Synchronization with qemu-kvm-5.2.0-14.el8

This commit is contained in:
Miroslav Rezanina 2021-03-22 07:54:27 +01:00
parent f394fc8831
commit 384b680e84
14 changed files with 1548 additions and 18 deletions

View File

@ -0,0 +1,44 @@
From 29c5b94ae259f21b792a611096c60b240e0c0983 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 15 Mar 2021 18:16:25 -0400
Subject: [PATCH 09/15] block/export: fix blk_size double byteswap
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20210315181629.212884-3-stefanha@redhat.com>
Patchwork-id: 101340
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/6] block/export: fix blk_size double byteswap
Bugzilla: 1937004
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
The config->blk_size field is little-endian. Use the native-endian
blk_size variable to avoid double byteswapping.
Fixes: 11f60f7eaee2630dd6fa0c3a8c49f792e46c4cf1 ("block/export: make vhost-user-blk config space little-endian")
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210223144653.811468-8-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit a4f1542af58fd6ab061e594d4e161f1c8b4a4372)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/export/vhost-user-blk-server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index 62672d1cb9..3003cff189 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -354,7 +354,7 @@ vu_blk_initialize_config(BlockDriverState *bs,
config->num_queues = cpu_to_le16(num_queues);
config->max_discard_sectors = cpu_to_le32(32768);
config->max_discard_seg = cpu_to_le32(1);
- config->discard_sector_alignment = cpu_to_le32(config->blk_size >> 9);
+ config->discard_sector_alignment = cpu_to_le32(blk_size >> 9);
config->max_write_zeroes_sectors = cpu_to_le32(32768);
config->max_write_zeroes_seg = cpu_to_le32(1);
}
--
2.27.0

View File

@ -0,0 +1,53 @@
From e158a830fa229937fcb2ef755b50695abd64533a Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 15 Mar 2021 18:16:27 -0400
Subject: [PATCH 11/15] block/export: fix vhost-user-blk export sector number
calculation
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20210315181629.212884-5-stefanha@redhat.com>
Patchwork-id: 101341
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 4/6] block/export: fix vhost-user-blk export sector number calculation
Bugzilla: 1937004
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
The driver is supposed to honor the blk_size field but the protocol
still uses 512-byte sector numbers. It is incorrect to multiply
req->sector_num by blk_size.
VIRTIO 1.1 5.2.5 Device Initialization says:
blk_size can be read to determine the optimal sector size for the
driver to use. This does not affect the units used in the protocol
(always 512 bytes), but awareness of the correct value can affect
performance.
Fixes: 3578389bcf76c824a5d82e6586a6f0c71e56f2aa ("block/export: vhost-user block device backend server")
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210223144653.811468-10-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e44362ce317bcc46d409ed6c4a5ed2b46804bcbf)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/export/vhost-user-blk-server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index feb139e067..bb07f499c8 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -144,7 +144,7 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
break;
}
- int64_t offset = req->sector_num * vexp->blk_size;
+ int64_t offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
QEMUIOVector qiov;
if (is_write) {
qemu_iovec_init_external(&qiov, out_iov, out_num);
--
2.27.0

