diff --git a/kvm-block-export-fix-blk_size-double-byteswap.patch b/kvm-block-export-fix-blk_size-double-byteswap.patch new file mode 100644 index 0000000..c93ab98 --- /dev/null +++ b/kvm-block-export-fix-blk_size-double-byteswap.patch @@ -0,0 +1,44 @@ +From 29c5b94ae259f21b792a611096c60b240e0c0983 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 15 Mar 2021 18:16:25 -0400 +Subject: [PATCH 09/15] block/export: fix blk_size double byteswap + +RH-Author: Stefan Hajnoczi +Message-id: <20210315181629.212884-3-stefanha@redhat.com> +Patchwork-id: 101340 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/6] block/export: fix blk_size double byteswap +Bugzilla: 1937004 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Kevin Wolf +RH-Acked-by: Max Reitz + +The config->blk_size field is little-endian. Use the native-endian +blk_size variable to avoid double byteswapping. + +Fixes: 11f60f7eaee2630dd6fa0c3a8c49f792e46c4cf1 ("block/export: make vhost-user-blk config space little-endian") +Signed-off-by: Stefan Hajnoczi +Message-Id: <20210223144653.811468-8-stefanha@redhat.com> +Signed-off-by: Kevin Wolf +(cherry picked from commit a4f1542af58fd6ab061e594d4e161f1c8b4a4372) +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Danilo C. L. de Paula +--- + block/export/vhost-user-blk-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c +index 62672d1cb9..3003cff189 100644 +--- a/block/export/vhost-user-blk-server.c ++++ b/block/export/vhost-user-blk-server.c +@@ -354,7 +354,7 @@ vu_blk_initialize_config(BlockDriverState *bs, + config->num_queues = cpu_to_le16(num_queues); + config->max_discard_sectors = cpu_to_le32(32768); + config->max_discard_seg = cpu_to_le32(1); +- config->discard_sector_alignment = cpu_to_le32(config->blk_size >> 9); ++ config->discard_sector_alignment = cpu_to_le32(blk_size >> 9); + config->max_write_zeroes_sectors = cpu_to_le32(32768); + config->max_write_zeroes_seg = cpu_to_le32(1); + } +-- +2.27.0 + diff --git a/kvm-block-export-fix-vhost-user-blk-export-sector-number.patch b/kvm-block-export-fix-vhost-user-blk-export-sector-number.patch new file mode 100644 index 0000000..dee1102 --- /dev/null +++ b/kvm-block-export-fix-vhost-user-blk-export-sector-number.patch @@ -0,0 +1,53 @@ +From e158a830fa229937fcb2ef755b50695abd64533a Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 15 Mar 2021 18:16:27 -0400 +Subject: [PATCH 11/15] block/export: fix vhost-user-blk export sector number + calculation + +RH-Author: Stefan Hajnoczi +Message-id: <20210315181629.212884-5-stefanha@redhat.com> +Patchwork-id: 101341 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 4/6] block/export: fix vhost-user-blk export sector number calculation +Bugzilla: 1937004 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Kevin Wolf +RH-Acked-by: Max Reitz + +The driver is supposed to honor the blk_size field but the protocol +still uses 512-byte sector numbers. It is incorrect to multiply +req->sector_num by blk_size. + +VIRTIO 1.1 5.2.5 Device Initialization says: + + blk_size can be read to determine the optimal sector size for the + driver to use. This does not affect the units used in the protocol + (always 512 bytes), but awareness of the correct value can affect + performance. + +Fixes: 3578389bcf76c824a5d82e6586a6f0c71e56f2aa ("block/export: vhost-user block device backend server") +Signed-off-by: Stefan Hajnoczi +Message-Id: <20210223144653.811468-10-stefanha@redhat.com> +Signed-off-by: Kevin Wolf +(cherry picked from commit e44362ce317bcc46d409ed6c4a5ed2b46804bcbf) +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Danilo C. L. de Paula +--- + block/export/vhost-user-blk-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c +index feb139e067..bb07f499c8 100644 +--- a/block/export/vhost-user-blk-server.c ++++ b/block/export/vhost-user-blk-server.c +@@ -144,7 +144,7 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque) + break; + } + +- int64_t offset = req->sector_num * vexp->blk_size; ++ int64_t offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS; + QEMUIOVector qiov; + if (is_write) { + qemu_iovec_init_external(&qiov, out_iov, out_num); +-- +2.27.0 + diff --git a/kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch b/kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch new file mode 100644 index 0000000..7af3e89 --- /dev/null +++ b/kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch @@ -0,0 +1,199 @@ +From 400ddccbcd8ddc13c85dbb7796b15fe9d6a01c1f Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 15 Mar 2021 18:16:28 -0400 +Subject: [PATCH 12/15] block/export: port virtio-blk discard/write zeroes + input validation + +RH-Author: Stefan Hajnoczi +Message-id: <20210315181629.212884-6-stefanha@redhat.com> +Patchwork-id: 101342 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 5/6] block/export: port virtio-blk discard/write zeroes input validation +Bugzilla: 1937004 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Kevin Wolf +RH-Acked-by: Max Reitz + +Validate discard/write zeroes the same way we do for virtio-blk. Some of +these checks are mandated by the VIRTIO specification, others are +internal to QEMU. + +Signed-off-by: Stefan Hajnoczi +Message-Id: <20210223144653.811468-11-stefanha@redhat.com> +Signed-off-by: Kevin Wolf +(cherry picked from commit db4eadf9f10e19f864d70d1df3a90fbda31b8c06) +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Danilo C. L. de Paula +--- + block/export/vhost-user-blk-server.c | 116 +++++++++++++++++++++------ + 1 file changed, 93 insertions(+), 23 deletions(-) + +diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c +index bb07f499c8..937bb5e9b4 100644 +--- a/block/export/vhost-user-blk-server.c ++++ b/block/export/vhost-user-blk-server.c +@@ -29,6 +29,8 @@ + + enum { + VHOST_USER_BLK_NUM_QUEUES_DEFAULT = 1, ++ VHOST_USER_BLK_MAX_DISCARD_SECTORS = 32768, ++ VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS = 32768, + }; + struct virtio_blk_inhdr { + unsigned char status; +@@ -65,30 +67,102 @@ static void vu_blk_req_complete(VuBlkReq *req) + free(req); + } + ++static bool vu_blk_sect_range_ok(VuBlkExport *vexp, uint64_t sector, ++ size_t size) ++{ ++ uint64_t nb_sectors = size >> BDRV_SECTOR_BITS; ++ uint64_t total_sectors; ++ ++ if (nb_sectors > BDRV_REQUEST_MAX_SECTORS) { ++ return false; ++ } ++ if ((sector << VIRTIO_BLK_SECTOR_BITS) % vexp->blk_size) { ++ return false; ++ } ++ blk_get_geometry(vexp->export.blk, &total_sectors); ++ if (sector > total_sectors || nb_sectors > total_sectors - sector) { ++ return false; ++ } ++ return true; ++} ++ + static int coroutine_fn +-vu_blk_discard_write_zeroes(BlockBackend *blk, struct iovec *iov, ++vu_blk_discard_write_zeroes(VuBlkExport *vexp, struct iovec *iov, + uint32_t iovcnt, uint32_t type) + { ++ BlockBackend *blk = vexp->export.blk; + struct virtio_blk_discard_write_zeroes desc; +- ssize_t size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc)); ++ ssize_t size; ++ uint64_t sector; ++ uint32_t num_sectors; ++ uint32_t max_sectors; ++ uint32_t flags; ++ int bytes; ++ ++ /* Only one desc is currently supported */ ++ if (unlikely(iov_size(iov, iovcnt) > sizeof(desc))) { ++ return VIRTIO_BLK_S_UNSUPP; ++ } ++ ++ size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc)); + if (unlikely(size != sizeof(desc))) { +- error_report("Invalid size %zd, expect %zu", size, sizeof(desc)); +- return -EINVAL; ++ error_report("Invalid size %zd, expected %zu", size, sizeof(desc)); ++ return VIRTIO_BLK_S_IOERR; + } + +- uint64_t range[2] = { le64_to_cpu(desc.sector) << 9, +- le32_to_cpu(desc.num_sectors) << 9 }; +- if (type == VIRTIO_BLK_T_DISCARD) { +- if (blk_co_pdiscard(blk, range[0], range[1]) == 0) { +- return 0; ++ sector = le64_to_cpu(desc.sector); ++ num_sectors = le32_to_cpu(desc.num_sectors); ++ flags = le32_to_cpu(desc.flags); ++ max_sectors = (type == VIRTIO_BLK_T_WRITE_ZEROES) ? ++ VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS : ++ VHOST_USER_BLK_MAX_DISCARD_SECTORS; ++ ++ /* This check ensures that 'bytes' fits in an int */ ++ if (unlikely(num_sectors > max_sectors)) { ++ return VIRTIO_BLK_S_IOERR; ++ } ++ ++ bytes = num_sectors << VIRTIO_BLK_SECTOR_BITS; ++ ++ if (unlikely(!vu_blk_sect_range_ok(vexp, sector, bytes))) { ++ return VIRTIO_BLK_S_IOERR; ++ } ++ ++ /* ++ * The device MUST set the status byte to VIRTIO_BLK_S_UNSUPP for discard ++ * and write zeroes commands if any unknown flag is set. ++ */ ++ if (unlikely(flags & ~VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP)) { ++ return VIRTIO_BLK_S_UNSUPP; ++ } ++ ++ if (type == VIRTIO_BLK_T_WRITE_ZEROES) { ++ int blk_flags = 0; ++ ++ if (flags & VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP) { ++ blk_flags |= BDRV_REQ_MAY_UNMAP; ++ } ++ ++ if (blk_co_pwrite_zeroes(blk, sector << VIRTIO_BLK_SECTOR_BITS, ++ bytes, blk_flags) == 0) { ++ return VIRTIO_BLK_S_OK; + } +- } else if (type == VIRTIO_BLK_T_WRITE_ZEROES) { +- if (blk_co_pwrite_zeroes(blk, range[0], range[1], 0) == 0) { +- return 0; ++ } else if (type == VIRTIO_BLK_T_DISCARD) { ++ /* ++ * The device MUST set the status byte to VIRTIO_BLK_S_UNSUPP for ++ * discard commands if the unmap flag is set. ++ */ ++ if (unlikely(flags & VIRTIO_BLK_WRITE_ZEROES_FLAG_UNMAP)) { ++ return VIRTIO_BLK_S_UNSUPP; ++ } ++ ++ if (blk_co_pdiscard(blk, sector << VIRTIO_BLK_SECTOR_BITS, ++ bytes) == 0) { ++ return VIRTIO_BLK_S_OK; + } + } + +- return -EINVAL; ++ return VIRTIO_BLK_S_IOERR; + } + + static void coroutine_fn vu_blk_virtio_process_req(void *opaque) +@@ -177,19 +251,13 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque) + } + case VIRTIO_BLK_T_DISCARD: + case VIRTIO_BLK_T_WRITE_ZEROES: { +- int rc; +- + if (!vexp->writable) { + req->in->status = VIRTIO_BLK_S_IOERR; + break; + } + +- rc = vu_blk_discard_write_zeroes(blk, &elem->out_sg[1], out_num, type); +- if (rc == 0) { +- req->in->status = VIRTIO_BLK_S_OK; +- } else { +- req->in->status = VIRTIO_BLK_S_IOERR; +- } ++ req->in->status = vu_blk_discard_write_zeroes(vexp, out_iov, out_num, ++ type); + break; + } + default: +@@ -360,11 +428,13 @@ vu_blk_initialize_config(BlockDriverState *bs, + config->min_io_size = cpu_to_le16(1); + config->opt_io_size = cpu_to_le32(1); + config->num_queues = cpu_to_le16(num_queues); +- config->max_discard_sectors = cpu_to_le32(32768); ++ config->max_discard_sectors = ++ cpu_to_le32(VHOST_USER_BLK_MAX_DISCARD_SECTORS); + config->max_discard_seg = cpu_to_le32(1); + config->discard_sector_alignment = + cpu_to_le32(blk_size >> VIRTIO_BLK_SECTOR_BITS); +- config->max_write_zeroes_sectors = cpu_to_le32(32768); ++ config->max_write_zeroes_sectors ++ = cpu_to_le32(VHOST_USER_BLK_MAX_WRITE_ZEROES_SECTORS); + config->max_write_zeroes_seg = cpu_to_le32(1); + } + +-- +2.27.0 + diff --git a/kvm-block-export-port-virtio-blk-read-write-range-check.patch b/kvm-block-export-port-virtio-blk-read-write-range-check.patch new file mode 100644 index 0000000..f35ef1f --- /dev/null +++ b/kvm-block-export-port-virtio-blk-read-write-range-check.patch @@ -0,0 +1,70 @@ +From 03aeb30096eb0d48e0b493ed4925b99b0e27979e Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 15 Mar 2021 18:16:29 -0400 +Subject: [PATCH 13/15] block/export: port virtio-blk read/write range check + +RH-Author: Stefan Hajnoczi +Message-id: <20210315181629.212884-7-stefanha@redhat.com> +Patchwork-id: 101343 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 6/6] block/export: port virtio-blk read/write range check +Bugzilla: 1937004 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Kevin Wolf +RH-Acked-by: Max Reitz + +Check that the sector number and byte count are valid. + +Signed-off-by: Stefan Hajnoczi +Message-Id: <20210223144653.811468-13-stefanha@redhat.com> +Signed-off-by: Kevin Wolf +(cherry picked from commit 05ae4e674e3d47342a7660ae7bc55b393e09f4c7) +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Danilo C. L. de Paula +--- + block/export/vhost-user-blk-server.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c +index 937bb5e9b4..dbe3cfb9e8 100644 +--- a/block/export/vhost-user-blk-server.c ++++ b/block/export/vhost-user-blk-server.c +@@ -209,6 +209,8 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque) + switch (type & ~VIRTIO_BLK_T_BARRIER) { + case VIRTIO_BLK_T_IN: + case VIRTIO_BLK_T_OUT: { ++ QEMUIOVector qiov; ++ int64_t offset; + ssize_t ret = 0; + bool is_write = type & VIRTIO_BLK_T_OUT; + req->sector_num = le64_to_cpu(req->out.sector); +@@ -218,13 +220,24 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque) + break; + } + +- int64_t offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS; +- QEMUIOVector qiov; + if (is_write) { + qemu_iovec_init_external(&qiov, out_iov, out_num); +- ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0); + } else { + qemu_iovec_init_external(&qiov, in_iov, in_num); ++ } ++ ++ if (unlikely(!vu_blk_sect_range_ok(vexp, ++ req->sector_num, ++ qiov.size))) { ++ req->in->status = VIRTIO_BLK_S_IOERR; ++ break; ++ } ++ ++ offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS; ++ ++ if (is_write) { ++ ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0); ++ } else { + ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0); + } + if (ret >= 0) { +-- +2.27.0 + diff --git a/kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch b/kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch new file mode 100644 index 0000000..45b022f --- /dev/null +++ b/kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch @@ -0,0 +1,84 @@ +From 38097598172fa6b5b66224ee3a17dcc7d8ff6488 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 15 Mar 2021 18:16:26 -0400 +Subject: [PATCH 10/15] block/export: use VIRTIO_BLK_SECTOR_BITS + +RH-Author: Stefan Hajnoczi +Message-id: <20210315181629.212884-4-stefanha@redhat.com> +Patchwork-id: 101339 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 3/6] block/export: use VIRTIO_BLK_SECTOR_BITS +Bugzilla: 1937004 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Kevin Wolf +RH-Acked-by: Max Reitz + +Use VIRTIO_BLK_SECTOR_BITS and VIRTIO_BLK_SECTOR_SIZE when dealing with +virtio-blk sector numbers. Although the values happen to be the same as +BDRV_SECTOR_BITS and BDRV_SECTOR_SIZE, they are conceptually different. +This makes it clearer when we are dealing with virtio-blk sector units. + +Use VIRTIO_BLK_SECTOR_BITS in vu_blk_initialize_config(). Later patches +will use it the new constants the virtqueue request processing code +path. + +Suggested-by: Max Reitz +Signed-off-by: Stefan Hajnoczi +Message-Id: <20210223144653.811468-9-stefanha@redhat.com> +Signed-off-by: Kevin Wolf +(cherry picked from commit 524bac0744e5abf95856fb9e31c01fd2ef102188) +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Danilo C. L. de Paula +--- + block/export/vhost-user-blk-server.