* Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-6

- kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462]
- kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194]
- kvm-redhat-Install-the-s390-netboot.img-that-we-ve-built.patch [bz#1957194]
- kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch [bz#1957194]
- kvm-target-i386-sev-add-support-to-query-the-attestation.patch [bz#1957194]
- kvm-spapr-Don-t-hijack-current_machine-boot_order.patch [bz#1957194]
- kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch [bz#1957194]
- kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1957194]
- kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1957194]
- Specfile cleanup [bz#1973029]
- Resolves: bz#1972462
  (QEMU core dump when doing TLS migration via TCP)
- Resolves: bz#1957194
  (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta)
- Resolves: bz#1973029
  (Spec file cleanups)
This commit is contained in:
Miroslav Rezanina 2021-06-21 05:04:48 -04:00
parent 7b74d99404
commit 73d2f941db
9 changed files with 1243 additions and 77 deletions

View File

@ -0,0 +1,51 @@
From bd1d37e3536136130df41ac8162ce5bb4f361f87 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Tue, 1 Jun 2021 08:52:10 -0400
Subject: [PATCH 02/21] pc-bios/s390-ccw: don't try to read the next block if
end of chunk is reached
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [1/8] 69a43520a9e7f0ab92bdfdc47281c7606f5159e7 (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: Marc Hartmayer <mhartmay@linux.ibm.com>
Don't read the block if a null block number is reached, because this means that
the end of chunk is reached.
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Message-Id: <20210416074736.17409-1-mhartmay@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a6625d38cce3901a7c1cba069f0abcf743a293f1)
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
pc-bios/s390-ccw/bootmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 44df7d16af..b46997c0b7 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -213,7 +213,7 @@ static int eckd_get_boot_menu_index(block_number_t s1b_block_nr)
next_block_nr = eckd_block_num(&s1b->seek[i + 1].chs);
}
- if (next_block_nr) {
+ if (next_block_nr && !is_null_block_number(next_block_nr)) {
read_block(next_block_nr, s2_next_blk,
"Cannot read stage2 boot loader");
}
--
2.27.0

View File

@ -0,0 +1,115 @@
From 415a6a1ced90cc8b8691eb7ab027bba4611fc236 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 2 Jun 2021 15:51:02 -0400
Subject: [PATCH 04/21] sockets: update SOCKET_ADDRESS_TYPE_FD listen(2)
backlog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [3/8] a8fd97eb477ad51fca75c1cc344185e1de59caf1 (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
socket_get_fd() fails with the error "socket_get_fd: too many
connections" if the given listen backlog value is not 1.
Not all callers set the backlog to 1. For example, commit
582d4210eb2f2ab5baac328fe4b479cd86da1647 ("qemu-nbd: Use SOMAXCONN for
socket listen() backlog") uses SOMAXCONN. This will always fail with in
socket_get_fd().
This patch calls listen(2) on the fd to update the backlog value. The
socket may already be in the listen state. I have tested that this works
on Linux 5.10 and macOS Catalina.
As a bonus this allows us to detect when the fd cannot listen. Now we'll
be able to catch unbound or connected fds in socket_listen().
Drop the num argument from socket_get_fd() since this function is also
called by socket_connect() where a listen backlog value does not make
sense.
Fixes: e5b6353cf25c99c3f08bf51e29933352f7140e8f ("socket: Add backlog parameter to socket_listen")
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210310173004.420190-1-stefanha@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 37179e9ea45d6428b29ae789209c119ac18c1d39)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
util/qemu-sockets.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 8af0278f15..2463c49773 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1116,14 +1116,10 @@ fail:
return NULL;
}
-static int socket_get_fd(const char *fdstr, int num, Error **errp)
+static int socket_get_fd(const char *fdstr, Error **errp)
{
Monitor *cur_mon = monitor_cur();
int fd;
- if (num != 1) {
- error_setg_errno(errp, EINVAL, "socket_get_fd: too many connections");
- return -1;
- }
if (cur_mon) {
fd = monitor_get_fd(cur_mon, fdstr, errp);
if (fd < 0) {
@@ -1159,7 +1155,7 @@ int socket_connect(SocketAddress *addr, Error **errp)
break;
case SOCKET_ADDRESS_TYPE_FD:
- fd = socket_get_fd(addr->u.fd.str, 1, errp);
+ fd = socket_get_fd(addr->u.fd.str, errp);
break;
case SOCKET_ADDRESS_TYPE_VSOCK:
@@ -1187,7 +1183,26 @@ int socket_listen(SocketAddress *addr, int num, Error **errp)
break;
case SOCKET_ADDRESS_TYPE_FD:
- fd = socket_get_fd(addr->u.fd.str, num, errp);
+ fd = socket_get_fd(addr->u.fd.str, errp);
+ if (fd < 0) {
+ return -1;
+ }
+
+ /*
+ * If the socket is not yet in the listen state, then transition it to
+ * the listen state now.
+ *
+ * If it's already listening then this updates the backlog value as
+ * requested.
+ *
+ * If this socket cannot listen because it's already in another state
+ * (e.g. unbound or connected) then we'll catch the error here.
+ */
+ if (listen(fd, num) != 0) {
+ error_setg_errno(errp, errno, "Failed to listen on fd socket");
+ closesocket(fd);
+ return -1;
+ }
break;
case SOCKET_ADDRESS_TYPE_VSOCK:
--
2.27.0