View File

@ -0,0 +1,199 @@
From 400ddccbcd8ddc13c85dbb7796b15fe9d6a01c1f Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 15 Mar 2021 18:16:28 -0400
Subject: [PATCH 12/15] block/export: port virtio-blk discard/write zeroes
input validation
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20210315181629.212884-6-stefanha@redhat.com>
Patchwork-id: 101342
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 5/6] block/export: port virtio-blk discard/write zeroes input validation
Bugzilla: 1937004
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
Validate discard/write zeroes the same way we do for virtio-blk. Some of
these checks are mandated by the VIRTIO specification, others are
internal to QEMU.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210223144653.811468-11-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit db4eadf9f10e19f864d70d1df3a90fbda31b8c06)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/export/vhost-user-blk-server.c | 116 +++++++++++++++++++++------
1 file changed, 93 insertions(+), 23 deletions(-)
diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index bb07f499c8..937bb5e9b4 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -29,6 +29,8 @@
enum {
VHOST_USER_BLK_NUM_QUEUES_DEFAULT = 1,
+ VHOST_USER_BLK_MAX_DISCARD_SECTORS = 32768,
+ VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS = 32768,
};
struct virtio_blk_inhdr {
unsigned char status;
@@ -65,30 +67,102 @@ static void vu_blk_req_complete(VuBlkReq *req)
free(req);
}
+static bool vu_blk_sect_range_ok(VuBlkExport *vexp, uint64_t sector,
+ size_t size)
+{
+ uint64_t nb_sectors = size >> BDRV_SECTOR_BITS;
+ uint64_t total_sectors;
+
+ if (nb_sectors > BDRV_REQUEST_MAX_SECTORS) {
+ return false;
+ }
+ if ((sector << VIRTIO_BLK_SECTOR_BITS) % vexp->blk_size) {
+ return false;
+ }
+ blk_get_geometry(vexp->export.blk, &total_sectors);
+ if (sector > total_sectors || nb_sectors > total_sectors - sector) {
+ return false;
+ }
+ return true;
+}
+
static int coroutine_fn
-vu_blk_discard_write_zeroes(BlockBackend *blk, struct iovec *iov,
+vu_blk_discard_write_zeroes(VuBlkExport *vexp, struct iovec *iov,
uint32_t iovcnt, uint32_t type)
{
+ BlockBackend *blk = vexp->export.blk;
struct virtio_blk_discard_write_zeroes desc;
- ssize_t size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc));
+ ssize_t size;
+ uint64_t sector;
+ uint32_t num_sectors;
+ uint32_t max_sectors;
+ uint32_t flags;
+ int bytes;
+
+ /* Only one desc is currently supported */
+ if (unlikely(iov_size(iov, iovcnt) > sizeof(desc))) {
+ return VIRTIO_BLK_S_UNSUPP;
+ }
+
+ size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc));
if (unlikely(size != sizeof(desc))) {
- error_report("Invalid size %zd, expect %zu", size, sizeof(desc));
- return -EINVAL;
+ error_report("Invalid size %zd, expected %zu", size, sizeof(desc));
+ return VIRTIO_BLK_S_IOERR;
}
- uint64_t range[2] = { le64_to_cpu(desc.sector) << 9,
- le32_to_cpu(desc.num_sectors) << 9 };
- if (type == VIRTIO_BLK_T_DISCARD) {
- if (blk_co_pdiscard(blk, range[0], range[1]) == 0) {
- return 0;
+ sector = le64_to_cpu(desc.sector);
+ num_sectors = le32_to_cpu(desc.num_sectors);
+ flags = le32_to_cpu(desc.flags);
+ max_sectors = (type == VIRTIO_BLK_T_WRITE_ZEROES) ?
+ VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS :
+ VHOST_USER_BLK_MAX_DISCARD_SECTORS;
+
+ /* This check ensures that 'bytes' fits in an int */
+ if (unlikely(num_sectors > max_sectors)) {
+ return VIRTIO_BLK_S_IOERR;
+ }
+
+ bytes = num_sectors << VIRTIO_BLK_SECTOR_BITS;
+
+ if (unlikely(!vu_blk_sect_range_ok(vexp, sector, bytes))) {
+ return VIRTIO_BLK_S_IOERR;
+ }
+
+ /*
+ * The device MUST set the status byte to VIRTIO_BLK_S_UNSUPP for discard
+ * and write zeroes commands if any unknown flag is set.
+ */
+ if (unlikely(flags & ~VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP)) {
+ return VIRTIO_BLK_S_UNSUPP;
+ }
+
+ if (type == VIRTIO_BLK_T_WRITE_ZEROES) {
+ int blk_flags = 0;
+
+ if (flags & VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP) {
+ blk_flags |= BDRV_REQ_MAY_UNMAP;
+ }
+
+ if (blk_co_pwrite_zeroes(blk, sector << VIRTIO_BLK_SECTOR_BITS,
+ bytes, blk_flags) == 0) {
+ return VIRTIO_BLK_S_OK;
}
- } else if (type == VIRTIO_BLK_T_WRITE_ZEROES) {
- if (blk_co_pwrite_zeroes(blk, range[0], range[1], 0) == 0) {
- return 0;
+ } else if (type == VIRTIO_BLK_T_DISCARD) {
+ /*
+ * The device MUST set the status byte to VIRTIO_BLK_S_UNSUPP for
+ * discard commands if the unmap flag is set.
+ */
+ if (unlikely(flags & VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP)) {
+ return VIRTIO_BLK_S_UNSUPP;
+ }
+
+ if (blk_co_pdiscard(blk, sector << VIRTIO_BLK_SECTOR_BITS,
+ bytes) == 0) {
+ return VIRTIO_BLK_S_OK;
}
}
- return -EINVAL;
+ return VIRTIO_BLK_S_IOERR;
}
static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
@@ -177,19 +251,13 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
}
case VIRTIO_BLK_T_DISCARD:
case VIRTIO_BLK_T_WRITE_ZEROES: {
- int rc;
-
if (!vexp->writable) {
req->in->status = VIRTIO_BLK_S_IOERR;
break;
}
- rc = vu_blk_discard_write_zeroes(blk, &elem->out_sg[1], out_num, type);
- if (rc == 0) {
- req->in->status = VIRTIO_BLK_S_OK;
- } else {
- req->in->status = VIRTIO_BLK_S_IOERR;
- }
+ req->in->status = vu_blk_discard_write_zeroes(vexp, out_iov, out_num,
+ type);
break;
}
default:
@@ -360,11 +428,13 @@ vu_blk_initialize_config(BlockDriverState *bs,
config->min_io_size = cpu_to_le16(1);
config->opt_io_size = cpu_to_le32(1);
config->num_queues = cpu_to_le16(num_queues);
- config->max_discard_sectors = cpu_to_le32(32768);
+ config->max_discard_sectors =
+ cpu_to_le32(VHOST_USER_BLK_MAX_DISCARD_SECTORS);
config->max_discard_seg = cpu_to_le32(1);
config->discard_sector_alignment =
cpu_to_le32(blk_size >> VIRTIO_BLK_SECTOR_BITS);
- config->max_write_zeroes_sectors = cpu_to_le32(32768);
+ config->max_write_zeroes_sectors
+ = cpu_to_le32(VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS);
config->max_write_zeroes_seg = cpu_to_le32(1);
}
--
2.27.0

View File

@ -0,0 +1,70 @@
From 03aeb30096eb0d48e0b493ed4925b99b0e27979e Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 15 Mar 2021 18:16:29 -0400
Subject: [PATCH 13/15] block/export: port virtio-blk read/write range check
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20210315181629.212884-7-stefanha@redhat.com>
Patchwork-id: 101343
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 6/6] block/export: port virtio-blk read/write range check
Bugzilla: 1937004
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
Check that the sector number and byte count are valid.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210223144653.811468-13-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 05ae4e674e3d47342a7660ae7bc55b393e09f4c7)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/export/vhost-user-blk-server.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index 937bb5e9b4..dbe3cfb9e8 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -209,6 +209,8 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
switch (type & ~VIRTIO_BLK_T_BARRIER) {
case VIRTIO_BLK_T_IN:
case VIRTIO_BLK_T_OUT: {
+ QEMUIOVector qiov;
+ int64_t offset;
ssize_t ret = 0;
bool is_write = type & VIRTIO_BLK_T_OUT;
req->sector_num = le64_to_cpu(req->out.sector);
@@ -218,13 +220,24 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
break;
}
- int64_t offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
- QEMUIOVector qiov;
if (is_write) {
qemu_iovec_init_external(&qiov, out_iov, out_num);
- ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
} else {
qemu_iovec_init_external(&qiov, in_iov, in_num);
+ }
+
+ if (unlikely(!vu_blk_sect_range_ok(vexp,
+ req->sector_num,
+ qiov.size))) {
+ req->in->status = VIRTIO_BLK_S_IOERR;
+ break;
+ }
+
+ offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
+
+ if (is_write) {
+ ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
+ } else {
ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
}
if (ret >= 0) {
--
2.27.0

