* Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-6
- kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462] - kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194] - kvm-redhat-Install-the-s390-netboot.img-that-we-ve-built.patch [bz#1957194] - kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch [bz#1957194] - kvm-target-i386-sev-add-support-to-query-the-attestation.patch [bz#1957194] - kvm-spapr-Don-t-hijack-current_machine-boot_order.patch [bz#1957194] - kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch [bz#1957194] - kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1957194] - kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1957194] - Specfile cleanup [bz#1973029] - Resolves: bz#1972462 (QEMU core dump when doing TLS migration via TCP) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1973029 (Spec file cleanups)
This commit is contained in:
parent
7b74d99404
commit
73d2f941db
@ -0,0 +1,51 @@
|
||||
From bd1d37e3536136130df41ac8162ce5bb4f361f87 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Tue, 1 Jun 2021 08:52:10 -0400
|
||||
Subject: [PATCH 02/21] pc-bios/s390-ccw: don't try to read the next block if
|
||||
end of chunk is reached
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [1/8] 69a43520a9e7f0ab92bdfdc47281c7606f5159e7 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||
|
||||
Don't read the block if a null block number is reached, because this means that
|
||||
the end of chunk is reached.
|
||||
|
||||
Reviewed-by: Collin Walling <walling@linux.ibm.com>
|
||||
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||
Message-Id: <20210416074736.17409-1-mhartmay@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
(cherry picked from commit a6625d38cce3901a7c1cba069f0abcf743a293f1)
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/bootmap.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
|
||||
index 44df7d16af..b46997c0b7 100644
|
||||
--- a/pc-bios/s390-ccw/bootmap.c
|
||||
+++ b/pc-bios/s390-ccw/bootmap.c
|
||||
@@ -213,7 +213,7 @@ static int eckd_get_boot_menu_index(block_number_t s1b_block_nr)
|
||||
next_block_nr = eckd_block_num(&s1b->seek[i + 1].chs);
|
||||
}
|
||||
|
||||
- if (next_block_nr) {
|
||||
+ if (next_block_nr && !is_null_block_number(next_block_nr)) {
|
||||
read_block(next_block_nr, s2_next_blk,
|
||||
"Cannot read stage2 boot loader");
|
||||
}
|
||||
--
|
||||
2.27.0
|
||||
|
115
kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch
Normal file
115
kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch
Normal file
@ -0,0 +1,115 @@
|
||||
From 415a6a1ced90cc8b8691eb7ab027bba4611fc236 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Date: Wed, 2 Jun 2021 15:51:02 -0400
|
||||
Subject: [PATCH 04/21] sockets: update SOCKET_ADDRESS_TYPE_FD listen(2)
|
||||
backlog
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [3/8] a8fd97eb477ad51fca75c1cc344185e1de59caf1 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
socket_get_fd() fails with the error "socket_get_fd: too many
|
||||
connections" if the given listen backlog value is not 1.
|
||||
|
||||
Not all callers set the backlog to 1. For example, commit
|
||||
582d4210eb2f2ab5baac328fe4b479cd86da1647 ("qemu-nbd: Use SOMAXCONN for
|
||||
socket listen() backlog") uses SOMAXCONN. This will always fail with in
|
||||
socket_get_fd().
|
||||
|
||||
This patch calls listen(2) on the fd to update the backlog value. The
|
||||
socket may already be in the listen state. I have tested that this works
|
||||
on Linux 5.10 and macOS Catalina.
|
||||
|
||||
As a bonus this allows us to detect when the fd cannot listen. Now we'll
|
||||
be able to catch unbound or connected fds in socket_listen().
|
||||
|
||||
Drop the num argument from socket_get_fd() since this function is also
|
||||
called by socket_connect() where a listen backlog value does not make
|
||||
sense.
|
||||
|
||||
Fixes: e5b6353cf25c99c3f08bf51e29933352f7140e8f ("socket: Add backlog parameter to socket_listen")
|
||||
Reported-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Cc: Juan Quintela <quintela@redhat.com>
|
||||
Cc: Eric Blake <eblake@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20210310173004.420190-1-stefanha@redhat.com>
|
||||
Tested-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
(cherry picked from commit 37179e9ea45d6428b29ae789209c119ac18c1d39)
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
util/qemu-sockets.c | 29 ++++++++++++++++++++++-------
|
||||
1 file changed, 22 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
|
||||
index 8af0278f15..2463c49773 100644
|
||||
--- a/util/qemu-sockets.c
|
||||
+++ b/util/qemu-sockets.c
|
||||
@@ -1116,14 +1116,10 @@ fail:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-static int socket_get_fd(const char *fdstr, int num, Error **errp)
|
||||
+static int socket_get_fd(const char *fdstr, Error **errp)
|
||||
{
|
||||
Monitor *cur_mon = monitor_cur();
|
||||
int fd;
|
||||
- if (num != 1) {
|
||||
- error_setg_errno(errp, EINVAL, "socket_get_fd: too many connections");
|
||||
- return -1;
|
||||
- }
|
||||
if (cur_mon) {
|
||||
fd = monitor_get_fd(cur_mon, fdstr, errp);
|
||||
if (fd < 0) {
|
||||
@@ -1159,7 +1155,7 @@ int socket_connect(SocketAddress *addr, Error **errp)
|
||||
break;
|
||||
|
||||
case SOCKET_ADDRESS_TYPE_FD:
|
||||
- fd = socket_get_fd(addr->u.fd.str, 1, errp);
|
||||
+ fd = socket_get_fd(addr->u.fd.str, errp);
|
||||
break;
|
||||
|
||||
case SOCKET_ADDRESS_TYPE_VSOCK:
|
||||
@@ -1187,7 +1183,26 @@ int socket_listen(SocketAddress *addr, int num, Error **errp)
|
||||
break;
|
||||
|
||||
case SOCKET_ADDRESS_TYPE_FD:
|
||||
- fd = socket_get_fd(addr->u.fd.str, num, errp);
|
||||
+ fd = socket_get_fd(addr->u.fd.str, errp);
|
||||
+ if (fd < 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * If the socket is not yet in the listen state, then transition it to
|
||||
+ * the listen state now.
|
||||
+ *
|
||||
+ * If it's already listening then this updates the backlog value as
|
||||
+ * requested.
|
||||
+ *
|
||||
+ * If this socket cannot listen because it's already in another state
|
||||
+ * (e.g. unbound or connected) then we'll catch the error here.
|
||||
+ */
|
||||
+ if (listen(fd, num) != 0) {
|
||||
+ error_setg_errno(errp, errno, "Failed to listen on fd socket");
|
||||
+ closesocket(fd);
|
||||
+ return -1;
|
||||
+ }
|
||||
break;
|
||||
|
||||
case SOCKET_ADDRESS_TYPE_VSOCK:
|
||||
--
|
||||
2.27.0
|
||||
|
115
kvm-spapr-Don-t-hijack-current_machine-boot_order.patch
Normal file
115
kvm-spapr-Don-t-hijack-current_machine-boot_order.patch
Normal file
@ -0,0 +1,115 @@
|
||||
From b859b919acc83ea12c5c5b2991afac47e9532660 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Kurz <gkurz@redhat.com>
|
||||
Date: Thu, 3 Jun 2021 13:29:40 -0400
|
||||
Subject: [PATCH 06/21] spapr: Don't hijack current_machine->boot_order
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [5/8] 04822ea86e438f013915cd46e09a33627a640a47 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: Greg Kurz <groug@kaod.org>
|
||||
|
||||
QEMU 6.0 moved all the -boot variables to the machine. Especially, the
|
||||
removal of the boot_order static changed the handling of '-boot once'
|
||||
from:
|
||||
|
||||
if (boot_once) {
|
||||
qemu_boot_set(boot_once, &error_fatal);
|
||||
qemu_register_reset(restore_boot_order, g_strdup(boot_order));
|
||||
}
|
||||
|
||||
to
|
||||
|
||||
if (current_machine->boot_once) {
|
||||
qemu_boot_set(current_machine->boot_once, &error_fatal);
|
||||
qemu_register_reset(restore_boot_order,
|
||||
g_strdup(current_machine->boot_order));
|
||||
}
|
||||
|
||||
This means that we now register as subsequent boot order a copy
|
||||
of current_machine->boot_once that was just set with the previous
|
||||
call to qemu_boot_set(), i.e. we never transition away from the
|
||||
once boot order.
