import qemu-kvm-4.2.0-59.module+el8.5.0+12817+cb650d43
This commit is contained in:
parent
a10ea90e86
commit
18777481c4
68
SOURCES/kvm-Add-mtod_check.patch
Normal file
68
SOURCES/kvm-Add-mtod_check.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
From 52bf635da30c75d0fdb0a3e7e7b9a2483ca033fc Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:55:59 -0400
|
||||||
|
Subject: [PATCH 05/14] Add mtod_check()
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-2-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101819
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/8] Add mtod_check()
|
||||||
|
Bugzilla: 1970819 1970835 1970843 1970853
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Recent security issues demonstrate the lack of safety care when casting
|
||||||
|
a mbuf to a particular structure type. At least, it should check that
|
||||||
|
the buffer is large enough. The following patches will make use of this
|
||||||
|
function.
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 93e645e72a056ec0b2c16e0299fc5c6b94e4ca17)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/mbuf.c | 11 +++++++++++
|
||||||
|
slirp/src/mbuf.h | 1 +
|
||||||
|
2 files changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/mbuf.c b/slirp/src/mbuf.c
|
||||||
|
index 4fd62282a9..6d0653ed3d 100644
|
||||||
|
--- a/slirp/src/mbuf.c
|
||||||
|
+++ b/slirp/src/mbuf.c
|
||||||
|
@@ -222,3 +222,14 @@ struct mbuf *dtom(Slirp *slirp, void *dat)
|
||||||
|
|
||||||
|
return (struct mbuf *)0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+void *mtod_check(struct mbuf *m, size_t len)
|
||||||
|
+{
|
||||||
|
+ if (m->m_len >= len) {
|
||||||
|
+ return m->m_data;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ DEBUG_ERROR("mtod failed");
|
||||||
|
+
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
diff --git a/slirp/src/mbuf.h b/slirp/src/mbuf.h
|
||||||
|
index 546e7852c5..2015e3232f 100644
|
||||||
|
--- a/slirp/src/mbuf.h
|
||||||
|
+++ b/slirp/src/mbuf.h
|
||||||
|
@@ -118,6 +118,7 @@ void m_inc(struct mbuf *, int);
|
||||||
|
void m_adj(struct mbuf *, int);
|
||||||
|
int m_copy(struct mbuf *, struct mbuf *, int, int);
|
||||||
|
struct mbuf *dtom(Slirp *, void *);
|
||||||
|
+void *mtod_check(struct mbuf *, size_t len);
|
||||||
|
|
||||||
|
static inline void ifs_init(struct mbuf *ifm)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
242
SOURCES/kvm-Compress-lines-for-immediate-return.patch
Normal file
242
SOURCES/kvm-Compress-lines-for-immediate-return.patch
Normal file
@ -0,0 +1,242 @@
|
|||||||
|
From 5cf6dd33456c4e7e2a8849f458ce234fb5bb290c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Date: Fri, 25 Jun 2021 17:41:03 -0400
|
||||||
|
Subject: [PATCH 3/4] Compress lines for immediate return
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Message-id: <20210625174104.44313-2-kwolf@redhat.com>
|
||||||
|
Patchwork-id: 101777
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/2] Compress lines for immediate return
|
||||||
|
Bugzilla: 1970912
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
|
||||||
|
From: Simran Singhal <singhalsimran0@gmail.com>
|
||||||
|
|
||||||
|
Compress two lines into a single line if immediate return statement is found.
|
||||||
|
|
||||||
|
It also remove variables progress, val, data, ret and sock
|
||||||
|
as they are no longer needed.
|
||||||
|
|
||||||
|
Remove space between function "mixer_load" and '(' to fix the
|
||||||
|
checkpatch.pl error:-
|
||||||
|
ERROR: space prohibited between function name and open parenthesis '('
|
||||||
|
|
||||||
|
Done using following coccinelle script:
|
||||||
|
@@
|
||||||
|
local idexpression ret;
|
||||||
|
expression e;
|
||||||
|
@@
|
||||||
|
|
||||||
|
-ret =
|
||||||
|
+return
|
||||||
|
e;
|
||||||
|
-return ret;
|
||||||
|
|
||||||
|
Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
|
||||||
|
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
Message-Id: <20200401165314.GA3213@simran-Inspiron-5558>
|
||||||
|
[lv: in handle_aiocb_write_zeroes_unmap() move "int ret" inside the #ifdef]
|
||||||
|
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
|
||||||
|
(cherry picked from commit b3ac2b94cdc939a90d5a22338ae507689e2cfab0)
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
block/file-posix.c | 8 +++-----
|
||||||
|
block/nfs.c | 3 +--
|
||||||
|
block/nvme.c | 4 +---
|
||||||
|
block/vhdx.c | 3 +--
|
||||||
|
hw/audio/ac97.c | 4 +---
|
||||||
|
hw/audio/adlib.c | 5 +----
|
||||||
|
hw/display/cirrus_vga.c | 4 +---
|
||||||
|
migration/ram.c | 4 +---
|
||||||
|
ui/gtk.c | 3 +--
|
||||||
|
util/qemu-sockets.c | 5 +----
|
||||||
|
10 files changed, 12 insertions(+), 31 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/block/file-posix.c b/block/file-posix.c
|
||||||
|
index 371572f1b0..837edcf027 100644
|
||||||
|
--- a/block/file-posix.c
|
||||||
|
+++ b/block/file-posix.c
|
||||||
|
@@ -1626,13 +1626,12 @@ static int handle_aiocb_write_zeroes_unmap(void *opaque)
|
||||||
|
{
|
||||||
|
RawPosixAIOData *aiocb = opaque;
|
||||||
|
BDRVRawState *s G_GNUC_UNUSED = aiocb->bs->opaque;
|
||||||
|
- int ret;
|
||||||
|
|
||||||
|
/* First try to write zeros and unmap at the same time */
|
||||||
|
|
||||||
|
#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
|
||||||
|
- ret = do_fallocate(s->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
|
||||||
|
- aiocb->aio_offset, aiocb->aio_nbytes);
|
||||||
|
+ int ret = do_fallocate(s->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
|
||||||
|
+ aiocb->aio_offset, aiocb->aio_nbytes);
|
||||||
|
if (ret != -ENOTSUP) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
@@ -1640,8 +1639,7 @@ static int handle_aiocb_write_zeroes_unmap(void *opaque)
|
||||||
|
|
||||||
|
/* If we couldn't manage to unmap while guaranteed that the area reads as
|
||||||
|
* all-zero afterwards, just write zeroes without unmapping */
|
||||||
|
- ret = handle_aiocb_write_zeroes(aiocb);
|
||||||
|
- return ret;
|
||||||
|
+ return handle_aiocb_write_zeroes(aiocb);
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_COPY_FILE_RANGE
|
||||||
|
diff --git a/block/nfs.c b/block/nfs.c
|
||||||
|
index 2393fbfe6b..18c0a73694 100644
|
||||||
|
--- a/block/nfs.c
|
||||||
|
+++ b/block/nfs.c
|
||||||
|
@@ -623,8 +623,7 @@ static int nfs_file_open(BlockDriverState *bs, QDict *options, int flags,
|
||||||
|
}
|
||||||
|
|
||||||
|
bs->total_sectors = ret;
|
||||||
|
- ret = 0;
|
||||||
|
- return ret;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static QemuOptsList nfs_create_opts = {
|
||||||
|
diff --git a/block/nvme.c b/block/nvme.c
|
||||||
|
index 7b7c0cc5d6..eb2f54dd9d 100644
|
||||||
|
--- a/block/nvme.c
|
||||||
|
+++ b/block/nvme.c
|
||||||
|
@@ -575,11 +575,9 @@ static bool nvme_poll_cb(void *opaque)
|
||||||
|
{
|
||||||
|
EventNotifier *e = opaque;
|
||||||
|
BDRVNVMeState *s = container_of(e, BDRVNVMeState, irq_notifier);
|
||||||
|
- bool progress = false;
|
||||||
|
|
||||||
|
trace_nvme_poll_cb(s);
|
||||||
|
- progress = nvme_poll_queues(s);
|
||||||
|
- return progress;
|
||||||
|
+ return nvme_poll_queues(s);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int nvme_init(BlockDriverState *bs, const char *device, int namespace,
|
||||||
|
diff --git a/block/vhdx.c b/block/vhdx.c
|
||||||
|
index 21497f7318..a427e47f10 100644
|
||||||
|
--- a/block/vhdx.c
|
||||||
|
+++ b/block/vhdx.c
|
||||||
|
@@ -411,8 +411,7 @@ int vhdx_update_headers(BlockDriverState *bs, BDRVVHDXState *s,
|
||||||
|
if (ret < 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
- ret = vhdx_update_header(bs, s, generate_data_write_guid, log_guid);
|
||||||
|
- return ret;
|
||||||
|
+ return vhdx_update_header(bs, s, generate_data_write_guid, log_guid);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* opens the specified header block from the VHDX file header section */
|
||||||
|
diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
|
||||||
|
index a136b97f68..a2cfae52b3 100644
|
||||||
|
--- a/hw/audio/ac97.c
|
||||||
|
+++ b/hw/audio/ac97.c
|
||||||
|
@@ -574,11 +574,9 @@ static uint32_t nam_readb (void *opaque, uint32_t addr)
|
||||||
|
static uint32_t nam_readw (void *opaque, uint32_t addr)
|
||||||
|
{
|
||||||
|
AC97LinkState *s = opaque;
|
||||||
|
- uint32_t val = ~0U;
|
||||||
|
uint32_t index = addr;
|
||||||
|
s->cas = 0;
|
||||||
|
- val = mixer_load (s, index);
|
||||||
|
- return val;
|
||||||
|
+ return mixer_load(s, index);
|
||||||
|
}
|
||||||
|
|
||||||
|
static uint32_t nam_readl (void *opaque, uint32_t addr)
|
||||||
|
diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
|
||||||
|
index cb4178d861..5779d09815 100644
|
||||||
|
--- a/hw/audio/adlib.c
|
||||||
|
+++ b/hw/audio/adlib.c
|
||||||
|
@@ -120,13 +120,10 @@ static void adlib_write(void *opaque, uint32_t nport, uint32_t val)
|
||||||
|
static uint32_t adlib_read(void *opaque, uint32_t nport)
|
||||||
|
{
|
||||||
|
AdlibState *s = opaque;
|
||||||
|
- uint8_t data;
|
||||||
|
int a = nport & 3;
|
||||||
|
|
||||||
|
adlib_kill_timers (s);
|
||||||
|
- data = OPLRead (s->opl, a);
|
||||||
|
-
|
||||||
|
- return data;
|
||||||
|
+ return OPLRead (s->opl, a);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void timer_handler (void *opaque, int c, double interval_Sec)
|
||||||
|
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||||
|
index 93afa26fda..a52d3094b9 100644
|
||||||
|
--- a/hw/display/cirrus_vga.c
|
||||||
|
+++ b/hw/display/cirrus_vga.c
|
||||||
|
@@ -2411,12 +2411,10 @@ static uint64_t cirrus_linear_bitblt_read(void *opaque,
|
||||||
|
unsigned size)
|
||||||
|
{
|
||||||
|
CirrusVGAState *s = opaque;
|
||||||
|
- uint32_t ret;
|
||||||
|
|
||||||
|
/* XXX handle bitblt */
|
||||||
|
(void)s;
|
||||||
|
- ret = 0xff;
|
||||||
|
- return ret;
|
||||||
|
+ return 0xff;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void cirrus_linear_bitblt_write(void *opaque,
|
||||||
|
diff --git a/migration/ram.c b/migration/ram.c
|
||||||
|
index 5344c7d59e..92c506d13c 100644
|
||||||
|
--- a/migration/ram.c
|
||||||
|
+++ b/migration/ram.c
|
||||||
|
@@ -3101,9 +3101,7 @@ int ram_postcopy_send_discard_bitmap(MigrationState *ms)
|
||||||
|
}
|
||||||
|
trace_ram_postcopy_send_discard_bitmap();
|
||||||
|
|
||||||
|
- ret = postcopy_each_ram_send_discard(ms);
|
||||||
|
-
|
||||||
|
- return ret;
|
||||||
|
+ return postcopy_each_ram_send_discard(ms);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/ui/gtk.c b/ui/gtk.c
|
||||||
|
index 692ccc7bbb..e032e3c36f 100644
|
||||||
|
--- a/ui/gtk.c
|
||||||
|
+++ b/ui/gtk.c
|
||||||
|
@@ -1649,8 +1649,7 @@ static GSList *gd_vc_menu_init(GtkDisplayState *s, VirtualConsole *vc,
|
||||||
|
G_CALLBACK(gd_menu_switch_vc), s);
|
||||||
|
gtk_menu_shell_append(GTK_MENU_SHELL(view_menu), vc->menu_item);
|
||||||
|
|
||||||
|
- group = gtk_radio_menu_item_get_group(GTK_RADIO_MENU_ITEM(vc->menu_item));
|
||||||
|
- return group;
|
||||||
|
+ return gtk_radio_menu_item_get_group(GTK_RADIO_MENU_ITEM(vc->menu_item));
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(CONFIG_VTE)
|
||||||
|
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
|
||||||
|
index bcc06d0e01..86c48b9fa5 100644
|
||||||
|
--- a/util/qemu-sockets.c
|
||||||
|
+++ b/util/qemu-sockets.c
|
||||||
|
@@ -765,15 +765,12 @@ static int vsock_connect_addr(const struct sockaddr_vm *svm, Error **errp)
|
||||||
|
static int vsock_connect_saddr(VsockSocketAddress *vaddr, Error **errp)
|
||||||
|
{
|
||||||
|
struct sockaddr_vm svm;
|
||||||
|
- int sock = -1;
|
||||||
|
|
||||||
|
if (!vsock_parse_vaddr_to_sockaddr(vaddr, &svm, errp)) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- sock = vsock_connect_addr(&svm, errp);
|
||||||
|
-
|
||||||
|
- return sock;
|
||||||
|
+ return vsock_connect_addr(&svm, errp);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int vsock_listen_saddr(VsockSocketAddress *vaddr,
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
59
SOURCES/kvm-Fix-DHCP-broken-in-libslirp-v4.6.0.patch
Normal file
59
SOURCES/kvm-Fix-DHCP-broken-in-libslirp-v4.6.0.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
From d0c668aa0ad255c3598267816154874541ac2943 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:42 -0400
|
||||||
|
Subject: [PATCH 12/14] Fix "DHCP broken in libslirp v4.6.0"
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-9-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101824
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 8/8] Fix "DHCP broken in libslirp v4.6.0"
|
||||||
|
Bugzilla: 1970819 1970835 1970843 1970853
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
||||||
|
|
||||||
|
Fix issue 48
|
||||||
|
|
||||||
|
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
||||||
|
|
||||||
|
(cherry picked from commit c9f314f6e315a5518432761fea864196a290f799)
|
||||||
|
[ minor conflict fix due to indentation change ]
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/bootp.c | 12 ++++++------
|
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/bootp.c b/slirp/src/bootp.c
|
||||||
|
index 5789187166..3e4af075f1 100644
|
||||||
|
--- a/slirp/src/bootp.c
|
||||||
|
+++ b/slirp/src/bootp.c
|
||||||
|
@@ -354,14 +354,14 @@ static void bootp_reply(Slirp *slirp,
|
||||||
|
q += sizeof(nak_msg) - 1;
|
||||||
|
}
|
||||||
|
assert(q < end);
|
||||||
|
- *q =
|
||||||
|
-RFC1533_END
|
||||||
|
-;
|
||||||
|
+ *q = RFC1533_END;
|
||||||
|
|
||||||
|
-daddr.sin_addr.s_addr = 0xffffffffu;
|
||||||
|
+ daddr.sin_addr.s_addr = 0xffffffffu;
|
||||||
|
|
||||||
|
-m->m_len = sizeof(struct bootp_t) - sizeof(struct ip) - sizeof(struct udphdr);
|
||||||
|
-udp_output(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
|
||||||
|
+ assert ((q - rbp->bp_vend + 1) <= DHCP_OPT_LEN);
|
||||||
|
+
|
||||||
|
+ m->m_len = sizeof(struct bootp_t) + (q - rbp->bp_vend + 1) - sizeof(struct ip) - sizeof(struct udphdr);
|
||||||
|
+ udp_output(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
|
||||||
|
}
|
||||||
|
|
||||||
|
void bootp_input(struct mbuf *m)
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 6c2949cba8971971c89fb1e5db9e557dfcd156ef Mon Sep 17 00:00:00 2001
|
From dcac680adb6b8624f14eda3e812521bddbe8ecea Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Wed, 21 Apr 2021 22:30:04 -0400
|
Date: Wed, 21 Apr 2021 22:30:04 -0400
|
||||||
Subject: [PATCH 5/8] acpi: accept byte and word access to core ACPI registers
|
Subject: [PATCH 5/7] acpi: accept byte and word access to core ACPI registers
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -10,7 +10,7 @@ RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|||||||
Message-id: <20210421223006.19650-5-jmaloy@redhat.com>
|
Message-id: <20210421223006.19650-5-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101482
|
Patchwork-id: 101482
|
||||||
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 4/6] acpi: accept byte and word access to core ACPI registers
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 4/6] acpi: accept byte and word access to core ACPI registers
|
||||||
Bugzilla: 1944621
|
Bugzilla: 1842478
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
@ -0,0 +1,132 @@
|
|||||||
|
From b474155fdc38f86f516c14ba9a6f934616d589ef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Jones <drjones@redhat.com>
|
||||||
|
Date: Wed, 4 Aug 2021 03:27:22 -0400
|
||||||
|
Subject: [PATCH 1/2] aio-wait: delegate polling of main AioContext if BQL not
|
||||||
|
held
|
||||||
|
|
||||||
|
RH-Author: Andrew Jones <drjones@redhat.com>
|
||||||
|
Message-id: <20210729134448.4995-2-drjones@redhat.com>
|
||||||
|
Patchwork-id: 101935
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 1/2] aio-wait: delegate polling of main AioContext if BQL not held
|
||||||
|
Bugzilla: 1969848
|
||||||
|
RH-Acked-by: Gavin Shan <gshan@redhat.com>
|
||||||
|
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
|
||||||
|
Any thread that is not a iothread returns NULL for qemu_get_current_aio_context().
|
||||||
|
As a result, it would also return true for
|
||||||
|
in_aio_context_home_thread(qemu_get_aio_context()), causing
|
||||||
|
AIO_WAIT_WHILE to invoke aio_poll() directly. This is incorrect
|
||||||
|
if the BQL is not held, because aio_poll() does not expect to
|
||||||
|
run concurrently from multiple threads, and it can actually
|
||||||
|
happen when savevm writes to the vmstate file from the
|
||||||
|
migration thread.
|
||||||
|
|
||||||
|
Therefore, restrict in_aio_context_home_thread to return true
|
||||||
|
for the main AioContext only if the BQL is held.
|
||||||
|
|
||||||
|
The function is moved to aio-wait.h because it is mostly used
|
||||||
|
there and to avoid a circular reference between main-loop.h
|
||||||
|
and block/aio.h.
|
||||||
|
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Message-Id: <20200407140746.8041-5-pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
(cherry picked from commit 3c18a92dc4b55ca8cc37a755ed119f11c0f34099)
|
||||||
|
Signed-off-by: Andrew Jones <drjones@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
include/block/aio-wait.h | 22 ++++++++++++++++++++++
|
||||||
|
include/block/aio.h | 29 ++++++++++-------------------
|
||||||
|
2 files changed, 32 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
|
||||||
|
index afeeb18f95..716d2639df 100644
|
||||||
|
--- a/include/block/aio-wait.h
|
||||||
|
+++ b/include/block/aio-wait.h
|
||||||
|
@@ -26,6 +26,7 @@
|
||||||
|
#define QEMU_AIO_WAIT_H
|
||||||
|
|
||||||
|
#include "block/aio.h"
|
||||||
|
+#include "qemu/main-loop.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* AioWait:
|
||||||
|
@@ -124,4 +125,25 @@ void aio_wait_kick(void);
|
||||||
|
*/
|
||||||
|
void aio_wait_bh_oneshot(AioContext *ctx, QEMUBHFunc *cb, void *opaque);
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * in_aio_context_home_thread:
|
||||||
|
+ * @ctx: the aio context
|
||||||
|
+ *
|
||||||
|
+ * Return whether we are running in the thread that normally runs @ctx. Note
|
||||||
|
+ * that acquiring/releasing ctx does not affect the outcome, each AioContext
|
||||||
|
+ * still only has one home thread that is responsible for running it.
|
||||||
|
+ */
|
||||||
|
+static inline bool in_aio_context_home_thread(AioContext *ctx)
|
||||||
|
+{
|
||||||
|
+ if (ctx == qemu_get_current_aio_context()) {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (ctx == qemu_get_aio_context()) {
|
||||||
|
+ return qemu_mutex_iothread_locked();
|
||||||
|
+ } else {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
#endif /* QEMU_AIO_WAIT_H */
|
||||||
|
diff --git a/include/block/aio.h b/include/block/aio.h
|
||||||
|
index 6b0d52f732..9d28e247df 100644
|
||||||
|
--- a/include/block/aio.h
|
||||||
|
+++ b/include/block/aio.h
|
||||||
|
@@ -60,12 +60,16 @@ struct AioContext {
|
||||||
|
QLIST_HEAD(, AioHandler) aio_handlers;
|
||||||
|
|
||||||
|
/* Used to avoid unnecessary event_notifier_set calls in aio_notify;
|
||||||
|
- * accessed with atomic primitives. If this field is 0, everything
|
||||||
|
- * (file descriptors, bottom halves, timers) will be re-evaluated
|
||||||
|
- * before the next blocking poll(), thus the event_notifier_set call
|
||||||
|
- * can be skipped. If it is non-zero, you may need to wake up a
|
||||||
|
- * concurrent aio_poll or the glib main event loop, making
|
||||||
|
- * event_notifier_set necessary.
|
||||||
|
+ * only written from the AioContext home thread, or under the BQL in
|
||||||
|
+ * the case of the main AioContext. However, it is read from any
|
||||||
|
+ * thread so it is still accessed with atomic primitives.
|
||||||
|
+ *
|
||||||
|
+ * If this field is 0, everything (file descriptors, bottom halves,
|
||||||
|
+ * timers) will be re-evaluated before the next blocking poll() or
|
||||||
|
+ * io_uring wait; therefore, the event_notifier_set call can be
|
||||||
|
+ * skipped. If it is non-zero, you may need to wake up a concurrent
|
||||||
|
+ * aio_poll or the glib main event loop, making event_notifier_set
|
||||||
|
+ * necessary.
|
||||||
|
*
|
||||||
|
* Bit 0 is reserved for GSource usage of the AioContext, and is 1
|
||||||
|
* between a call to aio_ctx_prepare and the next call to aio_ctx_check.
|
||||||
|
@@ -580,19 +584,6 @@ void aio_co_enter(AioContext *ctx, struct Coroutine *co);
|
||||||
|
*/
|
||||||
|
AioContext *qemu_get_current_aio_context(void);
|
||||||
|
|
||||||
|
-/**
|
||||||
|
- * in_aio_context_home_thread:
|
||||||
|
- * @ctx: the aio context
|
||||||
|
- *
|
||||||
|
- * Return whether we are running in the thread that normally runs @ctx. Note
|
||||||
|
- * that acquiring/releasing ctx does not affect the outcome, each AioContext
|
||||||
|
- * still only has one home thread that is responsible for running it.
|
||||||
|
- */
|
||||||
|
-static inline bool in_aio_context_home_thread(AioContext *ctx)
|
||||||
|
-{
|
||||||
|
- return ctx == qemu_get_current_aio_context();
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
/**
|
||||||
|
* aio_context_setup:
|
||||||
|
* @ctx: the aio context
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
183
SOURCES/kvm-async-use-explicit-memory-barriers.patch
Normal file
183
SOURCES/kvm-async-use-explicit-memory-barriers.patch
Normal file
@ -0,0 +1,183 @@
|
|||||||
|
From 82a02aec3a8b3c2ac925d0b71ea4c35aa5d6463b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Jones <drjones@redhat.com>
|
||||||
|
Date: Wed, 4 Aug 2021 03:27:24 -0400
|
||||||
|
Subject: [PATCH 2/2] async: use explicit memory barriers
|
||||||
|
|
||||||
|
RH-Author: Andrew Jones <drjones@redhat.com>
|
||||||
|
Message-id: <20210729134448.4995-3-drjones@redhat.com>
|
||||||
|
Patchwork-id: 101937
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 2/2] async: use explicit memory barriers
|
||||||
|
Bugzilla: 1969848
|
||||||
|
RH-Acked-by: Gavin Shan <gshan@redhat.com>
|
||||||
|
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
|
||||||
|
When using C11 atomics, non-seqcst reads and writes do not participate
|
||||||
|
in the total order of seqcst operations. In util/async.c and util/aio-posix.c,
|
||||||
|
in particular, the pattern that we use
|
||||||
|
|
||||||
|
write ctx->notify_me write bh->scheduled
|
||||||
|
read bh->scheduled read ctx->notify_me
|
||||||
|
if !bh->scheduled, sleep if ctx->notify_me, notify
|
||||||
|
|
||||||
|
needs to use seqcst operations for both the write and the read. In
|
||||||
|
general this is something that we do not want, because there can be
|
||||||
|
many sources that are polled in addition to bottom halves. The
|
||||||
|
alternative is to place a seqcst memory barrier between the write
|
||||||
|
and the read. This also comes with a disadvantage, in that the
|
||||||
|
memory barrier is implicit on strongly-ordered architectures and
|
||||||
|
it wastes a few dozen clock cycles.
|
||||||
|
|
||||||
|
Fortunately, ctx->notify_me is never written concurrently by two
|
||||||
|
threads, so we can assert that and relax the writes to ctx->notify_me.
|
||||||
|
The resulting solution works and performs well on both aarch64 and x86.
|
||||||
|
|
||||||
|
Note that the atomic_set/atomic_read combination is not an atomic
|
||||||
|
read-modify-write, and therefore it is even weaker than C11 ATOMIC_RELAXED;
|
||||||
|
on x86, ATOMIC_RELAXED compiles to a locked operation.
|
||||||
|
|
||||||
|
Analyzed-by: Ying Fang <fangying1@huawei.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Tested-by: Ying Fang <fangying1@huawei.com>
|
||||||
|
Message-Id: <20200407140746.8041-6-pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
(cherry picked from commit 5710a3e09f9b85801e5ce70797a4a511e5fc9e2c)
|
||||||
|
Signed-off-by: Andrew Jones <drjones@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
util/aio-posix.c | 16 ++++++++++++++--
|
||||||
|
util/aio-win32.c | 17 ++++++++++++++---
|
||||||
|
util/async.c | 16 ++++++++++++----
|
||||||
|
3 files changed, 40 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/util/aio-posix.c b/util/aio-posix.c
|
||||||
|
index abc396d030..8cfb25650d 100644
|
||||||
|
--- a/util/aio-posix.c
|
||||||
|
+++ b/util/aio-posix.c
|
||||||
|
@@ -624,6 +624,11 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
||||||
|
int64_t timeout;
|
||||||
|
int64_t start = 0;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * There cannot be two concurrent aio_poll calls for the same AioContext (or
|
||||||
|
+ * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
|
||||||
|
+ * We rely on this below to avoid slow locked accesses to ctx->notify_me.
|
||||||
|
+ */
|
||||||
|
assert(in_aio_context_home_thread(ctx));
|
||||||
|
|
||||||
|
/* aio_notify can avoid the expensive event_notifier_set if
|
||||||
|
@@ -634,7 +639,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
||||||
|
* so disable the optimization now.
|
||||||
|
*/
|
||||||
|
if (blocking) {
|
||||||
|
- atomic_add(&ctx->notify_me, 2);
|
||||||
|
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
|
||||||
|
+ /*
|
||||||
|
+ * Write ctx->notify_me before computing the timeout
|
||||||
|
+ * (reading bottom half flags, etc.). Pairs with
|
||||||
|
+ * smp_mb in aio_notify().
|
||||||
|
+ */
|
||||||
|
+ smp_mb();
|
||||||
|
}
|
||||||
|
|
||||||
|
qemu_lockcnt_inc(&ctx->list_lock);
|
||||||
|
@@ -679,7 +690,8 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (blocking) {
|
||||||
|
- atomic_sub(&ctx->notify_me, 2);
|
||||||
|
+ /* Finish the poll before clearing the flag. */
|
||||||
|
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
|
||||||
|
aio_notify_accept(ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/util/aio-win32.c b/util/aio-win32.c
|
||||||
|
index a23b9c364d..729d533faf 100644
|
||||||
|
--- a/util/aio-win32.c
|
||||||
|
+++ b/util/aio-win32.c
|
||||||
|
@@ -321,6 +321,12 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
||||||
|
int count;
|
||||||
|
int timeout;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * There cannot be two concurrent aio_poll calls for the same AioContext (or
|
||||||
|
+ * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
|
||||||
|
+ * We rely on this below to avoid slow locked accesses to ctx->notify_me.
|
||||||
|
+ */
|
||||||
|
+ assert(in_aio_context_home_thread(ctx));
|
||||||
|
progress = false;
|
||||||
|
|
||||||
|
/* aio_notify can avoid the expensive event_notifier_set if
|
||||||
|
@@ -331,7 +337,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
||||||
|
* so disable the optimization now.
|
||||||
|
*/
|
||||||
|
if (blocking) {
|
||||||
|
- atomic_add(&ctx->notify_me, 2);
|
||||||
|
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
|
||||||
|
+ /*
|
||||||
|
+ * Write ctx->notify_me before computing the timeout
|
||||||
|
+ * (reading bottom half flags, etc.). Pairs with
|
||||||
|
+ * smp_mb in aio_notify().
