From 330a18fc02223629b51e5f5ceca9c668d4bd5a78 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Mon, 7 Aug 2023 02:15:08 -0400 Subject: [PATCH] * Mon Aug 07 2023 Miroslav Rezanina - 8.0.0-11 - kvm-block-blkio-enable-the-completion-eventfd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch [bz#2225354 bz#2225439] - kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch [bz#2225354 bz#2225439] - kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch [bz#2225354 bz#2225439] - kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch [bz#2225354 bz#2225439] - kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch [bz#2229133] - kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch [bz#2229133] - kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch [bz#2229133] - kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch [bz#2214839] - kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch [bz#2214839] - kvm-i386-sev-Update-checks-and-information-related-to-re.patch [bz#2214839] - kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch [bz#2214839] - kvm-Provide-elf2dmp-binary-in-qemu-tools.patch [bz#2165917] - Resolves: bz#2225354 ([vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting) - Resolves: bz#2225439 ([vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa) - Resolves: bz#2229133 (Backport some virtio-iommu and smmu fixes) - Resolves: bz#2214839 ([AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes) - Resolves: bz#2165917 (qemu-kvm: contrib/elf2dmp: Windows Server 2022 support) --- ...o-do-not-use-open-flags-in-qemu_open.patch | 74 ++++++++ ...-blkio-enable-the-completion-eventfd.patch | 54 ++++++ ...-back-on-using-path-when-fd-setting-.patch | 67 +++++++ ...-blkio_connect-in-the-drivers-functi.patch | 151 ++++++++++++++++ ...y-blkio_connect-if-it-fails-using-fd.patch | 85 +++++++++ ...blkio_set_int-fd-to-check-fd-support.patch | 49 ++++++ ...mu-Handle-big-endian-hosts-correctly.patch | 166 ++++++++++++++++++ ...Fix-potential-OOB-access-in-virtio_i.patch | 62 +++++++ ...how-the-EBX-register-of-CPUID-0x8000.patch | 52 ++++++ ...checks-and-information-related-to-re.patch | 77 ++++++++ ...ange-the-reduced-phys-bits-value-fro.patch | 50 ++++++ ...Update-the-reduced-phys-bits-documen.patch | 60 +++++++ ...ndardize-granule-extraction-and-form.patch | 88 ++++++++++ qemu-kvm.spec | 62 ++++++- 14 files changed, 1095 insertions(+), 2 deletions(-) create mode 100644 kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch create mode 100644 kvm-block-blkio-enable-the-completion-eventfd.patch create mode 100644 kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch create mode 100644 kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch create mode 100644 kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch create mode 100644 kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch create mode 100644 kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch create mode 100644 kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch create mode 100644 kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch create mode 100644 kvm-i386-sev-Update-checks-and-information-related-to-re.patch create mode 100644 kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch create mode 100644 kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch create mode 100644 kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch diff --git a/kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch b/kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch new file mode 100644 index 0000000..caf6694 --- /dev/null +++ b/kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch @@ -0,0 +1,74 @@ +From b1f0546548e561856252c2bc610a8f4f8fcdf007 Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Wed, 26 Jul 2023 09:48:07 +0200 +Subject: [PATCH 02/14] block/blkio: do not use open flags in qemu_open() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefano Garzarella +RH-MergeRequest: 194: block/blkio: backport latest fixes for virtio-blk-* drivers +RH-Bugzilla: 2225354 2225439 +RH-Acked-by: Hanna Czenczek +RH-Acked-by: Alberto Faria +RH-Commit: [2/6] 1ccd0ef56182bb5e2374c3b5be98ee1ec05066d6 (sgarzarella/qemu-kvm-c-9-s) + +qemu_open() in blkio_virtio_blk_common_open() is used to open the +character device (e.g. /dev/vhost-vdpa-0 or /dev/vfio/vfio) or in +the future eventually the unix socket. + +In all these cases we cannot open the path in read-only mode, +when the `read-only` option of blockdev is on, because the exchange +of IOCTL commands for example will fail. + +In order to open the device read-only, we have to use the `read-only` +property of the libblkio driver as we already do in blkio_file_open(). + +Fixes: cad2ccc395 ("block/blkio: use qemu_open() to support fd passing for virtio-blk") +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2225439 +Reported-by: Qing Wang +Signed-off-by: Stefano Garzarella +Reviewed-by: Daniel P. Berrangé +Message-id: 20230726074807.14041-1-sgarzare@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit a5942c177b7bcc1357e496b7d68668befcfc2bb9) +Signed-off-by: Stefano Garzarella +--- + block/blkio.