|
||||
|
||||
It is certainly fragile^Wwrong for the spapr code to hijack a
|
||||
field of the base machine type object like that. The boot order
|
||||
rework simply turned this software boundary violation into an
|
||||
actual bug.
|
||||
|
||||
Have the spapr code to handle that with its own field in
|
||||
SpaprMachineState. Also kfree() the initial boot device
|
||||
string when "once" was used.
|
||||
|
||||
Fixes: 4b7acd2ac821 ("vl: clean up -boot variables")
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1960119
|
||||
Cc: pbonzini@redhat.com
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
Message-Id: <20210521160735.1901914-1-groug@kaod.org>
|
||||
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||
(cherry picked from commit 3bf0844f3be77b24cc8f56fc8df9ff199f8324cb)
|
||||
Signed-off-by: Greg Kurz <gkurz@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
include/hw/ppc/spapr.h
|
||||
|
||||
Trivial context conflict because downstream has experimental support
|
||||
for secure guests (f23e4b5090ba).
|
||||
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
hw/ppc/spapr.c | 8 +++++---
|
||||
include/hw/ppc/spapr.h | 3 +++
|
||||
2 files changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
|
||||
index 653574ba91..11db32c537 100644
|
||||
--- a/hw/ppc/spapr.c
|
||||
+++ b/hw/ppc/spapr.c
|
||||
@@ -1006,7 +1006,7 @@ static void spapr_dt_chosen(SpaprMachineState *spapr, void *fdt, bool reset)
|
||||
_FDT(chosen = fdt_add_subnode(fdt, 0, "chosen"));
|
||||
|
||||
if (reset) {
|
||||
- const char *boot_device = machine->boot_order;
|
||||
+ const char *boot_device = spapr->boot_device;
|
||||
char *stdout_path = spapr_vio_stdout_path(spapr->vio_bus);
|
||||
size_t cb = 0;
|
||||
char *bootlist = get_boot_devices_list(&cb);
|
||||
@@ -2364,8 +2364,10 @@ static SaveVMHandlers savevm_htab_handlers = {
|
||||
static void spapr_boot_set(void *opaque, const char *boot_device,
|
||||
Error **errp)
|
||||
{
|
||||
- MachineState *machine = MACHINE(opaque);
|
||||
- machine->boot_order = g_strdup(boot_device);
|
||||
+ SpaprMachineState *spapr = SPAPR_MACHINE(opaque);
|
||||
+
|
||||
+ g_free(spapr->boot_device);
|
||||
+ spapr->boot_device = g_strdup(boot_device);
|
||||
}
|
||||
|
||||
static void spapr_create_lmb_dr_connectors(SpaprMachineState *spapr)
|
||||
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
|
||||
index 54cdde8980..6d15066bc3 100644
|
||||
--- a/include/hw/ppc/spapr.h
|
||||
+++ b/include/hw/ppc/spapr.h
|
||||
@@ -227,6 +227,9 @@ struct SpaprMachineState {
|
||||
/* Secure Guest support via x-svm-allowed */
|
||||
bool svm_allowed;
|
||||
|
||||
+ /* Set by -boot */
|
||||
+ char *boot_device;
|
||||
+
|
||||
/*< public >*/
|
||||
char *kvm_type;
|
||||
char *host_model;
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,52 @@
|
||||
From 63933b51e447d4acb08d3900ff64d150a3f2bdf8 Mon Sep 17 00:00:00 2001
|
||||
From: Laurent Vivier <lvivier@redhat.com>
|
||||
Date: Wed, 9 Jun 2021 05:58:34 -0400
|
||||
Subject: [PATCH 08/21] spapr: Remove stale comment about power-saving LPCR
|
||||
bits
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [7/8] 12872a0193d22915de5d71d8055094f9f15e63b0 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: Nicholas Piggin <npiggin@gmail.com>
|
||||
|
||||
Commit 47a9b551547 ("spapr: Clean up handling of LPCR power-saving exit
|
||||
bits") moved this logic but did not remove the comment from the
|
||||
previous location.
|
||||
|
||||
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
|
||||
Message-Id: <20210526091626.3388262-2-npiggin@gmail.com>
|
||||
Reviewed-by: Cédric Le Goater <clg@kaod.org>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||
(cherry picked from commit 7be3bf6c8429969f97728bb712d9a99997835607)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
hw/ppc/spapr_rtas.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
|
||||
index 8a79f9c628..91c71d1c94 100644
|
||||
--- a/hw/ppc/spapr_rtas.c
|
||||
+++ b/hw/ppc/spapr_rtas.c
|
||||
@@ -164,7 +164,6 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||
|
||||
env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
|
||||
|
||||
- /* Enable Power-saving mode Exit Cause exceptions for the new CPU */
|
||||
lpcr = env->spr[SPR_LPCR];
|
||||
if (!pcc->interrupts_big_endian(callcpu)) {
|
||||
lpcr |= LPCR_ILE;
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,90 @@
|
||||
From 8bb294ea3f26a8ce01ad76c19a6de359dce0c113 Mon Sep 17 00:00:00 2001
|
||||
From: Laurent Vivier <lvivier@redhat.com>
|
||||
Date: Wed, 9 Jun 2021 05:58:35 -0400
|
||||
Subject: [PATCH 09/21] spapr: Set LPCR to current AIL mode when starting a new
|
||||
CPU
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [8/8] 7a1cb27881f93c245ab9e8b8540cbd06d4f8c14f (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: Nicholas Piggin <npiggin@gmail.com>
|
||||
|
||||
TCG does not keep track of AIL mode in a central place, it's based on
|
||||
the current LPCR[AIL] bits. Synchronize the new CPU's LPCR to the
|
||||
current LPCR in rtas_start_cpu(), similarly to the way the ILE bit is
|
||||
synchronized.
|
||||
|
||||
Open-code the ILE setting as well now that the caller's LPCR is
|
||||
available directly, there is no need for the indirection.
|
||||
|
||||
Without this, under both TCG and KVM, adding a POWER8/9/10 class CPU
|
||||
with a new core ID after a modern Linux has booted results in the new
|
||||
CPU's LPCR missing the LPCR[AIL]=0b11 setting that the other CPUs have.
|
||||
This can cause crashes and unexpected behaviour.