|
||||||
|
+ */
|
||||||
|
+ smp_mb();
|
||||||
|
}
|
||||||
|
|
||||||
|
qemu_lockcnt_inc(&ctx->list_lock);
|
||||||
|
@@ -364,8 +376,7 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
||||||
|
ret = WaitForMultipleObjects(count, events, FALSE, timeout);
|
||||||
|
if (blocking) {
|
||||||
|
assert(first);
|
||||||
|
- assert(in_aio_context_home_thread(ctx));
|
||||||
|
- atomic_sub(&ctx->notify_me, 2);
|
||||||
|
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
|
||||||
|
aio_notify_accept(ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/util/async.c b/util/async.c
|
||||||
|
index b1fa5319e5..c65c58bbc9 100644
|
||||||
|
--- a/util/async.c
|
||||||
|
+++ b/util/async.c
|
||||||
|
@@ -220,7 +220,14 @@ aio_ctx_prepare(GSource *source, gint *timeout)
|
||||||
|
{
|
||||||
|
AioContext *ctx = (AioContext *) source;
|
||||||
|
|
||||||
|
- atomic_or(&ctx->notify_me, 1);
|
||||||
|
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) | 1);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Write ctx->notify_me before computing the timeout
|
||||||
|
+ * (reading bottom half flags, etc.). Pairs with
|
||||||
|
+ * smp_mb in aio_notify().
|
||||||
|
+ */
|
||||||
|
+ smp_mb();
|
||||||
|
|
||||||
|
/* We assume there is no timeout already supplied */
|
||||||
|
*timeout = qemu_timeout_ns_to_ms(aio_compute_timeout(ctx));
|
||||||
|
@@ -238,7 +245,8 @@ aio_ctx_check(GSource *source)
|
||||||
|
AioContext *ctx = (AioContext *) source;
|
||||||
|
QEMUBH *bh;
|
||||||
|
|
||||||
|
- atomic_and(&ctx->notify_me, ~1);
|
||||||
|
+ /* Finish computing the timeout before clearing the flag. */
|
||||||
|
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) & ~1);
|
||||||
|
aio_notify_accept(ctx);
|
||||||
|
|
||||||
|
for (bh = ctx->first_bh; bh; bh = bh->next) {
|
||||||
|
@@ -343,10 +351,10 @@ LinuxAioState *aio_get_linux_aio(AioContext *ctx)
|
||||||
|
void aio_notify(AioContext *ctx)
|
||||||
|
{
|
||||||
|
/* Write e.g. bh->scheduled before reading ctx->notify_me. Pairs
|
||||||
|
- * with atomic_or in aio_ctx_prepare or atomic_add in aio_poll.
|
||||||
|
+ * with smp_mb in aio_ctx_prepare or aio_poll.
|
||||||
|
*/
|
||||||
|
smp_mb();
|
||||||
|
- if (ctx->notify_me) {
|
||||||
|
+ if (atomic_read(&ctx->notify_me)) {
|
||||||
|
event_notifier_set(&ctx->notifier);
|
||||||
|
atomic_mb_set(&ctx->notified, true);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From 96c8fcafa7325cd0e8a23a743a55f0ad0aa9f79b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Thu, 18 Mar 2021 09:13:42 -0400
|
||||||
|
Subject: [PATCH 5/5] audio: audio_generic_get_buffer_in should honor *size
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Message-id: <20210318091342.3232471-2-kraxel@redhat.com>
|
||||||
|
Patchwork-id: 101352
|
||||||
|
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] audio: audio_generic_get_buffer_in should honor *size
|
||||||
|
Bugzilla: 1932823
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
From: Volker Rümelin <vr_qemu@t-online.de>
|
||||||
|
|
||||||
|
The function generic_get_buffer_in currently ignores the *size
|
||||||
|
parameter and may return a buffer larger than *size.
|
||||||
|
|
||||||
|
As a result the variable samples in function
|
||||||
|
audio_pcm_hw_run_in may underflow. The while loop then most
|
||||||
|
likely will never termiate.
|
||||||
|
|
||||||
|
Buglink: http://bugs.debian.org/948658
|
||||||
|
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
|
||||||
|
Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de>
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
(cherry picked from commit 599eac4e5a41e828645594097daee39373acc3c0)
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
audio/audio.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/audio/audio.c b/audio/audio.c
|
||||||
|
index 56fae55047..39a62fc62a 100644
|
||||||
|
--- a/audio/audio.c
|
||||||
|
+++ b/audio/audio.c
|
||||||
|
@@ -1402,7 +1402,8 @@ void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size)
|
||||||
|
}
|
||||||
|
assert(start >= 0 && start < hw->size_emul);
|
||||||
|
|
||||||
|
- *size = MIN(hw->pending_emul, hw->size_emul - start);
|
||||||
|
+ *size = MIN(*size, hw->pending_emul);
|
||||||
|
+ *size = MIN(*size, hw->size_emul - start);
|
||||||
|
return hw->buf_emul + start;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,76 @@
|
|||||||
|
From 8c339c3535728179acc94deb5b922aebcfac9ab6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
|
Date: Thu, 3 Jun 2021 16:13:34 -0400
|
||||||
|
Subject: [PATCH 2/4] block/file-posix: Fix problem with fallocate(PUNCH_HOLE)
|
||||||
|
on GPFS
|
||||||
|
|
||||||
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||||
|
Message-id: <20210603161334.607005-2-thuth@redhat.com>
|
||||||
|
Patchwork-id: 101673
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] block/file-posix: Fix problem with fallocate(PUNCH_HOLE) on GPFS
|
||||||
|
Bugzilla: 1944861
|
||||||
|
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
|
||||||
|
A customer reported that running
|
||||||
|
|
||||||
|
qemu-img convert -t none -O qcow2 -f qcow2 input.qcow2 output.qcow2
|
||||||
|
|
||||||
|
fails for them with the following error message when the images are
|
||||||
|
stored on a GPFS file system :
|
||||||
|
|
||||||
|
qemu-img: error while writing sector 0: Invalid argument
|
||||||
|
|
||||||
|
After analyzing the strace output, it seems like the problem is in
|
||||||
|
handle_aiocb_write_zeroes(): The call to fallocate(FALLOC_FL_PUNCH_HOLE)
|
||||||
|
returns EINVAL, which can apparently happen if the file system has
|
||||||
|
a different idea of the granularity of the operation. It's arguably
|
||||||
|
a bug in GPFS, since the PUNCH_HOLE mode should not result in EINVAL
|
||||||
|
according to the man-page of fallocate(), but the file system is out
|
||||||
|
there in production and so we have to deal with it. In commit 294682cc3a
|
||||||
|
("block: workaround for unaligned byte range in fallocate()") we also
|
||||||
|
already applied the a work-around for the same problem to the earlier
|
||||||
|
fallocate(FALLOC_FL_ZERO_RANGE) call, so do it now similar with the
|
||||||
|
PUNCH_HOLE call. But instead of silently catching and returning
|
||||||
|
-ENOTSUP (which causes the caller to fall back to writing zeroes),
|
||||||
|
let's rather inform the user once about the buggy file system and
|
||||||
|
try the other fallback instead.
|
||||||
|
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
Message-Id: <20210527172020.847617-2-thuth@redhat.com>
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
(cherry picked from commit 73ebf29729d1a40feaa9f8ab8951b6ee6dbfbede)
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1944861
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
block/file-posix.c | 11 +++++++++++
|
||||||
|
1 file changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/block/file-posix.c b/block/file-posix.c
|
||||||
|
index 62a463229f..371572f1b0 100644
|
||||||
|
--- a/block/file-posix.c
|
||||||
|
+++ b/block/file-posix.c
|
||||||
|
@@ -1587,6 +1587,17 @@ static int handle_aiocb_write_zeroes(void *opaque)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
s->has_fallocate = false;
|
||||||
|
+ } else if (ret == -EINVAL) {
|
||||||
|
+ /*
|
||||||
|
+ * Some file systems like older versions of GPFS do not like un-
|
||||||
|
+ * aligned byte ranges, and return EINVAL in such a case, though
|
||||||
|
+ * they should not do it according to the man-page of fallocate().
|
||||||
|
+ * Warn about the bad filesystem and try the final fallback instead.
|
||||||
|
+ */
|
||||||
|
+ warn_report_once("Your file system is misbehaving: "
|
||||||
|
+ "fallocate(FALLOC_FL_PUNCH_HOLE) returned EINVAL. "
|
||||||
|
+ "Please report this bug to your file sytem "
|
||||||
|
+ "vendor.");
|
||||||
|
} else if (ret != -ENOTSUP) {
|
||||||
|
return ret;
|
||||||
|
} else {
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
52
SOURCES/kvm-bootp-check-bootp_input-buffer-size.patch
Normal file
52
SOURCES/kvm-bootp-check-bootp_input-buffer-size.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From a66ab346bf74ebf3ed8fca0dc2e2febfe70069e8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:28 -0400
|
||||||
|
Subject: [PATCH 07/14] bootp: check bootp_input buffer size
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-4-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101820
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 3/8] bootp: check bootp_input buffer size
|
||||||
|
Bugzilla: 1970819
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Fixes: CVE-2021-3592
|
||||||
|
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1970819
|
||||||
|
|
||||||
|
(cherry picked from commit 2eca0838eee1da96204545e22cdaed860d9d7c6c)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/bootp.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/bootp.c b/slirp/src/bootp.c
|
||||||
|
index 5754327138..5789187166 100644
|
||||||
|
--- a/slirp/src/bootp.c
|
||||||
|
+++ b/slirp/src/bootp.c
|
||||||
|
@@ -366,9 +366,9 @@ udp_output(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
|
||||||
|
|
||||||
|
void bootp_input(struct mbuf *m)
|
||||||
|
{
|
||||||
|
- struct bootp_t *bp = mtod(m, struct bootp_t *);
|
||||||
|
+ struct bootp_t *bp = mtod_check(m, sizeof(struct bootp_t));
|
||||||
|
|
||||||
|
- if (bp->bp_op == BOOTP_REQUEST) {
|
||||||
|
+ if (bp && bp->bp_op == BOOTP_REQUEST) {
|
||||||
|
bootp_reply(m->slirp, bp, m_end(m));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,175 @@
|
|||||||
|
From 8198ae7c21a4d37f7e365058f973867c41d44d21 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:25 -0400
|
||||||
|
Subject: [PATCH 06/14] bootp: limit vendor-specific area to input packet
|
||||||
|
memory buffer
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-3-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101821
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/8] bootp: limit vendor-specific area to input packet memory buffer
|
||||||
|
Bugzilla: 1970819 1970835 1970843 1970853
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
sizeof(bootp_t) currently holds DHCP_OPT_LEN. Remove this optional field
|
||||||
|
from the structure, to help with the following patch checking for
|
||||||
|
minimal header size. Modify the bootp_reply() function to take the
|
||||||
|
buffer boundaries and avoiding potential buffer overflow.
|
||||||
|
|
||||||
|
Related to CVE-2021-3592.
|
||||||
|
|
||||||
|
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
(cherry picked from commit f13cad45b25d92760bb0ad67bec0300a4d7d5275)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/bootp.c | 26 +++++++++++++++-----------
|
||||||
|
slirp/src/bootp.h | 2 +-
|
||||||
|
slirp/src/mbuf.c | 5 +++++
|
||||||
|
slirp/src/mbuf.h | 1 +
|
||||||
|
4 files changed, 22 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/bootp.c b/slirp/src/bootp.c
|
||||||
|
index 3f9ce2553e..5754327138 100644
|
||||||
|
--- a/slirp/src/bootp.c
|
||||||
|
+++ b/slirp/src/bootp.c
|
||||||
|
@@ -92,21 +92,22 @@ found:
|
||||||
|
return bc;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
|
||||||
|
+static void dhcp_decode(const struct bootp_t *bp,
|
||||||
|
+ const uint8_t *bp_end,
|
||||||
|
+ int *pmsg_type,
|
||||||
|
struct in_addr *preq_addr)
|
||||||
|
{
|
||||||
|
- const uint8_t *p, *p_end;
|
||||||
|
+ const uint8_t *p;
|
||||||
|
int len, tag;
|
||||||
|
|
||||||
|
*pmsg_type = 0;
|
||||||
|
preq_addr->s_addr = htonl(0L);
|
||||||
|
|
||||||
|
p = bp->bp_vend;
|
||||||
|
- p_end = p + DHCP_OPT_LEN;
|
||||||
|
if (memcmp(p, rfc1533_cookie, 4) != 0)
|
||||||
|
return;
|
||||||
|
p += 4;
|
||||||
|
- while (p < p_end) {
|
||||||
|
+ while (p < bp_end) {
|
||||||
|
tag = p[0];
|
||||||
|
if (tag == RFC1533_PAD) {
|
||||||
|
p++;
|
||||||
|
@@ -114,10 +115,10 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
|
||||||
|
break;
|
||||||
|
} else {
|
||||||
|
p++;
|
||||||
|
- if (p >= p_end)
|
||||||
|
+ if (p >= bp_end)
|
||||||
|
break;
|
||||||
|
len = *p++;
|
||||||
|
- if (p + len > p_end) {
|
||||||
|
+ if (p + len > bp_end) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
|
||||||
|
@@ -144,7 +145,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
|
||||||
|
+static void bootp_reply(Slirp *slirp,
|
||||||
|
+ const struct bootp_t *bp,
|
||||||
|
+ const uint8_t *bp_end)
|
||||||
|
{
|
||||||
|
BOOTPClient *bc = NULL;
|
||||||
|
struct mbuf *m;
|
||||||
|
@@ -157,7 +160,7 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
|
||||||
|
uint8_t client_ethaddr[ETH_ALEN];
|
||||||
|
|
||||||
|
/* extract exact DHCP msg type */
|
||||||
|
- dhcp_decode(bp, &dhcp_msg_type, &preq_addr);
|
||||||
|
+ dhcp_decode(bp, bp_end, &dhcp_msg_type, &preq_addr);
|
||||||
|
DPRINTF("bootp packet op=%d msgtype=%d", bp->bp_op, dhcp_msg_type);
|
||||||
|
if (preq_addr.s_addr != htonl(0L))
|
||||||
|
DPRINTF(" req_addr=%08" PRIx32 "\n", ntohl(preq_addr.s_addr));
|
||||||
|
@@ -179,9 +182,10 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
m->m_data += IF_MAXLINKHDR;
|
||||||
|
+ m_inc(m, sizeof(struct bootp_t) + DHCP_OPT_LEN);
|
||||||
|
rbp = (struct bootp_t *)m->m_data;
|
||||||
|
m->m_data += sizeof(struct udpiphdr);
|
||||||
|
- memset(rbp, 0, sizeof(struct bootp_t));
|
||||||
|
+ memset(rbp, 0, sizeof(struct bootp_t) + DHCP_OPT_LEN);
|
||||||
|
|
||||||
|
if (dhcp_msg_type == DHCPDISCOVER) {
|
||||||
|
if (preq_addr.s_addr != htonl(0L)) {
|
||||||
|
@@ -235,7 +239,7 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
|
||||||
|
rbp->bp_siaddr = saddr.sin_addr; /* Server IP address */
|
||||||
|
|
||||||
|
q = rbp->bp_vend;
|
||||||
|
- end = (uint8_t *)&rbp[1];
|
||||||
|
+ end = rbp->bp_vend + DHCP_OPT_LEN;
|
||||||
|
memcpy(q, rfc1533_cookie, 4);
|
||||||
|
q += 4;
|
||||||
|
|
||||||
|
@@ -365,6 +369,6 @@ void bootp_input(struct mbuf *m)
|
||||||
|
struct bootp_t *bp = mtod(m, struct bootp_t *);
|
||||||
|
|
||||||
|
if (bp->bp_op == BOOTP_REQUEST) {
|
||||||
|
- bootp_reply(m->slirp, bp);
|
||||||
|
+ bootp_reply(m->slirp, bp, m_end(m));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/slirp/src/bootp.h b/slirp/src/bootp.h
|
||||||
|
index 03ece9bf28..0d20a944a8 100644
|
||||||
|
--- a/slirp/src/bootp.h
|
||||||
|
+++ b/slirp/src/bootp.h
|
||||||
|
@@ -114,7 +114,7 @@ struct bootp_t {
|
||||||
|
uint8_t bp_hwaddr[16];
|
||||||
|
uint8_t bp_sname[64];
|
||||||
|
uint8_t bp_file[128];
|
||||||
|
- uint8_t bp_vend[DHCP_OPT_LEN];
|
||||||
|
+ uint8_t bp_vend[];
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
diff --git a/slirp/src/mbuf.c b/slirp/src/mbuf.c
|
||||||
|
index 6d0653ed3d..7db07c088e 100644
|
||||||
|
--- a/slirp/src/mbuf.c
|
||||||
|
+++ b/slirp/src/mbuf.c
|
||||||
|
@@ -233,3 +233,8 @@ void *mtod_check(struct mbuf *m, size_t len)
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+void *m_end(struct mbuf *m)
|
||||||
|
+{
|
||||||
|
+ return m->m_data + m->m_len;
|
||||||
|
+}
|
||||||
|
diff --git a/slirp/src/mbuf.h b/slirp/src/mbuf.h
|
||||||
|
index 2015e3232f..a9752a36e0 100644
|
||||||
|
--- a/slirp/src/mbuf.h
|
||||||
|
+++ b/slirp/src/mbuf.h
|
||||||
|
@@ -119,6 +119,7 @@ void m_adj(struct mbuf *, int);
|
||||||
|
int m_copy(struct mbuf *, struct mbuf *, int, int);
|
||||||
|
struct mbuf *dtom(Slirp *, void *);
|
||||||
|
void *mtod_check(struct mbuf *, size_t len);
|
||||||
|
+void *m_end(struct mbuf *);
|
||||||
|
|
||||||
|
static inline void ifs_init(struct mbuf *ifm)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 1cbb554a4057afd4d71c04757ef7fd1bbb7114ee Mon Sep 17 00:00:00 2001
|
From 6f1ebcfdb92d12ef2caae0b63a3a380265cba1fa Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:46 -0400
|
Date: Tue, 29 Jun 2021 03:42:46 -0400
|
||||||
Subject: [PATCH 8/9] cadence_gem: switch to use qemu_receive_packet() for
|
Subject: [PATCH 8/9] cadence_gem: switch to use qemu_receive_packet() for
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 4044e97e37188a9844cc6cd66d8b7819acccb27e Mon Sep 17 00:00:00 2001
|
From a6f0bef82cdd84844a06dac1e6d279d95824d827 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:41 -0400
|
Date: Tue, 29 Jun 2021 03:42:41 -0400
|
||||||
Subject: [PATCH 3/9] dp8393x: switch to use qemu_receive_packet() for loopback
|
Subject: [PATCH 3/9] dp8393x: switch to use qemu_receive_packet() for loopback
|
||||||
|
65
SOURCES/kvm-e1000-fail-early-for-evil-descriptor.patch
Normal file
65
SOURCES/kvm-e1000-fail-early-for-evil-descriptor.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
From 7bd3000cf22a91e6bc6afc1e7adbf0ae1b731104 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 13 Apr 2021 22:45:17 -0400
|
||||||
|
Subject: [PATCH 2/5] e1000: fail early for evil descriptor
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Message-id: <20210413224517.3841507-2-jmaloy@redhat.com>
|
||||||
|
Patchwork-id: 101473
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] e1000: fail early for evil descriptor
|
||||||
|
Bugzilla: 1930092
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Jason Wang <jasowang@redhat.com>
|
||||||
|
|
||||||
|
During procss_tx_desc(), driver can try to chain data descriptor with
|
||||||
|
legacy descriptor, when will lead underflow for the following
|
||||||
|
calculation in process_tx_desc() for bytes:
|
||||||
|
|
||||||
|
if (tp->size + bytes > msh)
|
||||||
|
bytes = msh - tp->size;
|
||||||
|
|
||||||
|
This will lead a infinite loop. So check and fail early if tp->size if
|
||||||
|
greater or equal to msh.
|
||||||
|
|
||||||
|
Reported-by: Alexander Bulekov <alxndr@bu.edu>
|
||||||
|
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
|
||||||
|
Reported-by: Ruhr-University Bochum <bugs-syssec@rub.de>
|
||||||
|
Cc: Prasad J Pandit <ppandit@redhat.com>
|
||||||
|
Cc: qemu-stable@nongnu.org
|
||||||
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 3de46e6fc489c52c9431a8a832ad8170a7569bd8)
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/net/e1000.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
|
||||||
|
index fc73fdd6fa..fe56bccd52 100644
|
||||||
|
--- a/hw/net/e1000.c
|
||||||
|
+++ b/hw/net/e1000.c
|
||||||
|
@@ -671,6 +671,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
|
||||||
|
msh = tp->tso_props.hdr_len + tp->tso_props.mss;
|
||||||
|
do {
|
||||||
|
bytes = split_size;
|
||||||
|
+ if (tp->size >= msh) {
|
||||||
|
+ goto eop;
|
||||||
|
+ }
|
||||||
|
if (tp->size + bytes > msh)
|
||||||
|
bytes = msh - tp->size;
|
||||||
|
|
||||||
|
@@ -696,6 +699,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
|
||||||
|
tp->size += split_size;
|
||||||
|
}
|
||||||
|
|
||||||
|
+eop:
|
||||||
|
if (!(txd_lower & E1000_TXD_CMD_EOP))
|
||||||
|
return;
|
||||||
|
if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) {
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From bf44928b2ac2cb8b9608209d5425533458fd2b8a Mon Sep 17 00:00:00 2001
|
From 128b97f6049144af3c1a41ceb8e8583419edcd69 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:40 -0400
|
Date: Tue, 29 Jun 2021 03:42:40 -0400
|
||||||
Subject: [PATCH 2/9] e1000: switch to use qemu_receive_packet() for loopback
|
Subject: [PATCH 2/9] e1000: switch to use qemu_receive_packet() for loopback
|
||||||
@ -35,7 +35,7 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
|
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
|
||||||
index fc73fdd6fa..f6ae78748a 100644
|
index fe56bccd52..8680b7d46b 100644
|
||||||
--- a/hw/net/e1000.c
|
--- a/hw/net/e1000.c
|
||||||
+++ b/hw/net/e1000.c
|
+++ b/hw/net/e1000.c
|
||||||
@@ -547,7 +547,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
|
@@ -547,7 +547,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
|
||||||
|
@ -0,0 +1,59 @@
|
|||||||
|
From 94d99b13b48e922861570f043490efc966b3b445 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Date: Fri, 25 Jun 2021 17:41:04 -0400
|
||||||
|
Subject: [PATCH 4/4] file-posix: Handle `EINVAL` fallocate return value
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Message-id: <20210625174104.44313-3-kwolf@redhat.com>
|
||||||
|
Patchwork-id: 101778
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/2] file-posix: Handle `EINVAL` fallocate return value
|
||||||
|
Bugzilla: 1970912
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
|
||||||
|
From: Antoine Damhet <antoine.damhet@blade-group.com>
|
||||||
|
|
||||||
|
The `detect-zeroes=unmap` option may issue unaligned
|
||||||
|
`FALLOC_FL_PUNCH_HOLE` requests, raw block devices can (and will) return
|
||||||
|
`EINVAL`, qemu should then write the zeroes to the blockdev instead of
|
||||||
|
issuing an `IO_ERROR`.
|
||||||
|
|
||||||
|
The problem can be reprodced like this:
|
||||||
|
|
||||||
|
$ qemu-io -c 'write -P 0 42 1234' --image-opts driver=host_device,filename=/dev/loop0,detect-zeroes=unmap
|
||||||
|
write failed: Invalid argument
|
||||||
|
|
||||||
|
Signed-off-by: Antoine Damhet <antoine.damhet@blade-group.com>
|
||||||
|
Message-Id: <20200717135603.51180-1-antoine.damhet@blade-group.com>
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
(cherry picked from commit bae127d4dcf6158c5042e2eee9582430839a9967)
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
block/file-posix.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/block/file-posix.c b/block/file-posix.c
|
||||||
|
index 837edcf027..6cd19e6c9a 100644
|
||||||
|
--- a/block/file-posix.c
|
||||||
|
+++ b/block/file-posix.c
|
||||||
|
@@ -1632,7 +1632,11 @@ static int handle_aiocb_write_zeroes_unmap(void *opaque)
|
||||||
|
#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
|
||||||
|
int ret = do_fallocate(s->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
|
||||||
|
aiocb->aio_offset, aiocb->aio_nbytes);
|
||||||
|
- if (ret != -ENOTSUP) {
|
||||||
|
+ switch (ret) {
|
||||||
|
+ case -ENOTSUP:
|
||||||
|
+ case -EINVAL:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,466 @@
|
|||||||
|
From 7ee01b5ccb7fc660dafaf3fdb1578649d17fbddf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Date: Wed, 26 May 2021 09:05:52 -0400
|
||||||
|
Subject: [PATCH 1/4] file-posix: Mitigate file fragmentation with extent size
|
||||||
|
hints
|
||||||
|
|
||||||
|
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Message-id: <20210526090552.155820-2-kwolf@redhat.com>
|
||||||
|
Patchwork-id: 101638
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] file-posix: Mitigate file fragmentation with extent size hints
|
||||||
|
Bugzilla: 1877163
|
||||||
|
RH-Acked-by: Sergio Lopez Pascual <slp@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
|
||||||
|
Especially when O_DIRECT is used with image files so that the page cache
|
||||||
|
indirection can't cause a merge of allocating requests, the file will
|
||||||
|
fragment on the file system layer, with a potentially very small
|
||||||
|
fragment size (this depends on the requests the guest sent).
|
||||||
|
|
||||||
|
On Linux, fragmentation can be reduced by setting an extent size hint
|
||||||
|
when creating the file (at least on XFS, it can't be set any more after
|
||||||
|
the first extent has been allocated), basically giving raw files a
|
||||||
|
"cluster size" for allocation.
|
||||||
|
|
||||||
|
This adds a create option to set the extent size hint, and changes the
|
||||||
|
default from not setting a hint to setting it to 1 MB. The main reason
|
||||||
|
why qcow2 defaults to smaller cluster sizes is that COW becomes more
|
||||||
|
expensive, which is not an issue with raw files, so we can choose a
|
||||||
|
larger size. The tradeoff here is only potentially wasted disk space.
|
||||||
|
|
||||||
|
For qcow2 (or other image formats) over file-posix, the advantage should
|
||||||
|
even be greater because they grow sequentially without leaving holes, so
|
||||||
|
there won't be wasted space. Setting even larger extent size hints for
|
||||||
|
such images may make sense. This can be done with the new option, but
|
||||||
|
let's keep the default conservative for now.
|
||||||
|
|
||||||
|
The effect is very visible with a test that intentionally creates a
|
||||||
|
badly fragmented file with qemu-img bench (the time difference while
|
||||||
|
creating the file is already remarkable) and then looks at the number of
|
||||||
|
extents and the time a simple "qemu-img map" takes.
|
||||||
|
|
||||||
|
Without an extent size hint:
|
||||||
|
|
||||||
|
$ ./qemu-img create -f raw -o extent_size_hint=0 ~/tmp/test.raw 10G
|
||||||
|
Formatting '/home/kwolf/tmp/test.raw', fmt=raw size=10737418240 extent_size_hint=0
|
||||||
|
$ ./qemu-img bench -f raw -t none -n -w ~/tmp/test.raw -c 1000000 -S 8192 -o 0
|
||||||
|
Sending 1000000 write requests, 4096 bytes each, 64 in parallel (starting at offset 0, step size 8192)
|
||||||
|
Run completed in 25.848 seconds.
|
||||||
|
$ ./qemu-img bench -f raw -t none -n -w ~/tmp/test.raw -c 1000000 -S 8192 -o 4096
|
||||||
|
Sending 1000000 write requests, 4096 bytes each, 64 in parallel (starting at offset 4096, step size 8192)
|
||||||
|
Run completed in 19.616 seconds.
|
||||||
|
$ filefrag ~/tmp/test.raw
|
||||||
|
/home/kwolf/tmp/test.raw: 2000000 extents found
|
||||||
|
$ time ./qemu-img map ~/tmp/test.raw
|
||||||
|
Offset Length Mapped to File
|
||||||
|
0 0x1e8480000 0 /home/kwolf/tmp/test.raw
|
||||||
|
|
||||||
|
real 0m1,279s
|
||||||
|
user 0m0,043s
|
||||||
|
sys 0m1,226s
|
||||||
|
|
||||||
|
With the new default extent size hint of 1 MB:
|
||||||
|
|
||||||
|
$ ./qemu-img create -f raw -o extent_size_hint=1M ~/tmp/test.raw 10G
|
||||||
|
Formatting '/home/kwolf/tmp/test.raw', fmt=raw size=10737418240 extent_size_hint=1048576
|
||||||
|
$ ./qemu-img bench -f raw -t none -n -w ~/tmp/test.raw -c 1000000 -S 8192 -o 0
|
||||||
|
Sending 1000000 write requests, 4096 bytes each, 64 in parallel (starting at offset 0, step size 8192)
|
||||||
|
Run completed in 11.833 seconds.
|
||||||
|
$ ./qemu-img bench -f raw -t none -n -w ~/tmp/test.raw -c 1000000 -S 8192 -o 4096
|
||||||
|
Sending 1000000 write requests, 4096 bytes each, 64 in parallel (starting at offset 4096, step size 8192)
|
||||||
|
Run completed in 10.155 seconds.