View File

@ -0,0 +1,115 @@
From b859b919acc83ea12c5c5b2991afac47e9532660 Mon Sep 17 00:00:00 2001
From: Greg Kurz <gkurz@redhat.com>
Date: Thu, 3 Jun 2021 13:29:40 -0400
Subject: [PATCH 06/21] spapr: Don't hijack current_machine->boot_order
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [5/8] 04822ea86e438f013915cd46e09a33627a640a47 (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: Greg Kurz <groug@kaod.org>
QEMU 6.0 moved all the -boot variables to the machine. Especially, the
removal of the boot_order static changed the handling of '-boot once'
from:
if (boot_once) {
qemu_boot_set(boot_once, &error_fatal);
qemu_register_reset(restore_boot_order, g_strdup(boot_order));
}
to
if (current_machine->boot_once) {
qemu_boot_set(current_machine->boot_once, &error_fatal);
qemu_register_reset(restore_boot_order,
g_strdup(current_machine->boot_order));
}
This means that we now register as subsequent boot order a copy
of current_machine->boot_once that was just set with the previous
call to qemu_boot_set(), i.e. we never transition away from the
once boot order.
It is certainly fragile^Wwrong for the spapr code to hijack a
field of the base machine type object like that. The boot order
rework simply turned this software boundary violation into an
actual bug.
Have the spapr code to handle that with its own field in
SpaprMachineState. Also kfree() the initial boot device
string when "once" was used.
Fixes: 4b7acd2ac821 ("vl: clean up -boot variables")
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1960119
Cc: pbonzini@redhat.com
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210521160735.1901914-1-groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 3bf0844f3be77b24cc8f56fc8df9ff199f8324cb)
Signed-off-by: Greg Kurz <gkurz@redhat.com>
Conflicts:
include/hw/ppc/spapr.h
Trivial context conflict because downstream has experimental support
for secure guests (f23e4b5090ba).
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
hw/ppc/spapr.c | 8 +++++---
include/hw/ppc/spapr.h | 3 +++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 653574ba91..11db32c537 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1006,7 +1006,7 @@ static void spapr_dt_chosen(SpaprMachineState *spapr, void *fdt, bool reset)
_FDT(chosen = fdt_add_subnode(fdt, 0, "chosen"));
if (reset) {
- const char *boot_device = machine->boot_order;
+ const char *boot_device = spapr->boot_device;
char *stdout_path = spapr_vio_stdout_path(spapr->vio_bus);
size_t cb = 0;
char *bootlist = get_boot_devices_list(&cb);
@@ -2364,8 +2364,10 @@ static SaveVMHandlers savevm_htab_handlers = {
static void spapr_boot_set(void *opaque, const char *boot_device,
Error **errp)
{
- MachineState *machine = MACHINE(opaque);
- machine->boot_order = g_strdup(boot_device);
+ SpaprMachineState *spapr = SPAPR_MACHINE(opaque);
+
+ g_free(spapr->boot_device);
+ spapr->boot_device = g_strdup(boot_device);
}
static void spapr_create_lmb_dr_connectors(SpaprMachineState *spapr)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 54cdde8980..6d15066bc3 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -227,6 +227,9 @@ struct SpaprMachineState {
/* Secure Guest support via x-svm-allowed */
bool svm_allowed;
+ /* Set by -boot */
+ char *boot_device;
+
/*< public >*/
char *kvm_type;
char *host_model;
--
2.27.0

View File

@ -0,0 +1,52 @@
From 63933b51e447d4acb08d3900ff64d150a3f2bdf8 Mon Sep 17 00:00:00 2001
From: Laurent Vivier <lvivier@redhat.com>
Date: Wed, 9 Jun 2021 05:58:34 -0400
Subject: [PATCH 08/21] spapr: Remove stale comment about power-saving LPCR
bits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [7/8] 12872a0193d22915de5d71d8055094f9f15e63b0 (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: Nicholas Piggin <npiggin@gmail.com>
Commit 47a9b551547 ("spapr: Clean up handling of LPCR power-saving exit
bits") moved this logic but did not remove the comment from the
previous location.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20210526091626.3388262-2-npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
(cherry picked from commit 7be3bf6c8429969f97728bb712d9a99997835607)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
hw/ppc/spapr_rtas.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 8a79f9c628..91c71d1c94 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -164,7 +164,6 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
- /* Enable Power-saving mode Exit Cause exceptions for the new CPU */
lpcr = env->spr[SPR_LPCR];
if (!pcc->interrupts_big_endian(callcpu)) {
lpcr |= LPCR_ILE;
--
2.27.0

