create_nbd_export()
+
+ # Simple VM with an NBD block device connected to the NBD export
+ # provided by the QSD
+ self.vm = iotests.VM()
+ self.vm.add_blockdev('nbd,node-name=nbd,server.type=unix,' +
+ f'server.path={self.sock},export=exp,' +
+ 'reconnect-delay=1')
+
+ self.vm.launch()
+
+ def tearDown(self):
+ self.stop_nbd_export()
+ self.vm.shutdown()
+
+ def test_timers_with_blockdev_del(self):
+ # Stop and restart the NBD server, and do some I/O on the client to
+ # trigger a reconnect and start the reconnect delay timer
+ self.stop_nbd_export()
+ self.create_nbd_export()
+
+ result = self.vm.qmp('human-monitor-command',
+ command_line='qemu-io nbd "write 0 512"')
+ self.assert_qmp(result, 'return', '')
+
+ # Reconnect is done, so the reconnect delay timer should be gone.
+ # (But there used to be a bug where it remained active, for which this
+ # is a regression test.)
+
+ # Delete the BDS to see whether the timer is gone. If it is not,
+ # it will remain active, fire later, and then access freed data.
+ # (Or, with "block/nbd: Assert there are no timers when closed"
+ # applied, the assertion added in that patch will fail.)
+ result = self.vm.qmp('blockdev-del', node_name='nbd')
+ self.assert_qmp(result, 'return', {})
+
+ # Give the timer some time to fire (it has a timeout of 1 s).
+ # (Sleeping in an iotest may ring some alarm bells, but note that if
+ # the timing is off here, the test will just always pass. If we kill
+ # the VM too early, then we just kill the timer before it can fire,
+ # thus not see the error, and so the test will pass.)
+ time.sleep(2)
+
+ def create_nbd_export(self):
+ assert self.qsd is None
+
+ # Simple NBD export of a null-co BDS
+ self.qsd = QemuStorageDaemon(
+ '--blockdev',
+ 'null-co,node-name=null,read-zeroes=true',
+
+ '--nbd-server',
+ f'addr.type=unix,addr.path={self.sock}',
+
+ '--export',
+ 'nbd,id=exp,node-name=null,name=exp,writable=true'
+ )
+
+ def stop_nbd_export(self):
+ self.qsd.stop()
+ self.qsd = None
+
if __name__ == '__main__':
iotests.main(supported_fmts=['qcow2'],
supported_protocols=['file'])
diff --git a/tests/qemu-iotests/281.out b/tests/qemu-iotests/281.out
index 89968f35d7..914e3737bd 100644
--- a/tests/qemu-iotests/281.out
+++ b/tests/qemu-iotests/281.out
@@ -1,5 +1,5 @@
-....
+.....
----------------------------------------------------------------------
-Ran 4 tests
+Ran 5 tests
OK
--
2.27.0

106
SOURCES/kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch Normal file
View File

@ -0,0 +1,106 @@
From 37593348e7d95580fb2b0009dcb026c07367f1f8 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 3 Feb 2022 15:05:34 +0100
Subject: [PATCH 2/8] iotests: Test blockdev-reopen with iothreads and
throttling
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 73: block: Lock AioContext for drain_end in blockdev-reopen
RH-Commit: [2/2] d19d5fa9efa4813ece75708436891041754ab910 (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 2046659
RH-Acked-by: Sergio Lopez <None>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
The 'throttle' block driver implements .bdrv_co_drain_end, so
blockdev-reopen will have to wait for it to complete in the polling
loop at the end of qmp_blockdev_reopen(). This makes AIO_WAIT_WHILE()
release the AioContext lock, which causes a crash if the lock hasn't
correctly been taken.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220203140534.36522-3-kwolf@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit ee810602376125ca0e0afd6b7c715e13740978ea)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
tests/qemu-iotests/245 | 36 +++++++++++++++++++++++++++++++++---
tests/qemu-iotests/245.out | 4 ++--
2 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/tests/qemu-iotests/245 b/tests/qemu-iotests/245
index 24ac43f70e..8cbed7821b 100755
--- a/tests/qemu-iotests/245
+++ b/tests/qemu-iotests/245
@@ -1138,12 +1138,13 @@ class TestBlockdevReopen(iotests.QMPTestCase):
self.assertEqual(self.get_node('hd1'), None)
self.assert_qmp(self.get_node('hd2'), 'ro', True)
- def run_test_iothreads(self, iothread_a, iothread_b, errmsg = None):
- opts = hd_opts(0)
+ def run_test_iothreads(self, iothread_a, iothread_b, errmsg = None,
+ opts_a = None, opts_b = None):
+ opts = opts_a or hd_opts(0)
result = self.vm.qmp('blockdev-add', conv_keys = False, **opts)
self.assert_qmp(result, 'return', {})
- opts2 = hd_opts(2)
+ opts2 = opts_b or hd_opts(2)
result = self.vm.qmp('blockdev-add', conv_keys = False, **opts2)
self.assert_qmp(result, 'return', {})
@@ -1194,6 +1195,35 @@ class TestBlockdevReopen(iotests.QMPTestCase):
def test_iothreads_switch_overlay(self):
self.run_test_iothreads('', 'iothread0')
+ def test_iothreads_with_throttling(self):
+ # Create a throttle-group object
+ opts = { 'qom-type': 'throttle-group', 'id': 'group0',
+ 'limits': { 'iops-total': 1000 } }
+ result = self.vm.qmp('object-add', conv_keys = False, **opts)
+ self.assert_qmp(result, 'return', {})
+
+ # Options with a throttle filter between format and protocol
+ opts = [
+ {
+ 'driver': iotests.imgfmt,
+ 'node-name': f'hd{idx}',
+ 'file' : {
+ 'node-name': f'hd{idx}-throttle',
+ 'driver': 'throttle',
+ 'throttle-group': 'group0',
+ 'file': {
+ 'driver': 'file',
+ 'node-name': f'hd{idx}-file',
+ 'filename': hd_path[idx],
+ },
+ },
+ }
+ for idx in (0, 2)
+ ]
+
+ self.run_test_iothreads('iothread0', 'iothread0', None,
+ opts[0], opts[1])
+
if __name__ == '__main__':
iotests.activate_logging()
iotests.main(supported_fmts=["qcow2"],
diff --git a/tests/qemu-iotests/245.out b/tests/qemu-iotests/245.out
index 4eced19294..a4e04a3266 100644
--- a/tests/qemu-iotests/245.out
+++ b/tests/qemu-iotests/245.out
@@ -17,8 +17,8 @@ read 1/1 bytes at offset 262152
read 1/1 bytes at offset 262160
1 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-...............
+................
----------------------------------------------------------------------
-Ran 25 tests
+Ran 26 tests
OK
--
2.27.0

81
SOURCES/kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch Normal file
View File

@ -0,0 +1,81 @@
From 51f691acd8042351d005873996d7bf4c7b045508 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Fri, 17 Dec 2021 17:46:53 +0100
Subject: [PATCH 08/12] iotests: Test qemu-img convert of zeroed data cluster
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 70: qemu-img convert: Fix sparseness of output image
RH-Commit: [1/2] 0770582c553ac6b0f18c035f9a0238599d4763cc (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 1882917
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
This demonstrates what happens when the block status changes in
sub-min_sparse granularity, but all of the parts are zeroed out. The
alignment logic in is_allocated_sectors() prevents that the target image
remains fully sparse as expected, but turns it into a data cluster of
explicit zeros.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20211217164654.1184218-2-vsementsov@virtuozzo.com>
Tested-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 51cd8bddd63540514d44808f7920811439baa253)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
tests/qemu-iotests/122 | 1 +
tests/qemu-iotests/122.out | 10 ++++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/122 b/tests/qemu-iotests/122
index efb260d822..be0f6b79e5 100755
--- a/tests/qemu-iotests/122
+++ b/tests/qemu-iotests/122
@@ -251,6 +251,7 @@ $QEMU_IO -c "write -P 0 0 64k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_test
$QEMU_IO -c "write 0 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
$QEMU_IO -c "write 8k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
$QEMU_IO -c "write 17k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -c "write -P 0 65k 1k" "$TEST_IMG" 2>&1 | _filter_qemu_io | _filter_testdir
for min_sparse in 4k 8k; do
echo
diff --git a/tests/qemu-iotests/122.out b/tests/qemu-iotests/122.out
index 8fbdac2b39..69b8e8b803 100644
--- a/tests/qemu-iotests/122.out
+++ b/tests/qemu-iotests/122.out
@@ -192,6 +192,8 @@ wrote 1024/1024 bytes at offset 8192
1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
wrote 1024/1024 bytes at offset 17408
1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 1024/1024 bytes at offset 66560
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
convert -S 4k
[{ "start": 0, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
@@ -199,7 +201,9 @@ convert -S 4k
{ "start": 8192, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
{ "start": 12288, "length": 4096, "depth": 0, "present": false, "zero": true, "data": false},
{ "start": 16384, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 20480, "length": 67088384, "depth": 0, "present": false, "zero": true, "data": false}]
+{ "start": 20480, "length": 46080, "depth": 0, "present": false, "zero": true, "data": false},
+{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
convert -c -S 4k
[{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
@@ -211,7 +215,9 @@ convert -c -S 4k
convert -S 8k
[{ "start": 0, "length": 24576, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 24576, "length": 67084288, "depth": 0, "present": false, "zero": true, "data": false}]
+{ "start": 24576, "length": 41984, "depth": 0, "present": false, "zero": true, "data": false},
+{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
convert -c -S 8k
[{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
--
2.27.0

