* Tue Jan 29 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-9.el8

- kvm-migration-rdma-unregister-fd-handler.patch [bz#1666601]
- kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch [bz#1659127]
- kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch [bz#1659127]
- Resolves: bz#1659127
  (Stress guest and stop it, then do live migration, guest hit call trace on destination end)
- Resolves: bz#1666601
  ([q35] dst qemu core dumped when do rdma migration with Mellanox IB QDR card)

kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch

@@ -0,0 +1,50 @@
+From c6ac9501471c3c931367b1967ad97ecfc498249c Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Fri, 21 Dec 2018 15:33:17 +0000
+Subject: [PATCH 3/3] hw/s390x: Fix bad mask in time2tod()
+
+RH-Author: David Hildenbrand <david@redhat.com>
+Message-id: <20181221153317.27647-3-david@redhat.com>
+Patchwork-id: 83743
+O-Subject: [RHEL-8.0 qemu-kvm v2 PATCH 2/2] hw/s390x: Fix bad mask in time2tod()
+Bugzilla: 1659127
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Since "s390x/tcg: avoid overflows in time2tod/tod2time", the
+time2tod() function tries to deal with the 9 uppermost bits in the
+time value, but uses the wrong mask for this: 0xff80000000000000 should
+be used instead of 0xff10000000000000 here.
+
+Fixes: 14055ce53c2d901d826ffad7fb7d6bb8ab46bdfd
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <1544792887-14575-1-git-send-email-thuth@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+[CH: tweaked commit message]
+Signed-off-by: Cornelia Huck <cohuck@redhat.com>
+(cherry picked from commit aba7a5a2de3dba5917024df25441f715b9249e31)
+Signed-off-by: David Hildenbrand <david@redhat.com>
+
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ include/hw/s390x/tod.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/hw/s390x/tod.h b/include/hw/s390x/tod.h
+index cbd7552..47ef9de 100644
+--- a/include/hw/s390x/tod.h
++++ b/include/hw/s390x/tod.h
+@@ -56,7 +56,7 @@ typedef struct S390TODClass {
+ /* Converts ns to s390's clock format */
+ static inline uint64_t time2tod(uint64_t ns)
+ {
+-    return (ns << 9) / 125 + (((ns & 0xff10000000000000ull) / 125) << 9);
++    return (ns << 9) / 125 + (((ns & 0xff80000000000000ull) / 125) << 9);
+ }
+ 
+ /* Converts s390's clock format to ns */
+-- 
+1.8.3.1
+

kvm-migration-rdma-unregister-fd-handler.patch

@@ -1,7 +1,7 @@
-From 7e65f4bfb4737b32ace64a5b53fa8915a7d28565 Mon Sep 17 00:00:00 2001
+From 93cfdba0a95999ba3d44afe5c15cc3810446f11b Mon Sep 17 00:00:00 2001
 From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
 Date: Thu, 24 Jan 2019 16:41:10 +0000
-Subject: [PATCH] migration/rdma: unregister fd handler
+Subject: [PATCH 1/3] migration/rdma: unregister fd handler
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch

@@ -0,0 +1,250 @@
+From 04a18cff27e2a0c93682adbdd2013c8f1473d520 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Fri, 21 Dec 2018 15:33:16 +0000
+Subject: [PATCH 2/3] s390x/tod: Properly stop the KVM TOD while the guest is
+ not running
+
+RH-Author: David Hildenbrand <david@redhat.com>
+Message-id: <20181221153317.27647-2-david@redhat.com>
+Patchwork-id: 83741
+O-Subject: [RHEL-8.0 qemu-kvm v2 PATCH 1/2] s390x/tod: Properly stop the KVM TOD while the guest is not running
+Bugzilla: 1659127
+RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
+RH-Acked-by: Thomas Huth <thuth@redhat.com>
+RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
+
+Just like on other architectures, we should stop the clock while the guest
+is not running. This is already properly done for TCG. Right now, doing an
+offline migration (stop, migrate, cont) can easily trigger stalls in the
+guest.
+
+Even doing a
+    (hmp) stop
+    ... wait 2 minutes ...
+    (hmp) cont
+will already trigger stalls.
+
+So whenever the guest stops, backup the KVM TOD. When continuing to run
+the guest, restore the KVM TOD.
+
+One special case is starting a simple VM: Reading the TOD from KVM to
+stop it right away until the guest is actually started means that the
+time of any simple VM will already differ to the host time. We can
+simply leave the TOD running and the guest won't be able to recognize
+it.
+
+For migration, we actually want to keep the TOD stopped until really
+starting the guest. To be able to catch most errors, we should however
+try to set the TOD in addition to simply storing it. So we can still
+catch basic migration problems.
+
+If anything goes wrong while backing up/restoring the TOD, we have to
+ignore it (but print a warning). This is then basically a fallback to
+old behavior (TOD remains running).
+
+I tested this very basically with an initrd:
+    1. Start a simple VM. Observed that the TOD is kept running. Old
+       behavior.
+    2. Ordinary live migration. Observed that the TOD is temporarily
+       stopped on the destination when setting the new value and
+       correctly started when finally starting the guest.
+    3. Offline live migration. (stop, migrate, cont). Observed that the
+       TOD will be stopped on the source with the "stop" command. On the
+       destination, the TOD is temporarily stopped when setting the new
+       value and correctly started when finally starting the guest via
+       "cont".
+    4. Simple stop/cont correctly stops/starts the TOD. (multiple stops
+       or conts in a row have no effect, so works as expected)
+
+In the future, we might want to send the guest a special kind of time sync
+interrupt under some conditions, so it can synchronize its tod to the
+host tod. This is interesting for migration scenarios but also when we
+get time sync interrupts ourselves. This however will most probably have
+to be handled in KVM (e.g. when the tods differ too much) and is not
+desired e.g. when debugging the guest (single stepping should not
+result in permanent time syncs). I consider something like that an add-on
+on top of this basic "don't break the guest" handling.
+
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Message-Id: <20181130094957.4121-1-david@redhat.com>
+Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Signed-off-by: Cornelia Huck <cohuck@redhat.com>
+(cherry picked from commit 9bc9d3d1ae3bcd1caaad1946494726b52f58b291)
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/s390x/tod-kvm.c     | 102 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ include/hw/s390x/tod.h |   8 +++-
+ 2 files changed, 107 insertions(+), 3 deletions(-)
+
+diff --git a/hw/s390x/tod-kvm.c b/hw/s390x/tod-kvm.c
+index df564ab..2456bf7 100644
+--- a/hw/s390x/tod-kvm.c
++++ b/hw/s390x/tod-kvm.c
+@@ -10,10 +10,11 @@
+ 
+ #include "qemu/osdep.h"
+ #include "qapi/error.h"
++#include "sysemu/sysemu.h"
+ #include "hw/s390x/tod.h"
+ #include "kvm_s390x.h"
+ 
+-static void kvm_s390_tod_get(const S390TODState *td, S390TOD *tod, Error **errp)
++static void kvm_s390_get_tod_raw(S390TOD *tod, Error **errp)
+ {
+     int r;
+ 
+@@ -27,7 +28,17 @@ static void kvm_s390_tod_get(const S390TODState *td, S390TOD *tod, Error **errp)
+     }
+ }
+ 
+-static void kvm_s390_tod_set(S390TODState *td, const S390TOD *tod, Error **errp)
++static void kvm_s390_tod_get(const S390TODState *td, S390TOD *tod, Error **errp)
++{
++    if (td->stopped) {
++        *tod = td->base;
++        return;
++    }
++
++    kvm_s390_get_tod_raw(tod, errp);
++}
++
++static void kvm_s390_set_tod_raw(const S390TOD *tod, Error **errp)
+ {
+     int r;
+ 
+@@ -41,18 +52,105 @@ static void kvm_s390_tod_set(S390TODState *td, const S390TOD *tod, Error **errp)
+     }
+ }
+ 
++static void kvm_s390_tod_set(S390TODState *td, const S390TOD *tod, Error **errp)
++{
++    Error *local_err = NULL;
++
++    /*
++     * Somebody (e.g. migration) set the TOD. We'll store it into KVM to
++     * properly detect errors now but take a look at the runstate to decide
++     * whether really to keep the tod running. E.g. during migration, this
++     * is the point where we want to stop the initially running TOD to fire
++     * it back up when actually starting the migrated guest.
++     */
++    kvm_s390_set_tod_raw(tod, &local_err);
++    if (local_err) {
++        error_propagate(errp, local_err);
++        return;
++    }
++
++    if (runstate_is_running()) {
++        td->stopped = false;
++    } else {
++        td->stopped = true;
++        td->base = *tod;
++    }
++}
++
++static void kvm_s390_tod_vm_state_change(void *opaque, int running,
++                                         RunState state)
++{
++    S390TODState *td = opaque;
++    Error *local_err = NULL;
++
++    if (running && td->stopped) {
++        /* Set the old TOD when running the VM - start the TOD clock. */
++        kvm_s390_set_tod_raw(&td->base, &local_err);
++        if (local_err) {
++            warn_report_err(local_err);
++        }
++        /* Treat errors like the TOD was running all the time. */
++        td->stopped = false;
++    } else if (!running && !td->stopped) {
++        /* Store the TOD when stopping the VM - stop the TOD clock. */
++        kvm_s390_get_tod_raw(&td->base, &local_err);
++        if (local_err) {
++            /* Keep the TOD running in case we could not back it up. */
++            warn_report_err(local_err);
++        } else {
++            td->stopped = true;
++        }
++    }
++}
++
++static void kvm_s390_tod_realize(DeviceState *dev, Error **errp)
++{
++    S390TODState *td = S390_TOD(dev);
++    S390TODClass *tdc = S390_TOD_GET_CLASS(td);
++    Error *local_err = NULL;
++
++    tdc->parent_realize(dev, &local_err);
++    if (local_err) {
++        error_propagate(errp, local_err);
++        return;
++    }
++
++    /*
++     * We need to know when the VM gets started/stopped to start/stop the TOD.
++     * As we can never have more than one TOD instance (and that will never be
++     * removed), registering here and never unregistering is good enough.
++     */
++    qemu_add_vm_change_state_handler(kvm_s390_tod_vm_state_change, td);
++}
++
+ static void kvm_s390_tod_class_init(ObjectClass *oc, void *data)
+ {
+     S390TODClass *tdc = S390_TOD_CLASS(oc);
+ 
++    device_class_set_parent_realize(DEVICE_CLASS(oc), kvm_s390_tod_realize,
++                                    &tdc->parent_realize);
+     tdc->get = kvm_s390_tod_get;
+     tdc->set = kvm_s390_tod_set;
+ }
+ 
++static void kvm_s390_tod_init(Object *obj)
++{
++    S390TODState *td = S390_TOD(obj);
++
++    /*
++     * The TOD is initially running (value stored in KVM). Avoid needless
++     * loading/storing of the TOD when starting a simple VM, so let it
++     * run although the (never started) VM is stopped. For migration, we
++     * will properly set the TOD later.
++     */
++    td->stopped = false;
++}
++
+ static TypeInfo kvm_s390_tod_info = {
+     .name = TYPE_KVM_S390_TOD,
+     .parent = TYPE_S390_TOD,
+     .instance_size = sizeof(S390TODState),
++    .instance_init = kvm_s390_tod_init,
+     .class_init = kvm_s390_tod_class_init,
+     .class_size = sizeof(S390TODClass),
+ };
+diff --git a/include/hw/s390x/tod.h b/include/hw/s390x/tod.h
+index 413c0d7..cbd7552 100644
+--- a/include/hw/s390x/tod.h
++++ b/include/hw/s390x/tod.h
+@@ -31,13 +31,19 @@ typedef struct S390TODState {
+     /* private */
+     DeviceState parent_obj;
+ 
+-    /* unused by KVM implementation */
++    /*
++     * Used by TCG to remember the time base. Used by KVM to backup the TOD
++     * while the TOD is stopped.
++     */
+     S390TOD base;
++    /* Used by KVM to remember if the TOD is stopped and base is valid. */
++    bool stopped;
+ } S390TODState;
+ 
+ typedef struct S390TODClass {
+     /* private */
+     DeviceClass parent_class;
++    void (*parent_realize)(DeviceState *dev, Error **errp);
+ 
+     /* public */
+     void (*get)(const S390TODState *td, S390TOD *tod, Error **errp);
+-- 
+1.8.3.1
+

