rpms
/
qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import qemu-kvm-2.12.0-94.module+el8.2.0+5297+222a20af

This commit is contained in:
CentOS Sources 2020-01-21 10:43:52 -05:00 committed by Stepan Oksanichenko
parent 380f322602
commit 7b46666c6f
163 changed files with 26658 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
SOURCES/kvm-Disable-CONFIG_I2C-and-CONFIG_IOH3420.patch Normal file
View File

@ -0,0 +1,44 @@
From 23400c3067fab729fd0584e16f6fa84e1bb3c4f8 Mon Sep 17 00:00:00 2001
From: Auger Eric <eric.auger@redhat.com>
Date: Fri, 20 Sep 2019 17:25:08 +0100
Subject: [PATCH 02/21] Disable CONFIG_I2C and CONFIG_IOH3420
RH-Author: Auger Eric <eric.auger@redhat.com>
Message-id: <20190920172508.16323-1-eric.auger@redhat.com>
Patchwork-id: 90825
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH] Disable CONFIG_I2C and CONFIG_IOH3420
Bugzilla: 1693140
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Andrew Jones <drjones@redhat.com>
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1693140
Branch: rhel-8.2.0
Upstream: Downstream only
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23613661
Remove the I2C config which is of no use on aarch64. Also remove the
IOH3420 to be consistent with AV content (See BZ 1627283).
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
default-configs/aarch64-softmmu.mak | 2 --
1 file changed, 2 deletions(-)
diff --git a/default-configs/aarch64-softmmu.mak b/default-configs/aarch64-softmmu.mak
index 860140e..d718243 100644
--- a/default-configs/aarch64-softmmu.mak
+++ b/default-configs/aarch64-softmmu.mak
@@ -23,8 +23,6 @@ CONFIG_GPIO_KEY=y
CONFIG_ARM_V7M=y
CONFIG_PCIE_PORT=y
CONFIG_XIO3130=y
-CONFIG_IOH3420=y
CONFIG_USB_XHCI=y
CONFIG_USB=y
-CONFIG_I2C=y
CONFIG_FW_CFG_DMA=y
--
1.8.3.1

56
SOURCES/kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch Normal file
View File

@ -0,0 +1,56 @@
From 486e74dd9b8515f478698fee494086b339015d51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Wed, 31 Jul 2019 18:45:29 +0100
Subject: [PATCH 14/14] Fix heap overflow in ip_reass on big packet input
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190731184529.21905-2-philmd@redhat.com>
Patchwork-id: 89820
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] Fix heap overflow in ip_reass on big packet input
Bugzilla: 1734751
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
When the first fragment does not fit in the preallocated buffer, q will
already be pointing to the ext buffer, so we mustn't try to update it.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(cherry picked from libslirp commit 126c04acbabd7ad32c2b018fe10dfac2a3bc1210)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
slirp/ip_input.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/slirp/ip_input.c b/slirp/ip_input.c
index 348e1dc..07d8808 100644
--- a/slirp/ip_input.c
+++ b/slirp/ip_input.c
@@ -334,6 +334,8 @@ insert:
q = fp->frag_link.next;
m = dtom(slirp, q);
+ int was_ext = m->m_flags & M_EXT;
+
q = (struct ipasfrag *) q->ipf_next;
while (q != (struct ipasfrag*)&fp->frag_link) {
struct mbuf *t = dtom(slirp, q);
@@ -356,7 +358,7 @@ insert:
* the old buffer (in the mbuf), so we must point ip
* into the new buffer.
*/
- if (m->m_flags & M_EXT) {
+ if (!was_ext && m->m_flags & M_EXT) {
int delta = (char *)q - m->m_dat;
q = (struct ipasfrag *)(m->m_ext + delta);
}
--
1.8.3.1

182
SOURCES/kvm-Introduce-kvm_arch_destroy_vcpu.patch Normal file
View File

@ -0,0 +1,182 @@
From e7dc49f6bf6fd242b5b7a83bc270664a1ca45879 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 22 Jul 2019 18:22:08 +0100
Subject: [PATCH 27/39] KVM: Introduce kvm_arch_destroy_vcpu()
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20190722182220.19374-7-pbonzini@redhat.com>
Patchwork-id: 89623
O-Subject: [RHEL-8.1.0 PATCH qemu-kvm v3 06/18] KVM: Introduce kvm_arch_destroy_vcpu()
Bugzilla: 1689269
RH-Acked-by: Peter Xu <zhexu@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
From: Liran Alon <liran.alon@oracle.com>
Simiar to how kvm_init_vcpu() calls kvm_arch_init_vcpu() to perform
arch-dependent initialisation, introduce kvm_arch_destroy_vcpu()
to be called from kvm_destroy_vcpu() to perform arch-dependent
destruction.
This was added because some architectures (Such as i386)
currently do not free memory that it have allocated in
kvm_arch_init_vcpu().
Suggested-by: Maran Wilson <maran.wilson@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20190619162140.133674-3-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b1115c99919cf158bb859865f14c3198a0e6f679)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
accel/kvm/kvm-all.c | 5 +++++
include/sysemu/kvm.h | 1 +
target/arm/kvm32.c | 5 +++++
target/arm/kvm64.c | 5 +++++
target/i386/kvm.c | 12 ++++++++++++
target/mips/kvm.c | 5 +++++
target/ppc/kvm.c | 5 +++++
target/s390x/kvm.c | 10 ++++++++++
8 files changed, 48 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 3a7c8a3..a939b26 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -290,6 +290,11 @@ int kvm_destroy_vcpu(CPUState *cpu)
DPRINTF("kvm_destroy_vcpu\n");
+ ret = kvm_arch_destroy_vcpu(cpu);
+ if (ret < 0) {
+ goto err;
+ }
+
mmap_size = kvm_ioctl(s, KVM_GET_VCPU_MMAP_SIZE, 0);
if (mmap_size < 0) {
ret = mmap_size;
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 3d8f294..a5a6dff 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -372,6 +372,7 @@ int kvm_arch_put_registers(CPUState *cpu, int level);
int kvm_arch_init(MachineState *ms, KVMState *s);
int kvm_arch_init_vcpu(CPUState *cpu);
+int kvm_arch_destroy_vcpu(CPUState *cpu);
bool kvm_vcpu_id_is_valid(int vcpu_id);
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 1740cda..056f016 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -237,6 +237,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
return kvm_arm_init_cpreg_list(cpu);
}
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+ return 0;
+}
+
typedef struct Reg {
uint64_t id;
int offset;
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index e0b8246..c9c761e 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -549,6 +549,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
return kvm_arm_init_cpreg_list(cpu);
}
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+ return 0;
+}
+
bool kvm_arm_reg_syncs_via_cpreg_list(uint64_t regidx)
{
/* Return true if the regidx is a register we should synchronize
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 8e861a1..305809f 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1196,6 +1196,18 @@ int kvm_arch_init_vcpu(CPUState *cs)
return r;
}
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+ X86CPU *cpu = X86_CPU(cs);
+
+ if (cpu->kvm_msr_buf) {
+ g_free(cpu->kvm_msr_buf);
+ cpu->kvm_msr_buf = NULL;
+ }
+
+ return 0;
+}
+
void kvm_arch_reset_vcpu(X86CPU *cpu)
{
CPUX86State *env = &cpu->env;
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index 8e72850..938f8f1 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -91,6 +91,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
return ret;
}
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+ return 0;
+}
+
void kvm_mips_reset_vcpu(MIPSCPU *cpu)
{
CPUMIPSState *env = &cpu->env;
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 058dcbe..b9858fa 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -607,6 +607,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
return ret;
}
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+ return 0;
+}
+
static void kvm_sw_tlb_put(PowerPCCPU *cpu)
{
CPUPPCState *env = &cpu->env;
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 1d6cc33..0814333 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -370,6 +370,16 @@ int kvm_arch_init_vcpu(CPUState *cs)
return 0;
}
+int kvm_arch_destroy_vcpu(CPUState *cs)
+{
+ S390CPU *cpu = S390_CPU(cs);
+
+ g_free(cpu->irqstate);
+ cpu->irqstate = NULL;
+
+ return 0;
+}
+
void kvm_s390_reset_vcpu(S390CPU *cpu)
{
CPUState *cs = CPU(cpu);
--
1.8.3.1

56
SOURCES/kvm-RHEL-disable-hostmem-memfd.patch Normal file
View File

@ -0,0 +1,56 @@
From bf545f4a8f40a4ac8f6d63d887a63d9f08329eb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 14 Aug 2019 08:52:10 +0100
Subject: [PATCH 10/10] RHEL: disable hostmem-memfd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: <20190814085210.18462-1-marcandre.lureau@redhat.com>
Patchwork-id: 89974
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH] RHEL: disable hostmem-memfd
Bugzilla: 1740797
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1740797
BRANCH: rhel8/rhel-8.1.0
UPSTREAM: n/a (downstream only)
BREW: 23060214
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
backends/Makefile.objs | 3 ++-
util/memfd.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index ad7c032..673fc55 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -15,4 +15,5 @@ common-obj-$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX)) += \
cryptodev-vhost-user.o
endif
-common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
+# RHEL: disable memfd
+# common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
diff --git a/util/memfd.c b/util/memfd.c
index b3ecbac..9312653 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -202,7 +202,7 @@ bool qemu_memfd_alloc_check(void)
*/
bool qemu_memfd_check(void)
{
-#ifdef CONFIG_LINUX
+#if 0 /* RHEL: memfd support disabled */
static int memfd_check = MEMFD_TODO;
if (memfd_check == MEMFD_TODO) {
--
1.8.3.1

61
SOURCES/kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch Normal file
View File

@ -0,0 +1,61 @@
From a4c22009a465ebe5fd0c09699e61ad0423b8849d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 6 Sep 2019 14:00:34 +0100
Subject: [PATCH 07/22] Using ip_deq after m_free might read pointers from an
allocation reuse.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190906140034.19722-2-philmd@redhat.com>
Patchwork-id: 90306
O-Subject: [RHEL-7.7 qemu-kvm-ma + RHEL-7.7 qemu-kvm-rhev + RHEL-8.1.0 qemu-kvm PATCH 1/1] Using ip_deq after m_free might read pointers from an allocation reuse.
Bugzilla: 1749724
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
This would be difficult to exploit, but that is still related with
CVE-2019-14378 which generates fragmented IP packets that would trigger this
issue and at least produce a DoS.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(cherry picked from libslirp commit c59279437eda91841b9d26079c70b8a540d41204)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
slirp/ip_input.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/slirp/ip_input.c b/slirp/ip_input.c
index 07d8808..7cf0133 100644
--- a/slirp/ip_input.c
+++ b/slirp/ip_input.c
@@ -300,6 +300,7 @@ ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp)
*/
while (q != (struct ipasfrag*)&fp->frag_link &&
ip->ip_off + ip->ip_len > q->ipf_off) {
+ struct ipasfrag *prev;
i = (ip->ip_off + ip->ip_len) - q->ipf_off;
if (i < q->ipf_len) {
q->ipf_len -= i;
@@ -307,9 +308,10 @@ ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp)
m_adj(dtom(slirp, q), i);
break;
}
+ prev = q;
q = q->ipf_next;
- m_free(dtom(slirp, q->ipf_prev));
- ip_deq(q->ipf_prev);
+ ip_deq(prev);
+ m_free(dtom(slirp, prev));
}
insert:
--
1.8.3.1

113
SOURCES/kvm-accel-use-g_strsplit-for-parsing-accelerator-names.patch Normal file
View File

@ -0,0 +1,113 @@
From 28a766b8099f5e745dbfc18834277039643214a3 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Sep 2019 13:04:58 +0100
Subject: [PATCH 01/22] accel: use g_strsplit for parsing accelerator names
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20190912130503.14094-2-lersek@redhat.com>
Patchwork-id: 90437
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/6] accel: use g_strsplit for parsing accelerator names
Bugzilla: 1749022
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
Instead of re-using the get_opt_name() method from QemuOpts to split a
string on ':', just use g_strsplit().
RHEL8 notes:
- Fix up upstream's obviously garbled UTF8 sequences in Dan's name (Author
meta-datum, Signed-off-by tags).
- Harmless context difference due to downstream-only commit 8b53513834e6
("Use kvm by default", 2018-04-24).
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180416111743.8473-2-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 20efc49ed625585809401d8293ad9267927a6a4a)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
accel/accel.c | 16 +++++++---------
include/qemu/option.h | 1 -
util/qemu-option.c | 3 ++-
3 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/accel/accel.c b/accel/accel.c
index 5f3d73f..57390e5 100644
--- a/accel/accel.c
+++ b/accel/accel.c
@@ -70,8 +70,8 @@ static int accel_init_machine(AccelClass *acc, MachineState *ms)
void configure_accelerator(MachineState *ms)
{
- const char *accel, *p;
- char buf[10];
+ const char *accel;
+ char **accel_list, **tmp;
int ret;
bool accel_initialised = false;
bool init_failed = false;
@@ -83,13 +83,10 @@ void configure_accelerator(MachineState *ms)
accel = "kvm:tcg";
}
- p = accel;
- while (!accel_initialised && *p != '\0') {
- if (*p == ':') {
- p++;
- }
- p = get_opt_name(buf, sizeof(buf), p, ':');
- acc = accel_find(buf);
+ accel_list = g_strsplit(accel, ":", 0);
+
+ for (tmp = accel_list; !accel_initialised && tmp && *tmp; tmp++) {
+ acc = accel_find(*tmp);
if (!acc) {
continue;
}
@@ -107,6 +104,7 @@ void configure_accelerator(MachineState *ms)
accel_initialised = true;
}
}
+ g_strfreev(accel_list);
if (!accel_initialised) {
if (!init_failed) {
diff --git a/include/qemu/option.h b/include/qemu/option.h
index 306fdb5..1cfe5cb 100644
--- a/include/qemu/option.h
+++ b/include/qemu/option.h
@@ -28,7 +28,6 @@
#include "qemu/queue.h"
-const char *get_opt_name(char *buf, int buf_size, const char *p, char delim);
const char *get_opt_value(char *buf, int buf_size, const char *p);
void parse_option_size(const char *name, const char *value,
diff --git a/util/qemu-option.c b/util/qemu-option.c
index 95e6cf4..a8db173 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -49,7 +49,8 @@
* The return value is the position of the delimiter/zero byte after the option
* name in p.
*/
-const char *get_opt_name(char *buf, int buf_size, const char *p, char delim)
+static const char *get_opt_name(char *buf, int buf_size, const char *p,
+ char delim)
{
char *q;
--
1.8.3.1

45
SOURCES/kvm-add-call-to-qemu_add_opts-for-overcommit-option.patch Normal file
View File

@ -0,0 +1,45 @@
From 490c0121b8cd1de62776c18a0843a256b7eed3e3 Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Tue, 26 Nov 2019 19:36:51 +0000
Subject: [PATCH 07/11] kvm: add call to qemu_add_opts() for -overcommit option
RH-Author: plai@redhat.com
Message-id: <1574797015-32564-4-git-send-email-plai@redhat.com>
Patchwork-id: 92694
O-Subject: [RHEL8.2 qemu-kvm PATCH 3/7] kvm: add call to qemu_add_opts() for -overcommit option
Bugzilla: 1634827
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
From: Prasad Singamsetty <prasad.singamsetty@oracle.com>
qemu command fails to process -overcommit option. Add the missing
call to qemu_add_opts() in vl.c.
Signed-off-by: Prasad Singamsetty <prasad.singamsetty@oracle.com>
Message-Id: <20180815175704.105902-1-prasad.singamsetty@oracle.com>
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 1fdd4748711a62d863744f42b958472509a6f202)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
vl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/vl.c b/vl.c
index 3cee95f..932c1cf 100644
--- a/vl.c
+++ b/vl.c
@@ -3145,6 +3145,7 @@ int main(int argc, char **argv, char **envp)
qemu_add_opts(&qemu_object_opts);
qemu_add_opts(&qemu_tpmdev_opts);
qemu_add_opts(&qemu_realtime_opts);
+ qemu_add_opts(&qemu_overcommit_opts);
qemu_add_opts(&qemu_msg_opts);
qemu_add_opts(&qemu_name_opts);
qemu_add_opts(&qemu_numa_opts);
--
1.8.3.1

65
SOURCES/kvm-block-Add-bdrv_get_request_alignment.patch Normal file
View File

@ -0,0 +1,65 @@
From f551451a4b9975121424cb0837df67d31d2528dc Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:45 +0100
Subject: [PATCH 07/14] block: Add bdrv_get_request_alignment()
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-7-mreitz@redhat.com>
Patchwork-id: 89653
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 6/7] block: Add bdrv_get_request_alignment()
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Eric Blake <eblake@redhat.com>
The next patch needs access to a device's minimum permitted
alignment, since NBD wants to advertise this to clients. Add
an accessor function, borrowing from blk_get_max_transfer()
for accessing a backend's block limits.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190329042750.14704-6-eblake@redhat.com>
(cherry picked from commit 4841211e0d1628cd386b35835676d7f6f9a4fa9d)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/block-backend.c | 7 +++++++
include/sysemu/block-backend.h | 1 +
2 files changed, 8 insertions(+)
diff --git a/block/block-backend.c b/block/block-backend.c
index 7ae5832..0d623e4 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1807,6 +1807,13 @@ int blk_get_flags(BlockBackend *blk)
}
}
+/* Returns the minimum request alignment, in bytes; guaranteed nonzero */
+uint32_t blk_get_request_alignment(BlockBackend *blk)
+{
+ BlockDriverState *bs = blk_bs(blk);
+ return bs ? bs->bl.request_alignment : BDRV_SECTOR_SIZE;
+}
+
/* Returns the maximum transfer length, in bytes; guaranteed nonzero */
uint32_t blk_get_max_transfer(BlockBackend *blk)
{
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 830d873..20f8bbb 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -176,6 +176,7 @@ bool blk_is_available(BlockBackend *blk);
void blk_lock_medium(BlockBackend *blk, bool locked);
void blk_eject(BlockBackend *blk, bool eject_flag);
int blk_get_flags(BlockBackend *blk);
+uint32_t blk_get_request_alignment(BlockBackend *blk);
uint32_t blk_get_max_transfer(BlockBackend *blk);
int blk_get_max_iov(BlockBackend *blk);
void blk_set_guest_block_size(BlockBackend *blk, int align);
--
1.8.3.1

