From 0dde13a5cdbe12f30b1f6aa9b9df60f9bb1e60e3 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Mon, 7 Jul 2025 03:44:31 -0400 Subject: [PATCH] * Mon Jul 07 2025 Miroslav Rezanina - 10.0.0-7 - kvm-s390x-Fix-leak-in-machine_set_loadparm.patch [RHEL-98555] - kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch [RHEL-98555] - kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch [RHEL-52650] - kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch [RHEL-52650] - kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch [RHEL-52650] - kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch [RHEL-52650] - kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch [RHEL-52650] - kvm-target-i386-Add-support-for-EPYC-Turin-model.patch [RHEL-52650] - kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch [RHEL-95479] - kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch [RHEL-95479] - kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch [RHEL-95479] - kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] - kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch [RHEL-95479] - kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch [RHEL-95479] - kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch [RHEL-95479] - kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch [RHEL-95479] - kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] - kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch [RHEL-95479] - kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch [RHEL-95479] - kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch [RHEL-95479] - kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch [RHEL-95479] - kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch [RHEL-95479] - kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch [RHEL-95479] - kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch [RHEL-95479] - kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch [RHEL-95479] - kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch [RHEL-95479] - kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch [RHEL-95479] - kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch [RHEL-95479] - kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch [RHEL-95479] - kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] - kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch [RHEL-95479] - kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] - kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-net-socket-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-net-stream-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] - kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch [RHEL-85649] - kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch [RHEL-85649] - kvm-Enable-amd-iommu-device.patch [RHEL-85649] - kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch [RHEL-83883] - Resolves: RHEL-98555 ([s390x][RHEL10.1][ccw-device] there would be memory leak with virtio_blk disks) - Resolves: RHEL-52650 ([AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model) - Resolves: RHEL-95479 (-ftrivial-auto-var-init=zero reduced performance) - Resolves: RHEL-85649 ([RHEL 10]Qemu/amd-iommu: Add ability to manually specify the AMDVI-PCI device) - Resolves: RHEL-83883 (Video stuck after switchover phase when play one video during migration) --- kvm-Enable-amd-iommu-device.patch | 38 +++ ...atic-zero-init-of-large-array-in-ioq.patch | 48 ++++ ...skip-automatic-zero-init-of-large-ar.patch | 49 ++++ ...-skip-automatic-zero-init-of-large-a.patch | 49 ++++ ...ket-skip-automatic-zero-init-of-larg.patch | 49 ++++ ...ip-automatic-zero-init-of-large-arra.patch | 57 ++++ ...-skip-automatic-zero-init-of-large-a.patch | 59 ++++ ...skip-automatic-zero-init-of-large-ar.patch | 49 ++++ ...p-automatic-zero-init-of-large-array.patch | 48 ++++ ..._88w8618-skip-automatic-zero-init-of.patch | 50 ++++ ...ip-automatic-zero-init-of-large-arra.patch | 48 ++++ ...7-skip-automatic-zero-init-of-large-.patch | 49 ++++ ...ole-lm-skip-automatic-zero-init-of-l.patch | 49 ++++ ...e_vga-skip-automatic-zero-init-of-la.patch | 49 ++++ ...dma-skip-automatic-zero-init-of-larg.patch | 47 +++ ...-skip-automatic-zero-init-of-large-a.patch | 56 ++++ ...u-Allow-migration-when-explicitly-cr.patch | 117 ++++++++ ...u-Isolate-AMDVI-PCI-from-amd-iommu-d.patch | 267 ++++++++++++++++++ ...ace-skip-automatic-zero-init-of-larg.patch | 57 ++++ ...kip-automatic-zero-init-of-large-arr.patch | 48 ++++ ...p-automatic-zero-init-of-large-array.patch | 47 +++ ...t-skip-automatic-zero-init-of-large-.patch | 54 ++++ ...p-automatic-zero-init-of-large-array.patch | 47 +++ ...p-automatic-zero-init-of-large-array.patch | 72 +++++ ...kip-automatic-zero-init-of-large-str.patch | 50 ++++ ..._proxy-skip-automatic-zero-init-of-l.patch | 52 ++++ ...ice-Fix-memory-leak-in-loadparm-sett.patch | 47 +++ ...5a-skip-automatic-zero-init-of-large.patch | 49 ++++ ...skip-automatic-zero-init-of-large-ar.patch | 73 +++++ ...p-automatic-zero-init-of-large-array.patch | 50 ++++ ...skip-automatic-zero-init-of-large-ar.patch | 50 ++++ ...-avoid-cost-of-ftrivial-auto-var-ini.patch | 73 +++++ ...piler-add-QEMU_UNINITIALIZED-attribu.patch | 76 +++++ ...p-automatic-zero-init-of-large-array.patch | 49 ++++ ...p-automatic-zero-init-of-large-array.patch | 49 ++++ ...90x-Fix-leak-in-machine_set_loadparm.patch | 60 ++++ ...couple-of-feature-bits-in-CPUID_Fn80.patch | 81 ++++++ ...386-Add-support-for-EPYC-Turin-model.patch | 200 +++++++++++++ ...te-EPYC-CPU-model-for-Cache-property.patch | 147 ++++++++++ ...te-EPYC-Genoa-for-Cache-property-per.patch | 158 +++++++++++ ...te-EPYC-Milan-CPU-model-for-Cache-pr.patch | 146 ++++++++++ ...te-EPYC-Rome-CPU-model-for-Cache-pro.patch | 147 ++++++++++ ...splay-update-interval-when-VM-state-.patch | 97 +++++++ qemu-kvm.spec | 143 +++++++++- 44 files changed, 3299 insertions(+), 1 deletion(-) create mode 100644 kvm-Enable-amd-iommu-device.patch create mode 100644 kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch create mode 100644 kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch create mode 100644 kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch create mode 100644 kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch create mode 100644 kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch create mode 100644 kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch create mode 100644 kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch create mode 100644 kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch create mode 100644 kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch create mode 100644 kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch create mode 100644 kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch create mode 100644 kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch create mode 100644 kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch create mode 100644 kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch create mode 100644 kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch create mode 100644 kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch create mode 100644 kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch create mode 100644 kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch create mode 100644 kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch create mode 100644 kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch create mode 100644 kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch create mode 100644 kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch create mode 100644 kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch create mode 100644 kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch create mode 100644 kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch create mode 100644 kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch create mode 100644 kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch create mode 100644 kvm-net-socket-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-net-stream-skip-automatic-zero-init-of-large-array.patch create mode 100644 kvm-s390x-Fix-leak-in-machine_set_loadparm.patch create mode 100644 kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch create mode 100644 kvm-target-i386-Add-support-for-EPYC-Turin-model.patch create mode 100644 kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch create mode 100644 kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch create mode 100644 kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch create mode 100644 kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch create mode 100644 kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch diff --git a/kvm-Enable-amd-iommu-device.patch b/kvm-Enable-amd-iommu-device.patch new file mode 100644 index 0000000..67f6bbc --- /dev/null +++ b/kvm-Enable-amd-iommu-device.patch @@ -0,0 +1,38 @@ +From 7b15a63367901d3d3fad7cd17c3960662f2f88f0 Mon Sep 17 00:00:00 2001 +From: John Allen +Date: Wed, 11 Jun 2025 15:41:14 -0500 +Subject: [PATCH 42/43] Enable amd-iommu device + +RH-Author: John Allen +RH-MergeRequest: 383: Add ability to manually specify the AMDVI-PCI device +RH-Jira: RHEL-85649 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [3/3] 401f99c41c07746b736300bf40175df11a3330d0 (johnalle/qemu-kvm-fork) + +Now that the amdvi-pci device that amd-iommu creates can be specified +manually, amd-iommu device can be enabled. + +JIRA: https://issues.redhat.com/browse/RHEL-85649 + +Upstream: RHEL ONLY + +Signed-off-by: John Allen +--- + configs/devices/x86_64-softmmu/x86_64-rh-devices.mak | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak +index 097dad9003..26e51b1edf 100644 +--- a/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak ++++ b/configs/devices/x86_64-softmmu/x86_64-rh-devices.mak +@@ -97,6 +97,7 @@ CONFIG_VIRTIO_MEM=y + CONFIG_VIRTIO_PCI=y + CONFIG_VIRTIO_VGA=y + CONFIG_VIRTIO_IOMMU=y ++CONFIG_AMD_IOMMU=y + CONFIG_VMMOUSE=y + CONFIG_VMPORT=y + CONFIG_VTD=y +-- +2.39.3 + diff --git a/kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch b/kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch new file mode 100644 index 0000000..65204cf --- /dev/null +++ b/kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch @@ -0,0 +1,48 @@ +From 116f42add040dfa1eaf25087db1038f8c4198bf7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:41 +0100 +Subject: [PATCH 11/43] block: skip automatic zero-init of large array in + ioq_submit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [3/31] 3d4c81fcc56f1c7a4d1d3819214bd6296edc2a1e (stefanha/centos-stream-qemu-kvm) + +The 'ioq_submit' method has a struct array that is 8k in size. +Skip the automatic zero-init of this array to eliminate the +performance overhead in the I/O hot path. + +The 'iocbs' array will selectively initialized when processing +the I/O data. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-4-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 83750c1da807c973b0b11d977d61df7e41122d03) +Signed-off-by: Stefan Hajnoczi +--- + block/linux-aio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/linux-aio.c b/block/linux-aio.c +index 407369f5c9..c200e7ad20 100644 +--- a/block/linux-aio.c ++++ b/block/linux-aio.c +@@ -291,7 +291,7 @@ static void ioq_submit(LinuxAioState *s) + { + int ret, len; + struct qemu_laiocb *aiocb; +- struct iocb *iocbs[MAX_EVENTS]; ++ QEMU_UNINITIALIZED struct iocb *iocbs[MAX_EVENTS]; + QSIMPLEQ_HEAD(, qemu_laiocb) completed; + + do { +-- +2.39.3 + diff --git a/kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch b/kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch new file mode 100644 index 0000000..e073d38 --- /dev/null +++ b/kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch @@ -0,0 +1,49 @@ +From c7114f381bfa2663bdaa368b7b0dca764e28a07e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:42 +0100 +Subject: [PATCH 12/43] chardev/char-fd: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [4/31] b26dc4c1b9677adb1332c778e6c9ec452952f4c1 (stefanha/centos-stream-qemu-kvm) + +The 'fd_chr_read' method has a 4k byte array used for copying +data between the socket and device. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O +hot path. + +The 'buf' array will be fully initialized when reading data off +the network socket. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-5-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit a503bdc22b91869e3bf45522e36b122889465306) +Signed-off-by: Stefan Hajnoczi +--- + chardev/char-fd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/chardev/char-fd.c b/chardev/char-fd.c +index d2c4923359..8dd662c066 100644 +--- a/chardev/char-fd.c ++++ b/chardev/char-fd.c +@@ -50,7 +50,7 @@ static gboolean fd_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque) + Chardev *chr = CHARDEV(opaque); + FDChardev *s = FD_CHARDEV(opaque); + int len; +- uint8_t buf[CHR_READ_BUF_LEN]; ++ QEMU_UNINITIALIZED uint8_t buf[CHR_READ_BUF_LEN]; + ssize_t ret; + + len = sizeof(buf); +-- +2.39.3 + diff --git a/kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch b/kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch new file mode 100644 index 0000000..c1b20a2 --- /dev/null +++ b/kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch @@ -0,0 +1,49 @@ +From dfe44e34228c242f539f61383c431b6b9acd86f0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:43 +0100 +Subject: [PATCH 13/43] chardev/char-pty: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [5/31] e41c3503091674e90cc7c17f202e5d4ae1f417cd (stefanha/centos-stream-qemu-kvm) + +The 'pty_chr_read' method has a 4k byte array used for copying +data between the PTY and device. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O +hot path. + +The 'buf' array will be fully initialized when reading data off +the PTY. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-6-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 45bb7fb21c8d18294a9f92da99d01ab3c67c7df2) +Signed-off-by: Stefan Hajnoczi +--- + chardev/char-pty.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/chardev/char-pty.c b/chardev/char-pty.c +index 6a2c1dc13a..f484aac78d 100644 +--- a/chardev/char-pty.c ++++ b/chardev/char-pty.c +@@ -154,7 +154,7 @@ static gboolean pty_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque) + Chardev *chr = CHARDEV(opaque); + PtyChardev *s = PTY_CHARDEV(opaque); + gsize len; +- uint8_t buf[CHR_READ_BUF_LEN]; ++ QEMU_UNINITIALIZED uint8_t buf[CHR_READ_BUF_LEN]; + ssize_t ret; + + len = sizeof(buf); +-- +2.39.3 + diff --git a/kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch b/kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch new file mode 100644 index 0000000..c9a6650 --- /dev/null +++ b/kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch @@ -0,0 +1,49 @@ +From 1dbdcc30075e480b1d6da9ef19a8bd38e1762ac9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:44 +0100 +Subject: [PATCH 14/43] chardev/char-socket: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [6/31] 97ec8420f5a8cc37d5ece5721d409e9d94f8b11f (stefanha/centos-stream-qemu-kvm) + +The 'tcp_chr_read' method has a 4k byte array used for copying +data between the socket and device. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O +hot path. + +The 'buf' array will be fully initialized when reading data off +the network socket. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-7-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 9a23075cef1ac6e73a95a489ac72f41c573ceb9b) +Signed-off-by: Stefan Hajnoczi +--- + chardev/char-socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/chardev/char-socket.c b/chardev/char-socket.c +index 2f842f9f88..22c87d0885 100644 +--- a/chardev/char-socket.c ++++ b/chardev/char-socket.c +@@ -497,7 +497,7 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque) + { + Chardev *chr = CHARDEV(opaque); + SocketChardev *s = SOCKET_CHARDEV(opaque); +- uint8_t buf[CHR_READ_BUF_LEN]; ++ QEMU_UNINITIALIZED uint8_t buf[CHR_READ_BUF_LEN]; + int len, size; + + if ((s->state != TCP_CHARDEV_STATE_CONNECTED) || +-- +2.39.3 + diff --git a/kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch b/kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch new file mode 100644 index 0000000..848b9c2 --- /dev/null +++ b/kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch @@ -0,0 +1,57 @@ +From 662b91cbf6bebfa4f38fe2d1b1868d316bfe8838 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:45 +0100 +Subject: [PATCH 15/43] hw/audio/ac97: skip automatic zero-init of large arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [7/31] 5c4f1eea2eab9ef363ac7f0076725fc5767ee51f (stefanha/centos-stream-qemu-kvm) + +The 'read_audio' & 'write_audio' methods have a 4k byte array used +for copying data between the audio backend and device. Skip the +automatic zero-init of these arrays to eliminate the performance +overhead in the I/O hot path. + +The 'tmpbuf' array will be fully initialized when reading data from +the audio backend and/or device memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-8-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 2553d2d26a9d0f46386bf8c37d184567e5cede6c) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/ac97.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c +index 05c573776e..2b290cb2b1 100644 +--- a/hw/audio/ac97.c ++++ b/hw/audio/ac97.c +@@ -886,7 +886,7 @@ static void nabm_writel(void *opaque, uint32_t addr, uint32_t val) + static int write_audio(AC97LinkState *s, AC97BusMasterRegs *r, + int max, int *stop) + { +- uint8_t tmpbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t tmpbuf[4096]; + uint32_t addr = r->bd.addr; + uint32_t temp = r->picb << 1; + uint32_t written = 0; +@@ -959,7 +959,7 @@ static void write_bup(AC97LinkState *s, int elapsed) + static int read_audio(AC97LinkState *s, AC97BusMasterRegs *r, + int max, int *stop) + { +- uint8_t tmpbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t tmpbuf[4096]; + uint32_t addr = r->bd.addr; + uint32_t temp = r->picb << 1; + uint32_t nread = 0; +-- +2.39.3 + diff --git a/kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch b/kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch new file mode 100644 index 0000000..9baed12 --- /dev/null +++ b/kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch @@ -0,0 +1,59 @@ +From 301bc6085046756e7ae0b5c2d4a95fa8cc88be0d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:46 +0100 +Subject: [PATCH 16/43] hw/audio/cs4231a: skip automatic zero-init of large + arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [8/31] 8633c398b929f3c4e0c1d7d5874b2fead4496a7d (stefanha/centos-stream-qemu-kvm) + +The 'cs_write_audio' method has a pair of byte arrays, one 4k in size +and one 8k, which are used in converting audio samples. Skip the +automatic zero-init of these arrays to eliminate the performance +overhead in the I/O hot path. + +The 'tmpbuf' array will be fully initialized when reading a block of +data from the guest. The 'linbuf' array will be fully initialized +when converting the audio samples. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-9-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit ca2cc0385d97cea66cd54ee42553f385c403d4a6) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/cs4231a.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c +index 5a9be80ba3..eb916035ec 100644 +--- a/hw/audio/cs4231a.c ++++ b/hw/audio/cs4231a.c +@@ -528,7 +528,7 @@ static int cs_write_audio (CSState *s, int nchan, int dma_pos, + int dma_len, int len) + { + int temp, net; +- uint8_t tmpbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t tmpbuf[4096]; + IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma); + + temp = len; +@@ -547,7 +547,7 @@ static int cs_write_audio (CSState *s, int nchan, int dma_pos, + copied = k->read_memory(s->isa_dma, nchan, tmpbuf, dma_pos, to_copy); + if (s->tab) { + int i; +- int16_t linbuf[4096]; ++ QEMU_UNINITIALIZED int16_t linbuf[4096]; + + for (i = 0; i < copied; ++i) + linbuf[i] = s->tab[tmpbuf[i]]; +-- +2.39.3 + diff --git a/kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch b/kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch new file mode 100644 index 0000000..f3cab17 --- /dev/null +++ b/kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch @@ -0,0 +1,49 @@ +From 084ce8fa1c5db2eb9c5567fbcd0568e3e2cd37a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:47 +0100 +Subject: [PATCH 17/43] hw/audio/es1370: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [9/31] 3d8c0165ee60c4027302706abc9d6c55461c884b (stefanha/centos-stream-qemu-kvm) + +The 'es1370_transfer_audio' method has a 4k byte array used for +copying data between the audio backend and device. Skip the automatic +zero-init of this array to eliminate the performance overhead in +the I/O hot path. + +The 'tmpbuf' array will be fully initialized when reading data from +the audio backend and/or device memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-10-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 8236e206084b832d1d7ec947a4798b818f4cdf1f) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/es1370.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c +index 75f71e5d78..d0ed0052db 100644 +--- a/hw/audio/es1370.c ++++ b/hw/audio/es1370.c +@@ -604,7 +604,7 @@ static uint64_t es1370_read(void *opaque, hwaddr addr, unsigned size) + static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel, + int max, bool *irq) + { +- uint8_t tmpbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t tmpbuf[4096]; + size_t to_transfer; + uint32_t addr = d->frame_addr; + int sc = d->scount & 0xffff; +-- +2.39.3 + diff --git a/kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch b/kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..7530880 --- /dev/null +++ b/kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,48 @@ +From 7c889953afbf830cb4522ec259221a9319c0f42a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:48 +0100 +Subject: [PATCH 18/43] hw/audio/gus: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [10/31] a580b7fae56231c7bf1e2b797a4037eeb45f817a (stefanha/centos-stream-qemu-kvm) + +The 'GUS_read_DMA' method has a 4k byte array used for copying +data between the audio backend and device. Skip the automatic +zero-init of this array to eliminate the performance overhead in +the I/O hot path. + +The 'tmpbuf' array will be fully initialized when reading data +from device memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-11-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 2e438da4929018c62609381e1156aac0b2fe3de3) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/gus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/audio/gus.c b/hw/audio/gus.c +index e718c1183e..bd242e19a3 100644 +--- a/hw/audio/gus.c ++++ b/hw/audio/gus.c +@@ -183,7 +183,7 @@ static int GUS_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len) + { + GUSState *s = opaque; + IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma); +- char tmpbuf[4096]; ++ QEMU_UNINITIALIZED char tmpbuf[4096]; + int pos = dma_pos, mode, left = dma_len - dma_pos; + + ldebug ("read DMA %#x %d\n", dma_pos, dma_len); +-- +2.39.3 + diff --git a/kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch b/kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch new file mode 100644 index 0000000..7d596bc --- /dev/null +++ b/kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch @@ -0,0 +1,50 @@ +From ef07fc569ae2a50f54f8bf29f09555cb0e8b08db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:49 +0100 +Subject: [PATCH 19/43] hw/audio/marvell_88w8618: skip automatic zero-init of + large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [11/31] c45c78043e51ac3195e76aaf0b745dd41c8d8345 (stefanha/centos-stream-qemu-kvm) + +The 'mv88w8618_audio_callback' method has a 4k byte array used for +copying data between the audio backend and device. Skip the automatic +zero-init of this array to eliminate the performance overhead in +the I/O hot path. + +The 'buf' array will be fully initialized when reading data from +device memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-12-berrange@redhat.com +[Fixed hw/audio/gus in commit message --Stefan] +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 5b6cd5c5df4229972d8a0fd9dd9a089a1644d6ba) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/marvell_88w8618.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/audio/marvell_88w8618.c b/hw/audio/marvell_88w8618.c +index 28f9af320d..31a73f53b9 100644 +--- a/hw/audio/marvell_88w8618.c ++++ b/hw/audio/marvell_88w8618.c +@@ -66,7 +66,7 @@ static void mv88w8618_audio_callback(void *opaque, int free_out, int free_in) + { + mv88w8618_audio_state *s = opaque; + int16_t *codec_buffer; +- int8_t buf[4096]; ++ QEMU_UNINITIALIZED int8_t buf[4096]; + int8_t *mem_buffer; + int pos, block_size; + +-- +2.39.3 + diff --git a/kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch b/kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch new file mode 100644 index 0000000..f550b32 --- /dev/null +++ b/kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch @@ -0,0 +1,48 @@ +From 5b5db5d5901a9d8106cf594f7f7ebf9c9152a53f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:50 +0100 +Subject: [PATCH 20/43] hw/audio/sb16: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [12/31] 2f715c640897101a96a6f397d574f248fc1a7fce (stefanha/centos-stream-qemu-kvm) + +The 'write_audio' method has a 4k byte array used for copying data +between the audio backend and device. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O hot +path. + +The 'tmpbuf' array will be fully initialized when reading data from +device memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-13-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 30c82f6657c1ee9fbb5473924b4d3273f214bd6f) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/sb16.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c +index 0c661b4947..afee59d798 100644 +--- a/hw/audio/sb16.c ++++ b/hw/audio/sb16.c +@@ -1181,7 +1181,7 @@ static int write_audio (SB16State *s, int nchan, int dma_pos, + IsaDma *isa_dma = nchan == s->dma ? s->isa_dma : s->isa_hdma; + IsaDmaClass *k = ISADMA_GET_CLASS(isa_dma); + int temp, net; +- uint8_t tmpbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t tmpbuf[4096]; + + temp = len; + net = 0; +-- +2.39.3 + diff --git a/kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch b/kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch new file mode 100644 index 0000000..dea7ff7 --- /dev/null +++ b/kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch @@ -0,0 +1,49 @@ +From dc08736e78d641eaab2f6df35218fb2b0f88ee50 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:51 +0100 +Subject: [PATCH 21/43] hw/audio/via-ac97: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [13/31] 8afade9e5ac67ec271f3318473c04b6fb9947f8d (stefanha/centos-stream-qemu-kvm) + +The 'out_cb' method has a 4k byte array used for copying data +between the audio backend and device. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O hot +path. + +The 'tmpbuf' array will be fully initialized when reading data from +device memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-14-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit bb71d9fe1419f44529c91d1b09464718d157e647) +Signed-off-by: Stefan Hajnoczi +--- + hw/audio/via-ac97.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/audio/via-ac97.c b/hw/audio/via-ac97.c +index 4e115e011e..08e6762597 100644 +--- a/hw/audio/via-ac97.c ++++ b/hw/audio/via-ac97.c +@@ -175,7 +175,7 @@ static void out_cb(void *opaque, int avail) + ViaAC97SGDChannel *c = &s->aur; + int temp, to_copy, copied; + bool stop = false; +- uint8_t tmpbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t tmpbuf[4096]; + + if (c->stat & STAT_PAUSED) { + return; +-- +2.39.3 + diff --git a/kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch b/kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch new file mode 100644 index 0000000..77a2ee1 --- /dev/null +++ b/kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch @@ -0,0 +1,49 @@ +From d7f96f00428f759f4323364ca1688988b34c17b0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:52 +0100 +Subject: [PATCH 22/43] hw/char/sclpconsole-lm: skip automatic zero-init of + large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [14/31] 17140f6dae4e1f23ae5d2ba5e320dd8335233a5c (stefanha/centos-stream-qemu-kvm) + +The 'process_mdb' method has a 4k byte array used for copying data +between the guest and the chardev backend. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O hot +path. + +The 'buffer' array will be selectively initialized when data is converted +between EBCDIC and ASCII. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-15-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 8b1dac1ad57082611419b0e2f347acd96115d25f) +Signed-off-by: Stefan Hajnoczi +--- + hw/char/sclpconsole-lm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c +index ddb9a726d5..5084531b7b 100644 +--- a/hw/char/sclpconsole-lm.c ++++ b/hw/char/sclpconsole-lm.c +@@ -214,7 +214,7 @@ static int process_mdb(SCLPEvent *event, MDBO *mdbo) + { + int rc; + int len; +- uint8_t buffer[SIZE_BUFFER]; ++ QEMU_UNINITIALIZED uint8_t buffer[SIZE_BUFFER]; + + len = be16_to_cpu(mdbo->length); + len -= sizeof(mdbo->length) + sizeof(mdbo->type) +-- +2.39.3 + diff --git a/kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch b/kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch new file mode 100644 index 0000000..9f3d30c --- /dev/null +++ b/kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch @@ -0,0 +1,49 @@ +From 886a2ce3ff5c05087dc667578d59a37bfedaee19 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:54 +0100 +Subject: [PATCH 24/43] hw/display/vmware_vga: skip automatic zero-init of + large struct +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [16/31] 201c9ceb2782d17dc9ca800b2d924a8ee3a8eb98 (stefanha/centos-stream-qemu-kvm) + +The 'vmsvga_fifo_run' method has a struct which is a little over 20k +in size, used for holding image data for cursor changes. Skip the +automatic zero-init of this struct to eliminate the performance +overhead in the I/O hot path. + +The cursor variable will be fully initialized only when processing +a cursor definition message from the guest. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-17-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 7048e70f391df76d009eecca25f8027858f9f304) +Signed-off-by: Stefan Hajnoczi +--- + hw/display/vmware_vga.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c +index 2dd661e3c1..fae10068cb 100644 +--- a/hw/display/vmware_vga.c ++++ b/hw/display/vmware_vga.c +@@ -618,7 +618,7 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) + uint32_t cmd, colour; + int args, len, maxloop = 1024; + int x, y, dx, dy, width, height; +- struct vmsvga_cursor_definition_s cursor; ++ QEMU_UNINITIALIZED struct vmsvga_cursor_definition_s cursor; + uint32_t cmd_start; + + len = vmsvga_fifo_length(s); +-- +2.39.3 + diff --git a/kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch b/kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch new file mode 100644 index 0000000..8bd1537 --- /dev/null +++ b/kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch @@ -0,0 +1,47 @@ +From 277dbec12b1a109aca6cfe65046f2b4d6b41ee43 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:53 +0100 +Subject: [PATCH 23/43] hw/dma/xlnx_csu_dma: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [15/31] 8832791cb87b342e3b9882893891a824d31b687a (stefanha/centos-stream-qemu-kvm) + +The 'xlnx_csu_dma_src_notify' method has a 4k byte array used for +copying DMA data. Skip the automatic zero-init of this array to +eliminate the performance overhead in the I/O hot path. + +The 'buf' array will be fully initialized when data is copied. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-16-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit ce14f24611aa0469b464a9512e192b4fd51dca2b) +Signed-off-by: Stefan Hajnoczi +--- + hw/dma/xlnx_csu_dma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/dma/xlnx_csu_dma.c b/hw/dma/xlnx_csu_dma.c +index 1afaa0bf51..8091a785cc 100644 +--- a/hw/dma/xlnx_csu_dma.c ++++ b/hw/dma/xlnx_csu_dma.c +@@ -287,7 +287,7 @@ static uint32_t xlnx_csu_dma_advance(XlnxCSUDMA *s, uint32_t len) + static void xlnx_csu_dma_src_notify(void *opaque) + { + XlnxCSUDMA *s = XLNX_CSU_DMA(opaque); +- unsigned char buf[4 * 1024]; ++ QEMU_UNINITIALIZED unsigned char buf[4 * 1024]; + size_t rlen = 0; + + ptimer_transaction_begin(s->src_timer); +-- +2.39.3 + diff --git a/kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch b/kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch new file mode 100644 index 0000000..352c72d --- /dev/null +++ b/kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch @@ -0,0 +1,56 @@ +From 6ae70910d16ef313e4addefea33c00083cc5665c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:55 +0100 +Subject: [PATCH 25/43] hw/hyperv/syndbg: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [17/31] 2c7e0765ddb0fe5880403b234c299931da6daabf (stefanha/centos-stream-qemu-kvm) + +The 'handle_recv_msg' method has a 4k byte array used for copying +data between the network socket and guest memory. Skip the automatic +zero-init of this array to eliminate the performance overhead in the +I/O hot path. + +The 'data_buf' array will be fully initialized when data is read +off the network socket. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-18-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 5a1f614d0cd0bcc8e84e0b7ab6af63d56bd348a2) +Signed-off-by: Stefan Hajnoczi + +Conflicts: + hw/hyperv/syndbg.c + + Context conflict due to missing commit 3efb9d226221 + ("hw/hyperv/syndbg: common compilation unit") downstream. There is no + need to backport the commit because it's not a bug fix. +--- + hw/hyperv/syndbg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/hyperv/syndbg.c b/hw/hyperv/syndbg.c +index d3e3917077..16ed1ab66b 100644 +--- a/hw/hyperv/syndbg.c ++++ b/hw/hyperv/syndbg.c +@@ -188,7 +188,7 @@ static uint16_t handle_recv_msg(HvSynDbg *syndbg, uint64_t outgpa, + uint64_t timeout, uint32_t *retrieved_count) + { + uint16_t ret; +- uint8_t data_buf[TARGET_PAGE_SIZE - UDP_PKT_HEADER_SIZE]; ++ QEMU_UNINITIALIZED uint8_t data_buf[TARGET_PAGE_SIZE - UDP_PKT_HEADER_SIZE]; + hwaddr out_len; + void *out_data; + ssize_t recv_byte_count; +-- +2.39.3 + diff --git a/kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch b/kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch new file mode 100644 index 0000000..34a65b6 --- /dev/null +++ b/kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch @@ -0,0 +1,117 @@ +From c295cfa98a464eba271e75846275913a0ed6435a Mon Sep 17 00:00:00 2001 +From: Suravee Suthikulpanit +Date: Sun, 4 May 2025 17:04:05 +0000 +Subject: [PATCH 41/43] hw/i386/amd_iommu: Allow migration when explicitly + create the AMDVI-PCI device + +RH-Author: John Allen +RH-MergeRequest: 383: Add ability to manually specify the AMDVI-PCI device +RH-Jira: RHEL-85649 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/3] ee1cdd746a3b7051dc1e7c5748876384320a3f28 (johnalle/qemu-kvm-fork) + +Add migration support for AMD IOMMU model by saving necessary AMDVIState +parameters for MMIO registers, device table, command buffer, and event +buffers. + +Also change devtab_len type from size_t to uint64_t to avoid 32-bit build +issue. + +Signed-off-by: Suravee Suthikulpanit +Message-Id: <20250504170405.12623-3-suravee.suthikulpanit@amd.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 28931c2e1591deb4bfaaf744fdc8813e96c230f1) + +JIRA: https://issues.redhat.com/browse/RHEL-85649 + +Signed-off-by: John Allen +--- + hw/i386/amd_iommu.c | 48 +++++++++++++++++++++++++++++++++++++++++++++ + hw/i386/amd_iommu.h | 2 +- + 2 files changed, 49 insertions(+), 1 deletion(-) + +diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c +index da5313f3d2..fbe0be440e 100644 +--- a/hw/i386/amd_iommu.c ++++ b/hw/i386/amd_iommu.c +@@ -1611,8 +1611,55 @@ static void amdvi_sysbus_reset(DeviceState *dev) + amdvi_init(s); + } + ++static const VMStateDescription vmstate_amdvi_sysbus_migratable = { ++ .name = "amd-iommu", ++ .version_id = 1, ++ .minimum_version_id = 1, ++ .priority = MIG_PRI_IOMMU, ++ .fields = (VMStateField[]) { ++ /* Updated in amdvi_handle_control_write() */ ++ VMSTATE_BOOL(enabled, AMDVIState), ++ VMSTATE_BOOL(ga_enabled, AMDVIState), ++ VMSTATE_BOOL(ats_enabled, AMDVIState), ++ VMSTATE_BOOL(cmdbuf_enabled, AMDVIState), ++ VMSTATE_BOOL(completion_wait_intr, AMDVIState), ++ VMSTATE_BOOL(evtlog_enabled, AMDVIState), ++ VMSTATE_BOOL(evtlog_intr, AMDVIState), ++ /* Updated in amdvi_handle_devtab_write() */ ++ VMSTATE_UINT64(devtab, AMDVIState), ++ VMSTATE_UINT64(devtab_len, AMDVIState), ++ /* Updated in amdvi_handle_cmdbase_write() */ ++ VMSTATE_UINT64(cmdbuf, AMDVIState), ++ VMSTATE_UINT64(cmdbuf_len, AMDVIState), ++ /* Updated in amdvi_handle_cmdhead_write() */ ++ VMSTATE_UINT32(cmdbuf_head, AMDVIState), ++ /* Updated in amdvi_handle_cmdtail_write() */ ++ VMSTATE_UINT32(cmdbuf_tail, AMDVIState), ++ /* Updated in amdvi_handle_evtbase_write() */ ++ VMSTATE_UINT64(evtlog, AMDVIState), ++ VMSTATE_UINT32(evtlog_len, AMDVIState), ++ /* Updated in amdvi_handle_evthead_write() */ ++ VMSTATE_UINT32(evtlog_head, AMDVIState), ++ /* Updated in amdvi_handle_evttail_write() */ ++ VMSTATE_UINT32(evtlog_tail, AMDVIState), ++ /* Updated in amdvi_handle_pprbase_write() */ ++ VMSTATE_UINT64(ppr_log, AMDVIState), ++ VMSTATE_UINT32(pprlog_len, AMDVIState), ++ /* Updated in amdvi_handle_pprhead_write() */ ++ VMSTATE_UINT32(pprlog_head, AMDVIState), ++ /* Updated in amdvi_handle_tailhead_write() */ ++ VMSTATE_UINT32(pprlog_tail, AMDVIState), ++ /* MMIO registers */ ++ VMSTATE_UINT8_ARRAY(mmior, AMDVIState, AMDVI_MMIO_SIZE), ++ VMSTATE_UINT8_ARRAY(romask, AMDVIState, AMDVI_MMIO_SIZE), ++ VMSTATE_UINT8_ARRAY(w1cmask, AMDVIState, AMDVI_MMIO_SIZE), ++ VMSTATE_END_OF_LIST() ++ } ++}; ++ + static void amdvi_sysbus_realize(DeviceState *dev, Error **errp) + { ++ DeviceClass *dc = (DeviceClass *) object_get_class(OBJECT(dev)); + AMDVIState *s = AMD_IOMMU_DEVICE(dev); + MachineState *ms = MACHINE(qdev_get_machine()); + PCMachineState *pcms = PC_MACHINE(ms); +@@ -1634,6 +1681,7 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error **errp) + } + + s->pci = AMD_IOMMU_PCI(pdev); ++ dc->vmsd = &vmstate_amdvi_sysbus_migratable; + } else { + s->pci = AMD_IOMMU_PCI(object_new(TYPE_AMD_IOMMU_PCI)); + /* This device should take care of IOMMU PCI properties */ +diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h +index 7a28181d9c..5672bdef89 100644 +--- a/hw/i386/amd_iommu.h ++++ b/hw/i386/amd_iommu.h +@@ -329,7 +329,7 @@ struct AMDVIState { + bool excl_enabled; + + hwaddr devtab; /* base address device table */ +- size_t devtab_len; /* device table length */ ++ uint64_t devtab_len; /* device table length */ + + hwaddr cmdbuf; /* command buffer base address */ + uint64_t cmdbuf_len; /* command buffer length */ +-- +2.39.3 + diff --git a/kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch b/kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch new file mode 100644 index 0000000..d23e2f9 --- /dev/null +++ b/kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch @@ -0,0 +1,267 @@ +From 1922ff43d7eafaad767496de00d4a1af766728e6 Mon Sep 17 00:00:00 2001 +From: Suravee Suthikulpanit +Date: Sun, 4 May 2025 17:04:04 +0000 +Subject: [PATCH 40/43] hw/i386/amd_iommu: Isolate AMDVI-PCI from amd-iommu + device to allow full control over the PCI device creation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: John Allen +RH-MergeRequest: 383: Add ability to manually specify the AMDVI-PCI device +RH-Jira: RHEL-85649 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/3] 3468e169fa46bca1d0a5941dfe652254b830e9c6 (johnalle/qemu-kvm-fork) + +Current amd-iommu model internally creates an AMDVI-PCI device. Here is +a snippet from info qtree: + + bus: main-system-bus + type System + dev: amd-iommu, id "" + xtsup = false + pci-id = "" + intremap = "on" + device-iotlb = false + pt = true + ... + dev: q35-pcihost, id "" + MCFG = -1 (0xffffffffffffffff) + pci-hole64-size = 34359738368 (32 GiB) + below-4g-mem-size = 134217728 (128 MiB) + above-4g-mem-size = 0 (0 B) + smm-ranges = true + x-pci-hole64-fix = true + x-config-reg-migration-enabled = true + bypass-iommu = false + bus: pcie.0 + type PCIE + dev: AMDVI-PCI, id "" + addr = 01.0 + romfile = "" + romsize = 4294967295 (0xffffffff) + rombar = -1 (0xffffffffffffffff) + multifunction = false + x-pcie-lnksta-dllla = true + x-pcie-extcap-init = true + failover_pair_id = "" + acpi-index = 0 (0x0) + x-pcie-err-unc-mask = true + x-pcie-ari-nextfn-1 = false + x-max-bounce-buffer-size = 4096 (4 KiB) + x-pcie-ext-tag = true + busnr = 0 (0x0) + class Class 0806, addr 00:01.0, pci id 1022:0000 (sub 1af4:1100) + ... + +This prohibits users from specifying the PCI topology for the amd-iommu device, +which becomes a problem when trying to support VM migration since it does not +guarantee the same enumeration of AMD IOMMU device. + +Therefore, allow the 'AMDVI-PCI' device to optionally be pre-created and +associated with a 'amd-iommu' device via a new 'pci-id' parameter on the +latter. + +For example: + -device AMDVI-PCI,id=iommupci0,bus=pcie.0,addr=0x05 \ + -device amd-iommu,intremap=on,pt=on,xtsup=on,pci-id=iommupci0 \ + +For backward-compatibility, internally create the AMDVI-PCI device if not +specified on the CLI. + +Co-developed-by: Daniel P. Berrangé +Reviewed-by: Daniel P. Berrangé +Signed-off-by: Suravee Suthikulpanit +Message-Id: <20250504170405.12623-2-suravee.suthikulpanit@amd.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit f864a3235ea1d1d714b3cde2d9a810ea6344a7b5) + +JIRA: https://issues.redhat.com/browse/RHEL-85649 + +Signed-off-by: John Allen +--- + hw/i386/acpi-build.c | 8 +++---- + hw/i386/amd_iommu.c | 53 ++++++++++++++++++++++++++------------------ + hw/i386/amd_iommu.h | 3 ++- + 3 files changed, 38 insertions(+), 26 deletions(-) + +diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c +index 3fffa4a332..f4b65701a4 100644 +--- a/hw/i386/acpi-build.c ++++ b/hw/i386/acpi-build.c +@@ -2333,10 +2333,10 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker, const char *oem_id, + build_append_int_noprefix(table_data, ivhd_blob->len + 24, 2); + /* DeviceID */ + build_append_int_noprefix(table_data, +- object_property_get_int(OBJECT(&s->pci), "addr", ++ object_property_get_int(OBJECT(s->pci), "addr", + &error_abort), 2); + /* Capability offset */ +- build_append_int_noprefix(table_data, s->pci.capab_offset, 2); ++ build_append_int_noprefix(table_data, s->pci->capab_offset, 2); + /* IOMMU base address */ + build_append_int_noprefix(table_data, s->mr_mmio.addr, 8); + /* PCI Segment Group */ +@@ -2368,10 +2368,10 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker, const char *oem_id, + build_append_int_noprefix(table_data, ivhd_blob->len + 40, 2); + /* DeviceID */ + build_append_int_noprefix(table_data, +- object_property_get_int(OBJECT(&s->pci), "addr", ++ object_property_get_int(OBJECT(s->pci), "addr", + &error_abort), 2); + /* Capability offset */ +- build_append_int_noprefix(table_data, s->pci.capab_offset, 2); ++ build_append_int_noprefix(table_data, s->pci->capab_offset, 2); + /* IOMMU base address */ + build_append_int_noprefix(table_data, s->mr_mmio.addr, 8); + /* PCI Segment Group */ +diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c +index 5f9b952799..da5313f3d2 100644 +--- a/hw/i386/amd_iommu.c ++++ b/hw/i386/amd_iommu.c +@@ -167,11 +167,11 @@ static void amdvi_generate_msi_interrupt(AMDVIState *s) + { + MSIMessage msg = {}; + MemTxAttrs attrs = { +- .requester_id = pci_requester_id(&s->pci.dev) ++ .requester_id = pci_requester_id(&s->pci->dev) + }; + +- if (msi_enabled(&s->pci.dev)) { +- msg = msi_get_message(&s->pci.dev, 0); ++ if (msi_enabled(&s->pci->dev)) { ++ msg = msi_get_message(&s->pci->dev, 0); + address_space_stl_le(&address_space_memory, msg.address, msg.data, + attrs, NULL); + } +@@ -239,7 +239,7 @@ static void amdvi_page_fault(AMDVIState *s, uint16_t devid, + info |= AMDVI_EVENT_IOPF_I | AMDVI_EVENT_IOPF; + amdvi_encode_event(evt, devid, addr, info); + amdvi_log_event(s, evt); +- pci_word_test_and_set_mask(s->pci.dev.config + PCI_STATUS, ++ pci_word_test_and_set_mask(s->pci->dev.config + PCI_STATUS, + PCI_STATUS_SIG_TARGET_ABORT); + } + /* +@@ -256,7 +256,7 @@ static void amdvi_log_devtab_error(AMDVIState *s, uint16_t devid, + + amdvi_encode_event(evt, devid, devtab, info); + amdvi_log_event(s, evt); +- pci_word_test_and_set_mask(s->pci.dev.config + PCI_STATUS, ++ pci_word_test_and_set_mask(s->pci->dev.config + PCI_STATUS, + PCI_STATUS_SIG_TARGET_ABORT); + } + /* log an event trying to access command buffer +@@ -269,7 +269,7 @@ static void amdvi_log_command_error(AMDVIState *s, hwaddr addr) + + amdvi_encode_event(evt, 0, addr, info); + amdvi_log_event(s, evt); +- pci_word_test_and_set_mask(s->pci.dev.config + PCI_STATUS, ++ pci_word_test_and_set_mask(s->pci->dev.config + PCI_STATUS, + PCI_STATUS_SIG_TARGET_ABORT); + } + /* log an illegal command event +@@ -310,7 +310,7 @@ static void amdvi_log_pagetab_error(AMDVIState *s, uint16_t devid, + info |= AMDVI_EVENT_PAGE_TAB_HW_ERROR; + amdvi_encode_event(evt, devid, addr, info); + amdvi_log_event(s, evt); +- pci_word_test_and_set_mask(s->pci.dev.config + PCI_STATUS, ++ pci_word_test_and_set_mask(s->pci->dev.config + PCI_STATUS, + PCI_STATUS_SIG_TARGET_ABORT); + } + +@@ -1607,7 +1607,7 @@ static void amdvi_sysbus_reset(DeviceState *dev) + { + AMDVIState *s = AMD_IOMMU_DEVICE(dev); + +- msi_reset(&s->pci.dev); ++ msi_reset(&s->pci->dev); + amdvi_init(s); + } + +@@ -1619,14 +1619,32 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error **errp) + X86MachineState *x86ms = X86_MACHINE(ms); + PCIBus *bus = pcms->pcibus; + +- s->iotlb = g_hash_table_new_full(amdvi_uint64_hash, +- amdvi_uint64_equal, g_free, g_free); ++ if (s->pci_id) { ++ PCIDevice *pdev = NULL; ++ int ret = pci_qdev_find_device(s->pci_id, &pdev); + +- /* This device should take care of IOMMU PCI properties */ +- if (!qdev_realize(DEVICE(&s->pci), &bus->qbus, errp)) { +- return; ++ if (ret) { ++ error_report("Cannot find PCI device '%s'", s->pci_id); ++ return; ++ } ++ ++ if (!object_dynamic_cast(OBJECT(pdev), TYPE_AMD_IOMMU_PCI)) { ++ error_report("Device '%s' must be an AMDVI-PCI device type", s->pci_id); ++ return; ++ } ++ ++ s->pci = AMD_IOMMU_PCI(pdev); ++ } else { ++ s->pci = AMD_IOMMU_PCI(object_new(TYPE_AMD_IOMMU_PCI)); ++ /* This device should take care of IOMMU PCI properties */ ++ if (!qdev_realize(DEVICE(s->pci), &bus->qbus, errp)) { ++ return; ++ } + } + ++ s->iotlb = g_hash_table_new_full(amdvi_uint64_hash, ++ amdvi_uint64_equal, g_free, g_free); ++ + /* Pseudo address space under root PCI bus. */ + x86ms->ioapic_as = amdvi_host_dma_iommu(bus, s, AMDVI_IOAPIC_SB_DEVID); + +@@ -1663,6 +1681,7 @@ static void amdvi_sysbus_realize(DeviceState *dev, Error **errp) + + static const Property amdvi_properties[] = { + DEFINE_PROP_BOOL("xtsup", AMDVIState, xtsup, false), ++ DEFINE_PROP_STRING("pci-id", AMDVIState, pci_id), + }; + + static const VMStateDescription vmstate_amdvi_sysbus = { +@@ -1670,13 +1689,6 @@ static const VMStateDescription vmstate_amdvi_sysbus = { + .unmigratable = 1 + }; + +-static void amdvi_sysbus_instance_init(Object *klass) +-{ +- AMDVIState *s = AMD_IOMMU_DEVICE(klass); +- +- object_initialize(&s->pci, sizeof(s->pci), TYPE_AMD_IOMMU_PCI); +-} +- + static void amdvi_sysbus_class_init(ObjectClass *klass, void *data) + { + DeviceClass *dc = DEVICE_CLASS(klass); +@@ -1696,7 +1708,6 @@ static const TypeInfo amdvi_sysbus = { + .name = TYPE_AMD_IOMMU_DEVICE, + .parent = TYPE_X86_IOMMU_DEVICE, + .instance_size = sizeof(AMDVIState), +- .instance_init = amdvi_sysbus_instance_init, + .class_init = amdvi_sysbus_class_init + }; + +diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h +index 28125130c6..7a28181d9c 100644 +--- a/hw/i386/amd_iommu.h ++++ b/hw/i386/amd_iommu.h +@@ -315,7 +315,8 @@ struct AMDVIPCIState { + + struct AMDVIState { + X86IOMMUState iommu; /* IOMMU bus device */ +- AMDVIPCIState pci; /* IOMMU PCI device */ ++ AMDVIPCIState *pci; /* IOMMU PCI device */ ++ char *pci_id; /* ID of AMDVI-PCI device, if user created */ + + uint32_t version; + +-- +2.39.3 + diff --git a/kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch b/kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch new file mode 100644 index 0000000..87b163c --- /dev/null +++ b/kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch @@ -0,0 +1,57 @@ +From 2bfd29936ae867af81ac7aad36a615e5f478d0ae Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:56 +0100 +Subject: [PATCH 26/43] hw/misc/aspeed_hace: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [18/31] 300760bfe80f17dd429ddbf8bb969a741e596421 (stefanha/centos-stream-qemu-kvm) + +The 'do_hash_operation' method has a 256 element iovec array used for +holding pointers to data that is to be hashed. Skip the automatic +zero-init of this array to eliminate the performance overhead in the +I/O hot path. + +The 'iovec' array will be selectively initialized based on data that +needs to be hashed. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-19-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 6992c886838282f36b20deee44b666bbfc573a8f) +Signed-off-by: Stefan Hajnoczi + +Conflicts: + hw/misc/aspeed_hace.c + + Context conflict due to missing commit b9ccbe212e24 + ("hw/misc/aspeed_hace: Extract accumulation-mode hash execution into + helper function") downstream. The commit is not a bug fix, so there is + no need to backport it. +--- + hw/misc/aspeed_hace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c +index d75da33353..9273aac9c1 100644 +--- a/hw/misc/aspeed_hace.c ++++ b/hw/misc/aspeed_hace.c +@@ -164,7 +164,7 @@ static int reconstruct_iov(AspeedHACEState *s, struct iovec *iov, int id, + static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode, + bool acc_mode) + { +- struct iovec iov[ASPEED_HACE_MAX_SG]; ++ QEMU_UNINITIALIZED struct iovec iov[ASPEED_HACE_MAX_SG]; + uint32_t total_msg_len; + uint32_t pad_offset; + g_autofree uint8_t *digest_buf = NULL; +-- +2.39.3 + diff --git a/kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch b/kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch new file mode 100644 index 0000000..68af4bf --- /dev/null +++ b/kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch @@ -0,0 +1,48 @@ +From 2aa9f26afe4f3c5d69771b71b0e69e123ac5d893 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:57 +0100 +Subject: [PATCH 27/43] hw/net/rtl8139: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [19/31] 489f599053f7f36dbf382a99697e89309e1273de (stefanha/centos-stream-qemu-kvm) + +The 'rtl8139_transmit_one' method has a 8k byte array used for +copying data between guest and host. Skip the automatic zero-init +of this array to eliminate the performance overhead in the I/O +hot path. + +The 'txbuffer' will be fully initialized when reading PCI DMA +buffers. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-20-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 3ccc6489dd4925ddd1f3066bd3751389169cd7aa) +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 6c57a8985b..31a6956252 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -1816,7 +1816,7 @@ static int rtl8139_transmit_one(RTL8139State *s, int descriptor) + + PCIDevice *d = PCI_DEVICE(s); + int txsize = s->TxStatus[descriptor] & 0x1fff; +- uint8_t txbuffer[0x2000]; ++ QEMU_UNINITIALIZED uint8_t txbuffer[0x2000]; + + DPRINTF("+++ transmit reading %d bytes from host memory at 0x%08x\n", + txsize, s->TxAddr[descriptor]); +-- +2.39.3 + diff --git a/kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch b/kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..0b3cbca --- /dev/null +++ b/kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,47 @@ +From 3164836816fb41146e617c769c3cc82f30fa2f38 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:58 +0100 +Subject: [PATCH 28/43] hw/net/tulip: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [20/31] 289701647a64bf8bbadfd32a4592ffc70d11dba9 (stefanha/centos-stream-qemu-kvm) + +The 'tulip_setup_frame' method has a 4k byte array used for copynig +DMA data from the device. Skip the automatic zero-init of this array +to eliminate the performance overhead in the I/O hot path. + +The 'buf' array will be fully initialized when reading data from the +device. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-21-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit e1afd5ee6eb2954f4baf3c97820e4aaf7de97d2a) +Signed-off-by: Stefan Hajnoczi +--- + hw/net/tulip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/tulip.c b/hw/net/tulip.c +index a0646bb84c..97bffe4643 100644 +--- a/hw/net/tulip.c ++++ b/hw/net/tulip.c +@@ -629,7 +629,7 @@ static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n) + static void tulip_setup_frame(TULIPState *s, + struct tulip_descriptor *desc) + { +- uint8_t buf[4096]; ++ QEMU_UNINITIALIZED uint8_t buf[4096]; + int len = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK; + int i; + +-- +2.39.3 + diff --git a/kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch b/kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch new file mode 100644 index 0000000..3d6a35f --- /dev/null +++ b/kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch @@ -0,0 +1,54 @@ +From 9f9c5b4e9f0c230e81167f937d9d875a67e4558b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:36:59 +0100 +Subject: [PATCH 29/43] hw/net/virtio-net: skip automatic zero-init of large + arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [21/31] 87ec97d9e701b7ee27f4b728f0622f5b730e1c03 (stefanha/centos-stream-qemu-kvm) + +The 'virtio_net_receive_rcu' method has three arrays with +VIRTQUEUE_MAX_SIZE elements, which are apprixmately 32k in +size used for copying data between guest and host. Skip the +automatic zero-init of these arrays to eliminate the +performance overhead in the I/O hot path. + +The three arrays will be selectively initialized as required +when processing network buffers. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-22-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 21cf31c51a7aeff4270c9b30b37e019c536d54b2) +Signed-off-by: Stefan Hajnoczi +--- + hw/net/virtio-net.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index bd37651dab..aaa024d70c 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -1910,9 +1910,9 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + VirtIONet *n = qemu_get_nic_opaque(nc); + VirtIONetQueue *q; + VirtIODevice *vdev = VIRTIO_DEVICE(n); +- VirtQueueElement *elems[VIRTQUEUE_MAX_SIZE]; +- size_t lens[VIRTQUEUE_MAX_SIZE]; +- struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE]; ++ QEMU_UNINITIALIZED VirtQueueElement *elems[VIRTQUEUE_MAX_SIZE]; ++ QEMU_UNINITIALIZED size_t lens[VIRTQUEUE_MAX_SIZE]; ++ QEMU_UNINITIALIZED struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE]; + struct virtio_net_hdr_v1_hash extra_hdr; + unsigned mhdr_cnt = 0; + size_t offset, i, guest_offset, j; +-- +2.39.3 + diff --git a/kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch b/kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..3a554e5 --- /dev/null +++ b/kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,47 @@ +From 9df074f93f69dcb7f3a61bcdb05c8e2ece7b6698 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:00 +0100 +Subject: [PATCH 30/43] hw/net/xgamc: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [22/31] 252d607753e42558049b0516924dad3ca08092c0 (stefanha/centos-stream-qemu-kvm) + +The 'xgmac_enet_send' method has a 8k byte array used for copying +data between guest and host. Skip the automatic zero-init of this +array to eliminate the performance overhead in the I/O hot path. + +The 'frame' buffer will be fully initialized when reading guest +memory to fetch the data to send. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-23-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 8b723287b84a62bb5d1a7799ef0959ca8e6c293a) +Signed-off-by: Stefan Hajnoczi +--- + hw/net/xgmac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c +index e3cc4c60eb..14225eb27a 100644 +--- a/hw/net/xgmac.c ++++ b/hw/net/xgmac.c +@@ -207,7 +207,7 @@ static void xgmac_enet_send(XgmacState *s) + struct desc bd; + int frame_size; + int len; +- uint8_t frame[8192]; ++ QEMU_UNINITIALIZED uint8_t frame[8192]; + uint8_t *ptr; + + ptr = frame; +-- +2.39.3 + diff --git a/kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch b/kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..cb185e8 --- /dev/null +++ b/kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,72 @@ +From a39a353ec7656ef7a805391270cec24dfa815b7d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:01 +0100 +Subject: [PATCH 31/43] hw/nvme/ctrl: skip automatic zero-init of large arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [23/31] 926fb489c480ad10c8560efa934b8a7fb3e7a8a3 (stefanha/centos-stream-qemu-kvm) + +The 'nvme_map_sgl' method has a 256 element array used for copying +data from the device. Skip the automatic zero-init of this array +to eliminate the performance overhead in the I/O hot path. + +The 'segment' array will be fully initialized when reading data from +the device. + +The 'nme_changed_nslist' method has a 4k byte array that is manually +initialized with memset(). The compiler ought to be intelligent +enough to turn the memset() into a static initialization operation, +and thus not duplicate the automatic zero-init. Replacing memset() +with '{}' makes it unambiguous that the array is statically initialized. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Message-id: 20250610123709.835102-24-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 7eeb1d3acc175813ad3d5e824f26123e0992093a) +Signed-off-by: Stefan Hajnoczi +--- + hw/nvme/ctrl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index d6b77d4fbc..ad6b264933 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -1057,7 +1057,8 @@ static uint16_t nvme_map_sgl(NvmeCtrl *n, NvmeSg *sg, NvmeSglDescriptor sgl, + */ + #define SEG_CHUNK_SIZE 256 + +- NvmeSglDescriptor segment[SEG_CHUNK_SIZE], *sgld, *last_sgld; ++ QEMU_UNINITIALIZED NvmeSglDescriptor segment[SEG_CHUNK_SIZE]; ++ NvmeSglDescriptor *sgld, *last_sgld; + uint64_t nsgld; + uint32_t seg_len; + uint16_t status; +@@ -5128,7 +5129,7 @@ static uint16_t nvme_error_info(NvmeCtrl *n, uint8_t rae, uint32_t buf_len, + static uint16_t nvme_changed_nslist(NvmeCtrl *n, uint8_t rae, uint32_t buf_len, + uint64_t off, NvmeRequest *req) + { +- uint32_t nslist[1024]; ++ uint32_t nslist[1024] = {}; + uint32_t trans_len; + int i = 0; + uint32_t nsid; +@@ -5138,7 +5139,6 @@ static uint16_t nvme_changed_nslist(NvmeCtrl *n, uint8_t rae, uint32_t buf_len, + return NVME_INVALID_FIELD | NVME_DNR; + } + +- memset(nslist, 0x0, sizeof(nslist)); + trans_len = MIN(sizeof(nslist) - off, buf_len); + + while ((nsid = find_first_bit(n->changed_nsids, NVME_CHANGED_NSID_SIZE)) != +-- +2.39.3 + diff --git a/kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch b/kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch new file mode 100644 index 0000000..b03d925 --- /dev/null +++ b/kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch @@ -0,0 +1,50 @@ +From 71d1656aa3a7ea9b0bb7749212246f3dc8382534 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:02 +0100 +Subject: [PATCH 32/43] hw/ppc/pnv_occ: skip automatic zero-init of large + struct +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [24/31] c6db01eff71723d490feafb993764d76aa13e3da (stefanha/centos-stream-qemu-kvm) + +The 'occ_model_tick' method has a 12k struct used for copying +data between guest and host. Skip the automatic zero-init of this +struct to eliminate the performance overhead in the I/O hot path. + +The 'dynamic_data' buffer will be fully initialized when reading +data from the guest. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-25-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 3438eabaf4f8ae58b6c47f1727938d1d7dac4823) +Signed-off-by: Stefan Hajnoczi +--- + hw/ppc/pnv_occ.