|
||||||
|
$ filefrag ~/tmp/test.raw
|
||||||
|
/home/kwolf/tmp/test.raw: 178 extents found
|
||||||
|
$ time ./qemu-img map ~/tmp/test.raw
|
||||||
|
Offset Length Mapped to File
|
||||||
|
0 0x1e8480000 0 /home/kwolf/tmp/test.raw
|
||||||
|
|
||||||
|
real 0m0,061s
|
||||||
|
user 0m0,040s
|
||||||
|
sys 0m0,014s
|
||||||
|
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Message-Id: <20200707142329.48303-1-kwolf@redhat.com>
|
||||||
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
(cherry picked from commit ffa244c84a1a30dff69ecc80b0137a2b6d428ecb)
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
block/file-posix.c | 44 ++++++++++++++++++++++++++++++++
|
||||||
|
include/block/block_int.h | 1 +
|
||||||
|
qapi/block-core.json | 11 +++++---
|
||||||
|
tests/qemu-iotests/082.out | 16 ++++++++++++
|
||||||
|
tests/qemu-iotests/106 | 7 +++--
|
||||||
|
tests/qemu-iotests/175 | 6 ++---
|
||||||
|
tests/qemu-iotests/243 | 6 ++---
|
||||||
|
tests/qemu-iotests/common.filter | 1 +
|
||||||
|
8 files changed, 80 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/block/file-posix.c b/block/file-posix.c
|
||||||
|
index 2d834fbdf6..62a463229f 100644
|
||||||
|
--- a/block/file-posix.c
|
||||||
|
+++ b/block/file-posix.c
|
||||||
|
@@ -30,6 +30,7 @@
|
||||||
|
#include "block/block_int.h"
|
||||||
|
#include "qemu/module.h"
|
||||||
|
#include "qemu/option.h"
|
||||||
|
+#include "qemu/units.h"
|
||||||
|
#include "trace.h"
|
||||||
|
#include "block/thread-pool.h"
|
||||||
|
#include "qemu/iov.h"
|
||||||
|
@@ -2289,6 +2290,14 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
|
||||||
|
if (!file_opts->has_preallocation) {
|
||||||
|
file_opts->preallocation = PREALLOC_MODE_OFF;
|
||||||
|
}
|
||||||
|
+ if (!file_opts->has_extent_size_hint) {
|
||||||
|
+ file_opts->extent_size_hint = 1 * MiB;
|
||||||
|
+ }
|
||||||
|
+ if (file_opts->extent_size_hint > UINT32_MAX) {
|
||||||
|
+ result = -EINVAL;
|
||||||
|
+ error_setg(errp, "Extent size hint is too large");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Create file */
|
||||||
|
fd = qemu_open(file_opts->filename, O_RDWR | O_CREAT | O_BINARY, 0644);
|
||||||
|
@@ -2346,6 +2355,27 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
+#ifdef FS_IOC_FSSETXATTR
|
||||||
|
+ /*
|
||||||
|
+ * Try to set the extent size hint. Failure is not fatal, and a warning is
|
||||||
|
+ * only printed if the option was explicitly specified.
|
||||||
|
+ */
|
||||||
|
+ {
|
||||||
|
+ struct fsxattr attr;
|
||||||
|
+ result = ioctl(fd, FS_IOC_FSGETXATTR, &attr);
|
||||||
|
+ if (result == 0) {
|
||||||
|
+ attr.fsx_xflags |= FS_XFLAG_EXTSIZE;
|
||||||
|
+ attr.fsx_extsize = file_opts->extent_size_hint;
|
||||||
|
+ result = ioctl(fd, FS_IOC_FSSETXATTR, &attr);
|
||||||
|
+ }
|
||||||
|
+ if (result < 0 && file_opts->has_extent_size_hint &&
|
||||||
|
+ file_opts->extent_size_hint)
|
||||||
|
+ {
|
||||||
|
+ warn_report("Failed to set extent size hint: %s",
|
||||||
|
+ strerror(errno));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* Resize and potentially preallocate the file to the desired
|
||||||
|
* final size */
|
||||||
|
@@ -2381,6 +2411,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
|
||||||
|
{
|
||||||
|
BlockdevCreateOptions options;
|
||||||
|
int64_t total_size = 0;
|
||||||
|
+ int64_t extent_size_hint = 0;
|
||||||
|
+ bool has_extent_size_hint = false;
|
||||||
|
bool nocow = false;
|
||||||
|
PreallocMode prealloc;
|
||||||
|
char *buf = NULL;
|
||||||
|
@@ -2392,6 +2424,11 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
|
||||||
|
/* Read out options */
|
||||||
|
total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
|
||||||
|
BDRV_SECTOR_SIZE);
|
||||||
|
+ if (qemu_opt_get(opts, BLOCK_OPT_EXTENT_SIZE_HINT)) {
|
||||||
|
+ has_extent_size_hint = true;
|
||||||
|
+ extent_size_hint =
|
||||||
|
+ qemu_opt_get_size_del(opts, BLOCK_OPT_EXTENT_SIZE_HINT, -1);
|
||||||
|
+ }
|
||||||
|
nocow = qemu_opt_get_bool(opts, BLOCK_OPT_NOCOW, false);
|
||||||
|
buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
|
||||||
|
prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
|
||||||
|
@@ -2411,6 +2448,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
|
||||||
|
.preallocation = prealloc,
|
||||||
|
.has_nocow = true,
|
||||||
|
.nocow = nocow,
|
||||||
|
+ .has_extent_size_hint = has_extent_size_hint,
|
||||||
|
+ .extent_size_hint = extent_size_hint,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
return raw_co_create(&options, errp);
|
||||||
|
@@ -2902,6 +2941,11 @@ static QemuOptsList raw_create_opts = {
|
||||||
|
#endif
|
||||||
|
", full)"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ .name = BLOCK_OPT_EXTENT_SIZE_HINT,
|
||||||
|
+ .type = QEMU_OPT_SIZE,
|
||||||
|
+ .help = "Extent size hint for the image file, 0 to disable"
|
||||||
|
+ },
|
||||||
|
{ /* end of list */ }
|
||||||
|
}
|
||||||
|
};
|
||||||
|
diff --git a/include/block/block_int.h b/include/block/block_int.h
|
||||||
|
index 41f13ecbed..4b23da2eb0 100644
|
||||||
|
--- a/include/block/block_int.h
|
||||||
|
+++ b/include/block/block_int.h
|
||||||
|
@@ -53,6 +53,7 @@
|
||||||
|
#define BLOCK_OPT_ADAPTER_TYPE "adapter_type"
|
||||||
|
#define BLOCK_OPT_REDUNDANCY "redundancy"
|
||||||
|
#define BLOCK_OPT_NOCOW "nocow"
|
||||||
|
+#define BLOCK_OPT_EXTENT_SIZE_HINT "extent_size_hint"
|
||||||
|
#define BLOCK_OPT_OBJECT_SIZE "object_size"
|
||||||
|
#define BLOCK_OPT_REFCOUNT_BITS "refcount_bits"
|
||||||
|
#define BLOCK_OPT_DATA_FILE "data_file"
|
||||||
|
diff --git a/qapi/block-core.json b/qapi/block-core.json
|
||||||
|
index 289320902d..c7aa919fa3 100644
|
||||||
|
--- a/qapi/block-core.json
|
||||||
|
+++ b/qapi/block-core.json
|
||||||
|
@@ -4272,14 +4272,17 @@
|
||||||
|
# falloc (if defined CONFIG_POSIX_FALLOCATE),
|
||||||
|
# full (if defined CONFIG_POSIX))
|
||||||
|
# @nocow Turn off copy-on-write (valid only on btrfs; default: off)
|
||||||
|
+# @extent-size-hint: Extent size hint to add to the image file; 0 for not
|
||||||
|
+# adding an extent size hint (default: 1 MB, since 5.1)
|
||||||
|
#
|
||||||
|
# Since: 2.12
|
||||||
|
##
|
||||||
|
{ 'struct': 'BlockdevCreateOptionsFile',
|
||||||
|
- 'data': { 'filename': 'str',
|
||||||
|
- 'size': 'size',
|
||||||
|
- '*preallocation': 'PreallocMode',
|
||||||
|
- '*nocow': 'bool' } }
|
||||||
|
+ 'data': { 'filename': 'str',
|
||||||
|
+ 'size': 'size',
|
||||||
|
+ '*preallocation': 'PreallocMode',
|
||||||
|
+ '*nocow': 'bool',
|
||||||
|
+ '*extent-size-hint': 'size'} }
|
||||||
|
|
||||||
|
##
|
||||||
|
# @BlockdevCreateOptionsGluster:
|
||||||
|
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
|
||||||
|
index 9d4ed4dc9d..7a87946fa2 100644
|
||||||
|
--- a/tests/qemu-iotests/082.out
|
||||||
|
+++ b/tests/qemu-iotests/082.out
|
||||||
|
@@ -59,6 +59,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -82,6 +83,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -105,6 +107,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -128,6 +131,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -151,6 +155,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -174,6 +179,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -197,6 +203,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -220,6 +227,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -339,6 +347,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -362,6 +371,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -385,6 +395,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -408,6 +419,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -431,6 +443,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -454,6 +467,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -477,6 +491,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
@@ -500,6 +515,7 @@ Supported options:
|
||||||
|
encrypt.ivgen-hash-alg=<str> - Name of IV generator hash algorithm
|
||||||
|
encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
|
||||||
|
encryption=<bool (on/off)> - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes)
|
||||||
|
+ extent_size_hint=<size> - Extent size hint for the image file, 0 to disable
|
||||||
|
lazy_refcounts=<bool (on/off)> - Postpone refcount updates
|
||||||
|
nocow=<bool (on/off)> - Turn off copy-on-write (valid only on btrfs)
|
||||||
|
preallocation=<str> - Preallocation mode (allowed values: off, metadata, falloc, full)
|
||||||
|
diff --git a/tests/qemu-iotests/106 b/tests/qemu-iotests/106
|
||||||
|
index ac47eaa0f5..ee6f51d08b 100755
|
||||||
|
--- a/tests/qemu-iotests/106
|
||||||
|
+++ b/tests/qemu-iotests/106
|
||||||
|
@@ -51,7 +51,10 @@ for create_mode in off falloc full; do
|
||||||
|
echo
|
||||||
|
echo "--- create_mode=$create_mode growth_mode=$growth_mode ---"
|
||||||
|
|
||||||
|
- IMGOPTS="preallocation=$create_mode" _make_test_img ${CREATION_SIZE}K
|
||||||
|
+ # Our calculation below assumes kilobytes as unit for the actual size.
|
||||||
|
+ # Disable the extent size hint because it would give us a result in
|
||||||
|
+ # megabytes.
|
||||||
|
+ IMGOPTS="preallocation=$create_mode,extent_size_hint=0" _make_test_img ${CREATION_SIZE}K
|
||||||
|
$QEMU_IMG resize -f "$IMGFMT" --preallocation=$growth_mode "$TEST_IMG" +${GROWTH_SIZE}K
|
||||||
|
|
||||||
|
expected_size=0
|
||||||
|
@@ -98,7 +101,7 @@ for growth_mode in falloc full; do
|
||||||
|
# plain int. We should use the correct type for the result, and
|
||||||
|
# this tests we do.
|
||||||
|
|
||||||
|
- _make_test_img 2G
|
||||||
|
+ _make_test_img -o "extent_size_hint=0" 2G
|
||||||
|
$QEMU_IMG resize -f "$IMGFMT" --preallocation=$growth_mode "$TEST_IMG" +${GROWTH_SIZE}K
|
||||||
|
|
||||||
|
actual_size=$($QEMU_IMG info -f "$IMGFMT" "$TEST_IMG" | grep 'disk size')
|
||||||
|
diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
|
||||||
|
index 55db2803ed..8a8494aeb6 100755
|
||||||
|
--- a/tests/qemu-iotests/175
|
||||||
|
+++ b/tests/qemu-iotests/175
|
||||||
|
@@ -89,20 +89,20 @@ min_blocks=$(stat -c '%b' "$TEST_DIR/empty")
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "== creating image with default preallocation =="
|
||||||
|
-_make_test_img $size | _filter_imgfmt
|
||||||
|
+_make_test_img -o extent_size_hint=0 $size | _filter_imgfmt
|
||||||
|
stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $size
|
||||||
|
|
||||||
|
for mode in off full falloc; do
|
||||||
|
echo
|
||||||
|
echo "== creating image with preallocation $mode =="
|
||||||
|
- IMGOPTS=preallocation=$mode _make_test_img $size | _filter_imgfmt
|
||||||
|
+ IMGOPTS="preallocation=$mode,extent_size_hint=0" _make_test_img $size | _filter_imgfmt
|
||||||
|
stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $size
|
||||||
|
done
|
||||||
|
|
||||||
|
for new_size in 4096 1048576; do
|
||||||
|
echo
|
||||||
|
echo "== resize empty image with block_resize =="
|
||||||
|
- _make_test_img 0 | _filter_imgfmt
|
||||||
|
+ _make_test_img -o extent_size_hint=0 0 | _filter_imgfmt
|
||||||
|
_block_resize $TEST_IMG $new_size >/dev/null
|
||||||
|
stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $new_size
|
||||||
|
done
|
||||||
|
diff --git a/tests/qemu-iotests/243 b/tests/qemu-iotests/243
|
||||||
|
index e563761307..104c7256c4 100755
|
||||||
|
--- a/tests/qemu-iotests/243
|
||||||
|
+++ b/tests/qemu-iotests/243
|
||||||
|
@@ -47,7 +47,7 @@ for mode in off metadata falloc full; do
|
||||||
|
echo "=== preallocation=$mode ==="
|
||||||
|
echo
|
||||||
|
|
||||||
|
- IMGOPTS="preallocation=$mode" _make_test_img 64M
|
||||||
|
+ IMGOPTS="preallocation=$mode,extent_size_hint=0" _make_test_img 64M
|
||||||
|
|
||||||
|
printf "File size: "
|
||||||
|
du -b $TEST_IMG | cut -f1
|
||||||
|
@@ -64,7 +64,7 @@ for mode in off metadata falloc full; do
|
||||||
|
echo "=== External data file: preallocation=$mode ==="
|
||||||
|
echo
|
||||||
|
|
||||||
|
- IMGOPTS="data_file=$TEST_IMG.data,preallocation=$mode" _make_test_img 64M
|
||||||
|
+ IMGOPTS="data_file=$TEST_IMG.data,preallocation=$mode,extent_size_hint=0" _make_test_img 64M
|
||||||
|
|
||||||
|
echo -n "qcow2 file size: "
|
||||||
|
du -b $TEST_IMG | cut -f1
|
||||||
|
@@ -75,7 +75,7 @@ for mode in off metadata falloc full; do
|
||||||
|
echo -n "qcow2 disk usage: "
|
||||||
|
[ $(du -B1 $TEST_IMG | cut -f1) -lt 1048576 ] && echo "low" || echo "high"
|
||||||
|
echo -n "data disk usage: "
|
||||||
|
- [ $(du -B1 $TEST_IMG.data | cut -f1) -lt 1048576 ] && echo "low" || echo "high"
|
||||||
|
+ [ $(du -B1 $TEST_IMG.data | cut -f1) -lt 2097152 ] && echo "low" || echo "high"
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
|
||||||
|
index c8e8663665..f29c1d3238 100644
|
||||||
|
--- a/tests/qemu-iotests/common.filter
|
||||||
|
+++ b/tests/qemu-iotests/common.filter
|
||||||
|
@@ -146,6 +146,7 @@ _filter_img_create()
|
||||||
|
-e "s# refcount_bits=[0-9]\\+##g" \
|
||||||
|
-e "s# key-secret=[a-zA-Z0-9]\\+##g" \
|
||||||
|
-e "s# iter-time=[0-9]\\+##g" \
|
||||||
|
+ -e "s# extent_size_hint=[0-9]\\+##g" \
|
||||||
|
-e "s# force_size=\\(on\\|off\\)##g"
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,89 @@
|
|||||||
|
From 15331267d11713906361ddd767c3e04ae46d9a83 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:55:50 -0400
|
||||||
|
Subject: [PATCH 01/14] glib-compat: add g_unix_get_passwd_entry_qemu()
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210609100615.2501448-2-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101687
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/4] glib-compat: add g_unix_get_passwd_entry_qemu()
|
||||||
|
Bugzilla: 1967716
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
The glib function was introduced in 2.64. It's a safer version of
|
||||||
|
getpwnam, and also simpler to use than getpwnam_r.
|
||||||
|
|
||||||
|
Currently, it's only use by the next patch in qemu-ga, which doesn't
|
||||||
|
(well well...) need the thread safety guarantees. Since the fallback
|
||||||
|
version is still unsafe, I would rather keep the _qemu postfix, to make
|
||||||
|
sure it's not being misused by mistake. When/if necessary, we can
|
||||||
|
implement a safer fallback and drop the _qemu suffix.
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
*fix checkpatch warnings about newlines before/after block comments
|
||||||
|
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 6d593ab451c490b0ca941c6a519894231634751e)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
include/glib-compat.h | 28 ++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 28 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/glib-compat.h b/include/glib-compat.h
|
||||||
|
index 0b0ec76299..695a96f7ea 100644
|
||||||
|
--- a/include/glib-compat.h
|
||||||
|
+++ b/include/glib-compat.h
|
||||||
|
@@ -30,6 +30,11 @@
|
||||||
|
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||||
|
|
||||||
|
#include <glib.h>
|
||||||
|
+#if defined(G_OS_UNIX)
|
||||||
|
+#include <glib-unix.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <pwd.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Note that because of the GLIB_VERSION_MAX_ALLOWED constant above, allowing
|
||||||
|
@@ -72,6 +77,29 @@
|
||||||
|
gint g_poll_fixed(GPollFD *fds, guint nfds, gint timeout);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#if defined(G_OS_UNIX)
|
||||||
|
+/*
|
||||||
|
+ * Note: The fallback implementation is not MT-safe, and it returns a copy of
|
||||||
|
+ * the libc passwd (must be g_free() after use) but not the content. Because of
|
||||||
|
+ * these important differences the caller must be aware of, it's not #define for
|
||||||
|
+ * GLib API substitution.
|
||||||
|
+ */
|
||||||
|
+static inline struct passwd *
|
||||||
|
+g_unix_get_passwd_entry_qemu(const gchar *user_name, GError **error)
|
||||||
|
+{
|
||||||
|
+#if GLIB_CHECK_VERSION(2, 64, 0)
|
||||||
|
+ return g_unix_get_passwd_entry(user_name, error);
|
||||||
|
+#else
|
||||||
|
+ struct passwd *p = getpwnam(user_name);
|
||||||
|
+ if (!p) {
|
||||||
|
+ g_set_error_literal(error, G_UNIX_ERROR, 0, g_strerror(errno));
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ return (struct passwd *)g_memdup(p, sizeof(*p));
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+#endif /* G_OS_UNIX */
|
||||||
|
+
|
||||||
|
#pragma GCC diagnostic pop
|
||||||
|
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,18 +1,18 @@
|
|||||||
From fd46dd1555e5955cf55b463ef126cf5cfac1d7ae Mon Sep 17 00:00:00 2001
|
From dad4f9beaa3fd1eec1e0dd46c3d5cd2f444c0f48 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Fri, 21 May 2021 23:04:32 -0400
|
Date: Tue, 13 Apr 2021 20:05:51 -0400
|
||||||
Subject: [PATCH 8/8] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
|
Subject: [PATCH 1/7] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
Message-id: <20210521230432.585518-2-jmaloy@redhat.com>
|
Message-id: <20210413200551.3825495-2-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101625
|
Patchwork-id: 101471
|
||||||
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
|
||||||
Bugzilla: 1952986
|
Bugzilla: 1925430
|
||||||
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
RH-Acked-by: Andrew Jones <drjones@redhat.com>
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
|
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 0438b497def59f2101864d79a20e50b896ae1870 Mon Sep 17 00:00:00 2001
|
From e2cafb929acb74377754cb688419575b139b922a Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:47 -0400
|
Date: Tue, 29 Jun 2021 03:42:47 -0400
|
||||||
Subject: [PATCH 9/9] lan9118: switch to use qemu_receive_packet() for loopback
|
Subject: [PATCH 9/9] lan9118: switch to use qemu_receive_packet() for loopback
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 17813233c9bb5c93c7f3c7fc350641f8e76e769c Mon Sep 17 00:00:00 2001
|
From 2687e0348e3e4d377b4f5356e46948dc2b371b6d Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Wed, 21 Apr 2021 22:30:02 -0400
|
Date: Wed, 21 Apr 2021 22:30:02 -0400
|
||||||
Subject: [PATCH 3/8] libqos: pci-pc: use 32-bit write for EJ register
|
Subject: [PATCH 3/7] libqos: pci-pc: use 32-bit write for EJ register
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -10,7 +10,7 @@ RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|||||||
Message-id: <20210421223006.19650-3-jmaloy@redhat.com>
|
Message-id: <20210421223006.19650-3-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101484
|
Patchwork-id: 101484
|
||||||
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 2/6] libqos: pci-pc: use 32-bit write for EJ register
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 2/6] libqos: pci-pc: use 32-bit write for EJ register
|
||||||
Bugzilla: 1944621
|
Bugzilla: 1842478
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 9c10bd2a3cd83c06add41e61a970da304fb0d3bf Mon Sep 17 00:00:00 2001
|
From 6320b4e76965b1cf64da4307f4d313fe6b2aa971 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Wed, 21 Apr 2021 22:30:01 -0400
|
Date: Wed, 21 Apr 2021 22:30:01 -0400
|
||||||
Subject: [PATCH 2/8] libqos: usb-hcd-ehci: use 32-bit write for config
|
Subject: [PATCH 2/7] libqos: usb-hcd-ehci: use 32-bit write for config
|
||||||
register
|
register
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -11,7 +11,7 @@ RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|||||||
Message-id: <20210421223006.19650-2-jmaloy@redhat.com>
|
Message-id: <20210421223006.19650-2-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101478
|
Patchwork-id: 101478
|
||||||
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 1/6] libqos: usb-hcd-ehci: use 32-bit write for config register
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 1/6] libqos: usb-hcd-ehci: use 32-bit write for config register
|
||||||
Bugzilla: 1944621
|
Bugzilla: 1842478
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
43
SOURCES/kvm-linux-headers-Add-VFIO_CCW_REQ_IRQ_INDEX.patch
Normal file
43
SOURCES/kvm-linux-headers-Add-VFIO_CCW_REQ_IRQ_INDEX.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From f844ca939adb619cce8426e104b0039a7eba70a6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
|
Date: Tue, 11 May 2021 11:24:04 -0400
|
||||||
|
Subject: [PATCH 1/5] linux-headers: Add VFIO_CCW_REQ_IRQ_INDEX
|
||||||
|
|
||||||
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||||
|
Message-id: <20210511112405.297037-2-thuth@redhat.com>
|
||||||
|
Patchwork-id: 101537
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/2] linux-headers: Add VFIO_CCW_REQ_IRQ_INDEX
|
||||||
|
Bugzilla: 1940450
|
||||||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||||
|
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1940450
|
||||||
|
Upstream-status: N/A
|
||||||
|
|
||||||
|
This is based on upstream commit b3c818a47f ("Update linux headers to
|
||||||
|
5.11-rc2"), but has been reduced to the single hunk that is required
|
||||||
|
for the next patch (there were too many unrelated conflicts in the other
|
||||||
|
files for doing full backport of the original upstream commit).
|
||||||
|
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
linux-headers/linux/vfio.h | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
|
||||||
|
index f660bd7bac..9c8810bef4 100644
|
||||||
|
--- a/linux-headers/linux/vfio.h
|
||||||
|
+++ b/linux-headers/linux/vfio.h
|
||||||
|
@@ -580,6 +580,7 @@ enum {
|
||||||
|
enum {
|
||||||
|
VFIO_CCW_IO_IRQ_INDEX,
|
||||||
|
VFIO_CCW_CRW_IRQ_INDEX,
|
||||||
|
+ VFIO_CCW_REQ_IRQ_INDEX,
|
||||||
|
VFIO_CCW_NUM_IRQS
|
||||||
|
};
|
||||||
|
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From e4010373c72eab2342d2ba7f10c1ddf43dc618c8 Mon Sep 17 00:00:00 2001
|
From 13f4ebe4708f4f4dc20d710e475a42d520459860 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Wed, 21 Apr 2021 22:30:03 -0400
|
Date: Wed, 21 Apr 2021 22:30:03 -0400
|
||||||
Subject: [PATCH 4/8] memory: Revert "memory: accept mismatching sizes in
|
Subject: [PATCH 4/7] memory: Revert "memory: accept mismatching sizes in
|
||||||
memory_region_access_valid"
|
memory_region_access_valid"
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -11,7 +11,7 @@ RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|||||||
Message-id: <20210421223006.19650-4-jmaloy@redhat.com>
|
Message-id: <20210421223006.19650-4-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101480
|
Patchwork-id: 101480
|
||||||
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 3/6] memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 3/6] memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"
|
||||||
Bugzilla: 1944621
|
Bugzilla: 1842478
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
@ -0,0 +1,301 @@
|
|||||||
|
From 512c7e92808dff66779f7421f1c17a081f18d7e6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:46 -0400
|
||||||
|
Subject: [PATCH 13/14] net: check if the file descriptor is valid before using
|
||||||
|
it
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Message-id: <20210726102337.6359-2-lvivier@redhat.com>
|
||||||
|
Patchwork-id: 101924
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/2] net: check if the file descriptor is valid before using it
|
||||||
|
Bugzilla: 1982134
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1982134
|
||||||
|
BRANCH: rhel-8.5.0
|
||||||
|
UPSTREAM: Merged
|
||||||
|
BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=38380653
|
||||||
|
|
||||||
|
qemu_set_nonblock() checks that the file descriptor can be used and, if
|
||||||
|
not, crashes QEMU. An assert() is used for that. The use of assert() is
|
||||||
|
used to detect programming error and the coredump will allow to debug
|
||||||
|
the problem.
|
||||||
|
|
||||||
|
But in the case of the tap device, this assert() can be triggered by
|
||||||
|
a misconfiguration by the user. At startup, it's not a real problem, but it
|
||||||
|
can also happen during the hot-plug of a new device, and here it's a
|
||||||
|
problem because we can crash a perfectly healthy system.
|
||||||
|
|
||||||
|
For instance:
|
||||||
|
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
|
||||||
|
# ip link set macvtap0 up
|
||||||
|
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
|
||||||
|
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
|
||||||
|
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
|
||||||
|
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
|
||||||
|
(qemu) device_del net0
|
||||||
|
(qemu) netdev_del hostnet0
|
||||||
|
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
|
||||||
|
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
|
||||||
|
Aborted (core dumped)
|
||||||
|
|
||||||
|
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
|
||||||
|
problem without crashing.
|
||||||
|
|
||||||
|
In the same way, we also update the function for vhostfd in net_init_tap_one() and
|
||||||
|
for fd in net_init_socket() (both descriptors are provided by the user and can
|
||||||
|
be wrong).
|
||||||
|
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
(cherry picked from commit 894022e616016fe81745753f14adfbd680a1c7ee)
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
include/qemu/sockets.h | 1 +
|
||||||
|
net/socket.c | 9 +++++--
|
||||||
|
net/tap.c | 25 +++++++++++++++---
|
||||||
|
util/oslib-posix.c | 26 +++++++++++++------
|
||||||
|
util/oslib-win32.c | 57 ++++++++++++++++++++++++------------------
|
||||||
|
5 files changed, 79 insertions(+), 39 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
|
||||||
|
index 57cd049d6e..7d1f813576 100644
|
||||||
|
--- a/include/qemu/sockets.h
|
||||||
|
+++ b/include/qemu/sockets.h
|
||||||
|
@@ -18,6 +18,7 @@ int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
|
||||||
|
int socket_set_cork(int fd, int v);
|
||||||
|
int socket_set_nodelay(int fd);
|
||||||
|
void qemu_set_block(int fd);
|
||||||
|
+int qemu_try_set_nonblock(int fd);
|
||||||
|
void qemu_set_nonblock(int fd);
|
||||||
|
int socket_set_fast_reuse(int fd);
|
||||||
|
|
||||||
|
diff --git a/net/socket.c b/net/socket.c
|
||||||
|
index c92354049b..2d21fddd9c 100644
|
||||||
|
--- a/net/socket.c
|
||||||
|
+++ b/net/socket.c
|
||||||
|
@@ -725,13 +725,18 @@ int net_init_socket(const Netdev *netdev, const char *name,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sock->has_fd) {
|
||||||
|
- int fd;
|
||||||
|
+ int fd, ret;
|
||||||
|
|
||||||
|
fd = monitor_fd_param(cur_mon, sock->fd, errp);
|
||||||
|
if (fd == -1) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
- qemu_set_nonblock(fd);
|
||||||
|
+ ret = qemu_try_set_nonblock(fd);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ error_setg_errno(errp, -ret, "%s: Can't use file descriptor %d",
|
||||||
|
+ name, fd);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
if (!net_socket_fd_init(peer, "socket", name, fd, 1, sock->mcast,
|
||||||
|
errp)) {
|
||||||
|
return -1;
|
||||||
|
diff --git a/net/tap.c b/net/tap.c
|
||||||
|
index 6207f61f84..41a20102fd 100644
|
||||||
|
--- a/net/tap.c
|
||||||
|
+++ b/net/tap.c
|
||||||
|
@@ -689,6 +689,8 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (vhostfdname) {
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
vhostfd = monitor_fd_param(cur_mon, vhostfdname, &err);
|
||||||
|
if (vhostfd == -1) {
|
||||||
|
if (tap->has_vhostforce && tap->vhostforce) {
|
||||||
|
@@ -698,7 +700,12 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- qemu_set_nonblock(vhostfd);
|
||||||
|
+ ret = qemu_try_set_nonblock(vhostfd);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ error_setg_errno(errp, -ret, "%s: Can't use file descriptor %d",
|
||||||
|
+ name, fd);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
vhostfd = open("/dev/vhost-net", O_RDWR);
|
||||||
|
if (vhostfd < 0) {
|
||||||
|
@@ -766,6 +773,7 @@ int net_init_tap(const Netdev *netdev, const char *name,
|
||||||
|
Error *err = NULL;
|
||||||
|
const char *vhostfdname;
|
||||||
|
char ifname[128];
|
||||||
|
+ int ret = 0;
|
||||||
|
|
||||||
|
assert(netdev->type == NET_CLIENT_DRIVER_TAP);
|
||||||
|
tap = &netdev->u.tap;
|
||||||
|
@@ -795,7 +803,12 @@ int net_init_tap(const Netdev *netdev, const char *name,
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- qemu_set_nonblock(fd);
|
||||||
|
+ ret = qemu_try_set_nonblock(fd);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ error_setg_errno(errp, -ret, "%s: Can't use file descriptor %d",
|
||||||
|
+ name, fd);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
vnet_hdr = tap_probe_vnet_hdr(fd);
|
||||||
|
|
||||||
|
@@ -810,7 +823,6 @@ int net_init_tap(const Netdev *netdev, const char *name,
|
||||||
|
char **fds;
|
||||||
|
char **vhost_fds;
|
||||||
|
int nfds = 0, nvhosts = 0;
|
||||||
|
- int ret = 0;
|
||||||
|
|
||||||
|
if (tap->has_ifname || tap->has_script || tap->has_downscript ||
|
||||||
|
tap->has_vnet_hdr || tap->has_helper || tap->has_queues ||
|
||||||
|
@@ -843,7 +855,12 @@ int net_init_tap(const Netdev *netdev, const char *name,
|
||||||
|
goto free_fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
- qemu_set_nonblock(fd);
|
||||||
|
+ ret = qemu_try_set_nonblock(fd);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ error_setg_errno(errp, -ret, "%s: Can't use file descriptor %d",
|
||||||
|
+ name, fd);
|
||||||
|
+ goto free_fail;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (i == 0) {
|
||||||
|
vnet_hdr = tap_probe_vnet_hdr(fd);
|
||||||
|
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
|
||||||
|
index 8f88e4dbe1..db70416dbb 100644
|
||||||
|
--- a/util/oslib-posix.c
|
||||||
|
+++ b/util/oslib-posix.c
|
||||||
|
@@ -240,25 +240,35 @@ void qemu_set_block(int fd)
|
||||||
|
assert(f != -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
-void qemu_set_nonblock(int fd)
|
||||||
|
+int qemu_try_set_nonblock(int fd)
|
||||||
|
{
|
||||||
|
int f;
|
||||||
|
f = fcntl(fd, F_GETFL);
|
||||||
|
- assert(f != -1);
|
||||||
|
- f = fcntl(fd, F_SETFL, f | O_NONBLOCK);
|
||||||
|
-#ifdef __OpenBSD__
|
||||||
|
if (f == -1) {
|
||||||
|
+ return -errno;
|
||||||
|
+ }
|
||||||
|
+ if (fcntl(fd, F_SETFL, f | O_NONBLOCK) == -1) {
|
||||||
|
+#ifdef __OpenBSD__
|
||||||
|
/*
|
||||||
|
* Previous to OpenBSD 6.3, fcntl(F_SETFL) is not permitted on
|
||||||
|
* memory devices and sets errno to ENODEV.