118
SOURCES/kvm-block-Fix-AioContext-switch-for-bs-drv-NULL.patch Normal file
View File

@ -0,0 +1,118 @@
From 808d2c94f53b9b29f44c2c5d9baea66d63ceddfc Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 14 Aug 2019 09:20:43 +0100
Subject: [PATCH 07/10] block: Fix AioContext switch for bs->drv == NULL
RH-Author: Kevin Wolf <kwolf@redhat.com>
Message-id: <20190814092043.15421-2-kwolf@redhat.com>
Patchwork-id: 89976
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] block: Fix AioContext switch for bs->drv == NULL
Bugzilla: 1716347
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
Even for block nodes with bs->drv == NULL, we can't just ignore a
bdrv_set_aio_context() call. Leaving the node in its old context can
mean that it's still in an iothread context in bdrv_close_all() during
shutdown, resulting in an attempted unlock of the AioContext lock which
we don't hold.
This is an example stack trace of a related crash:
#0 0x00007ffff59da57f in raise () at /lib64/libc.so.6
#1 0x00007ffff59c4895 in abort () at /lib64/libc.so.6
#2 0x0000555555b97b1e in error_exit (err=<optimized out>, msg=msg@entry=0x555555d386d0 <__func__.19059> "qemu_mutex_unlock_impl") at util/qemu-thread-posix.c:36
#3 0x0000555555b97f7f in qemu_mutex_unlock_impl (mutex=mutex@entry=0x5555568002f0, file=file@entry=0x555555d378df "util/async.c", line=line@entry=507) at util/qemu-thread-posix.c:97
#4 0x0000555555b92f55 in aio_context_release (ctx=ctx@entry=0x555556800290) at util/async.c:507
#5 0x0000555555b05cf8 in bdrv_prwv_co (child=child@entry=0x7fffc80012f0, offset=offset@entry=131072, qiov=qiov@entry=0x7fffffffd4f0, is_write=is_write@entry=true, flags=flags@entry=0)
at block/io.c:833
#6 0x0000555555b060a9 in bdrv_pwritev (qiov=0x7fffffffd4f0, offset=131072, child=0x7fffc80012f0) at block/io.c:990
#7 0x0000555555b060a9 in bdrv_pwrite (child=0x7fffc80012f0, offset=131072, buf=<optimized out>, bytes=<optimized out>) at block/io.c:990
#8 0x0000555555ae172b in qcow2_cache_entry_flush (bs=bs@entry=0x555556810680, c=c@entry=0x5555568cc740, i=i@entry=0) at block/qcow2-cache.c:51
#9 0x0000555555ae18dd in qcow2_cache_write (bs=bs@entry=0x555556810680, c=0x5555568cc740) at block/qcow2-cache.c:248
#10 0x0000555555ae15de in qcow2_cache_flush (bs=0x555556810680, c=<optimized out>) at block/qcow2-cache.c:259
#11 0x0000555555ae16b1 in qcow2_cache_flush_dependency (c=0x5555568a1700, c=0x5555568a1700, bs=0x555556810680) at block/qcow2-cache.c:194
#12 0x0000555555ae16b1 in qcow2_cache_entry_flush (bs=bs@entry=0x555556810680, c=c@entry=0x5555568a1700, i=i@entry=0) at block/qcow2-cache.c:194
#13 0x0000555555ae18dd in qcow2_cache_write (bs=bs@entry=0x555556810680, c=0x5555568a1700) at block/qcow2-cache.c:248
#14 0x0000555555ae15de in qcow2_cache_flush (bs=bs@entry=0x555556810680, c=<optimized out>) at block/qcow2-cache.c:259
#15 0x0000555555ad242c in qcow2_inactivate (bs=bs@entry=0x555556810680) at block/qcow2.c:2124
#16 0x0000555555ad2590 in qcow2_close (bs=0x555556810680) at block/qcow2.c:2153
#17 0x0000555555ab0c62 in bdrv_close (bs=0x555556810680) at block.c:3358
#18 0x0000555555ab0c62 in bdrv_delete (bs=0x555556810680) at block.c:3542
#19 0x0000555555ab0c62 in bdrv_unref (bs=0x555556810680) at block.c:4598
#20 0x0000555555af4d72 in blk_remove_bs (blk=blk@entry=0x5555568103d0) at block/block-backend.c:785
#21 0x0000555555af4dbb in blk_remove_all_bs () at block/block-backend.c:483
#22 0x0000555555aae02f in bdrv_close_all () at block.c:3412
#23 0x00005555557f9796 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4776
The reproducer I used is a qcow2 image on gluster volume, where the
virtual disk size (4 GB) is larger than the gluster volume size (64M),
so we can easily trigger an ENOSPC. This backend is assigned to a
virtio-blk device using an iothread, and then from the guest a
'dd if=/dev/zero of=/dev/vda bs=1G count=1' causes the VM to stop
because of an I/O error. qemu_gluster_co_flush_to_disk() sets
bs->drv = NULL on error, so when virtio-blk stops the dataplane, the
block nodes stay in the iothread AioContext. A 'quit' monitor command
issued from this paused state crashes the process.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1631227
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
(cherry picked from commit 1bffe1ae7a7b707c3a14ea2ccd00d3609d3ce4d8)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/block.c b/block.c
index 8f3ceea..37af100 100644
--- a/block.c
+++ b/block.c
@@ -4923,10 +4923,6 @@ void bdrv_detach_aio_context(BlockDriverState *bs)
BdrvAioNotifier *baf, *baf_tmp;
BdrvChild *child;
- if (!bs->drv) {
- return;
- }
-
assert(!bs->walking_aio_notifiers);
bs->walking_aio_notifiers = true;
QLIST_FOREACH_SAFE(baf, &bs->aio_notifiers, list, baf_tmp) {
@@ -4941,7 +4937,7 @@ void bdrv_detach_aio_context(BlockDriverState *bs)
*/
bs->walking_aio_notifiers = false;
- if (bs->drv->bdrv_detach_aio_context) {
+ if (bs->drv && bs->drv->bdrv_detach_aio_context) {
bs->drv->bdrv_detach_aio_context(bs);
}
QLIST_FOREACH(child, &bs->children, next) {
@@ -4960,10 +4956,6 @@ void bdrv_attach_aio_context(BlockDriverState *bs,
BdrvAioNotifier *ban, *ban_tmp;
BdrvChild *child;
- if (!bs->drv) {
- return;
- }
-
if (bs->quiesce_counter) {
aio_disable_external(new_context);
}
@@ -4973,7 +4965,7 @@ void bdrv_attach_aio_context(BlockDriverState *bs,
QLIST_FOREACH(child, &bs->children, next) {
bdrv_attach_aio_context(child->bs, new_context);
}
- if (bs->drv->bdrv_attach_aio_context) {
+ if (bs->drv && bs->drv->bdrv_attach_aio_context) {
bs->drv->bdrv_attach_aio_context(bs, new_context);
}
--
1.8.3.1

57
SOURCES/kvm-block-Fix-AioContext-switch-for-drained-node.patch Normal file
View File

@ -0,0 +1,57 @@
From ee7b9d7867634d052f2c695fcebf68f585fe59c0 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 14 Aug 2019 08:42:27 +0100
Subject: [PATCH 04/10] block: Fix AioContext switch for drained node
RH-Author: Kevin Wolf <kwolf@redhat.com>
Message-id: <20190814084229.6458-4-kwolf@redhat.com>
Patchwork-id: 89969
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 3/5] block: Fix AioContext switch for drained node
Bugzilla: 1716349
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
When a drained node changes its AioContext, we need to move its
aio_disable_external() to the new context, too.
Without this fix, drain_end will try to reenable the new context, which
has never been disabled, so an assertion failure is triggered.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit e64f25f30b80a71bd4e409ed518c39eeb5905166)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/block.c b/block.c
index 82b16df..9d9b8a9 100644
--- a/block.c
+++ b/block.c
@@ -4948,6 +4948,9 @@ void bdrv_detach_aio_context(BlockDriverState *bs)
bdrv_detach_aio_context(child->bs);
}
+ if (bs->quiesce_counter) {
+ aio_enable_external(bs->aio_context);
+ }
bs->aio_context = NULL;
}
@@ -4961,6 +4964,10 @@ void bdrv_attach_aio_context(BlockDriverState *bs,
return;
}
+ if (bs->quiesce_counter) {
+ aio_disable_external(new_context);
+ }
+
bs->aio_context = new_context;
QLIST_FOREACH(child, &bs->children, next) {
--
1.8.3.1

76
SOURCES/kvm-block-Use-normal-drain-for-bdrv_set_aio_context.patch Normal file
View File

@ -0,0 +1,76 @@
From cf6bc30f7b525f0d646db62e49cbf02f3f28a1f2 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 14 Aug 2019 08:42:29 +0100
Subject: [PATCH 06/10] block: Use normal drain for bdrv_set_aio_context()
RH-Author: Kevin Wolf <kwolf@redhat.com>
Message-id: <20190814084229.6458-6-kwolf@redhat.com>
Patchwork-id: 89968
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 5/5] block: Use normal drain for bdrv_set_aio_context()
Bugzilla: 1716349
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Now that bdrv_set_aio_context() works inside drained sections, it can
also use the real drain function instead of open coding something
similar.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit d70d595429ecd9ac4917e53453dd8979db8e5ffd)
RHEL: This conflicts because we didn't backport the removal of the
polling loop. The conflict is resolved so that the polling loop moves to
above the drain and any requests a BH would spawn would still be
correctly drained afterwards. The changed order alone would have
compensated for the virtio-blk bug and it potentially compensates for
other bugs, too (we know of bugs in the NBD client at least), so leaving
the polling loop in, with the new ordering, feels like the safe way for
a downstream backport.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/block.c b/block.c
index 9d9b8a9..8f3ceea 100644
--- a/block.c
+++ b/block.c
@@ -4989,18 +4989,18 @@ void bdrv_attach_aio_context(BlockDriverState *bs,
bs->walking_aio_notifiers = false;
}
+/* The caller must own the AioContext lock for the old AioContext of bs, but it
+ * must not own the AioContext lock for new_context (unless new_context is
+ * the same as the current context of bs). */
void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context)
{
AioContext *ctx = bdrv_get_aio_context(bs);
- aio_disable_external(ctx);
- bdrv_parent_drained_begin(bs, NULL, false);
- bdrv_drain(bs); /* ensure there are no in-flight requests */
-
while (aio_poll(ctx, false)) {
/* wait for all bottom halves to execute */
}
+ bdrv_drained_begin(bs);
bdrv_detach_aio_context(bs);
/* This function executes in the old AioContext so acquire the new one in
@@ -5008,8 +5008,7 @@ void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context)
*/
aio_context_acquire(new_context);
bdrv_attach_aio_context(bs, new_context);
- bdrv_parent_drained_end(bs, NULL, false);
- aio_enable_external(ctx);
+ bdrv_drained_end(bs);
aio_context_release(new_context);
}
--
1.8.3.1

62
SOURCES/kvm-block-backend-Make-blk_inc-dec_in_flight-public.patch Normal file
View File

@ -0,0 +1,62 @@
From 0e5a55b3556fdd23bbeeaca40a151e7062d42c1e Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 14 Aug 2019 08:42:25 +0100
Subject: [PATCH 02/10] block-backend: Make blk_inc/dec_in_flight public
RH-Author: Kevin Wolf <kwolf@redhat.com>
Message-id: <20190814084229.6458-2-kwolf@redhat.com>
Patchwork-id: 89966
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/5] block-backend: Make blk_inc/dec_in_flight public
Bugzilla: 1716349
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
For some users of BlockBackends, just increasing the in_flight counter
is easier than implementing separate handlers in BlockDevOps. Make the
helper functions for this public.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit c90e2a9cfd94bd02d92c53b97f04fd595001de7e)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/block-backend.c | 4 ++--
include/sysemu/block-backend.h | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 0d623e4..e941520 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1294,12 +1294,12 @@ int blk_make_zero(BlockBackend *blk, BdrvRequestFlags flags)
return bdrv_make_zero(blk->root, flags);
}
-static void blk_inc_in_flight(BlockBackend *blk)
+void blk_inc_in_flight(BlockBackend *blk)
{
atomic_inc(&blk->in_flight);
}
-static void blk_dec_in_flight(BlockBackend *blk)
+void blk_dec_in_flight(BlockBackend *blk)
{
atomic_dec(&blk->in_flight);
aio_wait_kick();
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 20f8bbb..815b6e5 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -157,6 +157,8 @@ int blk_co_pdiscard(BlockBackend *blk, int64_t offset, int bytes);
int blk_co_flush(BlockBackend *blk);
int blk_flush(BlockBackend *blk);
int blk_commit_all(void);
+void blk_inc_in_flight(BlockBackend *blk);
+void blk_dec_in_flight(BlockBackend *blk);
void blk_drain(BlockBackend *blk);
void blk_drain_all(void);
void blk_set_on_error(BlockBackend *blk, BlockdevOnError on_read_error,
--
1.8.3.1

98
SOURCES/kvm-block-file-posix-Unaligned-O_DIRECT-block-status.patch Normal file
View File

@ -0,0 +1,98 @@
From 29592218d57f1fe49c1254fffd9b0206cfe29ec7 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:40 +0100
Subject: [PATCH 02/14] block/file-posix: Unaligned O_DIRECT block-status
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-2-mreitz@redhat.com>
Patchwork-id: 89647
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/7] block/file-posix: Unaligned O_DIRECT block-status
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
Currently, qemu crashes whenever someone queries the block status of an
unaligned image tail of an O_DIRECT image:
$ echo > foo
$ qemu-img map --image-opts driver=file,filename=foo,cache.direct=on
Offset Length Mapped to File
qemu-img: block/io.c:2093: bdrv_co_block_status: Assertion `*pnum &&
QEMU_IS_ALIGNED(*pnum, align) && align > offset - aligned_offset'
failed.
This is because bdrv_co_block_status() checks that the result returned
by the driver's implementation is aligned to the request_alignment, but
file-posix can fail to do so, which is actually mentioned in a comment
there: "[...] possibly including a partial sector at EOF".
Fix this by rounding up those partial sectors.
There are two possible alternative fixes:
(1) We could refuse to open unaligned image files with O_DIRECT
altogether. That sounds reasonable until you realize that qcow2
does necessarily not fill up its metadata clusters, and that nobody
runs qemu-img create with O_DIRECT. Therefore, unpreallocated qcow2
files usually have an unaligned image tail.
(2) bdrv_co_block_status() could ignore unaligned tails. It actually
throws away everything past the EOF already, so that sounds
reasonable.
Unfortunately, the block layer knows file lengths only with a
granularity of BDRV_SECTOR_SIZE, so bdrv_co_block_status() usually
would have to guess whether its file length information is inexact
or whether the driver is broken.
Fixing what raw_co_block_status() returns is the safest thing to do.
There seems to be no other block driver that sets request_alignment and
does not make sure that it always returns aligned values.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9c3db310ff0b7473272ae8dce5e04e2f8a825390)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/file-posix.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/block/file-posix.c b/block/file-posix.c
index 5fb5a9a..4b404e4 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -2413,6 +2413,8 @@ static int coroutine_fn raw_co_block_status(BlockDriverState *bs,
off_t data = 0, hole = 0;
int ret;
+ assert(QEMU_IS_ALIGNED(offset | bytes, bs->bl.request_alignment));
+
ret = fd_open(bs);
if (ret < 0) {
return ret;
@@ -2438,6 +2440,20 @@ static int coroutine_fn raw_co_block_status(BlockDriverState *bs,
/* On a data extent, compute bytes to the end of the extent,
* possibly including a partial sector at EOF. */
*pnum = MIN(bytes, hole - offset);
+
+ /*
+ * We are not allowed to return partial sectors, though, so
+ * round up if necessary.
+ */
+ if (!QEMU_IS_ALIGNED(*pnum, bs->bl.request_alignment)) {
+ int64_t file_length = raw_getlength(bs);
+ if (file_length > 0) {
+ /* Ignore errors, this is just a safeguard */
+ assert(hole == file_length);
+ }
+ *pnum = ROUND_UP(*pnum, bs->bl.request_alignment);
+ }
+
ret = BDRV_BLOCK_DATA;
} else {
/* On a hole, compute bytes to the beginning of the next extent. */
--
1.8.3.1

101
SOURCES/kvm-block-gluster-limit-the-transfer-size-to-512-MiB.patch Normal file
View File

@ -0,0 +1,101 @@
From 1788135e55dd9e68e54ba32582702df09819a8fe Mon Sep 17 00:00:00 2001
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Tue, 16 Jul 2019 08:13:10 +0100
Subject: [PATCH 16/39] block/gluster: limit the transfer size to 512 MiB
RH-Author: Stefano Garzarella <sgarzare@redhat.com>
Message-id: <20190716081310.29528-2-sgarzare@redhat.com>
Patchwork-id: 89533
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] block/gluster: limit the transfer size to 512 MiB
Bugzilla: 1728657
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
Several versions of GlusterFS (3.12? -> 6.0.1) fail when the
transfer size is greater or equal to 1024 MiB, so we are
limiting the transfer size to 512 MiB to avoid this rare issue.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1691320
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit de23e72bb7515888fdea2a58c58a2e02370123bd)
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/gluster.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/block/gluster.c b/block/gluster.c
index a6ac2b1..9b29d96 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -9,6 +9,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/units.h"
#include <glusterfs/api/glfs.h>
#include "block/block_int.h"
#include "block/qdict.h"
@@ -41,6 +42,12 @@
#define GLUSTER_DEBUG_MAX 9
#define GLUSTER_OPT_LOGFILE "logfile"
#define GLUSTER_LOGFILE_DEFAULT "-" /* handled in libgfapi as /dev/stderr */
+/*
+ * Several versions of GlusterFS (3.12? -> 6.0.1) fail when the transfer size
+ * is greater or equal to 1024 MiB, so we are limiting the transfer size to 512
+ * MiB to avoid this rare issue.
+ */
+#define GLUSTER_MAX_TRANSFER (512 * MiB)
#define GERR_INDEX_HINT "hint: check in 'server' array index '%d'\n"
@@ -887,6 +894,11 @@ out:
return ret;
}
+static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
+{
+ bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
+}
+
static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
BlockReopenQueue *queue, Error **errp)
{
@@ -1527,6 +1539,7 @@ static BlockDriver bdrv_gluster = {
.bdrv_co_pwrite_zeroes = qemu_gluster_co_pwrite_zeroes,
#endif
.bdrv_co_block_status = qemu_gluster_co_block_status,
+ .bdrv_refresh_limits = qemu_gluster_refresh_limits,
.create_opts = &qemu_gluster_create_opts,
};
@@ -1556,6 +1569,7 @@ static BlockDriver bdrv_gluster_tcp = {
.bdrv_co_pwrite_zeroes = qemu_gluster_co_pwrite_zeroes,
#endif
.bdrv_co_block_status = qemu_gluster_co_block_status,
+ .bdrv_refresh_limits = qemu_gluster_refresh_limits,
.create_opts = &qemu_gluster_create_opts,
};
@@ -1585,6 +1599,7 @@ static BlockDriver bdrv_gluster_unix = {
.bdrv_co_pwrite_zeroes = qemu_gluster_co_pwrite_zeroes,
#endif
.bdrv_co_block_status = qemu_gluster_co_block_status,
+ .bdrv_refresh_limits = qemu_gluster_refresh_limits,
.create_opts = &qemu_gluster_create_opts,
};
@@ -1620,6 +1635,7 @@ static BlockDriver bdrv_gluster_rdma = {
.bdrv_co_pwrite_zeroes = qemu_gluster_co_pwrite_zeroes,
#endif
.bdrv_co_block_status = qemu_gluster_co_block_status,
+ .bdrv_refresh_limits = qemu_gluster_refresh_limits,
.create_opts = &qemu_gluster_create_opts,
};
--
1.8.3.1