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/block/blkio.c b/block/blkio.c +index 3ea9841bd8..5a82c6cb1a 100644 +--- a/block/blkio.c ++++ b/block/blkio.c +@@ -685,15 +685,18 @@ static int blkio_virtio_blk_common_open(BlockDriverState *bs, + * layer through the "/dev/fdset/N" special path. + */ + if (fd_supported) { +- int open_flags; +- +- if (flags & BDRV_O_RDWR) { +- open_flags = O_RDWR; +- } else { +- open_flags = O_RDONLY; +- } +- +- fd = qemu_open(path, open_flags, errp); ++ /* ++ * `path` can contain the path of a character device ++ * (e.g. /dev/vhost-vdpa-0 or /dev/vfio/vfio) or a unix socket. ++ * ++ * So, we should always open it with O_RDWR flag, also if BDRV_O_RDWR ++ * is not set in the open flags, because the exchange of IOCTL commands ++ * for example will fail. ++ * ++ * In order to open the device read-only, we are using the `read-only` ++ * property of the libblkio driver in blkio_file_open(). ++ */ ++ fd = qemu_open(path, O_RDWR, errp); + if (fd < 0) { + return -EINVAL; + } +-- +2.39.3 + diff --git a/kvm-block-blkio-enable-the-completion-eventfd.patch b/kvm-block-blkio-enable-the-completion-eventfd.patch new file mode 100644 index 0000000..8a6f72b --- /dev/null +++ b/kvm-block-blkio-enable-the-completion-eventfd.patch @@ -0,0 +1,54 @@ +From ef99db21e9469f3fc946b7bf3edc1837d7b24e0b Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Tue, 25 Jul 2023 12:37:44 +0200 +Subject: [PATCH 01/14] block/blkio: enable the completion eventfd + +RH-Author: Stefano Garzarella +RH-MergeRequest: 194: block/blkio: backport latest fixes for virtio-blk-* drivers +RH-Bugzilla: 2225354 2225439 +RH-Acked-by: Hanna Czenczek +RH-Acked-by: Alberto Faria +RH-Commit: [1/6] d91b3a465942863550130105ae2f38f47a82a360 (sgarzarella/qemu-kvm-c-9-s) + +Until libblkio 1.3.0, virtio-blk drivers had completion eventfd +notifications enabled from the start, but from the next releases +this is no longer the case, so we have to explicitly enable them. + +In fact, the libblkio documentation says they could be disabled, +so we should always enable them at the start if we want to be +sure to get completion eventfd notifications: + + By default, the driver might not generate completion events for + requests so it is necessary to explicitly enable the completion + file descriptor before use: + + void blkioq_set_completion_fd_enabled(struct blkioq *q, bool enable); + +I discovered this while trying a development version of libblkio: +the guest kernel hangs during boot, while probing the device. + +Fixes: fd66dbd424f5 ("blkio: add libblkio block driver") +Signed-off-by: Stefano Garzarella +Message-id: 20230725103744.77343-1-sgarzare@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 9359c459889fce1804c4e1b2a2ff8f182b4a9ae8) +Signed-off-by: Stefano Garzarella +--- + block/blkio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/block/blkio.c b/block/blkio.c +index afcec359f2..3ea9841bd8 100644 +--- a/block/blkio.c ++++ b/block/blkio.c +@@ -844,6 +844,7 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, + QLIST_INIT(&s->bounce_bufs); + s->blkioq = blkio_get_queue(s->blkio, 0); + s->completion_fd = blkioq_get_completion_fd(s->blkioq); ++ blkioq_set_completion_fd_enabled(s->blkioq, true); + + blkio_attach_aio_context(bs, bdrv_get_aio_context(bs)); + return 0; +-- +2.39.3 + diff --git a/kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch b/kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch new file mode 100644 index 0000000..f4d6e3c --- /dev/null +++ b/kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch @@ -0,0 +1,67 @@ +From c1ce3ba81698b9d52ac9dff83c01ee8141ca403d Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Thu, 27 Jul 2023 18:10:19 +0200 +Subject: [PATCH 05/14] block/blkio: fall back on using `path` when `fd` + setting fails + +RH-Author: Stefano Garzarella +RH-MergeRequest: 194: block/blkio: backport latest fixes for virtio-blk-* drivers +RH-Bugzilla: 2225354 2225439 +RH-Acked-by: Hanna Czenczek +RH-Acked-by: Alberto Faria +RH-Commit: [5/6] c03cea95146a59b2830ffe2dd56ef77a6630ce3e (sgarzarella/qemu-kvm-c-9-s) + +qemu_open() fails if called with an unix domain socket in this way: + -blockdev node-name=drive0,driver=virtio-blk-vhost-user,path=vhost-user-blk.sock,cache.direct=on: Could not open 'vhost-user-blk.sock': No such device or address + +Since virtio-blk-vhost-user does not support fd passing, let`s always fall back +on using `path` if we fail the fd passing. + +Fixes: cad2ccc395 ("block/blkio: use qemu_open() to support fd passing for virtio-blk") +Reported-by: Qing Wang +Signed-off-by: Stefano Garzarella +Message-id: 20230727161020.84213-4-sgarzare@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 723bea27b127969931fa26bc0de79372a3d9e148) +Signed-off-by: Stefano Garzarella +--- + block/blkio.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/block/blkio.c b/block/blkio.c +index 93a8f8fc5c..eef80e9ce5 100644 +--- a/block/blkio.c ++++ b/block/blkio.c +@@ -710,19 +710,19 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options, + * In order to open the device read-only, we are using the `read-only` + * property of the libblkio driver in blkio_file_open(). + */ +- fd = qemu_open(path, O_RDWR, errp); ++ fd = qemu_open(path, O_RDWR, NULL); + if (fd < 0) { +- return -EINVAL; ++ fd_supported = false; ++ } else { ++ ret = blkio_set_int(s->blkio, "fd", fd); ++ if (ret < 0) { ++ fd_supported = false; ++ qemu_close(fd); ++ } + } ++ } + +- ret = blkio_set_int(s->blkio, "fd", fd); +- if (ret < 0) { +- error_setg_errno(errp, -ret, "failed to set fd: %s", +- blkio_get_error_msg()); +- qemu_close(fd); +- return ret; +- } +- } else { ++ if (!fd_supported) { + ret = blkio_set_str(s->blkio, "path", path); + if (ret < 0) { + error_setg_errno(errp, -ret, "failed to set path: %s", +-- +2.39.3 + diff --git a/kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch b/kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch new file mode 100644 index 0000000..e3ec1ee --- /dev/null +++ b/kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch @@ -0,0 +1,151 @@ +From 458c33c9f19ed01beeb9b2b494ce6ed10d2ed4ac Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Thu, 27 Jul 2023 18:10:17 +0200 +Subject: [PATCH 03/14] block/blkio: move blkio_connect() in the drivers + functions + +RH-Author: Stefano Garzarella +RH-MergeRequest: 194: block/blkio: backport latest fixes for virtio-blk-* drivers +RH-Bugzilla: 2225354 2225439 +RH-Acked-by: Hanna Czenczek +RH-Acked-by: Alberto Faria +RH-Commit: [3/6] c356108d7dfe1ba2098c094f8d12b6e40853560c (sgarzarella/qemu-kvm-c-9-s) + +This is in preparation for the next patch, where for