197
SOURCES/kvm-iotests-block-status-cache-New-test.patch Normal file
View File

@ -0,0 +1,197 @@
From 89fe89491f89a7526ba864a9d94d3de930261d69 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Tue, 18 Jan 2022 18:00:00 +0100
Subject: [PATCH 07/12] iotests/block-status-cache: New test
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 69: block/io: Update BSC only if want_zero is true
RH-Commit: [2/2] 3c5a55aca1ac7a71c175a124d63bcf7a4430a022 (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2041461
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
Add a new test to verify that want_zero=false block-status calls do not
pollute the block-status cache for want_zero=true calls.
We check want_zero=true calls and their results using `qemu-img map`
(over NBD), and want_zero=false calls also using `qemu-img map` over
NBD, but using the qemu:allocation-depth context.
(This test case cannot be integrated into nbd-qemu-allocation, because
that is a qcow2 test, and this is a raw test.)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220118170000.49423-3-hreitz@redhat.com>
Reviewed-by: Nir Soffer <nsoffer@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 6384dd534d742123d26c008d9794b20bc41359d5)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
tests/qemu-iotests/tests/block-status-cache | 139 ++++++++++++++++++
.../qemu-iotests/tests/block-status-cache.out | 5 +
2 files changed, 144 insertions(+)
create mode 100755 tests/qemu-iotests/tests/block-status-cache
create mode 100644 tests/qemu-iotests/tests/block-status-cache.out
diff --git a/tests/qemu-iotests/tests/block-status-cache b/tests/qemu-iotests/tests/block-status-cache
new file mode 100755
index 0000000000..6fa10bb8f8
--- /dev/null
+++ b/tests/qemu-iotests/tests/block-status-cache
@@ -0,0 +1,139 @@
+#!/usr/bin/env python3
+# group: rw quick
+#
+# Test cases for the block-status cache.
+#
+# Copyright (C) 2022 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import signal
+import iotests
+from iotests import qemu_img_create, qemu_img_pipe, qemu_nbd
+
+
+image_size = 1 * 1024 * 1024
+test_img = os.path.join(iotests.test_dir, 'test.img')
+
+nbd_pidfile = os.path.join(iotests.test_dir, 'nbd.pid')
+nbd_sock = os.path.join(iotests.sock_dir, 'nbd.sock')
+
+
+class TestBscWithNbd(iotests.QMPTestCase):
+ def setUp(self) -> None:
+ """Just create an empty image with a read-only NBD server on it"""
+ assert qemu_img_create('-f', iotests.imgfmt, test_img,
+ str(image_size)) == 0
+
+ # Pass --allocation-depth to enable the qemu:allocation-depth context,
+ # which we are going to query to provoke a block-status inquiry with
+ # want_zero=false.
+ assert qemu_nbd(f'--socket={nbd_sock}',
+ f'--format={iotests.imgfmt}',
+ '--persistent',
+ '--allocation-depth',
+ '--read-only',
+ f'--pid-file={nbd_pidfile}',
+ test_img) \
+ == 0
+
+ def tearDown(self) -> None:
+ with open(nbd_pidfile, encoding='utf-8') as f:
+ pid = int(f.read())
+ os.kill(pid, signal.SIGTERM)
+ os.remove(nbd_pidfile)
+ os.remove(test_img)
+
+ def test_with_zero_bug(self) -> None:
+ """
+ Verify that the block-status cache is not corrupted by a
+ want_zero=false call.
+ We can provoke a want_zero=false call with `qemu-img map` over NBD with
+ x-dirty-bitmap=qemu:allocation-depth, so we first run a normal `map`
+ (which results in want_zero=true), then using said
+ qemu:allocation-depth context, and finally another normal `map` to
+ verify that the cache has not been corrupted.
+ """
+
+ nbd_img_opts = f'driver=nbd,server.type=unix,server.path={nbd_sock}'
+ nbd_img_opts_alloc_depth = nbd_img_opts + \
+ ',x-dirty-bitmap=qemu:allocation-depth'
+
+ # Normal map, results in want_zero=true.
+ # This will probably detect an allocated data sector first (qemu likes
+ # to allocate the first sector to facilitate alignment probing), and
+ # then the rest to be zero. The BSC will thus contain (if anything)
+ # one range covering the first sector.
+ map_pre = qemu_img_pipe('map', '--output=json', '--image-opts',
+ nbd_img_opts)
+
+ # qemu:allocation-depth maps for want_zero=false.
+ # want_zero=false should (with the file driver, which the server is
+ # using) report everything as data. While this is sufficient for
+ # want_zero=false, this is nothing that should end up in the
+ # block-status cache.
+ # Due to a bug, this information did end up in the cache, though, and
+ # this would lead to wrong information being returned on subsequent
+ # want_zero=true calls.
+ #
+ # We need to run this map twice: On the first call, we probably still
+ # have the first sector in the cache, and so this will be served from
+ # the cache; and only the subsequent range will be queried from the
+ # block driver. This subsequent range will then be entered into the
+ # cache.
+ # If we did a want_zero=true call at this point, we would thus get
+ # correct information: The first sector is not covered by the cache, so
+ # we would get fresh block-status information from the driver, which
+ # would return a data range, and this would then go into the cache,
+ # evicting the wrong range from the want_zero=false call before.
+ #
+ # Therefore, we need a second want_zero=false map to reproduce:
+ # Since the first sector is not in the cache, the query for its status
+ # will go to the driver, which will return a result that reports the
+ # whole image to be a single data area. This result will then go into
+ # the cache, and so the cache will then report the whole image to
+ # contain data.
+ #
+ # Note that once the cache reports the whole image to contain data, any
+ # subsequent map operation will be served from the cache, and so we can
+ # never loop too many times here.
+ for _ in range(2):
+ # (Ignore the result, this is just to contaminate the cache)
+ qemu_img_pipe('map', '--output=json', '--image-opts',
+ nbd_img_opts_alloc_depth)
+
+ # Now let's see whether the cache reports everything as data, or
+ # whether we get correct information (i.e. the same as we got on our
+ # first attempt).
+ map_post = qemu_img_pipe('map', '--output=json', '--image-opts',
+ nbd_img_opts)
+
+ if map_pre != map_post:
+ print('ERROR: Map information differs before and after querying ' +
+ 'qemu:allocation-depth')
+ print('Before:')
+ print(map_pre)
+ print('After:')
+ print(map_post)
+
+ self.fail("Map information differs")
+
+
+if __name__ == '__main__':
+ # The block-status cache only works on the protocol layer, so to test it,
+ # we can only use the raw format
+ iotests.main(supported_fmts=['raw'],
+ supported_protocols=['file'])
diff --git a/tests/qemu-iotests/tests/block-status-cache.out b/tests/qemu-iotests/tests/block-status-cache.out
new file mode 100644
index 0000000000..ae1213e6f8
--- /dev/null
+++ b/tests/qemu-iotests/tests/block-status-cache.out
@@ -0,0 +1,5 @@
+.
+----------------------------------------------------------------------
+Ran 1 tests
+
+OK
--
2.27.0

196
SOURCES/kvm-iotests-stream-error-on-reset-New-test.patch Normal file
View File

@ -0,0 +1,196 @@
From 300f912d4a5afe4ecca9c68a71429fbc9966ec34 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Tue, 11 Jan 2022 15:36:13 +0000
Subject: [PATCH 11/12] iotests/stream-error-on-reset: New test
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 71: block-backend: prevent dangling BDS pointers across aio_poll()
RH-Commit: [2/2] 3167f31b91eb433f338564201f4ef336e39f7f7d (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2040123
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Test the following scenario:
- Simple stream block in two-layer backing chain (base and top)
- The job is drained via blk_drain(), then an error occurs while the job
settles the ongoing request
- And so the job completes while in blk_drain()
This was reported as a segfault, but is fixed by "block-backend: prevent
dangling BDS pointers across aio_poll()".
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2036178
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220111153613.25453-3-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2ca1d5d6b91f8a52a5c651f660b2f58c94bf97ba)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
.../qemu-iotests/tests/stream-error-on-reset | 140 ++++++++++++++++++
.../tests/stream-error-on-reset.out | 5 +
2 files changed, 145 insertions(+)
create mode 100755 tests/qemu-iotests/tests/stream-error-on-reset
create mode 100644 tests/qemu-iotests/tests/stream-error-on-reset.out
diff --git a/tests/qemu-iotests/tests/stream-error-on-reset b/tests/qemu-iotests/tests/stream-error-on-reset
new file mode 100755
index 0000000000..7eaedb24d7
--- /dev/null
+++ b/tests/qemu-iotests/tests/stream-error-on-reset
@@ -0,0 +1,140 @@
+#!/usr/bin/env python3
+# group: rw quick
+#
+# Test what happens when a stream job completes in a blk_drain().
+#
+# Copyright (C) 2022 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import iotests
+from iotests import imgfmt, qemu_img_create, qemu_io_silent, QMPTestCase
+
+
+image_size = 1 * 1024 * 1024
+data_size = 64 * 1024
+base = os.path.join(iotests.test_dir, 'base.img')
+top = os.path.join(iotests.test_dir, 'top.img')
+
+
+# We want to test completing a stream job in a blk_drain().
+#
+# The blk_drain() we are going to use is a virtio-scsi device resetting,
+# which we can trigger by resetting the system.
+#
+# In order to have the block job complete on drain, we (1) throttle its
+# base image so we can start the drain after it has begun, but before it
+# completes, and (2) make it encounter an I/O error on the ensuing write.
+# (If it completes regularly, the completion happens after the drain for
+# some reason.)
+
+class TestStreamErrorOnReset(QMPTestCase):
+ def setUp(self) -> None:
+ """
+ Create two images:
+ - base image {base} with {data_size} bytes allocated
+ - top image {top} without any data allocated
+
+ And the following VM configuration:
+ - base image throttled to {data_size}
+ - top image with a blkdebug configuration so the first write access
+ to it will result in an error
+ - top image is attached to a virtio-scsi device
+ """
+ assert qemu_img_create('-f', imgfmt, base, str(image_size)) == 0
+ assert qemu_io_silent('-c', f'write 0 {data_size}', base) == 0
+ assert qemu_img_create('-f', imgfmt, top, str(image_size)) == 0
+
+ self.vm = iotests.VM()
+ self.vm.add_args('-accel', 'tcg') # Make throttling work properly
+ self.vm.add_object(self.vm.qmp_to_opts({
+ 'qom-type': 'throttle-group',
+ 'id': 'thrgr',
+ 'x-bps-total': str(data_size)
+ }))
+ self.vm.add_blockdev(self.vm.qmp_to_opts({
+ 'driver': imgfmt,
+ 'node-name': 'base',
+ 'file': {
+ 'driver': 'throttle',
+ 'throttle-group': 'thrgr',
+ 'file': {
+ 'driver': 'file',
+ 'filename': base
+ }
+ }
+ }))
+ self.vm.add_blockdev(self.vm.qmp_to_opts({
+ 'driver': imgfmt,
+ 'node-name': 'top',
+ 'file': {
+ 'driver': 'blkdebug',
+ 'node-name': 'top-blkdebug',
+ 'inject-error': [{
+ 'event': 'pwritev',
+ 'immediately': 'true',
+ 'once': 'true'
+ }],
+ 'image': {
+ 'driver': 'file',
+ 'filename': top
+ }
+ },
+ 'backing': 'base'
+ }))
+ self.vm.add_device(self.vm.qmp_to_opts({
+ 'driver': 'virtio-scsi',
+ 'id': 'vscsi'
+ }))
+ self.vm.add_device(self.vm.qmp_to_opts({
+ 'driver': 'scsi-hd',
+ 'bus': 'vscsi.0',
+ 'drive': 'top'
+ }))
+ self.vm.launch()
+
+ def tearDown(self) -> None:
+ self.vm.shutdown()
+ os.remove(top)
+ os.remove(base)
+
+ def test_stream_error_on_reset(self) -> None:
+ # Launch a stream job, which will take at least a second to
+ # complete, because the base image is throttled (so we can
+ # get in between it having started and it having completed)
+ res = self.vm.qmp('block-stream', job_id='stream', device='top')
+ self.assert_qmp(res, 'return', {})
+
+ while True:
+ ev = self.vm.event_wait('JOB_STATUS_CHANGE')
+ if ev['data']['status'] == 'running':
+ # Once the stream job is running, reset the system, which
+ # forces the virtio-scsi device to be reset, thus draining
+ # the stream job, and making it complete. Completing
+ # inside of that drain should not result in a segfault.
+ res = self.vm.qmp('system_reset')
+ self.assert_qmp(res, 'return', {})
+ elif ev['data']['status'] == 'null':
+ # The test is done once the job is gone
+ break
+
+
+if __name__ == '__main__':
+ # Passes with any format with backing file support, but qed and
+ # qcow1 do not seem to exercise the used-to-be problematic code
+ # path, so there is no point in having them in this list
+ iotests.main(supported_fmts=['qcow2', 'vmdk'],
+ supported_protocols=['file'])
diff --git a/tests/qemu-iotests/tests/stream-error-on-reset.out b/tests/qemu-iotests/tests/stream-error-on-reset.out
new file mode 100644
index 0000000000..ae1213e6f8
--- /dev/null
+++ b/tests/qemu-iotests/tests/stream-error-on-reset.out
@@ -0,0 +1,5 @@
+.
+----------------------------------------------------------------------
+Ran 1 tests
+
+OK
--
2.27.0