|
||||||
|
* It's OK if we fail to set O_NONBLOCK on devices like /dev/null,
|
||||||
|
* because they will never block anyway.
|
||||||
|
*/
|
||||||
|
- assert(errno == ENODEV);
|
||||||
|
- }
|
||||||
|
-#else
|
||||||
|
- assert(f != -1);
|
||||||
|
+ if (errno == ENODEV) {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
+ return -errno;
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void qemu_set_nonblock(int fd)
|
||||||
|
+{
|
||||||
|
+ int f;
|
||||||
|
+ f = qemu_try_set_nonblock(fd);
|
||||||
|
+ assert(f == 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
int socket_set_fast_reuse(int fd)
|
||||||
|
diff --git a/util/oslib-win32.c b/util/oslib-win32.c
|
||||||
|
index 3b49d27297..7eedbe5859 100644
|
||||||
|
--- a/util/oslib-win32.c
|
||||||
|
+++ b/util/oslib-win32.c
|
||||||
|
@@ -132,31 +132,6 @@ struct tm *localtime_r(const time_t *timep, struct tm *result)
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_LOCALTIME_R */
|
||||||
|
|
||||||
|
-void qemu_set_block(int fd)
|
||||||
|
-{
|
||||||
|
- unsigned long opt = 0;
|
||||||
|
- WSAEventSelect(fd, NULL, 0);
|
||||||
|
- ioctlsocket(fd, FIONBIO, &opt);
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-void qemu_set_nonblock(int fd)
|
||||||
|
-{
|
||||||
|
- unsigned long opt = 1;
|
||||||
|
- ioctlsocket(fd, FIONBIO, &opt);
|
||||||
|
- qemu_fd_register(fd);
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-int socket_set_fast_reuse(int fd)
|
||||||
|
-{
|
||||||
|
- /* Enabling the reuse of an endpoint that was used by a socket still in
|
||||||
|
- * TIME_WAIT state is usually performed by setting SO_REUSEADDR. On Windows
|
||||||
|
- * fast reuse is the default and SO_REUSEADDR does strange things. So we
|
||||||
|
- * don't have to do anything here. More info can be found at:
|
||||||
|
- * http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621.aspx */
|
||||||
|
- return 0;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-
|
||||||
|
static int socket_error(void)
|
||||||
|
{
|
||||||
|
switch (WSAGetLastError()) {
|
||||||
|
@@ -233,6 +208,38 @@ static int socket_error(void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+void qemu_set_block(int fd)
|
||||||
|
+{
|
||||||
|
+ unsigned long opt = 0;
|
||||||
|
+ WSAEventSelect(fd, NULL, 0);
|
||||||
|
+ ioctlsocket(fd, FIONBIO, &opt);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int qemu_try_set_nonblock(int fd)
|
||||||
|
+{
|
||||||
|
+ unsigned long opt = 1;
|
||||||
|
+ if (ioctlsocket(fd, FIONBIO, &opt) != NO_ERROR) {
|
||||||
|
+ return -socket_error();
|
||||||
|
+ }
|
||||||
|
+ qemu_fd_register(fd);
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void qemu_set_nonblock(int fd)
|
||||||
|
+{
|
||||||
|
+ (void)qemu_try_set_nonblock(fd);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int socket_set_fast_reuse(int fd)
|
||||||
|
+{
|
||||||
|
+ /* Enabling the reuse of an endpoint that was used by a socket still in
|
||||||
|
+ * TIME_WAIT state is usually performed by setting SO_REUSEADDR. On Windows
|
||||||
|
+ * fast reuse is the default and SO_REUSEADDR does strange things. So we
|
||||||
|
+ * don't have to do anything here. More info can be found at:
|
||||||
|
+ * http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621.aspx */
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int inet_aton(const char *cp, struct in_addr *ia)
|
||||||
|
{
|
||||||
|
uint32_t addr = inet_addr(cp);
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,221 @@
|
|||||||
|
From 3475ea6598896edb689ca8ba6fb81781e2517b6f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:49 -0400
|
||||||
|
Subject: [PATCH 14/14] net: detect errors from probing vnet hdr flag for TAP
|
||||||
|
devices
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Message-id: <20210726102337.6359-3-lvivier@redhat.com>
|
||||||
|
Patchwork-id: 101923
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/2] net: detect errors from probing vnet hdr flag for TAP devices
|
||||||
|
Bugzilla: 1982134
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1982134
|
||||||
|
BRANCH: rhel-8.5.0
|
||||||
|
UPSTREAM: Merged
|
||||||
|
BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=38380653
|
||||||
|
|
||||||
|
When QEMU sets up a tap based network device backend, it mostly ignores errors
|
||||||
|
reported from various ioctl() calls it makes, assuming the TAP file descriptor
|
||||||
|
is valid. This assumption can easily be violated when the user is passing in a
|
||||||
|
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
|
||||||
|
the user passes in a bogus FD number that happens to clash with a FD number that
|
||||||
|
QEMU has opened internally for another reason, a wide variety of errnos may
|
||||||
|
result, as the TUNGETIFF ioctl number may map to a completely different command
|
||||||
|
on a different type of file.
|
||||||
|
|
||||||
|
By ignoring all these errors, QEMU sets up a zombie network backend that will
|
||||||
|
never pass any data. Even worse, when QEMU shuts down, or that network backend
|
||||||
|
is hot-removed, it will close this bogus file descriptor, which could belong to
|
||||||
|
another QEMU device backend.
|
||||||
|
|
||||||
|
There's no obvious guaranteed reliable way to detect that a FD genuinely is a
|
||||||
|
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
|
||||||
|
the errno from probing vnet hdr flag though, does catch the big common cases.
|
||||||
|
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
|
||||||
|
a UNIX socket, or pipe which catches accidental collisions with FDs used for
|
||||||
|
stdio, or monitor socket.
|
||||||
|
|
||||||
|
Previously the example below where bogus fd 9 collides with the FD used for the
|
||||||
|
chardev saw:
|
||||||
|
|
||||||
|
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
|
||||||
|
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
|
||||||
|
-monitor stdio -vnc :0
|
||||||
|
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
|
||||||
|
TUNSETOFFLOAD ioctl() failed: Bad address
|
||||||
|
QEMU 2.9.1 monitor - type 'help' for more information
|
||||||
|
(qemu) Warning: netdev hostnet0 has no peer
|
||||||
|
|
||||||
|
which gives a running QEMU with a zombie network backend.
|
||||||
|
|
||||||
|
With this change applied we get an error message and QEMU immediately exits
|
||||||
|
before carrying on and making a bigger disaster:
|
||||||
|
|
||||||
|
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
|
||||||
|
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
|
||||||
|
-monitor stdio -vnc :0
|
||||||
|
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query TUNGETIFF on FD 9: Inappropriate ioctl for device
|
||||||
|
|
||||||
|
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||||
|
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
Message-id: 20171027085548.3472-1-berrange@redhat.com
|
||||||
|
[lv: to simplify, don't check on EINVAL with TUNGETIFF as it exists since v2.6.27]
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
(cherry picked from commit e7b347d0bf640adb1c998d317eaf44d2d7cbd973)
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
net/tap-bsd.c | 2 +-
|
||||||
|
net/tap-linux.c | 8 +++++---
|
||||||
|
net/tap-solaris.c | 2 +-
|
||||||
|
net/tap-stub.c | 2 +-
|
||||||
|
net/tap.c | 25 ++++++++++++++++++++-----
|
||||||
|
net/tap_int.h | 2 +-
|
||||||
|
6 files changed, 29 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/net/tap-bsd.c b/net/tap-bsd.c
|
||||||
|
index a5c3707f80..77aaf674b1 100644
|
||||||
|
--- a/net/tap-bsd.c
|
||||||
|
+++ b/net/tap-bsd.c
|
||||||
|
@@ -211,7 +211,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
-int tap_probe_vnet_hdr(int fd)
|
||||||
|
+int tap_probe_vnet_hdr(int fd, Error **errp)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/net/tap-linux.c b/net/tap-linux.c
|
||||||
|
index e0dd442ee3..b0635e9e32 100644
|
||||||
|
--- a/net/tap-linux.c
|
||||||
|
+++ b/net/tap-linux.c
|
||||||
|
@@ -147,13 +147,15 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-int tap_probe_vnet_hdr(int fd)
|
||||||
|
+int tap_probe_vnet_hdr(int fd, Error **errp)
|
||||||
|
{
|
||||||
|
struct ifreq ifr;
|
||||||
|
|
||||||
|
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
|
||||||
|
- error_report("TUNGETIFF ioctl() failed: %s", strerror(errno));
|
||||||
|
- return 0;
|
||||||
|
+ /* TUNGETIFF is available since kernel v2.6.27 */
|
||||||
|
+ error_setg_errno(errp, errno,
|
||||||
|
+ "Unable to query TUNGETIFF on FD %d", fd);
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ifr.ifr_flags & IFF_VNET_HDR;
|
||||||
|
diff --git a/net/tap-solaris.c b/net/tap-solaris.c
|
||||||
|
index 4725d2314e..ae2ba68284 100644
|
||||||
|
--- a/net/tap-solaris.c
|
||||||
|
+++ b/net/tap-solaris.c
|
||||||
|
@@ -206,7 +206,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
-int tap_probe_vnet_hdr(int fd)
|
||||||
|
+int tap_probe_vnet_hdr(int fd, Error **errp)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/net/tap-stub.c b/net/tap-stub.c
|
||||||
|
index a9ab8f8293..de525a2e69 100644
|
||||||
|
--- a/net/tap-stub.c
|
||||||
|
+++ b/net/tap-stub.c
|
||||||
|
@@ -37,7 +37,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
-int tap_probe_vnet_hdr(int fd)
|
||||||
|
+int tap_probe_vnet_hdr(int fd, Error **errp)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/net/tap.c b/net/tap.c
|
||||||
|
index 41a20102fd..b37ccae00c 100644
|
||||||
|
--- a/net/tap.c
|
||||||
|
+++ b/net/tap.c
|
||||||
|
@@ -597,7 +597,11 @@ int net_init_bridge(const Netdev *netdev, const char *name,
|
||||||
|
}
|
||||||
|
|
||||||
|
qemu_set_nonblock(fd);
|
||||||
|
- vnet_hdr = tap_probe_vnet_hdr(fd);
|
||||||
|
+ vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
||||||
|
+ if (vnet_hdr < 0) {
|
||||||
|
+ close(fd);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
s = net_tap_fd_init(peer, "bridge", name, fd, vnet_hdr);
|
||||||
|
|
||||||
|
snprintf(s->nc.info_str, sizeof(s->nc.info_str), "helper=%s,br=%s", helper,
|
||||||
|
@@ -810,7 +814,11 @@ int net_init_tap(const Netdev *netdev, const char *name,
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- vnet_hdr = tap_probe_vnet_hdr(fd);
|
||||||
|
+ vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
||||||
|
+ if (vnet_hdr < 0) {
|
||||||
|
+ close(fd);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
net_init_tap_one(tap, peer, "tap", name, NULL,
|
||||||
|
script, downscript,
|
||||||
|
@@ -863,8 +871,11 @@ int net_init_tap(const Netdev *netdev, const char *name,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i == 0) {
|
||||||
|
- vnet_hdr = tap_probe_vnet_hdr(fd);
|
||||||
|
- } else if (vnet_hdr != tap_probe_vnet_hdr(fd)) {
|
||||||
|
+ vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
||||||
|
+ if (vnet_hdr < 0) {
|
||||||
|
+ goto free_fail;
|
||||||
|
+ }
|
||||||
|
+ } else if (vnet_hdr != tap_probe_vnet_hdr(fd, NULL)) {
|
||||||
|
error_setg(errp,
|
||||||
|
"vnet_hdr not consistent across given tap fds");
|
||||||
|
ret = -1;
|
||||||
|
@@ -909,7 +920,11 @@ free_fail:
|
||||||
|
}
|
||||||
|
|
||||||
|
qemu_set_nonblock(fd);
|
||||||
|
- vnet_hdr = tap_probe_vnet_hdr(fd);
|
||||||
|
+ vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
||||||
|
+ if (vnet_hdr < 0) {
|
||||||
|
+ close(fd);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
net_init_tap_one(tap, peer, "bridge", name, ifname,
|
||||||
|
script, downscript, vhostfdname,
|
||||||
|
diff --git a/net/tap_int.h b/net/tap_int.h
|
||||||
|
index e3194b23f4..225a49ea48 100644
|
||||||
|
--- a/net/tap_int.h
|
||||||
|
+++ b/net/tap_int.h
|
||||||
|
@@ -34,7 +34,7 @@ int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
|
||||||
|
ssize_t tap_read_packet(int tapfd, uint8_t *buf, int maxlen);
|
||||||
|
|
||||||
|
void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp);
|
||||||
|
-int tap_probe_vnet_hdr(int fd);
|
||||||
|
+int tap_probe_vnet_hdr(int fd, Error **errp);
|
||||||
|
int tap_probe_vnet_hdr_len(int fd, int len);
|
||||||
|
int tap_probe_has_ufo(int fd);
|
||||||
|
void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo);
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
50
SOURCES/kvm-net-forbid-the-reentrant-RX.patch
Normal file
50
SOURCES/kvm-net-forbid-the-reentrant-RX.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From 1e01e2f96fd5e903394eab59365d5363394c8b18 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 13 Apr 2021 18:59:12 -0400
|
||||||
|
Subject: [PATCH 3/5] net: forbid the reentrant RX
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Message-id: <20210413185912.3811035-2-jmaloy@redhat.com>
|
||||||
|
Patchwork-id: 101467
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] net: forbid the reentrant RX
|
||||||
|
Bugzilla: 1859175
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
|
||||||
|
|
||||||
|
From: Jason Wang <jasowang@redhat.com>
|
||||||
|
|
||||||
|
The memory API allows DMA into NIC's MMIO area. This means the NIC's
|
||||||
|
RX routine must be reentrant. Instead of auditing all the NIC, we can
|
||||||
|
simply detect the reentrancy and return early. The queue->delivering
|
||||||
|
is set and cleared by qemu_net_queue_deliver() for other queue helpers
|
||||||
|
to know whether the delivering in on going (NIC's receive is being
|
||||||
|
called). We can check it and return early in qemu_net_queue_flush() to
|
||||||
|
forbid reentrant RX.
|
||||||
|
|
||||||
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 22dc8663d9fc7baa22100544c600b6285a63c7a3)
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
net/queue.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/net/queue.c b/net/queue.c
|
||||||
|
index 61276ca4be..c679d79f4b 100644
|
||||||
|
--- a/net/queue.c
|
||||||
|
+++ b/net/queue.c
|
||||||
|
@@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState *from)
|
||||||
|
|
||||||
|
bool qemu_net_queue_flush(NetQueue *queue)
|
||||||
|
{
|
||||||
|
+ if (queue->delivering)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
while (!QTAILQ_EMPTY(&queue->packets)) {
|
||||||
|
NetPacket *packet;
|
||||||
|
int ret;
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From ee23b82cc9174c96ea73252e2986cf822999494b Mon Sep 17 00:00:00 2001
|
From 89732bf03b26daaebbd3e6e031e79459ae3f77e1 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:39 -0400
|
Date: Tue, 29 Jun 2021 03:42:39 -0400
|
||||||
Subject: [PATCH 1/9] net: introduce qemu_receive_packet()
|
Subject: [PATCH 1/9] net: introduce qemu_receive_packet()
|
||||||
@ -150,7 +150,7 @@ index 84aa6d8d00..d0b651ca95 100644
|
|||||||
{
|
{
|
||||||
return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW,
|
return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW,
|
||||||
diff --git a/net/queue.c b/net/queue.c
|
diff --git a/net/queue.c b/net/queue.c
|
||||||
index 61276ca4be..7c0b72c8ef 100644
|
index c679d79f4b..5f0f9ffcaf 100644
|
||||||
--- a/net/queue.c
|
--- a/net/queue.c
|
||||||
+++ b/net/queue.c
|
+++ b/net/queue.c
|
||||||
@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue,
|
@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue,
|
||||||
|
@ -1,19 +1,16 @@
|
|||||||
From 04c233dd15e3b5bc842af371c3433eb723ffb6e6 Mon Sep 17 00:00:00 2001
|
From b7de63e72c479df42c324c058a487517210fa069 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 23 Mar 2021 22:11:13 -0400
|
Date: Tue, 13 Apr 2021 19:21:50 -0400
|
||||||
Subject: [PATCH 1/8] net: remove an assert call in eth_get_gso_type
|
Subject: [PATCH 1/5] net: remove an assert call in eth_get_gso_type
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
Message-id: <20210323221113.1893864-2-jmaloy@redhat.com>
|
Message-id: <20210413192150.3817133-2-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101364
|
Patchwork-id: 101469
|
||||||
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] net: remove an assert call in eth_get_gso_type
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] net: remove an assert call in eth_get_gso_type
|
||||||
Bugzilla: 1939494
|
Bugzilla: 1892350
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
|
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
|
||||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
|
||||||
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||||
|
|
||||||
|
@ -1,16 +1,19 @@
|
|||||||
From 3d7ff6c57357e1fb8453b26200cfd239e9cdaa72 Mon Sep 17 00:00:00 2001
|
From 56ae2d8a1ee3a35e2eed4f4baa61f97184189b47 Mon Sep 17 00:00:00 2001
|
||||||
From: Thomas Huth <thuth@redhat.com>
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
Date: Thu, 24 Jun 2021 14:50:46 -0400
|
Date: Tue, 18 May 2021 13:51:24 -0400
|
||||||
Subject: [PATCH 2/3] pc-bios/s390-ccw: break loop if a null block number is
|
Subject: [PATCH 4/5] pc-bios/s390-ccw: break loop if a null block number is
|
||||||
reached
|
reached
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||||
Message-id: <20210624145047.483112-3-thuth@redhat.com>
|
Message-id: <20210518135125.191329-3-thuth@redhat.com>
|
||||||
Patchwork-id: 101762
|
Patchwork-id: 101549
|
||||||
O-Subject: [RHEL-8.2.0.z / RHEL-8.4.0.z qemu-kvm PATCH 2/3] pc-bios/s390-ccw: break loop if a null block number is reached
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/3] pc-bios/s390-ccw: break loop if a null block number is reached
|
||||||
Bugzilla: 1975679
|
Bugzilla: 1942880
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
|
||||||
Break the loop if `cur_block_nr` is a null block number because this
|
Break the loop if `cur_block_nr` is a null block number because this
|
||||||
@ -23,6 +26,7 @@ Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
|||||||
Message-Id: <20200924085926.21709-3-mhartmay@linux.ibm.com>
|
Message-Id: <20200924085926.21709-3-mhartmay@linux.ibm.com>
|
||||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
(cherry picked from commit 468184ec9024f4f7b55247f70ec57554e8a500d7)
|
(cherry picked from commit 468184ec9024f4f7b55247f70ec57554e8a500d7)
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
---
|
---
|
||||||
pc-bios/s390-ccw/bootmap.c | 2 +-
|
pc-bios/s390-ccw/bootmap.c | 2 +-
|
||||||
|
@ -1,16 +1,19 @@
|
|||||||
From c3f15d52ad265bba0b21453d2d8b69f597092c25 Mon Sep 17 00:00:00 2001
|
From 52ba1903b2c8ce69e8cd1de2a78c2c63cc60383b Mon Sep 17 00:00:00 2001
|
||||||
From: Thomas Huth <thuth@redhat.com>
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
Date: Thu, 24 Jun 2021 14:50:47 -0400
|
Date: Tue, 18 May 2021 13:51:25 -0400
|
||||||
Subject: [PATCH 3/3] pc-bios/s390-ccw: don't try to read the next block if end
|
Subject: [PATCH 5/5] pc-bios/s390-ccw: don't try to read the next block if end
|
||||||
of chunk is reached
|
of chunk is reached
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||||
Message-id: <20210624145047.483112-4-thuth@redhat.com>
|
Message-id: <20210518135125.191329-4-thuth@redhat.com>
|
||||||
Patchwork-id: 101763
|
Patchwork-id: 101550
|
||||||
O-Subject: [RHEL-8.2.0.z / RHEL-8.4.0.z qemu-kvm PATCH 3/3] pc-bios/s390-ccw: don't try to read the next block if end of chunk is reached
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 3/3] pc-bios/s390-ccw: don't try to read the next block if end of chunk is reached
|
||||||
Bugzilla: 1975679
|
Bugzilla: 1942880
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
|
||||||
Don't read the block if a null block number is reached, because this means that
|
Don't read the block if a null block number is reached, because this means that
|
||||||
@ -21,6 +24,7 @@ Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
|||||||
Message-Id: <20210416074736.17409-1-mhartmay@linux.ibm.com>
|
Message-Id: <20210416074736.17409-1-mhartmay@linux.ibm.com>
|
||||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
(cherry picked from commit a6625d38cce3901a7c1cba069f0abcf743a293f1)
|
(cherry picked from commit a6625d38cce3901a7c1cba069f0abcf743a293f1)
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
---
|
---
|
||||||
pc-bios/s390-ccw/bootmap.c | 2 +-
|
pc-bios/s390-ccw/bootmap.c | 2 +-
|
||||||
|
@ -1,15 +1,18 @@
|
|||||||
From 93ddbd8ba056141dd68d973d534b67dad9882052 Mon Sep 17 00:00:00 2001
|
From 0e9bdb960045f98d70f765bbb585f1647e5fea08 Mon Sep 17 00:00:00 2001
|
||||||
From: Thomas Huth <thuth@redhat.com>
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
Date: Thu, 24 Jun 2021 14:50:45 -0400
|
Date: Tue, 18 May 2021 13:51:23 -0400
|
||||||
Subject: [PATCH 1/3] pc-bios/s390-ccw: fix off-by-one error
|
Subject: [PATCH 3/5] pc-bios/s390-ccw: fix off-by-one error
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||||
Message-id: <20210624145047.483112-2-thuth@redhat.com>
|
Message-id: <20210518135125.191329-2-thuth@redhat.com>
|
||||||
Patchwork-id: 101764
|
Patchwork-id: 101548
|
||||||
O-Subject: [RHEL-8.2.0.z / RHEL-8.4.0.z qemu-kvm PATCH 1/3] pc-bios/s390-ccw: fix off-by-one error
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/3] pc-bios/s390-ccw: fix off-by-one error
|
||||||
Bugzilla: 1975679
|
Bugzilla: 1942880
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
|
||||||
This error takes effect when the magic value "zIPL" is located at the
|
This error takes effect when the magic value "zIPL" is located at the
|
||||||
@ -24,6 +27,7 @@ Reviewed-by: Thomas Huth <thuth@redhat.com>
|
|||||||
[thuth: Use "<= ... - 4" instead of "< ... - 3"]
|
[thuth: Use "<= ... - 4" instead of "< ... - 3"]
|
||||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
(cherry picked from commit 5f97ba0c74ccace0a4014460de9751ff3c6f454a)
|
(cherry picked from commit 5f97ba0c74ccace0a4014460de9751ff3c6f454a)
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
---
|
---
|
||||||
pc-bios/s390-ccw/bootmap.c | 2 +-
|
pc-bios/s390-ccw/bootmap.c | 2 +-
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 3427c5573a7ab788e0c39e30b4d0ed5db85f03b3 Mon Sep 17 00:00:00 2001
|
From b36a9259e085b4d32532d896e485889181b130ae Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:45 -0400
|
Date: Tue, 29 Jun 2021 03:42:45 -0400
|
||||||
Subject: [PATCH 7/9] pcnet: switch to use qemu_receive_packet() for loopback
|
Subject: [PATCH 7/9] pcnet: switch to use qemu_receive_packet() for loopback
|
||||||
|
73
SOURCES/kvm-qemu-img-convert-Don-t-pre-zero-images.patch
Normal file
73
SOURCES/kvm-qemu-img-convert-Don-t-pre-zero-images.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
From eea45924903f03dc6d8f20576be0a4a84d5acce4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Date: Wed, 10 Feb 2021 10:16:11 -0500
|
||||||
|
Subject: [PATCH 4/5] qemu-img convert: Don't pre-zero images
|
||||||
|
|
||||||
|
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Message-id: <20210210101611.137928-2-kwolf@redhat.com>
|
||||||
|
Patchwork-id: 101030
|
||||||
|
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] qemu-img convert: Don't pre-zero images
|
||||||
|
Bugzilla: 1855250
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
|
||||||
|
Since commit 5a37b60a61c, qemu-img create will pre-zero the target image
|
||||||
|
if it isn't already zero-initialised (most importantly, for host block
|
||||||
|
devices, but also iscsi etc.), so that writing explicit zeros wouldn't
|
||||||
|
be necessary later.
|
||||||
|
|
||||||
|
This could speed up the operation significantly, in particular when the
|
||||||
|
source image file was only sparsely populated. However, it also means
|
||||||
|
that some block are written twice: Once when pre-zeroing them, and then
|
||||||
|
when they are overwritten with actual data. On a full image, the
|
||||||
|
pre-zeroing is wasted work because everything will be overwritten.
|
||||||
|
|
||||||
|
In practice, write_zeroes typically turns out faster than writing
|
||||||
|
explicit zero buffers, but slow enough that first zeroing everything and
|
||||||
|
then overwriting parts can be a significant net loss.
|
||||||
|
|
||||||
|
Meanwhile, qemu-img convert was rewritten in 690c7301600 and zero blocks
|
||||||
|
are now written to the target using bdrv_co_pwrite_zeroes() if the
|
||||||
|
target could be pre-zeroed. This way we already make use of the faster
|
||||||
|
write_zeroes operation, but avoid writing any blocks twice.
|
||||||
|
|
||||||
|
Remove the pre-zeroing because these days this former optimisation has
|
||||||
|
actually turned into a pessimisation in the common case.
|
||||||
|
|
||||||
|
Reported-by: Nir Soffer <nsoffer@redhat.com>
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Message-Id: <20200622151203.35624-1-kwolf@redhat.com>
|
||||||
|
Tested-by: Nir Soffer <nsoffer@redhat.com>
|
||||||
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
(cherry picked from commit edafc70c0c8510862f2f213a3acf7067113bcd08)
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
qemu-img.c | 9 ---------
|
||||||
|
1 file changed, 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/qemu-img.c b/qemu-img.c
|
||||||
|
index a27ad70851..b10dc5129b 100644
|
||||||
|
--- a/qemu-img.c
|
||||||
|
+++ b/qemu-img.c
|
||||||
|
@@ -2029,15 +2029,6 @@ static int convert_do_copy(ImgConvertState *s)
|
||||||
|
s->has_zero_init = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!s->has_zero_init && !s->target_has_backing &&
|
||||||
|
- bdrv_can_write_zeroes_with_unmap(blk_bs(s->target)))
|
||||||
|
- {
|
||||||
|
- ret = blk_make_zero(s->target, BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);
|
||||||
|
- if (ret == 0) {
|
||||||
|
- s->has_zero_init = true;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/* Allocate buffer for copied data. For compressed images, only one cluster
|
||||||
|
* can be copied at a time. */
|
||||||
|
if (s->compressed) {
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,176 @@
|
|||||||
|
From 7f8888f2c53060c4536856859d5ea94d23ea9e45 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:55:54 -0400
|
||||||
|
Subject: [PATCH 03/14] qga: add *reset argument to ssh-add-authorized-keys
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210609100615.2501448-4-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101689
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 3/4] qga: add *reset argument to ssh-add-authorized-keys
|
||||||
|
Bugzilla: 1967716
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
|
||||||
|
From: Michael Roth <michael.roth@amd.com>
|
||||||
|
|
||||||
|
I prefer 'reset' over 'clear', since 'clear' and keys may have some
|
||||||
|
other relations or meaning.