|
||||
|
||||
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
|
||||
Message-Id: <20210526091626.3388262-3-npiggin@gmail.com>
|
||||
Reviewed-by: Cédric Le Goater <clg@kaod.org>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||
(cherry picked from commit ac559ecbea2649819e7b3fdd09f4e0243e0128db)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
hw/ppc/spapr_rtas.c | 14 +++++++++-----
|
||||
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
|
||||
index 91c71d1c94..27ab339b0c 100644
|
||||
--- a/hw/ppc/spapr_rtas.c
|
||||
+++ b/hw/ppc/spapr_rtas.c
|
||||
@@ -133,8 +133,8 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||
target_ulong id, start, r3;
|
||||
PowerPCCPU *newcpu;
|
||||
CPUPPCState *env;
|
||||
- PowerPCCPUClass *pcc;
|
||||
target_ulong lpcr;
|
||||
+ target_ulong caller_lpcr;
|
||||
|
||||
if (nargs != 3 || nret != 1) {
|
||||
rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
|
||||
@@ -153,7 +153,6 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||
}
|
||||
|
||||
env = &newcpu->env;
|
||||
- pcc = POWERPC_CPU_GET_CLASS(newcpu);
|
||||
|
||||
if (!CPU(newcpu)->halted) {
|
||||
rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
|
||||
@@ -164,10 +163,15 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
|
||||
|
||||
env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
|
||||
|
||||
+ caller_lpcr = callcpu->env.spr[SPR_LPCR];
|
||||
lpcr = env->spr[SPR_LPCR];
|
||||
- if (!pcc->interrupts_big_endian(callcpu)) {
|
||||
- lpcr |= LPCR_ILE;
|
||||
- }
|
||||
+
|
||||
+ /* Set ILE the same way */
|
||||
+ lpcr = (lpcr & ~LPCR_ILE) | (caller_lpcr & LPCR_ILE);
|
||||
+
|
||||
+ /* Set AIL the same way */
|
||||
+ lpcr = (lpcr & ~LPCR_AIL) | (caller_lpcr & LPCR_AIL);
|
||||
+
|
||||
if (env->mmu_model == POWERPC_MMU_3_00) {
|
||||
/*
|
||||
* New cpus are expected to start in the same radix/hash mode
|
||||
--
|
||||
2.27.0
|
||||
|
322
kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch
Normal file
322
kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch
Normal file
@ -0,0 +1,322 @@
|
||||
From a7752067b45bc05f1127a62e39c38a3361bb1840 Mon Sep 17 00:00:00 2001
|
||||
From: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Date: Thu, 3 Jun 2021 14:04:18 -0400
|
||||
Subject: [PATCH 07/21] target/i386: Add CPU model versions supporting 'xsaves'
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [6/8] 814973113f19a21d10a90fcbbcd881eef354933d (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
Hyper-V 2016 refuses to boot on Skylake+ CPU models because they lack
|
||||
'xsaves'/'vmx-xsaves' features and this diverges from real hardware. The
|
||||
same issue emerges with AMD "EPYC" CPU model prior to version 3 which got
|
||||
'xsaves' added. EPYC-Rome/EPYC-Milan CPU models have 'xsaves' enabled from
|
||||
the very beginning so the comment blaming KVM to explain why other CPUs
|
||||
lack 'xsaves' is likely outdated.
|
||||
|
||||
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Message-Id: <20210412073952.860944-1-vkuznets@redhat.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit 7bde6b18575dd79c26ce1616e0c33151e83d9d7e)
|
||||
|
||||
Conflicts:
|
||||
target/i386/cpu.c (context, skipping c1826ea6a0520)
|
||||
|
||||
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
target/i386/cpu.c | 150 +++++++++++++++++++++++++++++-----------------
|
||||
1 file changed, 94 insertions(+), 56 deletions(-)
|
||||
|
||||
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
||||
index c30bb2a6b0..da47c3e50e 100644
|
||||
--- a/target/i386/cpu.c
|
||||
+++ b/target/i386/cpu.c
|
||||
@@ -2881,12 +2881,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
|
||||
CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
|
||||
CPUID_7_0_EBX_SMAP,
|
||||
- /* Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 4 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -2962,6 +2957,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ }
|
||||
}
|
||||
},
|
||||
+ {
|
||||
+ .version = 4,
|
||||
+ .note = "IBRS, XSAVES, no TSX",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ }
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
}
|
||||
},
|
||||
@@ -3001,12 +3005,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
|
||||
.features[FEAT_7_0_ECX] =
|
||||
CPUID_7_0_ECX_PKU,
|
||||
- /* Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 5 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -3094,6 +3093,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ }
|
||||
}
|
||||
},
|
||||
+ {
|
||||
+ .version = 5,
|
||||
+ .note = "IBRS, XSAVES, EPT switching, no TSX",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ }
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
}
|
||||
},
|
||||
@@ -3136,12 +3144,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_ECX_AVX512VNNI,
|
||||
.features[FEAT_7_0_EDX] =
|
||||
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
|
||||
- /* Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 5 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -3225,6 +3228,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ }
|
||||
},
|
||||
},
|
||||
+ { .version = 5,
|
||||
+ .note = "ARCH_CAPABILITIES, EPT switching, XSAVES, no TSX",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ },
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
}
|
||||
},
|
||||
@@ -3274,13 +3285,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
|
||||
.features[FEAT_7_1_EAX] =
|
||||
CPUID_7_1_EAX_AVX512_BF16,
|
||||
- /*
|
||||
- * Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 2 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -3336,6 +3341,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
.features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
|
||||
.xlevel = 0x80000008,
|
||||
.model_id = "Intel Xeon Processor (Cooperlake)",
|
||||
+ .versions = (X86CPUVersionDefinition[]) {
|
||||
+ { .version = 1 },
|
||||
+ { .version = 2,
|
||||
+ .note = "XSAVES",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ },
|
||||
+ },
|
||||
+ { /* end of list */ }
|
||||
+ }
|
||||
},
|
||||
{
|
||||
.name = "Icelake-Client",
|
||||
@@ -3378,12 +3395,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
|
||||
.features[FEAT_7_0_EDX] =
|
||||
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
|
||||
- /* Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 3 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -3451,6 +3463,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ }
|
||||
},
|
||||
},
|
||||
+ {
|
||||
+ .version = 3,
|
||||
+ .note = "no TSX, XSAVES, deprecated",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ },
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
},
|
||||
.deprecation_note = "use Icelake-Server instead"
|
||||
@@ -3499,12 +3520,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57,
|
||||
.features[FEAT_7_0_EDX] =
|
||||
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
|
||||
- /* Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 5 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -3597,6 +3613,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ }
|
||||
},
|
||||
},
|
||||
+ {
|
||||
+ .version = 5,
|
||||
+ .note = "XSAVES",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ },
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
}
|
||||
},
|
||||
@@ -3631,13 +3656,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
.features[FEAT_7_0_EDX] =
|
||||
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
|
||||
CPUID_7_0_EDX_SPEC_CTRL_SSBD,
|
||||
- /*
|
||||
- * Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is added in version 3 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | CPUID_XSAVE_XGETBV1,
|
||||
.features[FEAT_6_EAX] =
|
||||
@@ -3704,6 +3723,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ },
|
||||
},
|
||||
},
|
||||
+ {
|
||||
+ .version = 3,
|
||||
+ .note = "XSAVES, no MPX, no MONITOR",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ },
|
||||
+ },
|
||||
+ },
|
||||
{ /* end of list */ },
|
||||
},
|
||||
},
|
||||
@@ -3762,13 +3790,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_EDX_CORE_CAPABILITY,
|
||||
.features[FEAT_CORE_CAPABILITY] =
|
||||
MSR_CORE_CAP_SPLIT_LOCK_DETECT,
|
||||
- /*
|
||||
- * Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component,
|
||||
- * and the only one defined in Skylake (processor tracing)
|
||||
- * probably will block migration anyway.
|
||||
- */
|
||||
+ /* XSAVES is is added in version 3 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -3833,6 +3855,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
{ /* end of list */ },
|
||||
},
|
||||
},
|
||||
+ {
|
||||
+ .version = 3,
|
||||
+ .note = "XSAVES, no MPX",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { "vmx-xsaves", "on" },
|
||||
+ { /* end of list */ },
|
||||
+ },
|
||||
+ },
|
||||
{ /* end of list */ },
|
||||
},
|
||||
},
|
||||
@@ -4114,11 +4145,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
|
||||
CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
|
||||
CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT,
|
||||
- /*
|
||||
- * Missing: XSAVES (not supported by some Linux versions,
|
||||
- * including v4.1 to v4.12).