virtio-blk +drivers we need to handle the failure of blkio_connect(). + +Let's also rename the *_open() functions to *_connect() to make +the code reflect the changes applied. + +Signed-off-by: Stefano Garzarella +Message-id: 20230727161020.84213-2-sgarzare@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 69785d66ae1ec43f77fc65109a21721992bead9f) +Signed-off-by: Stefano Garzarella +--- + block/blkio.c | 67 ++++++++++++++++++++++++++++++--------------------- + 1 file changed, 40 insertions(+), 27 deletions(-) + +diff --git a/block/blkio.c b/block/blkio.c +index 5a82c6cb1a..85d1eed5fb 100644 +--- a/block/blkio.c ++++ b/block/blkio.c +@@ -602,8 +602,8 @@ static void blkio_unregister_buf(BlockDriverState *bs, void *host, size_t size) + } + } + +-static int blkio_io_uring_open(BlockDriverState *bs, QDict *options, int flags, +- Error **errp) ++static int blkio_io_uring_connect(BlockDriverState *bs, QDict *options, ++ int flags, Error **errp) + { + const char *filename = qdict_get_str(options, "filename"); + BDRVBlkioState *s = bs->opaque; +@@ -626,11 +626,18 @@ static int blkio_io_uring_open(BlockDriverState *bs, QDict *options, int flags, + } + } + ++ ret = blkio_connect(s->blkio); ++ if (ret < 0) { ++ error_setg_errno(errp, -ret, "blkio_connect failed: %s", ++ blkio_get_error_msg()); ++ return ret; ++ } ++ + return 0; + } + +-static int blkio_nvme_io_uring(BlockDriverState *bs, QDict *options, int flags, +- Error **errp) ++static int blkio_nvme_io_uring_connect(BlockDriverState *bs, QDict *options, ++ int flags, Error **errp) + { + const char *path = qdict_get_try_str(options, "path"); + BDRVBlkioState *s = bs->opaque; +@@ -654,11 +661,18 @@ static int blkio_nvme_io_uring(BlockDriverState *bs, QDict *options, int flags, + return -EINVAL; + } + ++ ret = blkio_connect(s->blkio); ++ if (ret < 0) { ++ error_setg_errno(errp, -ret, "blkio_connect failed: %s", ++ blkio_get_error_msg()); ++ return ret; ++ } ++ + return 0; + } + +-static int blkio_virtio_blk_common_open(BlockDriverState *bs, +- QDict *options, int flags, Error **errp) ++static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options, ++ int flags, Error **errp) + { + const char *path = qdict_get_try_str(options, "path"); + BDRVBlkioState *s = bs->opaque; +@@ -717,6 +731,13 @@ static int blkio_virtio_blk_common_open(BlockDriverState *bs, + } + } + ++ ret = blkio_connect(s->blkio); ++ if (ret < 0) { ++ error_setg_errno(errp, -ret, "blkio_connect failed: %s", ++ blkio_get_error_msg()); ++ return ret; ++ } ++ + qdict_del(options, "path"); + + return 0; +@@ -736,24 +757,6 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, + return ret; + } + +- if (strcmp(blkio_driver, "io_uring") == 0) { +- ret = blkio_io_uring_open(bs, options, flags, errp); +- } else if (strcmp(blkio_driver, "nvme-io_uring") == 0) { +- ret = blkio_nvme_io_uring(bs, options, flags, errp); +- } else if (strcmp(blkio_driver, "virtio-blk-vfio-pci") == 0) { +- ret = blkio_virtio_blk_common_open(bs, options, flags, errp); +- } else if (strcmp(blkio_driver, "virtio-blk-vhost-user") == 0) { +- ret = blkio_virtio_blk_common_open(bs, options, flags, errp); +- } else if (strcmp(blkio_driver, "virtio-blk-vhost-vdpa") == 0) { +- ret = blkio_virtio_blk_common_open(bs, options, flags, errp); +- } else { +- g_assert_not_reached(); +- } +- if (ret < 0) { +- blkio_destroy(&s->blkio); +- return ret; +- } +- + if (!(flags & BDRV_O_RDWR)) { + ret = blkio_set_bool(s->blkio, "read-only", true); + if (ret < 0) { +@@ -764,10 +767,20 @@ static int blkio_file_open(BlockDriverState *bs, QDict *options, int flags, + } + } + +- ret = blkio_connect(s->blkio); ++ if (strcmp(blkio_driver, "io_uring") == 0) { ++ ret = blkio_io_uring_connect(bs, options, flags, errp); ++ } else if (strcmp(blkio_driver, "nvme-io_uring") == 0) { ++ ret = blkio_nvme_io_uring_connect(bs, options, flags, errp); ++ } else if (strcmp(blkio_driver, "virtio-blk-vfio-pci") == 0) { ++ ret = blkio_virtio_blk_connect(bs, options, flags, errp); ++ } else if (strcmp(blkio_driver, "virtio-blk-vhost-user") == 0) { ++ ret = blkio_virtio_blk_connect(bs, options, flags, errp); ++ } else if (strcmp(blkio_driver, "virtio-blk-vhost-vdpa") == 0) { ++ ret = blkio_virtio_blk_connect(bs, options, flags, errp); ++ } else { ++ g_assert_not_reached(); ++ } + if (ret < 0) { +- error_setg_errno(errp, -ret, "blkio_connect failed: %s", +- blkio_get_error_msg()); + blkio_destroy(&s->blkio); + return ret; + } +-- +2.39.3 + diff --git a/kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch b/kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch new file mode 100644 index 0000000..5ec9e0b --- /dev/null +++ b/kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch @@ -0,0 +1,85 @@ +From ece855a71d9234c58497f37cb5498f507742167d Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Thu, 27 Jul 2023 18:10:18 +0200 +Subject: [PATCH 04/14] block/blkio: retry blkio_connect() if it fails using + `fd` + +RH-Author: Stefano Garzarella +RH-MergeRequest: 194: block/blkio: backport latest fixes for virtio-blk-* drivers +RH-Bugzilla: 2225354 2225439 +RH-Acked-by: Hanna Czenczek +RH-Acked-by: Alberto Faria +RH-Commit: [4/6] 14ebc1f333617ce22c68693dec1c9a186d4f8a08 (sgarzarella/qemu-kvm-c-9-s) + +libblkio 1.3.0 added support of "fd" property for virtio-blk-vhost-vdpa +driver. In QEMU, starting from commit cad2ccc395 ("block/blkio: use +qemu_open() to support fd passing for virtio-blk") we are using +`blkio_get_int(..., "fd")` to check if the "fd" property is supported +for all the virtio-blk-* driver. + +Unfortunately that property is also available for those driver that do +not support it, such as virtio-blk-vhost-user. + +So, `blkio_get_int()` is not enough to check whether the driver supports +the `fd` property or not. This is because the virito-blk common libblkio +driver only checks whether or not `fd` is set during `blkio_connect()` +and fails with -EINVAL for those transports that do not support it +(all except vhost-vdpa for now). + +So let's handle the `blkio_connect()` failure, retrying it using `path` +directly. + +Fixes: cad2ccc395 ("block/blkio: use qemu_open() to support fd passing for virtio-blk") +Suggested-by: Stefan Hajnoczi +Signed-off-by: Stefano Garzarella +Message-id: 20230727161020.84213-3-sgarzare@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 809c319f8a089fbc49223dc29e1cc2b978beeada) +Signed-off-by: Stefano Garzarella +--- + block/blkio.