392
SOURCES/kvm-block-posix-Always-allocate-the-first-block.patch Normal file
View File

@ -0,0 +1,392 @@
From 273237507842493f78cd492cd54137e828a986ef Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 30 Aug 2019 12:56:27 +0100
Subject: [PATCH 09/10] block: posix: Always allocate the first block
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20190830125628.23668-5-thuth@redhat.com>
Patchwork-id: 90210
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 4/5] block: posix: Always allocate the first block
Bugzilla: 1738839
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
From: Nir Soffer <nirsof@gmail.com>
When creating an image with preallocation "off" or "falloc", the first
block of the image is typically not allocated. When using Gluster
storage backed by XFS filesystem, reading this block using direct I/O
succeeds regardless of request length, fooling alignment detection.
In this case we fallback to a safe value (4096) instead of the optimal
value (512), which may lead to unneeded data copying when aligning
requests. Allocating the first block avoids the fallback.
Since we allocate the first block even with preallocation=off, we no
longer create images with zero disk size:
$ ./qemu-img create -f raw test.raw 1g
Formatting 'test.raw', fmt=raw size=1073741824
$ ls -lhs test.raw
4.0K -rw-r--r--. 1 nsoffer nsoffer 1.0G Aug 16 23:48 test.raw
And converting the image requires additional cluster:
$ ./qemu-img measure -f raw -O qcow2 test.raw
required size: 458752
fully allocated size: 1074135040
When using format like vmdk with multiple files per image, we allocate
one block per file:
$ ./qemu-img create -f vmdk -o subformat=twoGbMaxExtentFlat test.vmdk 4g
Formatting 'test.vmdk', fmt=vmdk size=4294967296 compat6=off hwversion=undefined subformat=twoGbMaxExtentFlat
$ ls -lhs test*.vmdk
4.0K -rw-r--r--. 1 nsoffer nsoffer 2.0G Aug 27 03:23 test-f001.vmdk
4.0K -rw-r--r--. 1 nsoffer nsoffer 2.0G Aug 27 03:23 test-f002.vmdk
4.0K -rw-r--r--. 1 nsoffer nsoffer 353 Aug 27 03:23 test.vmdk
I did quick performance test for copying disks with qemu-img convert to
new raw target image to Gluster storage with sector size of 512 bytes:
for i in $(seq 10); do
rm -f dst.raw
sleep 10
time ./qemu-img convert -f raw -O raw -t none -T none src.raw dst.raw
done
Here is a table comparing the total time spent:
Type Before(s) After(s) Diff(%)
---------------------------------------
real 530.028 469.123 -11.4
user 17.204 10.768 -37.4
sys 17.881 7.011 -60.7
We can see very clear improvement in CPU usage.
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
Message-id: 20190827010528.8818-2-nsoffer@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 3f900188502670a15f8915d5363533512ecd035f)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
block/file-posix.c (simple contextual conflict)
tests/qemu-iotests/059.out (Needed to adapt output a little bit)
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/file-posix.c | 51 ++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/059.out | 2 +-
tests/qemu-iotests/150.out | 11 ---------
tests/qemu-iotests/150.out.qcow2 | 11 +++++++++
tests/qemu-iotests/150.out.raw | 12 ++++++++++
tests/qemu-iotests/175 | 19 ++++++++++-----
tests/qemu-iotests/175.out | 8 +++----
tests/qemu-iotests/178.out.qcow2 | 4 ++--
tests/qemu-iotests/221.out | 12 ++++++----
tests/qemu-iotests/253.out | 12 ++++++----
10 files changed, 110 insertions(+), 32 deletions(-)
delete mode 100644 tests/qemu-iotests/150.out
create mode 100644 tests/qemu-iotests/150.out.qcow2
create mode 100644 tests/qemu-iotests/150.out.raw
diff --git a/block/file-posix.c b/block/file-posix.c
index 84c5a31..dfe0bca 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1605,6 +1605,43 @@ static ssize_t handle_aiocb_discard(RawPosixAIOData *aiocb)
return ret;
}
+/*
+ * Help alignment probing by allocating the first block.
+ *
+ * When reading with direct I/O from unallocated area on Gluster backed by XFS,
+ * reading succeeds regardless of request length. In this case we fallback to
+ * safe alignment which is not optimal. Allocating the first block avoids this
+ * fallback.
+ *
+ * fd may be opened with O_DIRECT, but we don't know the buffer alignment or
+ * request alignment, so we use safe values.
+ *
+ * Returns: 0 on success, -errno on failure. Since this is an optimization,
+ * caller may ignore failures.
+ */
+static int allocate_first_block(int fd, size_t max_size)
+{
+ size_t write_size = (max_size < MAX_BLOCKSIZE)
+ ? BDRV_SECTOR_SIZE
+ : MAX_BLOCKSIZE;
+ size_t max_align = MAX(MAX_BLOCKSIZE, getpagesize());
+ void *buf;
+ ssize_t n;
+ int ret;
+
+ buf = qemu_memalign(max_align, write_size);
+ memset(buf, 0, write_size);
+
+ do {
+ n = pwrite(fd, buf, write_size, 0);
+ } while (n == -1 && errno == EINTR);
+
+ ret = (n == -1) ? -errno : 0;
+
+ qemu_vfree(buf);
+ return ret;
+}
+
static int handle_aiocb_truncate(RawPosixAIOData *aiocb)
{
int result = 0;
@@ -1642,6 +1679,17 @@ static int handle_aiocb_truncate(RawPosixAIOData *aiocb)
/* posix_fallocate() doesn't set errno. */
error_setg_errno(errp, -result,
"Could not preallocate new data");
+ } else if (current_length == 0) {
+ /*
+ * posix_fallocate() uses fallocate() if the filesystem
+ * supports it, or fallback to manually writing zeroes. If
+ * fallocate() was used, unaligned reads from the fallocated
+ * area in raw_probe_alignment() will succeed, hence we need to
+ * allocate the first block.
+ *
+ * Optimize future alignment probing; ignore failures.
+ */
+ allocate_first_block(fd, offset);
}
} else {
result = 0;
@@ -1700,6 +1748,9 @@ static int handle_aiocb_truncate(RawPosixAIOData *aiocb)
if (ftruncate(fd, offset) != 0) {
result = -errno;
error_setg_errno(errp, -result, "Could not resize file");
+ } else if (current_length == 0 && offset > current_length) {
+ /* Optimize future alignment probing; ignore failures. */
+ allocate_first_block(fd, offset);
}
return result;
default:
diff --git a/tests/qemu-iotests/059.out b/tests/qemu-iotests/059.out
index f6dce79..19cd591 100644
--- a/tests/qemu-iotests/059.out
+++ b/tests/qemu-iotests/059.out
@@ -27,7 +27,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824000 subformat=twoGbMax
image: TEST_DIR/t.vmdk
file format: vmdk
virtual size: 1.0T (1073741824000 bytes)
-disk size: 16K
+disk size: 2.0M
Format specific information:
cid: XXXXXXXX
parent cid: XXXXXXXX
diff --git a/tests/qemu-iotests/150.out b/tests/qemu-iotests/150.out
deleted file mode 100644
index 2a54e8d..0000000
--- a/tests/qemu-iotests/150.out
+++ /dev/null
@@ -1,11 +0,0 @@
-QA output created by 150
-
-=== Mapping sparse conversion ===
-
-Offset Length File
-
-=== Mapping non-sparse conversion ===
-
-Offset Length File
-0 0x100000 TEST_DIR/t.IMGFMT
-*** done
diff --git a/tests/qemu-iotests/150.out.qcow2 b/tests/qemu-iotests/150.out.qcow2
new file mode 100644
index 0000000..2a54e8d
--- /dev/null
+++ b/tests/qemu-iotests/150.out.qcow2
@@ -0,0 +1,11 @@
+QA output created by 150
+
+=== Mapping sparse conversion ===
+
+Offset Length File
+
+=== Mapping non-sparse conversion ===
+
+Offset Length File
+0 0x100000 TEST_DIR/t.IMGFMT
+*** done
diff --git a/tests/qemu-iotests/150.out.raw b/tests/qemu-iotests/150.out.raw
new file mode 100644
index 0000000..3cdc772
--- /dev/null
+++ b/tests/qemu-iotests/150.out.raw
@@ -0,0 +1,12 @@
+QA output created by 150
+
+=== Mapping sparse conversion ===
+
+Offset Length File
+0 0x1000 TEST_DIR/t.IMGFMT
+
+=== Mapping non-sparse conversion ===
+
+Offset Length File
+0 0x100000 TEST_DIR/t.IMGFMT
+*** done
diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
index 2e37c9a..b3b7712 100755
--- a/tests/qemu-iotests/175
+++ b/tests/qemu-iotests/175
@@ -38,14 +38,16 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
# the file size. This function hides the resulting difference in the
# stat -c '%b' output.
# Parameter 1: Number of blocks an empty file occupies
-# Parameter 2: Image size in bytes
+# Parameter 2: Minimal number of blocks in an image
+# Parameter 3: Image size in bytes
_filter_blocks()
{
extra_blocks=$1
- img_size=$2
+ min_blocks=$2
+ img_size=$3
- sed -e "s/blocks=$extra_blocks\\(\$\\|[^0-9]\\)/nothing allocated/" \
- -e "s/blocks=$((extra_blocks + img_size / 512))\\(\$\\|[^0-9]\\)/everything allocated/"
+ sed -e "s/blocks=$min_blocks\\(\$\\|[^0-9]\\)/min allocation/" \
+ -e "s/blocks=$((extra_blocks + img_size / 512))\\(\$\\|[^0-9]\\)/max allocation/"
}
# get standard environment, filters and checks
@@ -61,16 +63,21 @@ size=$((1 * 1024 * 1024))
touch "$TEST_DIR/empty"
extra_blocks=$(stat -c '%b' "$TEST_DIR/empty")
+# We always write the first byte; check how many blocks this filesystem
+# allocates to match empty image alloation.
+printf "\0" > "$TEST_DIR/empty"
+min_blocks=$(stat -c '%b' "$TEST_DIR/empty")
+
echo
echo "== creating image with default preallocation =="
_make_test_img $size | _filter_imgfmt
-stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $size
+stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $size
for mode in off full falloc; do
echo
echo "== creating image with preallocation $mode =="
IMGOPTS=preallocation=$mode _make_test_img $size | _filter_imgfmt
- stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $size
+ stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $size
done
# success, all done
diff --git a/tests/qemu-iotests/175.out b/tests/qemu-iotests/175.out
index 6d9a5ed..263e521 100644
--- a/tests/qemu-iotests/175.out
+++ b/tests/qemu-iotests/175.out
@@ -2,17 +2,17 @@ QA output created by 175
== creating image with default preallocation ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
-size=1048576, nothing allocated
+size=1048576, min allocation
== creating image with preallocation off ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=off
-size=1048576, nothing allocated
+size=1048576, min allocation
== creating image with preallocation full ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=full
-size=1048576, everything allocated
+size=1048576, max allocation
== creating image with preallocation falloc ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=falloc
-size=1048576, everything allocated
+size=1048576, max allocation
*** done
diff --git a/tests/qemu-iotests/178.out.qcow2 b/tests/qemu-iotests/178.out.qcow2
index d42d4a4..12edc3d 100644
--- a/tests/qemu-iotests/178.out.qcow2
+++ b/tests/qemu-iotests/178.out.qcow2
@@ -96,7 +96,7 @@ converted image file size in bytes: 196608
== raw input image with data (human) ==
Formatting 'TEST_DIR/t.qcow2', fmt=IMGFMT size=1073741824
-required size: 393216
+required size: 458752
fully allocated size: 1074135040
wrote 512/512 bytes at offset 512
512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -240,7 +240,7 @@ converted image file size in bytes: 196608
Formatting 'TEST_DIR/t.qcow2', fmt=IMGFMT size=1073741824
{
- "required": 393216,
+ "required": 458752,
"fully-allocated": 1074135040
}
wrote 512/512 bytes at offset 512
diff --git a/tests/qemu-iotests/221.out b/tests/qemu-iotests/221.out
index 9f9dd52..dca024a 100644
--- a/tests/qemu-iotests/221.out
+++ b/tests/qemu-iotests/221.out
@@ -3,14 +3,18 @@ QA output created by 221
=== Check mapping of unaligned raw image ===
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65537
-[{ "start": 0, "length": 66048, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 66048, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 61952, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 61952, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
wrote 1/1 bytes at offset 65536
1 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-[{ "start": 0, "length": 65536, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 61440, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
{ "start": 65536, "length": 1, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
{ "start": 65537, "length": 511, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 65536, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 61440, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
{ "start": 65536, "length": 1, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
{ "start": 65537, "length": 511, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
*** done
diff --git a/tests/qemu-iotests/253.out b/tests/qemu-iotests/253.out
index 607c0ba..3d08b30 100644
--- a/tests/qemu-iotests/253.out
+++ b/tests/qemu-iotests/253.out
@@ -3,12 +3,16 @@ QA output created by 253
=== Check mapping of unaligned raw image ===
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048575
-[{ "start": 0, "length": 1048576, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 1048576, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 1044480, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 1044480, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
wrote 65535/65535 bytes at offset 983040
63.999 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-[{ "start": 0, "length": 983040, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 978944, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
{ "start": 983040, "length": 65536, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-[{ "start": 0, "length": 983040, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 4096, "length": 978944, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
{ "start": 983040, "length": 65536, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
*** done
--
1.8.3.1

220
SOURCES/kvm-block-ssh-Convert-from-DPRINTF-macro-to-trace-events.patch Normal file
View File

@ -0,0 +1,220 @@
From f087aa3581b13254e4de34784631f1852a9ddbec Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:52 +0100
Subject: [PATCH 06/39] block/ssh: Convert from DPRINTF() macro to trace events
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-2-ptoscano@redhat.com>
Patchwork-id: 89415
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 01/10] block/ssh: Convert from DPRINTF() macro to trace events
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20181213162727.17438-2-lvivier@redhat.com
[mreitz: Fixed type of ssh_{read,write}_return's parameter to be ssize_t
instead of size_t]
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 023908a24de4f264dbcd22352e8a304424005bd4)
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/ssh.c | 46 +++++++++++++++++-----------------------------
block/trace-events | 17 +++++++++++++++++
2 files changed, 34 insertions(+), 29 deletions(-)
diff --git a/block/ssh.c b/block/ssh.c
index 6a55d82..dfb3e3c 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -41,27 +41,17 @@
#include "qapi/qmp/qstring.h"
#include "qapi/qobject-input-visitor.h"
#include "qapi/qobject-output-visitor.h"
+#include "trace.h"
-/* DEBUG_SSH=1 enables the DPRINTF (debugging printf) statements in
- * this block driver code.
- *
+/*
* TRACE_LIBSSH2=<bitmask> enables tracing in libssh2 itself. Note
* that this requires that libssh2 was specially compiled with the
* `./configure --enable-debug' option, so most likely you will have
* to compile it yourself. The meaning of <bitmask> is described
* here: http://www.libssh2.org/libssh2_trace.html
*/
-#define DEBUG_SSH 0
#define TRACE_LIBSSH2 0 /* or try: LIBSSH2_TRACE_SFTP */
-#define DPRINTF(fmt, ...) \
- do { \
- if (DEBUG_SSH) { \
- fprintf(stderr, "ssh: %-15s " fmt "\n", \
- __func__, ##__VA_ARGS__); \
- } \
- } while (0)
-
typedef struct BDRVSSHState {
/* Coroutine. */
CoMutex lock;
@@ -336,7 +326,7 @@ static int check_host_key_knownhosts(BDRVSSHState *s,
switch (r) {
case LIBSSH2_KNOWNHOST_CHECK_MATCH:
/* OK */
- DPRINTF("host key OK: %s", found->key);
+ trace_ssh_check_host_key_knownhosts(found->key);
break;
case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
ret = -EINVAL;
@@ -721,8 +711,7 @@ static int connect_to_ssh(BDRVSSHState *s, BlockdevOptionsSsh *opts,
}
/* Open the remote file. */
- DPRINTF("opening file %s flags=0x%x creat_mode=0%o",
- opts->path, ssh_flags, creat_mode);
+ trace_ssh_connect_to_ssh(opts->path, ssh_flags, creat_mode);
s->sftp_handle = libssh2_sftp_open(s->sftp, opts->path, ssh_flags,
creat_mode);
if (!s->sftp_handle) {
@@ -890,7 +879,7 @@ static int coroutine_fn ssh_co_create_opts(const char *filename, QemuOpts *opts,
/* Get desired file size. */
ssh_opts->size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
BDRV_SECTOR_SIZE);
- DPRINTF("total_size=%" PRIi64, ssh_opts->size);
+ trace_ssh_co_create_opts(ssh_opts->size);
uri_options = qdict_new();
ret = parse_uri(filename, uri_options, errp);
@@ -946,7 +935,7 @@ static void restart_coroutine(void *opaque)
BDRVSSHState *s = bs->opaque;
AioContext *ctx = bdrv_get_aio_context(bs);
- DPRINTF("co=%p", restart->co);
+ trace_ssh_restart_coroutine(restart->co);
aio_set_fd_handler(ctx, s->sock, false, NULL, NULL, NULL, NULL);
aio_co_wake(restart->co);
@@ -974,13 +963,12 @@ static coroutine_fn void co_yield(BDRVSSHState *s, BlockDriverState *bs)
wr_handler = restart_coroutine;
}
- DPRINTF("s->sock=%d rd_handler=%p wr_handler=%p", s->sock,
- rd_handler, wr_handler);
+ trace_ssh_co_yield(s->sock, rd_handler, wr_handler);
aio_set_fd_handler(bdrv_get_aio_context(bs), s->sock,
false, rd_handler, wr_handler, NULL, &restart);
qemu_coroutine_yield();
- DPRINTF("s->sock=%d - back", s->sock);
+ trace_ssh_co_yield_back(s->sock);
}
/* SFTP has a function `libssh2_sftp_seek64' which seeks to a position
@@ -1003,7 +991,7 @@ static void ssh_seek(BDRVSSHState *s, int64_t offset, int flags)
bool force = (flags & SSH_SEEK_FORCE) != 0;
if (force || op_read != s->offset_op_read || offset != s->offset) {
- DPRINTF("seeking to offset=%" PRIi64, offset);
+ trace_ssh_seek(offset);
libssh2_sftp_seek64(s->sftp_handle, offset);
s->offset = offset;
s->offset_op_read = op_read;
@@ -1019,7 +1007,7 @@ static coroutine_fn int ssh_read(BDRVSSHState *s, BlockDriverState *bs,
char *buf, *end_of_vec;
struct iovec *i;
- DPRINTF("offset=%" PRIi64 " size=%zu", offset, size);
+ trace_ssh_read(offset, size);
ssh_seek(s, offset, SSH_SEEK_READ);
@@ -1038,9 +1026,9 @@ static coroutine_fn int ssh_read(BDRVSSHState *s, BlockDriverState *bs,
*/
for (got = 0; got < size; ) {
again:
- DPRINTF("sftp_read buf=%p size=%zu", buf, end_of_vec - buf);
+ trace_ssh_read_buf(buf, end_of_vec - buf);
r = libssh2_sftp_read(s->sftp_handle, buf, end_of_vec - buf);
- DPRINTF("sftp_read returned %zd", r);
+ trace_ssh_read_return(r);
if (r == LIBSSH2_ERROR_EAGAIN || r == LIBSSH2_ERROR_TIMEOUT) {
co_yield(s, bs);
@@ -1094,7 +1082,7 @@ static int ssh_write(BDRVSSHState *s, BlockDriverState *bs,
char *buf, *end_of_vec;
struct iovec *i;
- DPRINTF("offset=%" PRIi64 " size=%zu", offset, size);
+ trace_ssh_write(offset, size);
ssh_seek(s, offset, SSH_SEEK_WRITE);
@@ -1108,9 +1096,9 @@ static int ssh_write(BDRVSSHState *s, BlockDriverState *bs,
for (written = 0; written < size; ) {
again:
- DPRINTF("sftp_write buf=%p size=%zu", buf, end_of_vec - buf);
+ trace_ssh_write_buf(buf, end_of_vec - buf);
r = libssh2_sftp_write(s->sftp_handle, buf, end_of_vec - buf);
- DPRINTF("sftp_write returned %zd", r);
+ trace_ssh_write_return(r);
if (r == LIBSSH2_ERROR_EAGAIN || r == LIBSSH2_ERROR_TIMEOUT) {
co_yield(s, bs);
@@ -1185,7 +1173,7 @@ static coroutine_fn int ssh_flush(BDRVSSHState *s, BlockDriverState *bs)
{
int r;
- DPRINTF("fsync");
+ trace_ssh_flush();
again:
r = libssh2_sftp_fsync(s->sftp_handle);
if (r == LIBSSH2_ERROR_EAGAIN || r == LIBSSH2_ERROR_TIMEOUT) {
@@ -1236,7 +1224,7 @@ static int64_t ssh_getlength(BlockDriverState *bs)
/* Note we cannot make a libssh2 call here. */
length = (int64_t) s->attrs.filesize;
- DPRINTF("length=%" PRIi64, length);
+ trace_ssh_getlength(length);
return length;
}
diff --git a/block/trace-events b/block/trace-events
index c35287b..4c69548 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -150,3 +150,20 @@ nvme_free_req_queue_wait(void *q) "q %p"
nvme_cmd_map_qiov(void *s, void *cmd, void *req, void *qiov, int entries) "s %p cmd %p req %p qiov %p entries %d"
nvme_cmd_map_qiov_pages(void *s, int i, uint64_t page) "s %p page[%d] 0x%"PRIx64
nvme_cmd_map_qiov_iov(void *s, int i, void *page, int pages) "s %p iov[%d] %p pages %d"
+
+# block/ssh.c
+ssh_restart_coroutine(void *co) "co=%p"
+ssh_flush(void) "fsync"
+ssh_check_host_key_knownhosts(const char *key) "host key OK: %s"
+ssh_connect_to_ssh(char *path, int flags, int mode) "opening file %s flags=0x%x creat_mode=0%o"
+ssh_co_yield(int sock, void *rd_handler, void *wr_handler) "s->sock=%d rd_handler=%p wr_handler=%p"
+ssh_co_yield_back(int sock) "s->sock=%d - back"
+ssh_getlength(int64_t length) "length=%" PRIi64
+ssh_co_create_opts(uint64_t size) "total_size=%" PRIu64
+ssh_read(int64_t offset, size_t size) "offset=%" PRIi64 " size=%zu"
+ssh_read_buf(void *buf, size_t size) "sftp_read buf=%p size=%zu"
+ssh_read_return(ssize_t ret) "sftp_read returned %zd"
+ssh_write(int64_t offset, size_t size) "offset=%" PRIi64 " size=%zu"
+ssh_write_buf(void *buf, size_t size) "sftp_write buf=%p size=%zu"
+ssh_write_return(ssize_t ret) "sftp_write returned %zd"
+ssh_seek(int64_t offset) "seeking to offset=%" PRIi64
--
1.8.3.1

132
SOURCES/kvm-block-ssh-Do-not-report-read-write-flush-errors-to-t.patch Normal file
View File

@ -0,0 +1,132 @@
From 2deb556f99ae439125674fa3c6d77424048fd30c Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:53 +0100
Subject: [PATCH 07/39] block/ssh: Do not report read/write/flush errors to the
user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-3-ptoscano@redhat.com>
Patchwork-id: 89418
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 02/10] block/ssh: Do not report read/write/flush errors to the user
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Markus Armbruster <armbru@redhat.com>
Callbacks ssh_co_readv(), ssh_co_writev(), ssh_co_flush() report
errors to the user with error_printf(). They shouldn't, it's their
caller's job. Replace by a suitable trace point. While there, drop
the unreachable !s->sftp case.
Perhaps we should convert this part of the block driver interface to
Error, so block drivers can pass more detail to their callers. Not
today.
Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Max Reitz <mreitz@redhat.com>
Cc: qemu-block@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190417190641.26814-3-armbru@redhat.com>
(cherry picked from commit 6b3048cee0e0eccd27b62954ecc57c4a1bceb976)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/ssh.c | 38 +++++++++++++-------------------------
block/trace-events | 3 +++
2 files changed, 16 insertions(+), 25 deletions(-)
diff --git a/block/ssh.c b/block/ssh.c
index dfb3e3c..89abce0 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -159,31 +159,19 @@ sftp_error_setg(Error **errp, BDRVSSHState *s, const char *fs, ...)
g_free(msg);
}
-static void GCC_FMT_ATTR(2, 3)
-sftp_error_report(BDRVSSHState *s, const char *fs, ...)
+static void sftp_error_trace(BDRVSSHState *s, const char *op)
{
- va_list args;
-
- va_start(args, fs);
- error_vprintf(fs, args);
+ char *ssh_err;
+ int ssh_err_code;
+ unsigned long sftp_err_code;
- if ((s)->sftp) {
- char *ssh_err;
- int ssh_err_code;
- unsigned long sftp_err_code;
+ /* This is not an errno. See <libssh2.h>. */
+ ssh_err_code = libssh2_session_last_error(s->session,
+ &ssh_err, NULL, 0);
+ /* See <libssh2_sftp.h>. */
+ sftp_err_code = libssh2_sftp_last_error((s)->sftp);
- /* This is not an errno. See <libssh2.h>. */
- ssh_err_code = libssh2_session_last_error(s->session,
- &ssh_err, NULL, 0);
- /* See <libssh2_sftp.h>. */
- sftp_err_code = libssh2_sftp_last_error((s)->sftp);
-
- error_printf(": %s (libssh2 error code: %d, sftp error code: %lu)",
- ssh_err, ssh_err_code, sftp_err_code);
- }
-
- va_end(args);
- error_printf("\n");
+ trace_sftp_error(op, ssh_err, ssh_err_code, sftp_err_code);
}
static int parse_uri(const char *filename, QDict *options, Error **errp)
@@ -1035,7 +1023,7 @@ static coroutine_fn int ssh_read(BDRVSSHState *s, BlockDriverState *bs,
goto again;
}
if (r < 0) {
- sftp_error_report(s, "read failed");
+ sftp_error_trace(s, "read");
s->offset = -1;
return -EIO;
}
@@ -1105,7 +1093,7 @@ static int ssh_write(BDRVSSHState *s, BlockDriverState *bs,
goto again;
}
if (r < 0) {
- sftp_error_report(s, "write failed");
+ sftp_error_trace(s, "write");
s->offset = -1;
return -EIO;
}
@@ -1186,7 +1174,7 @@ static coroutine_fn int ssh_flush(BDRVSSHState *s, BlockDriverState *bs)
return 0;
}
if (r < 0) {
- sftp_error_report(s, "fsync failed");
+ sftp_error_trace(s, "fsync");
return -EIO;
}
diff --git a/block/trace-events b/block/trace-events
index 4c69548..23c9963 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -167,3 +167,6 @@ ssh_write(int64_t offset, size_t size) "offset=%" PRIi64 " size=%zu"
ssh_write_buf(void *buf, size_t size) "sftp_write buf=%p size=%zu"
ssh_write_return(ssize_t ret) "sftp_write returned %zd"
ssh_seek(int64_t offset) "seeking to offset=%" PRIi64
+
+# ssh.c
+sftp_error(const char *op, const char *ssh_err, int ssh_err_code, unsigned long sftp_err_code) "%s failed: %s (libssh2 error code: %d, sftp error code: %lu)"
--
1.8.3.1