92
SOURCES/kvm-iotests.py-Add-QemuStorageDaemon-class.patch Normal file
View File

@ -0,0 +1,92 @@
From c21502a220d107261c9a8627158f357489d86543 Mon Sep 17 00:00:00 2001
From: Hanna Reitz <hreitz@redhat.com>
Date: Fri, 4 Feb 2022 12:10:09 +0100
Subject: [PATCH 5/8] iotests.py: Add QemuStorageDaemon class
RH-Author: Hanna Reitz <hreitz@redhat.com>
RH-MergeRequest: 74: block/nbd: Handle AioContext changes
RH-Commit: [3/6] 5da1cda4d025c1bd7029ed8071b4ccf25459a878 (hreitz/qemu-kvm-c-9-s)
RH-Bugzilla: 2033626
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
This is a rather simple class that allows creating a QSD instance
running in the background and stopping it when no longer needed.
The __del__ handler is a safety net for when something goes so wrong in
a test that e.g. the tearDown() method is not called (e.g. setUp()
launches the QSD, but then launching a VM fails). We do not want the
QSD to continue running after the test has failed, so __del__() will
take care to kill it.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit 091dc7b2b5553a529bff9a7bf9ad3bc85bc5bdcd)
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
tests/qemu-iotests/iotests.py | 40 +++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 83bfedb902..a51b5ce8cd 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -72,6 +72,8 @@
qemu_prog = os.environ.get('QEMU_PROG', 'qemu')
qemu_opts = os.environ.get('QEMU_OPTIONS', '').strip().split(' ')
+qsd_prog = os.environ.get('QSD_PROG', 'qemu-storage-daemon')
+
gdb_qemu_env = os.environ.get('GDB_OPTIONS')
qemu_gdb = []
if gdb_qemu_env:
@@ -312,6 +314,44 @@ def cmd(self, cmd):
return self._read_output()
+class QemuStorageDaemon:
+ def __init__(self, *args: str, instance_id: str = 'a'):
+ assert '--pidfile' not in args
+ self.pidfile = os.path.join(test_dir, f'qsd-{instance_id}-pid')
+ all_args = [qsd_prog] + list(args) + ['--pidfile', self.pidfile]
+
+ # Cannot use with here, we want the subprocess to stay around
+ # pylint: disable=consider-using-with
+ self._p = subprocess.Popen(all_args)
+ while not os.path.exists(self.pidfile):
+ if self._p.poll() is not None:
+ cmd = ' '.join(all_args)
+ raise RuntimeError(
+ 'qemu-storage-daemon terminated with exit code ' +
+ f'{self._p.returncode}: {cmd}')
+
+ time.sleep(0.01)
+
+ with open(self.pidfile, encoding='utf-8') as f:
+ self._pid = int(f.read().strip())
+
+ assert self._pid == self._p.pid
+
+ def stop(self, kill_signal=15):
+ self._p.send_signal(kill_signal)
+ self._p.wait()
+ self._p = None
+
+ try:
+ os.remove(self.pidfile)
+ except OSError:
+ pass
+
+ def __del__(self):
+ if self._p is not None:
+ self.stop(kill_signal=9)
+
+
def qemu_nbd(*args):
'''Run qemu-nbd in daemon mode and return the parent's exit code'''
return subprocess.call(qemu_nbd_args + ['--fork'] + list(args))
--
2.27.0

287
SOURCES/kvm-numa-Enable-numa-for-SGX-EPC-sections.patch Normal file
View File

@ -0,0 +1,287 @@
From 6274a2a09a8931188889467b104bf2e2fc39cb54 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Mon, 1 Nov 2021 12:20:05 -0400
Subject: [PATCH 01/12] numa: Enable numa for SGX EPC sections
RH-Author: Paul Lai <plai@redhat.com>
RH-MergeRequest: 65: Enable SGX and add SGX Numa support
RH-Commit: [1/5] ff69d138c3f5903096388ec7ccf8dc5e6c6c6ffb
RH-Bugzilla: 2033708
RH-Acked-by: Paolo Bonzini <None>
RH-Acked-by: Bandan Das <None>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
The basic SGX did not enable numa for SGX EPC sections, which
result in all EPC sections located in numa node 0. This patch
enable SGX numa function in the guest and the EPC section can
work with RAM as one numa node.
The Guest kernel related log:
[ 0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff]
[ 0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff]
The SRAT table can normally show SGX EPC sections menory info in different
numa nodes.
The SGX EPC numa related command:
......
-m 4G,maxmem=20G \
-smp sockets=2,cores=2 \
-cpu host,+sgx-provisionkey \
-object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \
-object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \
-numa node,nodeid=0,cpus=0-1,memdev=node0 \
-object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \
-object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \
-numa node,nodeid=1,cpus=2-3,memdev=node1 \
-M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1 \
......
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 1105812382e1126d86dddc16b3700f8c79dc93d1)
Signed-off-by: Paul Lai <plai@redhat.com>
---
hw/core/numa.c | 5 ++---
hw/i386/acpi-build.c | 2 ++
hw/i386/sgx-epc.c | 3 +++
hw/i386/sgx-stub.c | 4 ++++
hw/i386/sgx.c | 44 +++++++++++++++++++++++++++++++++++++++
include/hw/i386/sgx-epc.h | 3 +++
monitor/hmp-cmds.c | 1 +
qapi/machine.json | 10 ++++++++-
qemu-options.hx | 4 ++--
9 files changed, 70 insertions(+), 6 deletions(-)
diff --git a/hw/core/numa.c b/hw/core/numa.c
index e6050b2273..1aa05dcf42 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -784,9 +784,8 @@ static void numa_stat_memory_devices(NumaNodeMem node_mem[])
break;
case MEMORY_DEVICE_INFO_KIND_SGX_EPC:
se = value->u.sgx_epc.data;
- /* TODO: once we support numa, assign to right node */
- node_mem[0].node_mem += se->size;
- node_mem[0].node_plugged_mem += se->size;
+ node_mem[se->node].node_mem += se->size;
+ node_mem[se->node].node_plugged_mem = 0;
break;
default:
g_assert_not_reached();
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index a99c6e4fe3..8383b83ee3 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2068,6 +2068,8 @@ build_srat(GArray *table_data, BIOSLinker *linker, MachineState *machine)
nvdimm_build_srat(table_data);
}
+ sgx_epc_build_srat(table_data);
+
/*
* TODO: this part is not in ACPI spec and current linux kernel boots fine
* without these entries. But I recall there were issues the last time I
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index e508827e78..96b2940d75 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -21,6 +21,7 @@
static Property sgx_epc_properties[] = {
DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
+ DEFINE_PROP_UINT32(SGX_EPC_NUMA_NODE_PROP, SGXEPCDevice, node, 0),
DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem,
TYPE_MEMORY_BACKEND_EPC, HostMemoryBackendEpc *),
DEFINE_PROP_END_OF_LIST(),
@@ -139,6 +140,8 @@ static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md,
se->memaddr = epc->addr;
se->size = object_property_get_uint(OBJECT(epc), SGX_EPC_SIZE_PROP,
NULL);
+ se->node = object_property_get_uint(OBJECT(epc), SGX_EPC_NUMA_NODE_PROP,
+ NULL);
se->memdev = object_get_canonical_path(OBJECT(epc->hostmem));
info->u.sgx_epc.data = se;
diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
index c9b379e665..26833eb233 100644
--- a/hw/i386/sgx-stub.c
+++ b/hw/i386/sgx-stub.c
@@ -6,6 +6,10 @@
#include "qapi/error.h"
#include "qapi/qapi-commands-misc-target.h"
+void sgx_epc_build_srat(GArray *table_data)
+{
+}
+
SGXInfo *qmp_query_sgx(Error **errp)
{
error_setg(errp, "SGX support is not compiled in");
diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
index 8fef3dd8fa..d04299904a 100644
--- a/hw/i386/sgx.c
+++ b/hw/i386/sgx.c
@@ -23,6 +23,7 @@
#include "sysemu/hw_accel.h"
#include "sysemu/reset.h"
#include <sys/ioctl.h>
+#include "hw/acpi/aml-build.h"
#define SGX_MAX_EPC_SECTIONS 8
#define SGX_CPUID_EPC_INVALID 0x0
@@ -36,6 +37,46 @@
#define RETRY_NUM 2
+static int sgx_epc_device_list(Object *obj, void *opaque)
+{
+ GSList **list = opaque;
+
+ if (object_dynamic_cast(obj, TYPE_SGX_EPC)) {
+ *list = g_slist_append(*list, DEVICE(obj));
+ }
+
+ object_child_foreach(obj, sgx_epc_device_list, opaque);
+ return 0;
+}
+
+static GSList *sgx_epc_get_device_list(void)
+{
+ GSList *list = NULL;
+
+ object_child_foreach(qdev_get_machine(), sgx_epc_device_list, &list);
+ return list;
+}
+
+void sgx_epc_build_srat(GArray *table_data)
+{
+ GSList *device_list = sgx_epc_get_device_list();
+
+ for (; device_list; device_list = device_list->next) {
+ DeviceState *dev = device_list->data;
+ Object *obj = OBJECT(dev);
+ uint64_t addr, size;
+ int node;
+
+ node = object_property_get_uint(obj, SGX_EPC_NUMA_NODE_PROP,
+ &error_abort);
+ addr = object_property_get_uint(obj, SGX_EPC_ADDR_PROP, &error_abort);
+ size = object_property_get_uint(obj, SGX_EPC_SIZE_PROP, &error_abort);
+
+ build_srat_memory(table_data, addr, size, node, MEM_AFFINITY_ENABLED);
+ }
+ g_slist_free(device_list);
+}
+
static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
{
return (low & MAKE_64BIT_MASK(12, 20)) +
@@ -226,6 +267,9 @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
/* set the memdev link with memory backend */
object_property_parse(obj, SGX_EPC_MEMDEV_PROP, list->value->memdev,
&error_fatal);
+ /* set the numa node property for sgx epc object */
+ object_property_set_uint(obj, SGX_EPC_NUMA_NODE_PROP, list->value->node,
+ &error_fatal);
object_property_set_bool(obj, "realized", true, &error_fatal);
object_unref(obj);
}
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index a6a65be854..581fac389a 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -25,6 +25,7 @@
#define SGX_EPC_ADDR_PROP "addr"
#define SGX_EPC_SIZE_PROP "size"
#define SGX_EPC_MEMDEV_PROP "memdev"
+#define SGX_EPC_NUMA_NODE_PROP "node"
/**
* SGXEPCDevice:
@@ -38,6 +39,7 @@ typedef struct SGXEPCDevice {
/* public */
uint64_t addr;
+ uint32_t node;
HostMemoryBackendEpc *hostmem;
} SGXEPCDevice;
@@ -56,6 +58,7 @@ typedef struct SGXEPCState {
} SGXEPCState;
bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
+void sgx_epc_build_srat(GArray *table_data);
static inline uint64_t sgx_epc_above_4g_end(SGXEPCState *sgx_epc)
{
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 9c91bf93e9..2669156b28 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1810,6 +1810,7 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
se->id ? se->id : "");
monitor_printf(mon, " memaddr: 0x%" PRIx64 "\n", se->memaddr);
monitor_printf(mon, " size: %" PRIu64 "\n", se->size);
+ monitor_printf(mon, " node: %" PRId64 "\n", se->node);
monitor_printf(mon, " memdev: %s\n", se->memdev);
break;
default:
diff --git a/qapi/machine.json b/qapi/machine.json
index 067e3f5378..16e771affc 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1207,12 +1207,15 @@
#
# @memdev: memory backend linked with device
#
+# @node: the numa node
+#
# Since: 6.2
##
{ 'struct': 'SgxEPCDeviceInfo',
'data': { '*id': 'str',
'memaddr': 'size',
'size': 'size',
+ 'node': 'int',
'memdev': 'str'
}
}
@@ -1285,10 +1288,15 @@
#
# @memdev: memory backend linked with device
#
+# @node: the numa node
+#
# Since: 6.2
##
{ 'struct': 'SgxEPC',
- 'data': { 'memdev': 'str' } }
+ 'data': { 'memdev': 'str',
+ 'node': 'int'
+ }
+}
##
# @SgxEPCProperties:
diff --git a/qemu-options.hx b/qemu-options.hx
index 94c4a8dbaf..4b7798088b 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -127,11 +127,11 @@ SRST
ERST
DEF("M", HAS_ARG, QEMU_OPTION_M,
- " sgx-epc.0.memdev=memid\n",
+ " sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n",
QEMU_ARCH_ALL)
SRST
-``sgx-epc.0.memdev=@var{memid}``
+``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}``
Define an SGX EPC section.
ERST
--
2.27.0