View File

@ -0,0 +1,84 @@
From 38097598172fa6b5b66224ee3a17dcc7d8ff6488 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 15 Mar 2021 18:16:26 -0400
Subject: [PATCH 10/15] block/export: use VIRTIO_BLK_SECTOR_BITS
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20210315181629.212884-4-stefanha@redhat.com>
Patchwork-id: 101339
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 3/6] block/export: use VIRTIO_BLK_SECTOR_BITS
Bugzilla: 1937004
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
Use VIRTIO_BLK_SECTOR_BITS and VIRTIO_BLK_SECTOR_SIZE when dealing with
virtio-blk sector numbers. Although the values happen to be the same as
BDRV_SECTOR_BITS and BDRV_SECTOR_SIZE, they are conceptually different.
This makes it clearer when we are dealing with virtio-blk sector units.
Use VIRTIO_BLK_SECTOR_BITS in vu_blk_initialize_config(). Later patches
will use it the new constants the virtqueue request processing code
path.
Suggested-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210223144653.811468-9-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 524bac0744e5abf95856fb9e31c01fd2ef102188)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/export/vhost-user-blk-server.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index 3003cff189..feb139e067 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -20,6 +20,13 @@
#include "sysemu/block-backend.h"
#include "util/block-helpers.h"
+/*
+ * Sector units are 512 bytes regardless of the
+ * virtio_blk_config->blk_size value.
+ */
+#define VIRTIO_BLK_SECTOR_BITS 9
+#define VIRTIO_BLK_SECTOR_SIZE (1ull << VIRTIO_BLK_SECTOR_BITS)
+
enum {
VHOST_USER_BLK_NUM_QUEUES_DEFAULT = 1,
};
@@ -345,7 +352,8 @@ vu_blk_initialize_config(BlockDriverState *bs,
uint32_t blk_size,
uint16_t num_queues)
{
- config->capacity = cpu_to_le64(bdrv_getlength(bs) >> BDRV_SECTOR_BITS);
+ config->capacity =
+ cpu_to_le64(bdrv_getlength(bs) >> VIRTIO_BLK_SECTOR_BITS);
config->blk_size = cpu_to_le32(blk_size);
config->size_max = cpu_to_le32(0);
config->seg_max = cpu_to_le32(128 - 2);
@@ -354,7 +362,8 @@ vu_blk_initialize_config(BlockDriverState *bs,
config->num_queues = cpu_to_le16(num_queues);
config->max_discard_sectors = cpu_to_le32(32768);
config->max_discard_seg = cpu_to_le32(1);
- config->discard_sector_alignment = cpu_to_le32(blk_size >> 9);
+ config->discard_sector_alignment =
+ cpu_to_le32(blk_size >> VIRTIO_BLK_SECTOR_BITS);
config->max_write_zeroes_sectors = cpu_to_le32(32768);
config->max_write_zeroes_seg = cpu_to_le32(1);
}
@@ -381,7 +390,7 @@ static int vu_blk_exp_create(BlockExport *exp, BlockExportOptions *opts,
if (vu_opts->has_logical_block_size) {
logical_block_size = vu_opts->logical_block_size;
} else {
- logical_block_size = BDRV_SECTOR_SIZE;
+ logical_block_size = VIRTIO_BLK_SECTOR_SIZE;
}
check_block_size(exp->id, "logical-block-size", logical_block_size,
&local_err);
--
2.27.0

View File

@ -0,0 +1,80 @@
From efdd1b8911d5ae5c0eacbc63fd4fe85f0cc4614b Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Sun, 14 Mar 2021 15:54:19 -0400
Subject: [PATCH 06/15] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Jon Maloy <jmaloy@redhat.com>
Message-id: <20210314155419.911760-2-jmaloy@redhat.com>
Patchwork-id: 101336
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
Bugzilla: 1936948
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Andrew Jones <drjones@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
Per the ARM Generic Interrupt Controller Architecture specification
(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit,
not 10:
- 4.3 Distributor register descriptions
- 4.3.15 Software Generated Interrupt Register, GICD_SG
- Table 4-21 GICD_SGIR bit assignments
The Interrupt ID of the SGI to forward to the specified CPU
interfaces. The value of this field is the Interrupt ID, in
the range 0-15, for example a value of 0b0011 specifies
Interrupt ID 3.
Correct the irq mask to fix an undefined behavior (which eventually
lead to a heap-buffer-overflow, see [Buglink]):
$ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio
[I 1612088147.116987] OPENED
[R +0.278293] writel 0x8000f00 0xff4affb0
../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13
This fixes a security issue when running with KVM on Arm with
kernel-irqchip=off. (The default is kernel-irqchip=on, which is
unaffected, and which is also the correct choice for performance.)
Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20221
Fixes: 9ee6e8bb853 ("ARMv7 support.")
Buglink: https://bugs.launchpad.net/qemu/+bug/1913916
Buglink: https://bugs.launchpad.net/qemu/+bug/1913917
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210131103401.217160-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit edfe2eb4360cde4ed5d95bda7777edcb3510f76a)
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/intc/arm_gic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index c60dc6b5e6..fbde60de05 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset,
int target_cpu;
cpu = gic_get_current_cpu(s);
- irq = value & 0x3ff;
+ irq = value & 0xf;
switch ((value >> 24) & 3) {
case 0:
mask = (value >> 16) & ALL_CPU_MASK;
--
2.27.0