View File

@ -0,0 +1,90 @@
From 8bb294ea3f26a8ce01ad76c19a6de359dce0c113 Mon Sep 17 00:00:00 2001
From: Laurent Vivier <lvivier@redhat.com>
Date: Wed, 9 Jun 2021 05:58:35 -0400
Subject: [PATCH 09/21] spapr: Set LPCR to current AIL mode when starting a new
CPU
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [8/8] 7a1cb27881f93c245ab9e8b8540cbd06d4f8c14f (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: Nicholas Piggin <npiggin@gmail.com>
TCG does not keep track of AIL mode in a central place, it's based on
the current LPCR[AIL] bits. Synchronize the new CPU's LPCR to the
current LPCR in rtas_start_cpu(), similarly to the way the ILE bit is
synchronized.
Open-code the ILE setting as well now that the caller's LPCR is
available directly, there is no need for the indirection.
Without this, under both TCG and KVM, adding a POWER8/9/10 class CPU
with a new core ID after a modern Linux has booted results in the new
CPU's LPCR missing the LPCR[AIL]=0b11 setting that the other CPUs have.
This can cause crashes and unexpected behaviour.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20210526091626.3388262-3-npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
(cherry picked from commit ac559ecbea2649819e7b3fdd09f4e0243e0128db)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
hw/ppc/spapr_rtas.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 91c71d1c94..27ab339b0c 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -133,8 +133,8 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
target_ulong id, start, r3;
PowerPCCPU *newcpu;
CPUPPCState *env;
- PowerPCCPUClass *pcc;
target_ulong lpcr;
+ target_ulong caller_lpcr;
if (nargs != 3 || nret != 1) {
rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
@@ -153,7 +153,6 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
}
env = &newcpu->env;
- pcc = POWERPC_CPU_GET_CLASS(newcpu);
if (!CPU(newcpu)->halted) {
rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
@@ -164,10 +163,15 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
+ caller_lpcr = callcpu->env.spr[SPR_LPCR];
lpcr = env->spr[SPR_LPCR];
- if (!pcc->interrupts_big_endian(callcpu)) {
- lpcr |= LPCR_ILE;
- }
+
+ /* Set ILE the same way */
+ lpcr = (lpcr & ~LPCR_ILE) | (caller_lpcr & LPCR_ILE);
+
+ /* Set AIL the same way */
+ lpcr = (lpcr & ~LPCR_AIL) | (caller_lpcr & LPCR_AIL);
+
if (env->mmu_model == POWERPC_MMU_3_00) {
/*
* New cpus are expected to start in the same radix/hash mode
--
2.27.0

View File

@ -0,0 +1,322 @@
From a7752067b45bc05f1127a62e39c38a3361bb1840 Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Thu, 3 Jun 2021 14:04:18 -0400
Subject: [PATCH 07/21] target/i386: Add CPU model versions supporting 'xsaves'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [6/8] 814973113f19a21d10a90fcbbcd881eef354933d (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Hyper-V 2016 refuses to boot on Skylake+ CPU models because they lack
'xsaves'/'vmx-xsaves' features and this diverges from real hardware. The
same issue emerges with AMD "EPYC" CPU model prior to version 3 which got
'xsaves' added. EPYC-Rome/EPYC-Milan CPU models have 'xsaves' enabled from
the very beginning so the comment blaming KVM to explain why other CPUs
lack 'xsaves' is likely outdated.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210412073952.860944-1-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 7bde6b18575dd79c26ce1616e0c33151e83d9d7e)
Conflicts:
target/i386/cpu.c (context, skipping c1826ea6a0520)
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target/i386/cpu.c | 150 +++++++++++++++++++++++++++++-----------------
1 file changed, 94 insertions(+), 56 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c30bb2a6b0..da47c3e50e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2881,12 +2881,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
CPUID_7_0_EBX_SMAP,
- /* Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 4 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -2962,6 +2957,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
}
},
+ {
+ .version = 4,
+ .note = "IBRS, XSAVES, no TSX",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ }
+ }
+ },
{ /* end of list */ }
}
},
@@ -3001,12 +3005,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
.features[FEAT_7_0_ECX] =
CPUID_7_0_ECX_PKU,
- /* Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 5 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -3094,6 +3093,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
}
},
+ {
+ .version = 5,
+ .note = "IBRS, XSAVES, EPT switching, no TSX",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ }
+ }
+ },
{ /* end of list */ }
}
},
@@ -3136,12 +3144,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_ECX_AVX512VNNI,
.features[FEAT_7_0_EDX] =
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
- /* Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 5 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -3225,6 +3228,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ { .version = 5,
+ .note = "ARCH_CAPABILITIES, EPT switching, XSAVES, no TSX",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
@@ -3274,13 +3285,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
.features[FEAT_7_1_EAX] =
CPUID_7_1_EAX_AVX512_BF16,
- /*
- * Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 2 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -3336,6 +3341,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
.xlevel = 0x80000008,
.model_id = "Intel Xeon Processor (Cooperlake)",
+ .versions = (X86CPUVersionDefinition[]) {
+ { .version = 1 },
+ { .version = 2,
+ .note = "XSAVES",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ }
+ },
+ },
+ { /* end of list */ }
+ }
},
{
.name = "Icelake-Client",
@@ -3378,12 +3395,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
.features[FEAT_7_0_EDX] =
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
- /* Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 3 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -3451,6 +3463,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ {
+ .version = 3,
+ .note = "no TSX, XSAVES, deprecated",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
},
.deprecation_note = "use Icelake-Server instead"
@@ -3499,12 +3520,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57,
.features[FEAT_7_0_EDX] =
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
- /* Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 5 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -3597,6 +3613,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ {
+ .version = 5,
+ .note = "XSAVES",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
@@ -3631,13 +3656,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_7_0_EDX] =
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
CPUID_7_0_EDX_SPEC_CTRL_SSBD,
- /*
- * Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is added in version 3 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | CPUID_XSAVE_XGETBV1,
.features[FEAT_6_EAX] =
@@ -3704,6 +3723,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
},
},
+ {
+ .version = 3,
+ .note = "XSAVES, no MPX, no MONITOR",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ },
+ },
+ },
{ /* end of list */ },
},
},
@@ -3762,13 +3790,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EDX_CORE_CAPABILITY,
.features[FEAT_CORE_CAPABILITY] =
MSR_CORE_CAP_SPLIT_LOCK_DETECT,
- /*
- * Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component,
- * and the only one defined in Skylake (processor tracing)
- * probably will block migration anyway.
- */
+ /* XSAVES is is added in version 3 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -3833,6 +3855,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
},
},
+ {
+ .version = 3,
+ .note = "XSAVES, no MPX",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { "vmx-xsaves", "on" },
+ { /* end of list */ },
+ },
+ },
{ /* end of list */ },
},
},
@@ -4114,11 +4145,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT,
- /*
- * Missing: XSAVES (not supported by some Linux versions,
- * including v4.1 to v4.12).
- * KVM doesn't yet expose any XSAVES state save component.
- */
+ /* XSAVES is added in version 2 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
CPUID_XSAVE_XGETBV1,
@@ -4129,6 +4156,17 @@ static X86CPUDefinition builtin_x86_defs[] = {
.xlevel = 0x8000001E,
.model_id = "Hygon Dhyana Processor",
.cache_info = &epyc_cache_info,
+ .versions = (X86CPUVersionDefinition[]) {
+ { .version = 1 },
+ { .version = 2,
+ .note = "XSAVES",
+ .props = (PropValue[]) {
+ { "xsaves", "on" },
+ { /* end of list */ }
+ },
+ },
+ { /* end of list */ }
+ }
},
{
.name = "EPYC-Rome",
--
2.27.0