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c +index 3003cff189..feb139e067 100644 +--- a/block/export/vhost-user-blk-server.c ++++ b/block/export/vhost-user-blk-server.c +@@ -20,6 +20,13 @@ + #include "sysemu/block-backend.h" + #include "util/block-helpers.h" + ++/* ++ * Sector units are 512 bytes regardless of the ++ * virtio_blk_config->blk_size value. ++ */ ++#define VIRTIO_BLK_SECTOR_BITS 9 ++#define VIRTIO_BLK_SECTOR_SIZE (1ull << VIRTIO_BLK_SECTOR_BITS) ++ + enum { + VHOST_USER_BLK_NUM_QUEUES_DEFAULT = 1, + }; +@@ -345,7 +352,8 @@ vu_blk_initialize_config(BlockDriverState *bs, + uint32_t blk_size, + uint16_t num_queues) + { +- config->capacity = cpu_to_le64(bdrv_getlength(bs) >> BDRV_SECTOR_BITS); ++ config->capacity = ++ cpu_to_le64(bdrv_getlength(bs) >> VIRTIO_BLK_SECTOR_BITS); + config->blk_size = cpu_to_le32(blk_size); + config->size_max = cpu_to_le32(0); + config->seg_max = cpu_to_le32(128 - 2); +@@ -354,7 +362,8 @@ vu_blk_initialize_config(BlockDriverState *bs, + config->num_queues = cpu_to_le16(num_queues); + config->max_discard_sectors = cpu_to_le32(32768); + config->max_discard_seg = cpu_to_le32(1); +- config->discard_sector_alignment = cpu_to_le32(blk_size >> 9); ++ config->discard_sector_alignment = ++ cpu_to_le32(blk_size >> VIRTIO_BLK_SECTOR_BITS); + config->max_write_zeroes_sectors = cpu_to_le32(32768); + config->max_write_zeroes_seg = cpu_to_le32(1); + } +@@ -381,7 +390,7 @@ static int vu_blk_exp_create(BlockExport *exp, BlockExportOptions *opts, + if (vu_opts->has_logical_block_size) { + logical_block_size = vu_opts->logical_block_size; + } else { +- logical_block_size = BDRV_SECTOR_SIZE; ++ logical_block_size = VIRTIO_BLK_SECTOR_SIZE; + } + check_block_size(exp->id, "logical-block-size", logical_block_size, + &local_err); +-- +2.27.0 + diff --git a/kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch b/kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch new file mode 100644 index 0000000..a6227d9 --- /dev/null +++ b/kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch @@ -0,0 +1,80 @@ +From efdd1b8911d5ae5c0eacbc63fd4fe85f0cc4614b Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Sun, 14 Mar 2021 15:54:19 -0400 +Subject: [PATCH 06/15] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +Message-id: <20210314155419.911760-2-jmaloy@redhat.com> +Patchwork-id: 101336 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register +Bugzilla: 1936948 +RH-Acked-by: Auger Eric +RH-Acked-by: Andrew Jones +RH-Acked-by: Philippe Mathieu-Daudé + +From: Philippe Mathieu-Daudé + +Per the ARM Generic Interrupt Controller Architecture specification +(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, +not 10: + + - 4.3 Distributor register descriptions + - 4.3.15 Software Generated Interrupt Register, GICD_SG + + - Table 4-21 GICD_SGIR bit assignments + + The Interrupt ID of the SGI to forward to the specified CPU + interfaces. The value of this field is the Interrupt ID, in + the range 0-15, for example a value of 0b0011 specifies + Interrupt ID 3. + +Correct the irq mask to fix an undefined behavior (which eventually +lead to a heap-buffer-overflow, see [Buglink]): + + $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio + [I 1612088147.116987] OPENED + [R +0.278293] writel 0x8000f00 0xff4affb0 + ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' + SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 + +This fixes a security issue when running with KVM on Arm with +kernel-irqchip=off. (The default is kernel-irqchip=on, which is +unaffected, and which is also the correct choice for performance.) + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2021-20221 +Fixes: 9ee6e8bb853 ("ARMv7 support.") +Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 +Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 +Reported-by: Alexander Bulekov +Signed-off-by: Philippe Mathieu-Daudé +Message-id: 20210131103401.217160-1-f4bug@amsat.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell + +(cherry picked from commit edfe2eb4360cde4ed5d95bda7777edcb3510f76a) +Signed-off-by: Jon Maloy +Signed-off-by: Danilo C. L. de Paula +--- + hw/intc/arm_gic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c +index c60dc6b5e6..fbde60de05 100644 +--- a/hw/intc/arm_gic.c ++++ b/hw/intc/arm_gic.c +@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset, + int target_cpu; + + cpu = gic_get_current_cpu(s); +- irq = value & 0x3ff; ++ irq = value & 0xf; + switch ((value >> 24) & 3) { + case 0: + mask = (value >> 16) & ALL_CPU_MASK; +-- +2.27.0 + diff --git a/kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch b/kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch new file mode 100644 index 0000000..ef0f424 --- /dev/null +++ b/kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch @@ -0,0 +1,177 @@ +From 1f6e36fd98ba0610a438c2352117c5b1ed4f01ba Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Mon, 8 Mar 2021 18:10:41 -0500 +Subject: [PATCH 07/15] i386/acpi: restore device paths for pre-5.1 vms +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Igor Mammedov +Message-id: <20210308181041.2427279-1-imammedo@redhat.com> +Patchwork-id: 101321 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH] i386/acpi: restore device paths for pre-5.1 vms +Bugzilla: 1934158 +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Michael S. Tsirkin +RH-Acked-by: Philippe Mathieu-Daudé + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1934158 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=35317870 +Upstream: 0a343a5add75f9f90c65e932863d57ddbcb28f5c + + From: Vitaly Cheptsov + Date: Mon Mar 1 22:59:18 2021 +0300 + + After fixing the _UID value for the primary PCI root bridge in + af1b80ae it was discovered that this change updates Windows + configuration in an incompatible way causing network configuration + failure unless DHCP is used. More details provided on the list: + + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg08484.html + + This change reverts the _UID update from 1 to 0 for q35 and i440fx + VMs before version 5.2 to maintain the original behaviour when + upgrading. + + Cc: qemu-stable@nongnu.org + Cc: qemu-devel@nongnu.org + Reported-by: Thomas Lamprecht + Suggested-by: Michael S. Tsirkin + Signed-off-by: Vitaly Cheptsov + Message-Id: <20210301195919.9333-1-cheptsov@ispras.ru> + Tested-by: Thomas Lamprecht + Reviewed-by: Igor Mammedov + Reviewed-by: Michael S. Tsirkin + Signed-off-by: Michael S. Tsirkin + Fixes: af1b80ae56c9 ("i386/acpi: fix inconsistent QEMU/OVMF device paths") + +(cherry picked from commit 0a343a5add75f9f90c65e932863d57ddbcb28f5c) +Signed-off-by: Igor Mammedov + +Notes: +clean cherrypick + +adding the same quirk to RHEL's pc(7.6)/q35(8.3) machine types +to preserve old UID. pc-q35-rhel8.4.0 will have new UID as defined +by spec (but since it's not been released yet there is no risk of +breaking [non]existing Windows deployments and new installations +should pickup new PCI device enumeration just fine) + +Signed-off-by: Danilo C. L. de Paula +--- + hw/i386/acpi-build.c | 4 ++-- + hw/i386/pc_piix.c | 5 +++++ + hw/i386/pc_q35.c | 5 +++++ + include/hw/i386/pc.h | 1 + + 4 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c +index b1082bd412..be6a260b85 100644 +--- a/hw/i386/acpi-build.c ++++ b/hw/i386/acpi-build.c +@@ -1516,7 +1516,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, + dev = aml_device("PCI0"); + aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03"))); + aml_append(dev, aml_name_decl("_ADR", aml_int(0))); +- aml_append(dev, aml_name_decl("_UID", aml_int(0))); ++ aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid))); + aml_append(sb_scope, dev); + aml_append(dsdt, sb_scope); + +@@ -1533,7 +1533,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, + aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08"))); + aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03"))); + aml_append(dev, aml_name_decl("_ADR", aml_int(0))); +- aml_append(dev, aml_name_decl("_UID", aml_int(0))); ++ aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid))); + aml_append(dev, build_q35_osc_method()); + aml_append(sb_scope, dev); + +diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c +index 6e1f1ba082..819fb5fed9 100644 +--- a/hw/i386/pc_piix.c ++++ b/hw/i386/pc_piix.c +@@ -421,6 +421,7 @@ static void pc_i440fx_machine_options(MachineClass *m) + { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); + pcmc->default_nic_model = "e1000"; ++ pcmc->pci_root_uid = 0; + + m->family = "pc_piix"; + m->desc = "Standard PC (i440FX + PIIX, 1996)"; +@@ -452,6 +453,7 @@ static void pc_i440fx_5_1_machine_options(MachineClass *m) + compat_props_add(m->compat_props, hw_compat_5_1, hw_compat_5_1_len); + compat_props_add(m->compat_props, pc_compat_5_1, pc_compat_5_1_len); + pcmc->kvmclock_create_always = false; ++ pcmc->pci_root_uid = 1; + } + + DEFINE_I440FX_MACHINE(v5_1, "pc-i440fx-5.1", NULL, +@@ -1020,6 +1022,7 @@ static void pc_machine_rhel7_options(MachineClass *m) + m->family = "pc_piix_Y"; + m->default_machine_opts = "firmware=bios-256k.bin,hpet=off"; + pcmc->default_nic_model = "e1000"; ++ pcmc->pci_root_uid = 0; + m->default_display = "std"; + m->no_parallel = 1; + m->numa_mem_supported = true; +@@ -1046,6 +1049,8 @@ static void pc_machine_rhel760_options(MachineClass *m) + pcmc->pvh_enabled = false; + pcmc->default_cpu_version = CPU_VERSION_LEGACY; + pcmc->kvmclock_create_always = false; ++ /* From pc_i440fx_5_1_machine_options() */ ++ pcmc->pci_root_uid = 1; + compat_props_add(m->compat_props, hw_compat_rhel_8_3, + hw_compat_rhel_8_3_len); + compat_props_add(m->compat_props, pc_rhel_8_3_compat, +diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c +index a8c0496c9f..f848f1484e 100644 +--- a/hw/i386/pc_q35.c ++++ b/hw/i386/pc_q35.c +@@ -332,6 +332,7 @@ static void pc_q35_machine_options(MachineClass *m) + { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); + pcmc->default_nic_model = "e1000e"; ++ pcmc->pci_root_uid = 0; + + m->family = "pc_q35"; + m->desc = "Standard PC (Q35 + ICH9, 2009)"; +@@ -367,6 +368,7 @@ static void pc_q35_5_1_machine_options(MachineClass *m) + compat_props_add(m->compat_props, hw_compat_5_1, hw_compat_5_1_len); + compat_props_add(m->compat_props, pc_compat_5_1, pc_compat_5_1_len); + pcmc->kvmclock_create_always = false; ++ pcmc->pci_root_uid = 1; + } + + DEFINE_Q35_MACHINE(v5_1, "pc-q35-5.1", NULL, +@@ -578,6 +580,7 @@ static void pc_q35_machine_rhel_options(MachineClass *m) + { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); + pcmc->default_nic_model = "e1000e"; ++ pcmc->pci_root_uid = 0; + m->family = "pc_q35_Z"; + m->units_per_default_bus = 1; + m->default_machine_opts = "firmware=bios-256k.bin,hpet=off"; +@@ -630,6 +633,8 @@ static void pc_q35_machine_rhel830_options(MachineClass *m) + pc_rhel_8_3_compat_len); + /* From pc_q35_5_1_machine_options() */ + pcmc->kvmclock_create_always = false; ++ /* From pc_q35_5_1_machine_options() */ ++ pcmc->pci_root_uid = 1; + } + + DEFINE_PC_MACHINE(q35_rhel830, "pc-q35-rhel8.3.0", pc_q35_init_rhel830, +diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h +index 68091bea98..d2efc65cec 100644 +--- a/include/hw/i386/pc.h ++++ b/include/hw/i386/pc.h +@@ -99,6 +99,7 @@ struct PCMachineClass { + int legacy_acpi_table_size; + unsigned acpi_data_size; + bool do_not_add_smb_acpi; ++ int pci_root_uid; + + /* SMBIOS compat: */ + bool smbios_defaults; +-- +2.27.0 + diff --git a/kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch b/kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch new file mode 100644 index 0000000..1e18da6 --- /dev/null +++ b/kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch @@ -0,0 +1,50 @@ +From 570d5034b8c6124df1830857144dc1ac08c13d06 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 8 Mar 2021 10:48:59 -0500 +Subject: [PATCH 02/15] scsi-disk: do not complete requests early for + rerror/werror=ignore +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Paolo Bonzini +Message-id: <20210308104902.149906-3-pbonzini@redhat.com> +Patchwork-id: 101309 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/5] scsi-disk: do not complete requests early for rerror/werror=ignore +Bugzilla: 1927530 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Philippe Mathieu-Daudé + +When requested to ignore errors, just do nothing and let the +request complete normally. This means that the request will +be accounted correctly. + +This is what commit 40dce4ee61 ("scsi-disk: fix rerror/werror=ignore", +2018-10-19) was supposed to do: + +Fixes: 40dce4ee61 ("scsi-disk: fix rerror/werror=ignore", 2018-10-19) +Signed-off-by: Paolo Bonzini +(cherry picked from commit 424740def9a42da88550410de9a41ef07cc4a010) +Signed-off-by: Danilo C. L. de Paula +--- + hw/scsi/scsi-disk.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index cecdea2640..e8de15f549 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -252,8 +252,7 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) + + blk_error_action(s->qdev.conf.blk, action, is_read, error); + if (action == BLOCK_ERROR_ACTION_IGNORE) { +- scsi_req_complete(&r->req, 0); +- return true; ++ return false; + } + + if (action == BLOCK_ERROR_ACTION_STOP) { +-- +2.27.0 + diff --git a/kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch b/kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch new file mode 100644 index 0000000..766321a --- /dev/null +++ b/kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch @@ -0,0 +1,222 @@ +From c029d041853805ba612d27886f769c0e004c35e6 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 8 Mar 2021 10:48:58 -0500 +Subject: [PATCH 01/15] scsi-disk: move scsi_handle_rw_error earlier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Paolo Bonzini +Message-id: <20210308104902.149906-2-pbonzini@redhat.com> +Patchwork-id: 101307 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/5] scsi-disk: move scsi_handle_rw_error earlier +Bugzilla: 1927530 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Philippe Mathieu-Daudé + +Remove the forward declaration. + +Signed-off-by: Paolo Bonzini +(cherry picked from commit f95f61c2c9618fae7d8ea4c1d63e7416884bad52) +Signed-off-by: Danilo C. L. de Paula +--- + hw/scsi/scsi-disk.c | 168 ++++++++++++++++++++++---------------------- + 1 file changed, 83 insertions(+), 85 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index 