210
SOURCES/kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch Normal file
View File

@ -0,0 +1,210 @@
From 0f75501ba348dc9fb3ce0198ceafc8093149457d Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Mon, 1 Nov 2021 12:20:07 -0400
Subject: [PATCH 02/12] numa: Support SGX numa in the monitor and Libvirt
interfaces
RH-Author: Paul Lai <plai@redhat.com>
RH-MergeRequest: 65: Enable SGX and add SGX Numa support
RH-Commit: [2/5] 8c19cfb1a139fd4dbac771e695a133f16a68437f
RH-Bugzilla: 2033708
RH-Acked-by: Paolo Bonzini <None>
RH-Acked-by: Bandan Das <None>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
Add the SGXEPCSection list into SGXInfo to show the multiple
SGX EPC sections detailed info, not the total size like before.
This patch can enable numa support for 'info sgx' command and
QMP interfaces. The new interfaces show each EPC section info
in one numa node. Libvirt can use QMP interface to get the
detailed host SGX EPC capabilities to decide how to allocate
host EPC sections to guest.
(qemu) info sgx
SGX support: enabled
SGX1 support: enabled
SGX2 support: enabled
FLC support: enabled
NUMA node #0: size=67108864
NUMA node #1: size=29360128
The QMP interface show:
(QEMU) query-sgx
{"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \
[{"node": 0, "size": 67108864}, {"node": 1, "size": 29360128}], "flc": true}}
(QEMU) query-sgx-capabilities
{"return": {"sgx": true, "sgx2": true, "sgx1": true, "sections": \
[{"node": 0, "size": 17070817280}, {"node": 1, "size": 17079205888}], "flc": true}}
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-4-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 4755927ae12547c2e7cb22c5fa1b39038c6c11b1)
Signed-off-by: Paul Lai <plai@redhat.com>
---
hw/i386/sgx.c | 51 +++++++++++++++++++++++++++++++++++--------
qapi/misc-target.json | 19 ++++++++++++++--
2 files changed, 59 insertions(+), 11 deletions(-)
diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
index d04299904a..5de5dd0893 100644
--- a/hw/i386/sgx.c
+++ b/hw/i386/sgx.c
@@ -83,11 +83,13 @@ static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
((high & MAKE_64BIT_MASK(0, 20)) << 32);
}
-static uint64_t sgx_calc_host_epc_section_size(void)
+static SGXEPCSectionList *sgx_calc_host_epc_sections(void)
{
+ SGXEPCSectionList *head = NULL, **tail = &head;
+ SGXEPCSection *section;
uint32_t i, type;
uint32_t eax, ebx, ecx, edx;
- uint64_t size = 0;
+ uint32_t j = 0;
for (i = 0; i < SGX_MAX_EPC_SECTIONS; i++) {
host_cpuid(0x12, i + 2, &eax, &ebx, &ecx, &edx);
@@ -101,10 +103,13 @@ static uint64_t sgx_calc_host_epc_section_size(void)
break;
}
- size += sgx_calc_section_metric(ecx, edx);
+ section = g_new0(SGXEPCSection, 1);
+ section->node = j++;
+ section->size = sgx_calc_section_metric(ecx, edx);
+ QAPI_LIST_APPEND(tail, section);
}
- return size;
+ return head;
}
static void sgx_epc_reset(void *opaque)
@@ -168,13 +173,35 @@ SGXInfo *qmp_query_sgx_capabilities(Error **errp)
info->sgx1 = eax & (1U << 0) ? true : false;
info->sgx2 = eax & (1U << 1) ? true : false;
- info->section_size = sgx_calc_host_epc_section_size();
+ info->sections = sgx_calc_host_epc_sections();
close(fd);
return info;
}
+static SGXEPCSectionList *sgx_get_epc_sections_list(void)
+{
+ GSList *device_list = sgx_epc_get_device_list();
+ SGXEPCSectionList *head = NULL, **tail = &head;
+ SGXEPCSection *section;
+
+ for (; device_list; device_list = device_list->next) {
+ DeviceState *dev = device_list->data;
+ Object *obj = OBJECT(dev);
+
+ section = g_new0(SGXEPCSection, 1);
+ section->node = object_property_get_uint(obj, SGX_EPC_NUMA_NODE_PROP,
+ &error_abort);
+ section->size = object_property_get_uint(obj, SGX_EPC_SIZE_PROP,
+ &error_abort);
+ QAPI_LIST_APPEND(tail, section);
+ }
+ g_slist_free(device_list);
+
+ return head;
+}
+
SGXInfo *qmp_query_sgx(Error **errp)
{
SGXInfo *info = NULL;
@@ -193,14 +220,13 @@ SGXInfo *qmp_query_sgx(Error **errp)
return NULL;
}
- SGXEPCState *sgx_epc = &pcms->sgx_epc;
info = g_new0(SGXInfo, 1);
info->sgx = true;
info->sgx1 = true;
info->sgx2 = true;
info->flc = true;
- info->section_size = sgx_epc->size;
+ info->sections = sgx_get_epc_sections_list();
return info;
}
@@ -208,6 +234,7 @@ SGXInfo *qmp_query_sgx(Error **errp)
void hmp_info_sgx(Monitor *mon, const QDict *qdict)
{
Error *err = NULL;
+ SGXEPCSectionList *section_list, *section;
g_autoptr(SGXInfo) info = qmp_query_sgx(&err);
if (err) {
@@ -222,8 +249,14 @@ void hmp_info_sgx(Monitor *mon, const QDict *qdict)
info->sgx2 ? "enabled" : "disabled");
monitor_printf(mon, "FLC support: %s\n",
info->flc ? "enabled" : "disabled");
- monitor_printf(mon, "size: %" PRIu64 "\n",
- info->section_size);
+
+ section_list = info->sections;
+ for (section = section_list; section; section = section->next) {
+ monitor_printf(mon, "NUMA node #%" PRId64 ": ",
+ section->value->node);
+ monitor_printf(mon, "size=%" PRIu64 "\n",
+ section->value->size);
+ }
}
bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 5aa2b95b7d..1022aa0184 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -337,6 +337,21 @@
'if': 'TARGET_ARM' }
+##
+# @SGXEPCSection:
+#
+# Information about intel SGX EPC section info
+#
+# @node: the numa node
+#
+# @size: the size of epc section
+#
+# Since: 6.2
+##
+{ 'struct': 'SGXEPCSection',
+ 'data': { 'node': 'int',
+ 'size': 'uint64'}}
+
##
# @SGXInfo:
#
@@ -350,7 +365,7 @@
#
# @flc: true if FLC is supported
#
-# @section-size: The EPC section size for guest
+# @sections: The EPC sections info for guest
#
# Since: 6.2
##
@@ -359,7 +374,7 @@
'sgx1': 'bool',
'sgx2': 'bool',
'flc': 'bool',
- 'section-size': 'uint64'},
+ 'sections': ['SGXEPCSection']},
'if': 'TARGET_I386' }
##
--
2.27.0