View File

@ -0,0 +1,262 @@
From ba750c8ed71bc73c79fecefa895192793ef6b7db Mon Sep 17 00:00:00 2001
From: Connor Kuehl <ckuehl@redhat.com>
Date: Wed, 2 Jun 2021 19:39:20 -0400
Subject: [PATCH 05/21] target/i386/sev: add support to query the attestation
report
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
RH-Commit: [4/8] de6088cb0cd1db779b85a50be87846e967f8c92c (mrezanin/centos-src-qemu-kvm)
RH-Bugzilla: 1957194
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: Brijesh Singh <brijesh.singh@amd.com>
The SEV FW >= 0.23 added a new command that can be used to query the
attestation report containing the SHA-256 digest of the guest memory
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
Note, we already have a command (LAUNCH_MEASURE) that can be used to
query the SHA-256 digest of the guest memory encrypted through the
LAUNCH_UPDATE. The main difference between previous and this command
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
command the ATTESATION_REPORT command can be called while the guest
is running.
Add a QMP interface "query-sev-attestation-report" that can be used
to get the report encoded in base64.
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Cc: Eric Blake <eblake@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Reviewed-by: James Bottomley <jejb@linux.ibm.com>
Tested-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Message-Id: <20210429170728.24322-1-brijesh.singh@amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 3ea1a80243d5b5ba23d8c2b7d3a86034ea0ade22)
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
linux-headers/linux/kvm.h | 8 +++++
qapi/misc-target.json | 38 ++++++++++++++++++++++
target/i386/monitor.c | 6 ++++
target/i386/sev-stub.c | 7 ++++
target/i386/sev.c | 67 +++++++++++++++++++++++++++++++++++++++
target/i386/sev_i386.h | 2 ++
target/i386/trace-events | 1 +
7 files changed, 129 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 020b62a619..897f831374 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1591,6 +1591,8 @@ enum sev_cmd_id {
KVM_SEV_DBG_ENCRYPT,
/* Guest certificates commands */
KVM_SEV_CERT_EXPORT,
+ /* Attestation report */
+ KVM_SEV_GET_ATTESTATION_REPORT,
KVM_SEV_NR_MAX,
};
@@ -1643,6 +1645,12 @@ struct kvm_sev_dbg {
__u32 len;
};
+struct kvm_sev_attestation_report {
+ __u8 mnonce[16];
+ __u64 uaddr;
+ __u32 len;
+};
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 0c7491cd82..4b62f0ac05 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -285,3 +285,41 @@
##
{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
'if': 'defined(TARGET_ARM)' }
+
+
+##
+# @SevAttestationReport:
+#
+# The struct describes attestation report for a Secure Encrypted Virtualization
+# feature.
+#
+# @data: guest attestation report (base64 encoded)
+#
+#
+# Since: 6.1
+##
+{ 'struct': 'SevAttestationReport',
+ 'data': { 'data': 'str'},
+ 'if': 'defined(TARGET_I386)' }
+
+##
+# @query-sev-attestation-report:
+#
+# This command is used to get the SEV attestation report, and is supported on AMD
+# X86 platforms only.
+#
+# @mnonce: a random 16 bytes value encoded in base64 (it will be included in report)
+#
+# Returns: SevAttestationReport objects.
+#
+# Since: 6.1
+#
+# Example:
+#
+# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce": "aaaaaaa" } }
+# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
+#
+##
+{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
+ 'returns': 'SevAttestationReport',
+ 'if': 'defined(TARGET_I386)' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 5994408bee..119211f0b0 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -757,3 +757,9 @@ void qmp_sev_inject_launch_secret(const char *packet_hdr,
sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
}
+
+SevAttestationReport *
+qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
+{
+ return sev_get_attestation_report(mnonce, errp);
+}
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index 0207f1c5aa..0227cb5177 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -74,3 +74,10 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size)
{
abort();
}
+
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+ error_setg(errp, "SEV is not available in this QEMU");
+ return NULL;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 72b9e2ab40..740548f213 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -491,6 +491,73 @@ out:
return cap;
}
+SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp)
+{
+ struct kvm_sev_attestation_report input = {};
+ SevAttestationReport *report = NULL;
+ SevGuestState *sev = sev_guest;
+ guchar *data;
+ guchar *buf;
+ gsize len;
+ int err = 0, ret;
+
+ if (!sev_enabled()) {
+ error_setg(errp, "SEV is not enabled");
+ return NULL;
+ }
+
+ /* lets decode the mnonce string */
+ buf = g_base64_decode(mnonce, &len);
+ if (!buf) {
+ error_setg(errp, "SEV: failed to decode mnonce input");
+ return NULL;
+ }
+
+ /* verify the input mnonce length */
+ if (len != sizeof(input.mnonce)) {
+ error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")",
+ sizeof(input.mnonce), len);
+ g_free(buf);
+ return NULL;
+ }
+
+ /* Query the report length */
+ ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
+ &input, &err);
+ if (ret < 0) {
+ if (err != SEV_RET_INVALID_LEN) {
+ error_setg(errp, "failed to query the attestation report length "
+ "ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
+ g_free(buf);
+ return NULL;
+ }
+ }
+
+ data = g_malloc(input.len);
+ input.uaddr = (unsigned long)data;
+ memcpy(input.mnonce, buf, sizeof(input.mnonce));
+
+ /* Query the report */
+ ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
+ &input, &err);
+ if (ret) {
+ error_setg_errno(errp, errno, "Failed to get attestation report"
+ " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
+ goto e_free_data;
+ }
+
+ report = g_new0(SevAttestationReport, 1);
+ report->data = g_base64_encode(data, input.len);
+
+ trace_kvm_sev_attestation_report(mnonce, report->data);
+
+e_free_data:
+ g_free(data);
+ g_free(buf);
+ return report;
+}
+
static int
sev_read_file_base64(const char *filename, guchar **data, gsize *len)
{
diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
index ae221d4c72..ae6d840478 100644
--- a/target/i386/sev_i386.h
+++ b/target/i386/sev_i386.h
@@ -35,5 +35,7 @@ extern uint32_t sev_get_cbit_position(void);
extern uint32_t sev_get_reduced_phys_bits(void);
extern char *sev_get_launch_measurement(void);
extern SevCapability *sev_get_capabilities(Error **errp);
+extern SevAttestationReport *
+sev_get_attestation_report(const char *mnonce, Error **errp);
#endif
diff --git a/target/i386/trace-events b/target/i386/trace-events
index a22ab24e21..8d6437404d 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -10,3 +10,4 @@ kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIx64
kvm_sev_launch_measurement(const char *value) "data %s"
kvm_sev_launch_finish(void) ""
kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d"
+kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s"
--
2.27.0