View File

@ -0,0 +1,177 @@
From 1f6e36fd98ba0610a438c2352117c5b1ed4f01ba Mon Sep 17 00:00:00 2001
From: Igor Mammedov <imammedo@redhat.com>
Date: Mon, 8 Mar 2021 18:10:41 -0500
Subject: [PATCH 07/15] i386/acpi: restore device paths for pre-5.1 vms
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Igor Mammedov <imammedo@redhat.com>
Message-id: <20210308181041.2427279-1-imammedo@redhat.com>
Patchwork-id: 101321
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH] i386/acpi: restore device paths for pre-5.1 vms
Bugzilla: 1934158
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1934158
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=35317870
Upstream: 0a343a5add75f9f90c65e932863d57ddbcb28f5c
From: Vitaly Cheptsov <cheptsov@ispras.ru>
Date: Mon Mar 1 22:59:18 2021 +0300
After fixing the _UID value for the primary PCI root bridge in
af1b80ae it was discovered that this change updates Windows
configuration in an incompatible way causing network configuration
failure unless DHCP is used. More details provided on the list:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg08484.html
This change reverts the _UID update from 1 to 0 for q35 and i440fx
VMs before version 5.2 to maintain the original behaviour when
upgrading.
Cc: qemu-stable@nongnu.org
Cc: qemu-devel@nongnu.org
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Vitaly Cheptsov <cheptsov@ispras.ru>
Message-Id: <20210301195919.9333-1-cheptsov@ispras.ru>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: af1b80ae56c9 ("i386/acpi: fix inconsistent QEMU/OVMF device paths")
(cherry picked from commit 0a343a5add75f9f90c65e932863d57ddbcb28f5c)
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Notes:
clean cherrypick +
adding the same quirk to RHEL's pc(7.6)/q35(8.3) machine types
to preserve old UID. pc-q35-rhel8.4.0 will have new UID as defined
by spec (but since it's not been released yet there is no risk of
breaking [non]existing Windows deployments and new installations
should pickup new PCI device enumeration just fine)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/acpi-build.c | 4 ++--
hw/i386/pc_piix.c | 5 +++++
hw/i386/pc_q35.c | 5 +++++
include/hw/i386/pc.h | 1 +
4 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index b1082bd412..be6a260b85 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1516,7 +1516,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
dev = aml_device("PCI0");
aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
- aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+ aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid)));
aml_append(sb_scope, dev);
aml_append(dsdt, sb_scope);
@@ -1533,7 +1533,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08")));
aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03")));
aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
- aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+ aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid)));
aml_append(dev, build_q35_osc_method());
aml_append(sb_scope, dev);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 6e1f1ba082..819fb5fed9 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -421,6 +421,7 @@ static void pc_i440fx_machine_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
pcmc->default_nic_model = "e1000";
+ pcmc->pci_root_uid = 0;
m->family = "pc_piix";
m->desc = "Standard PC (i440FX + PIIX, 1996)";
@@ -452,6 +453,7 @@ static void pc_i440fx_5_1_machine_options(MachineClass *m)
compat_props_add(m->compat_props, hw_compat_5_1, hw_compat_5_1_len);
compat_props_add(m->compat_props, pc_compat_5_1, pc_compat_5_1_len);
pcmc->kvmclock_create_always = false;
+ pcmc->pci_root_uid = 1;
}
DEFINE_I440FX_MACHINE(v5_1, "pc-i440fx-5.1", NULL,
@@ -1020,6 +1022,7 @@ static void pc_machine_rhel7_options(MachineClass *m)
m->family = "pc_piix_Y";
m->default_machine_opts = "firmware=bios-256k.bin,hpet=off";
pcmc->default_nic_model = "e1000";
+ pcmc->pci_root_uid = 0;
m->default_display = "std";
m->no_parallel = 1;
m->numa_mem_supported = true;
@@ -1046,6 +1049,8 @@ static void pc_machine_rhel760_options(MachineClass *m)
pcmc->pvh_enabled = false;
pcmc->default_cpu_version = CPU_VERSION_LEGACY;
pcmc->kvmclock_create_always = false;
+ /* From pc_i440fx_5_1_machine_options() */
+ pcmc->pci_root_uid = 1;
compat_props_add(m->compat_props, hw_compat_rhel_8_3,
hw_compat_rhel_8_3_len);
compat_props_add(m->compat_props, pc_rhel_8_3_compat,
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index a8c0496c9f..f848f1484e 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -332,6 +332,7 @@ static void pc_q35_machine_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
pcmc->default_nic_model = "e1000e";
+ pcmc->pci_root_uid = 0;
m->family = "pc_q35";
m->desc = "Standard PC (Q35 + ICH9, 2009)";
@@ -367,6 +368,7 @@ static void pc_q35_5_1_machine_options(MachineClass *m)
compat_props_add(m->compat_props, hw_compat_5_1, hw_compat_5_1_len);
compat_props_add(m->compat_props, pc_compat_5_1, pc_compat_5_1_len);
pcmc->kvmclock_create_always = false;
+ pcmc->pci_root_uid = 1;
}
DEFINE_Q35_MACHINE(v5_1, "pc-q35-5.1", NULL,
@@ -578,6 +580,7 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
pcmc->default_nic_model = "e1000e";
+ pcmc->pci_root_uid = 0;
m->family = "pc_q35_Z";
m->units_per_default_bus = 1;
m->default_machine_opts = "firmware=bios-256k.bin,hpet=off";
@@ -630,6 +633,8 @@ static void pc_q35_machine_rhel830_options(MachineClass *m)
pc_rhel_8_3_compat_len);
/* From pc_q35_5_1_machine_options() */
pcmc->kvmclock_create_always = false;
+ /* From pc_q35_5_1_machine_options() */
+ pcmc->pci_root_uid = 1;
}
DEFINE_PC_MACHINE(q35_rhel830, "pc-q35-rhel8.3.0", pc_q35_init_rhel830,
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 68091bea98..d2efc65cec 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -99,6 +99,7 @@ struct PCMachineClass {
int legacy_acpi_table_size;
unsigned acpi_data_size;
bool do_not_add_smb_acpi;
+ int pci_root_uid;
/* SMBIOS compat: */
bool smbios_defaults;
--
2.27.0

View File

@ -0,0 +1,50 @@
From 570d5034b8c6124df1830857144dc1ac08c13d06 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 8 Mar 2021 10:48:59 -0500
Subject: [PATCH 02/15] scsi-disk: do not complete requests early for
rerror/werror=ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20210308104902.149906-3-pbonzini@redhat.com>
Patchwork-id: 101309
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/5] scsi-disk: do not complete requests early for rerror/werror=ignore
Bugzilla: 1927530
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
When requested to ignore errors, just do nothing and let the
request complete normally. This means that the request will
be accounted correctly.
This is what commit 40dce4ee61 ("scsi-disk: fix rerror/werror=ignore",
2018-10-19) was supposed to do:
Fixes: 40dce4ee61 ("scsi-disk: fix rerror/werror=ignore", 2018-10-19)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 424740def9a42da88550410de9a41ef07cc4a010)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/scsi/scsi-disk.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index cecdea2640..e8de15f549 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -252,8 +252,7 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
blk_error_action(s->qdev.conf.blk, action, is_read, error);
if (action == BLOCK_ERROR_ACTION_IGNORE) {
- scsi_req_complete(&r->req, 0);
- return true;
+ return false;
}
if (action == BLOCK_ERROR_ACTION_STOP) {
--
2.27.0