90841ad791..cecdea2640 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -110,8 +110,6 @@ struct SCSIDiskState { + uint16_t rotation_rate; + }; + +-static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); +- + static void scsi_free_request(SCSIRequest *req) + { + SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); +@@ -181,6 +179,89 @@ static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) + qemu_iovec_init_external(&r->qiov, &r->iov, 1); + } + ++/* ++ * scsi_handle_rw_error has two return values. False means that the error ++ * must be ignored, true means that the error has been processed and the ++ * caller should not do anything else for this request. Note that ++ * scsi_handle_rw_error always manages its reference counts, independent ++ * of the return value. ++ */ ++static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) ++{ ++ bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); ++ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); ++ SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); ++ BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, ++ is_read, error); ++ ++ if (action == BLOCK_ERROR_ACTION_REPORT) { ++ if (acct_failed) { ++ block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); ++ } ++ switch (error) { ++ case 0: ++ /* A passthrough command has run and has produced sense data; check ++ * whether the error has to be handled by the guest or should rather ++ * pause the host. ++ */ ++ assert(r->status && *r->status); ++ if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { ++ /* These errors are handled by guest. */ ++ sdc->update_sense(&r->req); ++ scsi_req_complete(&r->req, *r->status); ++ return true; ++ } ++ error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); ++ break; ++#ifdef CONFIG_LINUX ++ /* These errno mapping are specific to Linux. For more information: ++ * - scsi_decide_disposition in drivers/scsi/scsi_error.c ++ * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c ++ * - blk_errors[] in block/blk-core.c ++ */ ++ case EBADE: ++ /* DID_NEXUS_FAILURE -> BLK_STS_NEXUS. */ ++ scsi_req_complete(&r->req, RESERVATION_CONFLICT); ++ break; ++ case ENODATA: ++ /* DID_MEDIUM_ERROR -> BLK_STS_MEDIUM. */ ++ scsi_check_condition(r, SENSE_CODE(READ_ERROR)); ++ break; ++ case EREMOTEIO: ++ /* DID_TARGET_FAILURE -> BLK_STS_TARGET. */ ++ scsi_req_complete(&r->req, HARDWARE_ERROR); ++ break; ++#endif ++ case ENOMEDIUM: ++ scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); ++ break; ++ case ENOMEM: ++ scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); ++ break; ++ case EINVAL: ++ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); ++ break; ++ case ENOSPC: ++ scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); ++ break; ++ default: ++ scsi_check_condition(r, SENSE_CODE(IO_ERROR)); ++ break; ++ } ++ } ++ ++ blk_error_action(s->qdev.conf.blk, action, is_read, error); ++ if (action == BLOCK_ERROR_ACTION_IGNORE) { ++ scsi_req_complete(&r->req, 0); ++ return true; ++ } ++ ++ if (action == BLOCK_ERROR_ACTION_STOP) { ++ scsi_req_retry(&r->req); ++ } ++ return true; ++} ++ + static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) + { + if (r->req.io_canceled) { +@@ -427,89 +508,6 @@ static void scsi_read_data(SCSIRequest *req) + } + } + +-/* +- * scsi_handle_rw_error has two return values. False means that the error +- * must be ignored, true means that the error has been processed and the +- * caller should not do anything else for this request. Note that +- * scsi_handle_rw_error always manages its reference counts, independent +- * of the return value. +- */ +-static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) +-{ +- bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); +- SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); +- SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); +- BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, +- is_read, error); +- +- if (action == BLOCK_ERROR_ACTION_REPORT) { +- if (acct_failed) { +- block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); +- } +- switch (error) { +- case 0: +- /* A passthrough command has run and has produced sense data; check +- * whether the error has to be handled by the guest or should rather +- * pause the host. +- */ +- assert(r->status && *r->status); +- if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { +- /* These errors are handled by guest. */ +- sdc->update_sense(&r->req); +- scsi_req_complete(&r->req, *r->status); +- return true; +- } +- error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); +- break; +-#ifdef CONFIG_LINUX +- /* These errno mapping are specific to Linux. For more information: +- * - scsi_decide_disposition in drivers/scsi/scsi_error.c +- * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c +- * - blk_errors[] in block/blk-core.c +- */ +- case EBADE: +- /* DID_NEXUS_FAILURE -> BLK_STS_NEXUS. */ +- scsi_req_complete(&r->req, RESERVATION_CONFLICT); +- break; +- case ENODATA: +- /* DID_MEDIUM_ERROR -> BLK_STS_MEDIUM. */ +- scsi_check_condition(r, SENSE_CODE(READ_ERROR)); +- break; +- case EREMOTEIO: +- /* DID_TARGET_FAILURE -> BLK_STS_TARGET. */ +- scsi_req_complete(&r->req, HARDWARE_ERROR); +- break; +-#endif +- case ENOMEDIUM: +- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); +- break; +- case ENOMEM: +- scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); +- break; +- case EINVAL: +- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); +- break; +- case ENOSPC: +- scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); +- break; +- default: +- scsi_check_condition(r, SENSE_CODE(IO_ERROR)); +- break; +- } +- } +- +- blk_error_action(s->qdev.conf.blk, action, is_read, error); +- if (action == BLOCK_ERROR_ACTION_IGNORE) { +- scsi_req_complete(&r->req, 0); +- return true; +- } +- +- if (action == BLOCK_ERROR_ACTION_STOP) { +- scsi_req_retry(&r->req); +- } +- return true; +-} +- + static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) + { + uint32_t n; +-- +2.27.0 + diff --git a/kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch b/kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch new file mode 100644 index 0000000..eb49e97 --- /dev/null +++ b/kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch @@ -0,0 +1,106 @@ +From 620d646367a38ff9908de811e1f0a24a3f105529 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 8 Mar 2021 10:49:01 -0500 +Subject: [PATCH 04/15] scsi-disk: pass SCSI status to scsi_handle_rw_error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Paolo Bonzini +Message-id: <20210308104902.149906-5-pbonzini@redhat.com> +Patchwork-id: 101310 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 4/5] scsi-disk: pass SCSI status to scsi_handle_rw_error +Bugzilla: 1927530 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Philippe Mathieu-Daudé + +Instead of fishing it from *r->status, just pass the SCSI status +as a positive value of the second parameter and an errno as a +negative value. + +Signed-off-by: Paolo Bonzini +(cherry picked from commit f63c68bc0f514694a958b2e84a204b7792d28b17) +Signed-off-by: Danilo C. L. de Paula +--- + hw/scsi/scsi-disk.c | 38 +++++++++++++++++++++++++++----------- + 1 file changed, 27 insertions(+), 11 