View File

@ -0,0 +1,146 @@
From a722ec5614bbaa36992653250add7dabd39b12ad Mon Sep 17 00:00:00 2001
From: Leonardo Bras <leobras.c@gmail.com>
Date: Tue, 1 Jun 2021 02:40:31 -0300
Subject: [PATCH 01/21] yank: Unregister function when using TLS migration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Leonardo Brás <leobras@redhat.com>
RH-MergeRequest: 10: yank: Unregister function when using TLS migration
RH-Commit: [1/1] b39e19a3a92dc7f881527198824ce7f402aa9289 (LeoBras/centos-qemu-kvm)
RH-Bugzilla: 1972462
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Peter Xu <Peter Xu <peterx@redhat.com>>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
After yank feature was introduced in migration, whenever migration
is started using TLS, the following error happens in both source and
destination hosts:
(qemu) qemu-kvm: ../util/yank.c:107: yank_unregister_instance:
Assertion `QLIST_EMPTY(&entry->yankfns)' failed.
This happens because of a missing yank_unregister_function() when using
qio-channel-tls.
Fix this by also allowing TYPE_QIO_CHANNEL_TLS object type to perform
yank_unregister_function() in channel_close() and multifd_load_cleanup().
Also, inside migration_channel_connect() and
migration_channel_process_incoming() move yank_register_function() so
it only runs once on a TLS migration.
Fixes: b5eea99ec2f ("migration: Add yank feature", 2021-01-13)
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1964326
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Reviewed-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20210601054030.1153249-1-leobras.c@gmail.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
(cherry picked from commit 7de2e8565335c13fb3516cddbe2e40e366cce273)
Signed-off-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
migration/channel.c | 26 ++++++++++++++------------
migration/multifd.c | 3 ++-
migration/qemu-file-channel.c | 4 +++-
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/migration/channel.c b/migration/channel.c
index c9ee902021..01275a9162 100644
--- a/migration/channel.c
+++ b/migration/channel.c
@@ -38,18 +38,19 @@ void migration_channel_process_incoming(QIOChannel *ioc)
trace_migration_set_incoming_channel(
ioc, object_get_typename(OBJECT(ioc)));
- if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET)) {
- yank_register_function(MIGRATION_YANK_INSTANCE,
- migration_yank_iochannel,
- QIO_CHANNEL(ioc));
- }
-
if (s->parameters.tls_creds &&
*s->parameters.tls_creds &&
!object_dynamic_cast(OBJECT(ioc),
TYPE_QIO_CHANNEL_TLS)) {
migration_tls_channel_process_incoming(s, ioc, &local_err);
} else {
+ if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET) ||
+ object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_TLS)) {
+ yank_register_function(MIGRATION_YANK_INSTANCE,
+ migration_yank_iochannel,
+ QIO_CHANNEL(ioc));
+ }
+
migration_ioc_process_incoming(ioc, &local_err);
}
@@ -76,12 +77,6 @@ void migration_channel_connect(MigrationState *s,
ioc, object_get_typename(OBJECT(ioc)), hostname, error);
if (!error) {
- if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET)) {
- yank_register_function(MIGRATION_YANK_INSTANCE,
- migration_yank_iochannel,
- QIO_CHANNEL(ioc));
- }
-
if (s->parameters.tls_creds &&
*s->parameters.tls_creds &&
!object_dynamic_cast(OBJECT(ioc),
@@ -99,6 +94,13 @@ void migration_channel_connect(MigrationState *s,
} else {
QEMUFile *f = qemu_fopen_channel_output(ioc);
+ if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET) ||
+ object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_TLS)) {
+ yank_register_function(MIGRATION_YANK_INSTANCE,
+ migration_yank_iochannel,
+ QIO_CHANNEL(ioc));
+ }
+
qemu_mutex_lock(&s->qemu_file_lock);
s->to_dst_file = f;
qemu_mutex_unlock(&s->qemu_file_lock);
diff --git a/migration/multifd.c b/migration/multifd.c
index a6677c45c8..a8dedcf822 100644
--- a/migration/multifd.c
+++ b/migration/multifd.c
@@ -987,7 +987,8 @@ int multifd_load_cleanup(Error **errp)
for (i = 0; i < migrate_multifd_channels(); i++) {
MultiFDRecvParams *p = &multifd_recv_state->params[i];
- if (object_dynamic_cast(OBJECT(p->c), TYPE_QIO_CHANNEL_SOCKET)
+ if ((object_dynamic_cast(OBJECT(p->c), TYPE_QIO_CHANNEL_SOCKET) ||
+ object_dynamic_cast(OBJECT(p->c), TYPE_QIO_CHANNEL_TLS))
&& OBJECT(p->c)->ref == 1) {
yank_unregister_function(MIGRATION_YANK_INSTANCE,
migration_yank_iochannel,
diff --git a/migration/qemu-file-channel.c b/migration/qemu-file-channel.c
index 876d05a540..fad340ea7a 100644
--- a/migration/qemu-file-channel.c
+++ b/migration/qemu-file-channel.c
@@ -26,6 +26,7 @@
#include "qemu-file-channel.h"
#include "qemu-file.h"
#include "io/channel-socket.h"
+#include "io/channel-tls.h"
#include "qemu/iov.h"
#include "qemu/yank.h"
#include "yank_functions.h"
@@ -106,7 +107,8 @@ static int channel_close(void *opaque, Error **errp)
int ret;
QIOChannel *ioc = QIO_CHANNEL(opaque);
ret = qio_channel_close(ioc, errp);
- if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET)
+ if ((object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET) ||
+ object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_TLS))
&& OBJECT(ioc)->ref == 1) {
yank_unregister_function(MIGRATION_YANK_INSTANCE,
migration_yank_iochannel,
--
2.27.0