View File

@ -0,0 +1,222 @@
From c029d041853805ba612d27886f769c0e004c35e6 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 8 Mar 2021 10:48:58 -0500
Subject: [PATCH 01/15] scsi-disk: move scsi_handle_rw_error earlier
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20210308104902.149906-2-pbonzini@redhat.com>
Patchwork-id: 101307
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/5] scsi-disk: move scsi_handle_rw_error earlier
Bugzilla: 1927530
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Remove the forward declaration.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f95f61c2c9618fae7d8ea4c1d63e7416884bad52)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/scsi/scsi-disk.c | 168 ++++++++++++++++++++++----------------------
1 file changed, 83 insertions(+), 85 deletions(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 90841ad791..cecdea2640 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -110,8 +110,6 @@ struct SCSIDiskState {
uint16_t rotation_rate;
};
-static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
-
static void scsi_free_request(SCSIRequest *req)
{
SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
@@ -181,6 +179,89 @@ static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
qemu_iovec_init_external(&r->qiov, &r->iov, 1);
}
+/*
+ * scsi_handle_rw_error has two return values. False means that the error
+ * must be ignored, true means that the error has been processed and the
+ * caller should not do anything else for this request. Note that
+ * scsi_handle_rw_error always manages its reference counts, independent
+ * of the return value.
+ */
+static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
+{
+ bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+ SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
+ BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
+ is_read, error);
+
+ if (action == BLOCK_ERROR_ACTION_REPORT) {
+ if (acct_failed) {
+ block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
+ }
+ switch (error) {
+ case 0:
+ /* A passthrough command has run and has produced sense data; check
+ * whether the error has to be handled by the guest or should rather
+ * pause the host.
+ */
+ assert(r->status && *r->status);
+ if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
+ /* These errors are handled by guest. */
+ sdc->update_sense(&r->req);
+ scsi_req_complete(&r->req, *r->status);
+ return true;
+ }
+ error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
+ break;
+#ifdef CONFIG_LINUX
+ /* These errno mapping are specific to Linux. For more information:
+ * - scsi_decide_disposition in drivers/scsi/scsi_error.c
+ * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c
+ * - blk_errors[] in block/blk-core.c
+ */
+ case EBADE:
+ /* DID_NEXUS_FAILURE -> BLK_STS_NEXUS. */
+ scsi_req_complete(&r->req, RESERVATION_CONFLICT);
+ break;
+ case ENODATA:
+ /* DID_MEDIUM_ERROR -> BLK_STS_MEDIUM. */
+ scsi_check_condition(r, SENSE_CODE(READ_ERROR));
+ break;
+ case EREMOTEIO:
+ /* DID_TARGET_FAILURE -> BLK_STS_TARGET. */
+ scsi_req_complete(&r->req, HARDWARE_ERROR);
+ break;
+#endif
+ case ENOMEDIUM:
+ scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+ break;
+ case ENOMEM:
+ scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
+ break;
+ case EINVAL:
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ break;
+ case ENOSPC:
+ scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
+ break;
+ default:
+ scsi_check_condition(r, SENSE_CODE(IO_ERROR));
+ break;
+ }
+ }
+
+ blk_error_action(s->qdev.conf.blk, action, is_read, error);
+ if (action == BLOCK_ERROR_ACTION_IGNORE) {
+ scsi_req_complete(&r->req, 0);
+ return true;
+ }
+
+ if (action == BLOCK_ERROR_ACTION_STOP) {
+ scsi_req_retry(&r->req);
+ }
+ return true;
+}
+
static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
{
if (r->req.io_canceled) {
@@ -427,89 +508,6 @@ static void scsi_read_data(SCSIRequest *req)
}
}
-/*
- * scsi_handle_rw_error has two return values. False means that the error
- * must be ignored, true means that the error has been processed and the
- * caller should not do anything else for this request. Note that
- * scsi_handle_rw_error always manages its reference counts, independent
- * of the return value.
- */
-static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
-{
- bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
- SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
- BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
- is_read, error);
-
- if (action == BLOCK_ERROR_ACTION_REPORT) {
- if (acct_failed) {
- block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
- }
- switch (error) {
- case 0:
- /* A passthrough command has run and has produced sense data; check
- * whether the error has to be handled by the guest or should rather
- * pause the host.
- */
- assert(r->status && *r->status);
- if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
- /* These errors are handled by guest. */
- sdc->update_sense(&r->req);
- scsi_req_complete(&r->req, *r->status);
- return true;
- }
- error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
- break;
-#ifdef CONFIG_LINUX
- /* These errno mapping are specific to Linux. For more information:
- * - scsi_decide_disposition in drivers/scsi/scsi_error.c
- * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c
- * - blk_errors[] in block/blk-core.c
- */
- case EBADE:
- /* DID_NEXUS_FAILURE -> BLK_STS_NEXUS. */
- scsi_req_complete(&r->req, RESERVATION_CONFLICT);
- break;
- case ENODATA:
- /* DID_MEDIUM_ERROR -> BLK_STS_MEDIUM. */
- scsi_check_condition(r, SENSE_CODE(READ_ERROR));
- break;
- case EREMOTEIO:
- /* DID_TARGET_FAILURE -> BLK_STS_TARGET. */
- scsi_req_complete(&r->req, HARDWARE_ERROR);
- break;
-#endif
- case ENOMEDIUM:
- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
- break;
- case ENOMEM:
- scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
- break;
- case EINVAL:
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- break;
- case ENOSPC:
- scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
- break;
- default:
- scsi_check_condition(r, SENSE_CODE(IO_ERROR));
- break;
- }
- }
-
- blk_error_action(s->qdev.conf.blk, action, is_read, error);
- if (action == BLOCK_ERROR_ACTION_IGNORE) {
- scsi_req_complete(&r->req, 0);
- return true;
- }
-
- if (action == BLOCK_ERROR_ACTION_STOP) {
- scsi_req_retry(&r->req);
- }
- return true;
-}
-
static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
{
uint32_t n;
--
2.27.0