291
SOURCES/kvm-block-ssh-Implement-.bdrv_refresh_filename.patch Normal file
View File

@ -0,0 +1,291 @@
From cd8ddc9c29115f6f8428fc17fbded67f0ce99004 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:57 +0100
Subject: [PATCH 11/39] block/ssh: Implement .bdrv_refresh_filename()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-7-ptoscano@redhat.com>
Patchwork-id: 89417
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 06/10] block/ssh: Implement .bdrv_refresh_filename()
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Max Reitz <mreitz@redhat.com>
This requires some changes to keep iotests 104 and 207 working.
qemu-img info in 104 will now return a filename including the user name
and the port, which need to be filtered by adjusting REMOTE_TEST_DIR in
common.rc. This additional information has to be marked optional,
however (which is simple as REMOTE_TEST_DIR is a regex), because
otherwise 197 and 215 would fail: They use it (indirectly) to filter
qemu-img create output which contains a backing filename they have
passed to it -- which probably does not contain a user name or port
number.
The problem in 207 is a nice one to have: qemu-img info used to return
json:{} filenames, but with this patch it returns nice plain ones. We
now need to adjust the filtering to hide the user name (and port number
while we are at it). The simplest way to do this is to include both in
iotests.remote_filename() so that bdrv_refresh_filename() will not
change it, and then iotests.img_info_log() will filter it correctly
automatically.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 20190225190828.17726-2-mreitz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit b8c1f90118ee81090ff9093790f88bf335132814)
This patch was modified for the lack of 998b3a1e5a2dd23bf89a853e15fab,
by adding the 'QDict *options' parameter to ssh_refresh_filename(),
matching the requested prototype, and setting bs->full_open_options to
the specified option (following the hint of Max Reitz).
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/ssh.c | 55 +++++++++++++++++++++++++++++++++++++++----
tests/qemu-iotests/207 | 10 ++++----
tests/qemu-iotests/207.out | 10 ++++----
tests/qemu-iotests/common.rc | 2 +-
tests/qemu-iotests/iotests.py | 2 +-
5 files changed, 62 insertions(+), 17 deletions(-)
diff --git a/block/ssh.c b/block/ssh.c
index 89abce0..f0ef874 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -75,6 +75,14 @@ typedef struct BDRVSSHState {
/* Used to warn if 'flush' is not supported. */
bool unsafe_flush_warning;
+
+ /*
+ * Store the user name for ssh_refresh_filename() because the
+ * default depends on the system you are on -- therefore, when we
+ * generate a filename, it should always contain the user name we
+ * are actually using.
+ */
+ char *user;
} BDRVSSHState;
static void ssh_state_init(BDRVSSHState *s)
@@ -87,6 +95,8 @@ static void ssh_state_init(BDRVSSHState *s)
static void ssh_state_free(BDRVSSHState *s)
{
+ g_free(s->user);
+
if (s->sftp_handle) {
libssh2_sftp_close(s->sftp_handle);
}
@@ -628,14 +638,13 @@ static int connect_to_ssh(BDRVSSHState *s, BlockdevOptionsSsh *opts,
int ssh_flags, int creat_mode, Error **errp)
{
int r, ret;
- const char *user;
long port = 0;
if (opts->has_user) {
- user = opts->user;
+ s->user = g_strdup(opts->user);
} else {
- user = g_get_user_name();
- if (!user) {
+ s->user = g_strdup(g_get_user_name());
+ if (!s->user) {
error_setg_errno(errp, errno, "Can't get user name");
ret = -errno;
goto err;
@@ -685,7 +694,7 @@ static int connect_to_ssh(BDRVSSHState *s, BlockdevOptionsSsh *opts,
}
/* Authenticate. */
- ret = authenticate(s, user, errp);
+ ret = authenticate(s, s->user, errp);
if (ret < 0) {
goto err;
}
@@ -1240,6 +1249,41 @@ static int coroutine_fn ssh_co_truncate(BlockDriverState *bs, int64_t offset,
return ssh_grow_file(s, offset, errp);
}
+static void ssh_refresh_filename(BlockDriverState *bs, QDict *options)
+{
+ BDRVSSHState *s = bs->opaque;
+ const char *path, *host_key_check;
+ int ret;
+
+ qdict_put_str(options, "driver", "ssh");
+ bs->full_open_options = qobject_ref(options);
+
+ /*
+ * None of these options can be represented in a plain "host:port"
+ * format, so if any was given, we have to abort.
+ */
+ if (s->inet->has_ipv4 || s->inet->has_ipv6 || s->inet->has_to ||
+ s->inet->has_numeric)
+ {
+ return;
+ }
+
+ path = qdict_get_try_str(bs->full_open_options, "path");
+ assert(path); /* mandatory option */
+
+ host_key_check = qdict_get_try_str(bs->full_open_options, "host_key_check");
+
+ ret = snprintf(bs->exact_filename, sizeof(bs->exact_filename),
+ "ssh://%s@%s:%s%s%s%s",
+ s->user, s->inet->host, s->inet->port, path,
+ host_key_check ? "?host_key_check=" : "",
+ host_key_check ?: "");
+ if (ret >= sizeof(bs->exact_filename)) {
+ /* An overflow makes the filename unusable, so do not report any */
+ bs->exact_filename[0] = '\0';
+ }
+}
+
static BlockDriver bdrv_ssh = {
.format_name = "ssh",
.protocol_name = "ssh",
@@ -1255,6 +1299,7 @@ static BlockDriver bdrv_ssh = {
.bdrv_getlength = ssh_getlength,
.bdrv_co_truncate = ssh_co_truncate,
.bdrv_co_flush_to_disk = ssh_co_flush,
+ .bdrv_refresh_filename = ssh_refresh_filename,
.create_opts = &ssh_create_opts,
};
diff --git a/tests/qemu-iotests/207 b/tests/qemu-iotests/207
index 444ae23..8202bd1 100755
--- a/tests/qemu-iotests/207
+++ b/tests/qemu-iotests/207
@@ -62,7 +62,7 @@ with iotests.FilePath('t.img') as disk_path, \
'size': 4194304 })
vm.shutdown()
- iotests.img_info_log(remote_path, filter_path=disk_path)
+ iotests.img_info_log(remote_path)
iotests.log("")
iotests.img_info_log(disk_path)
@@ -87,7 +87,7 @@ with iotests.FilePath('t.img') as disk_path, \
'size': 8388608 })
vm.shutdown()
- iotests.img_info_log(remote_path, filter_path=disk_path)
+ iotests.img_info_log(remote_path)
vm.launch()
blockdev_create(vm, { 'driver': 'ssh',
@@ -104,7 +104,7 @@ with iotests.FilePath('t.img') as disk_path, \
'size': 4194304 })
vm.shutdown()
- iotests.img_info_log(remote_path, filter_path=disk_path)
+ iotests.img_info_log(remote_path)
md5_key = subprocess.check_output(
'ssh-keyscan -t rsa 127.0.0.1 2>/dev/null | grep -v "\\^#" | ' +
@@ -142,7 +142,7 @@ with iotests.FilePath('t.img') as disk_path, \
'size': 8388608 })
vm.shutdown()
- iotests.img_info_log(remote_path, filter_path=disk_path)
+ iotests.img_info_log(remote_path)
sha1_key = subprocess.check_output(
'ssh-keyscan -t rsa 127.0.0.1 2>/dev/null | grep -v "\\^#" | ' +
@@ -180,7 +180,7 @@ with iotests.FilePath('t.img') as disk_path, \
'size': 4194304 })
vm.shutdown()
- iotests.img_info_log(remote_path, filter_path=disk_path)
+ iotests.img_info_log(remote_path)
#
# Invalid path and user
diff --git a/tests/qemu-iotests/207.out b/tests/qemu-iotests/207.out
index 078b7e6..fc131a6 100644
--- a/tests/qemu-iotests/207.out
+++ b/tests/qemu-iotests/207.out
@@ -5,7 +5,7 @@
{'execute': 'job-dismiss', 'arguments': {'id': 'job0'}}
{u'return': {}}
-image: json:{"driver": "IMGFMT", "file": {"server.host": "127.0.0.1", "server.port": "22", "driver": "ssh", "path": "TEST_IMG"}}
+image: TEST_IMG
file format: IMGFMT
virtual size: 4.0M (4194304 bytes)
@@ -21,7 +21,7 @@ virtual size: 4.0M (4194304 bytes)
{'execute': 'job-dismiss', 'arguments': {'id': 'job0'}}
{u'return': {}}
-image: json:{"driver": "IMGFMT", "file": {"server.host": "127.0.0.1", "server.port": "22", "driver": "ssh", "path": "TEST_IMG"}}
+image: TEST_IMG
file format: IMGFMT
virtual size: 8.0M (8388608 bytes)
@@ -30,7 +30,7 @@ virtual size: 8.0M (8388608 bytes)
{'execute': 'job-dismiss', 'arguments': {'id': 'job0'}}
{u'return': {}}
-image: json:{"driver": "IMGFMT", "file": {"server.host": "127.0.0.1", "server.port": "22", "driver": "ssh", "path": "TEST_IMG"}}
+image: TEST_IMG
file format: IMGFMT
virtual size: 4.0M (4194304 bytes)
@@ -45,7 +45,7 @@ Job failed: remote host key does not match host_key_check 'wrong'
{'execute': 'job-dismiss', 'arguments': {'id': 'job0'}}
{u'return': {}}
-image: json:{"driver": "IMGFMT", "file": {"server.host": "127.0.0.1", "server.port": "22", "driver": "ssh", "path": "TEST_IMG"}}
+image: TEST_IMG
file format: IMGFMT
virtual size: 8.0M (8388608 bytes)
@@ -60,7 +60,7 @@ Job failed: remote host key does not match host_key_check 'wrong'
{'execute': 'job-dismiss', 'arguments': {'id': 'job0'}}
{u'return': {}}
-image: json:{"driver": "IMGFMT", "file": {"server.host": "127.0.0.1", "server.port": "22", "driver": "ssh", "path": "TEST_IMG"}}
+image: TEST_IMG
file format: IMGFMT
virtual size: 4.0M (4194304 bytes)
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index 6490c8d..9ff8fa1 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -145,7 +145,7 @@ else
TEST_IMG="nbd:127.0.0.1:10810"
elif [ "$IMGPROTO" = "ssh" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
- REMOTE_TEST_DIR="ssh://127.0.0.1$TEST_DIR"
+ REMOTE_TEST_DIR="ssh://\\($USER@\\)\\?127.0.0.1\\(:[0-9]\\+\\)\\?$TEST_DIR"
TEST_IMG="ssh://127.0.0.1$TEST_IMG_FILE"
elif [ "$IMGPROTO" = "nfs" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 4e67fbb..0f6980a 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -325,7 +325,7 @@ def remote_filename(path):
if imgproto == 'file':
return path
elif imgproto == 'ssh':
- return "ssh://127.0.0.1%s" % (path)
+ return "ssh://%s@127.0.0.1:22%s" % (os.environ.get('USER'), path)
else:
raise Exception("Protocol %s not supported" % (imgproto))
--
1.8.3.1

67
SOURCES/kvm-ccid-Fix-dwProtocols-advertisement-of-T-0.patch Normal file
View File

@ -0,0 +1,67 @@
From e541592f0c98696276261a7c36afe074a3bdd956 Mon Sep 17 00:00:00 2001
From: Maxim Levitsky <mlevitsk@redhat.com>
Date: Wed, 18 Sep 2019 18:45:52 +0100
Subject: [PATCH 11/22] ccid: Fix dwProtocols advertisement of T=0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Maxim Levitsky <mlevitsk@redhat.com>
Message-id: <20190918184552.10820-2-mlevitsk@redhat.com>
Patchwork-id: 90769
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/1] ccid: Fix dwProtocols advertisement of T=0
Bugzilla: 1746361
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Jason Andryuk <jandryuk@gmail.com>
Commit d7d218ef02d87c637d20d64da8f575d434ff6f78 attempted to change
dwProtocols to only advertise support for T=0 and not T=1. The change
was incorrect as it changed 0x00000003 to 0x00010000.
lsusb -v in a linux guest shows:
"dwProtocols 65536 (Invalid values detected)", though the
smart card could still be accessed. Windows 7 does not detect inserted
smart cards and logs the the following Error in the Event Logs:
Source: Smart Card Service
Event ID: 610
Smart Card Reader 'QEMU QEMU USB CCID 0' rejected IOCTL SET_PROTOCOL:
Incorrect function. If this error persists, your smart card or reader
may not be functioning correctly
Command Header: 03 00 00 00
Setting to 0x00000001 fixes the Windows issue.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Message-id: 20180420183219.20722-1-jandryuk@gmail.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 0ee86bb6c5beb6498488850104f7557c376d0bef)
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/usb/dev-smartcard-reader.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index e646805..cabb564 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -329,8 +329,8 @@ static const uint8_t qemu_ccid_descriptor[] = {
*/
0x07, /* u8 bVoltageSupport; 01h - 5.0v, 02h - 3.0, 03 - 1.8 */
- 0x00, 0x00, /* u32 dwProtocols; RRRR PPPP. RRRR = 0000h.*/
- 0x01, 0x00, /* PPPP: 0001h = Protocol T=0, 0002h = Protocol T=1 */
+ 0x01, 0x00, /* u32 dwProtocols; RRRR PPPP. RRRR = 0000h.*/
+ 0x00, 0x00, /* PPPP: 0001h = Protocol T=0, 0002h = Protocol T=1 */
/* u32 dwDefaultClock; in kHZ (0x0fa0 is 4 MHz) */
0xa0, 0x0f, 0x00, 0x00,
/* u32 dwMaximumClock; */
--
1.8.3.1

69
SOURCES/kvm-console-Avoid-segfault-in-screendump.patch Normal file
View File

@ -0,0 +1,69 @@
From 60df0d1b59e02c4ef2964473f84b707153ccad58 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 13 Aug 2019 12:21:56 +0100
Subject: [PATCH 1/3] console: Avoid segfault in screendump
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <20190813122156.5609-2-kraxel@redhat.com>
Patchwork-id: 89958
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] console: Avoid segfault in screendump
Bugzilla: 1684383
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
After f771c5440e04626f1 it is possible to select device and
head which to take screendump from. And even though we check if
provided head number falls within range, it may still happen that
the console has no surface yet leading to SIGSEGV:
qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \
-qmp stdio \
-device virtio-vga,id=video0,max_outputs=4
{"execute":"qmp_capabilities"}
{"execute":"screendump", "arguments":{"filename":"/tmp/screen.ppm", "device":"video0", "head":1}}
Segmentation fault
#0 0x00005628249dda88 in ppm_save (filename=0x56282826cbc0 "/tmp/screen.ppm", ds=0x0, errp=0x7fff52a6fae0) at ui/console.c:304
#1 0x00005628249ddd9b in qmp_screendump (filename=0x56282826cbc0 "/tmp/screen.ppm", has_device=true, device=0x5628276902d0 "video0", has_head=true, head=1, errp=0x7fff52a6fae0) at ui/console.c:375
#2 0x00005628247740df in qmp_marshal_screendump (args=0x562828265e00, ret=0x7fff52a6fb68, errp=0x7fff52a6fb60) at qapi/qapi-commands-ui.c:110
Here, @ds from frame #0 (or @surface from frame #1) is
dereferenced at the very beginning of ppm_save(). And because
it's NULL crash happens.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: cb05bb1909daa6ba62145c0194aafa05a14ed3d1.1526569138.git.mprivozn@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 08d9864fa4e0c616e076ca8b225d39a7ecb189af)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
ui/console.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ui/console.c b/ui/console.c
index 594ec63..4e4052f 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -370,6 +370,11 @@ void qmp_screendump(const char *filename, bool has_device, const char *device,
graphic_hw_update(con);
surface = qemu_console_surface(con);
+ if (!surface) {
+ error_setg(errp, "no surface");
+ return;
+ }
+
ppm_save(filename, surface, errp);
}
--
1.8.3.1

87
SOURCES/kvm-curl-Check-completion-in-curl_multi_do.patch Normal file
View File

@ -0,0 +1,87 @@
From a09766bbc8a4208fc0f62904cebec4022beba6b0 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:29:56 +0000
Subject: [PATCH 4/8] curl: Check completion in curl_multi_do()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-4-mreitz@redhat.com>
Patchwork-id: 92516
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 3/7] curl: Check completion in curl_multi_do()
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
While it is more likely that transfers complete after some file
descriptor has data ready to read, we probably should not rely on it.
Better be safe than sorry and call curl_multi_check_completion() in
curl_multi_do(), too, just like it is done in curl_multi_read().
With this change, curl_multi_do() and curl_multi_read() are actually the
same, so drop curl_multi_read() and use curl_multi_do() as the sole FD
handler.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190910124136.10565-4-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 948403bcb1c7e71dcbe8ab8479cf3934a0efcbb5)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index b3fe09f..8f31594 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -148,7 +148,6 @@ typedef struct BDRVCURLState {
static void curl_clean_state(CURLState *s);
static void curl_multi_do(void *arg);
-static void curl_multi_read(void *arg);
#ifdef NEED_CURL_TIMER_CALLBACK
/* Called from curl_multi_do_locked, with s->mutex held. */
@@ -195,7 +194,7 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
switch (action) {
case CURL_POLL_IN:
aio_set_fd_handler(s->aio_context, fd, false,
- curl_multi_read, NULL, NULL, state);
+ curl_multi_do, NULL, NULL, state);
break;
case CURL_POLL_OUT:
aio_set_fd_handler(s->aio_context, fd, false,
@@ -203,7 +202,7 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
break;
case CURL_POLL_INOUT:
aio_set_fd_handler(s->aio_context, fd, false,
- curl_multi_read, curl_multi_do, NULL, state);
+ curl_multi_do, curl_multi_do, NULL, state);
break;
case CURL_POLL_REMOVE:
aio_set_fd_handler(s->aio_context, fd, false,
@@ -427,15 +426,6 @@ static void curl_multi_do(void *arg)
qemu_mutex_lock(&s->s->mutex);
curl_multi_do_locked(s);
- qemu_mutex_unlock(&s->s->mutex);
-}
-
-static void curl_multi_read(void *arg)
-{
- CURLState *s = (CURLState *)arg;
-
- qemu_mutex_lock(&s->s->mutex);
- curl_multi_do_locked(s);
curl_multi_check_completion(s->s);
qemu_mutex_unlock(&s->s->mutex);
}
--
1.8.3.1

54
SOURCES/kvm-curl-Check-curl_multi_add_handle-s-return-code.patch Normal file
View File

@ -0,0 +1,54 @@
From d8de6fc3530b5cfa05485f24e14af4ce44a8b72d Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:30:00 +0000
Subject: [PATCH 8/8] curl: Check curl_multi_add_handle()'s return code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-8-mreitz@redhat.com>
Patchwork-id: 92521
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 7/7] curl: Check curl_multi_add_handle()'s return code
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
If we had done that all along, debugging would have been much simpler.
(Also, I/O errors are better than hangs.)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190910124136.10565-8-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit c34dc07f9f01cf686e512f939aece744723072cd)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/block/curl.c b/block/curl.c
index b5899e1..5d05d30 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -891,7 +891,13 @@ static void curl_setup_preadv(BlockDriverState *bs, CURLAIOCB *acb)
acb->bytes, start, state->range);
curl_easy_setopt(state->curl, CURLOPT_RANGE, state->range);
- curl_multi_add_handle(s->multi, state->curl);
+ if (curl_multi_add_handle(s->multi, state->curl) != CURLM_OK) {
+ state->acb[0] = NULL;
+ acb->ret = -EIO;
+
+ curl_clean_state(state);
+ goto out;
+ }
/* Tell curl it needs to kick things off */
curl_multi_socket_action(s->multi, CURL_SOCKET_TIMEOUT, 0, &running);
--
1.8.3.1