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/ppc/pnv_occ.c b/hw/ppc/pnv_occ.c +index 177c5e514b..577af71d43 100644 +--- a/hw/ppc/pnv_occ.c ++++ b/hw/ppc/pnv_occ.c +@@ -790,7 +790,7 @@ static bool occ_opal_process_command(PnvOCC *occ, + + static bool occ_model_tick(PnvOCC *occ) + { +- struct occ_dynamic_data dynamic_data; ++ QEMU_UNINITIALIZED struct occ_dynamic_data dynamic_data; + + if (!occ_read_dynamic_data(occ, &dynamic_data, NULL)) { + /* Can't move OCC state field to safe because we can't map it! */ +-- +2.39.3 + diff --git a/kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch b/kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch new file mode 100644 index 0000000..468e38c --- /dev/null +++ b/kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch @@ -0,0 +1,52 @@ +From 3fafd694cf5df4fa7a9f4f48aad86748d18bd15a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:03 +0100 +Subject: [PATCH 33/43] hw/ppc/spapr_tpm_proxy: skip automatic zero-init of + large arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [25/31] fe7e91a1f74a696e03336cf3429042681c77c4c7 (stefanha/centos-stream-qemu-kvm) + +The 'tpm_execute' method has a pair of 4k arrays used for copying +data between guest and host. Skip the automatic zero-init of these +arrays to eliminate the performance overhead in the I/O hot path. + +The two arrays will be fully initialized when reading data from +guest memory or reading data from the proxy FD. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-26-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 5dd9087fff74b5672526cad254e76f790fb35c7a) +Signed-off-by: Stefan Hajnoczi +--- + hw/ppc/spapr_tpm_proxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/ppc/spapr_tpm_proxy.c b/hw/ppc/spapr_tpm_proxy.c +index ceaa0acaa1..7472ff8709 100644 +--- a/hw/ppc/spapr_tpm_proxy.c ++++ b/hw/ppc/spapr_tpm_proxy.c +@@ -41,8 +41,8 @@ static ssize_t tpm_execute(SpaprTpmProxy *tpm_proxy, target_ulong *args) + target_ulong data_in_size = args[2]; + uint64_t data_out = ppc64_phys_to_real(args[3]); + target_ulong data_out_size = args[4]; +- uint8_t buf_in[TPM_SPAPR_BUFSIZE]; +- uint8_t buf_out[TPM_SPAPR_BUFSIZE]; ++ QEMU_UNINITIALIZED uint8_t buf_in[TPM_SPAPR_BUFSIZE]; ++ QEMU_UNINITIALIZED uint8_t buf_out[TPM_SPAPR_BUFSIZE]; + ssize_t ret; + + trace_spapr_tpm_execute(data_in, data_in_size, data_out, data_out_size); +-- +2.39.3 + diff --git a/kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch b/kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch new file mode 100644 index 0000000..10fc8c4 --- /dev/null +++ b/kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch @@ -0,0 +1,47 @@ +From fee9f1ed047043035ce91284fe0f0feffb27d3af Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Wed, 25 Jun 2025 10:27:51 +0200 +Subject: [PATCH 02/43] hw/s390x/ccw-device: Fix memory leak in loadparm setter +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 386: s390x: Fix memory leaks related to loadparm [rhel-10] +RH-Jira: RHEL-98555 +RH-Acked-by: Cédric Le Goater +RH-Acked-by: Kevin Wolf +RH-Commit: [2/2] f238e2b4819d7e5daf53df3f2eed8744cf534c02 (thuth/qemu-kvm-cs) + +Commit bdf12f2a fixed the setter for the "loadparm" machine property, +which gets a string from a visitor, passes it to s390_ipl_fmt_loadparm() +and then forgot to free it. It left another instance of the same problem +unfixed in the "loadparm" device property. Fix it. + +Signed-off-by: Kevin Wolf +Message-ID: <20250625082751.24896-1-kwolf@redhat.com> +Reviewed-by: Eric Farman +Reviewed-by: Halil Pasic +Tested-by: Thomas Huth +Signed-off-by: Thomas Huth +(cherry picked from commit 78e3781541209b3dcd6f4bb66adf3a3e504b88a4) +--- + hw/s390x/ccw-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/s390x/ccw-device.c b/hw/s390x/ccw-device.c +index 1ea9934f6c..a5ee9dc84d 100644 +--- a/hw/s390x/ccw-device.c ++++ b/hw/s390x/ccw-device.c +@@ -57,7 +57,7 @@ static void ccw_device_set_loadparm(Object *obj, Visitor *v, + Error **errp) + { + CcwDevice *dev = CCW_DEVICE(obj); +- char *val; ++ g_autofree char *val = NULL; + int index; + + index = object_property_get_int(obj, "bootindex", NULL); +-- +2.39.3 + diff --git a/kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch b/kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch new file mode 100644 index 0000000..38b1bc2 --- /dev/null +++ b/kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch @@ -0,0 +1,49 @@ +From 6a11d5845b62f4f1a1c481b9be33aae9acded335 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:05 +0100 +Subject: [PATCH 35/43] hw/scsi/lsi53c895a: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [27/31] d54767678b4bd133b69cc7461220121eee04c9bb (stefanha/centos-stream-qemu-kvm) + +The 'lsi_memcpy' method has a 4k byte array used for copying data +to/from the device. Skip the automatic zero-init of this array to +eliminate the performance overhead in the I/O hot path. + +The 'buf' array will be fully initialized when data is copied. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-28-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 55243edf42ee87bce9f36ca251f3ab9cda1563e4) +Signed-off-by: Stefan Hajnoczi +--- + hw/scsi/lsi53c895a.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c +index 6689ebba25..bacc6593f6 100644 +--- a/hw/scsi/lsi53c895a.c ++++ b/hw/scsi/lsi53c895a.c +@@ -1112,7 +1112,7 @@ bad: + static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) + { + int n; +- uint8_t buf[LSI_BUF_SIZE]; ++ QEMU_UNINITIALIZED uint8_t buf[LSI_BUF_SIZE]; + + trace_lsi_memcpy(dest, src, count); + while (count) { +-- +2.39.3 + diff --git a/kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch b/kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch new file mode 100644 index 0000000..98ca107 --- /dev/null +++ b/kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch @@ -0,0 +1,73 @@ +From e1ca896e3388b7a92e3f65c37c7d0f7a9b4679a0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:06 +0100 +Subject: [PATCH 36/43] hw/scsi/megasas: skip automatic zero-init of large + arrays +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [28/31] 2123323efa4331a9899c62af9edeeac388f09fc4 (stefanha/centos-stream-qemu-kvm) + +The 'megasas_dcmd_pd_get_list' and 'megasas_dcmd_get_properties' +methods have 4k structs used for copying data from the device. +Skip the automatic zero-init of this array to eliminate the +performance overhead in the I/O hot path. + +The 'info' structs are manually initialized with memset(). The +compiler ought to be intelligent enough to turn the memset() +into a static initialization operation, and thus not duplicate +the automatic zero-init. Replacing memset() with '{}' makes it +unambiguous that the arrays are statically initialized. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-29-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit ca0559e2350c618048f7caf80cb79c1259e7cfd2) +Signed-off-by: Stefan Hajnoczi +--- + hw/scsi/megasas.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 9f3b30e6ce..79b0fdcfe3 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -981,13 +981,11 @@ static int megasas_event_wait(MegasasState *s, MegasasCmd *cmd) + + static int megasas_dcmd_pd_get_list(MegasasState *s, MegasasCmd *cmd) + { +- struct mfi_pd_list info; +- size_t dcmd_size = sizeof(info); ++ struct mfi_pd_list info = {}; + BusChild *kid; + uint32_t offset, dcmd_limit, num_pd_disks = 0, max_pd_disks; + dma_addr_t residual; + +- memset(&info, 0, dcmd_size); + offset = 8; + dcmd_limit = offset + sizeof(struct mfi_pd_address); + if (cmd->iov_size < dcmd_limit) { +@@ -1429,11 +1427,10 @@ static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd) + + static int megasas_dcmd_get_properties(MegasasState *s, MegasasCmd *cmd) + { +- struct mfi_ctrl_props info; ++ struct mfi_ctrl_props info = {}; + size_t dcmd_size = sizeof(info); + dma_addr_t residual; + +- memset(&info, 0x0, dcmd_size); + if (cmd->iov_size < dcmd_size) { + trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size, + dcmd_size); +-- +2.39.3 + diff --git a/kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch b/kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..430b484 --- /dev/null +++ b/kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,50 @@ +From b6904ecdbd09b38339963465dd9bd81c25acf5cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:07 +0100 +Subject: [PATCH 37/43] hw/ufs/lu: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [29/31] 9b4da8039e1856614cd65981c2ec0a4b59c4e379 (stefanha/centos-stream-qemu-kvm) + +The 'ufs_emulate_scsi_cmd' method has a 4k byte array used for +copying data from the device. Skip the automatic zero-init of +this array to eliminate the performance overhead in the I/O hot +path. + +The 'outbuf' array will be fully initialized when data is copied +from the guest. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-30-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 7708e298180550eac262c1fd742e6e80c711a5d8) +Signed-off-by: Stefan Hajnoczi +--- + hw/ufs/lu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/ufs/lu.c b/hw/ufs/lu.c +index 1c3794b2d4..63e482bf83 100644 +--- a/hw/ufs/lu.c ++++ b/hw/ufs/lu.c +@@ -194,7 +194,7 @@ static int ufs_emulate_wlun_inquiry(UfsRequest *req, uint8_t *outbuf, + static UfsReqResult ufs_emulate_scsi_cmd(UfsLu *lu, UfsRequest *req) + { + uint8_t lun = lu->lun; +- uint8_t outbuf[4096]; ++ QEMU_UNINITIALIZED uint8_t outbuf[4096]; + uint8_t sense_buf[UFS_SENSE_SIZE]; + uint8_t scsi_status; + int len = 0; +-- +2.39.3 + diff --git a/kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch b/kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch new file mode 100644 index 0000000..4d09fdf --- /dev/null +++ b/kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch @@ -0,0 +1,50 @@ +From d906c6d5ce5b69083890f4ceea4136e736704aab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:04 +0100 +Subject: [PATCH 34/43] hw/usb/hcd-ohci: skip automatic zero-init of large + array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [26/31] 4a8000f1c5065bfc95318615952c62f7070500d9 (stefanha/centos-stream-qemu-kvm) + +The 'ohci_service_iso_td' method has a 8k byte array used for copying +data between guest and host. Skip the automatic zero-init of this +array to eliminate the performance overhead in the I/O hot path. + +The 'buf' array will be fully initialized when reading data from guest +memory. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-27-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 14997d521d1cd0bb36c902ef1032f0d3f2a3c912) +Signed-off-by: Stefan Hajnoczi +--- + hw/usb/hcd-ohci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c +index 71b54914d3..72a9f9f474 100644 +--- a/hw/usb/hcd-ohci.c ++++ b/hw/usb/hcd-ohci.c +@@ -577,7 +577,7 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed) + USBDevice *dev; + USBEndpoint *ep; + USBPacket *pkt; +- uint8_t buf[8192]; ++ QEMU_UNINITIALIZED uint8_t buf[8192]; + bool int_req; + struct ohci_iso_td iso_td; + uint32_t addr; +-- +2.39.3 + diff --git a/kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch b/kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch new file mode 100644 index 0000000..85fb74b --- /dev/null +++ b/kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch @@ -0,0 +1,73 @@ +From 6063d3fedb2767f1a4d668828f49ef8505fa54f3 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Tue, 10 Jun 2025 13:36:40 +0100 +Subject: [PATCH 10/43] hw/virtio/virtio: avoid cost of -ftrivial-auto-var-init + in hot path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/31] 12f251ba363203812e46f268a6f46ccfdbf21b41 (stefanha/centos-stream-qemu-kvm) + +Since commit 7ff9ff039380 ("meson: mitigate against use of uninitialize +stack for exploits") the -ftrivial-auto-var-init=zero compiler option is +used to zero local variables. While this reduces security risks +associated with uninitialized stack data, it introduced a measurable +bottleneck in the virtqueue_split_pop() and virtqueue_packed_pop() +functions. + +These virtqueue functions are in the hot path. They are called for each +element (request) that is popped from a VIRTIO device's virtqueue. Using +__attribute__((uninitialized)) on large stack variables in these +functions improves fio randread bs=4k iodepth=64 performance from 304k +to 332k IOPS (+9%). + +This issue was found using perf-top(1). virtqueue_split_pop() was one of +the top CPU consumers and the "annotate" feature showed that the memory +zeroing instructions at the beginning of the functions were hot. + +Fixes: 7ff9ff039380 ("meson: mitigate against use of uninitialize stack for exploits") +Cc: Daniel P. Berrangé +Signed-off-by: Stefan Hajnoczi +Reviewed-by: Stefan Hajnoczi +Message-id: 20250610123709.835102-3-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit ba2868ce091cd4abe4be6de4b7e44b3be303b352) +Signed-off-by: Stefan Hajnoczi +--- + hw/virtio/virtio.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c +index 85110bce37..f41a418da3 100644 +--- a/hw/virtio/virtio.c ++++ b/hw/virtio/virtio.c +@@ -1680,8 +1680,8 @@ static void *virtqueue_split_pop(VirtQueue *vq, size_t sz) + VirtIODevice *vdev = vq->vdev; + VirtQueueElement *elem = NULL; + unsigned out_num, in_num, elem_entries; +- hwaddr addr[VIRTQUEUE_MAX_SIZE]; +- struct iovec iov[VIRTQUEUE_MAX_SIZE]; ++ hwaddr QEMU_UNINITIALIZED addr[VIRTQUEUE_MAX_SIZE]; ++ struct iovec QEMU_UNINITIALIZED iov[VIRTQUEUE_MAX_SIZE]; + VRingDesc desc; + int rc; + +@@ -1826,8 +1826,8 @@ static void *virtqueue_packed_pop(VirtQueue *vq, size_t sz) + VirtIODevice *vdev = vq->vdev; + VirtQueueElement *elem = NULL; + unsigned out_num, in_num, elem_entries; +- hwaddr addr[VIRTQUEUE_MAX_SIZE]; +- struct iovec iov[VIRTQUEUE_MAX_SIZE]; ++ hwaddr QEMU_UNINITIALIZED addr[VIRTQUEUE_MAX_SIZE]; ++ struct iovec QEMU_UNINITIALIZED iov[VIRTQUEUE_MAX_SIZE]; + VRingPackedDesc desc; + uint16_t id; + int rc; +-- +2.39.3 + diff --git a/kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch b/kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch new file mode 100644 index 0000000..c5d1e4f --- /dev/null +++ b/kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch @@ -0,0 +1,76 @@ +From 0aea786f8ab4f7a4122bb2019ebe5136763c9609 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Tue, 10 Jun 2025 13:36:39 +0100 +Subject: [PATCH 09/43] include/qemu/compiler: add QEMU_UNINITIALIZED attribute + macro +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/31] ddf39e782add4426708480dfb78ebbd71fb777f0 (stefanha/centos-stream-qemu-kvm) + +The QEMU_UNINITIALIZED macro is to be used to skip the default compiler +variable initialization done by -ftrivial-auto-var-init=zero. + +Use this in cases where there a method in the device I/O path (or other +important hot paths), that has large variables on the stack. A rule of +thumb is that "large" means a method with 4kb data in the local stack +frame. Any variables which are KB in size, should be annotated with this +attribute, to pre-emptively eliminate any potential overhead from the +compiler zero'ing memory. + +Given that this turns off a security hardening feature, when using this +to flag variables, it is important that the code is double-checked to +ensure there is no possible use of uninitialized data in the method. + +Signed-off-by: Stefan Hajnoczi +Reviewed-by: Stefan