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
*fix disallowed g_assert* usage reported by checkpatch
|
||||||
|
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 0e3c94758e3851f0ab30d2a1e63a73284499775d)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
qga/commands-posix-ssh.c | 53 ++++++++++++++++++++++++++++++++++++----
|
||||||
|
qga/qapi-schema.json | 3 ++-
|
||||||
|
2 files changed, 50 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
|
||||||
|
index f74d89679c..362c9e8816 100644
|
||||||
|
--- a/qga/commands-posix-ssh.c
|
||||||
|
+++ b/qga/commands-posix-ssh.c
|
||||||
|
@@ -168,6 +168,7 @@ read_authkeys(const char *path, Error **errp)
|
||||||
|
|
||||||
|
void
|
||||||
|
qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
||||||
|
+ bool has_reset, bool reset,
|
||||||
|
Error **errp)
|
||||||
|
{
|
||||||
|
g_autofree struct passwd *p = NULL;
|
||||||
|
@@ -178,6 +179,7 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
||||||
|
size_t nkeys, nauthkeys;
|
||||||
|
|
||||||
|
ERRP_GUARD();
|
||||||
|
+ reset = has_reset && reset;
|
||||||
|
|
||||||
|
if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
|
||||||
|
return;
|
||||||
|
@@ -191,7 +193,9 @@ qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
||||||
|
ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
|
||||||
|
authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
|
||||||
|
|
||||||
|
- authkeys = read_authkeys(authkeys_path, NULL);
|
||||||
|
+ if (!reset) {
|
||||||
|
+ authkeys = read_authkeys(authkeys_path, NULL);
|
||||||
|
+ }
|
||||||
|
if (authkeys == NULL) {
|
||||||
|
if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
|
||||||
|
!mkdir_for_user(ssh_path, p, 0700, errp)) {
|
||||||
|
@@ -318,7 +322,7 @@ test_invalid_user(void)
|
||||||
|
{
|
||||||
|
Error *err = NULL;
|
||||||
|
|
||||||
|
- qmp_guest_ssh_add_authorized_keys("", NULL, &err);
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys("", NULL, FALSE, FALSE, &err);
|
||||||
|
error_free_or_abort(&err);
|
||||||
|
|
||||||
|
qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
|
||||||
|
@@ -333,7 +337,8 @@ test_invalid_key(void)
|
||||||
|
};
|
||||||
|
Error *err = NULL;
|
||||||
|
|
||||||
|
- qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err);
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key,
|
||||||
|
+ FALSE, FALSE, &err);
|
||||||
|
error_free_or_abort(&err);
|
||||||
|
|
||||||
|
qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
|
||||||
|
@@ -346,13 +351,17 @@ test_add_keys(void)
|
||||||
|
Error *err = NULL;
|
||||||
|
|
||||||
|
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
- (strList *)&test_key2, &err);
|
||||||
|
+ (strList *)&test_key2,
|
||||||
|
+ FALSE, FALSE,
|
||||||
|
+ &err);
|
||||||
|
g_assert(err == NULL);
|
||||||
|
|
||||||
|
test_authorized_keys_equal("algo key2 comments");
|
||||||
|
|
||||||
|
qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
- (strList *)&test_key1_2, &err);
|
||||||
|
+ (strList *)&test_key1_2,
|
||||||
|
+ FALSE, FALSE,
|
||||||
|
+ &err);
|
||||||
|
g_assert(err == NULL);
|
||||||
|
|
||||||
|
/* key2 came first, and should'nt be duplicated */
|
||||||
|
@@ -360,6 +369,39 @@ test_add_keys(void)
|
||||||
|
"algo key1 comments");
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+test_add_reset_keys(void)
|
||||||
|
+{
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)&test_key1_2,
|
||||||
|
+ FALSE, FALSE,
|
||||||
|
+ &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ /* reset with key2 only */
|
||||||
|
+ test_authorized_keys_equal("algo key1 comments\n"
|
||||||
|
+ "algo key2 comments");
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)&test_key2,
|
||||||
|
+ TRUE, TRUE,
|
||||||
|
+ &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ test_authorized_keys_equal("algo key2 comments");
|
||||||
|
+
|
||||||
|
+ /* empty should clear file */
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)NULL,
|
||||||
|
+ TRUE, TRUE,
|
||||||
|
+ &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ test_authorized_keys_equal("");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
test_remove_keys(void)
|
||||||
|
{
|
||||||
|
@@ -393,6 +435,7 @@ int main(int argc, char *argv[])
|
||||||
|
g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
|
||||||
|
g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
|
||||||
|
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
|
||||||
|
+ g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
|
||||||
|
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
|
||||||
|
|
||||||
|
return g_test_run();
|
||||||
|
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
|
||||||
|
index 3b85f5a03f..a70ea5da77 100644
|
||||||
|
--- a/qga/qapi-schema.json
|
||||||
|
+++ b/qga/qapi-schema.json
|
||||||
|
@@ -1279,6 +1279,7 @@
|
||||||
|
#
|
||||||
|
# @username: the user account to add the authorized keys
|
||||||
|
# @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
|
||||||
|
+# @reset: ignore the existing content, set it with the given keys only
|
||||||
|
#
|
||||||
|
# Append public keys to user .ssh/authorized_keys on Unix systems (not
|
||||||
|
# implemented for other systems).
|
||||||
|
@@ -1288,7 +1289,7 @@
|
||||||
|
# Since: 5.2
|
||||||
|
##
|
||||||
|
{ 'command': 'guest-ssh-add-authorized-keys',
|
||||||
|
- 'data': { 'username': 'str', 'keys': ['str'] },
|
||||||
|
+ 'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' },
|
||||||
|
'if': 'defined(CONFIG_POSIX)' }
|
||||||
|
|
||||||
|
##
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
525
SOURCES/kvm-qga-add-ssh-add-remove-authorized-keys.patch
Normal file
525
SOURCES/kvm-qga-add-ssh-add-remove-authorized-keys.patch
Normal file
@ -0,0 +1,525 @@
|
|||||||
|
From 4be6cb23235b29d6ce450c2dacaef09c52d1aeea Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:55:52 -0400
|
||||||
|
Subject: [PATCH 02/14] qga: add ssh-{add, remove}-authorized-keys
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210609100615.2501448-3-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101688
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/4] qga: add ssh-{add, remove}-authorized-keys
|
||||||
|
Bugzilla: 1967716
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Add new commands to add and remove SSH public keys from
|
||||||
|
~/.ssh/authorized_keys.
|
||||||
|
|
||||||
|
I took a different approach for testing, including the unit tests right
|
||||||
|
with the code. I wanted to overwrite the function to get the user
|
||||||
|
details, I couldn't easily do that over QMP. Furthermore, I prefer
|
||||||
|
having unit tests very close to the code, and unit files that are domain
|
||||||
|
specific (commands-posix is too crowded already). FWIW, that
|
||||||
|
coding/testing style is Rust-style (where tests can or should even be
|
||||||
|
part of the documentation!).
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1885332
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
*squashed in fix-ups for setting file ownership and use of QAPI
|
||||||
|
conditionals for CONFIG_POSIX instead of stub definitions
|
||||||
|
*disable qga-ssh-test for now due to G_TEST_OPTION_ISOLATE_DIRS
|
||||||
|
triggering leak detector in build-oss-fuzz
|
||||||
|
*fix disallowed g_assert* usage reported by checkpatch
|
||||||
|
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 8d769ec777dccbff199711aba43aa6297fe4a0e0)
|
||||||
|
[ Fixes trivial backport conflicts and use Makefile.objs build-sys ]
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
qga/Makefile.objs | 2 +-
|
||||||
|
qga/commands-posix-ssh.c | 407 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
qga/qapi-schema.json | 35 ++++
|
||||||
|
3 files changed, 443 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 qga/commands-posix-ssh.c
|
||||||
|
|
||||||
|
diff --git a/qga/Makefile.objs b/qga/Makefile.objs
|
||||||
|
index 80e6bb3c2e..c8da634db0 100644
|
||||||
|
--- a/qga/Makefile.objs
|
||||||
|
+++ b/qga/Makefile.objs
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
commands-posix.o-libs := $(LIBUDEV_LIBS)
|
||||||
|
qga-obj-y = commands.o guest-agent-command-state.o main.o
|
||||||
|
-qga-obj-$(CONFIG_POSIX) += commands-posix.o channel-posix.o
|
||||||
|
+qga-obj-$(CONFIG_POSIX) += commands-posix.o channel-posix.o commands-posix-ssh.o
|
||||||
|
qga-obj-$(CONFIG_WIN32) += commands-win32.o channel-win32.o service-win32.o
|
||||||
|
qga-obj-$(CONFIG_WIN32) += vss-win32.o
|
||||||
|
qga-obj-y += qapi-generated/qga-qapi-types.o qapi-generated/qga-qapi-visit.o
|
||||||
|
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..f74d89679c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/qga/commands-posix-ssh.c
|
||||||
|
@@ -0,0 +1,407 @@
|
||||||
|
+ /*
|
||||||
|
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
|
||||||
|
+ * See the COPYING file in the top-level directory.
|
||||||
|
+ */
|
||||||
|
+#include "qemu/osdep.h"
|
||||||
|
+
|
||||||
|
+#include <glib-unix.h>
|
||||||
|
+#include <glib/gstdio.h>
|
||||||
|
+#include <locale.h>
|
||||||
|
+#include <pwd.h>
|
||||||
|
+
|
||||||
|
+#include "qapi/error.h"
|
||||||
|
+#include "qga-qapi-commands.h"
|
||||||
|
+
|
||||||
|
+#ifdef QGA_BUILD_UNIT_TEST
|
||||||
|
+static struct passwd *
|
||||||
|
+test_get_passwd_entry(const gchar *user_name, GError **error)
|
||||||
|
+{
|
||||||
|
+ struct passwd *p;
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ if (!user_name || g_strcmp0(user_name, g_get_user_name())) {
|
||||||
|
+ g_set_error(error, G_UNIX_ERROR, 0, "Invalid user name");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p = g_new0(struct passwd, 1);
|
||||||
|
+ p->pw_dir = (char *)g_get_home_dir();
|
||||||
|
+ p->pw_uid = geteuid();
|
||||||
|
+ p->pw_gid = getegid();
|
||||||
|
+
|
||||||
|
+ ret = g_mkdir_with_parents(p->pw_dir, 0700);
|
||||||
|
+ g_assert(ret == 0);
|
||||||
|
+
|
||||||
|
+ return p;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define g_unix_get_passwd_entry_qemu(username, err) \
|
||||||
|
+ test_get_passwd_entry(username, err)
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+static struct passwd *
|
||||||
|
+get_passwd_entry(const char *username, Error **errp)
|
||||||
|
+{
|
||||||
|
+ g_autoptr(GError) err = NULL;
|
||||||
|
+ struct passwd *p;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ p = g_unix_get_passwd_entry_qemu(username, &err);
|
||||||
|
+ if (p == NULL) {
|
||||||
|
+ error_setg(errp, "failed to lookup user '%s': %s",
|
||||||
|
+ username, err->message);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return p;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static bool
|
||||||
|
+mkdir_for_user(const char *path, const struct passwd *p,
|
||||||
|
+ mode_t mode, Error **errp)
|
||||||
|
+{
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ if (g_mkdir(path, mode) == -1) {
|
||||||
|
+ error_setg(errp, "failed to create directory '%s': %s",
|
||||||
|
+ path, g_strerror(errno));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (chown(path, p->pw_uid, p->pw_gid) == -1) {
|
||||||
|
+ error_setg(errp, "failed to set ownership of directory '%s': %s",
|
||||||
|
+ path, g_strerror(errno));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (chmod(path, mode) == -1) {
|
||||||
|
+ error_setg(errp, "failed to set permissions of directory '%s': %s",
|
||||||
|
+ path, g_strerror(errno));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static bool
|
||||||
|
+check_openssh_pub_key(const char *key, Error **errp)
|
||||||
|
+{
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ /* simple sanity-check, we may want more? */
|
||||||
|
+ if (!key || key[0] == '#' || strchr(key, '\n')) {
|
||||||
|
+ error_setg(errp, "invalid OpenSSH public key: '%s'", key);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static bool
|
||||||
|
+check_openssh_pub_keys(strList *keys, size_t *nkeys, Error **errp)
|
||||||
|
+{
|
||||||
|
+ size_t n = 0;
|
||||||
|
+ strList *k;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ for (k = keys; k != NULL; k = k->next) {
|
||||||
|
+ if (!check_openssh_pub_key(k->value, errp)) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ n++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (nkeys) {
|
||||||
|
+ *nkeys = n;
|
||||||
|
+ }
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static bool
|
||||||
|
+write_authkeys(const char *path, const GStrv keys,
|
||||||
|
+ const struct passwd *p, Error **errp)
|
||||||
|
+{
|
||||||
|
+ g_autofree char *contents = NULL;
|
||||||
|
+ g_autoptr(GError) err = NULL;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ contents = g_strjoinv("\n", keys);
|
||||||
|
+ if (!g_file_set_contents(path, contents, -1, &err)) {
|
||||||
|
+ error_setg(errp, "failed to write to '%s': %s", path, err->message);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (chown(path, p->pw_uid, p->pw_gid) == -1) {
|
||||||
|
+ error_setg(errp, "failed to set ownership of directory '%s': %s",
|
||||||
|
+ path, g_strerror(errno));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (chmod(path, 0600) == -1) {
|
||||||
|
+ error_setg(errp, "failed to set permissions of '%s': %s",
|
||||||
|
+ path, g_strerror(errno));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static GStrv
|
||||||
|
+read_authkeys(const char *path, Error **errp)
|
||||||
|
+{
|
||||||
|
+ g_autoptr(GError) err = NULL;
|
||||||
|
+ g_autofree char *contents = NULL;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ if (!g_file_get_contents(path, &contents, NULL, &err)) {
|
||||||
|
+ error_setg(errp, "failed to read '%s': %s", path, err->message);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return g_strsplit(contents, "\n", -1);
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+qmp_guest_ssh_add_authorized_keys(const char *username, strList *keys,
|
||||||
|
+ Error **errp)
|
||||||
|
+{
|
||||||
|
+ g_autofree struct passwd *p = NULL;
|
||||||
|
+ g_autofree char *ssh_path = NULL;
|
||||||
|
+ g_autofree char *authkeys_path = NULL;
|
||||||
|
+ g_auto(GStrv) authkeys = NULL;
|
||||||
|
+ strList *k;
|
||||||
|
+ size_t nkeys, nauthkeys;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ if (!check_openssh_pub_keys(keys, &nkeys, errp)) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p = get_passwd_entry(username, errp);
|
||||||
|
+ if (p == NULL) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ssh_path = g_build_filename(p->pw_dir, ".ssh", NULL);
|
||||||
|
+ authkeys_path = g_build_filename(ssh_path, "authorized_keys", NULL);
|
||||||
|
+
|
||||||
|
+ authkeys = read_authkeys(authkeys_path, NULL);
|
||||||
|
+ if (authkeys == NULL) {
|
||||||
|
+ if (!g_file_test(ssh_path, G_FILE_TEST_IS_DIR) &&
|
||||||
|
+ !mkdir_for_user(ssh_path, p, 0700, errp)) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ nauthkeys = authkeys ? g_strv_length(authkeys) : 0;
|
||||||
|
+ authkeys = g_realloc_n(authkeys, nauthkeys + nkeys + 1, sizeof(char *));
|
||||||
|
+ memset(authkeys + nauthkeys, 0, (nkeys + 1) * sizeof(char *));
|
||||||
|
+
|
||||||
|
+ for (k = keys; k != NULL; k = k->next) {
|
||||||
|
+ if (g_strv_contains((const gchar * const *)authkeys, k->value)) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ authkeys[nauthkeys++] = g_strdup(k->value);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ write_authkeys(authkeys_path, authkeys, p, errp);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
|
||||||
|
+ Error **errp)
|
||||||
|
+{
|
||||||
|
+ g_autofree struct passwd *p = NULL;
|
||||||
|
+ g_autofree char *authkeys_path = NULL;
|
||||||
|
+ g_autofree GStrv new_keys = NULL; /* do not own the strings */
|
||||||
|
+ g_auto(GStrv) authkeys = NULL;
|
||||||
|
+ GStrv a;
|
||||||
|
+ size_t nkeys = 0;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ if (!check_openssh_pub_keys(keys, NULL, errp)) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p = get_passwd_entry(username, errp);
|
||||||
|
+ if (p == NULL) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ authkeys_path = g_build_filename(p->pw_dir, ".ssh",
|
||||||
|
+ "authorized_keys", NULL);
|
||||||
|
+ if (!g_file_test(authkeys_path, G_FILE_TEST_EXISTS)) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ authkeys = read_authkeys(authkeys_path, errp);
|
||||||
|
+ if (authkeys == NULL) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ new_keys = g_new0(char *, g_strv_length(authkeys) + 1);
|
||||||
|
+ for (a = authkeys; *a != NULL; a++) {
|
||||||
|
+ strList *k;
|
||||||
|
+
|
||||||
|
+ for (k = keys; k != NULL; k = k->next) {
|
||||||
|
+ if (g_str_equal(k->value, *a)) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (k != NULL) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ new_keys[nkeys++] = *a;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ write_authkeys(authkeys_path, new_keys, p, errp);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#ifdef QGA_BUILD_UNIT_TEST
|
||||||
|
+#if GLIB_CHECK_VERSION(2, 60, 0)
|
||||||
|
+static const strList test_key2 = {
|
||||||
|
+ .value = (char *)"algo key2 comments"
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const strList test_key1_2 = {
|
||||||
|
+ .value = (char *)"algo key1 comments",
|
||||||
|
+ .next = (strList *)&test_key2,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static char *
|
||||||
|
+test_get_authorized_keys_path(void)
|
||||||
|
+{
|
||||||
|
+ return g_build_filename(g_get_home_dir(), ".ssh", "authorized_keys", NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+test_authorized_keys_set(const char *contents)
|
||||||
|
+{
|
||||||
|
+ g_autoptr(GError) err = NULL;
|
||||||
|
+ g_autofree char *path = NULL;
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ path = g_build_filename(g_get_home_dir(), ".ssh", NULL);
|
||||||
|
+ ret = g_mkdir_with_parents(path, 0700);
|
||||||
|
+ g_assert(ret == 0);
|
||||||
|
+ g_free(path);
|
||||||
|
+
|
||||||
|
+ path = test_get_authorized_keys_path();
|
||||||
|
+ g_file_set_contents(path, contents, -1, &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+test_authorized_keys_equal(const char *expected)
|
||||||
|
+{
|
||||||
|
+ g_autoptr(GError) err = NULL;
|
||||||
|
+ g_autofree char *path = NULL;
|
||||||
|
+ g_autofree char *contents = NULL;
|
||||||
|
+
|
||||||
|
+ path = test_get_authorized_keys_path();
|
||||||
|
+ g_file_get_contents(path, &contents, NULL, &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ g_assert(g_strcmp0(contents, expected) == 0);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+test_invalid_user(void)
|
||||||
|
+{
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys("", NULL, &err);
|
||||||
|
+ error_free_or_abort(&err);
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_remove_authorized_keys("", NULL, &err);
|
||||||
|
+ error_free_or_abort(&err);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+test_invalid_key(void)
|
||||||
|
+{
|
||||||
|
+ strList key = {
|
||||||
|
+ .value = (char *)"not a valid\nkey"
|
||||||
|
+ };
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(), &key, &err);
|
||||||
|
+ error_free_or_abort(&err);
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_remove_authorized_keys(g_get_user_name(), &key, &err);
|
||||||
|
+ error_free_or_abort(&err);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+test_add_keys(void)
|
||||||
|
+{
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)&test_key2, &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ test_authorized_keys_equal("algo key2 comments");
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_add_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)&test_key1_2, &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ /* key2 came first, and should'nt be duplicated */
|
||||||
|
+ test_authorized_keys_equal("algo key2 comments\n"
|
||||||
|
+ "algo key1 comments");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+test_remove_keys(void)
|
||||||
|
+{
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+ static const char *authkeys =
|
||||||
|
+ "algo key1 comments\n"
|
||||||
|
+ /* originally duplicated */
|
||||||
|
+ "algo key1 comments\n"
|
||||||
|
+ "# a commented line\n"
|
||||||
|
+ "algo some-key another\n";
|
||||||
|
+
|
||||||
|
+ test_authorized_keys_set(authkeys);
|
||||||
|
+ qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)&test_key2, &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+ test_authorized_keys_equal(authkeys);
|
||||||
|
+
|
||||||
|
+ qmp_guest_ssh_remove_authorized_keys(g_get_user_name(),
|
||||||
|
+ (strList *)&test_key1_2, &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+ test_authorized_keys_equal("# a commented line\n"
|
||||||
|
+ "algo some-key another\n");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ setlocale(LC_ALL, "");
|
||||||
|
+
|
||||||
|
+ g_test_init(&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL);
|
||||||
|
+
|
||||||
|
+ g_test_add_func("/qga/ssh/invalid_user", test_invalid_user);
|
||||||
|
+ g_test_add_func("/qga/ssh/invalid_key", test_invalid_key);
|
||||||
|
+ g_test_add_func("/qga/ssh/add_keys", test_add_keys);
|
||||||
|
+ g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
|
||||||
|
+
|
||||||
|
+ return g_test_run();
|
||||||
|
+}
|
||||||
|
+#else
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ g_test_message("test skipped, needs glib >= 2.60");
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+#endif /* GLIB_2_60 */
|
||||||
|
+#endif /* BUILD_UNIT_TEST */
|
||||||
|
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
|
||||||
|
index 4222cb92d3..3b85f5a03f 100644
|
||||||
|
--- a/qga/qapi-schema.json
|
||||||
|
+++ b/qga/qapi-schema.json
|
||||||
|
@@ -1273,3 +1273,38 @@
|
||||||
|
##
|
||||||
|
{ 'command': 'guest-get-osinfo',
|
||||||
|
'returns': 'GuestOSInfo' }
|
||||||
|
+
|
||||||
|
+##
|
||||||
|
+# @guest-ssh-add-authorized-keys:
|
||||||
|
+#
|
||||||
|
+# @username: the user account to add the authorized keys
|
||||||
|
+# @keys: the public keys to add (in OpenSSH/sshd(8) authorized_keys format)
|
||||||
|
+#
|
||||||
|
+# Append public keys to user .ssh/authorized_keys on Unix systems (not
|
||||||
|
+# implemented for other systems).
|
||||||
|
+#
|
||||||
|
+# Returns: Nothing on success.
|
||||||
|
+#
|
||||||
|
+# Since: 5.2
|
||||||
|
+##
|
||||||
|
+{ 'command': 'guest-ssh-add-authorized-keys',
|
||||||
|
+ 'data': { 'username': 'str', 'keys': ['str'] },
|
||||||
|
+ 'if': 'defined(CONFIG_POSIX)' }
|
||||||
|
+
|
||||||
|
+##
|
||||||
|
+# @guest-ssh-remove-authorized-keys:
|
||||||
|
+#
|
||||||
|
+# @username: the user account to remove the authorized keys
|
||||||
|
+# @keys: the public keys to remove (in OpenSSH/sshd(8) authorized_keys format)
|
||||||
|
+#
|
||||||
|
+# Remove public keys from the user .ssh/authorized_keys on Unix systems (not
|
||||||
|
+# implemented for other systems). It's not an error if the key is already
|
||||||
|
+# missing.
|
||||||
|
+#
|
||||||
|
+# Returns: Nothing on success.
|
||||||
|
+#
|
||||||
|
+# Since: 5.2
|
||||||
|
+##
|
||||||
|
+{ 'command': 'guest-ssh-remove-authorized-keys',
|
||||||
|
+ 'data': { 'username': 'str', 'keys': ['str'] },
|
||||||
|
+ 'if': 'defined(CONFIG_POSIX)' }
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
170
SOURCES/kvm-qga-add-ssh-get-authorized-keys.patch
Normal file
170
SOURCES/kvm-qga-add-ssh-get-authorized-keys.patch
Normal file
@ -0,0 +1,170 @@
|
|||||||
|
From 1ed102f5489e6cf3168d9014e9a082909193b6fc Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:55:57 -0400
|
||||||
|
Subject: [PATCH 04/14] qga: add ssh-get-authorized-keys
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210609100615.2501448-5-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101690
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 4/4] qga: add ssh-get-authorized-keys
|
||||||
|
Bugzilla: 1967716
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Michal Privoznik <mprivozn@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
*fix-up merge conflicts due to qga-ssh-test being disabled in earlier
|
||||||
|
patch due to G_TEST_OPTION_ISOLATE_DIRS triggering build-oss-fuzz
|
||||||
|
leak detector.
|
||||||
|
*fix up style and disallowed g_assert* usage reported by checkpatch
|
||||||
|
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||||||
|
|
||||||
|
(cherry picked from commit cad97c08a1c17830d77a46780088bc0199df89d1)
|
||||||
|
[ Fix trivial schema conflict ]
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
qga/commands-posix-ssh.c | 66 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
qga/qapi-schema.json | 30 ++++++++++++++++++
|
||||||
|
2 files changed, 96 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/qga/commands-posix-ssh.c b/qga/commands-posix-ssh.c
|
||||||
|
index 362c9e8816..749167e82d 100644
|
||||||
|
--- a/qga/commands-posix-ssh.c
|
||||||
|
+++ b/qga/commands-posix-ssh.c
|
||||||
|
@@ -268,6 +268,46 @@ qmp_guest_ssh_remove_authorized_keys(const char *username, strList *keys,
|
||||||
|
write_authkeys(authkeys_path, new_keys, p, errp);
|
||||||
|
}
|
||||||
|
|
||||||
|
+GuestAuthorizedKeys *
|
||||||
|
+qmp_guest_ssh_get_authorized_keys(const char *username, Error **errp)
|
||||||
|
+{
|
||||||
|
+ g_autofree struct passwd *p = NULL;
|
||||||
|
+ g_autofree char *authkeys_path = NULL;
|
||||||
|
+ g_auto(GStrv) authkeys = NULL;
|
||||||
|
+ g_autoptr(GuestAuthorizedKeys) ret = NULL;
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ ERRP_GUARD();
|
||||||
|
+
|
||||||
|
+ p = get_passwd_entry(username, errp);
|
||||||
|
+ if (p == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ authkeys_path = g_build_filename(p->pw_dir, ".ssh",
|
||||||
|
+ "authorized_keys", NULL);
|
||||||
|
+ authkeys = read_authkeys(authkeys_path, errp);
|
||||||
|
+ if (authkeys == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ret = g_new0(GuestAuthorizedKeys, 1);
|
||||||
|
+ for (i = 0; authkeys[i] != NULL; i++) {
|
||||||
|
+ strList *new;
|
||||||
|
+
|
||||||
|
+ g_strstrip(authkeys[i]);
|
||||||
|
+ if (!authkeys[i][0] || authkeys[i][0] == '#') {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ new = g_new0(strList, 1);
|
||||||
|
+ new->value = g_strdup(authkeys[i]);
|
||||||
|
+ new->next = ret->keys;
|
||||||
|
+ ret->keys = new;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return g_steal_pointer(&ret);
|
||||||
|
+}
|
||||||
|
|
||||||
|
#ifdef QGA_BUILD_UNIT_TEST
|
||||||
|
#if GLIB_CHECK_VERSION(2, 60, 0)
|
||||||
|
@@ -426,6 +466,31 @@ test_remove_keys(void)
|
||||||
|
"algo some-key another\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+test_get_keys(void)
|
||||||
|
+{
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+ static const char *authkeys =
|
||||||
|
+ "algo key1 comments\n"
|
||||||
|
+ "# a commented line\n"
|
||||||
|
+ "algo some-key another\n";
|
||||||
|
+ g_autoptr(GuestAuthorizedKeys) ret = NULL;
|
||||||
|
+ strList *k;
|
||||||
|
+ size_t len = 0;
|
||||||
|
+
|
||||||
|
+ test_authorized_keys_set(authkeys);
|
||||||
|
+
|
||||||
|
+ ret = qmp_guest_ssh_get_authorized_keys(g_get_user_name(), &err);
|
||||||
|
+ g_assert(err == NULL);
|
||||||
|
+
|
||||||
|
+ for (len = 0, k = ret->keys; k != NULL; k = k->next) {
|
||||||
|
+ g_assert(g_str_has_prefix(k->value, "algo "));
|
||||||
|
+ len++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ g_assert(len == 2);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
setlocale(LC_ALL, "");
|
||||||
|
@@ -437,6 +502,7 @@ int main(int argc, char *argv[])
|
||||||
|
g_test_add_func("/qga/ssh/add_keys", test_add_keys);
|
||||||
|
g_test_add_func("/qga/ssh/add_reset_keys", test_add_reset_keys);
|
||||||
|
g_test_add_func("/qga/ssh/remove_keys", test_remove_keys);
|
||||||
|
+ g_test_add_func("/qga/ssh/get_keys", test_get_keys);
|
||||||
|
|
||||||
|
return g_test_run();
|
||||||
|
}
|
||||||
|
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
|
||||||
|
index a70ea5da77..97bf96712e 100644
|
||||||
|
--- a/qga/qapi-schema.json
|
||||||
|
+++ b/qga/qapi-schema.json
|
||||||
|
@@ -1274,6 +1274,36 @@
|
||||||
|
{ 'command': 'guest-get-osinfo',
|
||||||
|
'returns': 'GuestOSInfo' }
|
||||||
|
|
||||||
|
+##
|
||||||
|
+# @GuestAuthorizedKeys:
|
||||||
|
+#
|
||||||
|
+# @keys: public keys (in OpenSSH/sshd(8) authorized_keys format)
|
||||||
|
+#
|
||||||
|
+# Since: 5.2
|
||||||
|
+##
|
||||||
|
+{ 'struct': 'GuestAuthorizedKeys',
|
||||||
|
+ 'data': {
|
||||||
|
+ 'keys': ['str']
|
||||||
|
+ },
|
||||||
|
+ 'if': 'defined(CONFIG_POSIX)' }
|
||||||
|
+
|
||||||
|
+##
|
||||||
|
+# @guest-ssh-get-authorized-keys:
|
||||||
|
+#
|
||||||
|
+# @username: the user account to add the authorized keys
|
||||||
|
+#
|
||||||
|
+# Return the public keys from user .ssh/authorized_keys on Unix systems (not
|
||||||
|
+# implemented for other systems).
