From 0b5c35c425aba6d529aeeb52c8bf42900c23b746 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Thu, 12 May 2022 03:31:32 -0400 Subject: [PATCH] * Thu May 12 2022 Miroslav Rezanina - 7.0.0-3 - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) --- kvm-Enable-virtio-iommu-pci-on-aarch64.patch | 41 +++++++ ...missing-initialization-in-instance-c.patch | 56 +++++++++ ...ve-the-dtb-kaslr-seed-machine-option.patch | 76 ++++++++++++ ...m-Add-a-stub-function-for-TPM_IS_CRB.patch | 54 +++++++++ ...ve-spurious-tpm-crb-cmd-misalignment.patch | 114 ++++++++++++++++++ qemu-kvm.spec | 25 +++- 6 files changed, 365 insertions(+), 1 deletion(-) create mode 100644 kvm-Enable-virtio-iommu-pci-on-aarch64.patch create mode 100644 kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch create mode 100644 kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch create mode 100644 kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch create mode 100644 kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch diff --git a/kvm-Enable-virtio-iommu-pci-on-aarch64.patch b/kvm-Enable-virtio-iommu-pci-on-aarch64.patch new file mode 100644 index 0000000..3aafd3c --- /dev/null +++ b/kvm-Enable-virtio-iommu-pci-on-aarch64.patch @@ -0,0 +1,41 @@ +From 85781b8745fa1581a66f64011d61a4f0c4e103dc Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Fri, 6 May 2022 17:03:11 +0200 +Subject: [PATCH 3/5] Enable virtio-iommu-pci on aarch64 + +RH-Author: Eric Auger +RH-MergeRequest: 83: Enable virtio-iommu-pci on aarch64 +RH-Commit: [1/1] 23e5c0832e52c66adf5fd6daccdc3edddc7ecb8b (eauger1/centos-qemu-kvm) +RH-Bugzilla: 1477099 +RH-Acked-by: Gavin Shan +RH-Acked-by: Andrew Jones +RH-Acked-by: Cornelia Huck + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477099 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45128798 +Upstream Status: RHEL-only +Tested: With virtio-net-pci and virtio-block-pci + +let's enable the virtio-iommu-pci device on aarch64 by +turning CONFIG_VIRTIO_IOMMU on. + +Signed-off-by: Eric Auger +--- + configs/devices/aarch64-softmmu/aarch64-rh-devices.mak | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak +index 187938573f..1618d31b89 100644 +--- a/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak ++++ b/configs/devices/aarch64-softmmu/aarch64-rh-devices.mak +@@ -23,6 +23,7 @@ CONFIG_VFIO_PCI=y + CONFIG_VIRTIO_MMIO=y + CONFIG_VIRTIO_PCI=y + CONFIG_VIRTIO_MEM=y ++CONFIG_VIRTIO_IOMMU=y + CONFIG_XIO3130=y + CONFIG_NVDIMM=y + CONFIG_ACPI_APEI=y +-- +2.31.1 + diff --git a/kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch b/kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch new file mode 100644 index 0000000..78b9ee0 --- /dev/null +++ b/kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch @@ -0,0 +1,56 @@ +From e25c40735d2f022c07481b548d20476222006657 Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Wed, 4 May 2022 11:11:54 +0200 +Subject: [PATCH 2/5] hw/arm/virt: Fix missing initialization in + instance/class_init() + +RH-Author: Eric Auger +RH-MergeRequest: 82: hw/arm/virt: Remove the dtb-kaslr-seed machine option +RH-Commit: [2/2] 22cbbfc30cf57a09b8acfb25d8a4dff2754c630c (eauger1/centos-qemu-kvm) +RH-Bugzilla: 2046029 +RH-Acked-by: Gavin Shan +RH-Acked-by: Andrew Jones +RH-Acked-by: Cornelia Huck + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2046029 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45133161 +Upstream Status: RHEL-only +Tested: Boot RHEL guest and check migration from 8.6 to 9.1 + (with custom additions) + +During the 7.0 rebase, the initialization of highmem_mmio and +highmem_redists was forgotten in rhel_virt_instance_init(). +Fix it to match virt_instance_init() code. + +Also mc->smp_props.clusters_supported was missing in +rhel_machine_class_init(). + +Signed-off-by: Eric Auger +--- + hw/arm/virt.