View File

@ -1,13 +1,27 @@
%global SLOF_gittagdate 20191022
%global SLOF_gittagcommit 899d9883
%global libfdt_version 1.6.0
%global libseccomp_version 2.4.0
%global libusbx_version 1.0.23
%global meson_version 0.55.3-3
%global usbredir_version 0.7.1
%global have_usbredir 1
%global have_opengl 1
%global have_fdt 0
%global have_kvm_setup 0
%global have_memlock_limits 0
# have_block_rbd is not relevant for RHEL but makes it
# easier to sync spec dependency list with Fedora
%global have_block_rbd 1
%global have_pmem 1
%ifnarch x86_64
%global have_pmem 0
%endif
%global have_numactl 1
%ifarch s390x
%global have_numactl 0
%endif
%ifnarch %{ix86} x86_64
%global have_usbredir 0
@ -60,13 +74,12 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 6.0.0
Release: 5%{?rcversion}%{?dist}
Release: 6%{?rcversion}%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
# Epoch 15 used for RHEL 8
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
Epoch: 17
License: GPLv2 and GPLv2+ and CC-BY
Group: Development/Tools
URL: http://www.qemu.org/
ExclusiveArch: x86_64 %{power64} aarch64 s390x
@ -144,101 +157,83 @@ Patch32: kvm-virtio-scsi-Set-host-notifiers-and-callbacks-separat.patch
Patch33: kvm-virtio-scsi-Configure-all-host-notifiers-in-a-single.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch34: kvm-hw-arm-smmuv3-Another-range-invalidation-fix.patch
# For bz#1972462 - QEMU core dump when doing TLS migration via TCP
Patch35: kvm-yank-Unregister-function-when-using-TLS-migration.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch36: kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch37: kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch38: kvm-target-i386-sev-add-support-to-query-the-attestation.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch39: kvm-spapr-Don-t-hijack-current_machine-boot_order.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch40: kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch41: kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
Patch42: kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch
BuildRequires: wget
BuildRequires: rpm-build
BuildRequires: ninja-build
BuildRequires: meson >= 0.55.3-3
# Source-git patches
BuildRequires: meson >= %{meson_version}
BuildRequires: zlib-devel
BuildRequires: glib2-devel
BuildRequires: which
BuildRequires: gnutls-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libtool
BuildRequires: libaio-devel
BuildRequires: rsync
BuildRequires: python3-devel
BuildRequires: pciutils-devel
BuildRequires: libiscsi-devel
BuildRequires: ncurses-devel
BuildRequires: libattr-devel
BuildRequires: libusbx-devel >= 1.0.23
BuildRequires: libusbx-devel >= %{libusbx_version}
%if %{have_usbredir}
BuildRequires: usbredir-devel >= 0.7.1
BuildRequires: usbredir-devel >= %{usbredir_version}
%endif
BuildRequires: texinfo
BuildRequires: python3-sphinx
BuildRequires: libseccomp-devel >= 2.4.0
BuildRequires: libseccomp-devel >= %{libseccomp_version}
# For network block driver
BuildRequires: libcurl-devel
BuildRequires: libssh-devel
BuildRequires: librados-devel
%if %{have_block_rbd}
BuildRequires: librbd-devel
%endif
# We need both because the 'stap' binary is probed for by configure
BuildRequires: systemtap
BuildRequires: systemtap-sdt-devel
# For VNC PNG support
BuildRequires: libpng-devel
# For uuid generation
BuildRequires: libuuid-devel
# For Braille device support
BuildRequires: brlapi-devel
# For test suite
BuildRequires: check-devel
# For virtiofs
BuildRequires: libcap-ng-devel
# Hard requirement for version >= 1.3
BuildRequires: pixman-devel
# Documentation requirement
BuildRequires: perl-podlators
BuildRequires: texinfo
BuildRequires: python3-sphinx
# For rdma
%if 0%{?have_librdma}
%if %{have_librdma}
BuildRequires: rdma-core-devel
%endif
%if %{have_fdt}
BuildRequires: libfdt-devel >= 1.6.0
%endif
# iasl and cpp for acpi generation (not a hard requirement as we can use
# pre-compiled files, but it's better to use this)
%ifarch %{ix86} x86_64
BuildRequires: iasl
BuildRequires: cpp
BuildRequires: libfdt-devel >= %{libfdt_version}