213
SOURCES/kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch Normal file
View File

@ -0,0 +1,213 @@
From a6a327ae392c02b8e8c75b5d702d929ff8fe408d Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Thu, 20 Jan 2022 17:31:04 -0500
Subject: [PATCH 05/12] qapi: Cleanup SGX related comments and restore
@section-size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paul Lai <plai@redhat.com>
RH-MergeRequest: 65: Enable SGX and add SGX Numa support
RH-Commit: [5/5] 0d3b9f37cd3cce202050ba3bd51eef4410ef3d38
RH-Bugzilla: 2033708
RH-Acked-by: Paolo Bonzini <None>
RH-Acked-by: Bandan Das <None>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
The SGX NUMA patches were merged into Qemu 7.0 release, we need
clarify detailed version history information and also change
some related comments, which make SGX related comments clearer.
The QMP command schema promises backwards compatibility as standard.
We temporarily restore "@section-size", which can avoid incompatible
API breakage. The "@section-size" will be deprecated in 7.2 version.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220120223104.437161-1-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paul Lai <plai@redhat.com>
---
docs/about/deprecated.rst | 13 +++++++++++++
hw/i386/sgx.c | 11 +++++++++--
qapi/machine.json | 4 ++--
qapi/misc-target.json | 22 +++++++++++++++++-----
4 files changed, 41 insertions(+), 9 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index ff7488cb63..33925edf45 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -270,6 +270,19 @@ accepted incorrect commands will return an error. Users should make sure that
all arguments passed to ``device_add`` are consistent with the documented
property types.
+``query-sgx`` return value member ``section-size`` (since 7.0)
+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+Member ``section-size`` in return value elements with meta-type ``uint64`` is
+deprecated. Use ``sections`` instead.
+
+
+``query-sgx-capabilities`` return value member ``section-size`` (since 7.0)
+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+Member ``section-size`` in return value elements with meta-type ``uint64`` is
+deprecated. Use ``sections`` instead.
+
System accelerators
-------------------
diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
index 5de5dd0893..a2b318dd93 100644
--- a/hw/i386/sgx.c
+++ b/hw/i386/sgx.c
@@ -83,7 +83,7 @@ static uint64_t sgx_calc_section_metric(uint64_t low, uint64_t high)
((high & MAKE_64BIT_MASK(0, 20)) << 32);
}
-static SGXEPCSectionList *sgx_calc_host_epc_sections(void)
+static SGXEPCSectionList *sgx_calc_host_epc_sections(uint64_t *size)
{
SGXEPCSectionList *head = NULL, **tail = &head;
SGXEPCSection *section;
@@ -106,6 +106,7 @@ static SGXEPCSectionList *sgx_calc_host_epc_sections(void)
section = g_new0(SGXEPCSection, 1);
section->node = j++;
section->size = sgx_calc_section_metric(ecx, edx);
+ *size += section->size;
QAPI_LIST_APPEND(tail, section);
}
@@ -156,6 +157,7 @@ SGXInfo *qmp_query_sgx_capabilities(Error **errp)
{
SGXInfo *info = NULL;
uint32_t eax, ebx, ecx, edx;
+ uint64_t size = 0;
int fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
if (fd < 0) {
@@ -173,7 +175,8 @@ SGXInfo *qmp_query_sgx_capabilities(Error **errp)
info->sgx1 = eax & (1U << 0) ? true : false;
info->sgx2 = eax & (1U << 1) ? true : false;
- info->sections = sgx_calc_host_epc_sections();
+ info->sections = sgx_calc_host_epc_sections(&size);
+ info->section_size = size;
close(fd);
@@ -220,12 +223,14 @@ SGXInfo *qmp_query_sgx(Error **errp)
return NULL;
}
+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
info = g_new0(SGXInfo, 1);
info->sgx = true;
info->sgx1 = true;
info->sgx2 = true;
info->flc = true;
+ info->section_size = sgx_epc->size;
info->sections = sgx_get_epc_sections_list();
return info;
@@ -249,6 +254,8 @@ void hmp_info_sgx(Monitor *mon, const QDict *qdict)
info->sgx2 ? "enabled" : "disabled");
monitor_printf(mon, "FLC support: %s\n",
info->flc ? "enabled" : "disabled");
+ monitor_printf(mon, "size: %" PRIu64 "\n",
+ info->section_size);
section_list = info->sections;
for (section = section_list; section; section = section->next) {
diff --git a/qapi/machine.json b/qapi/machine.json
index 16e771affc..a9f33d0f27 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1207,7 +1207,7 @@
#
# @memdev: memory backend linked with device
#
-# @node: the numa node
+# @node: the numa node (Since: 7.0)
#
# Since: 6.2
##
@@ -1288,7 +1288,7 @@
#
# @memdev: memory backend linked with device
#
-# @node: the numa node
+# @node: the numa node (Since: 7.0)
#
# Since: 6.2
##
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 1022aa0184..4bc45d2474 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -344,9 +344,9 @@
#
# @node: the numa node
#
-# @size: the size of epc section
+# @size: the size of EPC section
#
-# Since: 6.2
+# Since: 7.0
##
{ 'struct': 'SGXEPCSection',
'data': { 'node': 'int',
@@ -365,7 +365,13 @@
#
# @flc: true if FLC is supported
#
-# @sections: The EPC sections info for guest
+# @section-size: The EPC section size for guest
+# Redundant with @sections. Just for backward compatibility.
+#
+# @sections: The EPC sections info for guest (Since: 7.0)
+#
+# Features:
+# @deprecated: Member @section-size is deprecated. Use @sections instead.
#
# Since: 6.2
##
@@ -374,6 +380,8 @@
'sgx1': 'bool',
'sgx2': 'bool',
'flc': 'bool',
+ 'section-size': { 'type': 'uint64',
+ 'features': [ 'deprecated' ] },
'sections': ['SGXEPCSection']},
'if': 'TARGET_I386' }
@@ -390,7 +398,9 @@
#
# -> { "execute": "query-sgx" }
# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
-# "flc": true, "section-size" : 0 } }
+# "flc": true, "section-size" : 96468992,
+# "sections": [{"node": 0, "size": 67108864},
+# {"node": 1, "size": 29360128}]} }
#
##
{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
@@ -408,7 +418,9 @@
#
# -> { "execute": "query-sgx-capabilities" }
# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
-# "flc": true, "section-size" : 0 } }
+# "flc": true, "section-size" : 96468992,
+# "section" : [{"node": 0, "size": 67108864},
+# {"node": 1, "size": 29360128}]} }
#
##
{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
--
2.27.0

108
SOURCES/kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch Normal file
View File

@ -0,0 +1,108 @@
From a221f5a8ed02690687e6709c49ae0e1e01c5f466 Mon Sep 17 00:00:00 2001
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Date: Fri, 17 Dec 2021 17:46:54 +0100
Subject: [PATCH 09/12] qemu-img: make is_allocated_sectors() more efficient
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 70: qemu-img convert: Fix sparseness of output image
RH-Commit: [2/2] cc05aa4ac506b57ff9b430c007618cdf1485a03f (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 1882917
RH-Acked-by: Eric Blake <eblake@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
Consider the case when the whole buffer is zero and end is unaligned.
If i <= tail, we return 1 and do one unaligned WRITE, RMW happens.
If i > tail, we do on aligned WRITE_ZERO (or skip if target is zeroed)
and again one unaligned WRITE, RMW happens.
Let's do better: don't fragment the whole-zero buffer and report it as
ZERO: in case of zeroed target we just do nothing and avoid RMW. If
target is not zeroes, one unaligned WRITE_ZERO should not be much worse
than one unaligned WRITE.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20211217164654.1184218-3-vsementsov@virtuozzo.com>
Tested-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 96054c76ff2db74165385a69f234c57a6bbc941e)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
qemu-img.c | 23 +++++++++++++++++++----
tests/qemu-iotests/122.out | 8 ++------
2 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index f036a1d428..d7ddfcc528 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1171,19 +1171,34 @@ static int is_allocated_sectors(const uint8_t *buf, int n, int *pnum,
}
}
+ if (i == n) {
+ /*
+ * The whole buf is the same.
+ * No reason to split it into chunks, so return now.
+ */
+ *pnum = i;
+ return !is_zero;
+ }
+
tail = (sector_num + i) & (alignment - 1);
if (tail) {
if (is_zero && i <= tail) {
- /* treat unallocated areas which only consist
- * of a small tail as allocated. */
+ /*
+ * For sure next sector after i is data, and it will rewrite this
+ * tail anyway due to RMW. So, let's just write data now.
+ */
is_zero = false;
}
if (!is_zero) {
- /* align up end offset of allocated areas. */
+ /* If possible, align up end offset of allocated areas. */
i += alignment - tail;
i = MIN(i, n);
} else {
- /* align down end offset of zero areas. */
+ /*
+ * For sure next sector after i is data, and it will rewrite this
+ * tail anyway due to RMW. Better is avoid RMW and write zeroes up
+ * to aligned bound.
+ */
i -= tail;
}
}
diff --git a/tests/qemu-iotests/122.out b/tests/qemu-iotests/122.out
index 69b8e8b803..e18766e167 100644
--- a/tests/qemu-iotests/122.out
+++ b/tests/qemu-iotests/122.out
@@ -201,9 +201,7 @@ convert -S 4k
{ "start": 8192, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
{ "start": 12288, "length": 4096, "depth": 0, "present": false, "zero": true, "data": false},
{ "start": 16384, "length": 4096, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 20480, "length": 46080, "depth": 0, "present": false, "zero": true, "data": false},
-{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
+{ "start": 20480, "length": 67088384, "depth": 0, "present": false, "zero": true, "data": false}]
convert -c -S 4k
[{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
@@ -215,9 +213,7 @@ convert -c -S 4k
convert -S 8k
[{ "start": 0, "length": 24576, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 24576, "length": 41984, "depth": 0, "present": false, "zero": true, "data": false},
-{ "start": 66560, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 67584, "length": 67041280, "depth": 0, "present": false, "zero": true, "data": false}]
+{ "start": 24576, "length": 67084288, "depth": 0, "present": false, "zero": true, "data": false}]
convert -c -S 8k
[{ "start": 0, "length": 1024, "depth": 0, "present": true, "zero": false, "data": true},
--
2.27.0