|
||||
- * KVM doesn't yet expose any XSAVES state save component.
|
||||
- */
|
||||
+ /* XSAVES is added in version 2 */
|
||||
.features[FEAT_XSAVE] =
|
||||
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
|
||||
CPUID_XSAVE_XGETBV1,
|
||||
@@ -4129,6 +4156,17 @@ static X86CPUDefinition builtin_x86_defs[] = {
|
||||
.xlevel = 0x8000001E,
|
||||
.model_id = "Hygon Dhyana Processor",
|
||||
.cache_info = &epyc_cache_info,
|
||||
+ .versions = (X86CPUVersionDefinition[]) {
|
||||
+ { .version = 1 },
|
||||
+ { .version = 2,
|
||||
+ .note = "XSAVES",
|
||||
+ .props = (PropValue[]) {
|
||||
+ { "xsaves", "on" },
|
||||
+ { /* end of list */ }
|
||||
+ },
|
||||
+ },
|
||||
+ { /* end of list */ }
|
||||
+ }
|
||||
},
|
||||
{
|
||||
.name = "EPYC-Rome",
|
||||
--
|
||||
2.27.0
|
||||
|
262
kvm-target-i386-sev-add-support-to-query-the-attestation.patch
Normal file
262
kvm-target-i386-sev-add-support-to-query-the-attestation.patch
Normal file
@ -0,0 +1,262 @@
|
||||
From ba750c8ed71bc73c79fecefa895192793ef6b7db Mon Sep 17 00:00:00 2001
|
||||
From: Connor Kuehl <ckuehl@redhat.com>
|
||||
Date: Wed, 2 Jun 2021 19:39:20 -0400
|
||||
Subject: [PATCH 05/21] target/i386/sev: add support to query the attestation
|
||||
report
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 8: Synchronize with RHEL-AV 8.5 release 19 to RHEL 9
|
||||
RH-Commit: [4/8] de6088cb0cd1db779b85a50be87846e967f8c92c (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1957194
|
||||
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: Brijesh Singh <brijesh.singh@amd.com>
|
||||
|
||||
The SEV FW >= 0.23 added a new command that can be used to query the
|
||||
attestation report containing the SHA-256 digest of the guest memory
|
||||
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
|
||||
|
||||
Note, we already have a command (LAUNCH_MEASURE) that can be used to
|
||||
query the SHA-256 digest of the guest memory encrypted through the
|
||||
LAUNCH_UPDATE. The main difference between previous and this command
|
||||
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
|
||||
command the ATTESATION_REPORT command can be called while the guest
|
||||
is running.
|
||||
|
||||
Add a QMP interface "query-sev-attestation-report" that can be used
|
||||
to get the report encoded in base64.
|
||||
|
||||
Cc: James Bottomley <jejb@linux.ibm.com>
|
||||
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
|
||||
Cc: Eric Blake <eblake@redhat.com>
|
||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Cc: kvm@vger.kernel.org
|
||||
Reviewed-by: James Bottomley <jejb@linux.ibm.com>
|
||||
Tested-by: James Bottomley <jejb@linux.ibm.com>
|
||||
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
|
||||
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Message-Id: <20210429170728.24322-1-brijesh.singh@amd.com>
|
||||
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
(cherry picked from commit 3ea1a80243d5b5ba23d8c2b7d3a86034ea0ade22)
|
||||
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
linux-headers/linux/kvm.h | 8 +++++
|
||||
qapi/misc-target.json | 38 ++++++++++++++++++++++
|
||||
target/i386/monitor.c | 6 ++++
|
||||
target/i386/sev-stub.c | 7 ++++
|
||||
target/i386/sev.c | 67 +++++++++++++++++++++++++++++++++++++++
|
||||
target/i386/sev_i386.h | 2 ++
|
||||
target/i386/trace-events | 1 +
|
||||
7 files changed, 129 insertions(+)
|
||||
|
||||
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
|
||||
index 020b62a619..897f831374 100644
|
||||
--- a/linux-headers/linux/kvm.h
|
||||
+++ b/linux-headers/linux/kvm.h
|
||||
@@ -1591,6 +1591,8 @@ enum sev_cmd_id {
|
||||
KVM_SEV_DBG_ENCRYPT,
|
||||
/* Guest certificates commands */
|
||||
KVM_SEV_CERT_EXPORT,
|
||||
+ /* Attestation report */
|
||||
+ KVM_SEV_GET_ATTESTATION_REPORT,
|
||||
|
||||
KVM_SEV_NR_MAX,
|
||||
};
|
||||
@@ -1643,6 +1645,12 @@ struct kvm_sev_dbg {
|
||||
__u32 len;
|
||||
};
|
||||
|
||||
+struct kvm_sev_attestation_report {
|
||||
+ __u8 mnonce[16];
|
||||
+ __u64 uaddr;
|
||||
+ __u32 len;
|
||||
+};
|
||||
+
|
||||
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
|
||||
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
|
||||
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
|
||||
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
|
||||
index 0c7491cd82..4b62f0ac05 100644
|
||||
--- a/qapi/misc-target.json
|
||||
+++ b/qapi/misc-target.json
|
||||
@@ -285,3 +285,41 @@
|
||||
##
|
||||
{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
|
||||
'if': 'defined(TARGET_ARM)' }
|
||||
+
|
||||
+
|
||||
+##
|
||||
+# @SevAttestationReport:
|
||||
+#
|
||||
+# The struct describes attestation report for a Secure Encrypted Virtualization
|
||||
+# feature.
|
||||
+#
|
||||
+# @data: guest attestation report (base64 encoded)
|
||||
+#
|
||||
+#
|
||||
+# Since: 6.1
|
||||
+##
|
||||
+{ 'struct': 'SevAttestationReport',
|
||||
+ 'data': { 'data': 'str'},
|
||||
+ 'if': 'defined(TARGET_I386)' }
|
||||
+
|
||||
+##
|
||||
+# @query-sev-attestation-report:
|
||||
+#
|
||||
+# This command is used to get the SEV attestation report, and is supported on AMD
|
||||
+# X86 platforms only.
|
||||
+#
|
||||
+# @mnonce: a random 16 bytes value encoded in base64 (it will be included in report)
|
||||
+#
|
||||
+# Returns: SevAttestationReport objects.