Hajnoczi +Signed-off-by: Daniel P. Berrangé +Message-id: 20250610123709.835102-2-berrange@redhat.com +[DB: split off patch & rewrite guidance on when to use the annotation] +Signed-off-by: Daniel P. Berrangé +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit c653b67d1863b7ebfa67f7c9f4aec209d7b5ced5) +Signed-off-by: Stefan Hajnoczi +--- + include/qemu/compiler.h | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h +index 496dac5ac1..65b89958d3 100644 +--- a/include/qemu/compiler.h ++++ b/include/qemu/compiler.h +@@ -207,6 +207,26 @@ + # define QEMU_USED + #endif + ++/* ++ * Disable -ftrivial-auto-var-init on a local variable. ++ * ++ * Use this in cases where there a method in the device I/O path (or other ++ * important hot paths), that has large variables on the stack. A rule of ++ * thumb is that "large" means a method with 4kb data in the local stack ++ * frame. Any variables which are KB in size, should be annotated with this ++ * attribute, to pre-emptively eliminate any potential overhead from the ++ * compiler's implicit zero'ing of memory. ++ * ++ * Given that this turns off a security hardening feature, when using this ++ * to flag variables, it is important that the code is double-checked to ++ * ensure there is no possible use of uninitialized data in the method. ++ */ ++#if __has_attribute(uninitialized) ++# define QEMU_UNINITIALIZED __attribute__((uninitialized)) ++#else ++# define QEMU_UNINITIALIZED ++#endif ++ + /* + * http://clang.llvm.org/docs/ThreadSafetyAnalysis.html + * +-- +2.39.3 + diff --git a/kvm-net-socket-skip-automatic-zero-init-of-large-array.patch b/kvm-net-socket-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..6bc5323 --- /dev/null +++ b/kvm-net-socket-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,49 @@ +From 7f3f625c3046f8a44ac158bef1e627f18856a2ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:08 +0100 +Subject: [PATCH 38/43] net/socket: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [30/31] b45f973634d85a5cb99d51ef79b0c04c695a43d6 (stefanha/centos-stream-qemu-kvm) + +The 'net_socket_send' method has a 68k byte array used for copying +data between guest and host. Skip the automatic zero-init of this +array to eliminate the performance overhead in the I/O hot path. + +The 'buf1' array will be fully initialized when reading data off +the network socket. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-31-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 751b0e79f1e0e7f88fad2fe2f22595ad03d78859) +Signed-off-by: Stefan Hajnoczi +--- + net/socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/socket.c b/net/socket.c +index 8e3702e1f3..784dda686f 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -157,7 +157,7 @@ static void net_socket_send(void *opaque) + NetSocketState *s = opaque; + int size; + int ret; +- uint8_t buf1[NET_BUFSIZE]; ++ QEMU_UNINITIALIZED uint8_t buf1[NET_BUFSIZE]; + const uint8_t *buf; + + size = recv(s->fd, buf1, sizeof(buf1), 0); +-- +2.39.3 + diff --git a/kvm-net-stream-skip-automatic-zero-init-of-large-array.patch b/kvm-net-stream-skip-automatic-zero-init-of-large-array.patch new file mode 100644 index 0000000..62e5d38 --- /dev/null +++ b/kvm-net-stream-skip-automatic-zero-init-of-large-array.patch @@ -0,0 +1,49 @@ +From 074465b3a94a8d18c4202d13d9506f9dee8030e5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 10 Jun 2025 13:37:09 +0100 +Subject: [PATCH 39/43] net/stream: skip automatic zero-init of large array +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +RH-MergeRequest: 381: Solve -ftrivial-auto-var-init performance regression with QEMU_UNINITIALIZED +RH-Jira: RHEL-95479 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [31/31] 5200215cfd9e263d24342ee4a2b5aafe3d1e1eb7 (stefanha/centos-stream-qemu-kvm) + +The 'net_stream_send' method has a 68k byte array used for copying +data between guest and host. Skip the automatic zero-init of this +array to eliminate the performance overhead in the I/O hot path. + +The 'buf1' array will be fully initialized when reading data off +the network socket. + +Signed-off-by: Daniel P. Berrangé +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Klaus Jensen +Reviewed-by: Harsh Prateek Bora +Message-id: 20250610123709.835102-32-berrange@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 837b87c4c5ba9ac7a255133c6642b8d578272a70) +Signed-off-by: Stefan Hajnoczi +--- + net/stream.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/stream.c b/net/stream.c +index 4de5613844..6152d2a05e 100644 +--- a/net/stream.c ++++ b/net/stream.c +@@ -148,7 +148,7 @@ static gboolean net_stream_send(QIOChannel *ioc, + NetStreamState *s = data; + int size; + int ret; +- char buf1[NET_BUFSIZE]; ++ QEMU_UNINITIALIZED char buf1[NET_BUFSIZE]; + const char *buf; + + size = qio_channel_read(s->ioc, buf1, sizeof(buf1), NULL); +-- +2.39.3 + diff --git a/kvm-s390x-Fix-leak-in-machine_set_loadparm.patch b/kvm-s390x-Fix-leak-in-machine_set_loadparm.patch new file mode 100644 index 0000000..18ac593 --- /dev/null +++ b/kvm-s390x-Fix-leak-in-machine_set_loadparm.patch @@ -0,0 +1,60 @@ +From 24605a535cf850b11fd5910045d5a9a494a0857d Mon Sep 17 00:00:00 2001 +From: Fabiano Rosas +Date: Fri, 9 May 2025 14:49:38 -0300 +Subject: [PATCH 01/43] s390x: Fix leak in machine_set_loadparm +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +RH-MergeRequest: 386: s390x: Fix memory leaks related to loadparm [rhel-10] +RH-Jira: RHEL-98555 +RH-Acked-by: Cédric Le Goater +RH-Acked-by: Kevin Wolf +RH-Commit: [1/2] 04997385648ba61cc55c1c6a11ba553b65bf9fe9 (thuth/qemu-kvm-cs) + +ASAN spotted a leaking string in machine_set_loadparm(): + +Direct leak of 9 byte(s) in 1 object(s) allocated from: + #0 0x560ffb5bb379 in malloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 + #1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106 + #2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364 + #3 0x560ffc8afbf9 in qobject_input_type_str ../qapi/qobject-input-visitor.c:542:12 + #4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10 + #5 0x560ffbe6053a in machine_set_loadparm ../hw/s390x/s390-virtio-ccw.c:802:10 + #6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5 + #7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom-qobject.c:28:10 + #8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15 + #9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ipl.c:569:9 + #10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ipl.c:594:5 + #11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9 + #12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/misc_helper.c:137:9 + #13 0x7f1a3c51c730 (/memfd:tcg-jit (deleted)+0x39730) + +Cc: qemu-stable@nongnu.org +Signed-off-by: Fabiano Rosas +Message-ID: <20250509174938.25935-1-farosas@suse.de> +Fixes: 1fd396e3228 ("s390x: Register TYPE_S390_CCW_MACHINE properties as class properties") +Reviewed-by: Thomas Huth +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Thomas Huth +(cherry picked from commit bdf12f2a56bf3f13c52eb51f0a994bbfe40706b2) +--- + hw/s390x/s390-virtio-ccw.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 59b545740e..dd3fc13683 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -804,6 +804,7 @@ static void machine_set_loadparm(Object *obj, Visitor *v, + } + + s390_ipl_fmt_loadparm(ms->loadparm, val, errp); ++ g_free(val); + } + + static void ccw_machine_class_init(ObjectClass *oc, void *data) +-- +2.39.3 + diff --git a/kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch b/kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch new file mode 100644 index 0000000..9199986 --- /dev/null +++ b/kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch @@ -0,0 +1,81 @@ +From d2fcec417c3ce57ef25f8eea957a5fef9c2866bf Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Thu, 8 May 2025 14:58:02 -0500 +Subject: [PATCH 06/43] target/i386: Add couple of feature bits in + CPUID_Fn80000021_EAX + +RH-Author: John Allen +RH-MergeRequest: 377: Update EPYC Models and Feature Bits +RH-Jira: RHEL-52650 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [4/6] 568d79477d85be653fa580d329495193c24e1500 (johnalle/qemu-kvm-fork) + +Add CPUID bit indicates that a WRMSR to MSR_FS_BASE, MSR_GS_BASE, or +MSR_KERNEL_GS_BASE is non-serializing amd PREFETCHI that the indicates +support for IC prefetch. + +CPUID_Fn80000021_EAX +Bit Feature description +20 Indicates support for IC prefetch. +1 FsGsKernelGsBaseNonSerializing. + WRMSR to FS_BASE, GS_BASE and KernelGSbase are non-serializing. + +Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip +Signed-off-by: Babu Moger +Reviewed-by: Maksim Davydov +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/a5f6283a59579b09ac345b3f21ecb3b3b2d92451.1746734284.git.babu.moger@amd.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit dfd5b456108a75588ab094358ba5754787146d3d) + +JIRA: https://issues.redhat.com/browse/RHEL-52650 + +Signed-off-by: John Allen +--- + target/i386/cpu.c | 4 ++-- + target/i386/cpu.h | 4 ++++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index b3052c6c2c..dd16f885cf 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1237,12 +1237,12 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + [FEAT_8000_0021_EAX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +- "no-nested-data-bp", NULL, "lfence-always-serializing", NULL, ++ "no-nested-data-bp", "fs-gs-base-ns", "lfence-always-serializing", NULL, + NULL, NULL, "null-sel-clr-base", NULL, + "auto-ibrs", NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, ++ "prefetchi", NULL, NULL, NULL, + "eraps", NULL, NULL, "sbpb", + "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL, + }, +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 76f24446a5..d7dcd59b2d 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1074,12 +1074,16 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + + /* Processor ignores nested data breakpoints */ + #define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP (1U << 0) ++/* WRMSR to FS_BASE, GS_BASE, or KERNEL_GS_BASE is non-serializing */ ++#define CPUID_8000_0021_EAX_FS_GS_BASE_NS (1U << 1) + /* LFENCE is always serializing */ + #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING (1U << 2) + /* Null Selector Clears Base */ + #define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE (1U << 6) + /* Automatic IBRS */ + #define CPUID_8000_0021_EAX_AUTO_IBRS (1U << 8) ++/* Indicates support for IC prefetch */ ++#define CPUID_8000_0021_EAX_PREFETCHI (1U << 20) + /* Enhanced Return Address Predictor Scurity */ + #define CPUID_8000_0021_EAX_ERAPS (1U << 24) + /* Selective Branch Predictor Barrier */ +-- +2.39.3 + diff --git a/kvm-target-i386-Add-support-for-EPYC-Turin-model.patch b/kvm-target-i386-Add-support-for-EPYC-Turin-model.patch new file mode 100644 index 0000000..4afe216 --- /dev/null +++ b/kvm-target-i386-Add-support-for-EPYC-Turin-model.patch @@ -0,0 +1,200 @@ +From 6a86e17bd55a867b903e14a6cff3d985a046a794 Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Thu, 8 May 2025 14:58:04 -0500 +Subject: [PATCH 08/43] target/i386: Add support for EPYC-Turin model + +RH-Author: John Allen +RH-MergeRequest: 377: Update EPYC Models and Feature Bits +RH-Jira: RHEL-52650 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [6/6] 3d8805bafc53da2bd5a2b2b96cc892ea7ca9f2b3 (johnalle/qemu-kvm-fork) + +Add the support for AMD EPYC zen 5 processors (EPYC-Turin). + +Add the following new feature bits on top of the feature bits from +the previous generation EPYC models. + +movdiri : Move Doubleword as Direct Store Instruction +movdir64b : Move 64 Bytes as Direct Store Instruction +avx512-vp2intersect : AVX512 Vector Pair Intersection to a Pair + of Mask Register +avx-vnni : AVX VNNI Instruction +prefetchi : Indicates support for IC prefetch +sbpb : Selective Branch Predictor Barrier +ibpb-brtype : IBPB includes branch type prediction flushing +srso-user-kernel-no : Not vulnerable to SRSO at the user-kernel boundary + +Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip +Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf +Signed-off-by: Babu Moger +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/b4fa7708a0e1453d2e9b8ec3dc881feb92eeca0b.1746734284.git.babu.moger@amd.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit 3771a4daa273ba17cb27309984413790d1df5651) + +JIRA: https://issues.redhat.com/browse/RHEL-52650 + +Signed-off-by: John Allen +--- + target/i386/cpu.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 138 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 523ac08a07..3e31999d19 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2668,6 +2668,61 @@ static const CPUCaches epyc_genoa_v2_cache_info = { + .share_level = CPU_TOPOLOGY_LEVEL_DIE, + }, + }; ++ ++static const CPUCaches epyc_turin_cache_info = { ++ .l1d_cache = &(CPUCacheInfo) { ++ .type = DATA_CACHE, ++ .level = 1, ++ .size = 48 * KiB, ++ .line_size = 64, ++ .associativity = 12, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l1i_cache = &(CPUCacheInfo) { ++ .type = INSTRUCTION_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l2_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 2, ++ .size = 1 * MiB, ++ .line_size = 64, ++ .associativity = 16, ++ .partitions = 1, ++ .sets = 1024, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .inclusive = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l3_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 3, ++ .size = 32 * MiB, ++ .line_size = 64, ++ .associativity = 16, ++ .partitions = 1, ++ .sets = 32768, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .no_invd_sharing = true, ++ .complex_indexing = false, ++ .share_level = CPU_TOPOLOGY_LEVEL_DIE, ++ }, ++}; ++ + /* The following VMX features are not supported by KVM and are left out in the + * CPU definitions: + * +@@ -5937,6 +5992,89 @@ static const X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Zhaoxin YongFeng Processor", + }, + #endif ++ { ++ .name = "EPYC-Turin", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_AMD, ++ .family = 26, ++ .model = 0, ++ .stepping = 0, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX | ++ CPUID_EXT_XSAVE | CPUID_EXT_AES | CPUID_EXT_POPCNT | ++ CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 | ++ CPUID_EXT_PCID | CPUID_EXT_CX16 | CPUID_EXT_FMA | ++ CPUID_EXT_SSSE3 | CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | ++ CPUID_EXT_SSE3, ++ .features[FEAT_1_EDX] = ++ CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH | ++ CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE | ++ CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE | ++ CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE | ++ CPUID_VME | CPUID_FP87, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 | ++ CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | ++ CPUID_7_0_EBX_INVPCID | CPUID_7_0_EBX_AVX512F | ++ CPUID_7_0_EBX_AVX512DQ | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_AVX512IFMA | ++ CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_AVX512CD | CPUID_7_0_EBX_SHA_NI | ++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512VL, ++ .features[FEAT_7_0_ECX] = ++ CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU | ++ CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI | ++ CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ | ++ CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG | ++ CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57 | ++ CPUID_7_0_ECX_RDPID | CPUID_7_0_ECX_MOVDIRI | ++ CPUID_7_0_ECX_MOVDIR64B, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_FSRM | CPUID_7_0_EDX_AVX512_VP2INTERSECT, ++ .features[FEAT_7_1_EAX] = ++ CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_AVX512_BF16, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH | ++ CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | ++ CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM | ++ CPUID_EXT3_TOPOEXT | CPUID_EXT3_PERFCORE, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB | ++ CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX | ++ CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0007_EBX] = ++ CPUID_8000_0007_EBX_OVERFLOW_RECOV | CPUID_8000_0007_EBX_SUCCOR, ++ .features[FEAT_8000_0008_EBX] = ++ CPUID_8000_0008_EBX_CLZERO | CPUID_8000_0008_EBX_XSAVEERPTR | ++ CPUID_8000_0008_EBX_WBNOINVD | CPUID_8000_0008_EBX_IBPB | ++ CPUID_8000_0008_EBX_IBRS | CPUID_8000_0008_EBX_STIBP | ++ CPUID_8000_0008_EBX_STIBP_ALWAYS_ON | ++ CPUID_8000_0008_EBX_AMD_SSBD | CPUID_8000_0008_EBX_AMD_PSFD, ++ .features[FEAT_8000_0021_EAX] = ++ CPUID_8000_0021_EAX_NO_NESTED_DATA_BP | ++ CPUID_8000_0021_EAX_FS_GS_BASE_NS | ++ CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING | ++ CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE | ++ CPUID_8000_0021_EAX_AUTO_IBRS | CPUID_8000_0021_EAX_PREFETCHI | ++ CPUID_8000_0021_EAX_SBPB | CPUID_8000_0021_EAX_IBPB_BRTYPE | ++ CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO, ++ .features[FEAT_8000_0022_EAX] = ++ CPUID_8000_0022_EAX_PERFMON_V2, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES, ++ .features[FEAT_SVM] = ++ CPUID_SVM_NPT | CPUID_SVM_LBRV | CPUID_SVM_NRIPSAVE | ++ CPUID_SVM_TSCSCALE | CPUID_SVM_VMCBCLEAN | CPUID_SVM_FLUSHASID | ++ CPUID_SVM_PAUSEFILTER | CPUID_SVM_PFTHRESHOLD | ++ CPUID_SVM_V_VMSAVE_VMLOAD | CPUID_SVM_VGIF | ++ CPUID_SVM_VNMI | CPUID_SVM_SVME_ADDR_CHK, ++ .xlevel = 0x80000022, ++ .model_id = "AMD EPYC-Turin Processor", ++ .cache_info = &epyc_turin_cache_info, ++ }, + }; + + /* +-- +2.39.3 + diff --git a/kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch b/kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch new file mode 100644 index 0000000..623736f --- /dev/null +++ b/kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch @@ -0,0 +1,147 @@ +From bec357aa1a80983969a1bb8524d4d649dd5ca355 Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Thu, 8 May 2025 14:57:59 -0500 +Subject: [PATCH 03/43] target/i386: Update EPYC CPU model for Cache property, + RAS, SVM feature bits + +RH-Author: John Allen +RH-MergeRequest: 377: Update EPYC Models and Feature Bits +RH-Jira: RHEL-52650 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/6] 4d46c1c5cc85b8c5085fe1089ee34a03fcc24b71 (johnalle/qemu-kvm-fork) + +Found that some of the cache properties are not set correctly for EPYC models. + +l1d_cache.no_invd_sharing should not be true. +l1i_cache.no_invd_sharing should not be true. + +L2.self_init should be true. +L2.inclusive should be true. + +L3.inclusive should not be true. +L3.no_invd_sharing should be true. + +Fix the cache properties. + +Also add the missing RAS and SVM features bits on AMD +EPYC CPU models. The SVM feature bits are used in nested guests. + +succor : Software uncorrectable error containment and recovery capability. +overflow-recov : MCA overflow recovery support. +lbrv : LBR virtualization +tsc-scale : MSR based TSC rate control +vmcb-clean : VMCB clean bits +flushbyasid : Flush by ASID +pause-filter : Pause intercept filter +pfthreshold : PAUSE filter threshold +v-vmsave-vmload : Virtualized VMLOAD and VMSAVE +vgif : Virtualized GIF + +Signed-off-by: Babu Moger +Reviewed-by: Maksim Davydov +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/515941861700d7066186c9600bc5d96a1741ef0c.1746734284.git.babu.moger@amd.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit 397db937e85d7b9f5a6f0b30764786cef09d1ff3) + +JIRA: https://issues.redhat.com/browse/RHEL-52650 + +Signed-off-by: John Allen +--- + target/i386/cpu.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 0b09990a8f..e588f81b2e 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2183,6 +2183,60 @@ static CPUCaches epyc_v4_cache_info = { + }, + }; + ++static CPUCaches epyc_v5_cache_info = { ++ .l1d_cache = &(CPUCacheInfo) { ++ .type = DATA_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l1i_cache = &(CPUCacheInfo) { ++ .type = INSTRUCTION_CACHE, ++ .level = 1, ++ .size = 64 * KiB, ++ .line_size = 64, ++ .associativity = 4, ++ .partitions = 1, ++ .sets = 256, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l2_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 2, ++ .size = 512 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 1024, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .inclusive = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l3_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 3, ++ .size = 8 * MiB, ++ .line_size = 64, ++ .associativity = 16, ++ .partitions = 1, ++ .sets = 8192, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .no_invd_sharing = true, ++ .complex_indexing = false, ++ .share_level = CPU_TOPOLOGY_LEVEL_DIE, ++ }, ++}; ++ + static const CPUCaches epyc_rome_cache_info = { + .l1d_cache = &(CPUCacheInfo) { + .type = DATA_CACHE, +@@ -5226,6 +5280,25 @@ static const X86CPUDefinition builtin_x86_defs[] = { + }, + .cache_info = &epyc_v4_cache_info + }, ++ { ++ .version = 5, ++ .props = (PropValue[]) { ++ { "overflow-recov", "on" }, ++ { "succor", "on" }, ++ { "lbrv", "on" }, ++ { "tsc-scale", "on" }, ++ { "vmcb-clean", "on" }, ++ { "flushbyasid", "on" }, ++ { "pause-filter", "on" }, ++ { "pfthreshold", "on" }, ++ { "v-vmsave-vmload", "on" }, ++ { "vgif", "on" }, ++ { "model-id", ++ "AMD EPYC-v5 Processor" }, ++ { /* end of list */ } ++ }, ++ .cache_info = &epyc_v5_cache_info ++ }, + { /* end of list */ } + } + }, +-- +2.39.3 + diff --git a/kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch b/kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch new file mode 100644 index 0000000..7f9ed58 --- /dev/null +++ b/kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch @@ -0,0 +1,158 @@ +From 9e8cee2f5b79e7769533b0db15cddb98acb3fabe Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Thu, 8 May 2025 14:58:03 -0500 +Subject: [PATCH 07/43] target/i386: Update EPYC-Genoa for Cache property, + perfmon-v2, RAS and SVM feature bits + +RH-Author: John Allen +RH-MergeRequest: 377: Update EPYC Models and Feature Bits +RH-Jira: RHEL-52650 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [5/6] 1341ffa8eeda12c964d793c7c99e56c114796f04 (johnalle/qemu-kvm-fork) + +Found that some of the cache properties are not set correctly for EPYC models. +l1d_cache.no_invd_sharing should not be true. +l1i_cache.no_invd_sharing should not be true. + +L2.self_init should be true. +L2.inclusive should be true. + +L3.inclusive should not be true. +L3.no_invd_sharing should be true. + +Fix these cache properties. + +Also add the missing RAS and SVM features bits on AMD EPYC-Genoa model. +The SVM feature bits are used in nested guests. + +perfmon-v2 : Allow guests to make use of the PerfMonV2 features. +succor : Software uncorrectable error containment and recovery capability. +overflow-recov : MCA overflow recovery support. +lbrv : LBR virtualization +tsc-scale : MSR based TSC rate control +vmcb-clean : VMCB clean bits +flushbyasid : Flush by ASID +pause-filter : Pause intercept filter +pfthreshold : PAUSE filter threshold +v-vmsave-vmload: Virtualized VMLOAD and VMSAVE +vgif : Virtualized GIF +fs-gs-base-ns : WRMSR to {FS,GS,KERNEL_GS}_BASE is non-serializing + +The feature details are available in APM listed below [1]. +[1] AMD64 Architecture Programmer's Manual Volume 2: System Programming +Publication # 24593 Revision 3.41. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 +Signed-off-by: Babu Moger +Reviewed-by: Maksim Davydov +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/afe3f05d4116124fd5795f28fc23d7b396140313.1746734284.git.babu.moger@amd.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit abc92cc8488b5dbcc403b5be24d8092180605101) + +JIRA: https://issues.redhat.com/browse/RHEL-52650 + +Signed-off-by: John Allen +--- + target/i386/cpu.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 78 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index dd16f885cf..523ac08a07 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2615,6 +2615,59 @@ static const CPUCaches epyc_genoa_cache_info = { + }, + }; + ++static const CPUCaches epyc_genoa_v2_cache_info = { ++ .l1d_cache = &(CPUCacheInfo) { ++ .type = DATA_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l1i_cache = &(CPUCacheInfo) { ++ .type = INSTRUCTION_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l2_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 2, ++ .size = 1 * MiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 2048, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .inclusive = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l3_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 3, ++ .size = 32 * MiB, ++ .line_size = 64, ++ .associativity = 16, ++ .partitions = 1, ++ .sets = 32768, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .no_invd_sharing = true, ++ .complex_indexing = false, ++ .share_level = CPU_TOPOLOGY_LEVEL_DIE, ++ }, ++}; + /* The following VMX features are not supported by KVM and are left out in the + * CPU definitions: + * +@@ -5732,6 +5785,31 @@ static const X86CPUDefinition builtin_x86_defs[] = { + .xlevel = 0x80000022, + .model_id = "AMD EPYC-Genoa Processor", + .cache_info = &epyc_genoa_cache_info, ++ .versions = (X86CPUVersionDefinition[]) { ++ { .version = 1 }, ++ { ++ .version = 2, ++ .props = (PropValue[]) { ++ { "overflow-recov", "on" }, ++ { "succor", "on" }, ++ { "lbrv", "on" }, ++ { "tsc-scale", "on" }, ++ { "vmcb-clean", "on" }, ++ { "flushbyasid", "on" }, ++ { "pause-filter", "on" }, ++ { "pfthreshold", "on" }, ++ { "v-vmsave-vmload", "on" }, ++ { "vgif", "on" }, ++ { "fs-gs-base-ns", "on" }, ++ { "perfmon-v2", "on" }, ++ { "model-id", ++ "AMD EPYC-Genoa-v2 Processor" }, ++ { /* end of list */ } ++ }, ++ .cache_info = &epyc_genoa_v2_cache_info ++ }, ++ { /* end of list */ } ++ } + }, + #if 0 // Disabled for Red Hat Enterprise Linux + { +-- +2.39.3 + diff --git a/kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch b/kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch new file mode 100644 index 0000000..8457fad --- /dev/null +++ b/kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch @@ -0,0 +1,146 @@ +From 18fc3436b689504c353e92a0e010fc3bb6a5a4af Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Thu, 8 May 2025 14:58:01 -0500 +Subject: [PATCH 05/43] target/i386: Update EPYC-Milan CPU model for Cache + property, RAS, SVM feature bits + +RH-Author: John Allen +RH-MergeRequest: 377: Update EPYC Models and Feature Bits +RH-Jira: RHEL-52650 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [3/6] f6f2a437a158296e884da0f4deac28d58d15ffae (johnalle/qemu-kvm-fork) + +Found that some of the cache properties are not set correctly for EPYC models. +l1d_cache.no_invd_sharing should not be true. +l1i_cache.no_invd_sharing should not be true. + +L2.self_init should be true. +L2.inclusive should be true. + +L3.inclusive should not be true. +L3.no_invd_sharing should be true. + +Fix these cache properties. + +Also add the missing RAS and SVM features bits on AMD EPYC-Milan model. +The SVM feature bits are used in nested guests. + +succor : Software uncorrectable error containment and recovery capability. +overflow-recov : MCA overflow recovery support. +lbrv : LBR virtualization +tsc-scale : MSR based TSC rate control +vmcb-clean : VMCB clean bits +flushbyasid : Flush by ASID +pause-filter : Pause intercept filter +pfthreshold : PAUSE filter threshold +v-vmsave-vmload : Virtualized VMLOAD and VMSAVE +vgif : Virtualized GIF + +Signed-off-by: Babu Moger +Reviewed-by: Maksim Davydov +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/c619c0e09a9d5d496819ed48d69181d65f416891.1746734284.git.babu.moger@amd.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit fc014d9ba5b26b27401e0e88a4e1ef827c68fe64) + +JIRA: https://issues.redhat.com/browse/RHEL-52650 + +Signed-off-by: John Allen +--- + target/i386/cpu.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 403c72ca60..b3052c6c2c 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2507,6 +2507,60 @@ static const CPUCaches epyc_milan_v2_cache_info = { + }, + }; + ++static const CPUCaches epyc_milan_v3_cache_info = { ++ .l1d_cache = &(CPUCacheInfo) { ++ .type = DATA_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l1i_cache = &(CPUCacheInfo) { ++ .type = INSTRUCTION_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l2_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 2, ++ .size = 512 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 1024, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .inclusive = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l3_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 3, ++ .size = 32 * MiB, ++ .line_size = 64, ++ .associativity = 16, ++ .partitions = 1, ++ .sets = 32768, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .no_invd_sharing = true, ++ .complex_indexing = false, ++ .share_level = CPU_TOPOLOGY_LEVEL_DIE, ++ }, ++}; ++ + static const CPUCaches epyc_genoa_cache_info = { + .l1d_cache = &(CPUCacheInfo) { + .type = DATA_CACHE, +@@ -5585,6 +5639,25 @@ static const X86CPUDefinition builtin_x86_defs[] = { + }, + .cache_info = &epyc_milan_v2_cache_info + }, ++ { ++ .version = 3, ++ .props = (PropValue[]) { ++ { "overflow-recov", "on" }, ++ { "succor", "on" }, ++ { "lbrv", "on" }, ++ { "tsc-scale", "on" }, ++ { "vmcb-clean", "on" }, ++ { "flushbyasid", "on" }, ++ { "pause-filter", "on" }, ++ { "pfthreshold", "on" }, ++ { "v-vmsave-vmload", "on" }, ++ { "vgif", "on" }, ++ { "model-id", ++ "AMD EPYC-Milan-v3 Processor" }, ++ { /* end of list */ } ++ }, ++ .cache_info = &epyc_milan_v3_cache_info ++ }, + { /* end of list */ } + } + }, +-- +2.39.3 + diff --git a/kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch b/kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch new file mode 100644 index 0000000..7d454bf --- /dev/null +++ b/kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch @@ -0,0 +1,147 @@ +From 3f18ecff6d6cc0601662fa281551881fdf49d33a Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Thu, 8 May 2025 14:58:00 -0500 +Subject: [PATCH 04/43] target/i386: Update EPYC-Rome CPU model for Cache + property, RAS, SVM feature bits + +RH-Author: John Allen +RH-MergeRequest: 377: Update EPYC Models and Feature Bits +RH-Jira: RHEL-52650 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/6] 2e08f5372c332152044332474aec4b783c121488 (johnalle/qemu-kvm-fork) + +Found that some of the cache properties are not set correctly for EPYC models. + +l1d_cache.no_invd_sharing should not be true. +l1i_cache.no_invd_sharing should not be true. + +L2.self_init should be true. +L2.inclusive should be true. + +L3.inclusive should not be true. +L3.no_invd_sharing should be true. + +Fix these cache properties. + +Also add the missing RAS and SVM features bits on AMD EPYC-Rome. The SVM +feature bits are used in nested guests. + +succor : Software uncorrectable error containment and recovery capability. +overflow-recov : MCA overflow recovery support. +lbrv : LBR virtualization +tsc-scale : MSR based TSC rate control +vmcb-clean : VMCB clean bits +flushbyasid : Flush by ASID +pause-filter : Pause intercept filter +pfthreshold : PAUSE filter threshold +v-vmsave-vmload : Virtualized VMLOAD and VMSAVE +vgif : Virtualized GIF + +Signed-off-by: Babu Moger +Reviewed-by: Maksim Davydov +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/8265af72057b84c99ac3a02a5487e32759cc69b1.1746734284.git.babu.moger@amd.