View File

@ -0,0 +1,106 @@
From 620d646367a38ff9908de811e1f0a24a3f105529 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 8 Mar 2021 10:49:01 -0500
Subject: [PATCH 04/15] scsi-disk: pass SCSI status to scsi_handle_rw_error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20210308104902.149906-5-pbonzini@redhat.com>
Patchwork-id: 101310
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 4/5] scsi-disk: pass SCSI status to scsi_handle_rw_error
Bugzilla: 1927530
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Instead of fishing it from *r->status, just pass the SCSI status
as a positive value of the second parameter and an errno as a
negative value.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f63c68bc0f514694a958b2e84a204b7792d28b17)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/scsi/scsi-disk.c | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 7393f33ee2..c545f0b674 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -186,34 +186,48 @@ static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
* scsi_handle_rw_error always manages its reference counts, independent
* of the return value.
*/
-static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
+static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
{
bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
- BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
- is_read, error);
- SCSISense sense;
+ SCSISense sense = SENSE_CODE(NO_SENSE);
+ int error = 0;
+ bool req_has_sense = false;
+ BlockErrorAction action;
+ int status;
+ if (ret < 0) {
+ status = scsi_sense_from_errno(-ret, &sense);
+ error = -ret;
+ } else {
+ /* A passthrough command has completed with nonzero status. */
+ status = ret;
+ if (status == CHECK_CONDITION) {
+ req_has_sense = true;
+ error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
+ } else {
+ error = EINVAL;
+ }
+ }
+
+ action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
if (action == BLOCK_ERROR_ACTION_REPORT) {
if (acct_failed) {
block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
}
- if (error == 0) {
+ if (req_has_sense) {
/* A passthrough command has run and has produced sense data; check
* whether the error has to be handled by the guest or should rather
* pause the host.
*/
- assert(r->status && *r->status);
if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
/* These errors are handled by guest. */
sdc->update_sense(&r->req);
- scsi_req_complete(&r->req, *r->status);
+ scsi_req_complete(&r->req, status);
return true;
}
- error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
} else {
- int status = scsi_sense_from_errno(error, &sense);
if (status == CHECK_CONDITION) {
scsi_req_build_sense(&r->req, sense);
}
@@ -239,8 +253,10 @@ static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
return true;
}
- if (ret < 0 || (r->status && *r->status)) {
- return scsi_handle_rw_error(r, -ret, acct_failed);
+ if (ret < 0) {
+ return scsi_handle_rw_error(r, ret, acct_failed);
+ } else if (r->status && *r->status) {
+ return scsi_handle_rw_error(r, *r->status, acct_failed);
}
return false;
--
2.27.0

View File

@ -0,0 +1,106 @@
From 9cf10f41fc8a89cd80f27e3b2674dec7eead60d4 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 8 Mar 2021 10:49:02 -0500
Subject: [PATCH 05/15] scsi-disk: pass guest recoverable errors through even
for rerror=stop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20210308104902.149906-6-pbonzini@redhat.com>
Patchwork-id: 101311
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 5/5] scsi-disk: pass guest recoverable errors through even for rerror=stop
Bugzilla: 1927530
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Right now, recoverable sense values are only passed directly to the
guest only for rerror=report. However, when rerror/werror are 'stop'
we still don't want the host to be involved on every UNIT ATTENTION
(especially considered that the QMP event will not have enough information
to act on the report).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 782a78c9e994c2be23467262f50e885a0eb0d9fc)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/scsi/scsi-disk.c | 51 +++++++++++++++++++++++++--------------------
1 file changed, 28 insertions(+), 23 deletions(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index c545f0b674..f2abbf0d87 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -211,39 +211,44 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
}
}
- action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
- if (action == BLOCK_ERROR_ACTION_REPORT) {
+ /*
+ * Check whether the error has to be handled by the guest or should
+ * rather follow the rerror=/werror= settings. Guest-handled errors
+ * are usually retried immediately, so do not post them to QMP and
+ * do not account them as failed I/O.
+ */
+ if (req_has_sense &&
+ scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
+ action = BLOCK_ERROR_ACTION_REPORT;
+ acct_failed = false;
+ } else {
+ action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
+ blk_error_action(s->qdev.conf.blk, action, is_read, error);
+ }
+
+ switch (action) {
+ case BLOCK_ERROR_ACTION_REPORT:
if (acct_failed) {
block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
}
if (req_has_sense) {
- /* A passthrough command has run and has produced sense data; check
- * whether the error has to be handled by the guest or should rather
- * pause the host.
- */
- if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
- /* These errors are handled by guest. */
- sdc->update_sense(&r->req);
- scsi_req_complete(&r->req, status);
- return true;
- }
- } else {
- if (status == CHECK_CONDITION) {
- scsi_req_build_sense(&r->req, sense);
- }
- scsi_req_complete(&r->req, status);
+ sdc->update_sense(&r->req);
+ } else if (status == CHECK_CONDITION) {
+ scsi_req_build_sense(&r->req, sense);
}
- }
+ scsi_req_complete(&r->req, status);
+ return true;
- blk_error_action(s->qdev.conf.blk, action, is_read, error);
- if (action == BLOCK_ERROR_ACTION_IGNORE) {
+ case BLOCK_ERROR_ACTION_IGNORE:
return false;
- }
- if (action == BLOCK_ERROR_ACTION_STOP) {
+ case BLOCK_ERROR_ACTION_STOP:
scsi_req_retry(&r->req);
+ return true;
+
+ default:
+ g_assert_not_reached();
}
- return true;
}
static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
--
2.27.0