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index bde4f77994..8be12e121d 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -3286,6 +3286,7 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data) + hc->unplug_request = virt_machine_device_unplug_request_cb; + hc->unplug = virt_machine_device_unplug_cb; + mc->nvdimm_supported = true; ++ mc->smp_props.clusters_supported = true; + mc->auto_enable_numa_with_memhp = true; + mc->auto_enable_numa_with_memdev = true; + mc->default_ram_id = "mach-virt.ram"; +@@ -3366,6 +3367,8 @@ static void rhel_virt_instance_init(Object *obj) + vms->gic_version = VIRT_GIC_VERSION_NOSEL; + + vms->highmem_ecam = !vmc->no_highmem_ecam; ++ vms->highmem_mmio = true; ++ vms->highmem_redists = true; + + if (vmc->no_its) { + vms->its = false; +-- +2.31.1 + diff --git a/kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch b/kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch new file mode 100644 index 0000000..10af6c0 --- /dev/null +++ b/kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch @@ -0,0 +1,76 @@ +From 69f771c3dc641431f3e98497cbd3832edb69284f Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Tue, 3 May 2022 08:56:52 +0200 +Subject: [PATCH 1/5] hw/arm/virt: Remove the dtb-kaslr-seed machine option + +RH-Author: Eric Auger +RH-MergeRequest: 82: hw/arm/virt: Remove the dtb-kaslr-seed machine option +RH-Commit: [1/2] a89dcd7f22e04ae39de99795d3f34cdd0b831bc0 (eauger1/centos-qemu-kvm) +RH-Bugzilla: 2046029 +RH-Acked-by: Gavin Shan +RH-Acked-by: Andrew Jones +RH-Acked-by: Cornelia Huck + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2046029 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45133161 +Upstream Status: RHEL-only +Tested: Boot RHEL guest and check the option is not available + +In RHEL we do not want to expose the dtb-kaslr-seed virt machine +option. Indeed the default 'on' value matches our need as +random data in the DTB does not cause any boot failure and we +want to support KASLR for the guest. + +Signed-off-by: Eric Auger + +--- +--- + hw/arm/virt.c | 11 +++-------- + 1 file changed, 3 insertions(+), 8 deletions(-) + +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index e06862d22a..bde4f77994 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -2350,6 +2350,7 @@ static void virt_set_its(Object *obj, bool value, Error **errp) + vms->its = value; + } + ++#if 0 /* Disabled for Red Hat Enterprise Linux */ + static bool virt_get_dtb_kaslr_seed(Object *obj, Error **errp) + { + VirtMachineState *vms = VIRT_MACHINE(obj); +@@ -2363,6 +2364,7 @@ static void virt_set_dtb_kaslr_seed(Object *obj, bool value, Error **errp) + + vms->dtb_kaslr_seed = value; + } ++#endif /* disabled for RHEL */ + + static char *virt_get_oem_id(Object *obj, Error **errp) + { +@@ -3346,13 +3348,6 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data) + "Override the default value of field OEM Table ID " + "in ACPI table header." + "The string may be up to 8 bytes in size"); +- +- object_class_property_add_bool(oc, "dtb-kaslr-seed", +- virt_get_dtb_kaslr_seed, +- virt_set_dtb_kaslr_seed); +- object_class_property_set_description(oc, "dtb-kaslr-seed", +- "Set off to disable passing of kaslr-seed " +- "dtb node to guest"); + } + + static void rhel_virt_instance_init(Object *obj) +@@ -3397,7 +3392,7 @@ static void rhel_virt_instance_init(Object *obj) + /* MTE is disabled by default and non-configurable for RHEL */ + vms->mte = false; + +- /* Supply a kaslr-seed by default */ ++ /* Supply a kaslr-seed by default and non-configurable for RHEL */ + vms->dtb_kaslr_seed = true; + + vms->irqmap = a15irqmap; +-- +2.31.1 + diff --git a/kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch b/kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch new file mode 100644 index 0000000..8fd2e16 --- /dev/null +++ b/kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch @@ -0,0 +1,54 @@ +From 74b3e92dcb9e343e135a681259514b4fd28086ea Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Fri, 6 May 2022 15:25:09 +0200 +Subject: [PATCH 4/5] sysemu: tpm: Add a stub function for TPM_IS_CRB + +RH-Author: Eric Auger +RH-MergeRequest: 84: vfio/common: Remove spurious tpm-crb-cmd misalignment warning +RH-Commit: [1/2] 0ab55ca1aa12a3a7cbdef5a378928f75e030e536 (eauger1/centos-qemu-kvm) +RH-Bugzilla: 2037612 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Cornelia Huck +RH-Acked-by: Andrew Jones + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037612 