72
SOURCES/kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch Normal file
View File

@ -0,0 +1,72 @@
From 0f4592f79f8c24f84db18a8c39c6056b2a0be524 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 7 Jan 2022 11:54:19 +0100
Subject: [PATCH 1/5] qemu-storage-daemon: Add vhost-user-blk help
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 63: qemu-storage-daemon: Add vhost-user-blk help
RH-Commit: [1/2] 6b08fec5d6ceea9f8f3810321099310069e08b53 (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 1962088
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
Add missing vhost-user-blk help:
$ qemu-storage-daemon -h
...
--export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,
addr.type=unix,addr.path=<socket-path>[,writable=on|off]
[,logical-block-size=<block-size>][,num-queues=<num-queues>]
export the specified block node as a
vhosts-user-blk device over UNIX domain socket
--export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,
fd,addr.str=<fd>[,writable=on|off]
[,logical-block-size=<block-size>][,num-queues=<num-queues>]
export the specified block node as a
vhosts-user-blk device over file descriptor
...
Fixes: 90fc91d50b7 ("convert vhost-user-blk server to block export API")
Reported-by: Qing Wang <qinwang@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220107105420.395011-3-f4bug@amsat.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit c8cbc9524269d9583749aaaea8aa244add7e1900)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
storage-daemon/qemu-storage-daemon.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/storage-daemon/qemu-storage-daemon.c b/storage-daemon/qemu-storage-daemon.c
index 52cf17e8ac..9d76d1114d 100644
--- a/storage-daemon/qemu-storage-daemon.c
+++ b/storage-daemon/qemu-storage-daemon.c
@@ -104,6 +104,19 @@ static void help(void)
" export the specified block node over FUSE\n"
"\n"
#endif /* CONFIG_FUSE */
+#ifdef CONFIG_VHOST_USER_BLK_SERVER
+" --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,\n"
+" addr.type=unix,addr.path=<socket-path>[,writable=on|off]\n"
+" [,logical-block-size=<block-size>][,num-queues=<num-queues>]\n"
+" export the specified block node as a\n"
+" vhost-user-blk device over UNIX domain socket\n"
+" --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,\n"
+" fd,addr.str=<fd>[,writable=on|off]\n"
+" [,logical-block-size=<block-size>][,num-queues=<num-queues>]\n"
+" export the specified block node as a\n"
+" vhost-user-blk device over file descriptor\n"
+"\n"
+#endif /* CONFIG_VHOST_USER_BLK_SERVER */
" --monitor [chardev=]name[,mode=control][,pretty[=on|off]]\n"
" configure a QMP monitor\n"
"\n"
--
2.27.0

41
SOURCES/kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch Normal file
View File

@ -0,0 +1,41 @@
From 20edf203c8cb314e27409918399aa7cbdc6fdb02 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Tue, 25 Jan 2022 16:15:14 +0100
Subject: [PATCH 2/5] qemu-storage-daemon: Fix typo in vhost-user-blk help
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 63: qemu-storage-daemon: Add vhost-user-blk help
RH-Commit: [2/2] b7afb670c398799b6e49b926e296771453a55fba (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 1962088
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
The syntax of the fd passing case misses the "addr.type=" key. Add it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220125151514.49035-1-kwolf@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e66e665f15736f5ee1fbd8087926cb0f1e52f61a)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
storage-daemon/qemu-storage-daemon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/storage-daemon/qemu-storage-daemon.c b/storage-daemon/qemu-storage-daemon.c
index 9d76d1114d..ec9aa79b55 100644
--- a/storage-daemon/qemu-storage-daemon.c
+++ b/storage-daemon/qemu-storage-daemon.c
@@ -111,7 +111,7 @@ static void help(void)
" export the specified block node as a\n"
" vhost-user-blk device over UNIX domain socket\n"
" --export [type=]vhost-user-blk,id=<id>,node-name=<node-name>,\n"
-" fd,addr.str=<fd>[,writable=on|off]\n"
+" addr.type=fd,addr.str=<fd>[,writable=on|off]\n"
" [,logical-block-size=<block-size>][,num-queues=<num-queues>]\n"
" export the specified block node as a\n"
" vhost-user-blk device over file descriptor\n"
--
2.27.0

52
SOURCES/kvm-rhel-machine-types-x86-set-prefer_sockets.patch Normal file
View File

@ -0,0 +1,52 @@
From ecadfaec992fda7f485522c9ee6e7c9b05614a22 Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Tue, 7 Dec 2021 18:39:47 +0000
Subject: [PATCH 2/2] rhel machine types/x86: set prefer_sockets
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-MergeRequest: 59: rhel machine types/x86: set prefer_sockets
RH-Commit: [1/1] 9bcd9e2c95154e39ef30a8a342ad6c713fa4f1fb (dagrh/c-9-s-qemu-kvm)
RH-Bugzilla: 2028623
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: quintela1 <quintela@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
When I fixed up the machine types for 8.5 I missed the
prefer_sockets = true
add them in; it looks like Power, ARM already have them, and I see them
in thuth's s390 patch.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
hw/i386/pc_piix.c | 1 +
hw/i386/pc_q35.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 183b5d5464..fccb7f5fc9 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -973,6 +973,7 @@ static void pc_machine_rhel7_options(MachineClass *m)
compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
m->alias = "pc";
m->is_default = 1;
+ m->smp_props.prefer_sockets = true;
}
static void pc_init_rhel760(MachineState *machine)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 0e7e885e78..3b748ddd7b 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -662,6 +662,7 @@ static void pc_q35_machine_rhel850_options(MachineClass *m)
hw_compat_rhel_8_5_len);
compat_props_add(m->compat_props, pc_rhel_8_5_compat,
pc_rhel_8_5_compat_len);
+ m->smp_props.prefer_sockets = true;
}
DEFINE_PC_MACHINE(q35_rhel850, "pc-q35-rhel8.5.0", pc_q35_init_rhel850,
--
2.27.0

130
SOURCES/kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch Normal file
View File

@ -0,0 +1,130 @@
From 005339f7deaee639c38d30e5bf2235c292ce3937 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 5 Jan 2022 12:38:47 +0000
Subject: [PATCH 3/3] softmmu: fix device deletion events with -device JSON
syntax
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 62: Fix hot unplug of devices created with -device JSON syntax
RH-Commit: [1/1] 980e505ba215b5f9324c107481c5bb257ae03f42 (kmwolf/centos-qemu-kvm)
RH-Bugzilla: 2036669
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Jano Tomko <None>
The -device JSON syntax impl leaks a reference on the created
DeviceState instance. As a result when you hot-unplug the
device, the device_finalize method won't be called and thus
it will fail to emit the required DEVICE_DELETED event.
A 'json-cli' feature was previously added against the
'device_add' QMP command QAPI schema to indicated to mgmt
apps that -device supported JSON syntax. Given the hotplug
bug that feature flag is not usable for its purpose, so
we add a new 'json-cli-hotplug' feature to indicate the
-device supports JSON without breaking hotplug.
Fixes: 5dacda5167560b3af8eadbce5814f60ba44b467e
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/802
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220105123847.4047954-2-berrange@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Tested-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 64b4529a432507ee84a924be69a03432639e87ba)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
qapi/qdev.json | 5 ++++-
softmmu/vl.c | 4 +++-
tests/qtest/device-plug-test.c | 19 +++++++++++++++++++
3 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/qapi/qdev.json b/qapi/qdev.json
index 69656b14df..26cd10106b 100644
--- a/qapi/qdev.json
+++ b/qapi/qdev.json
@@ -44,6 +44,9 @@
# @json-cli: If present, the "-device" command line option supports JSON
# syntax with a structure identical to the arguments of this
# command.
+# @json-cli-hotplug: If present, the "-device" command line option supports JSON
+# syntax without the reference counting leak that broke
+# hot-unplug
#
# Notes:
#
@@ -74,7 +77,7 @@
{ 'command': 'device_add',
'data': {'driver': 'str', '*bus': 'str', '*id': 'str'},
'gen': false, # so we can get the additional arguments
- 'features': ['json-cli'] }
+ 'features': ['json-cli', 'json-cli-hotplug'] }
##
# @device_del:
diff --git a/softmmu/vl.c b/softmmu/vl.c
index d46b8fb4ab..b3829e2edd 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2690,6 +2690,7 @@ static void qemu_create_cli_devices(void)
qemu_opts_foreach(qemu_find_opts("device"),
device_init_func, NULL, &error_fatal);
QTAILQ_FOREACH(opt, &device_opts, next) {
+ DeviceState *dev;
loc_push_restore(&opt->loc);
/*
* TODO Eventually we should call qmp_device_add() here to make sure it
@@ -2698,7 +2699,8 @@ static void qemu_create_cli_devices(void)
* from the start, so call qdev_device_add_from_qdict() directly for
* now.
*/
- qdev_device_add_from_qdict(opt->opts, true, &error_fatal);
+ dev = qdev_device_add_from_qdict(opt->opts, true, &error_fatal);
+ object_unref(OBJECT(dev));
loc_pop(&opt->loc);
}
rom_reset_order_override();
diff --git a/tests/qtest/device-plug-test.c b/tests/qtest/device-plug-test.c
index 559d47727a..ad79bd4c14 100644
--- a/tests/qtest/device-plug-test.c
+++ b/tests/qtest/device-plug-test.c
@@ -77,6 +77,23 @@ static void test_pci_unplug_request(void)
qtest_quit(qtest);
}
+static void test_pci_unplug_json_request(void)
+{
+ QTestState *qtest = qtest_initf(
+ "-device '{\"driver\": \"virtio-mouse-pci\", \"id\": \"dev0\"}'");
+
+ /*
+ * Request device removal. As the guest is not running, the request won't
+ * be processed. However during system reset, the removal will be
+ * handled, removing the device.
+ */
+ device_del(qtest, "dev0");
+ system_reset(qtest);
+ wait_device_deleted_event(qtest, "dev0");
+
+ qtest_quit(qtest);
+}
+
static void test_ccw_unplug(void)
{
QTestState *qtest = qtest_initf("-device virtio-balloon-ccw,id=dev0");
@@ -145,6 +162,8 @@ int main(int argc, char **argv)
*/
qtest_add_func("/device-plug/pci-unplug-request",
test_pci_unplug_request);
+ qtest_add_func("/device-plug/pci-unplug-json-request",
+ test_pci_unplug_json_request);
if (!strcmp(arch, "s390x")) {
qtest_add_func("/device-plug/ccw-unplug",
--
2.27.0