|
||||||
|
+#
|
||||||
|
+# Returns: @GuestAuthorizedKeys
|
||||||
|
+#
|
||||||
|
+# Since: 5.2
|
||||||
|
+##
|
||||||
|
+{ 'command': 'guest-ssh-get-authorized-keys',
|
||||||
|
+ 'data': { 'username': 'str' },
|
||||||
|
+ 'returns': 'GuestAuthorizedKeys',
|
||||||
|
+ 'if': 'defined(CONFIG_POSIX)' }
|
||||||
|
+
|
||||||
|
##
|
||||||
|
# @guest-ssh-add-authorized-keys:
|
||||||
|
#
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From e0b83063b76725878c466f1b8918c61864cfd0c2 Mon Sep 17 00:00:00 2001
|
From 4079c4e96f910fe7e57af13feb433f06246f1d79 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:44 -0400
|
Date: Tue, 29 Jun 2021 03:42:44 -0400
|
||||||
Subject: [PATCH 6/9] rtl8139: switch to use qemu_receive_packet() for loopback
|
Subject: [PATCH 6/9] rtl8139: switch to use qemu_receive_packet() for loopback
|
||||||
|
177
SOURCES/kvm-scsi-make-io_timeout-configurable.patch
Normal file
177
SOURCES/kvm-scsi-make-io_timeout-configurable.patch
Normal file
@ -0,0 +1,177 @@
|
|||||||
|
From 2903ab6d961b2165f3cbfb786cd3be59a407a6b4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hannes Reinecke <hare@suse.de>
|
||||||
|
Date: Mon, 16 Nov 2020 19:31:13 +0100
|
||||||
|
Subject: [PATCH] scsi: make io_timeout configurable
|
||||||
|
|
||||||
|
RH-Author: Paolo Bonzini <None>
|
||||||
|
RH-MergeRequest: 40: scsi: make io_timeout configurable
|
||||||
|
RH-Commit: [1/1] 147c4b7bac867c708c1905e98c4f9329ab4ef838
|
||||||
|
RH-Bugzilla: 1994041
|
||||||
|
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
|
||||||
|
The current code sets an infinite timeout on SG_IO requests,
|
||||||
|
causing the guest to stall if the host experiences a frame
|
||||||
|
loss.
|
||||||
|
This patch adds an 'io_timeout' parameter for SCSIDevice to
|
||||||
|
make the SG_IO timeout configurable, and also shortens the
|
||||||
|
default timeout to 30 seconds to avoid infinite stalls.
|
||||||
|
|
||||||
|
Signed-off-by: Hannes Reinecke <hare@suse.de>
|
||||||
|
Message-Id: <20201116183114.55703-3-hare@suse.de>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
(cherry picked from commit c9b6609b69facad0cc5425d4fa7934c33d7f2e91)
|
||||||
|
---
|
||||||
|
hw/scsi/scsi-disk.c | 6 ++++--
|
||||||
|
hw/scsi/scsi-generic.c | 17 +++++++++++------
|
||||||
|
include/hw/scsi/scsi.h | 4 +++-
|
||||||
|
3 files changed, 18 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
|
||||||
|
index e44c61eeb4..5cb5fd35bd 100644
|
||||||
|
--- a/hw/scsi/scsi-disk.c
|
||||||
|
+++ b/hw/scsi/scsi-disk.c
|
||||||
|
@@ -2610,7 +2610,7 @@ static int get_device_type(SCSIDiskState *s)
|
||||||
|
cmd[4] = sizeof(buf);
|
||||||
|
|
||||||
|
ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
|
||||||
|
- buf, sizeof(buf));
|
||||||
|
+ buf, sizeof(buf), s->qdev.io_timeout);
|
||||||
|
if (ret < 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@@ -2771,7 +2771,7 @@ static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
|
||||||
|
/* The rest is as in scsi-generic.c. */
|
||||||
|
io_header->mx_sb_len = sizeof(r->req.sense);
|
||||||
|
io_header->sbp = r->req.sense;
|
||||||
|
- io_header->timeout = UINT_MAX;
|
||||||
|
+ io_header->timeout = s->qdev.io_timeout * 1000;
|
||||||
|
io_header->usr_ptr = r;
|
||||||
|
io_header->flags |= SG_FLAG_DIRECT_IO;
|
||||||
|
|
||||||
|
@@ -3089,6 +3089,8 @@ static Property scsi_block_properties[] = {
|
||||||
|
DEFAULT_MAX_IO_SIZE),
|
||||||
|
DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
|
||||||
|
-1),
|
||||||
|
+ DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
|
||||||
|
+ DEFAULT_IO_TIMEOUT),
|
||||||
|
DEFINE_PROP_END_OF_LIST(),
|
||||||
|
};
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
|
||||||
|
index e7798ebcd0..3a383fe4d6 100644
|
||||||
|
--- a/hw/scsi/scsi-generic.c
|
||||||
|
+++ b/hw/scsi/scsi-generic.c
|
||||||
|
@@ -114,6 +114,8 @@ static int execute_command(BlockBackend *blk,
|
||||||
|
SCSIGenericReq *r, int direction,
|
||||||
|
BlockCompletionFunc *complete)
|
||||||
|
{
|
||||||
|
+ SCSIDevice *s = r->req.dev;
|
||||||
|
+
|
||||||
|
r->io_header.interface_id = 'S';
|
||||||
|
r->io_header.dxfer_direction = direction;
|
||||||
|
r->io_header.dxferp = r->buf;
|
||||||
|
@@ -122,7 +124,7 @@ static int execute_command(BlockBackend *blk,
|
||||||
|
r->io_header.cmd_len = r->req.cmd.len;
|
||||||
|
r->io_header.mx_sb_len = sizeof(r->req.sense);
|
||||||
|
r->io_header.sbp = r->req.sense;
|
||||||
|
- r->io_header.timeout = MAX_UINT;
|
||||||
|
+ r->io_header.timeout = s->io_timeout * 1000;
|
||||||
|
r->io_header.usr_ptr = r;
|
||||||
|
r->io_header.flags |= SG_FLAG_DIRECT_IO;
|
||||||
|
|
||||||
|
@@ -503,7 +505,7 @@ static int read_naa_id(const uint8_t *p, uint64_t *p_wwn)
|
||||||
|
}
|
||||||
|
|
||||||
|
int scsi_SG_IO_FROM_DEV(BlockBackend *blk, uint8_t *cmd, uint8_t cmd_size,
|
||||||
|
- uint8_t *buf, uint8_t buf_size)
|
||||||
|
+ uint8_t *buf, uint8_t buf_size, uint32_t timeout)
|
||||||
|
{
|
||||||
|
sg_io_hdr_t io_header;
|
||||||
|
uint8_t sensebuf[8];
|
||||||
|
@@ -518,7 +520,7 @@ int scsi_SG_IO_FROM_DEV(BlockBackend *blk, uint8_t *cmd, uint8_t cmd_size,
|
||||||
|
io_header.cmd_len = cmd_size;
|
||||||
|
io_header.mx_sb_len = sizeof(sensebuf);
|
||||||
|
io_header.sbp = sensebuf;
|
||||||
|
- io_header.timeout = 6000; /* XXX */
|
||||||
|
+ io_header.timeout = timeout * 1000;
|
||||||
|
|
||||||
|
ret = blk_ioctl(blk, SG_IO, &io_header);
|
||||||
|
if (ret < 0 || io_header.driver_status || io_header.host_status) {
|
||||||
|
@@ -548,7 +550,7 @@ static void scsi_generic_set_vpd_bl_emulation(SCSIDevice *s)
|
||||||
|
cmd[4] = sizeof(buf);
|
||||||
|
|
||||||
|
ret = scsi_SG_IO_FROM_DEV(s->conf.blk, cmd, sizeof(cmd),
|
||||||
|
- buf, sizeof(buf));
|
||||||
|
+ buf, sizeof(buf), s->io_timeout);
|
||||||
|
if (ret < 0) {
|
||||||
|
/*
|
||||||
|
* Do not assume anything if we can't retrieve the
|
||||||
|
@@ -584,7 +586,7 @@ static void scsi_generic_read_device_identification(SCSIDevice *s)
|
||||||
|
cmd[4] = sizeof(buf);
|
||||||
|
|
||||||
|
ret = scsi_SG_IO_FROM_DEV(s->conf.blk, cmd, sizeof(cmd),
|
||||||
|
- buf, sizeof(buf));
|
||||||
|
+ buf, sizeof(buf), s->io_timeout);
|
||||||
|
if (ret < 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -635,7 +637,7 @@ static int get_stream_blocksize(BlockBackend *blk)
|
||||||
|
cmd[0] = MODE_SENSE;
|
||||||
|
cmd[4] = sizeof(buf);
|
||||||
|
|
||||||
|
- ret = scsi_SG_IO_FROM_DEV(blk, cmd, sizeof(cmd), buf, sizeof(buf));
|
||||||
|
+ ret = scsi_SG_IO_FROM_DEV(blk, cmd, sizeof(cmd), buf, sizeof(buf), 6);
|
||||||
|
if (ret < 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@@ -725,6 +727,7 @@ static void scsi_generic_realize(SCSIDevice *s, Error **errp)
|
||||||
|
|
||||||
|
/* Only used by scsi-block, but initialize it nevertheless to be clean. */
|
||||||
|
s->default_scsi_version = -1;
|
||||||
|
+ s->io_timeout = DEFAULT_IO_TIMEOUT;
|
||||||
|
scsi_generic_read_device_inquiry(s);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -748,6 +751,8 @@ static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
|
||||||
|
static Property scsi_generic_properties[] = {
|
||||||
|
DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.blk),
|
||||||
|
DEFINE_PROP_BOOL("share-rw", SCSIDevice, conf.share_rw, false),
|
||||||
|
+ DEFINE_PROP_UINT32("io_timeout", SCSIDevice, io_timeout,
|
||||||
|
+ DEFAULT_IO_TIMEOUT),
|
||||||
|
DEFINE_PROP_END_OF_LIST(),
|
||||||
|
};
|
||||||
|
|
||||||
|
diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
|
||||||
|
index 332ef602f4..ae0724a32d 100644
|
||||||
|
--- a/include/hw/scsi/scsi.h
|
||||||
|
+++ b/include/hw/scsi/scsi.h
|
||||||
|
@@ -17,6 +17,7 @@ typedef struct SCSIReqOps SCSIReqOps;
|
||||||
|
|
||||||
|
#define SCSI_SENSE_BUF_SIZE_OLD 96
|
||||||
|
#define SCSI_SENSE_BUF_SIZE 252
|
||||||
|
+#define DEFAULT_IO_TIMEOUT 30
|
||||||
|
|
||||||
|
struct SCSIRequest {
|
||||||
|
SCSIBus *bus;
|
||||||
|
@@ -88,6 +89,7 @@ struct SCSIDevice
|
||||||
|
uint64_t port_wwn;
|
||||||
|
int scsi_version;
|
||||||
|
int default_scsi_version;
|
||||||
|
+ uint32_t io_timeout;
|
||||||
|
bool needs_vpd_bl_emulation;
|
||||||
|
bool hba_supports_iothread;
|
||||||
|
};
|
||||||
|
@@ -192,7 +194,7 @@ void scsi_device_unit_attention_reported(SCSIDevice *dev);
|
||||||
|
void scsi_generic_read_device_inquiry(SCSIDevice *dev);
|
||||||
|
int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed);
|
||||||
|
int scsi_SG_IO_FROM_DEV(BlockBackend *blk, uint8_t *cmd, uint8_t cmd_size,
|
||||||
|
- uint8_t *buf, uint8_t buf_size);
|
||||||
|
+ uint8_t *buf, uint8_t buf_size, uint32_t timeout);
|
||||||
|
SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int target, int lun);
|
||||||
|
|
||||||
|
/* scsi-generic.c. */
|
||||||
|
--
|
||||||
|
2.18.2
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 251adb595eb7e39e9368cb7ed07f9a4c42d28d2c Mon Sep 17 00:00:00 2001
|
From be0a190e3c5c4ff84f7c53630ed5a55644d18acc Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Wed, 21 Apr 2021 22:30:06 -0400
|
Date: Wed, 21 Apr 2021 22:30:06 -0400
|
||||||
Subject: [PATCH 7/8] softmmu/memory: Log invalid memory accesses
|
Subject: [PATCH 7/7] softmmu/memory: Log invalid memory accesses
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -10,7 +10,7 @@ RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|||||||
Message-id: <20210421223006.19650-7-jmaloy@redhat.com>
|
Message-id: <20210421223006.19650-7-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101481
|
Patchwork-id: 101481
|
||||||
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 6/6] softmmu/memory: Log invalid memory accesses
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 6/6] softmmu/memory: Log invalid memory accesses
|
||||||
Bugzilla: 1944621
|
Bugzilla: 1842478
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
@ -0,0 +1,165 @@
|
|||||||
|
From f9d332b1280cd3f6009b59323719548a36a7c52b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Henrique Barboza <dbarboza@redhat.com>
|
||||||
|
Date: Mon, 21 Jun 2021 14:40:24 -0400
|
||||||
|
Subject: [PATCH 2/4] spapr: Fix EEH capability issue on KVM guest for PCI
|
||||||
|
passthru
|
||||||
|
|
||||||
|
RH-Author: Daniel Henrique Barboza <dbarboza@redhat.com>
|
||||||
|
Message-id: <20210621144024.199732-2-dbarboza@redhat.com>
|
||||||
|
Patchwork-id: 101740
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] spapr: Fix EEH capability issue on KVM guest for PCI passthru
|
||||||
|
Bugzilla: 1957866
|
||||||
|
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||||
|
RH-Acked-by: David Gibson <dgibson@redhat.com>
|
||||||
|
|
||||||
|
From: Mahesh Salgaonkar <mahesh@linux.ibm.com>
|
||||||
|
|
||||||
|
With upstream kernel, especially after commit 98ba956f6a389
|
||||||
|
("powerpc/pseries/eeh: Rework device EEH PE determination") we see that KVM
|
||||||
|
guest isn't able to enable EEH option for PCI pass-through devices anymore.
|
||||||
|
|
||||||
|
[root@atest-guest ~]# dmesg | grep EEH
|
||||||
|
[ 0.032337] EEH: pSeries platform initialized
|
||||||
|
[ 0.298207] EEH: No capable adapters found: recovery disabled.
|
||||||
|
[root@atest-guest ~]#
|
||||||
|
|
||||||
|
So far the linux kernel was assuming pe_config_addr equal to device's
|
||||||
|
config_addr and using it to enable EEH on the PE through ibm,set-eeh-option
|
||||||
|
RTAS call. Which wasn't the correct way as per PAPR. The linux kernel
|
||||||
|
commit 98ba956f6a389 fixed this flow. With that fixed, linux now uses PE
|
||||||
|
config address returned by ibm,get-config-addr-info2 RTAS call to enable
|
||||||
|
EEH option per-PE basis instead of per-device basis. However this has
|
||||||
|
uncovered a bug in qemu where ibm,set-eeh-option is treating PE config
|
||||||
|
address as per-device config address.
|
||||||
|
|
||||||
|
Hence in qemu guest with recent kernel the ibm,set-eeh-option RTAS call
|
||||||
|
fails with -3 return value indicating that there is no PCI device exist for
|
||||||
|
the specified PE config address. The rtas_ibm_set_eeh_option call uses
|
||||||
|
pci_find_device() to get the PC device that matches specific bus and devfn
|
||||||
|
extracted from PE config address passed as argument. Thus it tries to map
|
||||||
|
the PE config address to a single specific PCI device 'bus->devices[devfn]'
|
||||||
|
which always results into checking device on slot 0 'bus->devices[0]'.
|
||||||
|
This succeeds when there is a pass-through device (vfio-pci) present on
|
||||||
|
slot 0. But in cases where there is no pass-through device present in slot
|
||||||
|
0, but present in non-zero slots, ibm,set-eeh-option call fails to enable
|
||||||
|
the EEH capability.
|
||||||
|
|
||||||
|
hw/ppc/spapr_pci_vfio.c: spapr_phb_vfio_eeh_set_option()
|
||||||
|
case RTAS_EEH_ENABLE: {
|
||||||
|
PCIHostState *phb;
|
||||||
|
PCIDevice *pdev;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The EEH functionality is enabled on basis of PCI device,
|
||||||
|
* instead of PE. We need check the validity of the PCI
|
||||||
|
* device address.
|
||||||
|
*/
|
||||||
|
phb = PCI_HOST_BRIDGE(sphb);
|
||||||
|
pdev = pci_find_device(phb->bus,
|
||||||
|
(addr >> 16) & 0xFF, (addr >> 8) & 0xFF);
|
||||||
|
if (!pdev || !object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
|
||||||
|
return RTAS_OUT_PARAM_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
hw/pci/pci.c:pci_find_device()
|
||||||
|
|
||||||
|
PCIDevice *pci_find_device(PCIBus *bus, int bus_num, uint8_t devfn)
|
||||||
|
{
|
||||||
|
bus = pci_find_bus_nr(bus, bus_num);
|
||||||
|
|
||||||
|
if (!bus)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
return bus->devices[devfn];
|
||||||
|
}
|
||||||
|
|
||||||
|
This patch fixes ibm,set-eeh-option to check for presence of any PCI device
|
||||||
|
(vfio-pci) under specified bus and enable the EEH if found. The current
|
||||||
|
code already makes sure that all the devices on that bus are from same
|
||||||
|
iommu group (within same PE) and fail very early if it does not.
|
||||||
|
|
||||||
|
After this fix guest is able to find EEH capable devices and enable EEH
|
||||||
|
recovery on it.
|
||||||
|
|
||||||
|
[root@atest-guest ~]# dmesg | grep EEH
|
||||||
|
[ 0.048139] EEH: pSeries platform initialized
|
||||||
|
[ 0.405115] EEH: Capable adapter found: recovery enabled.
|
||||||
|
[root@atest-guest ~]#
|
||||||
|
|
||||||
|
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
|
||||||
|
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
|
||||||
|
Message-Id: <162158429107.145117.5843504911924013125.stgit@jupiter>
|
||||||
|
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
(cherry picked from commit ac9ef668321ebb6eb871a0c4dd380fa7d7891b4e)
|
||||||
|
Signed-off-by: Daniel Henrique Barboza <dbarboza@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/ppc/spapr_pci_vfio.c | 40 +++++++++++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 33 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
|
||||||
|
index ecb34aaade..a411b08d60 100644
|
||||||
|
--- a/hw/ppc/spapr_pci_vfio.c
|
||||||
|
+++ b/hw/ppc/spapr_pci_vfio.c
|
||||||
|
@@ -48,6 +48,16 @@ void spapr_phb_vfio_reset(DeviceState *qdev)
|
||||||
|
spapr_phb_vfio_eeh_reenable(SPAPR_PCI_HOST_BRIDGE(qdev));
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void spapr_eeh_pci_find_device(PCIBus *bus, PCIDevice *pdev,
|
||||||
|
+ void *opaque)
|
||||||
|
+{
|
||||||
|
+ bool *found = opaque;
|
||||||
|
+
|
||||||
|
+ if (object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
|
||||||
|
+ *found = true;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int spapr_phb_vfio_eeh_set_option(SpaprPhbState *sphb,
|
||||||
|
unsigned int addr, int option)
|
||||||
|
{
|
||||||
|
@@ -60,17 +70,33 @@ int spapr_phb_vfio_eeh_set_option(SpaprPhbState *sphb,
|
||||||
|
break;
|
||||||
|
case RTAS_EEH_ENABLE: {
|
||||||
|
PCIHostState *phb;
|
||||||
|
- PCIDevice *pdev;
|
||||||
|
+ bool found = false;
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * The EEH functionality is enabled on basis of PCI device,
|
||||||
|
- * instead of PE. We need check the validity of the PCI
|
||||||
|
- * device address.
|
||||||
|
+ * The EEH functionality is enabled per sphb level instead of
|
||||||
|
+ * per PCI device. We have already identified this specific sphb
|
||||||
|
+ * based on buid passed as argument to ibm,set-eeh-option rtas
|
||||||
|
+ * call. Now we just need to check the validity of the PCI
|
||||||
|
+ * pass-through devices (vfio-pci) under this sphb bus.
|
||||||
|
+ * We have already validated that all the devices under this sphb
|
||||||
|
+ * are from same iommu group (within same PE) before comming here.
|
||||||
|
+ *
|
||||||
|
+ * Prior to linux commit 98ba956f6a389 ("powerpc/pseries/eeh:
|
||||||
|
+ * Rework device EEH PE determination") kernel would call
|
||||||
|
+ * eeh-set-option for each device in the PE using the device's
|
||||||
|
+ * config_address as the argument rather than the PE address.
|
||||||
|
+ * Hence if we check validity of supplied config_addr whether
|
||||||
|
+ * it matches to this PHB will cause issues with older kernel
|
||||||
|
+ * versions v5.9 and older. If we return an error from
|
||||||
|
+ * eeh-set-option when the argument isn't a valid PE address
|
||||||
|
+ * then older kernels (v5.9 and older) will interpret that as
|
||||||
|
+ * EEH not being supported.
|
||||||
|
*/
|
||||||
|
phb = PCI_HOST_BRIDGE(sphb);
|
||||||
|
- pdev = pci_find_device(phb->bus,
|
||||||
|
- (addr >> 16) & 0xFF, (addr >> 8) & 0xFF);
|
||||||
|
- if (!pdev || !object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
|
||||||
|
+ pci_for_each_device(phb->bus, (addr >> 16) & 0xFF,
|
||||||
|
+ spapr_eeh_pci_find_device, &found);
|
||||||
|
+
|
||||||
|
+ if (!found) {
|
||||||
|
return RTAS_OUT_PARAM_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,50 @@
|
|||||||
|
From b46fdf56b1a7938468565838bdadf260870e4f9b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Date: Wed, 9 Jun 2021 10:05:00 -0400
|
||||||
|
Subject: [PATCH 3/4] spapr: Remove stale comment about power-saving LPCR bits
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Message-id: <20210609100501.427096-2-lvivier@redhat.com>
|
||||||
|
Patchwork-id: 101682
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/2] spapr: Remove stale comment about power-saving LPCR bits
|
||||||
|
Bugzilla: 1969768
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: David Gibson <dgibson@redhat.com>
|
||||||
|
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||||
|
|
||||||
|
From: Nicholas Piggin <npiggin@gmail.com>
|
||||||
|
|
||||||
|
Commit 47a9b551547 ("spapr: Clean up handling of LPCR power-saving exit
|
||||||
|
bits") moved this logic but did not remove the comment from the
|
||||||
|
previous location.
|
||||||
|
|
||||||
|
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
|
||||||
|
Message-Id: <20210526091626.3388262-2-npiggin@gmail.com>
|
||||||
|
Reviewed-by: Cédric Le Goater <clg@kaod.org>
|
||||||
|
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||||
|
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
(cherry picked from commit 7be3bf6c8429969f97728bb712d9a99997835607)
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/ppc/spapr_rtas.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
|
||||||
|
index 8d8d8cdfcb..295eac986e 100644
|
||||||
|
--- a/hw/ppc/spapr_rtas.c
|
||||||
|
+++ b/hw/ppc/spapr_rtas.c
|
||||||
|
@@ -163,7 +163,6 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||||
|
|
||||||
|
env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
|
||||||
|
|
||||||
|
- /* Enable Power-saving mode Exit Cause exceptions for the new CPU */
|
||||||
|
lpcr = env->spr[SPR_LPCR];
|
||||||
|
if (!pcc->interrupts_big_endian(callcpu)) {
|
||||||
|
lpcr |= LPCR_ILE;
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,89 @@
|
|||||||
|
From 28794dca79a94d01c8732b84fe6ac6ba2986ce45 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Date: Wed, 9 Jun 2021 10:05:01 -0400
|
||||||
|
Subject: [PATCH 4/4] spapr: Set LPCR to current AIL mode when starting a new
|
||||||
|
CPU
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Message-id: <20210609100501.427096-3-lvivier@redhat.com>
|
||||||
|
Patchwork-id: 101683
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/2] spapr: Set LPCR to current AIL mode when starting a new CPU
|
||||||
|
Bugzilla: 1969768
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: David Gibson <dgibson@redhat.com>
|
||||||
|
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||||
|
|
||||||
|
From: Nicholas Piggin <npiggin@gmail.com>
|
||||||
|
|
||||||
|
TCG does not keep track of AIL mode in a central place, it's based on
|
||||||
|
the current LPCR[AIL] bits. Synchronize the new CPU's LPCR to the
|
||||||
|
current LPCR in rtas_start_cpu(), similarly to the way the ILE bit is
|
||||||
|
synchronized.
|
||||||
|
|
||||||
|
Open-code the ILE setting as well now that the caller's LPCR is
|
||||||
|
available directly, there is no need for the indirection.
|
||||||
|
|
||||||
|
Without this, under both TCG and KVM, adding a POWER8/9/10 class CPU
|
||||||
|
with a new core ID after a modern Linux has booted results in the new
|
||||||
|
CPU's LPCR missing the LPCR[AIL]=0b11 setting that the other CPUs have.
|
||||||
|
This can cause crashes and unexpected behaviour.
|
||||||
|
|
||||||
|
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
|
||||||
|
Message-Id: <20210526091626.3388262-3-npiggin@gmail.com>
|
||||||
|
Reviewed-by: Cédric Le Goater <clg@kaod.org>
|
||||||
|
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||||
|
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
(cherry picked from commit ac559ecbea2649819e7b3fdd09f4e0243e0128db)
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/ppc/spapr_rtas.c | 14 +++++++++-----
|
||||||
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
|
||||||
|
index 295eac986e..5acb7c1f10 100644
|
||||||
|
--- a/hw/ppc/spapr_rtas.c
|
||||||
|
+++ b/hw/ppc/spapr_rtas.c
|
||||||
|
@@ -132,8 +132,8 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||||
|
target_ulong id, start, r3;
|
||||||
|
PowerPCCPU *newcpu;
|
||||||
|
CPUPPCState *env;
|
||||||
|
- PowerPCCPUClass *pcc;
|
||||||
|
target_ulong lpcr;
|
||||||
|
+ target_ulong caller_lpcr;
|
||||||
|
|
||||||
|
if (nargs != 3 || nret != 1) {
|
||||||
|
rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
|
||||||
|
@@ -152,7 +152,6 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||||
|
}
|
||||||
|
|
||||||
|
env = &newcpu->env;
|
||||||
|
- pcc = POWERPC_CPU_GET_CLASS(newcpu);
|
||||||
|
|
||||||
|
if (!CPU(newcpu)->halted) {
|
||||||
|
rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
|
||||||
|
@@ -163,10 +162,15 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||||
|
|
||||||
|
env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
|
||||||
|
|
||||||
|
+ caller_lpcr = callcpu->env.spr[SPR_LPCR];
|
||||||
|
lpcr = env->spr[SPR_LPCR];
|
||||||
|
- if (!pcc->interrupts_big_endian(callcpu)) {
|
||||||
|
- lpcr |= LPCR_ILE;
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
+ /* Set ILE the same way */
|
||||||
|
+ lpcr = (lpcr & ~LPCR_ILE) | (caller_lpcr & LPCR_ILE);
|
||||||
|
+
|
||||||
|
+ /* Set AIL the same way */
|
||||||
|
+ lpcr = (lpcr & ~LPCR_AIL) | (caller_lpcr & LPCR_AIL);
|
||||||
|
+
|
||||||
|
if (env->mmu_model == POWERPC_MMU_3_00) {
|
||||||
|
/*
|
||||||
|
* New cpus are expected to start in the same radix/hash mode
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 1a56df13e6a033548b22489d3b148009c8f80718 Mon Sep 17 00:00:00 2001
|
From 07df0f52c26a3819bc02b4f2970b6735bcf15c5b Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:42 -0400
|
Date: Tue, 29 Jun 2021 03:42:42 -0400
|
||||||
Subject: [PATCH 4/9] sungem: switch to use qemu_receive_packet() for loopback
|
Subject: [PATCH 4/9] sungem: switch to use qemu_receive_packet() for loopback
|
||||||
|
53
SOURCES/kvm-tftp-check-tftp_input-buffer-size.patch
Normal file
53
SOURCES/kvm-tftp-check-tftp_input-buffer-size.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From 6bd4d80f9274f76eb402ce85aa60729150b39980 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:34 -0400
|
||||||
|
Subject: [PATCH 09/14] tftp: check tftp_input buffer size
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-6-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101823
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 5/8] tftp: check tftp_input buffer size
|
||||||
|
Bugzilla: 1970843
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Fixes: CVE-2021-3595
|
||||||
|
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1970843
|
||||||
|
|
||||||
|
(cherry picked from commit 3f17948137155f025f7809fdc38576d5d2451c3d)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/tftp.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c
|
||||||
|
index 093c2e06a3..07e8f3cb2f 100644
|
||||||
|
--- a/slirp/src/tftp.c
|
||||||
|
+++ b/slirp/src/tftp.c
|
||||||
|
@@ -444,7 +444,11 @@ static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
|
||||||
|
void tftp_input(struct sockaddr_storage *srcsas, struct mbuf *m)
|
||||||
|
{
|
||||||
|
- struct tftp_t *tp = (struct tftp_t *)m->m_data;
|
||||||
|
+ struct tftp_t *tp = mtod_check(m, offsetof(struct tftp_t, x.tp_buf));
|
||||||
|
+
|
||||||
|
+ if (tp == NULL) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
switch (ntohs(tp->tp_op)) {
|
||||||
|
case TFTP_RRQ:
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
263
SOURCES/kvm-tftp-introduce-a-header-structure.patch
Normal file
263
SOURCES/kvm-tftp-introduce-a-header-structure.patch
Normal file
@ -0,0 +1,263 @@
|
|||||||
|
From af72e344459614fcf2746739f05494ef7e691a78 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:36 -0400
|
||||||
|
Subject: [PATCH 10/14] tftp: introduce a header structure
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-7-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101825
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 6/8] tftp: introduce a header structure
|
||||||
|
Bugzilla: 1970819 1970835 1970843 1970853
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Instead of using a composed structure and potentially reading past the
|
||||||
|
incoming buffer, use a different structure for the header.