162
SOURCES/kvm-curl-Handle-success-in-multi_check_completion.patch Normal file
View File

@ -0,0 +1,162 @@
From 23f5a846f6702c456cf7cc9490e50cfd23368910 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:29:59 +0000
Subject: [PATCH 7/8] curl: Handle success in multi_check_completion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-7-mreitz@redhat.com>
Patchwork-id: 92520
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 6/7] curl: Handle success in multi_check_completion
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Background: As of cURL 7.59.0, it verifies that several functions are
not called from within a callback. Among these functions is
curl_multi_add_handle().
curl_read_cb() is a callback from cURL and not a coroutine. Waking up
acb->co will lead to entering it then and there, which means the current
request will settle and the caller (if it runs in the same coroutine)
may then issue the next request. In such a case, we will enter
curl_setup_preadv() effectively from within curl_read_cb().
Calling curl_multi_add_handle() will then fail and the new request will
not be processed.
Fix this by not letting curl_read_cb() wake up acb->co. Instead, leave
the whole business of settling the AIOCB objects to
curl_multi_check_completion() (which is called from our timer callback
and our FD handler, so not from any cURL callbacks).
Reported-by: Natalie Gavrielov <ngavrilo@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1740193
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190910124136.10565-7-mreitz@redhat.com
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit bfb23b480a49114315877aacf700b49453e0f9d9)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 69 +++++++++++++++++++++++++-----------------------------------
1 file changed, 29 insertions(+), 40 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index f776615..b5899e1 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -238,7 +238,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
{
CURLState *s = ((CURLState*)opaque);
size_t realsize = size * nmemb;
- int i;
DPRINTF("CURL: Just reading %zd bytes\n", realsize);
@@ -254,32 +253,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
memcpy(s->orig_buf + s->buf_off, ptr, realsize);
s->buf_off += realsize;
- for(i=0; i<CURL_NUM_ACB; i++) {
- CURLAIOCB *acb = s->acb[i];
-
- if (!acb)
- continue;
-
- if ((s->buf_off >= acb->end)) {
- size_t request_length = acb->bytes;
-
- qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start,
- acb->end - acb->start);
-
- if (acb->end - acb->start < request_length) {
- size_t offset = acb->end - acb->start;
- qemu_iovec_memset(acb->qiov, offset, 0,
- request_length - offset);
- }
-
- acb->ret = 0;
- s->acb[i] = NULL;
- qemu_mutex_unlock(&s->s->mutex);
- aio_co_wake(acb->co);
- qemu_mutex_lock(&s->s->mutex);
- }
- }
-
read_end:
/* curl will error out if we do not return this value */
return size * nmemb;
@@ -360,13 +333,14 @@ static void curl_multi_check_completion(BDRVCURLState *s)
break;
if (msg->msg == CURLMSG_DONE) {
+ int i;
CURLState *state = NULL;
+ bool error = msg->data.result != CURLE_OK;
+
curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE,
(char **)&state);
- /* ACBs for successful messages get completed in curl_read_cb */
- if (msg->data.result != CURLE_OK) {
- int i;
+ if (error) {
static int errcount = 100;
/* Don't lose the original error message from curl, since
@@ -378,20 +352,35 @@ static void curl_multi_check_completion(BDRVCURLState *s)
error_report("curl: further errors suppressed");
}
}
+ }
- for (i = 0; i < CURL_NUM_ACB; i++) {
- CURLAIOCB *acb = state->acb[i];
+ for (i = 0; i < CURL_NUM_ACB; i++) {
+ CURLAIOCB *acb = state->acb[i];
- if (acb == NULL) {
- continue;
- }
+ if (acb == NULL) {
+ continue;
+ }
+
+ if (!error) {
+ /* Assert that we have read all data */
+ assert(state->buf_off >= acb->end);
+
+ qemu_iovec_from_buf(acb->qiov, 0,
+ state->orig_buf + acb->start,
+ acb->end - acb->start);
- acb->ret = -EIO;
- state->acb[i] = NULL;
- qemu_mutex_unlock(&s->mutex);
- aio_co_wake(acb->co);
- qemu_mutex_lock(&s->mutex);
+ if (acb->end - acb->start < acb->bytes) {
+ size_t offset = acb->end - acb->start;
+ qemu_iovec_memset(acb->qiov, offset, 0,
+ acb->bytes - offset);
+ }
}
+
+ acb->ret = error ? -EIO : 0;
+ state->acb[i] = NULL;
+ qemu_mutex_unlock(&s->mutex);
+ aio_co_wake(acb->co);
+ qemu_mutex_lock(&s->mutex);
}
curl_clean_state(state);
--
1.8.3.1

65
SOURCES/kvm-curl-Keep-pointer-to-the-CURLState-in-CURLSocket.patch Normal file
View File

@ -0,0 +1,65 @@
From 21dbedae8100710d284b79f7ce21a6b095a4c6e0 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:29:54 +0000
Subject: [PATCH 2/8] curl: Keep pointer to the CURLState in CURLSocket
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-2-mreitz@redhat.com>
Patchwork-id: 92515
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/7] curl: Keep pointer to the CURLState in CURLSocket
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
A follow-up patch will make curl_multi_do() and curl_multi_read() take a
CURLSocket instead of the CURLState. They still need the latter,
though, so add a pointer to it to the former.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 20190910124136.10565-2-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 0487861685294660b23bc146e1ebd5304aa8bbe0)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/curl.c b/block/curl.c
index f0df33a..fa602d1 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -89,6 +89,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
#define CURL_BLOCK_OPT_PROXY_PASSWORD_SECRET "proxy-password-secret"
struct BDRVCURLState;
+struct CURLState;
static bool libcurl_initialized;
@@ -106,6 +107,7 @@ typedef struct CURLAIOCB {
typedef struct CURLSocket {
int fd;
+ struct CURLState *state;
QLIST_ENTRY(CURLSocket) next;
} CURLSocket;
@@ -189,6 +191,7 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
if (!socket) {
socket = g_new0(CURLSocket, 1);
socket->fd = fd;
+ socket->state = state;
QLIST_INSERT_HEAD(&state->sockets, socket, next);
}
socket = NULL;
--
1.8.3.1

72
SOURCES/kvm-curl-Keep-socket-until-the-end-of-curl_sock_cb.patch Normal file
View File

@ -0,0 +1,72 @@
From 46598620c18de69d9565e662a47d2615984cc49b Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:29:55 +0000
Subject: [PATCH 3/8] curl: Keep *socket until the end of curl_sock_cb()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-3-mreitz@redhat.com>
Patchwork-id: 92517
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 2/7] curl: Keep *socket until the end of curl_sock_cb()
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
This does not really change anything, but it makes the code a bit easier
to follow once we use @socket as the opaque pointer for
aio_set_fd_handler().
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190910124136.10565-3-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 007f339b1099af46a008dac438ca0943e31dba72)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index fa602d1..b3fe09f 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -181,10 +181,6 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
QLIST_FOREACH(socket, &state->sockets, next) {
if (socket->fd == fd) {
- if (action == CURL_POLL_REMOVE) {
- QLIST_REMOVE(socket, next);
- g_free(socket);
- }
break;
}
}
@@ -194,7 +190,6 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
socket->state = state;
QLIST_INSERT_HEAD(&state->sockets, socket, next);
}
- socket = NULL;
DPRINTF("CURL (AIO): Sock action %d on fd %d\n", action, (int)fd);
switch (action) {
@@ -216,6 +211,11 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
break;
}
+ if (action == CURL_POLL_REMOVE) {
+ QLIST_REMOVE(socket, next);
+ g_free(socket);
+ }
+
return 0;
}
--
1.8.3.1

93
SOURCES/kvm-curl-Pass-CURLSocket-to-curl_multi_do.patch Normal file
View File

@ -0,0 +1,93 @@
From 37acfe84ccbc4cc050e7be0ba9c8c4134a7b004e Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:29:57 +0000
Subject: [PATCH 5/8] curl: Pass CURLSocket to curl_multi_do()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-5-mreitz@redhat.com>
Patchwork-id: 92518
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 4/7] curl: Pass CURLSocket to curl_multi_do()
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
curl_multi_do_locked() currently marks all sockets as ready. That is
not only inefficient, but in fact unsafe (the loop is). A follow-up
patch will change that, but to do so, curl_multi_do_locked() needs to
know exactly which socket is ready; and that is accomplished by this
patch here.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190910124136.10565-5-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 9dbad87d25587ff640ef878f7b6159fc368ff541)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 8f31594..de00ec8 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -194,15 +194,15 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
switch (action) {
case CURL_POLL_IN:
aio_set_fd_handler(s->aio_context, fd, false,
- curl_multi_do, NULL, NULL, state);
+ curl_multi_do, NULL, NULL, socket);
break;
case CURL_POLL_OUT:
aio_set_fd_handler(s->aio_context, fd, false,
- NULL, curl_multi_do, NULL, state);
+ NULL, curl_multi_do, NULL, socket);
break;
case CURL_POLL_INOUT:
aio_set_fd_handler(s->aio_context, fd, false,
- curl_multi_do, curl_multi_do, NULL, state);
+ curl_multi_do, curl_multi_do, NULL, socket);
break;
case CURL_POLL_REMOVE:
aio_set_fd_handler(s->aio_context, fd, false,
@@ -401,9 +401,10 @@ static void curl_multi_check_completion(BDRVCURLState *s)
}
/* Called with s->mutex held. */
-static void curl_multi_do_locked(CURLState *s)
+static void curl_multi_do_locked(CURLSocket *ready_socket)
{
CURLSocket *socket, *next_socket;
+ CURLState *s = ready_socket->state;
int running;
int r;
@@ -422,12 +423,13 @@ static void curl_multi_do_locked(CURLState *s)
static void curl_multi_do(void *arg)
{
- CURLState *s = (CURLState *)arg;
+ CURLSocket *socket = arg;
+ BDRVCURLState *s = socket->state->s;
- qemu_mutex_lock(&s->s->mutex);
- curl_multi_do_locked(s);
- curl_multi_check_completion(s->s);
- qemu_mutex_unlock(&s->s->mutex);
+ qemu_mutex_lock(&s->mutex);
+ curl_multi_do_locked(socket);
+ curl_multi_check_completion(s);
+ qemu_mutex_unlock(&s->mutex);
}
static void curl_multi_timeout_do(void *arg)
--
1.8.3.1

77
SOURCES/kvm-curl-Report-only-ready-sockets.patch Normal file
View File

@ -0,0 +1,77 @@
From 70c7a568e3c1384704228622990d6aaa2350e44e Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 19 Nov 2019 15:29:58 +0000
Subject: [PATCH 6/8] curl: Report only ready sockets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20191119153000.101646-6-mreitz@redhat.com>
Patchwork-id: 92519
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 5/7] curl: Report only ready sockets
Bugzilla: 1744602
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Instead of reporting all sockets to cURL, only report the one that has
caused curl_multi_do_locked() to be called. This lets us get rid of the
QLIST_FOREACH_SAFE() list, which was actually wrong: SAFE foreaches are
only safe when the current element is removed in each iteration. If it
possible for the list to be concurrently modified, we cannot guarantee
that only the current element will be removed. Therefore, we must not
use QLIST_FOREACH_SAFE() here.
Fixes: ff5ca1664af85b24a4180d595ea6873fd3deac57
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190910124136.10565-6-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 9abaf9fc474c3dd53e8e119326abc774c977c331)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/curl.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index de00ec8..f776615 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -401,24 +401,19 @@ static void curl_multi_check_completion(BDRVCURLState *s)
}
/* Called with s->mutex held. */
-static void curl_multi_do_locked(CURLSocket *ready_socket)
+static void curl_multi_do_locked(CURLSocket *socket)
{
- CURLSocket *socket, *next_socket;
- CURLState *s = ready_socket->state;
+ BDRVCURLState *s = socket->state->s;
int running;
int r;
- if (!s->s->multi) {
+ if (!s->multi) {
return;
}
- /* Need to use _SAFE because curl_multi_socket_action() may trigger
- * curl_sock_cb() which might modify this list */
- QLIST_FOREACH_SAFE(socket, &s->sockets, next, next_socket) {
- do {
- r = curl_multi_socket_action(s->s->multi, socket->fd, 0, &running);
- } while (r == CURLM_CALL_MULTI_PERFORM);
- }
+ do {
+ r = curl_multi_socket_action(s->multi, socket->fd, 0, &running);
+ } while (r == CURLM_CALL_MULTI_PERFORM);
}
static void curl_multi_do(void *arg)
--
1.8.3.1

127
SOURCES/kvm-file-posix-Handle-undetectable-alignment.patch Normal file
View File

@ -0,0 +1,127 @@
From 5935958fc4eb9934b1493486a69f0f571e7da112 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 30 Aug 2019 12:56:24 +0100
Subject: [PATCH 06/10] file-posix: Handle undetectable alignment
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20190830125628.23668-2-thuth@redhat.com>
Patchwork-id: 90209
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 1/5] file-posix: Handle undetectable alignment
Bugzilla: 1738839
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
In some cases buf_align or request_alignment cannot be detected:
1. With Gluster, buf_align cannot be detected since the actual I/O is
done on Gluster server, and qemu buffer alignment does not matter.
Since we don't have alignment requirement, buf_align=1 is the best
value.
2. With local XFS filesystem, buf_align cannot be detected if reading
from unallocated area. In this we must align the buffer, but we don't
know what is the correct size. Using the wrong alignment results in
I/O error.
3. With Gluster backed by XFS, request_alignment cannot be detected if
reading from unallocated area. In this case we need to use the
correct alignment, and failing to do so results in I/O errors.
4. With NFS, the server does not use direct I/O, so both buf_align cannot
be detected. In this case we don't need any alignment so we can use
buf_align=1 and request_alignment=1.
These cases seems to work when storage sector size is 512 bytes, because
the current code starts checking align=512. If the check succeeds
because alignment cannot be detected we use 512. But this does not work
for storage with 4k sector size.
To determine if we can detect the alignment, we probe first with
align=1. If probing succeeds, maybe there are no alignment requirement
(cases 1, 4) or we are probing unallocated area (cases 2, 3). Since we
don't have any way to tell, we treat this as undetectable alignment. If
probing with align=1 fails with EINVAL, but probing with one of the
expected alignments succeeds, we know that we found a working alignment.
Practically the alignment requirements are the same for buffer
alignment, buffer length, and offset in file. So in case we cannot
detect buf_align, we can use request alignment. If we cannot detect
request alignment, we can fallback to a safe value. To use this logic,
we probe first request alignment instead of buf_align.
Here is a table showing the behaviour with current code (the value in
parenthesis is the optimal value).
Case Sector buf_align (opt) request_alignment (opt) result
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/file-posix.c | 36 +++++++++++++++++++++++++-----------
1 file changed, 25 insertions(+), 11 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
index 4b404e4..84c5a31 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -324,6 +324,7 @@ static void raw_probe_alignment(BlockDriverState *bs, int fd, Error **errp)
BDRVRawState *s = bs->opaque;
char *buf;
size_t max_align = MAX(MAX_BLOCKSIZE, getpagesize());
+ size_t alignments[] = {1, 512, 1024, 2048, 4096};
/* For SCSI generic devices the alignment is not really used.
With buffered I/O, we don't have any restrictions. */
@@ -350,25 +351,38 @@ static void raw_probe_alignment(BlockDriverState *bs, int fd, Error **errp)
}
#endif
- /* If we could not get the sizes so far, we can only guess them */
- if (!s->buf_align) {
+ /*
+ * If we could not get the sizes so far, we can only guess them. First try
+ * to detect request alignment, since it is more likely to succeed. Then
+ * try to detect buf_align, which cannot be detected in some cases (e.g.
+ * Gluster). If buf_align cannot be detected, we fallback to the value of
+ * request_alignment.
+ */
+
+ if (!bs->bl.request_alignment) {
+ int i;
size_t align;
- buf = qemu_memalign(max_align, 2 * max_align);
- for (align = 512; align <= max_align; align <<= 1) {
- if (raw_is_io_aligned(fd, buf + align, max_align)) {
- s->buf_align = align;
+ buf = qemu_memalign(max_align, max_align);
+ for (i = 0; i < ARRAY_SIZE(alignments); i++) {
+ align = alignments[i];
+ if (raw_is_io_aligned(fd, buf, align)) {
+ /* Fallback to safe value. */
+ bs->bl.request_alignment = (align != 1) ? align : max_align;
break;
}
}
qemu_vfree(buf);
}
- if (!bs->bl.request_alignment) {
+ if (!s->buf_align) {
+ int i;
size_t align;
- buf = qemu_memalign(s->buf_align, max_align);
- for (align = 512; align <= max_align; align <<= 1) {
- if (raw_is_io_aligned(fd, buf, align)) {
- bs->bl.request_alignment = align;
+ buf = qemu_memalign(max_align, 2 * max_align);
+ for (i = 0; i < ARRAY_SIZE(alignments); i++) {
+ align = alignments[i];
+ if (raw_is_io_aligned(fd, buf + align, max_align)) {
+ /* Fallback to request_aligment. */
+ s->buf_align = (align != 1) ? align : bs->bl.request_alignment;
break;
}
}
--
1.8.3.1

122
SOURCES/kvm-fw_cfg-Fix-boot-bootsplash-error-checking.patch Normal file
View File

@ -0,0 +1,122 @@
From f798645d16957453ee49a5a2945ed80eeb87cd15 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Mon, 7 Oct 2019 07:35:07 +0100
Subject: [PATCH 14/22] fw_cfg: Fix -boot bootsplash error checking
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <20191007073509.5887-3-armbru@redhat.com>
Patchwork-id: 90980
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 2/4] fw_cfg: Fix -boot bootsplash error checking
Bugzilla: 1607367
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Li Qiang <liq3ea@gmail.com>
fw_cfg_bootsplash() gets option parameter "splash-time"
with qemu_opt_get(), then converts it to an integer by hand.
It neglects to check that conversion for errors. This is
needlessly complicated and error-prone. But as "splash-time
not specified" is not the same as "splash-time=T" for any T,
we need use qemu_opt_get() to check if splash time exists.
This patch also make the qemu exit when finding or loading
splash file failed.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <1542777026-2788-2-git-send-email-liq3ea@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(cherry picked from commit 6912bb0b3d3b140c70d8cdfd2dff77f9890d7f12)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/nvram/fw_cfg.c | 35 +++++++++++++----------------------
vl.c | 2 +-
2 files changed, 14 insertions(+), 23 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index d35ac7b..d7185ea 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -117,47 +117,38 @@ error:
static void fw_cfg_bootsplash(FWCfgState *s)
{
- int boot_splash_time = -1;
const char *boot_splash_filename = NULL;
- char *p;
+ const char *boot_splash_time = NULL;
char *filename, *file_data;
gsize file_size;
int file_type;
- const char *temp;
/* get user configuration */
QemuOptsList *plist = qemu_find_opts("boot-opts");
QemuOpts *opts = QTAILQ_FIRST(&plist->head);
- if (opts != NULL) {
- temp = qemu_opt_get(opts, "splash");
- if (temp != NULL) {
- boot_splash_filename = temp;
- }
- temp = qemu_opt_get(opts, "splash-time");
- if (temp != NULL) {
- p = (char *)temp;
- boot_splash_time = strtol(p, &p, 10);
- }
- }
+ boot_splash_filename = qemu_opt_get(opts, "splash");
+ boot_splash_time = qemu_opt_get(opts, "splash-time");
/* insert splash time if user configurated */
- if (boot_splash_time >= 0) {
+ if (boot_splash_time) {
+ int64_t bst_val = qemu_opt_get_number(opts, "splash-time", -1);
/* validate the input */
- if (boot_splash_time > 0xffff) {
- error_report("splash time is big than 65535, force it to 65535.");
- boot_splash_time = 0xffff;
+ if (bst_val < 0 || bst_val > 0xffff) {
+ error_report("splash-time is invalid,"
+ "it should be a value between 0 and 65535");
+ exit(1);
}
/* use little endian format */
- qemu_extra_params_fw[0] = (uint8_t)(boot_splash_time & 0xff);
- qemu_extra_params_fw[1] = (uint8_t)((boot_splash_time >> 8) & 0xff);
+ qemu_extra_params_fw[0] = (uint8_t)(bst_val & 0xff);
+ qemu_extra_params_fw[1] = (uint8_t)((bst_val >> 8) & 0xff);
fw_cfg_add_file(s, "etc/boot-menu-wait", qemu_extra_params_fw, 2);
}
/* insert splash file if user configurated */
- if (boot_splash_filename != NULL) {
+ if (boot_splash_filename) {
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, boot_splash_filename);
if (filename == NULL) {
- error_report("failed to find file '%s'.", boot_splash_filename);
+ error_report("failed to find file '%s'", boot_splash_filename);
return;
}
diff --git a/vl.c b/vl.c
index c778594..e2212f5 100644
--- a/vl.c
+++ b/vl.c
@@ -364,7 +364,7 @@ static QemuOptsList qemu_boot_opts = {
.type = QEMU_OPT_STRING,
}, {
.name = "splash-time",
- .type = QEMU_OPT_STRING,
+ .type = QEMU_OPT_NUMBER,
}, {
.name = "reboot-timeout",
.type = QEMU_OPT_STRING,
--
1.8.3.1