110
SOURCES/kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch Normal file
View File

@ -0,0 +1,110 @@
From 846192d22a1ddfa87682bb0b67febef5c30c9743 Mon Sep 17 00:00:00 2001
From: Vivek Goyal <vgoyal@redhat.com>
Date: Tue, 25 Jan 2022 13:51:14 -0500
Subject: [PATCH 3/5] virtiofsd: Drop membership of all supplementary groups
(CVE-2022-0358)
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-MergeRequest: 66: c9s: virtiofsd security fix - drop secondary groups
RH-Commit: [1/1] cdf3b0405ea3369933e76761890f16b040641036 (redhat/centos-stream/src/qemu-kvm)
RH-Bugzilla: 2046201
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
RH-Acked-by: Sergio Lopez <None>
RH-Acked-by: Vivek Goyal <None>
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operations which are not
normally allowed.
For example, if root in guest creates a dir as follows.
$ mkdir -m 03777 test_dir
This sets SGID on dir as well as allows unprivileged users to write into
this dir.
And now as unprivileged user open file as follows.
$ su test
$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);
This will create SGID set executable in test_dir/.
And that's a problem because now an unpriviliged user can execute it,
get egid=0 and get access to resources owned by "root" group. This is
privilege escalation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
Fixes: CVE-2022-0358
Reported-by: JIETAO XIAO <shawtao1125@gmail.com>
Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <YfBGoriS38eBQrAb@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
dgilbert: Fixed missing {}'s style nit
(cherry picked from commit 449e8171f96a6a944d1f3b7d3627ae059eae21ca)
---
tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 64b5b4fbb1..b3d0674f6d 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -54,6 +54,7 @@
#include <sys/wait.h>
#include <sys/xattr.h>
#include <syslog.h>
+#include <grp.h>
#include "qemu/cutils.h"
#include "passthrough_helpers.h"
@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
#define OURSYS_setresuid SYS_setresuid
#endif
+static void drop_supplementary_groups(void)
+{
+ int ret;
+
+ ret = getgroups(0, NULL);
+ if (ret == -1) {
+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n",
+ errno, strerror(errno));
+ exit(1);
+ }
+
+ if (!ret) {
+ return;
+ }
+
+ /* Drop all supplementary groups. We should not need it */
+ ret = setgroups(0, NULL);
+ if (ret == -1) {
+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n",
+ errno, strerror(errno));
+ exit(1);
+ }
+}
+
/*
* Change to uid/gid of caller so that file is created with
* ownership of caller.
@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[])
qemu_init_exec_dir(argv[0]);
+ drop_supplementary_groups();
+
pthread_mutex_init(&lo.mutex, NULL);
lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
lo.root.fd = -1;
--
2.27.0

65
SOURCES/kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch Normal file
View File

@ -0,0 +1,65 @@
From 1b8eeb1323fa21c7b26d0396fae5ae4a8cdb1ace Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Tue, 11 Jan 2022 18:29:31 +0000
Subject: [PATCH 1/3] x86: Add q35 RHEL 8.6.0 machine type
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-MergeRequest: 61: x86: Add rhel 8.6.0 & 9.0.0 machine types
RH-Commit: [1/2] 189335cf0e4ad117e3e401f23aa07cddbbac50df (dagrh/c-9-s-qemu-kvm)
RH-Bugzilla: 1945666
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
Add the new 8.6.0 machine type; note that while the -AV
notation has gone in the product naming, just keep the smbios
definitions the same for consistency.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
hw/i386/pc_q35.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 3b748ddd7b..0c25305f15 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -646,6 +646,24 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
}
+static void pc_q35_init_rhel860(MachineState *machine)
+{
+ pc_q35_init(machine);
+}
+
+static void pc_q35_machine_rhel860_options(MachineClass *m)
+{
+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+ pc_q35_machine_rhel_options(m);
+ m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)";
+ pcmc->smbios_stream_product = "RHEL-AV";
+ pcmc->smbios_stream_version = "8.6.0";
+}
+
+DEFINE_PC_MACHINE(q35_rhel860, "pc-q35-rhel8.6.0", pc_q35_init_rhel860,
+ pc_q35_machine_rhel860_options);
+
+
static void pc_q35_init_rhel850(MachineState *machine)
{
pc_q35_init(machine);
@@ -654,8 +672,9 @@ static void pc_q35_init_rhel850(MachineState *machine)
static void pc_q35_machine_rhel850_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
- pc_q35_machine_rhel_options(m);
+ pc_q35_machine_rhel860_options(m);
m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
+ m->alias = NULL;
pcmc->smbios_stream_product = "RHEL-AV";
pcmc->smbios_stream_version = "8.5.0";
compat_props_add(m->compat_props, hw_compat_rhel_8_5,
--
2.27.0

75
SOURCES/kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch Normal file
View File

@ -0,0 +1,75 @@
From 3d5024fb9c904a649d07f0def3a90b3d36611215 Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Wed, 12 Jan 2022 13:21:57 +0000
Subject: [PATCH 2/3] x86: Add q35 RHEL 9.0.0 machine type
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-MergeRequest: 61: x86: Add rhel 8.6.0 & 9.0.0 machine types
RH-Commit: [2/2] 743378502459b978efd632271f97ddb824422203 (dagrh/c-9-s-qemu-kvm)
RH-Bugzilla: 1945666
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
Add a rhel-9.0.0 q35 machine type; it's currently identical to 8.6.0;
but having a separate machine type will make life easier in the future
when the 8.x types go away.
Note: The smbios stream product name has now changed to 'RHEL'
bz: https://bugzilla.redhat.com/show_bug.cgi?id=1945666
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
hw/i386/pc_q35.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 0c25305f15..bf9ad32f0e 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -646,6 +646,23 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
}
+static void pc_q35_init_rhel900(MachineState *machine)
+{
+ pc_q35_init(machine);
+}
+
+static void pc_q35_machine_rhel900_options(MachineClass *m)
+{
+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+ pc_q35_machine_rhel_options(m);
+ m->desc = "RHEL-9.0.0 PC (Q35 + ICH9, 2009)";
+ pcmc->smbios_stream_product = "RHEL";
+ pcmc->smbios_stream_version = "9.0.0";
+}
+
+DEFINE_PC_MACHINE(q35_rhel900, "pc-q35-rhel9.0.0", pc_q35_init_rhel900,
+ pc_q35_machine_rhel900_options);
+
static void pc_q35_init_rhel860(MachineState *machine)
{
pc_q35_init(machine);
@@ -654,8 +671,9 @@ static void pc_q35_init_rhel860(MachineState *machine)
static void pc_q35_machine_rhel860_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
- pc_q35_machine_rhel_options(m);
+ pc_q35_machine_rhel900_options(m);
m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)";
+ m->alias = NULL;
pcmc->smbios_stream_product = "RHEL-AV";
pcmc->smbios_stream_version = "8.6.0";
}
@@ -674,7 +692,6 @@ static void pc_q35_machine_rhel850_options(MachineClass *m)
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
pc_q35_machine_rhel860_options(m);
m->desc = "RHEL-8.5.0 PC (Q35 + ICH9, 2009)";
- m->alias = NULL;
pcmc->smbios_stream_product = "RHEL-AV";
pcmc->smbios_stream_version = "8.5.0";
compat_props_add(m->compat_props, hw_compat_rhel_8_5,
--
2.27.0