View File

@ -0,0 +1,181 @@
From 38a29a168f4b377eb6381469af16887e12ebfa3d Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 8 Mar 2021 10:49:00 -0500
Subject: [PATCH 03/15] scsi: introduce scsi_sense_from_errno()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20210308104902.149906-4-pbonzini@redhat.com>
Patchwork-id: 101308
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 3/5] scsi: introduce scsi_sense_from_errno()
Bugzilla: 1927530
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
The new function is an extension of the switch statement in scsi-disk.c
which also includes the errno cases only found in sg_io_sense_from_errno.
This allows us to consolidate the errno handling.
Extracted from a patch by Hannes Reinecke <hare@suse.de>.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d7a84021db8eeddcd5d24ab591a1434763caff6c)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/scsi/scsi-disk.c | 45 +++++++-------------------------------
include/scsi/utils.h | 2 ++
scsi/utils.c | 51 +++++++++++++++++++++++++++++++++++---------
3 files changed, 51 insertions(+), 47 deletions(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e8de15f549..7393f33ee2 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -193,13 +193,13 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
is_read, error);
+ SCSISense sense;
if (action == BLOCK_ERROR_ACTION_REPORT) {
if (acct_failed) {
block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
}
- switch (error) {
- case 0:
+ if (error == 0) {
/* A passthrough command has run and has produced sense data; check
* whether the error has to be handled by the guest or should rather
* pause the host.
@@ -212,41 +212,12 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
return true;
}
error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
- break;
-#ifdef CONFIG_LINUX
- /* These errno mapping are specific to Linux. For more information:
- * - scsi_decide_disposition in drivers/scsi/scsi_error.c
- * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c
- * - blk_errors[] in block/blk-core.c
- */
- case EBADE:
- /* DID_NEXUS_FAILURE -> BLK_STS_NEXUS. */
- scsi_req_complete(&r->req, RESERVATION_CONFLICT);
- break;
- case ENODATA:
- /* DID_MEDIUM_ERROR -> BLK_STS_MEDIUM. */
- scsi_check_condition(r, SENSE_CODE(READ_ERROR));
- break;
- case EREMOTEIO:
- /* DID_TARGET_FAILURE -> BLK_STS_TARGET. */
- scsi_req_complete(&r->req, HARDWARE_ERROR);
- break;
-#endif
- case ENOMEDIUM:
- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
- break;
- case ENOMEM:
- scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
- break;
- case EINVAL:
- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
- break;
- case ENOSPC:
- scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
- break;
- default:
- scsi_check_condition(r, SENSE_CODE(IO_ERROR));
- break;
+ } else {
+ int status = scsi_sense_from_errno(error, &sense);
+ if (status == CHECK_CONDITION) {
+ scsi_req_build_sense(&r->req, sense);
+ }
+ scsi_req_complete(&r->req, status);
}
}
diff --git a/include/scsi/utils.h b/include/scsi/utils.h
index fbc5588279..878434a8f5 100644
--- a/include/scsi/utils.h
+++ b/include/scsi/utils.h
@@ -133,4 +133,6 @@ int sg_io_sense_from_errno(int errno_value, struct sg_io_hdr *io_hdr,
SCSISense *sense);
#endif
+int scsi_sense_from_errno(int errno_value, SCSISense *sense);
+
#endif
diff --git a/scsi/utils.c b/scsi/utils.c
index b37c283014..c93458b80e 100644
--- a/scsi/utils.c
+++ b/scsi/utils.c
@@ -560,21 +560,52 @@ const char *scsi_command_name(uint8_t cmd)
return names[cmd];
}
+int scsi_sense_from_errno(int errno_value, SCSISense *sense)
+{
+ switch (errno_value) {
+ case 0:
+ return GOOD;
+ case EDOM:
+ return TASK_SET_FULL;
+#ifdef CONFIG_LINUX
+ /* These errno mapping are specific to Linux. For more information:
+ * - scsi_decide_disposition in drivers/scsi/scsi_error.c
+ * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c
+ * - blk_errors[] in block/blk-core.c
+ */
+ case EBADE:
+ return RESERVATION_CONFLICT;
+ case ENODATA:
+ *sense = SENSE_CODE(READ_ERROR);
+ return CHECK_CONDITION;
+ case EREMOTEIO:
+ *sense = SENSE_CODE(LUN_COMM_FAILURE);
+ return CHECK_CONDITION;
+#endif
+ case ENOMEDIUM:
+ *sense = SENSE_CODE(NO_MEDIUM);
+ return CHECK_CONDITION;
+ case ENOMEM:
+ *sense = SENSE_CODE(TARGET_FAILURE);
+ return CHECK_CONDITION;
+ case EINVAL:
+ *sense = SENSE_CODE(INVALID_FIELD);
+ return CHECK_CONDITION;
+ case ENOSPC:
+ *sense = SENSE_CODE(SPACE_ALLOC_FAILED);
+ return CHECK_CONDITION;
+ default:
+ *sense = SENSE_CODE(IO_ERROR);
+ return CHECK_CONDITION;
+ }
+}
+
#ifdef CONFIG_LINUX
int sg_io_sense_from_errno(int errno_value, struct sg_io_hdr *io_hdr,
SCSISense *sense)
{
if (errno_value != 0) {
- switch (errno_value) {
- case EDOM:
- return TASK_SET_FULL;
- case ENOMEM:
- *sense = SENSE_CODE(TARGET_FAILURE);
- return CHECK_CONDITION;
- default:
- *sense = SENSE_CODE(IO_ERROR);
- return CHECK_CONDITION;
- }
+ return scsi_sense_from_errno(errno_value, sense);
} else {
if (io_hdr->host_status == SG_ERR_DID_NO_CONNECT ||
io_hdr->host_status == SG_ERR_DID_BUS_BUSY ||
--
2.27.0

View File

@ -0,0 +1,68 @@
From f6ad6b772dce72042afbe8779cd9c52d5e352418 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 15 Mar 2021 18:16:24 -0400
Subject: [PATCH 08/15] vhost-user-blk: fix blkcfg->num_queues endianness
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20210315181629.212884-2-stefanha@redhat.com>
Patchwork-id: 101338
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/6] vhost-user-blk: fix blkcfg->num_queues endianness
Bugzilla: 1937004
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
Treat the num_queues field as virtio-endian. On big-endian hosts the
vhost-user-blk num_queues field was in the wrong endianness.
Move the blkcfg.num_queues store operation from realize to
vhost_user_blk_update_config() so feature negotiation has finished and
we know the endianness of the device. VIRTIO 1.0 devices are
little-endian, but in case someone wants to use legacy VIRTIO we support
all endianness cases.
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20210223144653.811468-2-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 535255b43898d2e96744057eb86f8497d4d7a461)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/block/vhost-user-blk.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 2dd3d93ca0..d9d9dc8a89 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -53,6 +53,9 @@ static void vhost_user_blk_update_config(VirtIODevice *vdev, uint8_t *config)
{
VHostUserBlk *s = VHOST_USER_BLK(vdev);
+ /* Our num_queues overrides the device backend */
+ virtio_stw_p(vdev, &s->blkcfg.num_queues, s->num_queues);
+
memcpy(config, &s->blkcfg, sizeof(struct virtio_blk_config));
}
@@ -490,10 +493,6 @@ reconnect:
goto reconnect;
}
- if (s->blkcfg.num_queues != s->num_queues) {
- s->blkcfg.num_queues = s->num_queues;
- }
-
return;
virtio_err:
--
2.27.0