99
SOURCES/kvm-fw_cfg-Fix-boot-reboot-timeout-error-checking.patch Normal file
View File

@ -0,0 +1,99 @@
From 07c499baed0c800e43cd6ec867fc465dea43567d Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Mon, 7 Oct 2019 07:35:08 +0100
Subject: [PATCH 15/22] fw_cfg: Fix -boot reboot-timeout error checking
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <20191007073509.5887-4-armbru@redhat.com>
Patchwork-id: 90979
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 3/4] fw_cfg: Fix -boot reboot-timeout error checking
Bugzilla: 1607367
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Li Qiang <liq3ea@gmail.com>
fw_cfg_reboot() gets option parameter "reboot-timeout" with
qemu_opt_get(), then converts it to an integer by hand. It neglects to
check that conversion for errors, and fails to reject negative values.
Positive values above the limit get reported and replaced by the limit.
This patch checks for conversion errors properly, and reject all values
outside 0...0xffff.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <1542777026-2788-3-git-send-email-liq3ea@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(cherry picked from commit ee5d0f89de3e53cdb0dcf51acc1502b310ed3bd2)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/nvram/fw_cfg.c | 27 +++++++++++++--------------
vl.c | 2 +-
2 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index d7185ea..02ab458 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -176,26 +176,25 @@ static void fw_cfg_bootsplash(FWCfgState *s)
static void fw_cfg_reboot(FWCfgState *s)
{
- int reboot_timeout = -1;
- char *p;
- const char *temp;
+ const char *reboot_timeout = NULL;
+ int64_t rt_val = -1;
/* get user configuration */
QemuOptsList *plist = qemu_find_opts("boot-opts");
QemuOpts *opts = QTAILQ_FIRST(&plist->head);
- if (opts != NULL) {
- temp = qemu_opt_get(opts, "reboot-timeout");
- if (temp != NULL) {
- p = (char *)temp;
- reboot_timeout = strtol(p, &p, 10);
+ reboot_timeout = qemu_opt_get(opts, "reboot-timeout");
+
+ if (reboot_timeout) {
+ rt_val = qemu_opt_get_number(opts, "reboot-timeout", -1);
+ /* validate the input */
+ if (rt_val < 0 || rt_val > 0xffff) {
+ error_report("reboot timeout is invalid,"
+ "it should be a value between 0 and 65535");
+ exit(1);
}
}
- /* validate the input */
- if (reboot_timeout > 0xffff) {
- error_report("reboot timeout is larger than 65535, force it to 65535.");
- reboot_timeout = 0xffff;
- }
- fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&reboot_timeout, 4), 4);
+
+ fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_val, 4), 4);
}
static void fw_cfg_write(FWCfgState *s, uint8_t value)
diff --git a/vl.c b/vl.c
index e2212f5..3cee95f 100644
--- a/vl.c
+++ b/vl.c
@@ -367,7 +367,7 @@ static QemuOptsList qemu_boot_opts = {
.type = QEMU_OPT_NUMBER,
}, {
.name = "reboot-timeout",
- .type = QEMU_OPT_STRING,
+ .type = QEMU_OPT_NUMBER,
}, {
.name = "strict",
.type = QEMU_OPT_BOOL,
--
1.8.3.1

62
SOURCES/kvm-fw_cfg-Improve-error-message-when-can-t-load-splash-.patch Normal file
View File

@ -0,0 +1,62 @@
From f11136998ed22e121b0a9df26f83e252bd5918fa Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Mon, 7 Oct 2019 07:35:06 +0100
Subject: [PATCH 13/22] fw_cfg: Improve error message when can't load splash
file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <20191007073509.5887-2-armbru@redhat.com>
Patchwork-id: 90978
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 1/4] fw_cfg: Improve error message when can't load splash file
Bugzilla: 1607367
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Li Qiang <liq3ea@gmail.com>
read_splashfile() reports "failed to read splash file" without
further details. Get the details from g_file_get_contents(), and
include them in the error message. Also remove unnecessary 'res'
variable.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <1541052148-28752-1-git-send-email-liq3ea@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(cherry picked from commit bed66336771ecdcb788d394bdd081a78b843e509)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/nvram/fw_cfg.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 2a0739d..d35ac7b 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -68,15 +68,14 @@ static char *read_splashfile(char *filename, gsize *file_sizep,
int *file_typep)
{
GError *err = NULL;
- gboolean res;
gchar *content;
int file_type;
unsigned int filehead;
int bmp_bpp;
- res = g_file_get_contents(filename, &content, file_sizep, &err);
- if (res == FALSE) {
- error_report("failed to read splash file '%s'", filename);
+ if (!g_file_get_contents(filename, &content, file_sizep, &err)) {
+ error_report("failed to read splash file '%s': %s",
+ filename, err->message);
g_error_free(err);
return NULL;
}
--
1.8.3.1

97
SOURCES/kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch Normal file
View File

@ -0,0 +1,97 @@
From a30344defca0e948400587280f67d4e6bcc5834f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Wed, 19 Jun 2019 17:15:07 +0200
Subject: [PATCH 1/2] gluster: Handle changed glfs_ftruncate signature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190619171508.31981-2-philmd@redhat.com>
Patchwork-id: 88737
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/2] gluster: Handle changed glfs_ftruncate signature
Bugzilla: 1721983
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Niels de Vos <ndevos@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
New versions of Glusters libgfapi.so have an updated glfs_ftruncate()
function that returns additional 'struct stat' structures to enable
advanced caching of attributes. This is useful for file servers, not so
much for QEMU. Nevertheless, the API has changed and needs to be
adopted.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e014dbe74e0484188164c61ff6843f8a04a8cb9d)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
block/gluster.c | 4 ++++
configure | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/block/gluster.c b/block/gluster.c
index 8c13002..e3ffa61 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -20,6 +20,10 @@
#include "qemu/option.h"
#include "qemu/cutils.h"
+#ifdef CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT
+# define glfs_ftruncate(fd, offset) glfs_ftruncate(fd, offset, NULL, NULL)
+#endif
+
#define GLUSTER_OPT_FILENAME "filename"
#define GLUSTER_OPT_VOLUME "volume"
#define GLUSTER_OPT_PATH "path"
diff --git a/configure b/configure
index 6d61b14..b3d337b 100755
--- a/configure
+++ b/configure
@@ -429,6 +429,7 @@ glusterfs_xlator_opt="no"
glusterfs_discard="no"
glusterfs_fallocate="no"
glusterfs_zerofill="no"
+glusterfs_ftruncate_has_stat="no"
gtk=""
gtkabi=""
gtk_gl="no"
@@ -3919,6 +3920,19 @@ if test "$glusterfs" != "no" ; then
glusterfs_fallocate="yes"
glusterfs_zerofill="yes"
fi
+ cat > $TMPC << EOF
+#include <glusterfs/api/glfs.h>
+
+int
+main(void)
+{
+ /* new glfs_ftruncate() passes two additional args */
+ return glfs_ftruncate(NULL, 0, NULL, NULL);
+}
+EOF
+ if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then
+ glusterfs_ftruncate_has_stat="yes"
+ fi
else
if test "$glusterfs" = "yes" ; then
feature_not_found "GlusterFS backend support" \
@@ -6622,6 +6636,10 @@ if test "$glusterfs_zerofill" = "yes" ; then
echo "CONFIG_GLUSTERFS_ZEROFILL=y" >> $config_host_mak
fi
+if test "$glusterfs_ftruncate_has_stat" = "yes" ; then
+ echo "CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT=y" >> $config_host_mak
+fi
+
if test "$libssh2" = "yes" ; then
echo "CONFIG_LIBSSH2=m" >> $config_host_mak
echo "LIBSSH2_CFLAGS=$libssh2_cflags" >> $config_host_mak
--
1.8.3.1

108
SOURCES/kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch Normal file
View File

@ -0,0 +1,108 @@
From 41e53f27ba80b6479c5b7fdb34eb67ceb801c65b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Wed, 19 Jun 2019 17:15:08 +0200
Subject: [PATCH 2/2] gluster: the glfs_io_cbk callback function pointer adds
pre/post stat args
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190619171508.31981-3-philmd@redhat.com>
Patchwork-id: 88738
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 2/2] gluster: the glfs_io_cbk callback function pointer adds pre/post stat args
Bugzilla: 1721983
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Niels de Vos <ndevos@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Niels de Vos <ndevos@redhat.com>
The glfs_*_async() functions do a callback once finished. This callback
has changed its arguments, pre- and post-stat structures have been
added. This makes it possible to improve caching, which is useful for
Samba and NFS-Ganesha, but not so much for QEMU. Gluster 6 is the first
release that includes these new arguments.
With an additional detection in ./configure, the new arguments can
conditionally get included in the glfs_io_cbk handler.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 0e3b891fefacc0e49f3c8ffa3a753b69eb7214d2)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
block/gluster.c | 6 +++++-
configure | 24 ++++++++++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/block/gluster.c b/block/gluster.c
index e3ffa61..a6ac2b1 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -729,7 +729,11 @@ static struct glfs *qemu_gluster_init(BlockdevOptionsGluster *gconf,
/*
* AIO callback routine called from GlusterFS thread.
*/
-static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, void *arg)
+static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret,
+#ifdef CONFIG_GLUSTERFS_IOCB_HAS_STAT
+ struct glfs_stat *pre, struct glfs_stat *post,
+#endif
+ void *arg)
{
GlusterAIOCB *acb = (GlusterAIOCB *)arg;
diff --git a/configure b/configure
index b3d337b..c9a1034 100755
--- a/configure
+++ b/configure
@@ -430,6 +430,7 @@ glusterfs_discard="no"
glusterfs_fallocate="no"
glusterfs_zerofill="no"
glusterfs_ftruncate_has_stat="no"
+glusterfs_iocb_has_stat="no"
gtk=""
gtkabi=""
gtk_gl="no"
@@ -3933,6 +3934,25 @@ EOF
if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then
glusterfs_ftruncate_has_stat="yes"
fi
+ cat > $TMPC << EOF
+#include <glusterfs/api/glfs.h>
+
+/* new glfs_io_cbk() passes two additional glfs_stat structs */
+static void
+glusterfs_iocb(glfs_fd_t *fd, ssize_t ret, struct glfs_stat *prestat, struct glfs_stat *poststat, void *data)
+{}
+
+int
+main(void)
+{
+ glfs_io_cbk iocb = &glusterfs_iocb;
+ iocb(NULL, 0 , NULL, NULL, NULL);
+ return 0;
+}
+EOF
+ if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then
+ glusterfs_iocb_has_stat="yes"
+ fi
else
if test "$glusterfs" = "yes" ; then
feature_not_found "GlusterFS backend support" \
@@ -6640,6 +6660,10 @@ if test "$glusterfs_ftruncate_has_stat" = "yes" ; then
echo "CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT=y" >> $config_host_mak
fi
+if test "$glusterfs_iocb_has_stat" = "yes" ; then
+ echo "CONFIG_GLUSTERFS_IOCB_HAS_STAT=y" >> $config_host_mak
+fi
+
if test "$libssh2" = "yes" ; then
echo "CONFIG_LIBSSH2=m" >> $config_host_mak
echo "LIBSSH2_CFLAGS=$libssh2_cflags" >> $config_host_mak
--
1.8.3.1

86
SOURCES/kvm-hw-block-pflash_cfi01-Add-missing-DeviceReset-handle.patch Normal file
View File

@ -0,0 +1,86 @@
From 707a777c2992e840d2c3dd4e1fbed5b0d6c682ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Tue, 23 Jul 2019 11:51:05 +0100
Subject: [PATCH 01/14] hw/block/pflash_cfi01: Add missing DeviceReset()
handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190723115105.31305-2-philmd@redhat.com>
Patchwork-id: 89645
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] hw/block/pflash_cfi01: Add missing DeviceReset() handler
Bugzilla: 1707192
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
To avoid incoherent states when the machine resets (see bug report
below), add the device reset callback.
A "system reset" sets the device state machine in READ_ARRAY mode
and, after some delay, set the SR.7 READY bit.
Since we do not model timings, we set the SR.7 bit directly.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1678713
Reported-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
[Laszlo Ersek: Regression tested EDK2 OVMF IA32X64, ArmVirtQemu Aarch64
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg04373.html]
Message-Id: <20190718104837.13905-2-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(cherry picked from commit 3a283507c03474d285196620fca506bd1a89b198)
[PMD: upstream commit e7b6274197c changed PFLASH_CFI01 <- CFI_PFLASH01,
and upstream commit 1643406520f changed PFlashCFI01 <- pflash_t]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/block/pflash_cfi01.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 2e82840..1be351e 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -876,6 +876,24 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
pfl->cfi_table[0x3f] = 0x01; /* Number of protection fields */
}
+static void pflash_cfi01_system_reset(DeviceState *dev)
+{
+ pflash_t *pfl = CFI_PFLASH01(dev);
+
+ /*
+ * The command 0x00 is not assigned by the CFI open standard,
+ * but QEMU historically uses it for the READ_ARRAY command (0xff).
+ */
+ pfl->cmd = 0x00;
+ pfl->wcycle = 0;
+ memory_region_rom_device_set_romd(&pfl->mem, true);
+ /*
+ * The WSM ready timer occurs at most 150ns after system reset.
+ * This model deliberately ignores this delay.
+ */
+ pfl->status = 0x80;
+}
+
static Property pflash_cfi01_properties[] = {
DEFINE_PROP_DRIVE("drive", struct pflash_t, blk),
/* num-blocks is the number of blocks actually visible to the guest,
@@ -920,6 +938,7 @@ static void pflash_cfi01_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
+ dc->reset = pflash_cfi01_system_reset;
dc->realize = pflash_cfi01_realize;
dc->props = pflash_cfi01_properties;
dc->vmsd = &vmstate_pflash;
--
1.8.3.1

80
SOURCES/kvm-hw-nvram-fw_cfg-Store-reboot-timeout-as-little-endia.patch Normal file
View File

@ -0,0 +1,80 @@
From 5bb1365ea92b83615937e3082a9c250728384989 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Mon, 7 Oct 2019 07:35:09 +0100
Subject: [PATCH 16/22] hw/nvram/fw_cfg: Store 'reboot-timeout' as little
endian
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <20191007073509.5887-5-armbru@redhat.com>
Patchwork-id: 90976
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 4/4] hw/nvram/fw_cfg: Store 'reboot-timeout' as little endian
Bugzilla: 1607367
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Li Qiang <liq3ea@163.com>
The current codebase is not specific about the endianess of the
fw_cfg 'file' entry 'reboot-timeout'.
Per docs/specs/fw_cfg.txt:
=== All Other Data Items ===
Please consult the QEMU source for the most up-to-date
and authoritative list of selector keys and their respective
items' purpose, format and writeability.
Checking the git history, this code was introduced in commit
ac05f3492421, very similar to commit 3d3b8303c6f8 for the
'boot-menu-wait' entry, which explicitely use little-endian.
OVMF consumes 'boot-menu-wait' as little-endian, however it does
not consume 'reboot-timeout'.
Regarding the git history and OVMF use, we choose to explicit
'reboot-timeout' endianess as little-endian.
Signed-off-by: Li Qiang <liq3ea@163.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190424140643.62457-4-liq3ea@163.com>
[PMD: Reword commit description based on review comments]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(cherry picked from commit 04da973501b591525ce68c2925c61c8886badd4d)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/nvram/fw_cfg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 02ab458..954de33 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -178,6 +178,7 @@ static void fw_cfg_reboot(FWCfgState *s)
{
const char *reboot_timeout = NULL;
int64_t rt_val = -1;
+ uint32_t rt_le32;
/* get user configuration */
QemuOptsList *plist = qemu_find_opts("boot-opts");
@@ -194,7 +195,8 @@ static void fw_cfg_reboot(FWCfgState *s)
}
}
- fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_val, 4), 4);
+ rt_le32 = cpu_to_le32(rt_val);
+ fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_le32, 4), 4);
}
static void fw_cfg_write(FWCfgState *s, uint8_t value)
--
1.8.3.1

107
SOURCES/kvm-i386-Add-new-model-of-Cascadelake-Server.patch Normal file
View File

@ -0,0 +1,107 @@
From 2d44f02611fcb0eddad08d2c5d4361d568fcfd67 Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Mon, 1 Jul 2019 16:17:30 +0100
Subject: [PATCH 01/39] i386: Add new model of Cascadelake-Server
RH-Author: plai@redhat.com
Message-id: <1561997854-9646-2-git-send-email-plai@redhat.com>
Patchwork-id: 89331
O-Subject: [RHEL8.1 qemu-kvm PATCH v6 1/5] i386: Add new model of Cascadelake-Server
Bugzilla: 1629906
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
From: Tao Xu <tao3.xu@intel.com>
New CPU models mostly inherit features from ancestor Skylake-Server,
while addin new features: AVX512_VNNI, Intel PT.
SSBD support for speculative execution
side channel mitigations.
Note:
On Cascadelake, some capabilities (RDCL_NO, IBRS_ALL, RSBA,
SKIP_L1DFL_VMENTRY and SSB_NO) are enumerated by MSR.
These features rely on MSR based feature support patch.
Will be added later after that patch's in.
http://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg00074.html
Signed-off-by: Tao Xu <tao3.xu@intel.com>
Message-Id: <20180919031122.28487-2-tao3.xu@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit c7a88b52f62b30c04158eeb07f73e3f72221b6a8)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5c10093..9ba5288 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2483,6 +2483,60 @@ static X86CPUDefinition builtin_x86_defs[] = {
.model_id = "Intel Xeon Processor (Skylake, IBRS)",
},
{
+ .name = "Cascadelake-Server",
+ .level = 0xd,
+ .vendor = CPUID_VENDOR_INTEL,
+ .family = 6,
+ .model = 85,
+ .stepping = 5,
+ .features[FEAT_1_EDX] =
+ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
+ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
+ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
+ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
+ CPUID_DE | CPUID_FP87,
+ .features[FEAT_1_ECX] =
+ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
+ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
+ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
+ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
+ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
+ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
+ .features[FEAT_8000_0001_EDX] =
+ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
+ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
+ .features[FEAT_8000_0001_ECX] =
+ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
+ .features[FEAT_7_0_EBX] =
+ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
+ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
+ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
+ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
+ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_CLWB |
+ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
+ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
+ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT |
+ CPUID_7_0_EBX_INTEL_PT,
+ .features[FEAT_7_0_ECX] =
+ CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE |
+ CPUID_7_0_ECX_AVX512VNNI,
+ .features[FEAT_7_0_EDX] =
+ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
+ /* Missing: XSAVES (not supported by some Linux versions,
+ * including v4.1 to v4.12).
+ * KVM doesn't yet expose any XSAVES state save component,
+ * and the only one defined in Skylake (processor tracing)
+ * probably will block migration anyway.
+ */
+ .features[FEAT_XSAVE] =
+ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
+ CPUID_XSAVE_XGETBV1,
+ .features[FEAT_6_EAX] =
+ CPUID_6_EAX_ARAT,
+ .xlevel = 0x80000008,
+ .model_id = "Intel Xeon Processor (Cascadelake)",
+ },
+ {
.name = "Icelake-Client",
.level = 0xd,
.vendor = CPUID_VENDOR_INTEL,
--
1.8.3.1

80
SOURCES/kvm-i386-Add-x-force-features-option-for-testing.patch Normal file
View File

@ -0,0 +1,80 @@
From d5526e43ccf3532aa3a0f592e6df5740983a94e2 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 22 Nov 2019 11:53:35 +0000
Subject: [PATCH 02/16] i386: Add x-force-features option for testing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20191122115348.25000-3-pbonzini@redhat.com>
Patchwork-id: 92602
O-Subject: [RHEL8.2/rhel qemu-kvm PATCH 02/15] i386: Add x-force-features option for testing
Bugzilla: 1689270
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
From: Eduardo Habkost <ehabkost@redhat.com>
Add a new option that can be used to disable feature flag
filtering. This will allow CPU model compatibility test cases to
work without host hardware dependencies.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190628002844.24894-3-ehabkost@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit dac1deae658539e39966e12b12378a28e3dc8441)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 8 ++++++--
target/i386/cpu.h | 6 ++++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c69116c..8c1338f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5019,8 +5019,11 @@ static int x86_cpu_filter_features(X86CPU *cpu)
uint32_t host_feat =
x86_cpu_get_supported_feature_word(w, false);
uint32_t requested_features = env->features[w];
- env->features[w] &= host_feat;
- cpu->filtered_features[w] = requested_features & ~env->features[w];
+ uint32_t available_features = requested_features & host_feat;
+ if (!cpu->force_features) {
+ env->features[w] = available_features;
+ }
+ cpu->filtered_features[w] = requested_features & ~available_features;
if (cpu->filtered_features[w]) {
rv = 1;
}
@@ -5680,6 +5683,7 @@ static Property x86_cpu_properties[] = {
DEFINE_PROP_BOOL("hv-frequencies", X86CPU, hyperv_frequencies, false),
DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
+ DEFINE_PROP_BOOL("x-force-features", X86CPU, force_features, false),
DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
DEFINE_PROP_UINT32("phys-bits", X86CPU, phys_bits, 0),
DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false),
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index add8b60..1ad54bd 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1394,6 +1394,12 @@ struct X86CPU {
bool hyperv_frequencies;
bool check_cpuid;
bool enforce_cpuid;
+ /*
+ * Force features to be enabled even if the host doesn't support them.
+ * This is dangerous and should be done only for testing CPUID
+ * compatibility.
+ */
+ bool force_features;
bool expose_kvm;
bool expose_tcg;
bool migratable;
--
1.8.3.1