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45166961 +Upstream Status: YES +Tested: With TPM-CRB and VFIO + +In a subsequent patch, VFIO will need to recognize if +a memory region owner is a TPM CRB device. Hence VFIO +needs to use TPM_IS_CRB() even if CONFIG_TPM is unset. So +let's add a stub function. + +Signed-off-by: Eric Auger +Suggested-by: Cornelia Huck +Reviewed-by: Stefan Berger +Link: https://lore.kernel.org/r/20220506132510.1847942-2-eric.auger@redhat.com +Signed-off-by: Alex Williamson +(cherry picked from commit 4168cdad398843ed53d650a27651868b4d3e21c9) +Signed-off-by: Eric Auger +--- + include/sysemu/tpm.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h +index 68b2206463..fb40e30ff6 100644 +--- a/include/sysemu/tpm.h ++++ b/include/sysemu/tpm.h +@@ -80,6 +80,12 @@ static inline TPMVersion tpm_get_version(TPMIf *ti) + #define tpm_init() (0) + #define tpm_cleanup() + ++/* needed for an alignment check in non-tpm code */ ++static inline Object *TPM_IS_CRB(Object *obj) ++{ ++ return NULL; ++} ++ + #endif /* CONFIG_TPM */ + + #endif /* QEMU_TPM_H */ +-- +2.31.1 + diff --git a/kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch b/kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch new file mode 100644 index 0000000..26083c1 --- /dev/null +++ b/kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch @@ -0,0 +1,114 @@ +From b90a5878355bd549200ed1eff52ea084325bfc8a Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Fri, 6 May 2022 15:25:10 +0200 +Subject: [PATCH 5/5] vfio/common: remove spurious tpm-crb-cmd misalignment + warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eric Auger +RH-MergeRequest: 84: vfio/common: Remove spurious tpm-crb-cmd misalignment warning +RH-Commit: [2/2] 9b73a9aec59cb50d5e3468cc553464bf4a73d0a1 (eauger1/centos-qemu-kvm) +RH-Bugzilla: 2037612 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Cornelia Huck +RH-Acked-by: Andrew Jones + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037612 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45166961 +Upstream Status: YES +Tested: With TPM-CRB and VFIO + +The CRB command buffer currently is a RAM MemoryRegion and given +its base address alignment, it causes an error report on +vfio_listener_region_add(). This region could have been a RAM device +region, easing the detection of such safe situation but this option +was not well received. So let's add a helper function that uses the +memory region owner type to detect the situation is safe wrt +the assignment. Other device types can be checked here if such kind +of problem occurs again. + +Conflicts in hw/vfio/common.c +We don't have 8e3b0cbb721 ("Replace qemu_real_host_page variables with inlined functions") + +Signed-off-by: Eric Auger +Reviewed-by: Philippe Mathieu-Daudé +Acked-by: Stefan Berger +Reviewed-by: Cornelia Huck +Link: https://lore.kernel.org/r/20220506132510.1847942-3-eric.auger@redhat.com +Signed-off-by: Alex Williamson +(cherry picked from commit 851d6d1a0ff29a87ec588205842edf6b86d99b5c) +Signed-off-by: Eric Auger +--- + hw/vfio/common.c | 27 ++++++++++++++++++++++++++- + hw/vfio/trace-events | 1 + + 2 files changed, 27 insertions(+), 1 deletion(-) + +diff --git a/hw/vfio/common.c b/hw/vfio/common.c +index 080046e3f5..0fbe0d47af 100644 +--- a/hw/vfio/common.c ++++ b/hw/vfio/common.c +@@ -40,6 +40,7 @@ + #include "trace.h" + #include "qapi/error.h" + #include "migration/migration.h" ++#include "sysemu/tpm.h" + + VFIOGroupList vfio_group_list = + QLIST_HEAD_INITIALIZER(vfio_group_list); +@@ -861,6 +862,22 @@ static void vfio_unregister_ram_discard_listener(VFIOContainer *container, + g_free(vrdl); + } + ++static bool vfio_known_safe_misalignment(MemoryRegionSection *section) ++{ ++ MemoryRegion *mr = section->mr; ++ ++ if (!TPM_IS_CRB(mr->owner)) { ++ return false; ++ } ++ ++ /* this is a known safe misaligned region, just trace for debug purpose */ ++ trace_vfio_known_safe_misalignment(memory_region_name(mr), ++ section->offset_within_address_space, ++ section->offset_within_region, ++ qemu_real_host_page_size); ++ return true; ++} ++ + static