View File

@ -53,6 +53,12 @@
#Versions of various parts:
%global requires_all_modules \
%if %{have_spice} \
Requires: %{name}-ui-spice = %{epoch}:%{version}-%{release} \
%endif \
%if %{have_opengl} \
Requires: %{name}-ui-opengl = %{epoch}:%{version}-%{release} \
%endif \
Requires: %{name}-block-curl = %{epoch}:%{version}-%{release} \
%if %{have_gluster} \
Requires: %{name}-block-gluster = %{epoch}:%{version}-%{release} \
@ -64,7 +70,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 5.2.0
Release: 11%{?dist}
Release: 14%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 15
License: GPLv2 and GPLv2+ and CC-BY
@ -292,6 +298,32 @@ Patch126: kvm-qxl-also-notify-the-rendering-is-done-when-skipping-.patch
Patch127: kvm-virtiofsd-Save-error-code-early-at-the-failure-calls.patch
# For bz#1935071 - CVE-2021-20263 virt:8.4/qemu-kvm: QEMU: virtiofsd: 'security.capabilities' is not dropped with xattrmap option [rhel-av-8]
Patch128: kvm-virtiofs-drop-remapped-security.capability-xattr-as-.patch
# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning
Patch129: kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch
# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning
Patch130: kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch
# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning
Patch131: kvm-scsi-introduce-scsi_sense_from_errno.patch
# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning
Patch132: kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch
# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning
Patch133: kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch
# For bz#1936948 - CVE-2021-20221 virt:av/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-av-8.4.0]
Patch134: kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch
# For bz#1934158 - Windows guest looses network connectivity when NIC was configured with static IP
Patch135: kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch
# For bz#1937004 - vhost-user-blk server endianness and input validation fixes
Patch136: kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch
# For bz#1937004 - vhost-user-blk server endianness and input validation fixes
Patch137: kvm-block-export-fix-blk_size-double-byteswap.patch
# For bz#1937004 - vhost-user-blk server endianness and input validation fixes
Patch138: kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch
# For bz#1937004 - vhost-user-blk server endianness and input validation fixes
Patch139: kvm-block-export-fix-vhost-user-blk-export-sector-number.patch
# For bz#1937004 - vhost-user-blk server endianness and input validation fixes
Patch140: kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch
# For bz#1937004 - vhost-user-blk server endianness and input validation fixes
Patch141: kvm-block-export-port-virtio-blk-read-write-range-check.patch
BuildRequires: wget
BuildRequires: rpm-build
@ -397,9 +429,6 @@ BuildRequires: binutils >= 2.27-16
BuildRequires: pkgconfig(epoxy)
BuildRequires: pkgconfig(libdrm)
BuildRequires: pkgconfig(gbm)
Requires: mesa-libGL
Requires: mesa-libEGL
Requires: mesa-dri-drivers
%endif
BuildRequires: perl-Test-Harness
@ -585,6 +614,32 @@ Install this package if you want to access remote disks using
the Secure Shell (SSH) protocol.
%if %{have_spice}
%package ui-spice
Summary: QEMU spice support
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
%if %{have_opengl}
Requires: %{name}-ui-opengl%{?_isa} = %{epoch}:%{version}-%{release}
%endif
%description ui-spice
This package provides spice support.
%endif
%if %{have_opengl}
%package ui-opengl
Summary: QEMU opengl support
Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
Requires: mesa-libGL
Requires: mesa-libEGL
Requires: mesa-dri-drivers
%description ui-opengl
This package provides opengl support.
%endif
%prep
%setup -n qemu-%{version}%{?rcversion}
# Remove slirp content in scratchbuilds because it's being applyed as a patch
@ -1361,7 +1416,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%{_datadir}/%{name}/kvmvapic.bin
%{_datadir}/%{name}/sgabios.bin
%{_datadir}/%{name}/pvh.bin
%{_libdir}/qemu-kvm/ui-egl-headless.so
%endif
%ifarch s390x
%{_datadir}/%{name}/s390-ccw.img
@ -1411,22 +1465,10 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%if %{have_usbredir}
%{_libdir}/qemu-kvm/hw-usb-redirect.so
%endif
%if 0%{have_spice}
%{_libdir}/qemu-kvm/hw-usb-smartcard.so
%{_libdir}/qemu-kvm/audio-spice.so
%{_libdir}/qemu-kvm/ui-spice-core.so
%{_libdir}/qemu-kvm/chardev-spice.so
%endif
%ifarch x86_64
%{_libdir}/qemu-kvm/hw-display-qxl.so
%endif
%{_libdir}/qemu-kvm/hw-display-virtio-gpu.so
%ifnarch s390x
%{_libdir}/qemu-kvm/hw-display-virtio-gpu-pci.so
%endif
%if 0%{have_opengl}
%{_libdir}/qemu-kvm/ui-opengl.so
%endif
%files -n qemu-kiwi
%defattr(-,root,root)
@ -1479,9 +1521,57 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%files block-ssh
%{_libdir}/qemu-kvm/block-ssh.so
%if 0%{have_spice}
%files ui-spice
%{_libdir}/qemu-kvm/hw-usb-smartcard.so
%{_libdir}/qemu-kvm/audio-spice.so
%{_libdir}/qemu-kvm/ui-spice-core.so
%{_libdir}/qemu-kvm/chardev-spice.so
%ifarch x86_64
%{_libdir}/qemu-kvm/hw-display-qxl.so
%endif
%endif
%if 0%{have_opengl}
%files ui-opengl
%{_libdir}/qemu-kvm/ui-egl-headless.so
%{_libdir}/qemu-kvm/ui-opengl.so
%endif
%changelog
* Mon Mar 15 2021 Miroslav Rezanina <mrezanin@redhat.com> - 5.2.0-11.el9
* Sat Mar 20 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-14.el8
- kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch [bz#1937004]
- kvm-block-export-fix-blk_size-double-byteswap.patch [bz#1937004]
- kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch [bz#1937004]
- kvm-block-export-fix-vhost-user-blk-export-sector-number.patch [bz#1937004]
- kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch [bz#1937004]
- kvm-block-export-port-virtio-blk-read-write-range-check.patch [bz#1937004]
- kvm-spec-ui-spice-sub-package.patch [bz#1936373]
- kvm-spec-ui-opengl-sub-package.patch [bz#1936373]
- Resolves: bz#1937004
(vhost-user-blk server endianness and input validation fixes)
- Resolves: bz#1936373
(move spice & opengl modules to rpm subpackages)
* Tue Mar 16 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-13.el8
- kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch [bz#1934158]
- Resolves: bz#1934158
(Windows guest looses network connectivity when NIC was configured with static IP)
* Mon Mar 15 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-12.el8
- kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch [bz#1927530]
- kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch [bz#1927530]
- kvm-scsi-introduce-scsi_sense_from_errno.patch [bz#1927530]
- kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch [bz#1927530]
- kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch [bz#1927530]
- kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch [bz#1936948]
- Resolves: bz#1927530
(RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning)
- Resolves: bz#1936948
(CVE-2021-20221 virt:av/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-av-8.4.0])
* Mon Mar 08 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-11.el8
- kvm-qxl-set-qxl.ssd.dcl.con-on-secondary-devices.patch [bz#1932190]
- kvm-qxl-also-notify-the-rendering-is-done-when-skipping-.patch [bz#1932190]
- kvm-virtiofsd-Save-error-code-early-at-the-failure-calls.patch [bz#1935071]