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
(cherry picked from commit 990163cf3ac86b7875559f49602c4d76f46f6f30)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/tftp.c | 58 +++++++++++++++++++++++++-----------------------
|
||||||
|
slirp/src/tftp.h | 6 ++++-
|
||||||
|
2 files changed, 35 insertions(+), 29 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c
|
||||||
|
index 07e8f3cb2f..53e04d0aeb 100644
|
||||||
|
--- a/slirp/src/tftp.c
|
||||||
|
+++ b/slirp/src/tftp.c
|
||||||
|
@@ -50,7 +50,7 @@ static void tftp_session_terminate(struct tftp_session *spt)
|
||||||
|
}
|
||||||
|
|
||||||
|
static int tftp_session_allocate(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
- struct tftp_t *tp)
|
||||||
|
+ struct tftphdr *hdr)
|
||||||
|
{
|
||||||
|
struct tftp_session *spt;
|
||||||
|
int k;
|
||||||
|
@@ -75,7 +75,7 @@ found:
|
||||||
|
memcpy(&spt->client_addr, srcsas, sockaddr_size(srcsas));
|
||||||
|
spt->fd = -1;
|
||||||
|
spt->block_size = 512;
|
||||||
|
- spt->client_port = tp->udp.uh_sport;
|
||||||
|
+ spt->client_port = hdr->udp.uh_sport;
|
||||||
|
spt->slirp = slirp;
|
||||||
|
|
||||||
|
tftp_session_update(spt);
|
||||||
|
@@ -84,7 +84,7 @@ found:
|
||||||
|
}
|
||||||
|
|
||||||
|
static int tftp_session_find(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
- struct tftp_t *tp)
|
||||||
|
+ struct tftphdr *hdr)
|
||||||
|
{
|
||||||
|
struct tftp_session *spt;
|
||||||
|
int k;
|
||||||
|
@@ -94,7 +94,7 @@ static int tftp_session_find(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
|
||||||
|
if (tftp_session_in_use(spt)) {
|
||||||
|
if (sockaddr_equal(&spt->client_addr, srcsas)) {
|
||||||
|
- if (spt->client_port == tp->udp.uh_sport) {
|
||||||
|
+ if (spt->client_port == hdr->udp.uh_sport) {
|
||||||
|
return k;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -146,13 +146,13 @@ static struct tftp_t *tftp_prep_mbuf_data(struct tftp_session *spt,
|
||||||
|
}
|
||||||
|
|
||||||
|
static void tftp_udp_output(struct tftp_session *spt, struct mbuf *m,
|
||||||
|
- struct tftp_t *recv_tp)
|
||||||
|
+ struct tftphdr *hdr)
|
||||||
|
{
|
||||||
|
if (spt->client_addr.ss_family == AF_INET6) {
|
||||||
|
struct sockaddr_in6 sa6, da6;
|
||||||
|
|
||||||
|
sa6.sin6_addr = spt->slirp->vhost_addr6;
|
||||||
|
- sa6.sin6_port = recv_tp->udp.uh_dport;
|
||||||
|
+ sa6.sin6_port = hdr->udp.uh_dport;
|
||||||
|
da6.sin6_addr = ((struct sockaddr_in6 *)&spt->client_addr)->sin6_addr;
|
||||||
|
da6.sin6_port = spt->client_port;
|
||||||
|
|
||||||
|
@@ -161,7 +161,7 @@ static void tftp_udp_output(struct tftp_session *spt, struct mbuf *m,
|
||||||
|
struct sockaddr_in sa4, da4;
|
||||||
|
|
||||||
|
sa4.sin_addr = spt->slirp->vhost_addr;
|
||||||
|
- sa4.sin_port = recv_tp->udp.uh_dport;
|
||||||
|
+ sa4.sin_port = hdr->udp.uh_dport;
|
||||||
|
da4.sin_addr = ((struct sockaddr_in *)&spt->client_addr)->sin_addr;
|
||||||
|
da4.sin_port = spt->client_port;
|
||||||
|
|
||||||
|
@@ -183,7 +183,7 @@ static int tftp_send_oack(struct tftp_session *spt, const char *keys[],
|
||||||
|
|
||||||
|
tp = tftp_prep_mbuf_data(spt, m);
|
||||||
|
|
||||||
|
- tp->tp_op = htons(TFTP_OACK);
|
||||||
|
+ tp->hdr.tp_op = htons(TFTP_OACK);
|
||||||
|
for (i = 0; i < nb; i++) {
|
||||||
|
n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s",
|
||||||
|
keys[i]) +
|
||||||
|
@@ -195,7 +195,7 @@ static int tftp_send_oack(struct tftp_session *spt, const char *keys[],
|
||||||
|
|
||||||
|
m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX + 2) + n -
|
||||||
|
sizeof(struct udphdr);
|
||||||
|
- tftp_udp_output(spt, m, recv_tp);
|
||||||
|
+ tftp_udp_output(spt, m, &recv_tp->hdr);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -216,21 +216,21 @@ static void tftp_send_error(struct tftp_session *spt, uint16_t errorcode,
|
||||||
|
|
||||||
|
tp = tftp_prep_mbuf_data(spt, m);
|
||||||
|
|
||||||
|
- tp->tp_op = htons(TFTP_ERROR);
|
||||||
|
+ tp->hdr.tp_op = htons(TFTP_ERROR);
|
||||||
|
tp->x.tp_error.tp_error_code = htons(errorcode);
|
||||||
|
slirp_pstrcpy((char *)tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg),
|
||||||
|
msg);
|
||||||
|
|
||||||
|
m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX + 2) + 3 +
|
||||||
|
strlen(msg) - sizeof(struct udphdr);
|
||||||
|
- tftp_udp_output(spt, m, recv_tp);
|
||||||
|
+ tftp_udp_output(spt, m, &recv_tp->hdr);
|
||||||
|
|
||||||
|
out:
|
||||||
|
tftp_session_terminate(spt);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void tftp_send_next_block(struct tftp_session *spt,
|
||||||
|
- struct tftp_t *recv_tp)
|
||||||
|
+ struct tftphdr *hdr)
|
||||||
|
{
|
||||||
|
struct mbuf *m;
|
||||||
|
struct tftp_t *tp;
|
||||||
|
@@ -244,7 +244,7 @@ static void tftp_send_next_block(struct tftp_session *spt,
|
||||||
|
|
||||||
|
tp = tftp_prep_mbuf_data(spt, m);
|
||||||
|
|
||||||
|
- tp->tp_op = htons(TFTP_DATA);
|
||||||
|
+ tp->hdr.tp_op = htons(TFTP_DATA);
|
||||||
|
tp->x.tp_data.tp_block_nr = htons((spt->block_nr + 1) & 0xffff);
|
||||||
|
|
||||||
|
nobytes = tftp_read_data(spt, spt->block_nr, tp->x.tp_data.tp_buf,
|
||||||
|
@@ -262,7 +262,7 @@ static void tftp_send_next_block(struct tftp_session *spt,
|
||||||
|
|
||||||
|
m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX - nobytes) -
|
||||||
|
sizeof(struct udphdr);
|
||||||
|
- tftp_udp_output(spt, m, recv_tp);
|
||||||
|
+ tftp_udp_output(spt, m, hdr);
|
||||||
|
|
||||||
|
if (nobytes == spt->block_size) {
|
||||||
|
tftp_session_update(spt);
|
||||||
|
@@ -285,12 +285,12 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
int nb_options = 0;
|
||||||
|
|
||||||
|
/* check if a session already exists and if so terminate it */
|
||||||
|
- s = tftp_session_find(slirp, srcsas, tp);
|
||||||
|
+ s = tftp_session_find(slirp, srcsas, &tp->hdr);
|
||||||
|
if (s >= 0) {
|
||||||
|
tftp_session_terminate(&slirp->tftp_sessions[s]);
|
||||||
|
}
|
||||||
|
|
||||||
|
- s = tftp_session_allocate(slirp, srcsas, tp);
|
||||||
|
+ s = tftp_session_allocate(slirp, srcsas, &tp->hdr);
|
||||||
|
|
||||||
|
if (s < 0) {
|
||||||
|
return;
|
||||||
|
@@ -411,29 +411,29 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
}
|
||||||
|
|
||||||
|
spt->block_nr = 0;
|
||||||
|
- tftp_send_next_block(spt, tp);
|
||||||
|
+ tftp_send_next_block(spt, &tp->hdr);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void tftp_handle_ack(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
- struct tftp_t *tp, int pktlen)
|
||||||
|
+ struct tftphdr *hdr)
|
||||||
|
{
|
||||||
|
int s;
|
||||||
|
|
||||||
|
- s = tftp_session_find(slirp, srcsas, tp);
|
||||||
|
+ s = tftp_session_find(slirp, srcsas, hdr);
|
||||||
|
|
||||||
|
if (s < 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- tftp_send_next_block(&slirp->tftp_sessions[s], tp);
|
||||||
|
+ tftp_send_next_block(&slirp->tftp_sessions[s], hdr);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
- struct tftp_t *tp, int pktlen)
|
||||||
|
+ struct tftphdr *hdr)
|
||||||
|
{
|
||||||
|
int s;
|
||||||
|
|
||||||
|
- s = tftp_session_find(slirp, srcsas, tp);
|
||||||
|
+ s = tftp_session_find(slirp, srcsas, hdr);
|
||||||
|
|
||||||
|
if (s < 0) {
|
||||||
|
return;
|
||||||
|
@@ -444,23 +444,25 @@ static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
|
||||||
|
|
||||||
|
void tftp_input(struct sockaddr_storage *srcsas, struct mbuf *m)
|
||||||
|
{
|
||||||
|
- struct tftp_t *tp = mtod_check(m, offsetof(struct tftp_t, x.tp_buf));
|
||||||
|
+ struct tftphdr *hdr = mtod_check(m, sizeof(struct tftphdr));
|
||||||
|
|
||||||
|
- if (tp == NULL) {
|
||||||
|
+ if (hdr == NULL) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- switch (ntohs(tp->tp_op)) {
|
||||||
|
+ switch (ntohs(hdr->tp_op)) {
|
||||||
|
case TFTP_RRQ:
|
||||||
|
- tftp_handle_rrq(m->slirp, srcsas, tp, m->m_len);
|
||||||
|
+ tftp_handle_rrq(m->slirp, srcsas,
|
||||||
|
+ mtod(m, struct tftp_t *),
|
||||||
|
+ m->m_len);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case TFTP_ACK:
|
||||||
|
- tftp_handle_ack(m->slirp, srcsas, tp, m->m_len);
|
||||||
|
+ tftp_handle_ack(m->slirp, srcsas, hdr);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case TFTP_ERROR:
|
||||||
|
- tftp_handle_error(m->slirp, srcsas, tp, m->m_len);
|
||||||
|
+ tftp_handle_error(m->slirp, srcsas, hdr);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/slirp/src/tftp.h b/slirp/src/tftp.h
|
||||||
|
index c47bb43c7d..021f6cf109 100644
|
||||||
|
--- a/slirp/src/tftp.h
|
||||||
|
+++ b/slirp/src/tftp.h
|
||||||
|
@@ -18,9 +18,13 @@
|
||||||
|
#define TFTP_FILENAME_MAX 512
|
||||||
|
#define TFTP_BLOCKSIZE_MAX 1428
|
||||||
|
|
||||||
|
-struct tftp_t {
|
||||||
|
+struct tftphdr {
|
||||||
|
struct udphdr udp;
|
||||||
|
uint16_t tp_op;
|
||||||
|
+} SLIRP_PACKED;
|
||||||
|
+
|
||||||
|
+struct tftp_t {
|
||||||
|
+ struct tftphdr hdr;
|
||||||
|
union {
|
||||||
|
struct {
|
||||||
|
uint16_t tp_block_nr;
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 199915a03857c1e4e0a6ac90a46496b1a8abd702 Mon Sep 17 00:00:00 2001
|
From 87cacc268f37758553ad93fefa8b312ed0bd2520 Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Tue, 29 Jun 2021 03:42:43 -0400
|
Date: Tue, 29 Jun 2021 03:42:43 -0400
|
||||||
Subject: [PATCH 5/9] tx_pkt: switch to use qemu_receive_packet_iov() for
|
Subject: [PATCH 5/9] tx_pkt: switch to use qemu_receive_packet_iov() for
|
||||||
|
52
SOURCES/kvm-udp-check-upd_input-buffer-size.patch
Normal file
52
SOURCES/kvm-udp-check-upd_input-buffer-size.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From 1b8aa33b218a8ff3e8aa2f1b6875df40fd70f0ed Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:40 -0400
|
||||||
|
Subject: [PATCH 11/14] udp: check upd_input buffer size
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-8-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101826
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 7/8] udp: check upd_input buffer size
|
||||||
|
Bugzilla: 1970853
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Fixes: CVE-2021-3594
|
||||||
|
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1970853
|
||||||
|
|
||||||
|
(cherry picked from commit 74572be49247c8c5feae7c6e0b50c4f569ca9824)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/udp.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/udp.c b/slirp/src/udp.c
|
||||||
|
index ae23ba4b2a..86142bba14 100644
|
||||||
|
--- a/slirp/src/udp.c
|
||||||
|
+++ b/slirp/src/udp.c
|
||||||
|
@@ -90,7 +90,10 @@ void udp_input(register struct mbuf *m, int iphlen)
|
||||||
|
/*
|
||||||
|
* Get IP and UDP header together in first mbuf.
|
||||||
|
*/
|
||||||
|
- ip = mtod(m, struct ip *);
|
||||||
|
+ ip = mtod_check(m, iphlen + sizeof(struct udphdr));
|
||||||
|
+ if (ip == NULL) {
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
uh = (struct udphdr *)((char *)ip + iphlen);
|
||||||
|
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
52
SOURCES/kvm-upd6-check-udp6_input-buffer-size.patch
Normal file
52
SOURCES/kvm-upd6-check-udp6_input-buffer-size.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From 6808086932ddc83fd748c46fea495e7004299b55 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Thu, 29 Jul 2021 04:56:31 -0400
|
||||||
|
Subject: [PATCH 08/14] upd6: check udp6_input buffer size
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Message-id: <20210708082537.1550263-5-marcandre.lureau@redhat.com>
|
||||||
|
Patchwork-id: 101822
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 4/8] upd6: check udp6_input buffer size
|
||||||
|
Bugzilla: 1970835
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
Fixes: CVE-2021-3593
|
||||||
|
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1970835
|
||||||
|
|
||||||
|
(cherry picked from commit de71c15de66ba9350bf62c45b05f8fbff166517b)
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/udp6.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/udp6.c b/slirp/src/udp6.c
|
||||||
|
index 6f9486bbca..8c490e4d10 100644
|
||||||
|
--- a/slirp/src/udp6.c
|
||||||
|
+++ b/slirp/src/udp6.c
|
||||||
|
@@ -28,7 +28,10 @@ void udp6_input(struct mbuf *m)
|
||||||
|
ip = mtod(m, struct ip6 *);
|
||||||
|
m->m_len -= iphlen;
|
||||||
|
m->m_data += iphlen;
|
||||||
|
- uh = mtod(m, struct udphdr *);
|
||||||
|
+ uh = mtod_check(m, sizeof(struct udphdr));
|
||||||
|
+ if (uh == NULL) {
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
m->m_len += iphlen;
|
||||||
|
m->m_data -= iphlen;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
128
SOURCES/kvm-vfio-ccw-Connect-the-device-request-notifier.patch
Normal file
128
SOURCES/kvm-vfio-ccw-Connect-the-device-request-notifier.patch
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
From db6a782f8b9ba062f195ff504b4d2f93e471fecc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Huth <thuth@redhat.com>
|
||||||
|
Date: Tue, 11 May 2021 11:24:05 -0400
|
||||||
|
Subject: [PATCH 2/5] vfio-ccw: Connect the device request notifier
|
||||||
|
|
||||||
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||||
|
Message-id: <20210511112405.297037-3-thuth@redhat.com>
|
||||||
|
Patchwork-id: 101536
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/2] vfio-ccw: Connect the device request notifier
|
||||||
|
Bugzilla: 1940450
|
||||||
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||||
|
|
||||||
|
Now that the vfio-ccw code has a notifier interface to request that
|
||||||
|
a device be unplugged, let's wire that together.
|
||||||
|
|
||||||
|
Signed-off-by: Eric Farman <farman@linux.ibm.com>
|
||||||
|
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
Message-Id: <20210104202057.48048-4-farman@linux.ibm.com>
|
||||||
|
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
|
||||||
|
(cherry picked from commit b2f96f9e4f5fbc8f2770a436191cb328da4d5350)
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1940450
|
||||||
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/vfio/ccw.c | 40 ++++++++++++++++++++++++++++++++++++----
|
||||||
|
1 file changed, 36 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
|
||||||
|
index b72a505893..3d450fe1c9 100644
|
||||||
|
--- a/hw/vfio/ccw.c
|
||||||
|
+++ b/hw/vfio/ccw.c
|
||||||
|
@@ -49,6 +49,7 @@ struct VFIOCCWDevice {
|
||||||
|
struct ccw_crw_region *crw_region;
|
||||||
|
EventNotifier io_notifier;
|
||||||
|
EventNotifier crw_notifier;
|
||||||
|
+ EventNotifier req_notifier;
|
||||||
|
bool force_orb_pfch;
|
||||||
|
bool warned_orb_pfch;
|
||||||
|
};
|
||||||
|
@@ -287,6 +288,21 @@ static void vfio_ccw_crw_read(VFIOCCWDevice *vcdev)
|
||||||
|
} while (1);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void vfio_ccw_req_notifier_handler(void *opaque)
|
||||||
|
+{
|
||||||
|
+ VFIOCCWDevice *vcdev = opaque;
|
||||||
|
+ Error *err = NULL;
|
||||||
|
+
|
||||||
|
+ if (!event_notifier_test_and_clear(&vcdev->req_notifier)) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ qdev_unplug(DEVICE(vcdev), &err);
|
||||||
|
+ if (err) {
|
||||||
|
+ warn_reportf_err(err, VFIO_MSG_PREFIX, vcdev->vdev.name);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void vfio_ccw_crw_notifier_handler(void *opaque)
|
||||||
|
{
|
||||||
|
VFIOCCWDevice *vcdev = opaque;
|
||||||
|
@@ -386,6 +402,10 @@ static void vfio_ccw_register_irq_notifier(VFIOCCWDevice *vcdev,
|
||||||
|
notifier = &vcdev->crw_notifier;
|
||||||
|
fd_read = vfio_ccw_crw_notifier_handler;
|
||||||
|
break;
|
||||||
|
+ case VFIO_CCW_REQ_IRQ_INDEX:
|
||||||
|
+ notifier = &vcdev->req_notifier;
|
||||||
|
+ fd_read = vfio_ccw_req_notifier_handler;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
error_setg(errp, "vfio: Unsupported device irq(%d)", irq);
|
||||||
|
return;
|
||||||
|
@@ -440,6 +460,9 @@ static void vfio_ccw_unregister_irq_notifier(VFIOCCWDevice *vcdev,
|
||||||
|
case VFIO_CCW_CRW_IRQ_INDEX:
|
||||||
|
notifier = &vcdev->crw_notifier;
|
||||||
|
break;
|
||||||
|
+ case VFIO_CCW_REQ_IRQ_INDEX:
|
||||||
|
+ notifier = &vcdev->req_notifier;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
error_report("vfio: Unsupported device irq(%d)", irq);
|
||||||
|
return;
|
||||||
|
@@ -657,20 +680,28 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp)
|
||||||
|
|
||||||
|
vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX, &err);
|
||||||
|
if (err) {
|
||||||
|
- goto out_notifier_err;
|
||||||
|
+ goto out_io_notifier_err;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (vcdev->crw_region) {
|
||||||
|
vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX, &err);
|
||||||
|
if (err) {
|
||||||
|
- vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX);
|
||||||
|
- goto out_notifier_err;
|
||||||
|
+ goto out_crw_notifier_err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX, &err);
|
||||||
|
+ if (err) {
|
||||||
|
+ goto out_req_notifier_err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return;
|
||||||
|
|
||||||
|
-out_notifier_err:
|
||||||
|
+out_req_notifier_err:
|
||||||
|
+ vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX);
|
||||||
|
+out_crw_notifier_err:
|
||||||
|
+ vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX);
|
||||||
|
+out_io_notifier_err:
|
||||||
|
vfio_ccw_put_region(vcdev);
|
||||||
|
out_region_err:
|
||||||
|
vfio_ccw_put_device(vcdev);
|
||||||
|
@@ -692,6 +723,7 @@ static void vfio_ccw_unrealize(DeviceState *dev, Error **errp)
|
||||||
|
S390CCWDeviceClass *cdc = S390_CCW_DEVICE_GET_CLASS(cdev);
|
||||||
|
VFIOGroup *group = vcdev->vdev.group;
|
||||||
|
|
||||||
|
+ vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX);
|
||||||
|
vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX);
|
||||||
|
vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX);
|
||||||
|
vfio_ccw_put_region(vcdev);
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From 3ec945ba7c2649cca13cf6070c6365b1262ad1ec Mon Sep 17 00:00:00 2001
|
||||||
|
From: Max Reitz <mreitz@redhat.com>
|
||||||
|
Date: Fri, 6 Aug 2021 11:58:26 -0400
|
||||||
|
Subject: [PATCH 1/2] virtiofsd: Disable remote posix locks by default
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Max Reitz <mreitz@redhat.com>
|
||||||
|
Message-id: <20210806115827.740945-2-mreitz@redhat.com>
|
||||||
|
Patchwork-id: 101970
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/2] virtiofsd: Disable remote posix locks by default
|
||||||
|
Bugzilla: 1967496
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vivek Goyal <vgoyal@redhat.com>
|
||||||
|
|
||||||
|
From: Vivek Goyal <vgoyal@redhat.com>
|
||||||
|
|
||||||
|
Right now we enable remote posix locks by default. That means when guest
|
||||||
|
does a posix lock it sends request to server (virtiofsd). But currently
|
||||||
|
we only support non-blocking posix lock and return -EOPNOTSUPP for
|
||||||
|
blocking version.
|
||||||
|
|
||||||
|
This means that existing applications which are doing blocking posix
|
||||||
|
locks get -EOPNOTSUPP and fail. To avoid this, people have been
|
||||||
|
running virtiosd with option "-o no_posix_lock". For new users it
|
||||||
|
is still a surprise and trial and error takes them to this option.
|
||||||
|
|
||||||
|
Given posix lock implementation is not complete in virtiofsd, disable
|
||||||
|
it by default. This means that posix locks will work with-in applications
|
||||||
|
in a guest but not across guests. Anyway we don't support sharing
|
||||||
|
filesystem among different guests yet in virtiofs so this should
|
||||||
|
not lead to any kind of surprise or regression and will make life
|
||||||
|
little easier for virtiofs users.
|
||||||
|
|
||||||
|
Reported-by: Aa Aa <jimbothom@yandex.com>
|
||||||
|
Suggested-by: Miklos Szeredi <mszeredi@redhat.com>
|
||||||
|
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
|
||||||
|
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
|
||||||
|
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
(cherry picked from commit 88fc107956a5812649e5918e0c092d3f78bb28ad)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
docs/tools/virtiofsd.rst
|
||||||
|
We do not have virtiofsd.rst downstream (added upstream in
|
||||||
|
commit 6a7e2bbee5fa), so I dropped that hunk (which effectively
|
||||||
|
updated the default value in the man page).
|
||||||
|
|
||||||
|
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
tools/virtiofsd/passthrough_ll.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
|
||||||
|
index cb0992f2db..b47029da89 100644
|
||||||
|
--- a/tools/virtiofsd/passthrough_ll.c
|
||||||
|
+++ b/tools/virtiofsd/passthrough_ll.c
|
||||||
|
@@ -3001,7 +3001,7 @@ int main(int argc, char *argv[])
|
||||||
|
struct lo_data lo = {
|
||||||
|
.debug = 0,
|
||||||
|
.writeback = 0,
|
||||||
|
- .posix_lock = 1,
|
||||||
|
+ .posix_lock = 0,
|
||||||
|
.proc_self_fd = -1,
|
||||||
|
};
|
||||||
|
struct lo_map_elem *root_elem;
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,51 @@
|
|||||||
|
From 6abfb7b3c37015ff901d11f178bc6900deec2acf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Max Reitz <mreitz@redhat.com>
|
||||||
|
Date: Fri, 6 Aug 2021 11:58:27 -0400
|
||||||
|
Subject: [PATCH 2/2] virtiofsd: Fix the help message of posix lock
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Max Reitz <mreitz@redhat.com>
|
||||||
|
Message-id: <20210806115827.740945-3-mreitz@redhat.com>
|
||||||
|
Patchwork-id: 101969
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 2/2] virtiofsd: Fix the help message of posix lock
|
||||||
|
Bugzilla: 1967496
|
||||||
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vivek Goyal <vgoyal@redhat.com>
|
||||||
|
|
||||||
|
From: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
|
||||||
|
|
||||||
|
The commit 88fc107956a5812649e5918e0c092d3f78bb28ad disabled remote
|
||||||
|
posix locks by default. But the --help message still says it is enabled
|
||||||
|
by default. So fix it to output no_posix_lock.
|
||||||
|
|
||||||
|
Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
|
||||||
|
Message-Id: <20201027081558.29904-1-zhangjiachen.jaycee@bytedance.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
(cherry picked from commit 0429eaf518be1d4742356056e6c886b7f9bc9712)
|
||||||
|
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
tools/virtiofsd/helper.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tools/virtiofsd/helper.c b/tools/virtiofsd/helper.c
|
||||||
|
index 5b222ea49b..813d9490e5 100644
|
||||||
|
--- a/tools/virtiofsd/helper.c
|
||||||
|
+++ b/tools/virtiofsd/helper.c
|
||||||
|
@@ -163,7 +163,7 @@ void fuse_cmdline_help(void)
|
||||||
|
" default: false\n"
|
||||||
|
" -o posix_lock|no_posix_lock\n"
|
||||||
|
" enable/disable remote posix lock\n"
|
||||||
|
- " default: posix_lock\n"
|
||||||
|
+ " default: no_posix_lock\n"
|
||||||
|
" -o readdirplus|no_readdirplus\n"
|
||||||
|
" enable/disable readirplus\n"
|
||||||
|
" default: readdirplus except with "
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
79
SOURCES/kvm-virtiofsd-Whitelist-fchmod.patch
Normal file
79
SOURCES/kvm-virtiofsd-Whitelist-fchmod.patch
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
From 181ed1777c3dd50b1ff9907b0a4199e845af1270 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Max Reitz <mreitz@redhat.com>
|
||||||
|
Date: Fri, 18 Jun 2021 16:21:17 -0400
|
||||||
|
Subject: [PATCH 1/4] virtiofsd: Whitelist fchmod
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Max Reitz <mreitz@redhat.com>
|
||||||
|
Message-id: <20210618162117.97775-2-mreitz@redhat.com>
|
||||||
|
Patchwork-id: 101719
|
||||||
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] virtiofsd: Whitelist fchmod
|
||||||
|
Bugzilla: 1967914
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vivek Goyal <vgoyal@redhat.com>
|
||||||
|
RH-Acked-by: Connor Kuehl <ckuehl@redhat.com>
|
||||||
|
|
||||||
|
lo_setattr() invokes fchmod() in a rarely used code path, so it should
|
||||||
|
be whitelisted or virtiofsd will crash with EBADSYS.
|
||||||
|
|
||||||
|
Said code path can be triggered for example as follows:
|
||||||
|
|
||||||
|
On the host, in the shared directory, create a file with the sticky bit
|
||||||
|
set and a security.capability xattr:
|
||||||
|
(1) # touch foo
|
||||||
|
(2) # chmod u+s foo
|
||||||
|
(3) # setcap '' foo
|
||||||
|
|
||||||
|
Then in the guest let some process truncate that file after it has
|
||||||
|
dropped all of its capabilities (at least CAP_FSETID):
|
||||||
|
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
capng_setpid(getpid());
|
||||||
|
capng_clear(CAPNG_SELECT_BOTH);
|
||||||
|
capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE, 0);
|
||||||
|
capng_apply(CAPNG_SELECT_BOTH);
|
||||||
|
|
||||||
|
ftruncate(open(argv[1], O_RDWR), 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
This will cause the guest kernel to drop the sticky bit (i.e. perform a
|
||||||
|
mode change) as part of the truncate (where FATTR_FH is set), and that
|
||||||
|
will cause virtiofsd to invoke fchmod() instead of fchmodat().
|
||||||
|
|
||||||
|
(A similar configuration exists further below with futimens() vs.
|
||||||
|
utimensat(), but the former is not a syscall but just a wrapper for the
|
||||||
|
latter, so no further whitelisting is required.)