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit 83d940e9700527ff080416ce2fa52ee1f4771d72) + +JIRA: https://issues.redhat.com/browse/RHEL-52650 + +Signed-off-by: John Allen +--- + target/i386/cpu.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index e588f81b2e..403c72ca60 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2345,6 +2345,60 @@ static const CPUCaches epyc_rome_v3_cache_info = { + }, + }; + ++static const CPUCaches epyc_rome_v5_cache_info = { ++ .l1d_cache = &(CPUCacheInfo) { ++ .type = DATA_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l1i_cache = &(CPUCacheInfo) { ++ .type = INSTRUCTION_CACHE, ++ .level = 1, ++ .size = 32 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 64, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l2_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 2, ++ .size = 512 * KiB, ++ .line_size = 64, ++ .associativity = 8, ++ .partitions = 1, ++ .sets = 1024, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .inclusive = true, ++ .share_level = CPU_TOPOLOGY_LEVEL_CORE, ++ }, ++ .l3_cache = &(CPUCacheInfo) { ++ .type = UNIFIED_CACHE, ++ .level = 3, ++ .size = 16 * MiB, ++ .line_size = 64, ++ .associativity = 16, ++ .partitions = 1, ++ .sets = 16384, ++ .lines_per_tag = 1, ++ .self_init = true, ++ .no_invd_sharing = true, ++ .complex_indexing = false, ++ .share_level = CPU_TOPOLOGY_LEVEL_DIE, ++ }, ++}; ++ + static const CPUCaches epyc_milan_cache_info = { + .l1d_cache = &(CPUCacheInfo) { + .type = DATA_CACHE, +@@ -5437,6 +5491,25 @@ static const X86CPUDefinition builtin_x86_defs[] = { + { /* end of list */ } + }, + }, ++ { ++ .version = 5, ++ .props = (PropValue[]) { ++ { "overflow-recov", "on" }, ++ { "succor", "on" }, ++ { "lbrv", "on" }, ++ { "tsc-scale", "on" }, ++ { "vmcb-clean", "on" }, ++ { "flushbyasid", "on" }, ++ { "pause-filter", "on" }, ++ { "pfthreshold", "on" }, ++ { "v-vmsave-vmload", "on" }, ++ { "vgif", "on" }, ++ { "model-id", ++ "AMD EPYC-Rome-v5 Processor" }, ++ { /* end of list */ } ++ }, ++ .cache_info = &epyc_rome_v5_cache_info ++ }, + { /* end of list */ } + } + }, +-- +2.39.3 + diff --git a/kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch b/kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch new file mode 100644 index 0000000..3f323f3 --- /dev/null +++ b/kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch @@ -0,0 +1,97 @@ +From d2ae6b7855efeb865f6a93db057378142ca172ea Mon Sep 17 00:00:00 2001 +From: Juraj Marcin +Date: Wed, 21 May 2025 17:16:13 +0200 +Subject: [PATCH 43/43] ui/vnc: Update display update interval when VM state + changes to RUNNING +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Juraj Marcin +RH-MergeRequest: 384: ui/vnc: Update display update interval when VM state changes to RUNNING +RH-Jira: RHEL-83883 +RH-Acked-by: Peter Xu +RH-Acked-by: Marc-André Lureau +RH-Commit: [1/1] 1231bccaeb9ea0ca78dd6fd53ba4b523f3bc569f (JurajMarcin/centos-src-qemu-kvm) + +If a virtual machine is paused for an extended period time, for example, +due to an incoming migration, there are also no changes on the screen. +VNC in such case increases the display update interval by +VNC_REFRESH_INTERVAL_INC (50 ms). The update interval can then grow up +to VNC_REFRESH_INTERVAL_MAX (3000 ms). + +When the machine resumes, it can then take up to 3 seconds for the first +display update. Furthermore, the update interval is then halved with +each display update with changes on the screen. If there are moving +elements on the screen, such as a video, this can be perceived as +freezing and stuttering for few seconds before the movement is smooth +again. + +This patch resolves this issue, by adding a listener to VM state changes +and changing the update interval when the VM state changes to RUNNING. +The update_displaychangelistener() function updates the internal timer, +and the display is refreshed immediately if the timer is expired. + +Signed-off-by: Juraj Marcin +Reviewed-by: Marc-André Lureau +Reviewed-by: Peter Xu +Reviewed-by: Daniel P. Berrangé +Link: https://lore.kernel.org/r/20250521151616.3951178-1-jmarcin@redhat.com +Signed-off-by: Peter Xu + +(cherry picked from commit 0310d594d98b39f9dde79b87fd8b0ad16e7c5459) + +JIRA: https://issues.redhat.com/browse/RHEL-83883 + +Signed-off-by: Juraj Marcin +--- + ui/vnc.c | 12 ++++++++++++ + ui/vnc.h | 2 ++ + 2 files changed, 14 insertions(+) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 9241caaad9..75fb1e74f0 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -3386,6 +3386,16 @@ static const DisplayChangeListenerOps dcl_ops = { + .dpy_cursor_define = vnc_dpy_cursor_define, + }; + ++static void vmstate_change_handler(void *opaque, bool running, RunState state) ++{ ++ VncDisplay *vd = opaque; ++ ++ if (state != RUN_STATE_RUNNING) { ++ return; ++ } ++ update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); ++} ++ + void vnc_display_init(const char *id, Error **errp) + { + VncDisplay *vd; +@@ -3422,6 +3432,8 @@ void vnc_display_init(const char *id, Error **errp) + vd->dcl.ops = &dcl_ops; + register_displaychangelistener(&vd->dcl); + vd->kbd = qkbd_state_init(vd->dcl.con); ++ vd->vmstate_handler_entry = qemu_add_vm_change_state_handler( ++ &vmstate_change_handler, vd); + } + + +diff --git a/ui/vnc.h b/ui/vnc.h +index acc53a2cc1..3bb23acd34 100644 +--- a/ui/vnc.h ++++ b/ui/vnc.h +@@ -185,6 +185,8 @@ struct VncDisplay + #endif + + AudioState *audio_state; ++ ++ VMChangeStateEntry *vmstate_handler_entry; + }; + + typedef struct VncTight { +-- +2.39.3 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 6a2ed05..94587e0 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -143,7 +143,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 10.0.0 -Release: 6%{?rcrel}%{?dist}%{?cc_suffix} +Release: 7%{?rcrel}%{?dist}%{?cc_suffix} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -262,6 +262,92 @@ Patch49: kvm-tests-unit-test-util-sockets-fix-mem-leak-on-error-o.patch Patch50: kvm-scsi-disk-Add-native-FUA-write-support.patch # For RHEL-96057 - qemu-kvm: Various small issues in the spec file Patch51: kvm-Disable-virtio-net-pci-romfile-loading-on-riscv64.patch +# For RHEL-98555 - [s390x][RHEL10.1][ccw-device] there would be memory leak with virtio_blk disks +Patch52: kvm-s390x-Fix-leak-in-machine_set_loadparm.patch +# For RHEL-98555 - [s390x][RHEL10.1][ccw-device] there would be memory leak with virtio_blk disks +Patch53: kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch +# For RHEL-52650 - [AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model +Patch54: kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch +# For RHEL-52650 - [AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model +Patch55: kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch +# For RHEL-52650 - [AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model +Patch56: kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch +# For RHEL-52650 - [AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model +Patch57: kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch +# For RHEL-52650 - [AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model +Patch58: kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch +# For RHEL-52650 - [AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model +Patch59: kvm-target-i386-Add-support-for-EPYC-Turin-model.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch60: kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch61: kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch62: kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch63: kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch64: kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch65: kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch66: kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch67: kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch68: kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch69: kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch70: kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch71: kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch72: kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch73: kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch74: kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch75: kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch76: kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch77: kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch78: kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch79: kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch80: kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch81: kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch82: kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch83: kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch84: kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch85: kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch86: kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch87: kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch88: kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch89: kvm-net-socket-skip-automatic-zero-init-of-large-array.patch +# For RHEL-95479 - -ftrivial-auto-var-init=zero reduced performance +Patch90: kvm-net-stream-skip-automatic-zero-init-of-large-array.patch +# For RHEL-85649 - [RHEL 10]Qemu/amd-iommu: Add ability to manually specify the AMDVI-PCI device +Patch91: kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch +# For RHEL-85649 - [RHEL 10]Qemu/amd-iommu: Add ability to manually specify the AMDVI-PCI device +Patch92: kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch +# For RHEL-85649 - [RHEL 10]Qemu/amd-iommu: Add ability to manually specify the AMDVI-PCI device +Patch93: kvm-Enable-amd-iommu-device.patch +# For RHEL-83883 - Video stuck after switchover phase when play one video during migration +Patch94: kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch %if %{have_clang} BuildRequires: clang @@ -1344,6 +1430,61 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Mon Jul 07 2025 Miroslav Rezanina - 10.0.0-7 +- kvm-s390x-Fix-leak-in-machine_set_loadparm.patch [RHEL-98555] +- kvm-hw-s390x-ccw-device-Fix-memory-leak-in-loadparm-sett.patch [RHEL-98555] +- kvm-target-i386-Update-EPYC-CPU-model-for-Cache-property.patch [RHEL-52650] +- kvm-target-i386-Update-EPYC-Rome-CPU-model-for-Cache-pro.patch [RHEL-52650] +- kvm-target-i386-Update-EPYC-Milan-CPU-model-for-Cache-pr.patch [RHEL-52650] +- kvm-target-i386-Add-couple-of-feature-bits-in-CPUID_Fn80.patch [RHEL-52650] +- kvm-target-i386-Update-EPYC-Genoa-for-Cache-property-per.patch [RHEL-52650] +- kvm-target-i386-Add-support-for-EPYC-Turin-model.patch [RHEL-52650] +- kvm-include-qemu-compiler-add-QEMU_UNINITIALIZED-attribu.patch [RHEL-95479] +- kvm-hw-virtio-virtio-avoid-cost-of-ftrivial-auto-var-ini.patch [RHEL-95479] +- kvm-block-skip-automatic-zero-init-of-large-array-in-ioq.patch [RHEL-95479] +- kvm-chardev-char-fd-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] +- kvm-chardev-char-pty-skip-automatic-zero-init-of-large-a.patch [RHEL-95479] +- kvm-chardev-char-socket-skip-automatic-zero-init-of-larg.patch [RHEL-95479] +- kvm-hw-audio-ac97-skip-automatic-zero-init-of-large-arra.patch [RHEL-95479] +- kvm-hw-audio-cs4231a-skip-automatic-zero-init-of-large-a.patch [RHEL-95479] +- kvm-hw-audio-es1370-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] +- kvm-hw-audio-gus-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-hw-audio-marvell_88w8618-skip-automatic-zero-init-of.patch [RHEL-95479] +- kvm-hw-audio-sb16-skip-automatic-zero-init-of-large-arra.patch [RHEL-95479] +- kvm-hw-audio-via-ac97-skip-automatic-zero-init-of-large-.patch [RHEL-95479] +- kvm-hw-char-sclpconsole-lm-skip-automatic-zero-init-of-l.patch [RHEL-95479] +- kvm-hw-dma-xlnx_csu_dma-skip-automatic-zero-init-of-larg.patch [RHEL-95479] +- kvm-hw-display-vmware_vga-skip-automatic-zero-init-of-la.patch [RHEL-95479] +- kvm-hw-hyperv-syndbg-skip-automatic-zero-init-of-large-a.patch [RHEL-95479] +- kvm-hw-misc-aspeed_hace-skip-automatic-zero-init-of-larg.patch [RHEL-95479] +- kvm-hw-net-rtl8139-skip-automatic-zero-init-of-large-arr.patch [RHEL-95479] +- kvm-hw-net-tulip-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-hw-net-virtio-net-skip-automatic-zero-init-of-large-.patch [RHEL-95479] +- kvm-hw-net-xgamc-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-hw-nvme-ctrl-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-hw-ppc-pnv_occ-skip-automatic-zero-init-of-large-str.patch [RHEL-95479] +- kvm-hw-ppc-spapr_tpm_proxy-skip-automatic-zero-init-of-l.patch [RHEL-95479] +- kvm-hw-usb-hcd-ohci-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] +- kvm-hw-scsi-lsi53c895a-skip-automatic-zero-init-of-large.patch [RHEL-95479] +- kvm-hw-scsi-megasas-skip-automatic-zero-init-of-large-ar.patch [RHEL-95479] +- kvm-hw-ufs-lu-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-net-socket-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-net-stream-skip-automatic-zero-init-of-large-array.patch [RHEL-95479] +- kvm-hw-i386-amd_iommu-Isolate-AMDVI-PCI-from-amd-iommu-d.patch [RHEL-85649] +- kvm-hw-i386-amd_iommu-Allow-migration-when-explicitly-cr.patch [RHEL-85649] +- kvm-Enable-amd-iommu-device.patch [RHEL-85649] +- kvm-ui-vnc-Update-display-update-interval-when-VM-state-.patch [RHEL-83883] +- Resolves: RHEL-98555 + ([s390x][RHEL10.1][ccw-device] there would be memory leak with virtio_blk disks) +- Resolves: RHEL-52650 + ([AMDSERVER 10.1 Feature] Turin: Qemu EPYC-Turin Model) +- Resolves: RHEL-95479 + (-ftrivial-auto-var-init=zero reduced performance) +- Resolves: RHEL-85649 + ([RHEL 10]Qemu/amd-iommu: Add ability to manually specify the AMDVI-PCI device) +- Resolves: RHEL-83883 + (Video stuck after switchover phase when play one video during migration) + * Fri Jun 20 2025 Miroslav Rezanina - 10.0.0-6 - kvm-scsi-disk-Add-native-FUA-write-support.patch [RHEL-71962] - kvm-Fix-handling-of-have_block_rbd.patch [RHEL-96057]