|
||||
+#
|
||||
+# Since: 6.1
|
||||
+#
|
||||
+# Example:
|
||||
+#
|
||||
+# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce": "aaaaaaa" } }
|
||||
+# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
|
||||
+#
|
||||
+##
|
||||
+{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' },
|
||||
+ 'returns': 'SevAttestationReport',
|
||||
+ 'if': 'defined(TARGET_I386)' }
|
||||
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
|
||||
index 5994408bee..119211f0b0 100644
|
||||
--- a/target/i386/monitor.c
|
||||
+++ b/target/i386/monitor.c
|
||||
@@ -757,3 +757,9 @@ void qmp_sev_inject_launch_secret(const char *packet_hdr,
|
||||
|
||||
sev_inject_launch_secret(packet_hdr, secret, gpa, errp);
|
||||
}
|
||||
+
|
||||
+SevAttestationReport *
|
||||
+qmp_query_sev_attestation_report(const char *mnonce, Error **errp)
|
||||
+{
|
||||
+ return sev_get_attestation_report(mnonce, errp);
|
||||
+}
|
||||
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
|
||||
index 0207f1c5aa..0227cb5177 100644
|
||||
--- a/target/i386/sev-stub.c
|
||||
+++ b/target/i386/sev-stub.c
|
||||
@@ -74,3 +74,10 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size)
|
||||
{
|
||||
abort();
|
||||
}
|
||||
+
|
||||
+SevAttestationReport *
|
||||
+sev_get_attestation_report(const char *mnonce, Error **errp)
|
||||
+{
|
||||
+ error_setg(errp, "SEV is not available in this QEMU");
|
||||
+ return NULL;
|
||||
+}
|
||||
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
||||
index 72b9e2ab40..740548f213 100644
|
||||
--- a/target/i386/sev.c
|
||||
+++ b/target/i386/sev.c
|
||||
@@ -491,6 +491,73 @@ out:
|
||||
return cap;
|
||||
}
|
||||
|
||||
+SevAttestationReport *
|
||||
+sev_get_attestation_report(const char *mnonce, Error **errp)
|
||||
+{
|
||||
+ struct kvm_sev_attestation_report input = {};
|
||||
+ SevAttestationReport *report = NULL;
|
||||
+ SevGuestState *sev = sev_guest;
|
||||
+ guchar *data;
|
||||
+ guchar *buf;
|
||||
+ gsize len;
|
||||
+ int err = 0, ret;
|
||||
+
|
||||
+ if (!sev_enabled()) {
|
||||
+ error_setg(errp, "SEV is not enabled");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ /* lets decode the mnonce string */
|
||||
+ buf = g_base64_decode(mnonce, &len);
|
||||
+ if (!buf) {
|
||||
+ error_setg(errp, "SEV: failed to decode mnonce input");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ /* verify the input mnonce length */
|
||||
+ if (len != sizeof(input.mnonce)) {
|
||||
+ error_setg(errp, "SEV: mnonce must be %zu bytes (got %" G_GSIZE_FORMAT ")",
|
||||
+ sizeof(input.mnonce), len);
|
||||
+ g_free(buf);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ /* Query the report length */
|
||||
+ ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
|
||||
+ &input, &err);
|
||||
+ if (ret < 0) {
|
||||
+ if (err != SEV_RET_INVALID_LEN) {
|
||||
+ error_setg(errp, "failed to query the attestation report length "
|
||||
+ "ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
|
||||
+ g_free(buf);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ data = g_malloc(input.len);
|
||||
+ input.uaddr = (unsigned long)data;
|
||||
+ memcpy(input.mnonce, buf, sizeof(input.mnonce));
|
||||
+
|
||||
+ /* Query the report */
|
||||
+ ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT,
|
||||
+ &input, &err);
|
||||
+ if (ret) {
|
||||
+ error_setg_errno(errp, errno, "Failed to get attestation report"
|
||||
+ " ret=%d fw_err=%d (%s)", ret, err, fw_error_to_str(err));
|
||||
+ goto e_free_data;
|
||||
+ }
|
||||
+
|
||||
+ report = g_new0(SevAttestationReport, 1);
|
||||
+ report->data = g_base64_encode(data, input.len);
|
||||
+
|
||||
+ trace_kvm_sev_attestation_report(mnonce, report->data);
|
||||
+
|
||||
+e_free_data:
|
||||
+ g_free(data);
|
||||
+ g_free(buf);
|
||||
+ return report;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
sev_read_file_base64(const char *filename, guchar **data, gsize *len)
|
||||
{
|
||||
diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
|
||||
index ae221d4c72..ae6d840478 100644
|
||||
--- a/target/i386/sev_i386.h
|
||||
+++ b/target/i386/sev_i386.h
|
||||
@@ -35,5 +35,7 @@ extern uint32_t sev_get_cbit_position(void);
|
||||
extern uint32_t sev_get_reduced_phys_bits(void);
|
||||
extern char *sev_get_launch_measurement(void);
|
||||
extern SevCapability *sev_get_capabilities(Error **errp);
|
||||
+extern SevAttestationReport *
|
||||
+sev_get_attestation_report(const char *mnonce, Error **errp);
|
||||
|
||||
#endif
|
||||
diff --git a/target/i386/trace-events b/target/i386/trace-events
|
||||
index a22ab24e21..8d6437404d 100644
|
||||
--- a/target/i386/trace-events
|
||||
+++ b/target/i386/trace-events
|
||||
@@ -10,3 +10,4 @@ kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIx64
|
||||
kvm_sev_launch_measurement(const char *value) "data %s"
|
||||
kvm_sev_launch_finish(void) ""
|
||||
kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d"
|
||||
+kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s"
|
||||
--
|
||||
2.27.0
|
||||
|
146
kvm-yank-Unregister-function-when-using-TLS-migration.patch
Normal file
146
kvm-yank-Unregister-function-when-using-TLS-migration.patch
Normal file
@ -0,0 +1,146 @@
|
||||
From a722ec5614bbaa36992653250add7dabd39b12ad Mon Sep 17 00:00:00 2001
|
||||
From: Leonardo Bras <leobras.c@gmail.com>
|
||||
Date: Tue, 1 Jun 2021 02:40:31 -0300
|
||||
Subject: [PATCH 01/21] yank: Unregister function when using TLS migration
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Leonardo Brás <leobras@redhat.com>
|
||||
RH-MergeRequest: 10: yank: Unregister function when using TLS migration
|
||||
RH-Commit: [1/1] b39e19a3a92dc7f881527198824ce7f402aa9289 (LeoBras/centos-qemu-kvm)
|
||||
RH-Bugzilla: 1972462
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <Peter Xu <peterx@redhat.com>>
|
||||
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
|
||||
After yank feature was introduced in migration, whenever migration
|
||||
is started using TLS, the following error happens in both source and
|
||||
destination hosts:
|
||||
|
||||
(qemu) qemu-kvm: ../util/yank.c:107: yank_unregister_instance:
|
||||
Assertion `QLIST_EMPTY(&entry->yankfns)' failed.
|
||||
|
||||
This happens because of a missing yank_unregister_function() when using
|
||||
qio-channel-tls.
|
||||
|
||||
Fix this by also allowing TYPE_QIO_CHANNEL_TLS object type to perform
|
||||
yank_unregister_function() in channel_close() and multifd_load_cleanup().
|
||||
|
||||
Also, inside migration_channel_connect() and
|
||||
migration_channel_process_incoming() move yank_register_function() so
|
||||
it only runs once on a TLS migration.