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index 7393f33ee2..c545f0b674 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -186,34 +186,48 @@ static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) + * scsi_handle_rw_error always manages its reference counts, independent + * of the return value. + */ +-static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) ++static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) + { + bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); + SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); + SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); +- BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, +- is_read, error); +- SCSISense sense; ++ SCSISense sense = SENSE_CODE(NO_SENSE); ++ int error = 0; ++ bool req_has_sense = false; ++ BlockErrorAction action; ++ int status; + ++ if (ret < 0) { ++ status = scsi_sense_from_errno(-ret, &sense); ++ error = -ret; ++ } else { ++ /* A passthrough command has completed with nonzero status. */ ++ status = ret; ++ if (status == CHECK_CONDITION) { ++ req_has_sense = true; ++ error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); ++ } else { ++ error = EINVAL; ++ } ++ } ++ ++ action = blk_get_error_action(s->qdev.conf.blk, is_read, error); + if (action == BLOCK_ERROR_ACTION_REPORT) { + if (acct_failed) { + block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); + } +- if (error == 0) { ++ if (req_has_sense) { + /* A passthrough command has run and has produced sense data; check + * whether the error has to be handled by the guest or should rather + * pause the host. + */ +- assert(r->status && *r->status); + if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { + /* These errors are handled by guest. */ + sdc->update_sense(&r->req); +- scsi_req_complete(&r->req, *r->status); ++ scsi_req_complete(&r->req, status); + return true; + } +- error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); + } else { +- int status = scsi_sense_from_errno(error, &sense); + if (status == CHECK_CONDITION) { + scsi_req_build_sense(&r->req, sense); + } +@@ -239,8 +253,10 @@ static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) + return true; + } + +- if (ret < 0 || (r->status && *r->status)) { +- return scsi_handle_rw_error(r, -ret, acct_failed); ++ if (ret < 0) { ++ return scsi_handle_rw_error(r, ret, acct_failed); ++ } else if (r->status && *r->status) { ++ return scsi_handle_rw_error(r, *r->status, acct_failed); + } + + return false; +-- +2.27.0 + diff --git a/kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch b/kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch new file mode 100644 index 0000000..58fac83 --- /dev/null +++ b/kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch @@ -0,0 +1,106 @@ +From 9cf10f41fc8a89cd80f27e3b2674dec7eead60d4 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 8 Mar 2021 10:49:02 -0500 +Subject: [PATCH 05/15] scsi-disk: pass guest recoverable errors through even + for rerror=stop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Paolo Bonzini +Message-id: <20210308104902.149906-6-pbonzini@redhat.com> +Patchwork-id: 101311 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 5/5] scsi-disk: pass guest recoverable errors through even for rerror=stop +Bugzilla: 1927530 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Philippe Mathieu-Daudé + +Right now, recoverable sense values are only passed directly to the +guest only for rerror=report. However, when rerror/werror are 'stop' +we still don't want the host to be involved on every UNIT ATTENTION +(especially considered that the QMP event will not have enough information +to act on the report). + +Signed-off-by: Paolo Bonzini +(cherry picked from commit 782a78c9e994c2be23467262f50e885a0eb0d9fc) +Signed-off-by: Danilo C. L. de Paula +--- + hw/scsi/scsi-disk.c | 51 +++++++++++++++++++++++++-------------------- + 1 file changed, 28 insertions(+), 23 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index c545f0b674..f2abbf0d87 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -211,39 +211,44 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) + } + } + +- action = blk_get_error_action(s->qdev.conf.blk, is_read, error); +- if (action == BLOCK_ERROR_ACTION_REPORT) { ++ /* ++ * Check whether the error has to be handled by the guest or should ++ * rather follow the rerror=/werror= settings. Guest-handled errors ++ * are usually retried immediately, so do not post them to QMP and ++ * do not account them as failed I/O. ++ */ ++ if (req_has_sense && ++ scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { ++ action = BLOCK_ERROR_ACTION_REPORT; ++ acct_failed = false; ++ } else { ++ action = blk_get_error_action(s->qdev.conf.blk, is_read, error); ++ blk_error_action(s->qdev.conf.blk, action, is_read, error); ++ } ++ ++ switch (action) { ++ case BLOCK_ERROR_ACTION_REPORT: + if (acct_failed) { + block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); + } + if (req_has_sense) { +- /* A passthrough command has run and has produced sense data; check +- * whether the error has to be handled by the guest or should rather +- * pause the host. +- */ +- if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { +- /* These errors are handled by guest. */ +- sdc->update_sense(&r->req); +- scsi_req_complete(&r->req, status); +- return true; +- } +- } else { +- if (status == CHECK_CONDITION) { +- scsi_req_build_sense(&r->req, sense); +- } +- scsi_req_complete(&r->req, status); ++ sdc->update_sense(&r->req); ++ } else if (status == CHECK_CONDITION) { ++ scsi_req_build_sense(&r->req, sense); + } +- } ++ scsi_req_complete(&r->req, status); ++ return true; + +- blk_error_action(s->qdev.conf.blk, action, is_read, error); +- if (action == BLOCK_ERROR_ACTION_IGNORE) { ++ case BLOCK_ERROR_ACTION_IGNORE: + return false; +- } + +- if (action == BLOCK_ERROR_ACTION_STOP) { ++ case BLOCK_ERROR_ACTION_STOP: + scsi_req_retry(&r->req); ++ return true; ++ ++ default: ++ g_assert_not_reached(); + } +- return true; + } + + static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) +-- +2.27.0 + diff --git a/kvm-scsi-introduce-scsi_sense_from_errno.patch b/kvm-scsi-introduce-scsi_sense_from_errno.patch new file mode 100644 index 0000000..4a13519 --- /dev/null +++ b/kvm-scsi-introduce-scsi_sense_from_errno.patch @@ -0,0 +1,181 @@ +From 38a29a168f4b377eb6381469af16887e12ebfa3d Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 8 Mar 2021 10:49:00 -0500 +Subject: [PATCH 03/15] scsi: introduce scsi_sense_from_errno() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Paolo Bonzini +Message-id: <20210308104902.149906-4-pbonzini@redhat.com> +Patchwork-id: 101308 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 3/5] scsi: introduce scsi_sense_from_errno() +Bugzilla: 1927530 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Philippe Mathieu-Daudé + +The new function is an extension of the switch statement in scsi-disk.c +which also includes the errno cases only found in sg_io_sense_from_errno. +This allows us to consolidate the errno handling. + +Extracted from a patch by Hannes Reinecke . + +Signed-off-by: Paolo Bonzini +(cherry picked from commit d7a84021db8eeddcd5d24ab591a1434763caff6c) +Signed-off-by: Danilo C. L. de Paula +--- + hw/scsi/scsi-disk.c | 45 +++++++------------------------------- + include/scsi/utils.h | 2 ++ + scsi/utils.c | 51 +++++++++++++++++++++++++++++++++++--------- + 3 files changed, 51 insertions(+), 47 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index e8de15f549..7393f33ee2 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -193,13 +193,13 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) + SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); + BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, + is_read, error); ++ SCSISense sense; + + if (action == BLOCK_ERROR_ACTION_REPORT) { + if (acct_failed) { + block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); + } +- switch (error) { +- case 0: ++ if (error == 0) { + /* A passthrough command has run and has produced sense data; check + * whether the error has to be handled by the guest or should rather + * pause the host. +@@ -212,41 +212,12 @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) + return true; + } + error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); +- break; +-#ifdef CONFIG_LINUX +- /* These errno mapping are specific to Linux. For more information: +- * - scsi_decide_disposition in drivers/scsi/scsi_error.c +- * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c +- * - blk_errors[] in block/blk-core.c +- */ +- case EBADE: +- /* DID_NEXUS_FAILURE -> BLK_STS_NEXUS. */ +- scsi_req_complete(&r->req, RESERVATION_CONFLICT); +- break; +- case ENODATA: +- /* DID_MEDIUM_ERROR -> BLK_STS_MEDIUM. */ +- scsi_check_condition(r, SENSE_CODE(READ_ERROR)); +- break; +- case EREMOTEIO: +- /* DID_TARGET_FAILURE -> BLK_STS_TARGET. */ +- scsi_req_complete(&r->req, HARDWARE_ERROR); +- break; +-#endif +- case ENOMEDIUM: +- scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); +- break; +- case ENOMEM: +- scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); +- break; +- case EINVAL: +- scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); +- break; +- case ENOSPC: +- scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); +- break; +- default: +- scsi_check_condition(r, SENSE_CODE(IO_ERROR)); +- break; ++ } else { ++ int status = scsi_sense_from_errno(error, &sense); ++ if (status == CHECK_CONDITION) { ++ scsi_req_build_sense(&r->req, sense); ++ } ++ scsi_req_complete(&r->req, status); + } + } + +diff --git a/include/scsi/utils.h b/include/scsi/utils.h +index fbc5588279..878434a8f5 100644 +--- a/include/scsi/utils.h ++++ b/include/scsi/utils.h +@@ -133,4 +133,6 @@ int sg_io_sense_from_errno(int errno_value, struct sg_io_hdr *io_hdr, + SCSISense *sense); + #endif + ++int scsi_sense_from_errno(int errno_value, SCSISense *sense); ++ + #endif +diff --git a/scsi/utils.c b/scsi/utils.c +index b37c283014..c93458b80e 100644 +--- a/scsi/utils.c ++++ b/scsi/utils.c +@@ -560,21 +560,52 @@ const char *scsi_command_name(uint8_t cmd) + return names[cmd]; + } + ++int scsi_sense_from_errno(int errno_value, SCSISense *sense) ++{ ++ switch (errno_value) { ++ case 0: ++ return GOOD; ++ case EDOM: ++ return TASK_SET_FULL; ++#ifdef CONFIG_LINUX ++ /* These errno mapping are specific to Linux. For more information: ++ * - scsi_decide_disposition in drivers/scsi/scsi_error.c ++ * - scsi_result_to_blk_status in drivers/scsi/scsi_lib.c ++ * - blk_errors[] in block/blk-core.c ++ */ ++ case EBADE: ++ return RESERVATION_CONFLICT; ++ case ENODATA: ++ *sense = SENSE_CODE(READ_ERROR); ++ return CHECK_CONDITION; ++ case EREMOTEIO: ++ *sense = SENSE_CODE(LUN_COMM_FAILURE); ++ return CHECK_CONDITION; ++#endif ++ case ENOMEDIUM: ++ *sense = SENSE_CODE(NO_MEDIUM); ++ return CHECK_CONDITION; ++ case ENOMEM: ++ *sense = SENSE_CODE(TARGET_FAILURE); ++ return CHECK_CONDITION; ++ case EINVAL: ++ *sense = SENSE_CODE(INVALID_FIELD); ++ return CHECK_CONDITION; ++ case ENOSPC: ++ *sense = SENSE_CODE(SPACE_ALLOC_FAILED); ++ return CHECK_CONDITION; ++ default: ++ *sense = SENSE_CODE(IO_ERROR); ++ return CHECK_CONDITION; ++ } ++} ++ + #ifdef CONFIG_LINUX + int sg_io_sense_from_errno(int errno_value, struct sg_io_hdr *io_hdr, + SCSISense *sense) + { + if (errno_value != 0) { +- switch (errno_value) { +- case EDOM: +- return TASK_SET_FULL; +- case ENOMEM: +- *sense = SENSE_CODE(TARGET_FAILURE); +- return CHECK_CONDITION; +- default: +- *sense = SENSE_CODE(IO_ERROR); +- return CHECK_CONDITION; +- } ++ return scsi_sense_from_errno(errno_value, sense); + } else { + if (io_hdr->host_status == SG_ERR_DID_NO_CONNECT || + io_hdr->host_status == SG_ERR_DID_BUS_BUSY || +-- +2.27.0 + diff --git a/kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch b/kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch new file mode 100644 index 0000000..efb0b34 --- /dev/null +++ b/kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch @@ -0,0 +1,68 @@ +From f6ad6b772dce72042afbe8779cd9c52d5e352418 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 15 Mar 2021 18:16:24 -0400 +Subject: [PATCH 08/15] vhost-user-blk: fix blkcfg->num_queues endianness +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefan Hajnoczi +Message-id: <20210315181629.212884-2-stefanha@redhat.com> +Patchwork-id: 101338 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/6] vhost-user-blk: fix blkcfg->num_queues endianness +Bugzilla: 1937004 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Kevin Wolf +RH-Acked-by: Max Reitz + +Treat the num_queues field as virtio-endian. On big-endian hosts the +vhost-user-blk num_queues field was in the wrong endianness. + +Move the blkcfg.num_queues store operation from realize to +vhost_user_blk_update_config() so feature negotiation has finished and +we know the endianness of the device. VIRTIO 1.0 devices are +little-endian, but in case someone wants to use legacy VIRTIO we support +all endianness cases. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Stefan Hajnoczi +Reviewed-by: Raphael Norwitz +Reviewed-by: Michael S. Tsirkin +Message-Id: <20210223144653.811468-2-stefanha@redhat.com> +Signed-off-by: Kevin Wolf +(cherry picked from commit 535255b43898d2e96744057eb86f8497d4d7a461) +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Danilo C. L. de Paula +--- + hw/block/vhost-user-blk.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c +index 2dd3d93ca0..d9d9dc8a89 100644 +--- a/hw/block/vhost-user-blk.c ++++ b/hw/block/vhost-user-blk.c +@@ -53,6 +53,9 @@ static void vhost_user_blk_update_config(VirtIODevice *vdev, uint8_t *config) + { + VHostUserBlk *s = VHOST_USER_BLK(vdev); + ++ /* Our num_queues overrides the device backend */ ++ virtio_stw_p(vdev, &s->blkcfg.num_queues, s->num_queues); ++ + memcpy(config, &s->blkcfg, sizeof(struct virtio_blk_config)); + } + +@@ -490,10 +493,6 @@ reconnect: + goto reconnect; + } + +- if (s->blkcfg.num_queues != s->num_queues) { +- s->blkcfg.num_queues = s->num_queues; +- } +- + return; + + virtio_err: +-- +2.27.0 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 07c2861..90082d6 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -53,6 +53,12 @@ #Versions of various parts: %global requires_all_modules \ +%if %{have_spice} \ +Requires: %{name}-ui-spice = %{epoch}:%{version}-%{release} \ +%endif \ +%if %{have_opengl} \ +Requires: %{name}-ui-opengl = %{epoch}:%{version}-%{release} \ +%endif \ Requires: %{name}-block-curl = %{epoch}:%{version}-%{release} \ %if %{have_gluster} \ Requires: %{name}-block-gluster = %{epoch}:%{version}-%{release} \ @@ -64,7 +70,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release} Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 5.2.0 -Release: 11%{?dist} +Release: 14%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -292,6 +298,32 @@ Patch126: kvm-qxl-also-notify-the-rendering-is-done-when-skipping-.patch Patch127: kvm-virtiofsd-Save-error-code-early-at-the-failure-calls.patch # For bz#1935071 - CVE-2021-20263 virt:8.4/qemu-kvm: QEMU: virtiofsd: 'security.capabilities' is not dropped with xattrmap option [rhel-av-8] Patch128: kvm-virtiofs-drop-remapped-security.capability-xattr-as-.patch +# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning +Patch129: kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch +# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning +Patch130: kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch +# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning +Patch131: kvm-scsi-introduce-scsi_sense_from_errno.patch +# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning +Patch132: kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch +# For bz#1927530 - RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning +Patch133: kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch +# For bz#1936948 - CVE-2021-20221 virt:av/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-av-8.4.0] +Patch134: kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch +# For bz#1934158 - Windows guest looses network connectivity when NIC was configured with static IP +Patch135: kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch +# For bz#1937004 - vhost-user-blk server endianness and input validation fixes +Patch136: kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch +# For bz#1937004 - vhost-user-blk server endianness and input validation fixes +Patch137: kvm-block-export-fix-blk_size-double-byteswap.patch +# For bz#1937004 - vhost-user-blk server endianness and input validation fixes +Patch138: kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch +# For bz#1937004 - vhost-user-blk server endianness and input validation fixes +Patch139: kvm-block-export-fix-vhost-user-blk-export-sector-number.patch +# For bz#1937004 - vhost-user-blk server endianness and input validation fixes +Patch140: kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch +# For bz#1937004 - vhost-user-blk server endianness and input validation fixes +Patch141: kvm-block-export-port-virtio-blk-read-write-range-check.patch BuildRequires: wget BuildRequires: rpm-build @@ -397,9 +429,6 @@ BuildRequires: binutils >= 2.27-16 BuildRequires: pkgconfig(epoxy) BuildRequires: pkgconfig(libdrm) BuildRequires: pkgconfig(gbm) -Requires: mesa-libGL -Requires: mesa-libEGL -Requires: mesa-dri-drivers %endif BuildRequires: perl-Test-Harness @@ -585,6 +614,32 @@ Install this package if you want to access remote disks using the Secure Shell (SSH) protocol. +%if %{have_spice} +%package ui-spice +Summary: QEMU spice support +Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} +%if %{have_opengl} +Requires: %{name}-ui-opengl%{?_isa} = %{epoch}:%{version}-%{release} +%endif + +%description ui-spice +This package provides spice support. +%endif + + +%if %{have_opengl} +%package ui-opengl +Summary: QEMU opengl support +Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} +Requires: mesa-libGL +Requires: mesa-libEGL +Requires: mesa-dri-drivers + +%description ui-opengl +This package provides opengl support. +%endif + + %prep %setup -n qemu-%{version}%{?rcversion} # Remove slirp content in scratchbuilds because it's being applyed as a patch @@ -1361,7 +1416,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %{_datadir}/%{name}/kvmvapic.bin %{_datadir}/%{name}/sgabios.bin %{_datadir}/%{name}/pvh.bin - %{_libdir}/qemu-kvm/ui-egl-headless.so %endif %ifarch s390x %{_datadir}/%{name}/s390-ccw.img @@ -1411,22 +1465,10 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %if %{have_usbredir} %{_libdir}/qemu-kvm/hw-usb-redirect.so %endif -%if 0%{have_spice} - %{_libdir}/qemu-kvm/hw-usb-smartcard.so - %{_libdir}/qemu-kvm/audio-spice.so - %{_libdir}/qemu-kvm/ui-spice-core.so - %{_libdir}/qemu-kvm/chardev-spice.so -%endif -%ifarch x86_64 - %{_libdir}/qemu-kvm/hw-display-qxl.so -%endif %{_libdir}/qemu-kvm/hw-display-virtio-gpu.so %ifnarch s390x %{_libdir}/qemu-kvm/hw-display-virtio-gpu-pci.so %endif -%if 0%{have_opengl} - %{_libdir}/qemu-kvm/ui-opengl.so -%endif %files -n qemu-kiwi %defattr(-,root,root) @@ -1479,9 +1521,57 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %files block-ssh %{_libdir}/qemu-kvm/block-ssh.so +%if 0%{have_spice} +%files ui-spice + %{_libdir}/qemu-kvm/hw-usb-smartcard.so + %{_libdir}/qemu-kvm/audio-spice.so + %{_libdir}/qemu-kvm/ui-spice-core.so + %{_libdir}/qemu-kvm/chardev-spice.so +%ifarch x86_64 + %{_libdir}/qemu-kvm/hw-display-qxl.so +%endif +%endif + +%if 0%{have_opengl} +%files ui-opengl + %{_libdir}/qemu-kvm/ui-egl-headless.so + %{_libdir}/qemu-kvm/ui-opengl.so +%endif + %changelog -* Mon Mar 15 2021 Miroslav Rezanina - 5.2.0-11.el9 +* Sat Mar 20 2021 Danilo Cesar Lemes de Paula - 5.2.0-14.el8 +- kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch [bz#1937004] +- kvm-block-export-fix-blk_size-double-byteswap.patch [bz#1937004] +- kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch [bz#1937004] +- kvm-block-export-fix-vhost-user-blk-export-sector-number.patch [bz#1937004] +- kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch [bz#1937004] +- kvm-block-export-port-virtio-blk-read-write-range-check.patch [bz#1937004] +- kvm-spec-ui-spice-sub-package.patch [bz#1936373] +- kvm-spec-ui-opengl-sub-package.patch [bz#1936373] +- Resolves: bz#1937004 + (vhost-user-blk server endianness and input validation fixes) +- Resolves: bz#1936373 + (move spice & opengl modules to rpm subpackages) + +* Tue Mar 16 2021 Danilo Cesar Lemes de Paula - 5.2.0-13.el8 +- kvm-i386-acpi-restore-device-paths-for-pre-5.1-vms.patch [bz#1934158] +- Resolves: bz#1934158 + (Windows guest looses network connectivity when NIC was configured with static IP) + +* Mon Mar 15 2021 Danilo Cesar Lemes de Paula - 5.2.0-12.el8 +- kvm-scsi-disk-move-scsi_handle_rw_error-earlier.patch [bz#1927530] +- kvm-scsi-disk-do-not-complete-requests-early-for-rerror-.patch [bz#1927530] +- kvm-scsi-introduce-scsi_sense_from_errno.patch [bz#1927530] +- kvm-scsi-disk-pass-SCSI-status-to-scsi_handle_rw_error.patch [bz#1927530] +- kvm-scsi-disk-pass-guest-recoverable-errors-through-even.patch [bz#1927530] +- kvm-hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch [bz#1936948] +- Resolves: bz#1927530 + (RHEL8 Hypervisor - OVIRT - Issues seen on a virtualization guest with direct passthrough LUNS pausing when a host gets a Thin threshold warning) +- Resolves: bz#1936948 + (CVE-2021-20221 virt:av/qemu-kvm: qemu: out-of-bound heap buffer access via an interrupt ID field [rhel-av-8.4.0]) + +* Mon Mar 08 2021 Danilo Cesar Lemes de Paula - 5.2.0-11.el8 - kvm-qxl-set-qxl.ssd.dcl.con-on-secondary-devices.patch [bz#1932190] - kvm-qxl-also-notify-the-rendering-is-done-when-skipping-.patch [bz#1932190] - kvm-virtiofsd-Save-error-code-early-at-the-failure-calls.patch [bz#1935071]