|
||||||
|
|
||||||
|
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1842667
|
||||||
|
Reported-by: Qian Cai <caiqian@redhat.com>
|
||||||
|
Cc: qemu-stable@nongnu.org
|
||||||
|
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
Message-Id: <20200608093111.14942-1-mreitz@redhat.com>
|
||||||
|
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
|
||||||
|
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||||
|
(cherry picked from commit 63659fe74e76f5c5285466f0c5cfbdca65b3688e)
|
||||||
|
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
tools/virtiofsd/seccomp.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/tools/virtiofsd/seccomp.c b/tools/virtiofsd/seccomp.c
|
||||||
|
index bd9e7b083c..3b1522acdd 100644
|
||||||
|
--- a/tools/virtiofsd/seccomp.c
|
||||||
|
+++ b/tools/virtiofsd/seccomp.c
|
||||||
|
@@ -42,6 +42,7 @@ static const int syscall_whitelist[] = {
|
||||||
|
SCMP_SYS(exit_group),
|
||||||
|
SCMP_SYS(fallocate),
|
||||||
|
SCMP_SYS(fchdir),
|
||||||
|
+ SCMP_SYS(fchmod),
|
||||||
|
SCMP_SYS(fchmodat),
|
||||||
|
SCMP_SYS(fchownat),
|
||||||
|
SCMP_SYS(fcntl),
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 33e907b7be4636a726d40a3d68cab24574bc597a Mon Sep 17 00:00:00 2001
|
From f38f51d422e82d1241b678960dd6a033ffa398da Mon Sep 17 00:00:00 2001
|
||||||
From: Jon Maloy <jmaloy@redhat.com>
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
Date: Wed, 21 Apr 2021 22:30:05 -0400
|
Date: Wed, 21 Apr 2021 22:30:05 -0400
|
||||||
Subject: [PATCH 6/8] xhci: fix valid.max_access_size to access address
|
Subject: [PATCH 6/7] xhci: fix valid.max_access_size to access address
|
||||||
registers
|
registers
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -11,7 +11,7 @@ RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|||||||
Message-id: <20210421223006.19650-6-jmaloy@redhat.com>
|
Message-id: <20210421223006.19650-6-jmaloy@redhat.com>
|
||||||
Patchwork-id: 101483
|
Patchwork-id: 101483
|
||||||
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 5/6] xhci: fix valid.max_access_size to access address registers
|
O-Subject: [RHEL-8.5.0 qemu-kvm PATCH v2 5/6] xhci: fix valid.max_access_size to access address registers
|
||||||
Bugzilla: 1944621
|
Bugzilla: 1842478
|
||||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
@ -61,13 +61,13 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
|
|||||||
|
|
||||||
# Macro to properly setup RHEL/RHEV conflict handling
|
# Macro to properly setup RHEL/RHEV conflict handling
|
||||||
%define rhev_ma_conflicts() \
|
%define rhev_ma_conflicts() \
|
||||||
Obsoletes: %1-ma \
|
Obsoletes: %1-ma <= %{epoch}:%{version}-%{release} \
|
||||||
Obsoletes: %1-rhev
|
Obsoletes: %1-rhev <= %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
Summary: QEMU is a machine emulator and virtualizer
|
Summary: QEMU is a machine emulator and virtualizer
|
||||||
Name: qemu-kvm
|
Name: qemu-kvm
|
||||||
Version: 4.2.0
|
Version: 4.2.0
|
||||||
Release: 48%{?dist}.3
|
Release: 59%{?dist}
|
||||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||||
Epoch: 15
|
Epoch: 15
|
||||||
License: GPLv2 and GPLv2+ and CC-BY
|
License: GPLv2 and GPLv2+ and CC-BY
|
||||||
@ -1130,46 +1130,124 @@ Patch489: kvm-x86-cpu-Populate-SVM-CPUID-feature-bits.patch
|
|||||||
Patch490: kvm-i386-Add-the-support-for-AMD-EPYC-3rd-generation-pro.patch
|
Patch490: kvm-i386-Add-the-support-for-AMD-EPYC-3rd-generation-pro.patch
|
||||||
# For bz#1917451 - CVE-2020-29443 virt:rhel/qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands [rhel-8.4.0]
|
# For bz#1917451 - CVE-2020-29443 virt:rhel/qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands [rhel-8.4.0]
|
||||||
Patch491: kvm-ide-atapi-check-logical-block-address-and-read-size-.patch
|
Patch491: kvm-ide-atapi-check-logical-block-address-and-read-size-.patch
|
||||||
# For bz#1939494 - CVE-2020-27617 virt:rhel/qemu-kvm: QEMU: net: an assert failure via eth_get_gso_type [rhel-8.4.0.z]
|
# For bz#1892350 - CVE-2020-27617 virt:rhel/qemu-kvm: QEMU: net: an assert failure via eth_get_gso_type [rhel-8.5.0]
|
||||||
Patch492: kvm-net-remove-an-assert-call-in-eth_get_gso_type.patch
|
Patch492: kvm-net-remove-an-assert-call-in-eth_get_gso_type.patch
|
||||||
# For bz#1944621 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z]
|
# For bz#1930092 - CVE-2021-20257 virt:rhel/qemu-kvm: QEMU: net: e1000: infinite loop while processing transmit descriptors [rhel-8.5.0]
|
||||||
Patch493: kvm-libqos-usb-hcd-ehci-use-32-bit-write-for-config-regi.patch
|
Patch493: kvm-e1000-fail-early-for-evil-descriptor.patch
|
||||||
# For bz#1944621 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z]
|
# For bz#1859175 - CVE-2020-15859 virt:rhel/qemu-kvm: QEMU: net: e1000e: use-after-free while sending packets [rhel-8]
|
||||||
Patch494: kvm-libqos-pci-pc-use-32-bit-write-for-EJ-register.patch
|
Patch494: kvm-net-forbid-the-reentrant-RX.patch
|
||||||
# For bz#1944621 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z]
|
# For bz#1855250 - qemu-img convert uses possibly slow pre-zeroing on block storage
|
||||||
Patch495: kvm-memory-Revert-memory-accept-mismatching-sizes-in-mem.patch
|
Patch495: kvm-qemu-img-convert-Don-t-pre-zero-images.patch
|
||||||
# For bz#1944621 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z]
|
# For bz#1932823 - after upgrade from 4.3 to 4.4 audio stops working in guests after couple of seconds
|
||||||
Patch496: kvm-acpi-accept-byte-and-word-access-to-core-ACPI-regist.patch
|
Patch496: kvm-audio-audio_generic_get_buffer_in-should-honor-size.patch
|
||||||
# For bz#1944621 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z]
|
# For bz#1925430 - CVE-2021-20221 virt:rhel/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-8.5.0]
|
||||||
Patch497: kvm-xhci-fix-valid.max_access_size-to-access-address-reg.patch
|
Patch497: kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch
|
||||||
# For bz#1944621 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z]
|
# For bz#1842478 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0]
|
||||||
Patch498: kvm-softmmu-memory-Log-invalid-memory-accesses.patch
|
Patch498: kvm-libqos-usb-hcd-ehci-use-32-bit-write-for-config-regi.patch
|
||||||
# For bz#1952986 - CVE-2021-20221 virt:rhel/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-8.4.0.z]
|
# For bz#1842478 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0]
|
||||||
Patch499: kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch
|
Patch499: kvm-libqos-pci-pc-use-32-bit-write-for-EJ-register.patch
|
||||||
# For bz#1975679 - RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) [rhel-8.4.0.z]
|
# For bz#1842478 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0]
|
||||||
Patch500: kvm-pc-bios-s390-ccw-fix-off-by-one-error.patch
|
Patch500: kvm-memory-Revert-memory-accept-mismatching-sizes-in-mem.patch
|
||||||
# For bz#1975679 - RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) [rhel-8.4.0.z]
|
# For bz#1842478 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0]
|
||||||
Patch501: kvm-pc-bios-s390-ccw-break-loop-if-a-null-block-number-i.patch
|
Patch501: kvm-acpi-accept-byte-and-word-access-to-core-ACPI-regist.patch
|
||||||
# For bz#1975679 - RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) [rhel-8.4.0.z]
|
# For bz#1842478 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0]
|
||||||
Patch502: kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch
|
Patch502: kvm-xhci-fix-valid.max_access_size-to-access-address-reg.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1842478 - CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0]
|
||||||
Patch503: kvm-net-introduce-qemu_receive_packet.patch
|
Patch503: kvm-softmmu-memory-Log-invalid-memory-accesses.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1940450 - RHEL8.5 - Mediated Device already in use by same domain we are booting (vfio-ccw/Multipath Testing) (kvm) - qemu-kvm part (also has kernel and libvirt parts)
|
||||||
Patch504: kvm-e1000-switch-to-use-qemu_receive_packet-for-loopback.patch
|
Patch504: kvm-linux-headers-Add-VFIO_CCW_REQ_IRQ_INDEX.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1940450 - RHEL8.5 - Mediated Device already in use by same domain we are booting (vfio-ccw/Multipath Testing) (kvm) - qemu-kvm part (also has kernel and libvirt parts)
|
||||||
Patch505: kvm-dp8393x-switch-to-use-qemu_receive_packet-for-loopba.patch
|
Patch505: kvm-vfio-ccw-Connect-the-device-request-notifier.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1942880 - RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm)
|
||||||
Patch506: kvm-sungem-switch-to-use-qemu_receive_packet-for-loopbac.patch
|
Patch506: kvm-pc-bios-s390-ccw-fix-off-by-one-error.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1942880 - RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm)
|
||||||
Patch507: kvm-tx_pkt-switch-to-use-qemu_receive_packet_iov-for-loo.patch
|
Patch507: kvm-pc-bios-s390-ccw-break-loop-if-a-null-block-number-i.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1942880 - RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm)
|
||||||
Patch508: kvm-rtl8139-switch-to-use-qemu_receive_packet-for-loopba.patch
|
Patch508: kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1877163 - [FJ 8.3 Bug] The progress bar of the "virt-clone --nonsparse" command shows the progress rate exceeding 100%.
|
||||||
Patch509: kvm-pcnet-switch-to-use-qemu_receive_packet-for-loopback.patch
|
Patch509: kvm-file-posix-Mitigate-file-fragmentation-with-extent-s.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1944861 - Qemu-img convert fails when source image is on gpfs
|
||||||
Patch510: kvm-cadence_gem-switch-to-use-qemu_receive_packet-for-lo.patch
|
Patch510: kvm-block-file-posix-Fix-problem-with-fallocate-PUNCH_HO.patch
|
||||||
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z]
|
# For bz#1969768 - [ppc64le] Hotplug vcpu device hit call trace:[qemu output] KVM: unknown exit, hardware reason 7fff9ce87ed8
|
||||||
Patch511: kvm-lan9118-switch-to-use-qemu_receive_packet-for-loopba.patch
|
Patch511: kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch
|
||||||
|
# For bz#1969768 - [ppc64le] Hotplug vcpu device hit call trace:[qemu output] KVM: unknown exit, hardware reason 7fff9ce87ed8
|
||||||
|
Patch512: kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch
|
||||||
|
# For bz#1967914 - [virtio-fs] virtiofsd quit when coping file to a folder in virtio-fs mounted volume(windows guest)
|
||||||
|
Patch513: kvm-virtiofsd-Whitelist-fchmod.patch
|
||||||
|
# For bz#1957866 - RHEL8.4 - EEH capability disabled on KVM guest and recovery of PCI passthru device fails(CX5 / mlx5_core) (qemu-kvm)
|
||||||
|
Patch514: kvm-spapr-Fix-EEH-capability-issue-on-KVM-guest-for-PCI-.patch
|
||||||
|
# For bz#1970912 - Deployment fails with "Invalid or missing agent token received"
|
||||||
|
Patch515: kvm-Compress-lines-for-immediate-return.patch
|
||||||
|
# For bz#1970912 - Deployment fails with "Invalid or missing agent token received"
|
||||||
|
Patch516: kvm-file-posix-Handle-EINVAL-fallocate-return-value.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch517: kvm-net-introduce-qemu_receive_packet.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch518: kvm-e1000-switch-to-use-qemu_receive_packet-for-loopback.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch519: kvm-dp8393x-switch-to-use-qemu_receive_packet-for-loopba.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch520: kvm-sungem-switch-to-use-qemu_receive_packet-for-loopbac.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch521: kvm-tx_pkt-switch-to-use-qemu_receive_packet_iov-for-loo.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch522: kvm-rtl8139-switch-to-use-qemu_receive_packet-for-loopba.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch523: kvm-pcnet-switch-to-use-qemu_receive_packet-for-loopback.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch524: kvm-cadence_gem-switch-to-use-qemu_receive_packet-for-lo.patch
|
||||||
|
# For bz#1932917 - CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow
|
||||||
|
Patch525: kvm-lan9118-switch-to-use-qemu_receive_packet-for-loopba.patch
|
||||||
|
# For bz#1967716 - RFE: rebuild guest agent to include public ssh injection api support
|
||||||
|
Patch526: kvm-glib-compat-add-g_unix_get_passwd_entry_qemu.patch
|
||||||
|
# For bz#1967716 - RFE: rebuild guest agent to include public ssh injection api support
|
||||||
|
Patch527: kvm-qga-add-ssh-add-remove-authorized-keys.patch
|
||||||
|
# For bz#1967716 - RFE: rebuild guest agent to include public ssh injection api support
|
||||||
|
Patch528: kvm-qga-add-reset-argument-to-ssh-add-authorized-keys.patch
|
||||||
|
# For bz#1967716 - RFE: rebuild guest agent to include public ssh injection api support
|
||||||
|
Patch529: kvm-qga-add-ssh-get-authorized-keys.patch
|
||||||
|
# For bz#1970819 - CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8]
|
||||||
|
# For bz#1970835 - CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8]
|
||||||
|
# For bz#1970843 - CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8]
|
||||||
|
# For bz#1970853 - CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8]
|
||||||
|
Patch530: kvm-Add-mtod_check.patch
|
||||||
|
# For bz#1970819 - CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8]
|
||||||
|
# For bz#1970835 - CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8]
|
||||||
|
# For bz#1970843 - CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8]
|
||||||
|
# For bz#1970853 - CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8]
|
||||||
|
Patch531: kvm-bootp-limit-vendor-specific-area-to-input-packet-mem.patch
|
||||||
|
# For bz#1970819 - CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8]
|
||||||
|
Patch532: kvm-bootp-check-bootp_input-buffer-size.patch
|
||||||
|
# For bz#1970835 - CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8]
|
||||||
|
Patch533: kvm-upd6-check-udp6_input-buffer-size.patch
|
||||||
|
# For bz#1970843 - CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8]
|
||||||
|
Patch534: kvm-tftp-check-tftp_input-buffer-size.patch
|
||||||
|
# For bz#1970819 - CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8]
|
||||||
|
# For bz#1970835 - CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8]
|
||||||
|
# For bz#1970843 - CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8]
|
||||||
|
# For bz#1970853 - CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8]
|
||||||
|
Patch535: kvm-tftp-introduce-a-header-structure.patch
|
||||||
|
# For bz#1970853 - CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8]
|
||||||
|
Patch536: kvm-udp-check-upd_input-buffer-size.patch
|
||||||
|
# For bz#1970819 - CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8]
|
||||||
|
# For bz#1970835 - CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8]
|
||||||
|
# For bz#1970843 - CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8]
|
||||||
|
# For bz#1970853 - CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8]
|
||||||
|
Patch537: kvm-Fix-DHCP-broken-in-libslirp-v4.6.0.patch
|
||||||
|
# For bz#1982134 - QEMU core dump while booting guest with a non-exist fd on tap
|
||||||
|
Patch538: kvm-net-check-if-the-file-descriptor-is-valid-before-usi.patch
|
||||||
|
# For bz#1982134 - QEMU core dump while booting guest with a non-exist fd on tap
|
||||||
|
Patch539: kvm-net-detect-errors-from-probing-vnet-hdr-flag-for-TAP.patch
|
||||||
|
# For bz#1969848 - qemu-img convert hangs on aarch64
|
||||||
|
Patch540: kvm-aio-wait-delegate-polling-of-main-AioContext-if-BQL-.patch
|
||||||
|
# For bz#1969848 - qemu-img convert hangs on aarch64
|
||||||
|
Patch541: kvm-async-use-explicit-memory-barriers.patch
|
||||||
|
# For bz#1967496 - [virtio-fs] nfs/xfstest generic/089 generic/478 generic/632 failed
|
||||||
|
Patch542: kvm-virtiofsd-Disable-remote-posix-locks-by-default.patch
|
||||||
|
# For bz#1967496 - [virtio-fs] nfs/xfstest generic/089 generic/478 generic/632 failed
|
||||||
|
Patch543: kvm-virtiofsd-Fix-the-help-message-of-posix-lock.patch
|
||||||
|
# For bz#1994041 - qemu-kvm scsi: change default passthrough timeout to non-infinite
|
||||||
|
Patch544: kvm-scsi-make-io_timeout-configurable.patch
|
||||||
|
|
||||||
BuildRequires: wget
|
BuildRequires: wget
|
||||||
BuildRequires: rpm-build
|
BuildRequires: rpm-build
|
||||||
@ -2118,7 +2196,52 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Jul 21 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-48.el8_4.3
|
* Fri Oct 01 2021 Jon Maloy <jmaloy@redhat.com> - 4.2.0-59
|
||||||
|
- kvm-scsi-make-io_timeout-configurable.patch [bz#1994041]
|
||||||
|
- Resolves: bz#1994041
|
||||||
|
(qemu-kvm scsi: change default passthrough timeout to non-infinite)
|
||||||
|
|
||||||
|
* Wed Aug 18 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-58.el8
|
||||||
|
- kvm-virtiofsd-Disable-remote-posix-locks-by-default.patch [bz#1967496]
|
||||||
|
- kvm-virtiofsd-Fix-the-help-message-of-posix-lock.patch [bz#1967496]
|
||||||
|
- Resolves: bz#1967496
|
||||||
|
([virtio-fs] nfs/xfstest generic/089 generic/478 generic/632 failed)
|
||||||
|
|
||||||
|
* Wed Aug 04 2021 Miroslav Rezanina <mrezanin@redhat.com> - 4.2.0-57
|
||||||
|
- kvm-aio-wait-delegate-polling-of-main-AioContext-if-BQL-.patch [bz#1969848]
|
||||||
|
- kvm-async-use-explicit-memory-barriers.patch [bz#1969848]
|
||||||
|
- Resolves: bz#1969848
|
||||||
|
(qemu-img convert hangs on aarch64)
|
||||||
|
|
||||||
|
* Thu Jul 29 2021 Miroslav Rezanina <mrezanin@redhat.com> - 4.2.0-56
|
||||||
|
- kvm-glib-compat-add-g_unix_get_passwd_entry_qemu.patch [bz#1967716]
|
||||||
|
- kvm-qga-add-ssh-add-remove-authorized-keys.patch [bz#1967716]
|
||||||
|
- kvm-qga-add-reset-argument-to-ssh-add-authorized-keys.patch [bz#1967716]
|
||||||
|
- kvm-qga-add-ssh-get-authorized-keys.patch [bz#1967716]
|
||||||
|
- kvm-Add-mtod_check.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
|
||||||
|
- kvm-bootp-limit-vendor-specific-area-to-input-packet-mem.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
|
||||||
|
- kvm-bootp-check-bootp_input-buffer-size.patch [bz#1970819]
|
||||||
|
- kvm-upd6-check-udp6_input-buffer-size.patch [bz#1970835]
|
||||||
|
- kvm-tftp-check-tftp_input-buffer-size.patch [bz#1970843]
|
||||||
|
- kvm-tftp-introduce-a-header-structure.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
|
||||||
|
- kvm-udp-check-upd_input-buffer-size.patch [bz#1970853]
|
||||||
|
- kvm-Fix-DHCP-broken-in-libslirp-v4.6.0.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
|
||||||
|
- kvm-net-check-if-the-file-descriptor-is-valid-before-usi.patch [bz#1982134]
|
||||||
|
- kvm-net-detect-errors-from-probing-vnet-hdr-flag-for-TAP.patch [bz#1982134]
|
||||||
|
- Resolves: bz#1967716
|
||||||
|
(RFE: rebuild guest agent to include public ssh injection api support)
|
||||||
|
- Resolves: bz#1970819
|
||||||
|
(CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8])
|
||||||
|
- Resolves: bz#1970835
|
||||||
|
(CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8])
|
||||||
|
- Resolves: bz#1970843
|
||||||
|
(CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8])
|
||||||
|
- Resolves: bz#1970853
|
||||||
|
(CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8])
|
||||||
|
- Resolves: bz#1982134
|
||||||
|
(QEMU core dump while booting guest with a non-exist fd on tap)
|
||||||
|
|
||||||
|
* Fri Jul 23 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-55.el8
|
||||||
- kvm-net-introduce-qemu_receive_packet.patch [bz#1932917]
|
- kvm-net-introduce-qemu_receive_packet.patch [bz#1932917]
|
||||||
- kvm-e1000-switch-to-use-qemu_receive_packet-for-loopback.patch [bz#1932917]
|
- kvm-e1000-switch-to-use-qemu_receive_packet-for-loopback.patch [bz#1932917]
|
||||||
- kvm-dp8393x-switch-to-use-qemu_receive_packet-for-loopba.patch [bz#1932917]
|
- kvm-dp8393x-switch-to-use-qemu_receive_packet-for-loopba.patch [bz#1932917]
|
||||||
@ -2129,30 +2252,77 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
|
|||||||
- kvm-cadence_gem-switch-to-use-qemu_receive_packet-for-lo.patch [bz#1932917]
|
- kvm-cadence_gem-switch-to-use-qemu_receive_packet-for-lo.patch [bz#1932917]
|
||||||
- kvm-lan9118-switch-to-use-qemu_receive_packet-for-loopba.patch [bz#1932917]
|
- kvm-lan9118-switch-to-use-qemu_receive_packet-for-loopba.patch [bz#1932917]
|
||||||
- Resolves: bz#1932917
|
- Resolves: bz#1932917
|
||||||
(CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow [rhel-8.4.z])
|
(CVE-2021-3416 virt:rhel/qemu-kvm: QEMU: net: infinite loop in loopback mode may lead to stack overflow)
|
||||||
|
|
||||||
* Tue Jul 06 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-48.el8_4.2
|
* Thu Jul 22 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-54.el8
|
||||||
- kvm-pc-bios-s390-ccw-fix-off-by-one-error.patch [bz#1975679]
|
- kvm-redhat-Fix-unversioned-Obsoletes-warning.patch [bz#1967329]
|
||||||
- kvm-pc-bios-s390-ccw-break-loop-if-a-null-block-number-i.patch [bz#1975679]
|
- Resolves: bz#1967329
|
||||||
- kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1975679]
|
(Make qemu-kvm use versioned obsoletes for qemu-kvm-ma and qemu-kvm-rhev)
|
||||||
- Resolves: bz#1975679
|
|
||||||
(RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) [rhel-8.4.0.z])
|
|
||||||
|
|
||||||
* Thu Jun 03 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-48.el8_4
|
* Fri Jul 02 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-53.el8
|
||||||
- kvm-net-remove-an-assert-call-in-eth_get_gso_type.patch [bz#1939494]
|
- kvm-virtiofsd-Whitelist-fchmod.patch [bz#1967914]
|
||||||
- kvm-libqos-usb-hcd-ehci-use-32-bit-write-for-config-regi.patch [bz#1944621]
|
- kvm-spapr-Fix-EEH-capability-issue-on-KVM-guest-for-PCI-.patch [bz#1957866]
|
||||||
- kvm-libqos-pci-pc-use-32-bit-write-for-EJ-register.patch [bz#1944621]
|
- kvm-Compress-lines-for-immediate-return.patch [bz#1970912]
|
||||||
- kvm-memory-Revert-memory-accept-mismatching-sizes-in-mem.patch [bz#1944621]
|
- kvm-file-posix-Handle-EINVAL-fallocate-return-value.patch [bz#1970912]
|
||||||
- kvm-acpi-accept-byte-and-word-access-to-core-ACPI-regist.patch [bz#1944621]
|
- Resolves: bz#1967914
|
||||||
- kvm-xhci-fix-valid.max_access_size-to-access-address-reg.patch [bz#1944621]
|
([virtio-fs] virtiofsd quit when coping file to a folder in virtio-fs mounted volume(windows guest))
|
||||||
- kvm-softmmu-memory-Log-invalid-memory-accesses.patch [bz#1944621]
|
- Resolves: bz#1957866
|
||||||
- kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch [bz#1952986]
|
(RHEL8.4 - EEH capability disabled on KVM guest and recovery of PCI passthru device fails(CX5 / mlx5_core) (qemu-kvm))
|
||||||
- Resolves: bz#1939494
|
- Resolves: bz#1970912
|
||||||
(CVE-2020-27617 virt:rhel/qemu-kvm: QEMU: net: an assert failure via eth_get_gso_type [rhel-8.4.0.z])
|
(Deployment fails with "Invalid or missing agent token received")
|
||||||
- Resolves: bz#1944621
|
|
||||||
(CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.4.0.z])
|
* Fri Jun 11 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-52.el8
|
||||||
- Resolves: bz#1952986
|
- kvm-file-posix-Mitigate-file-fragmentation-with-extent-s.patch [bz#1877163]
|
||||||
(CVE-2021-20221 virt:rhel/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-8.4.0.z])
|
- kvm-block-file-posix-Fix-problem-with-fallocate-PUNCH_HO.patch [bz#1944861]
|
||||||
|
- kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1969768]
|
||||||
|
- kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1969768]
|
||||||
|
- Resolves: bz#1877163
|
||||||
|
([FJ 8.3 Bug] The progress bar of the "virt-clone --nonsparse" command shows the progress rate exceeding 100%.)
|
||||||
|
- Resolves: bz#1944861
|
||||||
|
(Qemu-img convert fails when source image is on gpfs)
|
||||||
|
- Resolves: bz#1969768
|
||||||
|
([ppc64le] Hotplug vcpu device hit call trace:[qemu output] KVM: unknown exit, hardware reason 7fff9ce87ed8)
|
||||||
|
|
||||||
|
* Tue May 25 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-51.el8
|
||||||
|
- kvm-linux-headers-Add-VFIO_CCW_REQ_IRQ_INDEX.patch [bz#1940450]
|
||||||
|
- kvm-vfio-ccw-Connect-the-device-request-notifier.patch [bz#1940450]
|
||||||
|
- kvm-pc-bios-s390-ccw-fix-off-by-one-error.patch [bz#1942880]
|
||||||
|
- kvm-pc-bios-s390-ccw-break-loop-if-a-null-block-number-i.patch [bz#1942880]
|
||||||
|
- kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1942880]
|
||||||
|
- Resolves: bz#1940450
|
||||||
|
(RHEL8.5 - Mediated Device already in use by same domain we are booting (vfio-ccw/Multipath Testing) (kvm) - qemu-kvm part (also has kernel and libvirt parts))
|
||||||
|
- Resolves: bz#1942880
|
||||||
|
(RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm))
|
||||||
|
|
||||||
|
* Wed May 05 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-50.el8
|
||||||
|
- kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch [bz#1925430]
|
||||||
|
- kvm-libqos-usb-hcd-ehci-use-32-bit-write-for-config-regi.patch [bz#1842478]
|
||||||
|
- kvm-libqos-pci-pc-use-32-bit-write-for-EJ-register.patch [bz#1842478]
|
||||||
|
- kvm-memory-Revert-memory-accept-mismatching-sizes-in-mem.patch [bz#1842478]
|
||||||
|
- kvm-acpi-accept-byte-and-word-access-to-core-ACPI-regist.patch [bz#1842478]
|
||||||
|
- kvm-xhci-fix-valid.max_access_size-to-access-address-reg.patch [bz#1842478]
|
||||||
|
- kvm-softmmu-memory-Log-invalid-memory-accesses.patch [bz#1842478]
|
||||||
|
- Resolves: bz#1925430
|
||||||
|
(CVE-2021-20221 virt:rhel/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-8.5.0])
|
||||||
|
- Resolves: bz#1842478
|
||||||
|
(CVE-2020-13754 virt:rhel/qemu-kvm: QEMU: msix: OOB access during mmio operations may lead to DoS [rhel-8.5.0])
|
||||||
|
|
||||||
|
* Wed Apr 28 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-49.el8
|
||||||
|
- kvm-net-remove-an-assert-call-in-eth_get_gso_type.patch [bz#1892350]
|
||||||
|
- kvm-e1000-fail-early-for-evil-descriptor.patch [bz#1930092]
|
||||||
|
- kvm-net-forbid-the-reentrant-RX.patch [bz#1859175]
|
||||||
|
- kvm-qemu-img-convert-Don-t-pre-zero-images.patch [bz#1855250]
|
||||||
|
- kvm-audio-audio_generic_get_buffer_in-should-honor-size.patch [bz#1932823]
|
||||||
|
- Resolves: bz#1892350
|
||||||
|
(CVE-2020-27617 virt:rhel/qemu-kvm: QEMU: net: an assert failure via eth_get_gso_type [rhel-8.5.0])
|
||||||
|
- Resolves: bz#1930092
|
||||||
|
(CVE-2021-20257 virt:rhel/qemu-kvm: QEMU: net: e1000: infinite loop while processing transmit descriptors [rhel-8.5.0])
|
||||||
|
- Resolves: bz#1859175
|
||||||
|
(CVE-2020-15859 virt:rhel/qemu-kvm: QEMU: net: e1000e: use-after-free while sending packets [rhel-8])
|
||||||
|
- Resolves: bz#1855250
|
||||||
|
(qemu-img convert uses possibly slow pre-zeroing on block storage)
|
||||||
|
- Resolves: bz#1932823
|
||||||
|
(after upgrade from 4.3 to 4.4 audio stops working in guests after couple of seconds)
|
||||||
|
|
||||||
* Tue Mar 16 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-48.el8
|
* Tue Mar 16 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-48.el8
|
||||||
- kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917451]
|
- kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917451]
|
||||||
|
Loading…
Reference in New Issue
Block a user