|
||||
|
||||
Fixes: b5eea99ec2f ("migration: Add yank feature", 2021-01-13)
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1964326
|
||||
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
|
||||
Reviewed-by: Lukas Straub <lukasstraub2@web.de>
|
||||
Reviewed-by: Peter Xu <peterx@redhat.com>
|
||||
Message-Id: <20210601054030.1153249-1-leobras.c@gmail.com>
|
||||
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
(cherry picked from commit 7de2e8565335c13fb3516cddbe2e40e366cce273)
|
||||
Signed-off-by: Leonardo Bras <leobras@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
migration/channel.c | 26 ++++++++++++++------------
|
||||
migration/multifd.c | 3 ++-
|
||||
migration/qemu-file-channel.c | 4 +++-
|
||||
3 files changed, 19 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/migration/channel.c b/migration/channel.c
|
||||
index c9ee902021..01275a9162 100644
|
||||
--- a/migration/channel.c
|
||||
+++ b/migration/channel.c
|
||||
@@ -38,18 +38,19 @@ void migration_channel_process_incoming(QIOChannel *ioc)
|
||||
trace_migration_set_incoming_channel(
|
||||
ioc, object_get_typename(OBJECT(ioc)));
|
||||
|
||||
- if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET)) {
|
||||
- yank_register_function(MIGRATION_YANK_INSTANCE,
|
||||
- migration_yank_iochannel,
|
||||
- QIO_CHANNEL(ioc));
|
||||
- }
|
||||
-
|
||||
if (s->parameters.tls_creds &&
|
||||
*s->parameters.tls_creds &&
|
||||
!object_dynamic_cast(OBJECT(ioc),
|
||||
TYPE_QIO_CHANNEL_TLS)) {
|
||||
migration_tls_channel_process_incoming(s, ioc, &local_err);
|
||||
} else {
|
||||
+ if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET) ||
|
||||
+ object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_TLS)) {
|
||||
+ yank_register_function(MIGRATION_YANK_INSTANCE,
|
||||
+ migration_yank_iochannel,
|
||||
+ QIO_CHANNEL(ioc));
|
||||
+ }
|
||||
+
|
||||
migration_ioc_process_incoming(ioc, &local_err);
|
||||
}
|
||||
|
||||
@@ -76,12 +77,6 @@ void migration_channel_connect(MigrationState *s,
|
||||
ioc, object_get_typename(OBJECT(ioc)), hostname, error);
|
||||
|
||||
if (!error) {
|
||||
- if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET)) {
|
||||
- yank_register_function(MIGRATION_YANK_INSTANCE,
|
||||
- migration_yank_iochannel,
|
||||
- QIO_CHANNEL(ioc));
|
||||
- }
|
||||
-
|
||||
if (s->parameters.tls_creds &&
|
||||
*s->parameters.tls_creds &&
|
||||
!object_dynamic_cast(OBJECT(ioc),
|
||||
@@ -99,6 +94,13 @@ void migration_channel_connect(MigrationState *s,
|
||||
} else {
|
||||
QEMUFile *f = qemu_fopen_channel_output(ioc);
|
||||
|
||||
+ if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET) ||
|
||||
+ object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_TLS)) {
|
||||
+ yank_register_function(MIGRATION_YANK_INSTANCE,
|
||||
+ migration_yank_iochannel,
|
||||
+ QIO_CHANNEL(ioc));
|
||||
+ }
|
||||
+
|
||||
qemu_mutex_lock(&s->qemu_file_lock);
|
||||
s->to_dst_file = f;
|
||||
qemu_mutex_unlock(&s->qemu_file_lock);
|
||||
diff --git a/migration/multifd.c b/migration/multifd.c
|
||||
index a6677c45c8..a8dedcf822 100644
|
||||
--- a/migration/multifd.c
|
||||
+++ b/migration/multifd.c
|
||||
@@ -987,7 +987,8 @@ int multifd_load_cleanup(Error **errp)
|
||||
for (i = 0; i < migrate_multifd_channels(); i++) {
|
||||
MultiFDRecvParams *p = &multifd_recv_state->params[i];
|
||||
|
||||
- if (object_dynamic_cast(OBJECT(p->c), TYPE_QIO_CHANNEL_SOCKET)
|
||||
+ if ((object_dynamic_cast(OBJECT(p->c), TYPE_QIO_CHANNEL_SOCKET) ||
|
||||
+ object_dynamic_cast(OBJECT(p->c), TYPE_QIO_CHANNEL_TLS))
|
||||
&& OBJECT(p->c)->ref == 1) {
|
||||
yank_unregister_function(MIGRATION_YANK_INSTANCE,
|
||||
migration_yank_iochannel,
|
||||
diff --git a/migration/qemu-file-channel.c b/migration/qemu-file-channel.c
|
||||
index 876d05a540..fad340ea7a 100644
|
||||
--- a/migration/qemu-file-channel.c
|
||||
+++ b/migration/qemu-file-channel.c
|
||||
@@ -26,6 +26,7 @@
|
||||
#include "qemu-file-channel.h"
|
||||
#include "qemu-file.h"
|
||||
#include "io/channel-socket.h"
|
||||
+#include "io/channel-tls.h"
|
||||
#include "qemu/iov.h"
|
||||
#include "qemu/yank.h"
|
||||
#include "yank_functions.h"
|
||||
@@ -106,7 +107,8 @@ static int channel_close(void *opaque, Error **errp)
|
||||
int ret;
|
||||
QIOChannel *ioc = QIO_CHANNEL(opaque);
|
||||
ret = qio_channel_close(ioc, errp);
|
||||
- if (object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET)
|
||||
+ if ((object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_SOCKET) ||
|
||||
+ object_dynamic_cast(OBJECT(ioc), TYPE_QIO_CHANNEL_TLS))
|
||||
&& OBJECT(ioc)->ref == 1) {
|
||||
yank_unregister_function(MIGRATION_YANK_INSTANCE,
|
||||
migration_yank_iochannel,
|
||||
--
|
||||
2.27.0
|
||||
|
167
qemu-kvm.spec
167
qemu-kvm.spec
@ -1,13 +1,27 @@
|
||||
%global SLOF_gittagdate 20191022
|
||||
%global SLOF_gittagcommit 899d9883
|
||||
%global libfdt_version 1.6.0
|
||||
%global libseccomp_version 2.4.0
|
||||
%global libusbx_version 1.0.23
|
||||
%global meson_version 0.55.3-3
|
||||
%global usbredir_version 0.7.1
|
||||
|
||||
%global have_usbredir 1
|
||||
%global have_opengl 1
|
||||
%global have_fdt 0
|
||||
%global have_kvm_setup 0
|
||||
%global have_memlock_limits 0
|
||||
# have_block_rbd is not relevant for RHEL but makes it
|
||||
# easier to sync spec dependency list with Fedora
|
||||
%global have_block_rbd 1
|
||||
|
||||
%global have_pmem 1
|
||||
%ifnarch x86_64
|
||||
%global have_pmem 0
|
||||
%endif
|
||||
|
||||
%global have_numactl 1
|
||||
%ifarch s390x
|
||||
%global have_numactl 0
|
||||
%endif
|
||||
|
||||
%ifnarch %{ix86} x86_64
|
||||
%global have_usbredir 0
|
||||
@ -60,13 +74,12 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
|
||||
Summary: QEMU is a machine emulator and virtualizer
|
||||
Name: qemu-kvm
|
||||
Version: 6.0.0
|
||||
Release: 5%{?rcversion}%{?dist}
|
||||
Release: 6%{?rcversion}%{?dist}
|
||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||
# Epoch 15 used for RHEL 8
|