72
SOURCES/kvm-i386-Disable-OSPKE-on-CPU-model-definitions-NEW.patch Normal file
View File

@ -0,0 +1,72 @@
From 04f34e7c0b0fada186ca7012f5f4168f46483c5f Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Mon, 1 Jul 2019 16:17:34 +0100
Subject: [PATCH 05/39] i386: Disable OSPKE on CPU model definitions
RH-Author: plai@redhat.com
Message-id: <1561997854-9646-6-git-send-email-plai@redhat.com>
Patchwork-id: 89334
O-Subject: [RHEL8.1 qemu-kvm PATCH v6 5/5] i386: Disable OSPKE on CPU model definitions
Bugzilla: 1629906
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
From: Eduardo Habkost <ehabkost@redhat.com>
Currently, the Cascadelake-Server, Icelake-Client, and
Icelake-Server are always generating the following warning:
qemu-system-x86_64: warning: \
host doesn't support requested feature: CPUID.07H:ECX [bit 4]
This happens because OSPKE was never returned by
GET_SUPPORTED_CPUID or x86_cpu_get_supported_feature_word().
OSPKE is a runtime flag automatically set by the KVM module or by
TCG code, was always cleared by x86_cpu_filter_features(), and
was not supposed to appear on the CPU model table.
Remove the OSPKE flag from the CPU model table entries, to avoid
the bogus warning and avoid returning invalid feature data on
query-cpu-* QMP commands. As OSPKE was always cleared by
x86_cpu_filter_features(), this won't have any guest-visible
impact.
Include a test case that should detect the problem if we introduce
a similar bug again.
Fixes: c7a88b52f62b ("i386: Add new model of Cascadelake-Server")
Fixes: 8a11c62da914 ("i386: Add new CPU model Icelake-{Server,Client}")
Cc: Tao Xu <tao3.xu@intel.com>
Cc: Robert Hoo <robert.hu@linux.intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190319200515.14999-1-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit bb4928c7cafe50ab2137a0034e350ef1bfa044d9)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
target/i386/cpu.c
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 2538d82..af62281 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2517,7 +2517,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
.features[FEAT_7_0_ECX] =
- CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE |
+ CPUID_7_0_ECX_PKU |
CPUID_7_0_ECX_AVX512VNNI,
.features[FEAT_7_0_EDX] =
CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
--
1.8.3.1

79
SOURCES/kvm-i386-Don-t-print-warning-if-phys-bits-was-set-automa.patch Normal file
View File

@ -0,0 +1,79 @@
From 7e78c8e8b5a9cab9ef4604dc29eab4b4323e9b9b Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Tue, 13 Aug 2019 01:53:55 +0100
Subject: [PATCH 01/21] i386: Don't print warning if phys-bits was set
automatically
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20190813015355.17556-1-ehabkost@redhat.com>
Patchwork-id: 89946
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH] i386: Don't print warning if phys-bits was set automatically
Bugzilla: 1719127
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1719127
BRANCH: rhel-8.1.0
UPSTREAM: fea306520ea4b2f189dd23c70a6afd2fc4ffafdc
BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23026463
If cpu->host_phys_bits_limit is set, QEMU will make
cpu->phys_bits be lower than host_phys_bits on some cases. This
triggers a warning that was supposed to be printed only if
phys-bits was explicitly set in the command-line.
Reorder the code so the value of cpu->phys_bits is validated
before the cpu->host_phys_bits handling. This will avoid
unexpected warnings when cpu->host_phys_bits_limit is set.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190611205420.20286-1-ehabkost@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit fea306520ea4b2f189dd23c70a6afd2fc4ffafdc)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c8f50a7..c69116c 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5116,15 +5116,6 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
uint32_t host_phys_bits = x86_host_phys_bits();
static bool warned;
- if (cpu->host_phys_bits) {
- /* The user asked for us to use the host physical bits */
- cpu->phys_bits = host_phys_bits;
- if (cpu->host_phys_bits_limit &&
- cpu->phys_bits > cpu->host_phys_bits_limit) {
- cpu->phys_bits = cpu->host_phys_bits_limit;
- }
- }
-
/* Print a warning if the user set it to a value that's not the
* host value.
*/
@@ -5136,6 +5127,15 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
warned = true;
}
+ if (cpu->host_phys_bits) {
+ /* The user asked for us to use the host physical bits */
+ cpu->phys_bits = host_phys_bits;
+ if (cpu->host_phys_bits_limit &&
+ cpu->phys_bits > cpu->host_phys_bits_limit) {
+ cpu->phys_bits = cpu->host_phys_bits_limit;
+ }
+ }
+
if (cpu->phys_bits &&
(cpu->phys_bits > TARGET_PHYS_ADDR_SPACE_BITS ||
cpu->phys_bits < 32)) {
--
1.8.3.1

80
SOURCES/kvm-i386-Save-EFER-for-32-bit-targets.patch Normal file
View File

@ -0,0 +1,80 @@
From 1e8e3c4fe380a2a0ed88f7a92f5bcb8600ab1258 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 22 Jul 2019 18:22:03 +0100
Subject: [PATCH 22/39] i386: Save EFER for 32-bit targets
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20190722182220.19374-2-pbonzini@redhat.com>
Patchwork-id: 89619
O-Subject: [RHEL-8.1.0 PATCH qemu-kvm v3 01/18] i386: Save EFER for 32-bit targets
Bugzilla: 1689269
RH-Acked-by: Peter Xu <zhexu@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
From: Pavel Dovgalyuk <pavel.dovgaluk@gmail.com>
i386 (32 bit) emulation uses EFER in wrmsr and in MMU fault
processing.
But it does not included in VMState, because "efer" field is disabled with
This patch adds a section for 32-bit targets which saves EFER when
it's value is non-zero.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <155913371654.8429.1659082639780315242.stgit@pasha-Precision-3630-Tower>
Reviewed-by: Peter Xu <peterx@redhat.com>
[ehabkost: indentation fix]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 89a44a103315267122119b4311218d00d2561ebe)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/machine.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/target/i386/machine.c b/target/i386/machine.c
index 2a85c91..561d4a5 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -932,6 +932,27 @@ static const VMStateDescription vmstate_msr_virt_ssbd = {
}
};
+#ifndef TARGET_X86_64
+static bool intel_efer32_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return env->efer != 0;
+}
+
+static const VMStateDescription vmstate_efer32 = {
+ .name = "cpu/efer32",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = intel_efer32_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(env.efer, X86CPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+#endif
+
VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
@@ -1056,6 +1077,9 @@ VMStateDescription vmstate_x86_cpu = {
&vmstate_msr_intel_pt,
&vmstate_xsave,
&vmstate_msr_virt_ssbd,
+#ifndef TARGET_X86_64
+ &vmstate_efer32,
+#endif
NULL
}
};
--
1.8.3.1

66
SOURCES/kvm-i386-Update-stepping-of-Cascadelake-Server.patch Normal file
View File

@ -0,0 +1,66 @@
From 839e9376bc82933ccacb26b660f1d3adf62aaf05 Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Mon, 1 Jul 2019 16:17:31 +0100
Subject: [PATCH 02/39] i386: Update stepping of Cascadelake-Server
RH-Author: plai@redhat.com
Message-id: <1561997854-9646-3-git-send-email-plai@redhat.com>
Patchwork-id: 89329
O-Subject: [RHEL8.1 qemu-kvm PATCH v6 2/5] i386: Update stepping of Cascadelake-Server
Bugzilla: 1629906
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
From: Tao Xu <tao3.xu@intel.com>
Update the stepping from 5 to 6, in order that
the Cascadelake-Server CPU model can support AVX512VNNI
and MSR based features exposed by ARCH_CAPABILITIES.
Signed-off-by: Tao Xu <tao3.xu@intel.com>
Message-Id: <20181227024304.12182-2-tao3.xu@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit b0a1980384fc265d91de7e09aa5fe531a69e6288)
Signed-off-by: Paul Lai <plai@redhat.com>
Resolved Conflicts:
hw/i386/pc.c changes to include/hw/i386/pc.h
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
include/hw/i386/pc.h | 4 ++++
target/i386/cpu.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 244d7b5..88ffd40 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -318,6 +318,10 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
.driver = "Skylake-Server" "-" TYPE_X86_CPU,\
.property = "clflushopt",\
.value = "off",\
+ },{\
+ .driver = "Cascadelake-Server" "-" TYPE_X86_CPU,\
+ .property = "stepping",\
+ .value = "5",\
},
#define PC_COMPAT_2_10 \
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 9ba5288..c4b31eb 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2488,7 +2488,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.vendor = CPUID_VENDOR_INTEL,
.family = 6,
.model = 85,
- .stepping = 5,
+ .stepping = 6,
.features[FEAT_1_EDX] =
CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
--
1.8.3.1

132
SOURCES/kvm-i386-cpu-make-cpu-host-support-monitor-mwait.patch Normal file
View File

@ -0,0 +1,132 @@
From 91ac1f511b0414292d07688c3cb3012bed6e3649 Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Fri, 22 Jun 2018 22:22:05 +0300
Subject: [PATCH 09/11] i386/cpu: make -cpu host support monitor/mwait
When guest CPU PM is enabled, and with -cpu host, expose the host CPU
MWAIT leaf in the CPUID so guest can make good PM decisions.
Note: the result is 100% CPU utilization reported by host as host
no longer knows that the CPU is halted.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180622192148.178309-3-mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
accel/tcg/user-exec-stub.c | 3 +++
target/i386/cpu.c | 32 ++++++++++++++++++++++----------
target/i386/cpu.h | 9 +++++++++
target/i386/kvm.c | 9 +++++++++
4 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/accel/tcg/user-exec-stub.c b/accel/tcg/user-exec-stub.c
index dbcf1ad..a32b449 100644
--- a/accel/tcg/user-exec-stub.c
+++ b/accel/tcg/user-exec-stub.c
@@ -2,6 +2,9 @@
#include "qemu-common.h"
#include "qom/cpu.h"
#include "sysemu/replay.h"
+#include "sysemu/sysemu.h"
+
+bool enable_cpu_pm = false;
void cpu_resume(CPUState *cpu)
{
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 307b629..87b0502 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5662,11 +5662,11 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
}
break;
case 5:
- /* mwait info: needed for Core compatibility */
- *eax = 0; /* Smallest monitor-line size in bytes */
- *ebx = 0; /* Largest monitor-line size in bytes */
- *ecx = CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
- *edx = 0;
+ /* MONITOR/MWAIT Leaf */
+ *eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
+ *ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
+ *ecx = cpu->mwait.ecx; /* flags */
+ *edx = cpu->mwait.edx; /* mwait substates */
break;
case 6:
/* Thermal and Power Leaf */
@@ -6521,13 +6521,25 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
Error *local_err = NULL;
static bool ht_warned;
- if (xcc->host_cpuid_required && !accel_uses_host_cpuid()) {
- char *name = x86_cpu_class_get_model_name(xcc);
- error_setg(&local_err, "CPU model '%s' requires KVM", name);
- g_free(name);
- goto out;
+ if (xcc->host_cpuid_required) {
+ if (!accel_uses_host_cpuid()) {
+ char *name = x86_cpu_class_get_model_name(xcc);
+ error_setg(&local_err, "CPU model '%s' requires KVM", name);
+ g_free(name);
+ goto out;
+ }
+
+ if (enable_cpu_pm) {
+ host_cpuid(5, 0, &cpu->mwait.eax, &cpu->mwait.ebx,
+ &cpu->mwait.ecx, &cpu->mwait.edx);
+ env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR;
+ }
}
+ /* mwait extended info: needed for Core compatibility */
+ /* We always wake on interrupt even if host does not have the capability */
+ cpu->mwait.ecx |= CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
+
if (cpu->apic_id == UNASSIGNED_APIC_ID) {
error_setg(errp, "apic-id property was not initialized properly");
return;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index d33fa8d..7ab8ee9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1564,6 +1564,15 @@ struct X86CPU {
/* if true the CPUID code directly forward host cache leaves to the guest */
bool cache_info_passthrough;
+ /* if true the CPUID code directly forwards
+ * host monitor/mwait leaves to the guest */
+ struct {
+ uint32_t eax;
+ uint32_t ebx;
+ uint32_t ecx;
+ uint32_t edx;
+ } mwait;
+
/* Features that were filtered out because of missing host capabilities */
FeatureWordArray filtered_features;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 879c3e0..ffd01f0 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -377,6 +377,15 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
if (!kvm_irqchip_in_kernel()) {
ret &= ~CPUID_EXT_X2APIC;
}
+
+ if (enable_cpu_pm) {
+ int disable_exits = kvm_check_extension(s,
+ KVM_CAP_X86_DISABLE_EXITS);
+
+ if (disable_exits & KVM_X86_DISABLE_EXITS_MWAIT) {
+ ret |= CPUID_EXT_MONITOR;
+ }
+ }
} else if (function == 6 && reg == R_EAX) {
ret |= CPUID_6_EAX_ARAT; /* safe to allow because of emulated APIC */
} else if (function == 7 && index == 0 && reg == R_EBX) {
--
1.8.3.1

119
SOURCES/kvm-i386-display-known-CPUID-features-linewrapped-in-alp.patch Normal file
View File

@ -0,0 +1,119 @@
From e7f11d39d1ef78f47ed6d45ecd278d51c502f131 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 22 Nov 2019 11:53:37 +0000
Subject: [PATCH 04/16] i386: display known CPUID features linewrapped, in
alphabetical order
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20191122115348.25000-5-pbonzini@redhat.com>
Patchwork-id: 92605
O-Subject: [RHEL8.2/rhel qemu-kvm PATCH 04/15] i386: display known CPUID features linewrapped, in alphabetical order
Bugzilla: 1689270
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
When using '-cpu help' the list of CPUID features is grouped according
to the internal low level CPUID grouping. The data printed results in
very long lines too.
This combines to make it hard for users to read the output and identify
if QEMU knows about the feature they wish to use.
This change gets rid of the grouping of features and treats all flags as
single list. The list is sorted into alphabetical order and the printing
with line wrapping at the 77th column.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180606165527.17365-4-berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit cc643b1e7898414b56f551bbd42d4ed8c2ae127a)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 41 +++++++++++++++++++++++++++--------------
1 file changed, 27 insertions(+), 14 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 52f1f33..d0c48c2 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3651,17 +3651,21 @@ static void x86_cpu_class_check_missing_features(X86CPUClass *xcc,
/* Print all cpuid feature names in featureset
*/
-static void listflags(FILE *f, fprintf_function print, const char **featureset)
+static void listflags(FILE *f, fprintf_function print, GList *features)
{
- int bit;
- bool first = true;
-
- for (bit = 0; bit < 32; bit++) {
- if (featureset[bit]) {
- print(f, "%s%s", first ? "" : " ", featureset[bit]);
- first = false;
+ size_t len = 0;
+ GList *tmp;
+
+ for (tmp = features; tmp; tmp = tmp->next) {
+ const char *name = tmp->data;
+ if ((len + strlen(name) + 1) >= 75) {
+ print(f, "\n");
+ len = 0;
}
+ print(f, "%s%s", len == 0 ? " " : " ", name);
+ len += strlen(name) + 1;
}
+ print(f, "\n");
}
/* Sort alphabetically by type name, respecting X86CPUClass::ordering. */
@@ -3708,26 +3712,35 @@ static void x86_cpu_list_entry(gpointer data, gpointer user_data)
/* list available CPU models and flags */
void x86_cpu_list(FILE *f, fprintf_function cpu_fprintf)
{
- int i;
+ int i, j;
CPUListState s = {
.file = f,
.cpu_fprintf = cpu_fprintf,
};
GSList *list;
+ GList *names = NULL;
(*cpu_fprintf)(f, "Available CPUs:\n");
list = get_sorted_cpu_model_list();
g_slist_foreach(list, x86_cpu_list_entry, &s);
g_slist_free(list);
- (*cpu_fprintf)(f, "\nRecognized CPUID flags:\n");
+ names = NULL;
for (i = 0; i < ARRAY_SIZE(feature_word_info); i++) {
FeatureWordInfo *fw = &feature_word_info[i];
-
- (*cpu_fprintf)(f, " ");
- listflags(f, cpu_fprintf, fw->feat_names);
- (*cpu_fprintf)(f, "\n");
+ for (j = 0; j < 32; j++) {
+ if (fw->feat_names[j]) {
+ names = g_list_append(names, (gpointer)fw->feat_names[j]);
+ }
+ }
}
+
+ names = g_list_sort(names, (GCompareFunc)strcmp);
+
+ (*cpu_fprintf)(f, "\nRecognized CPUID flags:\n");
+ listflags(f, cpu_fprintf, names);
+ (*cpu_fprintf)(f, "\n");
+ g_list_free(names);
}
static void x86_cpu_definition_entry(gpointer data, gpointer user_data)
--
1.8.3.1

83
SOURCES/kvm-i386-fix-regression-parsing-multiboot-initrd-modules.patch Normal file
View File

@ -0,0 +1,83 @@
From dc98e8dd5c4aad2f3c480a9513ffba89540dcf3f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Sep 2019 13:05:01 +0100
Subject: [PATCH 04/22] i386: fix regression parsing multiboot initrd modules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20190912130503.14094-5-lersek@redhat.com>
Patchwork-id: 90434
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 4/6] i386: fix regression parsing multiboot initrd modules
Bugzilla: 1749022
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
The logic for parsing the multiboot initrd modules was messed up in
commit 950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Mon Apr 16 12:17:43 2018 +0100
opts: don't silently truncate long option values
Causing the length to be undercounter, and the number of modules over
counted. It also passes NULL to get_opt_value() which was not robust
at accepting a NULL value.
RHEL8 notes:
- Context difference in "util/qemu-option.c", function get_opt_value();
upstream has commit 5c99fa375da1 ("cutils: Provide strchrnul",
2018-06-29), part of v3.0.0, but downstream lacks it. Harmless, because
said upstream commit only refactors get_opt_value().
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180514171913.17664-2-berrange@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 6e3ad3f0e31b8e31c6c0769d0f474bcd9673e0e5)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/multiboot.c | 3 +--
util/qemu-option.c | 4 +++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 7a2953e..8e26545 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -292,8 +292,7 @@ int load_multiboot(FWCfgState *fw_cfg,
cmdline_len += strlen(kernel_cmdline) + 1;
if (initrd_filename) {
const char *r = get_opt_value(initrd_filename, NULL);
- cmdline_len += strlen(r) + 1;
- mbs.mb_mods_avail = 1;
+ cmdline_len += strlen(initrd_filename) + 1;
while (1) {
mbs.mb_mods_avail++;
r = get_opt_value(r, NULL);
diff --git a/util/qemu-option.c b/util/qemu-option.c
index ba44a08..a396d60 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -75,7 +75,9 @@ const char *get_opt_value(const char *p, char **value)
size_t capacity = 0, length;
const char *offset;
- *value = NULL;
+ if (value) {
+ *value = NULL;
+ }
while (1) {
offset = strchr(p, ',');
if (!offset) {
--
1.8.3.1

55
SOURCES/kvm-i386-kvm-Do-not-sync-nested-state-during-runtime.patch Normal file
View File

@ -0,0 +1,55 @@
From aaf60450da6b0bc4723028aeab9ced75ee03111b Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 22 Jul 2019 18:22:20 +0100
Subject: [PATCH 39/39] i386/kvm: Do not sync nested state during runtime
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20190722182220.19374-19-pbonzini@redhat.com>
Patchwork-id: 89635
O-Subject: [RHEL-8.1.0 PATCH qemu-kvm v3 18/18] i386/kvm: Do not sync nested state during runtime
Bugzilla: 1689269
RH-Acked-by: Peter Xu <zhexu@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
Writing the nested state e.g. after a vmport access can invalidate
important parts of the kernel-internal state, and it is not needed as
well. So leave this out from KVM_PUT_RUNTIME_STATE.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-Id: <bdd53f40-4e60-f3ae-7ec6-162198214953@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 20b25d239ab7a94bb8bff3d0f13a9527ee75cf10)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/kvm.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 8648f1f..da5f07e 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -3014,12 +3014,12 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
- ret = kvm_put_nested_state(x86_cpu);
- if (ret < 0) {
- return ret;
- }
-
if (level >= KVM_PUT_RESET_STATE) {
+ ret = kvm_put_nested_state(x86_cpu);
+ if (ret < 0) {
+ return ret;
+ }
+
ret = kvm_put_msr_feature_control(x86_cpu);
if (ret < 0) {
return ret;
--
1.8.3.1