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/block/blkio.c b/block/blkio.c +index 85d1eed5fb..93a8f8fc5c 100644 +--- a/block/blkio.c ++++ b/block/blkio.c +@@ -732,6 +732,35 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options, + } + + ret = blkio_connect(s->blkio); ++ /* ++ * If the libblkio driver doesn't support the `fd` property, blkio_connect() ++ * will fail with -EINVAL. So let's try calling blkio_connect() again by ++ * directly setting `path`. ++ */ ++ if (fd_supported && ret == -EINVAL) { ++ qemu_close(fd); ++ ++ /* ++ * We need to clear the `fd` property we set previously by setting ++ * it to -1. ++ */ ++ ret = blkio_set_int(s->blkio, "fd", -1); ++ if (ret < 0) { ++ error_setg_errno(errp, -ret, "failed to set fd: %s", ++ blkio_get_error_msg()); ++ return ret; ++ } ++ ++ ret = blkio_set_str(s->blkio, "path", path); ++ if (ret < 0) { ++ error_setg_errno(errp, -ret, "failed to set path: %s", ++ blkio_get_error_msg()); ++ return ret; ++ } ++ ++ ret = blkio_connect(s->blkio); ++ } ++ + if (ret < 0) { + error_setg_errno(errp, -ret, "blkio_connect failed: %s", + blkio_get_error_msg()); +-- +2.39.3 + diff --git a/kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch b/kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch new file mode 100644 index 0000000..c6e1cd8 --- /dev/null +++ b/kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch @@ -0,0 +1,49 @@ +From 2f4436e7cc2f63d198229dc8ba32783460c0b185 Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Thu, 27 Jul 2023 18:10:20 +0200 +Subject: [PATCH 06/14] block/blkio: use blkio_set_int("fd") to check fd + support + +RH-Author: Stefano Garzarella +RH-MergeRequest: 194: block/blkio: backport latest fixes for virtio-blk-* drivers +RH-Bugzilla: 2225354 2225439 +RH-Acked-by: Hanna Czenczek +RH-Acked-by: Alberto Faria +RH-Commit: [6/6] d57aafb2c3a8ed13aa3c6dcce5525a9cc8f5aa21 (sgarzarella/qemu-kvm-c-9-s) + +Setting the `fd` property fails with virtio-blk-* libblkio drivers +that do not support fd passing since +https://gitlab.com/libblkio/libblkio/-/merge_requests/208. + +Getting the `fd` property, on the other hand, always succeeds for +virtio-blk-* libblkio drivers even when they don't support fd passing. + +This patch switches to setting the `fd` property because it is a +better mechanism for probing fd passing support than getting the `fd` +property. + +Signed-off-by: Stefano Garzarella +Message-id: 20230727161020.84213-5-sgarzare@redhat.com +Signed-off-by: Stefan Hajnoczi +(cherry picked from commit 1c38fe69e2b8a05c1762b122292fa7e3662f06fd) +Signed-off-by: Stefano Garzarella +--- + block/blkio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/blkio.c b/block/blkio.c +index eef80e9ce5..8defbf744f 100644 +--- a/block/blkio.c ++++ b/block/blkio.c +@@ -689,7 +689,7 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options, + return -EINVAL; + } + +- if (blkio_get_int(s->blkio, "fd", &fd) == 0) { ++ if (blkio_set_int(s->blkio, "fd", -1) == 0) { + fd_supported = true; + } + +-- +2.39.3 + diff --git a/kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch b/kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch new file mode 100644 index 0000000..3bbe93f --- /dev/null +++ b/kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch @@ -0,0 +1,166 @@ +From a3412036477e8c91e0b71fcd91de4e24a9904077 Mon Sep 17 00:00:00 2001 +From: Peter Maydell +Date: Tue, 25 Jul 2023 10:56:51 +0100 +Subject: [PATCH 09/14] hw/arm/smmu: Handle big-endian hosts correctly +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eric Auger +RH-MergeRequest: 197: virtio-iommu/smmu: backport some late fixes +RH-Bugzilla: 2229133 +RH-Acked-by: Thomas Huth +RH-Acked-by: Peter Xu +RH-Commit: [3/3] df9c8d228b25273e0c4927a10b21e66fb4bef5f0 (eauger1/centos-qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2229133 + +The implementation of the SMMUv3 has multiple places where it reads a +data structure from the guest and directly operates on it without +doing a guest-to-host endianness conversion. Since all SMMU data +structures are little-endian, this means that the SMMU doesn't work +on a big-endian host. In particular, this causes the Avocado test + machine_aarch64_virt.py:Aarch64VirtMachine.test_alpine_virt_tcg_gic_max +to fail on an s390x host. + +Add appropriate byte-swapping on reads and writes of guest in-memory +data structures so that the device works correctly on big-endian +hosts. + +As part of this we constrain queue_read() to operate only on Cmd +structs and queue_write() on Evt structs, because in practice these +are the only data structures the two functions are used with, and we +need to know what the data structure is to be able to byte-swap its +parts correctly. + +Signed-off-by: Peter Maydell +Tested-by: Thomas Huth +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Eric Auger +Message-id: 20230717132641.764660-1-peter.maydell@linaro.org +Cc: qemu-stable@nongnu.org +(cherry picked from commit c6445544d4cea2628fbad3bad09f3d3a03c749d3) +Signed-off-by: Eric Auger +--- + hw/arm/smmu-common.c | 3 +-- + hw/arm/smmuv3.c | 39 +++++++++++++++++++++++++++++++-------- + 2 files changed, 32 insertions(+), 10 deletions(-) + +diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c +index e7f1c1f219..daa02ce798 100644 +--- a/hw/arm/smmu-common.c ++++ b/hw/arm/smmu-common.c +@@ -192,8 +192,7 @@ static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte, + dma_addr_t addr = baseaddr + index * sizeof(*pte); + + /* TODO: guarantee 64-bit single-copy atomicity */ +- ret = dma_memory_read(&address_space_memory, addr, pte, sizeof(*pte), +- MEMTXATTRS_UNSPECIFIED); ++ ret = ldq_le_dma(&address_space_memory, addr, pte, MEMTXATTRS_UNSPECIFIED); + + if (ret != MEMTX_OK) { + info->type = SMMU_PTW_ERR_WALK_EABT; +diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c +index 270c80b665..cfb56725a6 100644 +--- a/hw/arm/smmuv3.c ++++ b/hw/arm/smmuv3.c +@@ -98,20 +98,34 @@ static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn) + trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn); + } + +-static inline MemTxResult queue_read(SMMUQueue *q, void *data) ++static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd) + { + dma_addr_t addr = Q_CONS_ENTRY(q); ++ MemTxResult ret; ++ int i; + +- return dma_memory_read(&address_space_memory, addr, data, q->entry_size, +- MEMTXATTRS_UNSPECIFIED); ++ ret = dma_memory_read(&address_space_memory, addr, cmd, sizeof(Cmd), ++ MEMTXATTRS_UNSPECIFIED); ++ if (ret != MEMTX_OK) { ++ return ret; ++ } ++ for (i = 0; i < ARRAY_SIZE(cmd->word); i++) { ++ le32_to_cpus(&cmd->word[i]); ++ } ++ return ret; + } + +-static MemTxResult queue_write(SMMUQueue *q, void *data) ++static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in) + { + dma_addr_t addr = Q_PROD_ENTRY(q); + MemTxResult ret; ++ Evt evt = *evt_in; ++ int i; + +- ret = dma_memory_write(&address_space_memory, addr, data, q->entry_size, ++ for (i = 0; i < ARRAY_SIZE(evt.word); i++) { ++ cpu_to_le32s(&evt.word[i]); ++ } ++ ret = dma_memory_write(&address_space_memory, addr, &evt, sizeof(Evt), + MEMTXATTRS_UNSPECIFIED); + if (ret != MEMTX_OK) { + return ret; +@@ -291,7 +305,7 @@ static void smmuv3_init_regs(SMMUv3State *s) + static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf, + SMMUEventInfo *event) + { +- int ret; ++ int ret, i; + + trace_smmuv3_get_ste(addr); + /* TODO: guarantee 64-bit single-copy atomicity */ +@@ -304,6 +318,9 @@ static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf, + event->u.f_ste_fetch.addr = addr; + return -EINVAL; + } ++ for (i = 0; i < ARRAY_SIZE(buf->word); i++) { ++ le32_to_cpus(&buf->word[i]); ++ } + return 0; + + } +@@ -313,7 +330,7 @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid, + CD *buf, SMMUEventInfo *event) + { + dma_addr_t addr = STE_CTXPTR(ste); +- int ret; ++ int ret, i; + + trace_smmuv3_get_cd(addr); + /* TODO: guarantee 64-bit single-copy atomicity */ +@@ -326,6 +343,9 @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, uint32_t ssid, + event->u.f_ste_fetch.addr = addr; + return -EINVAL; + } ++ for (i = 0; i < ARRAY_SIZE(buf->word); i++) { ++ le32_to_cpus(&buf->word[i]); ++ } + return 0; + } + +@@ -407,7 +427,7 @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste, + return -EINVAL; + } + if (s->features & SMMU_FEATURE_2LVL_STE) { +- int l1_ste_offset, l2_ste_offset, max_l2_ste, span; ++ int l1_ste_offset, l2_ste_offset, max_l2_ste, span, i; + dma_addr_t l1ptr, l2ptr; + STEDesc l1std; + +@@ -431,6 +451,9 @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste, + event->u.f_ste_fetch.addr = l1ptr; + return -EINVAL; + } ++ for (i = 0; i < ARRAY_SIZE(l1std.word); i++) { ++ le32_to_cpus(&l1std.word[i]); ++ } + + span = L1STD_SPAN(&l1std); + +-- +2.39.3 + diff --git a/kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch b/kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch new file mode 100644 index 0000000..7a5963c --- /dev/null +++ b/kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch @@ -0,0 +1,62 @@ +From 0a731ac1191182546e80af5f39d178a5a2f3688f Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Mon, 17 Jul 2023 18:21:26 +0200 +Subject: [PATCH 07/14] hw/virtio-iommu: Fix potential OOB access in + virtio_iommu_handle_command() + +RH-Author: Eric Auger +RH-MergeRequest: 197: virtio-iommu/smmu: backport some late fixes +RH-Bugzilla: 2229133 +RH-Acked-by: Thomas Huth +RH-Acked-by: Peter Xu +RH-Commit: [1/3] ecdb1e1aa6b93761dc87ea79bc0a1093ad649a74 (eauger1/centos-qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2229133 + +In the virtio_iommu_handle_command() when a PROBE request is handled, +output_size takes a value greater than the tail size and on a subsequent +iteration we can get a stack out-of-band access. Initialize the +output_size on each iteration. + +The issue was found with ASAN. Credits to: +Yiming Tao(Zhejiang University) +Gaoning Pan(Zhejiang University) + +Fixes: 1733eebb9e7 ("virtio-iommu: Implement RESV_MEM probe request") +Signed-off-by: Eric Auger +Reported-by: Mauro Matteo Cascella +Cc: qemu-stable@nongnu.org + +Message-Id: <20230717162126.11693-1-eric.auger@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit cf2f89edf36a59183166ae8721a8d7ab5cd286bd) +Signed-off-by: Eric Auger +--- + hw/virtio/virtio-iommu.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c +index 421e2a944f..17ce630200 100644 +--- a/hw/virtio/virtio-iommu.c ++++ b/hw/virtio/virtio-iommu.c +@@ -728,13 +728,15 @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq) + VirtIOIOMMU *s = VIRTIO_IOMMU(vdev); + struct virtio_iommu_req_head head; + struct virtio_iommu_req_tail tail = {}; +- size_t output_size = sizeof(tail), sz; + VirtQueueElement *elem; + unsigned int iov_cnt; + struct iovec *iov; + void *buf = NULL; ++ size_t sz; + + for (;;) { ++ size_t output_size = sizeof(tail); ++ + elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); + if (!elem) { + return; +-- +2.39.3 + diff --git a/kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch b/kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch new file mode 100644 index 0000000..3ee6b29 --- /dev/null +++ b/kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch @@ -0,0 +1,52 @@ +From f9d982fae156aa9db0506e1e098c1e8a7f7eec94 Mon Sep 17 00:00:00 2001 +From: Bandan Das +Date: Thu, 3 Aug 2023 14:29:15 -0400 +Subject: [PATCH 13/14] i386/cpu: Update how the EBX register of CPUID + 0x8000001F is set + +RH-Author: Bandan Das +RH-MergeRequest: 196: Updates to SEV reduced-phys-bits parameter +RH-Bugzilla: 2214839 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [4/4] efc368b2c844fd4fbc3c755a5e2da288329e7a2c (bdas1/qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214839 + +commit fb6bbafc0f19385fb257ee073ed13dcaf613f2f8 +Author: Tom Lendacky +Date: Fri Sep 30 10:14:30 2022 -0500 + + i386/cpu: Update how the EBX register of CPUID 0x8000001F is set + + Update the setting of CPUID 0x8000001F EBX to clearly document the ranges + associated with fields being set. + + Fixes: 6cb8f2a663 ("cpu/i386: populate CPUID 0x8000_001F when SEV is active") + Signed-off-by: Tom Lendacky + Reviewed-by: Dr. David Alan Gilbert + Message-Id: <5822fd7d02b575121380e1f493a8f6d9eba2b11a.1664550870.git.thomas.lendacky@amd.com> + Signed-off-by: Paolo Bonzini + +Signed-off-by: Bandan Das +--- + target/i386/cpu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 839706b430..4ac3046313 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -6008,8 +6008,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + if (sev_enabled()) { + *eax = 0x2; + *eax |= sev_es_enabled() ? 0x8 : 0; +- *ebx = sev_get_cbit_position(); +- *ebx |= sev_get_reduced_phys_bits() << 6; ++ *ebx = sev_get_cbit_position() & 0x3f; /* EBX[5:0] */ ++ *ebx |= (sev_get_reduced_phys_bits() & 0x3f) << 6; /* EBX[11:6] */ + } + break; + default: +-- +2.39.3 + diff --git a/kvm-i386-sev-Update-checks-and-information-related-to-re.patch b/kvm-i386-sev-Update-checks-and-information-related-to-re.patch new file mode 100644 index 0000000..e9d28d3 --- /dev/null +++ b/kvm-i386-sev-Update-checks-and-information-related-to-re.patch @@ -0,0 +1,77 @@ +From 5c0d254762caaffd574bd95dbfc1df416e6e2509 Mon Sep 17 00:00:00 2001 +From: Bandan Das +Date: Thu, 3 Aug 2023 14:22:55 -0400 +Subject: [PATCH 12/14] i386/sev: Update checks and information related to + reduced-phys-bits + +RH-Author: Bandan Das +RH-MergeRequest: 196: Updates to SEV reduced-phys-bits parameter +RH-Bugzilla: 2214839 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [3/4] 7c5e7ea9f6cd39e84e5b60417c849430296399fd (bdas1/qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214839 + +commit 8168fed9f84e3128f7628969ae78af49433d5ce7 +Author: Tom Lendacky +Date: Fri Sep 30 10:14:29 2022 -0500 + + i386/sev: Update checks and information related to reduced-phys-bits + + The value of the reduced-phys-bits parameter is propogated to the CPUID + information exposed to the guest. Update the current validation check to + account for the size of the CPUID field (6-bits), ensuring the value is + in the range of 1 to 63. + + Maintain backward compatibility, to an extent, by allowing a value greater + than 1 (so that the previously documented value of 5 still works), but not + allowing anything over 63. + + Fixes: d8575c6c02 ("sev/i386: add command to initialize the memory encryption context") + Signed-off-by: Tom Lendacky + Reviewed-by: Dr. David Alan Gilbert + Message-Id: + Signed-off-by: Paolo Bonzini + +Signed-off-by: Bandan Das +--- + target/i386/sev.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/target/i386/sev.c b/target/i386/sev.c +index 859e06f6ad..fe2144c038 100644 +--- a/target/i386/sev.c ++++ b/target/i386/sev.c +@@ -932,15 +932,26 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) + host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); + host_cbitpos = ebx & 0x3f; + ++ /* ++ * The cbitpos value will be placed in bit positions 5:0 of the EBX ++ * register of CPUID 0x8000001F. No need to verify the range as the ++ * comparison against the host value accomplishes that. ++ */ + if (host_cbitpos != sev->cbitpos) { + error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", + __func__, host_cbitpos, sev->cbitpos); + goto err; + } + +- if (sev->reduced_phys_bits < 1) { +- error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1," +- " requested '%d'", __func__, sev->reduced_phys_bits); ++ /* ++ * The reduced-phys-bits value will be placed in bit positions 11:6 of ++ * the EBX register of CPUID 0x8000001F, so verify the supplied value ++ * is in the range of 1 to 63. ++ */ ++ if (sev->reduced_phys_bits < 1 || sev->reduced_phys_bits > 63) { ++ error_setg(errp, "%s: reduced_phys_bits check failed," ++ " it should be in the range of 1 to 63, requested '%d'", ++ __func__, sev->reduced_phys_bits); + goto err; + } + +-- +2.39.3 + diff --git a/kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch b/kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch new file mode 100644 index 0000000..a95895b --- /dev/null +++ b/kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch @@ -0,0 +1,50 @@ +From cbf9c74ef46d71c015b9de53f4514941dca8a035 Mon Sep 17 00:00:00 2001 +From: Bandan Das +Date: Thu, 3 Aug 2023 14:19:37 -0400 +Subject: [PATCH 10/14] qapi, i386/sev: Change the reduced-phys-bits value from + 5 to 1 + +RH-Author: Bandan Das +RH-MergeRequest: 196: Updates to SEV reduced-phys-bits parameter +RH-Bugzilla: 2214839 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/4] 4243578db33f89461e60b745eb96fee402218c9f (bdas1/qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214839 + +commit 798a818f50a9bfc01e8b5943090de458863b897b +Author: Tom Lendacky +Date: Fri Sep 30 10:14:27 2022 -0500 + + qapi, i386/sev: Change the reduced-phys-bits value from 5 to 1 + + A guest only ever experiences, at most, 1 bit of reduced physical + addressing. Change the query-sev-capabilities json comment to use 1. + + Fixes: 31dd67f684 ("sev/i386: qmp: add query-sev-capabilities command") + Signed-off-by: Tom Lendacky + Reviewed-by: Dr. David Alan Gilbert + Message-Id: + Signed-off-by: Paolo Bonzini + +Signed-off-by: Bandan Das +--- + qapi/misc-target.json | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/qapi/misc-target.json b/qapi/misc-target.json +index de91054523..bf04042f45 100644 +--- a/qapi/misc-target.json ++++ b/qapi/misc-target.json +@@ -172,7 +172,7 @@ + # -> { "execute": "query-sev-capabilities" } + # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", + # "cpu0-id": "2lvmGwo+...61iEinw==", +-# "cbitpos": 47, "reduced-phys-bits": 5}} ++# "cbitpos": 47, "reduced-phys-bits": 1}} + # + ## + { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', +-- +2.39.3 + diff --git a/kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch b/kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch new file mode 100644 index 0000000..6830692 --- /dev/null +++ b/kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch @@ -0,0 +1,60 @@ +From 50c833fc3c7d8d3a5124cfdb2f2dc06b910c2252 Mon Sep 17 00:00:00 2001 +From: Bandan Das +Date: Thu, 3 Aug 2023 14:21:25 -0400 +Subject: [PATCH 11/14] qemu-options.hx: Update the reduced-phys-bits + documentation + +RH-Author: Bandan Das +RH-MergeRequest: 196: Updates to SEV reduced-phys-bits parameter +RH-Bugzilla: 2214839 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/4] b0c4a19e9f4185c97ddf71857bc9367cea01ffa8 (bdas1/qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214839 + +commit 326e3015c4c6f3197157ea0bb00826ae740e2fad +Author: Tom Lendacky +Date: Fri Sep 30 10:14:28 2022 -0500 + + qemu-options.hx: Update the reduced-phys-bits documentation + + A guest only ever experiences, at most, 1 bit of reduced physical + addressing. Update the documentation to reflect this as well as change + the example value on the reduced-phys-bits option. + + Fixes: a9b4942f48 ("target/i386: add Secure Encrypted Virtualization (SEV) object") + Signed-off-by: Tom Lendacky + Reviewed-by: Dr. David Alan Gilbert + Message-Id: <13a62ced1808546c1d398e2025cf85f4c94ae123.1664550870.git.thomas.lendacky@amd.com> + Signed-off-by: Paolo Bonzini + +Signed-off-by: Bandan Das +--- + qemu-options.hx | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/qemu-options.hx b/qemu-options.hx +index b18f933703..edf10a5aac 100644 +--- a/qemu-options.hx ++++ b/qemu-options.hx +@@ -5417,7 +5417,7 @@ SRST + physical address space. The ``reduced-phys-bits`` is used to + provide the number of bits we loose in physical address space. + Similar to C-bit, the value is Host family dependent. On EPYC, +- the value should be 5. ++ a guest will lose a maximum of 1 bit, so the value should be 1. + + The ``sev-device`` provides the device file to use for + communicating with the SEV firmware running inside AMD Secure +@@ -5452,7 +5452,7 @@ SRST + + # |qemu_system_x86| \\ + ...... \\ +- -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \\ ++ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \\ + -machine ...,memory-encryption=sev0 \\ + ..... + +-- +2.39.3 + diff --git a/kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch b/kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch new file mode 100644 index 0000000..638ae98 --- /dev/null +++ b/kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch @@ -0,0 +1,88 @@ +From 59cd85621b1b14ada843ea0562cc76b6a7c93df4 Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Tue, 18 Jul 2023 20:21:36 +0200 +Subject: [PATCH 08/14] virtio-iommu: Standardize granule extraction and + formatting + +RH-Author: Eric Auger +RH-MergeRequest: 197: virtio-iommu/smmu: backport some late fixes +RH-Bugzilla: 2229133 +RH-Acked-by: Thomas Huth +RH-Acked-by: Peter Xu +RH-Commit: [2/3] 48784ef2a19174518f66479dcb532230bffe8bf1 (eauger1/centos-qemu-kvm) + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2229133 + +At several locations we compute the granule from the config +page_size_mask using ctz() and then format it in traces using +BIT(). As the page_size_mask is 64b we should use ctz64 and +BIT_ULL() for formatting. We failed to be consistent. + +Note the page_size_mask is garanteed to be non null. The spec +mandates the device to set at least one bit, so ctz64 cannot +return 64. This is garanteed by the fact the device +initializes the page_size_mask to qemu_target_page_mask() +and then the page_size_mask is further constrained by +virtio_iommu_set_page_size_mask() callback which can't +result in a new mask being null. So if Coverity complains +round those ctz64/BIT_ULL with CID 1517772 this is a false +positive + +Signed-off-by: Eric Auger +Fixes: 94df5b2180 ("virtio-iommu: Fix 64kB host page size VFIO device assignment") +Message-Id: <20230718182136.40096-1-eric.auger@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Jean-Philippe Brucker +(cherry picked from commit 1084feddc6a677cdfdde56936bfb97cf32cc4dee) +Signed-off-by: Eric Auger +--- + hw/virtio/virtio-iommu.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c +index 17ce630200..17b3dcd158 100644 +--- a/hw/virtio/virtio-iommu.c ++++ b/hw/virtio/virtio-iommu.c +@@ -854,17 +854,19 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr, + VirtIOIOMMUEndpoint *ep; + uint32_t sid, flags; + bool bypass_allowed; ++ int granule; + bool found; + int i; + + interval.low = addr; + interval.high = addr + 1; ++ granule = ctz64(s->config.page_size_mask); + + IOMMUTLBEntry entry = { + .target_as = &address_space_memory, + .iova = addr, + .translated_addr = addr, +- .addr_mask = (1 << ctz32(s->config.page_size_mask)) - 1, ++ .addr_mask = BIT_ULL(granule) - 1, + .perm = IOMMU_NONE, + }; + +@@ -1117,7 +1119,7 @@ static int virtio_iommu_set_page_size_mask(IOMMUMemoryRegion *mr, + if (s->granule_frozen) { + int cur_granule = ctz64(cur_mask); + +- if (!(BIT(cur_granule) & new_mask)) { ++ if (!