||||
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
|
||||
Epoch: 17
|
||||
License: GPLv2 and GPLv2+ and CC-BY
|
||||
Group: Development/Tools
|
||||
URL: http://www.qemu.org/
|
||||
ExclusiveArch: x86_64 %{power64} aarch64 s390x
|
||||
|
||||
@ -144,101 +157,83 @@ Patch32: kvm-virtio-scsi-Set-host-notifiers-and-callbacks-separat.patch
|
||||
Patch33: kvm-virtio-scsi-Configure-all-host-notifiers-in-a-single.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch34: kvm-hw-arm-smmuv3-Another-range-invalidation-fix.patch
|
||||
# For bz#1972462 - QEMU core dump when doing TLS migration via TCP
|
||||
Patch35: kvm-yank-Unregister-function-when-using-TLS-migration.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch36: kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch37: kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch38: kvm-target-i386-sev-add-support-to-query-the-attestation.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch39: kvm-spapr-Don-t-hijack-current_machine-boot_order.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch40: kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch41: kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch
|
||||
# For bz#1957194 - Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta
|
||||
Patch42: kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch
|
||||
|
||||
BuildRequires: wget
|
||||
BuildRequires: rpm-build
|
||||
BuildRequires: ninja-build
|
||||
BuildRequires: meson >= 0.55.3-3
|
||||
# Source-git patches
|
||||
|
||||
BuildRequires: meson >= %{meson_version}
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: glib2-devel
|
||||
BuildRequires: which
|
||||
BuildRequires: gnutls-devel
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libaio-devel
|
||||
BuildRequires: rsync
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: pciutils-devel
|
||||
BuildRequires: libiscsi-devel
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libusbx-devel >= 1.0.23
|
||||
BuildRequires: libusbx-devel >= %{libusbx_version}
|
||||
%if %{have_usbredir}
|
||||
BuildRequires: usbredir-devel >= 0.7.1
|
||||
BuildRequires: usbredir-devel >= %{usbredir_version}
|
||||
%endif
|
||||
BuildRequires: texinfo
|
||||
BuildRequires: python3-sphinx
|
||||
BuildRequires: libseccomp-devel >= 2.4.0
|
||||
BuildRequires: libseccomp-devel >= %{libseccomp_version}
|
||||
# For network block driver
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: libssh-devel
|
||||
BuildRequires: librados-devel
|
||||
%if %{have_block_rbd}
|
||||
BuildRequires: librbd-devel
|
||||
%endif
|
||||
# We need both because the 'stap' binary is probed for by configure
|
||||
BuildRequires: systemtap
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
# For VNC PNG support
|
||||
BuildRequires: libpng-devel
|
||||
# For uuid generation
|
||||
BuildRequires: libuuid-devel
|
||||
# For Braille device support
|
||||
BuildRequires: brlapi-devel
|
||||
# For test suite
|
||||
BuildRequires: check-devel
|
||||
# For virtiofs
|
||||
BuildRequires: libcap-ng-devel
|
||||
# Hard requirement for version >= 1.3
|
||||
BuildRequires: pixman-devel
|
||||
# Documentation requirement
|
||||
BuildRequires: perl-podlators
|
||||
BuildRequires: texinfo
|
||||
BuildRequires: python3-sphinx
|
||||
# For rdma
|
||||
%if 0%{?have_librdma}
|
||||
%if %{have_librdma}
|
||||
BuildRequires: rdma-core-devel
|
||||
%endif
|
||||
%if %{have_fdt}
|
||||
BuildRequires: libfdt-devel >= 1.6.0
|
||||
%endif
|
||||
# iasl and cpp for acpi generation (not a hard requirement as we can use
|
||||
# pre-compiled files, but it's better to use this)
|
||||
%ifarch %{ix86} x86_64
|
||||
BuildRequires: iasl
|
||||
BuildRequires: cpp
|
||||
BuildRequires: libfdt-devel >= %{libfdt_version}
|
||||
%endif
|
||||
# For compressed guest memory dumps
|
||||
BuildRequires: lzo-devel snappy-devel
|
||||
# For NUMA memory binding
|
||||
%ifnarch s390x
|
||||
%if %{have_numactl}
|
||||
BuildRequires: numactl-devel
|
||||
%endif
|
||||
BuildRequires: libgcrypt-devel
|
||||
# qemu-pr-helper multipath support (requires libudev too)
|
||||
BuildRequires: device-mapper-multipath-devel
|
||||
BuildRequires: systemd-devel
|
||||
# used by qemu-bridge-helper and qemu-pr-helper
|
||||
BuildRequires: libcap-ng-devel
|
||||
|
||||
BuildRequires: diffutils
|
||||
%ifarch x86_64
|
||||
%if %{have_pmem}
|
||||
BuildRequires: libpmem-devel
|
||||
Requires: libpmem
|
||||
%endif
|
||||
|
||||
# qemu-keymap
|
||||
BuildRequires: pkgconfig(xkbcommon)
|
||||
|
||||
# For s390-pgste flag
|
||||
%ifarch s390x
|
||||
BuildRequires: binutils >= 2.27-16
|
||||
%endif
|
||||
|
||||
%if %{have_opengl}
|
||||
BuildRequires: pkgconfig(epoxy)
|
||||
BuildRequires: pkgconfig(libdrm)
|
||||
BuildRequires: pkgconfig(gbm)
|
||||
%endif
|
||||
|
||||
BuildRequires: perl-Test-Harness
|
||||
BuildRequires: libslirp-devel
|
||||
|
||||
@ -267,19 +262,17 @@ Requires: edk2-ovmf
|
||||
Requires: edk2-aarch64
|
||||
%endif
|
||||
|
||||
Requires: libseccomp >= 2.4.0
|
||||
# For compressed guest memory dumps
|
||||
Requires: lzo snappy
|
||||
Requires: libseccomp >= %{libseccomp_version}
|
||||
%if %{have_kvm_setup}
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
%endif
|
||||
Requires: libusbx >= 1.0.23
|
||||
Requires: libusbx >= %{libusbx_version}
|
||||
%if %{have_usbredir}
|
||||
Requires: usbredir >= 0.7.1
|
||||
Requires: usbredir >= %{usbredir_version}
|
||||
%endif
|
||||
%if %{have_fdt}
|
||||
Requires: libfdt >= 1.6.0
|
||||
Requires: libfdt >= %{libfdt_version}
|
||||
%endif
|
||||
|
||||
# Since SPICE is removed from RHEL-9, the following Obsoletes:
|
||||
@ -303,14 +296,12 @@ qemu-kvm-docs provides documentation files regarding qemu-kvm.
|
||||
|
||||
%package -n qemu-img
|
||||
Summary: QEMU command line tool for manipulating disk images
|
||||
Group: Development/Tools
|
||||
|
||||
%description -n qemu-img
|
||||
This package provides a command line tool for manipulating disk images.