%endif
# For compressed guest memory dumps
BuildRequires: lzo-devel snappy-devel
# For NUMA memory binding
%ifnarch s390x
%if %{have_numactl}
BuildRequires: numactl-devel
%endif
BuildRequires: libgcrypt-devel
# qemu-pr-helper multipath support (requires libudev too)
BuildRequires: device-mapper-multipath-devel
BuildRequires: systemd-devel
# used by qemu-bridge-helper and qemu-pr-helper
BuildRequires: libcap-ng-devel
BuildRequires: diffutils
%ifarch x86_64
%if %{have_pmem}
BuildRequires: libpmem-devel
Requires: libpmem
%endif
# qemu-keymap
BuildRequires: pkgconfig(xkbcommon)
# For s390-pgste flag
%ifarch s390x
BuildRequires: binutils >= 2.27-16
%endif
%if %{have_opengl}
BuildRequires: pkgconfig(epoxy)
BuildRequires: pkgconfig(libdrm)
BuildRequires: pkgconfig(gbm)
%endif
BuildRequires: perl-Test-Harness
BuildRequires: libslirp-devel
@ -267,19 +262,17 @@ Requires: edk2-ovmf
Requires: edk2-aarch64
%endif
Requires: libseccomp >= 2.4.0
# For compressed guest memory dumps
Requires: lzo snappy
Requires: libseccomp >= %{libseccomp_version}
%if %{have_kvm_setup}
Requires(post): systemd-units
Requires(preun): systemd-units
%endif
Requires: libusbx >= 1.0.23
Requires: libusbx >= %{libusbx_version}
%if %{have_usbredir}
Requires: usbredir >= 0.7.1
Requires: usbredir >= %{usbredir_version}
%endif
%if %{have_fdt}
Requires: libfdt >= 1.6.0
Requires: libfdt >= %{libfdt_version}
%endif
# Since SPICE is removed from RHEL-9, the following Obsoletes:
@ -303,14 +296,12 @@ qemu-kvm-docs provides documentation files regarding qemu-kvm.
%package -n qemu-img
Summary: QEMU command line tool for manipulating disk images
Group: Development/Tools
%description -n qemu-img
This package provides a command line tool for manipulating disk images.
%package -n qemu-kvm-common
Summary: QEMU common files needed by all QEMU targets
Group: Development/Tools
Requires(post): /usr/bin/getent
Requires(post): /usr/sbin/groupadd
Requires(post): /usr/sbin/useradd
@ -593,7 +584,7 @@ pushd %{qemu_kvm_build}
--enable-curl \
--enable-debug-info \
--enable-docs \
%if 0%{have_fdt}
%if %{have_fdt}
--enable-fdt \
%endif
--enable-gcrypt \
@ -602,7 +593,7 @@ pushd %{qemu_kvm_build}
--enable-iconv \
--enable-kvm \
--enable-libiscsi \
%ifarch x86_64
%if %{have_pmem}
--enable-libpmem \
%endif
--enable-libssh \
@ -613,15 +604,17 @@ pushd %{qemu_kvm_build}
--enable-malloc-trim \
--enable-modules \
--enable-mpath \
%ifnarch s390x
%if %{have_numactl}
--enable-numa \
%endif
%if 0%{have_opengl}
%if %{have_opengl}
--enable-opengl \
%endif
--enable-pie \
%if %{have_block_rbd}
--enable-rbd \
%if 0%{have_librdma}
%endif
%if %{have_librdma}
--enable-rdma \
%endif
--enable-seccomp \
@ -632,7 +625,7 @@ pushd %{qemu_kvm_build}
--enable-tools \
--enable-tpm \
--enable-trace-backend=dtrace \
%if 0%{have_usbredir}
%if %{have_usbredir}
--enable-usb-redir \
%endif
--enable-virtiofsd \
@ -687,6 +680,12 @@ make V=1 %{?_smp_mflags} $buildldflags
cp -a %{kvm_target}-softmmu/qemu-system-%{kvm_target} qemu-kvm
%ifarch s390x
# Copy the built new images into place for "make check":
cp pc-bios/s390-ccw/s390-ccw.img pc-bios/s390-ccw/s390-netboot.img pc-bios/
%endif
gcc %{SOURCE6} $RPM_OPT_FLAGS $RPM_LD_FLAGS -o ksmctl
%endif
popd
@ -872,6 +871,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/skiboot.lid
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/qboot.rom
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/s390-ccw.img
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/s390-netboot.img
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/hppa-firmware.img
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/canyonlands.dtb
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/u-boot-sam460-20100605.bin
@ -894,10 +894,10 @@ rm -rf ${RPM_BUILD_ROOT}%{_libexecdir}/virtfs-proxy-helper
rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/virtfs-proxy-helper*
%ifarch s390x
# Use the s390-ccw.img that we've just built, not the pre-built one
# Use the s390-*.img that we've just built, not the pre-built ones
install -m 0644 pc-bios/s390-ccw/s390-ccw.img $RPM_BUILD_ROOT%{_datadir}/%{name}/