(BIT_ULL(cur_granule) & new_mask)) { + error_setg(errp, "virtio-iommu %s does not support frozen granule 0x%llx", + mr->parent_obj.name, BIT_ULL(cur_granule)); + return -1; +@@ -1163,7 +1165,7 @@ static void virtio_iommu_freeze_granule(Notifier *notifier, void *data) + } + s->granule_frozen = true; + granule = ctz64(s->config.page_size_mask); +- trace_virtio_iommu_freeze_granule(BIT(granule)); ++ trace_virtio_iommu_freeze_granule(BIT_ULL(granule)); + } + + static void virtio_iommu_device_realize(DeviceState *dev, Error **errp) +-- +2.39.3 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 5a08934..e93a0b3 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -149,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 8.0.0 -Release: 10%{?rcrel}%{?dist}%{?cc_suffix} +Release: 11%{?rcrel}%{?dist}%{?cc_suffix} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -486,6 +486,38 @@ Patch164: kvm-virtio-net-correctly-report-maximum-tx_queue_size-va.patch Patch165: kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-reg-for-machine-ty.patch # For bz#2141965 - [TPM][vhost-vdpa][rhel9.2]Boot a guest with "vhost-vdpa + TPM emulator", qemu output: qemu-kvm: vhost_vdpa_listener_region_add received unaligned region Patch166: kvm-vhost-vdpa-mute-unaligned-memory-error-report.patch +# For bz#2225354 - [vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting +# For bz#2225439 - [vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa +Patch167: kvm-block-blkio-enable-the-completion-eventfd.patch +# For bz#2225354 - [vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting +# For bz#2225439 - [vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa +Patch168: kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch +# For bz#2225354 - [vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting +# For bz#2225439 - [vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa +Patch169: kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch +# For bz#2225354 - [vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting +# For bz#2225439 - [vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa +Patch170: kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch +# For bz#2225354 - [vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting +# For bz#2225439 - [vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa +Patch171: kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch +# For bz#2225354 - [vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting +# For bz#2225439 - [vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa +Patch172: kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch +# For bz#2229133 - Backport some virtio-iommu and smmu fixes +Patch173: kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch +# For bz#2229133 - Backport some virtio-iommu and smmu fixes +Patch174: kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch +# For bz#2229133 - Backport some virtio-iommu and smmu fixes +Patch175: kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch +# For bz#2214839 - [AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes +Patch176: kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch +# For bz#2214839 - [AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes +Patch177: kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch +# For bz#2214839 - [AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes +Patch178: kvm-i386-sev-Update-checks-and-information-related-to-re.patch +# For bz#2214839 - [AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes +Patch179: kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch %if %{have_clang} BuildRequires: clang @@ -1211,7 +1243,6 @@ rm %{buildroot}%{_bindir}/qemu-system-%{kvm_target} rm %{buildroot}%{_datadir}/systemtap/tapset/qemu-system-%{kvm_target}.stp rm %{buildroot}%{_datadir}/systemtap/tapset/qemu-system-%{kvm_target}-simpletrace.stp rm %{buildroot}%{_datadir}/systemtap/tapset/qemu-system-%{kvm_target}-log.stp -rm %{buildroot}%{_bindir}/elf2dmp # Install simpletrace install -m 0755 scripts/simpletrace.py %{buildroot}%{_datadir}/%{name}/simpletrace.py @@ -1423,6 +1454,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_bindir}/qemu-keymap %{_bindir}/qemu-edid %{_bindir}/qemu-trace-stap +%{_bindir}/elf2dmp %{_datadir}/%{name}/simpletrace.py* %{_datadir}/%{name}/tracetool/*.py* %{_datadir}/%{name}/tracetool/backend/*.py* @@ -1547,6 +1579,32 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Mon Aug 07 2023 Miroslav Rezanina - 8.0.0-11 +- kvm-block-blkio-enable-the-completion-eventfd.patch [bz#2225354 bz#2225439] +- kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch [bz#2225354 bz#2225439] +- kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch [bz#2225354 bz#2225439] +- kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch [bz#2225354 bz#2225439] +- kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch [bz#2225354 bz#2225439] +- kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch [bz#2225354 bz#2225439] +- kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch [bz#2229133] +- kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch [bz#2229133] +- kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch [bz#2229133] +- kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch [bz#2214839] +- kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch [bz#2214839] +- kvm-i386-sev-Update-checks-and-information-related-to-re.patch [bz#2214839] +- kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch [bz#2214839] +- kvm-Provide-elf2dmp-binary-in-qemu-tools.patch [bz#2165917] +- Resolves: bz#2225354 + ([vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting) +- Resolves: bz#2225439 + ([vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa) +- Resolves: bz#2229133 + (Backport some virtio-iommu and smmu fixes) +- Resolves: bz#2214839 + ([AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes) +- Resolves: bz#2165917 + (qemu-kvm: contrib/elf2dmp: Windows Server 2022 support) + * Mon Jul 31 2023 Miroslav Rezanina - 8.0.0-10 - kvm-util-iov-Make-qiov_slice-public.patch [bz#2174676] - kvm-block-Collapse-padded-I-O-vecs-exceeding-IOV_MAX.patch [bz#2174676]