qemu-kvm.spec

@@ -68,7 +68,7 @@ Obsoletes: %1-rhev
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 3.1.0
-Release: 8%{?dist}
+Release: 9%{?dist}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 15
 License: GPLv2 and GPLv2+ and CC-BY
@@ -164,6 +164,10 @@ Patch39: kvm-i386-kvm-expose-HV_CPUID_ENLIGHTMENT_INFO.EAX-and-HV.patch
 Patch40: kvm-i386-kvm-add-a-comment-explaining-why-.feat_names-ar.patch
 # For bz#1666601 - [q35] dst qemu core dumped when do rdma migration with Mellanox IB QDR card
 Patch41: kvm-migration-rdma-unregister-fd-handler.patch
+# For bz#1659127 - Stress guest and stop it, then do live migration, guest hit call trace on destination end
+Patch42: kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch
+# For bz#1659127 - Stress guest and stop it, then do live migration, guest hit call trace on destination end
+Patch43: kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch
 
 BuildRequires: zlib-devel
 BuildRequires: glib2-devel
@@ -1011,6 +1015,15 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 
 
 %changelog
+* Tue Jan 29 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-9.el8
+- kvm-migration-rdma-unregister-fd-handler.patch [bz#1666601]
+- kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch [bz#1659127]
+- kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch [bz#1659127]
+- Resolves: bz#1659127
+  (Stress guest and stop it, then do live migration, guest hit call trace on destination end)
+- Resolves: bz#1666601
+  ([q35] dst qemu core dumped when do rdma migration with Mellanox IB QDR card)
+
 * Mon Jan 28 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-8.el8
 - kvm-migration-rdma-unregister-fd-handler.patch [bz#1666601]
 - Resolves: bz#1666601