282
SPECS/qemu-kvm.spec
View File

@ -110,9 +110,23 @@
%global requires_all_modules \
%if %{have_opengl} \
Requires: %{name}-ui-opengl = %{epoch}:%{version}-%{release} \
Requires: %{name}-ui-egl-headless = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-device-display-virtio-gpu = %{epoch}:%{version}-%{release} \
Requires: %{name}-device-display-virtio-gpu-gl = %{epoch}:%{version}-%{release} \
%ifarch s390x \
Requires: %{name}-device-display-virtio-gpu-ccw = %{epoch}:%{version}-%{release} \
%else \
Requires: %{name}-device-display-virtio-gpu-pci = %{epoch}:%{version}-%{release} \
Requires: %{name}-device-display-virtio-gpu-pci-gl = %{epoch}:%{version}-%{release} \
%endif \
%ifarch x86_64 %{power64} \
Requires: %{name}-device-display-virtio-vga = %{epoch}:%{version}-%{release} \
Requires: %{name}-device-display-virtio-vga-gl = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-device-usb-host = %{epoch}:%{version}-%{release} \
%if %{have_usbredir} \
Requires: %{name}-hw-usbredir = %{epoch}:%{version}-%{release} \
Requires: %{name}-device-usb-redirect = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-block-rbd = %{epoch}:%{version}-%{release} \
Requires: %{name}-audio-pa = %{epoch}:%{version}-%{release}
@ -130,7 +144,7 @@ Obsoletes: %{name}-block-iscsi <= %{version} \
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 6.2.0
Release: 3%{?rcrel}%{?dist}%{?cc_suffix}
Release: 9%{?rcrel}%{?dist}%{?cc_suffix}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
# Epoch 15 used for RHEL 8
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@ -193,6 +207,68 @@ Patch31: kvm-hw-arm-virt-Expose-the-RAS-option.patch
Patch32: kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch
# For bz#2031044 - Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]
Patch33: kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch
# For bz#2024544 - Fio workers hangs when running fio with 32 jobs iodepth 32 and QEMU's userspace NVMe driver
Patch34: kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch
# For bz#2028623 - [9.0] machine types: 6.2: Fix prefer_sockets
Patch35: kvm-rhel-machine-types-x86-set-prefer_sockets.patch
# For bz#1945666 - 9.0: x86 machine types
Patch36: kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch
# For bz#1945666 - 9.0: x86 machine types
Patch37: kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch
# For bz#2036669 - DEVICE_DELETED event is not delivered for device frontend if -device is configured via JSON
Patch38: kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch
# For bz#1962088 - [QSD] wrong help message for the fuse
Patch39: kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch
# For bz#1962088 - [QSD] wrong help message for the fuse
Patch40: kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch
# For bz#2046201 - CVE-2022-0358 qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-9.0]
Patch41: kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch
# For bz#2034791 - Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD
Patch42: kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch
# For bz#2034791 - Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD
Patch43: kvm-block-rbd-workaround-for-ceph-issue-53784.patch
# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
Patch44: kvm-numa-Enable-numa-for-SGX-EPC-sections.patch
# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
Patch45: kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch
# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
Patch46: kvm-doc-Add-the-SGX-numa-description.patch
# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
Patch47: kvm-Enable-SGX-RH-Only.patch
# For bz#2033708 - [Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support
Patch48: kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch
# For bz#2041461 - Inconsistent block status reply in qemu-nbd
Patch49: kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch
# For bz#2041461 - Inconsistent block status reply in qemu-nbd
Patch50: kvm-iotests-block-status-cache-New-test.patch
# For bz#1882917 - the target image size is incorrect when converting a badly fragmented file
Patch51: kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch
# For bz#1882917 - the target image size is incorrect when converting a badly fragmented file
Patch52: kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch
# For bz#2040123 - Qemu core dumped when do block-stream to a snapshot node on non-enough space storage
Patch53: kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch
# For bz#2040123 - Qemu core dumped when do block-stream to a snapshot node on non-enough space storage
Patch54: kvm-iotests-stream-error-on-reset-New-test.patch
# For bz#2042481 - [aarch64] Launch guest with "default-bus-bypass-iommu=off,iommu=smmuv3" and "iommu_platform=on", guest hangs after system_reset
Patch55: kvm-hw-arm-smmuv3-Fix-device-reset.patch
# For bz#2046659 - qemu crash after execute blockdev-reopen with iothread
Patch56: kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch
# For bz#2046659 - qemu crash after execute blockdev-reopen with iothread
Patch57: kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch
# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
Patch58: kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch
# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
Patch59: kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch
# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
Patch60: kvm-iotests.py-Add-QemuStorageDaemon-class.patch
# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
Patch61: kvm-iotests-281-Test-lingering-timers.patch
# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
Patch62: kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch
# For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node
Patch63: kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch
# Source-git patches
%if %{have_clang}
BuildRequires: clang
@ -303,7 +379,15 @@ Requires: libfdt >= %{libfdt_version}
emulation for the KVM hypervisor. %{name} acts as a virtual
machine monitor together with the KVM kernel modules, and emulates the
hardware for a full system such as a PC and its associated peripherals.
This is a minimalistic installation of %{name}. Functionality provided by
this package is not ensured and it can change in a future version as some
functionality can be split out to separate package.
Before updating this package, it is recommended to check the package
changelog for information on functionality which might have been moved to
a separate package to prevent issues due to the moved functionality.
If apps opt-in to minimalist packaging by depending on %{name}-core, they
explicitly accept that features may disappear from %{name}-core in future
updates.
%package common
Summary: QEMU common files needed by all QEMU targets
@ -439,15 +523,76 @@ Requires: mesa-libEGL
Requires: mesa-dri-drivers
%description ui-opengl
This package provides opengl support.
%package ui-egl-headless
Summary: QEMU EGL headless driver
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-ui-opengl%{?_isa} = %{epoch}:%{version}-%{release}
%description ui-egl-headless
This package provides the additional egl-headless UI for QEMU.
%endif
%package device-display-virtio-gpu
Summary: QEMU virtio-gpu display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu
This package provides the virtio-gpu display device for QEMU.
%package device-display-virtio-gpu-gl
Summary: QEMU virtio-gpu-gl display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-gl
This package provides the virtio-gpu-gl display device for QEMU.
%ifarch s390x
%package device-display-virtio-gpu-ccw
Summary: QEMU virtio-gpu-ccw display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-ccw
This package provides the virtio-gpu-ccw display device for QEMU.
%else
%package device-display-virtio-gpu-pci
Summary: QEMU virtio-gpu-pci display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-pci
This package provides the virtio-gpu-pci display device for QEMU.
%package device-display-virtio-gpu-pci-gl
Summary: QEMU virtio-gpu-pci-gl display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-gpu-pci-gl
This package provides the virtio-gpu-pci-gl display device for QEMU.
%endif
%ifarch x86_64 %{power64}
%package device-display-virtio-vga
Summary: QEMU virtio-vga display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-vga
This package provides the virtio-vga display device for QEMU.
%package device-display-virtio-vga-gl
Summary: QEMU virtio-vga-gl display device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-display-virtio-vga-gl
This package provides the virtio-vga-gl display device for QEMU.
%endif
%package device-usb-host
Summary: QEMU usb host device
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%description device-usb-host
This package provides the USB pass through driver for QEMU.
%if %{have_usbredir}
%package hw-usbredir
%package device-usb-redirect
Summary: QEMU usbredir support
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
Requires: usbredir >= 0.7.1
Provides: %{name}-hw-usbredir
%description hw-usbredir
%description device-usb-redirect
This package provides usbredir support.
%endif
@ -1105,9 +1250,6 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%{_datadir}/%{name}/s390-ccw.img
%{_datadir}/%{name}/s390-netboot.img
%endif
%ifnarch aarch64 s390x
%{_libdir}/%{name}/hw-display-virtio-vga.so
%endif
%{_datadir}/icons/*
%{_datadir}/%{name}/linuxboot_dma.bin
%if %{have_modules_load}
@ -1125,25 +1267,33 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%{_datadir}/%{name}/systemtap/script.d/qemu_kvm.stp
%{_datadir}/%{name}/systemtap/conf.d/qemu_kvm.conf
%{_libdir}/%{name}/hw-display-virtio-gpu.so
%{_libdir}/%{name}/hw-display-virtio-gpu-gl.so
%ifarch x86_64 %{power64}
%{_libdir}/%{name}/hw-display-virtio-vga-gl.so
%endif
%ifarch s390x
%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so
%else
%{_libdir}/%{name}/hw-display-virtio-gpu-pci.so
%{_libdir}/%{name}/hw-display-virtio-gpu-pci-gl.so
%endif
%{_libdir}/%{name}/accel-qtest-%{kvm_target}.so
%ifarch x86_64
%{_libdir}/%{name}/accel-tcg-%{kvm_target}.so
%endif
%{_libdir}/%{name}/hw-usb-host.so
%files device-display-virtio-gpu
%{_libdir}/%{name}/hw-display-virtio-gpu.so
%files device-display-virtio-gpu-gl
%{_libdir}/%{name}/hw-display-virtio-gpu-gl.so
%ifarch s390x
%files device-display-virtio-gpu-ccw
%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so
%else
%files device-display-virtio-gpu-pci
%{_libdir}/%{name}/hw-display-virtio-gpu-pci.so
%files device-display-virtio-gpu-pci-gl
%{_libdir}/%{name}/hw-display-virtio-gpu-pci-gl.so
%endif
%ifarch x86_64 %{power64}
%files device-display-virtio-vga
%{_libdir}/%{name}/hw-display-virtio-vga.so
%files device-display-virtio-vga-gl
%{_libdir}/%{name}/hw-display-virtio-vga-gl.so
%endif
%files tests
%{testsdir}
%{_libdir}/%{name}/accel-qtest-%{kvm_target}.so
%files block-curl
%{_libdir}/%{name}/block-curl.so
@ -1158,12 +1308,16 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%if %{have_opengl}
%files ui-opengl
%{_libdir}/%{name}/ui-egl-headless.so
%{_libdir}/%{name}/ui-opengl.so
%files ui-egl-headless
%{_libdir}/%{name}/ui-egl-headless.so
%endif
%files device-usb-host
%{_libdir}/%{name}/hw-usb-host.so
%if %{have_usbredir}
%files hw-usbredir
%files device-usb-redirect
%{_libdir}/%{name}/hw-usb-redirect.so
%endif
@ -1171,6 +1325,88 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%endif
%changelog
* Thu Feb 17 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-9
- kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch [bz#2046659]
- kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch [bz#2046659]
- kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch [bz#2033626]
- kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch [bz#2033626]
- kvm-iotests.py-Add-QemuStorageDaemon-class.patch [bz#2033626]
- kvm-iotests-281-Test-lingering-timers.patch [bz#2033626]
- kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch [bz#2033626]
- kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch [bz#2033626]
- Resolves: bz#2046659
(qemu crash after execute blockdev-reopen with iothread)
- Resolves: bz#2033626
(Qemu core dump when start guest with nbd node or do block jobs to nbd node)
* Mon Feb 14 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-8
- kvm-numa-Enable-numa-for-SGX-EPC-sections.patch [bz#2033708]
- kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch [bz#2033708]
- kvm-doc-Add-the-SGX-numa-description.patch [bz#2033708]
- kvm-Enable-SGX-RH-Only.patch [bz#2033708]
- kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch [bz#2033708]
- kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch [bz#2041461]
- kvm-iotests-block-status-cache-New-test.patch [bz#2041461]
- kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch [bz#1882917]
- kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch [bz#1882917]
- kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch [bz#2040123]
- kvm-iotests-stream-error-on-reset-New-test.patch [bz#2040123]
- kvm-hw-arm-smmuv3-Fix-device-reset.patch [bz#2042481]
- Resolves: bz#2033708
([Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support)
- Resolves: bz#2041461
(Inconsistent block status reply in qemu-nbd)
- Resolves: bz#1882917
(the target image size is incorrect when converting a badly fragmented file)
- Resolves: bz#2040123
(Qemu core dumped when do block-stream to a snapshot node on non-enough space storage)
- Resolves: bz#2042481
([aarch64] Launch guest with "default-bus-bypass-iommu=off,iommu=smmuv3" and "iommu_platform=on", guest hangs after system_reset)
* Mon Feb 07 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-7
- kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch [bz#1962088]
- kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch [bz#1962088]
- kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2046201]
- kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch [bz#2034791]
- kvm-block-rbd-workaround-for-ceph-issue-53784.patch [bz#2034791]
- Resolves: bz#1962088
([QSD] wrong help message for the fuse)
- Resolves: bz#2046201
(CVE-2022-0358 qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-9.0])
- Resolves: bz#2034791
(Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD)
* Wed Feb 02 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-6
- Moving feature support out of qemu-kvm-core to separate packages (can
cause loss of functionality when using only qemu-kvm-core - qemu-kvm keeps
same feature set).
- kvm-spec-Rename-qemu-kvm-hw-usbredir-to-qemu-kvm-device-.patch [bz#2022847]
- kvm-spec-Split-qemu-kvm-ui-opengl.patch [bz#2022847]
- kvm-spec-Introduce-packages-for-virtio-gpu-modules.patch [bz#2022847]
- kvm-spec-Introduce-device-display-virtio-vga-packages.patch [bz#2022847]
- kvm-spec-Move-usb-host-module-to-separate-package.patch [bz#2022847]
- kvm-spec-Move-qtest-accel-module-to-tests-package.patch [bz#2022847]
- kvm-spec-Extend-qemu-kvm-core-description.patch [bz#2022847]
- Resolves: bz#2022847
(qemu-kvm: Align package split with Fedora)
* Tue Jan 25 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-5
- kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch [bz#1945666]
- kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch [bz#1945666]
- kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch [bz#2036669]
- Resolves: bz#1945666
(9.0: x86 machine types)
- Resolves: bz#2036669
(DEVICE_DELETED event is not delivered for device frontend if -device is configured via JSON)
* Mon Jan 17 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-4
- kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch [bz#2024544]
- kvm-rhel-machine-types-x86-set-prefer_sockets.patch [bz#2028623]
- Resolves: bz#2024544
(Fio workers hangs when running fio with 32 jobs iodepth 32 and QEMU's userspace NVMe driver)
- Resolves: bz#2028623
([9.0] machine types: 6.2: Fix prefer_sockets)
* Mon Jan 10 2022 Miroslav Rezanina <mrezanin@redhat.com> - 6.2.0-3
- kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch [bz#2031044]
- kvm-hw-arm-virt-Register-its-as-a-class-property.patch [bz#2031044]