|
||||
|
||||
%package -n qemu-kvm-common
|
||||
Summary: QEMU common files needed by all QEMU targets
|
||||
Group: Development/Tools
|
||||
Requires(post): /usr/bin/getent
|
||||
Requires(post): /usr/sbin/groupadd
|
||||
Requires(post): /usr/sbin/useradd
|
||||
@ -593,7 +584,7 @@ pushd %{qemu_kvm_build}
|
||||
--enable-curl \
|
||||
--enable-debug-info \
|
||||
--enable-docs \
|
||||
%if 0%{have_fdt}
|
||||
%if %{have_fdt}
|
||||
--enable-fdt \
|
||||
%endif
|
||||
--enable-gcrypt \
|
||||
@ -602,7 +593,7 @@ pushd %{qemu_kvm_build}
|
||||
--enable-iconv \
|
||||
--enable-kvm \
|
||||
--enable-libiscsi \
|
||||
%ifarch x86_64
|
||||
%if %{have_pmem}
|
||||
--enable-libpmem \
|
||||
%endif
|
||||
--enable-libssh \
|
||||
@ -613,15 +604,17 @@ pushd %{qemu_kvm_build}
|
||||
--enable-malloc-trim \
|
||||
--enable-modules \
|
||||
--enable-mpath \
|
||||
%ifnarch s390x
|
||||
%if %{have_numactl}
|
||||
--enable-numa \
|
||||
%endif
|
||||
%if 0%{have_opengl}
|
||||
%if %{have_opengl}
|
||||
--enable-opengl \
|
||||
%endif
|
||||
--enable-pie \
|
||||
%if %{have_block_rbd}
|
||||
--enable-rbd \
|
||||
%if 0%{have_librdma}
|
||||
%endif
|
||||
%if %{have_librdma}
|
||||
--enable-rdma \
|
||||
%endif
|
||||
--enable-seccomp \
|
||||
@ -632,7 +625,7 @@ pushd %{qemu_kvm_build}
|
||||
--enable-tools \
|
||||
--enable-tpm \
|
||||
--enable-trace-backend=dtrace \
|
||||
%if 0%{have_usbredir}
|
||||
%if %{have_usbredir}
|
||||
--enable-usb-redir \
|
||||
%endif
|
||||
--enable-virtiofsd \
|
||||
@ -687,6 +680,12 @@ make V=1 %{?_smp_mflags} $buildldflags
|
||||
|
||||
cp -a %{kvm_target}-softmmu/qemu-system-%{kvm_target} qemu-kvm
|
||||
|
||||
%ifarch s390x
|
||||
# Copy the built new images into place for "make check":
|
||||
cp pc-bios/s390-ccw/s390-ccw.img pc-bios/s390-ccw/s390-netboot.img pc-bios/
|
||||
%endif
|
||||
|
||||
|
||||
gcc %{SOURCE6} $RPM_OPT_FLAGS $RPM_LD_FLAGS -o ksmctl
|
||||
%endif
|
||||
popd
|
||||
@ -872,6 +871,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/skiboot.lid
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/qboot.rom
|
||||
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/s390-ccw.img
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/s390-netboot.img
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/hppa-firmware.img
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/canyonlands.dtb
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/u-boot-sam460-20100605.bin
|
||||
@ -894,10 +894,10 @@ rm -rf ${RPM_BUILD_ROOT}%{_libexecdir}/virtfs-proxy-helper
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/virtfs-proxy-helper*
|
||||
|
||||
%ifarch s390x
|
||||
# Use the s390-ccw.img that we've just built, not the pre-built one
|
||||
# Use the s390-*.img that we've just built, not the pre-built ones
|
||||
install -m 0644 pc-bios/s390-ccw/s390-ccw.img $RPM_BUILD_ROOT%{_datadir}/%{name}/
|
||||
install -m 0644 pc-bios/s390-ccw/s390-netboot.img $RPM_BUILD_ROOT%{_datadir}/%{name}/
|
||||
%else
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/s390-netboot.img
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_libdir}/qemu-kvm/hw-s390x-virtio-gpu-ccw.so
|
||||
%endif
|
||||
|
||||
@ -962,13 +962,13 @@ rom_link() {
|
||||
rom_link ../sgabios/sgabios.bin sgabios.bin
|
||||
%endif
|
||||
|
||||
%if 0%{have_kvm_setup}
|
||||
%if %{have_kvm_setup}
|
||||
install -D -p -m 755 %{SOURCE21} $RPM_BUILD_ROOT%{_prefix}/lib/systemd/kvm-setup
|
||||
install -D -p -m 644 %{SOURCE22} $RPM_BUILD_ROOT%{_unitdir}/kvm-setup.service
|
||||
install -D -p -m 644 %{SOURCE23} $RPM_BUILD_ROOT%{_presetdir}/85-kvm.preset
|
||||
%endif
|
||||
|
||||
%if 0%{have_memlock_limits}
|
||||
%if %{have_memlock_limits}
|
||||
install -D -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT%{_sysconfdir}/security/limits.d/95-kvm-memlock.conf
|
||||
%endif
|
||||
|
||||
@ -1000,7 +1000,7 @@ popd
|
||||
%check
|
||||
pushd %{qemu_kvm_build}
|
||||
echo "Testing qemu-kvm-build"
|
||||
export DIFF=diff; make check V=1
|
||||
make check V=1
|
||||
popd
|
||||
|
||||
%post -n qemu-kvm-common
|
||||
@ -1050,7 +1050,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
# Deliberately empty
|
||||
|
||||
%files -n qemu-kvm-docs
|
||||
%defattr(-,root,root)
|
||||
%dir %{qemudocdir}
|
||||
%doc %{qemudocdir}/genindex.html
|
||||
%doc %{qemudocdir}/search.html
|
||||
@ -1071,7 +1070,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%doc %{qemudocdir}/_static/*
|
||||
|
||||
%files -n qemu-kvm-common
|
||||
%defattr(-,root,root)
|
||||
%{_mandir}/man7/qemu-qmp-ref.7*
|
||||
%{_mandir}/man7/qemu-cpu-models.7*
|
||||
%{_bindir}/qemu-keymap
|
||||
@ -1139,19 +1137,18 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%{_datadir}/%{name}/linuxboot_dma.bin
|
||||
%{_datadir}/%{name}/dump-guest-memory.py*
|
||||
%{_datadir}/%{name}/trace-events-all
|
||||
%if 0%{have_kvm_setup}
|
||||
%if %{have_kvm_setup}
|
||||
%{_prefix}/lib/systemd/kvm-setup
|
||||
%{_unitdir}/kvm-setup.service
|
||||
%{_presetdir}/85-kvm.preset
|
||||
%endif
|
||||
%if 0%{have_memlock_limits}
|
||||
%if %{have_memlock_limits}
|
||||
%{_sysconfdir}/security/limits.d/95-kvm-memlock.conf
|
||||
%endif
|
||||
%{_libexecdir}/virtiofsd
|
||||
%{_datadir}/%{name}/vhost-user/50-qemu-virtiofsd.json
|
||||
|
||||
%files -n qemu-kvm-core
|
||||
%defattr(-,root,root)
|
||||
%{_libexecdir}/qemu-kvm
|
||||
%{_datadir}/systemtap/tapset/qemu-kvm.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-kvm-log.stp
|
||||
@ -1171,7 +1168,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%endif
|
||||
|
||||
%files -n qemu-img
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-img
|
||||
%{_bindir}/qemu-io
|
||||
%{_bindir}/qemu-nbd
|
||||
@ -1182,7 +1178,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%{_mandir}/man7/qemu-storage-daemon-qmp-ref.7*
|
||||
|
||||
%files -n qemu-guest-agent
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING README.rst
|
||||
%{_bindir}/qemu-ga
|
||||
%{_mandir}/man8/qemu-ga.8*
|
||||
@ -1210,7 +1205,7 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%files block-ssh
|
||||
%{_libdir}/qemu-kvm/block-ssh.so
|
||||
|
||||
%if 0%{have_opengl}
|
||||
%if %{have_opengl}
|
||||
%files ui-opengl
|
||||
%{_libdir}/qemu-kvm/ui-egl-headless.so
|
||||
%{_libdir}/qemu-kvm/ui-opengl.so
|
||||
@ -1218,6 +1213,24 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-6
|
||||
- kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462]
|
||||
- kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194]
|
||||
- kvm-redhat-Install-the-s390-netboot.img-that-we-ve-built.patch [bz#1957194]
|
||||
- kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch [bz#1957194]
|
||||
- kvm-target-i386-sev-add-support-to-query-the-attestation.patch [bz#1957194]
|
||||
- kvm-spapr-Don-t-hijack-current_machine-boot_order.patch [bz#1957194]
|
||||
- kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch [bz#1957194]
|
||||
- kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1957194]
|
||||
- kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1957194]
|
||||
- Specfile cleanup [bz#1973029]
|
||||
- Resolves: bz#1972462
|
||||
(QEMU core dump when doing TLS migration via TCP)
|
||||
- Resolves: bz#1957194
|
||||
(Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta)
|
||||
- Resolves: bz#1973029
|
||||
(Spec file cleanups)
|
||||
|
||||
* Tue Jun 08 2021 Miroslav Rezanina <mrezanin@redhat.com> - 6.0.0-5
|
||||
- kvm-arm-virt-Register-highmem-and-gic-version-as-class-p.patch [bz#1952449]
|
||||
- kvm-hw-arm-virt-Add-8.5-and-9.0-machine-types-and-remove.patch [bz#1952449]
|
||||
|
Loading…
Reference in New Issue
Block a user