void vfio_listener_region_add(MemoryListener *listener, + MemoryRegionSection *section) + { +@@ -884,7 +901,15 @@ static void vfio_listener_region_add(MemoryListener *listener, + if (unlikely((section->offset_within_address_space & + ~qemu_real_host_page_mask) != + (section->offset_within_region & ~qemu_real_host_page_mask))) { +- error_report("%s received unaligned region", __func__); ++ if (!vfio_known_safe_misalignment(section)) { ++ error_report("%s received unaligned region %s iova=0x%"PRIx64 ++ " offset_within_region=0x%"PRIx64 ++ " qemu_real_host_page_size=0x%"PRIxPTR, ++ __func__, memory_region_name(section->mr), ++ section->offset_within_address_space, ++ section->offset_within_region, ++ qemu_real_host_page_size); ++ } + return; + } + +diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events +index 0ef1b5f4a6..582882db91 100644 +--- a/hw/vfio/trace-events ++++ b/hw/vfio/trace-events +@@ -100,6 +100,7 @@ vfio_listener_region_add_skip(uint64_t start, uint64_t end) "SKIPPING region_add + vfio_spapr_group_attach(int groupfd, int tablefd) "Attached groupfd %d to liobn fd %d" + vfio_listener_region_add_iommu(uint64_t start, uint64_t end) "region_add [iommu] 0x%"PRIx64" - 0x%"PRIx64 + vfio_listener_region_add_ram(uint64_t iova_start, uint64_t iova_end, void *vaddr) "region_add [ram] 0x%"PRIx64" - 0x%"PRIx64" [%p]" ++vfio_known_safe_misalignment(const char *name, uint64_t iova, uint64_t offset_within_region, uintptr_t page_size) "Region \"%s\" iova=0x%"PRIx64" offset_within_region=0x%"PRIx64" qemu_real_host_page_size=0x%"PRIxPTR ": cannot be mapped for DMA" + vfio_listener_region_add_no_dma_map(const char *name, uint64_t iova, uint64_t size, uint64_t page_size) "Region \"%s\" 0x%"PRIx64" size=0x%"PRIx64" is not aligned to 0x%"PRIx64" and cannot be mapped for DMA" + vfio_listener_region_del_skip(uint64_t start, uint64_t end) "SKIPPING region_del 0x%"PRIx64" - 0x%"PRIx64 + vfio_listener_region_del(uint64_t start, uint64_t end) "region_del 0x%"PRIx64" - 0x%"PRIx64 +-- +2.31.1 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 38d4980..5feb6bf 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -151,7 +151,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 7.0.0 -Release: 2%{?rcrel}%{?dist}%{?cc_suffix} +Release: 3%{?rcrel}%{?dist}%{?cc_suffix} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -198,6 +198,16 @@ Patch0021: 0021-pc-Move-s3-s4-suspend-disabling-to-compat.patch Patch22: kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch # For bz#2081022 - Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes Patch23: kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch +# For bz#2046029 - [WRB] New machine type property - dtb-kaslr-seed +Patch24: kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch +# For bz#2046029 - [WRB] New machine type property - dtb-kaslr-seed +Patch25: kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch +# For bz#1477099 - virtio-iommu (including ACPI, VHOST/VFIO integration, migration support) +Patch26: kvm-Enable-virtio-iommu-pci-on-aarch64.patch +# For bz#2037612 - [Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region +Patch27: kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch +# For bz#2037612 - [Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region +Patch28: kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch # Source-git patches @@ -1233,6 +1243,19 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Thu May 12 2022 Miroslav Rezanina - 7.0.0-3 +- kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] +- kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] +- kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] +- kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] +- kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] +- Resolves: bz#2046029 + ([WRB] New machine type property - dtb-kaslr-seed) +- Resolves: bz#1477099 + (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) +- Resolves: bz#2037612 + ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) + * Fri May 06 2022 Miroslav Rezanina - 7.0.0-2 - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022]