install -m 0644 pc-bios/s390-ccw/s390-netboot.img $RPM_BUILD_ROOT%{_datadir}/%{name}/
%else
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/s390-netboot.img
rm -rf ${RPM_BUILD_ROOT}%{_libdir}/qemu-kvm/hw-s390x-virtio-gpu-ccw.so
%endif
@ -962,13 +962,13 @@ rom_link() {
rom_link ../sgabios/sgabios.bin sgabios.bin
%endif
%if 0%{have_kvm_setup}
%if %{have_kvm_setup}
install -D -p -m 755 %{SOURCE21} $RPM_BUILD_ROOT%{_prefix}/lib/systemd/kvm-setup
install -D -p -m 644 %{SOURCE22} $RPM_BUILD_ROOT%{_unitdir}/kvm-setup.service
install -D -p -m 644 %{SOURCE23} $RPM_BUILD_ROOT%{_presetdir}/85-kvm.preset
%endif
%if 0%{have_memlock_limits}
%if %{have_memlock_limits}
install -D -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT%{_sysconfdir}/security/limits.d/95-kvm-memlock.conf
%endif
@ -1000,7 +1000,7 @@ popd
%check
pushd %{qemu_kvm_build}
echo "Testing qemu-kvm-build"
export DIFF=diff; make check V=1
make check V=1
popd
%post -n qemu-kvm-common
@ -1050,7 +1050,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
# Deliberately empty
%files -n qemu-kvm-docs
%defattr(-,root,root)
%dir %{qemudocdir}
%doc %{qemudocdir}/genindex.html
%doc %{qemudocdir}/search.html
@ -1071,7 +1070,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%doc %{qemudocdir}/_static/*
%files -n qemu-kvm-common
%defattr(-,root,root)
%{_mandir}/man7/qemu-qmp-ref.7*
%{_mandir}/man7/qemu-cpu-models.7*
%{_bindir}/qemu-keymap
@ -1139,19 +1137,18 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%{_datadir}/%{name}/linuxboot_dma.bin
%{_datadir}/%{name}/dump-guest-memory.py*
%{_datadir}/%{name}/trace-events-all
%if 0%{have_kvm_setup}
%if %{have_kvm_setup}
%{_prefix}/lib/systemd/kvm-setup
%{_unitdir}/kvm-setup.service
%{_presetdir}/85-kvm.preset
%endif
%if 0%{have_memlock_limits}
%if %{have_memlock_limits}
%{_sysconfdir}/security/limits.d/95-kvm-memlock.conf
%endif
%{_libexecdir}/virtiofsd
%{_datadir}/%{name}/vhost-user/50-qemu-virtiofsd.json
%files -n qemu-kvm-core
%defattr(-,root,root)
%{_libexecdir}/qemu-kvm
%{_datadir}/systemtap/tapset/qemu-kvm.stp
%{_datadir}/systemtap/tapset/qemu-kvm-log.stp
@ -1171,7 +1168,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%endif
%files -n qemu-img
%defattr(-,root,root)
%{_bindir}/qemu-img
%{_bindir}/qemu-io
%{_bindir}/qemu-nbd
@ -1182,7 +1178,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%{_mandir}/man7/qemu-storage-daemon-qmp-ref.7*
%files -n qemu-guest-agent
%defattr(-,root,root,-)
%doc COPYING README.rst
%{_bindir}/qemu-ga
%{_mandir}/man8/qemu-ga.8*
@ -1210,7 +1205,7 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%files block-ssh
%{_libdir}/qemu-kvm/block-ssh.so
%if 0%{have_opengl}
%if %{have_opengl}
%files ui-opengl
%{_libdir}/qemu-kvm/ui-egl-headless.so
%{_libdir}/qemu-kvm/ui-opengl.so
@ -1218,6 +1213,24 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%endif
%changelog
* Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-6
- kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462]
- kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194]
- kvm-redhat-Install-the-s390-netboot.img-that-we-ve-built.patch [bz#1957194]
- kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch [bz#1957194]
- kvm-target-i386-sev-add-support-to-query-the-attestation.patch [bz#1957194]
- kvm-spapr-Don-t-hijack-current_machine-boot_order.patch [bz#1957194]
- kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch [bz#1957194]
- kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1957194]
- kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1957194]
- Specfile cleanup [bz#1973029]
- Resolves: bz#1972462
(QEMU core dump when doing TLS migration via TCP)
- Resolves: bz#1957194
(Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta)
- Resolves: bz#1973029
(Spec file cleanups)
* Tue Jun 08 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-5
- kvm-arm-virt-Register-highmem-and-gic-version-as-class-p.patch [bz#1952449]
- kvm-hw-arm-virt-Add-8.5-and-9.0-machine-types-and-remove.patch [bz#1952449]