115
SOURCES/kvm-i386-only-parse-the-initrd_filename-once-for-multibo.patch Normal file
View File

@ -0,0 +1,115 @@
From b9d1e72a0910c3a0d11cb0a3c863938de344e0f5 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Sep 2019 13:05:02 +0100
Subject: [PATCH 05/22] i386: only parse the initrd_filename once for multiboot
modules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20190912130503.14094-6-lersek@redhat.com>
Patchwork-id: 90438
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 5/6] i386: only parse the initrd_filename once for multiboot modules
Bugzilla: 1749022
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
The multiboot code parses the initrd_filename twice, first to count how
many entries there are, and second to process each entry. This changes
the first loop to store the parse module names in a list, and the second
loop can now use these names. This avoids having to pass NULL to the
get_opt_value() method which means it can safely assume a non-NULL param.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180514171913.17664-3-berrange@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f8da93a0ffa09268815c1942732cbc616a7db847)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/multiboot.c | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 8e26545..d519e20 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -161,6 +161,7 @@ int load_multiboot(FWCfgState *fw_cfg,
uint8_t bootinfo[MBI_SIZE];
uint8_t *mb_bootinfo_data;
uint32_t cmdline_len;
+ GList *mods = NULL;
/* Ok, let's see if it is a multiboot image.
The header is 12x32bit long, so the latest entry may be 8192 - 48. */
@@ -291,15 +292,16 @@ int load_multiboot(FWCfgState *fw_cfg,
cmdline_len = strlen(kernel_filename) + 1;
cmdline_len += strlen(kernel_cmdline) + 1;
if (initrd_filename) {
- const char *r = get_opt_value(initrd_filename, NULL);
+ const char *r = initrd_filename;
cmdline_len += strlen(initrd_filename) + 1;
- while (1) {
+ while (*r) {
+ char *value;
+ r = get_opt_value(r, &value);
mbs.mb_mods_avail++;
- r = get_opt_value(r, NULL);
- if (!*r) {
- break;
+ mods = g_list_append(mods, value);
+ if (*r) {
+ r++;
}
- r++;
}
}
@@ -314,20 +316,16 @@ int load_multiboot(FWCfgState *fw_cfg,
mbs.offset_cmdlines = mbs.offset_mbinfo + mbs.mb_mods_avail * MB_MOD_SIZE;
mbs.offset_bootloader = mbs.offset_cmdlines + cmdline_len;
- if (initrd_filename) {
- const char *next_initrd;
- char not_last;
- char *one_file = NULL;
-
+ if (mods) {
+ GList *tmpl = mods;
mbs.offset_mods = mbs.mb_buf_size;
- do {
+ while (tmpl) {
char *next_space;
int mb_mod_length;
uint32_t offs = mbs.mb_buf_size;
+ char *one_file = tmpl->data;
- next_initrd = get_opt_value(initrd_filename, &one_file);
- not_last = *next_initrd;
/* if a space comes after the module filename, treat everything
after that as parameters */
hwaddr c = mb_add_cmdline(&mbs, one_file);
@@ -352,10 +350,10 @@ int load_multiboot(FWCfgState *fw_cfg,
mb_debug("mod_start: %p\nmod_end: %p\n cmdline: "TARGET_FMT_plx,
(char *)mbs.mb_buf + offs,
(char *)mbs.mb_buf + offs + mb_mod_length, c);
- initrd_filename = next_initrd+1;
g_free(one_file);
- one_file = NULL;
- } while (not_last);
+ tmpl = tmpl->next;
+ }
+ g_list_free(mods);
}
/* Commandline support */
--
1.8.3.1

52
SOURCES/kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-NEW.patch Normal file
View File

@ -0,0 +1,52 @@
From 6131491c7a5494c1c034973ae23fc842b1ee733e Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Mon, 1 Jul 2019 16:17:33 +0100
Subject: [PATCH 04/39] i386: remove the 'INTEL_PT' CPUID bit from named CPU
models
RH-Author: plai@redhat.com
Message-id: <1561997854-9646-5-git-send-email-plai@redhat.com>
Patchwork-id: 89332
O-Subject: [RHEL8.1 qemu-kvm PATCH v6 4/5] i386: remove the 'INTEL_PT' CPUID bit from named CPU models
Bugzilla: 1629906
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Processor tracing is not yet implemented for KVM and it will be an
opt in feature requiring a special module parameter.
Disable it, because it is wrong to enable it by default and
it is impossible that no one has ever used it.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 4c257911dcc7c4189768e9651755c849ce9db4e8)
Signed-off-by: Paul Lai <plai@redhat.com>
Resolved Conflicts:
target/i386/cpu.c
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 094f8a1..2538d82 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2515,8 +2515,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
- CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT |
- CPUID_7_0_EBX_INTEL_PT,
+ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
.features[FEAT_7_0_ECX] =
CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_OSPKE |
CPUID_7_0_ECX_AVX512VNNI,
--
1.8.3.1

71
SOURCES/kvm-i386-unavailable-features-QOM-property.patch Normal file
View File

@ -0,0 +1,71 @@
From 2adf144c57ddef54f5c42cdbc539d0249ce1b0ba Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 29 Aug 2019 20:55:32 +0100
Subject: [PATCH 05/10] i386: "unavailable-features" QOM property
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20190829205532.8302-3-ehabkost@redhat.com>
Patchwork-id: 90201
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 2/2] i386: "unavailable-features" QOM property
Bugzilla: 1747185
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
Add a "unavailable-features" QOM property to X86CPU objects that
have the same semantics of "unavailable-features" on
query-cpu-definitions. The new property has the same goal of
"filtered-features", but is generic enough to let any kind of CPU
feature to be listed there without relying on low level details
like CPUID leaves or MSR numbers.
Message-Id: <20190422234742.15780-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 506174bf8219dc6d56d2b1f7e66e8cf39157466f)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 934f11b..c8f50a7 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3580,6 +3580,17 @@ static void x86_cpu_list_feature_names(FeatureWordArray features,
}
}
+static void x86_cpu_get_unavailable_features(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ X86CPU *xc = X86_CPU(obj);
+ strList *result = NULL;
+
+ x86_cpu_list_feature_names(xc->filtered_features, &result);
+ visit_type_strList(v, "unavailable-features", &result, errp);
+}
+
/* Check for missing features that may prevent the CPU class from
* running using the current machine and accelerator.
*/
@@ -5479,6 +5490,15 @@ static void x86_cpu_initfn(Object *obj)
object_property_add(obj, "filtered-features", "X86CPUFeatureWordInfo",
x86_cpu_get_feature_words,
NULL, NULL, (void *)cpu->filtered_features, NULL);
+ /*
+ * The "unavailable-features" property has the same semantics as
+ * CpuDefinitionInfo.unavailable-features on the "query-cpu-definitions"
+ * QMP command: they list the features that would have prevented the
+ * CPU from running if the "enforce" flag was set.
+ */
+ object_property_add(obj, "unavailable-features", "strList",
+ x86_cpu_get_unavailable_features,
+ NULL, NULL, NULL, &error_abort);
object_property_add(obj, "crash-information", "GuestPanicInformation",
x86_cpu_get_crash_info_qom, NULL, NULL, NULL, NULL);
--
1.8.3.1

90
SOURCES/kvm-i386-x86_cpu_list_feature_names-function.patch Normal file
View File

@ -0,0 +1,90 @@
From 61aa52146679fb00f976bc1eb7884f1ddcf7342c Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 29 Aug 2019 20:55:31 +0100
Subject: [PATCH 04/10] i386: x86_cpu_list_feature_names() function
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20190829205532.8302-2-ehabkost@redhat.com>
Patchwork-id: 90200
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/2] i386: x86_cpu_list_feature_names() function
Bugzilla: 1747185
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
Extract feature name listing code from
x86_cpu_class_check_missing_features(). It will be reused to
return information about CPU filtered features at runtime.
Message-Id: <20190422234742.15780-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 5a853fc57a0860da4a55d1448a77845f97e7a9be)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index f71b044..934f11b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3559,6 +3559,27 @@ static void x86_cpu_parse_featurestr(const char *typename, char *features,
static void x86_cpu_expand_features(X86CPU *cpu, Error **errp);
static int x86_cpu_filter_features(X86CPU *cpu);
+/* Build a list with the name of all features on a feature word array */
+static void x86_cpu_list_feature_names(FeatureWordArray features,
+ strList **feat_names)
+{
+ FeatureWord w;
+ strList **next = feat_names;
+
+ for (w = 0; w < FEATURE_WORDS; w++) {
+ uint32_t filtered = features[w];
+ int i;
+ for (i = 0; i < 32; i++) {
+ if (filtered & (1UL << i)) {
+ strList *new = g_new0(strList, 1);
+ new->value = g_strdup(x86_cpu_feature_name(w, i));
+ *next = new;
+ next = &new->next;
+ }
+ }
+ }
+}
+
/* Check for missing features that may prevent the CPU class from
* running using the current machine and accelerator.
*/
@@ -3566,7 +3587,6 @@ static void x86_cpu_class_check_missing_features(X86CPUClass *xcc,
strList **missing_feats)
{
X86CPU *xc;
- FeatureWord w;
Error *err = NULL;
strList **next = missing_feats;
@@ -3593,18 +3613,7 @@ static void x86_cpu_class_check_missing_features(X86CPUClass *xcc,
x86_cpu_filter_features(xc);
- for (w = 0; w < FEATURE_WORDS; w++) {
- uint32_t filtered = xc->filtered_features[w];
- int i;
- for (i = 0; i < 32; i++) {
- if (filtered & (1UL << i)) {
- strList *new = g_new0(strList, 1);
- new->value = g_strdup(x86_cpu_feature_name(w, i));
- *next = new;
- next = &new->next;
- }
- }
- }
+ x86_cpu_list_feature_names(xc->filtered_features, next);
object_unref(OBJECT(xc));
}
--
1.8.3.1

59
SOURCES/kvm-intel_iommu-Correct-caching-mode-error-message.patch Normal file
View File

@ -0,0 +1,59 @@
From 8954b0306e2179987cd097d203057e780808b0ba Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 9 Oct 2019 12:39:43 +0100
Subject: [PATCH 17/22] intel_iommu: Correct caching-mode error message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Peter Xu <peterx@redhat.com>
Message-id: <20191009123947.21505-2-peterx@redhat.com>
Patchwork-id: 91350
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/5] intel_iommu: Correct caching-mode error message
Bugzilla: 1738440
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
From: Alex Williamson <alex.williamson@redhat.com>
If we try to use the intel-iommu device with vfio-pci devices without
caching mode enabled, we're told:
qemu-system-x86_64: We need to set caching-mode=1 for intel-iommu to enable
device assignment with IOMMU protection.
But to enable caching mode, the option is actually "caching-mode=on".
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Message-Id: <155364147432.16467.15898335025013220939.stgit@gimli.home>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Alex Williamson &lt;<a href="mailto:alex.williamson@redhat.com" target="_blank" rel="noreferrer">alex.williamson@redhat.com</a>&gt;<br>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 75c5626c88a9675010018849ca9abc8d56045425)
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/intel_iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index e827c5a..22d2e52 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2554,7 +2554,7 @@ static void vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
IntelIOMMUState *s = vtd_as->iommu_state;
if (!s->caching_mode && new & IOMMU_NOTIFIER_MAP) {
- error_report("We need to set caching-mode=1 for intel-iommu to enable "
+ error_report("We need to set caching-mode=on for intel-iommu to enable "
"device assignment with IOMMU protection.");
exit(1);
}
--
1.8.3.1

49
SOURCES/kvm-intel_iommu-Remove-the-caching-mode-check-during-fla.patch Normal file
View File

@ -0,0 +1,49 @@
From 01ab894f9d19a03aee876b0d1b468f7314765539 Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 9 Oct 2019 12:39:47 +0100
Subject: [PATCH 21/22] intel_iommu: Remove the caching-mode check during flag
change
RH-Author: Peter Xu <peterx@redhat.com>
Message-id: <20191009123947.21505-6-peterx@redhat.com>
Patchwork-id: 91349
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 5/5] intel_iommu: Remove the caching-mode check during flag change
Bugzilla: 1738440
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
That's never a good place to stop QEMU process... Since now we have
both the machine done sanity check and also the hotplug handler, we
can safely remove this to avoid that.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190916080718.3299-5-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit e7df189e19e86bf9f4d7aea4c6cf50ac0ebfce46)
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/intel_iommu.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 44d19cc..a4190bf 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2561,10 +2561,6 @@ static void vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
IntelIOMMUState *s = vtd_as->iommu_state;
- if (!s->caching_mode && new & IOMMU_NOTIFIER_MAP) {
- vtd_panic_require_caching_mode();
- }
-
/* Update per-address-space notifier flags */
vtd_as->notifier_flags = new;
--
1.8.3.1

131
SOURCES/kvm-intel_iommu-Sanity-check-vfio-pci-config-on-machine-.patch Normal file
View File

@ -0,0 +1,131 @@
From 3a528a458d4a2ba4236e98ef3f4efe5482323972 Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 9 Oct 2019 12:39:44 +0100
Subject: [PATCH 18/22] intel_iommu: Sanity check vfio-pci config on machine
init done
RH-Author: Peter Xu <peterx@redhat.com>
Message-id: <20191009123947.21505-3-peterx@redhat.com>
Patchwork-id: 91347
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 2/5] intel_iommu: Sanity check vfio-pci config on machine init done
Bugzilla: 1738440
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
This check was previously only happened when the IOMMU is enabled in
the guest. It was always too late because the enabling of IOMMU
normally only happens during the boot of guest OS. It means that we
can bail out and exit directly during the guest OS boots if the
configuration of devices are not supported. Or, if the guest didn't
enable vIOMMU at all, then the user can use the guest normally but as
long as it reconfigure the guest OS to enable the vIOMMU then reboot,
the user will see the panic right after the reset when the next boot
starts.
Let's make this failure even earlier so that we force the user to use
caching-mode for vfio-pci devices when with the vIOMMU. So the user
won't get surprise at least during execution of the guest, which seems
a bit nicer.
This will affect some user who didn't enable vIOMMU in the guest OS
but was using vfio-pci and the vtd device in the past. However I hope
it's not a majority because not enabling vIOMMU with the device
attached is actually meaningless.
We still keep the old assertion for safety so far because the hotplug
path could still reach it, so far.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190916080718.3299-2-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 28cf553afeb29b0c4f339c600171552a72a68cb7)
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/intel_iommu.c | 39 ++++++++++++++++++++++++++++++++++++---
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 22d2e52..44d19cc 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -33,6 +33,7 @@
#include "hw/i386/x86-iommu.h"
#include "hw/pci-host/q35.h"
#include "sysemu/kvm.h"
+#include "sysemu/sysemu.h"
#include "hw/i386/apic_internal.h"
#include "kvm_i386.h"
#include "trace.h"
@@ -40,6 +41,13 @@
static void vtd_address_space_refresh_all(IntelIOMMUState *s);
static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n);
+static void vtd_panic_require_caching_mode(void)
+{
+ error_report("We need to set caching-mode=on for intel-iommu to enable "
+ "device assignment with IOMMU protection.");
+ exit(1);
+}
+
static void vtd_define_quad(IntelIOMMUState *s, hwaddr addr, uint64_t val,
uint64_t wmask, uint64_t w1cmask)
{
@@ -2554,9 +2562,7 @@ static void vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
IntelIOMMUState *s = vtd_as->iommu_state;
if (!s->caching_mode && new & IOMMU_NOTIFIER_MAP) {
- error_report("We need to set caching-mode=on for intel-iommu to enable "
- "device assignment with IOMMU protection.");
- exit(1);
+ vtd_panic_require_caching_mode();
}
/* Update per-address-space notifier flags */
@@ -3303,6 +3309,32 @@ static bool vtd_decide_config(IntelIOMMUState *s, Error **errp)
return true;
}
+static int vtd_machine_done_notify_one(Object *child, void *unused)
+{
+ IntelIOMMUState *iommu = INTEL_IOMMU_DEVICE(x86_iommu_get_default());
+
+ /*
+ * We hard-coded here because vfio-pci is the only special case
+ * here. Let's be more elegant in the future when we can, but so
+ * far there seems to be no better way.
+ */
+ if (object_dynamic_cast(child, "vfio-pci") && !iommu->caching_mode) {
+ vtd_panic_require_caching_mode();
+ }
+
+ return 0;
+}
+
+static void vtd_machine_done_hook(Notifier *notifier, void *unused)
+{
+ object_child_foreach_recursive(object_get_root(),
+ vtd_machine_done_notify_one, NULL);
+}
+
+static Notifier vtd_machine_done_notify = {
+ .notify = vtd_machine_done_hook,
+};
+
static void vtd_realize(DeviceState *dev, Error **errp)
{
MachineState *ms = MACHINE(qdev_get_machine());
@@ -3333,6 +3365,7 @@ static void vtd_realize(DeviceState *dev, Error **errp)
pci_setup_iommu(bus, vtd_host_dma_iommu, dev);
/* Pseudo address space under root PCI bus. */
pcms->ioapic_as = vtd_host_dma_iommu(bus, s, Q35_PSEUDO_DEVFN_IOAPIC);
+ qemu_add_machine_init_done_notifier(&vtd_machine_done_notify);
}
static void vtd_class_init(ObjectClass *klass, void *data)
--
1.8.3.1

138
SOURCES/kvm-iotests-Filter-175-s-allocation-information.patch Normal file
View File

@ -0,0 +1,138 @@
From b897ede11c7b47cc9db8334ca44dd960d3001309 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 30 Aug 2019 12:56:26 +0100
Subject: [PATCH 08/10] iotests: Filter 175's allocation information
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20190830125628.23668-4-thuth@redhat.com>
Patchwork-id: 90211
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 3/5] iotests: Filter 175's allocation information
Bugzilla: 1738839
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
From: Max Reitz <mreitz@redhat.com>
It is possible for an empty file to take up blocks on a filesystem, for
example:
$ qemu-img create -f raw test.img 1G
Formatting 'test.img', fmt=raw size=1073741824
$ mkfs.ext4 -I 128 -q test.img
$ mkdir test-mount
$ sudo mount -o loop test.img test-mount
$ sudo touch test-mount/test-file
$ stat -c 'blocks=%b' test-mount/test-file
blocks=8
These extra blocks (one cluster) are apparently used for metadata,
because they are always there, on top of blocks used for data:
$ sudo dd if=/dev/zero of=test-mount/test-file bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.00135339 s, 775 MB/s
$ stat -c 'blocks=%b' test-mount/test-file
blocks=2056
Make iotest 175 take this into account.
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Nir Soffer <nsoffer@redhat.com>
Message-id: 20190516144319.12570-1-mreitz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit a3bd71b5773a3664692601e6e181f108e1e4aa41)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/175 | 26 ++++++++++++++++++++++----
tests/qemu-iotests/175.out | 8 ++++----
2 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
index ca56e82..2e37c9a 100755
--- a/tests/qemu-iotests/175
+++ b/tests/qemu-iotests/175
@@ -29,10 +29,25 @@ status=1 # failure is the default!
_cleanup()
{
- _cleanup_test_img
+ _cleanup_test_img
+ rm -f "$TEST_DIR/empty"
}
trap "_cleanup; exit \$status" 0 1 2 3 15
+# Some file systems sometimes allocate extra blocks independently of
+# the file size. This function hides the resulting difference in the
+# stat -c '%b' output.
+# Parameter 1: Number of blocks an empty file occupies
+# Parameter 2: Image size in bytes
+_filter_blocks()
+{
+ extra_blocks=$1
+ img_size=$2
+
+ sed -e "s/blocks=$extra_blocks\\(\$\\|[^0-9]\\)/nothing allocated/" \
+ -e "s/blocks=$((extra_blocks + img_size / 512))\\(\$\\|[^0-9]\\)/everything allocated/"
+}
+
# get standard environment, filters and checks
. ./common.rc
. ./common.filter
@@ -41,18 +56,21 @@ _supported_fmt raw
_supported_proto file
_supported_os Linux
-size=1m
+size=$((1 * 1024 * 1024))
+
+touch "$TEST_DIR/empty"
+extra_blocks=$(stat -c '%b' "$TEST_DIR/empty")
echo
echo "== creating image with default preallocation =="
_make_test_img $size | _filter_imgfmt
-stat -c "size=%s, blocks=%b" $TEST_IMG
+stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $size
for mode in off full falloc; do
echo
echo "== creating image with preallocation $mode =="
IMGOPTS=preallocation=$mode _make_test_img $size | _filter_imgfmt
- stat -c "size=%s, blocks=%b" $TEST_IMG
+ stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $size
done
# success, all done
diff --git a/tests/qemu-iotests/175.out b/tests/qemu-iotests/175.out
index 76c02c6..6d9a5ed 100644
--- a/tests/qemu-iotests/175.out
+++ b/tests/qemu-iotests/175.out
@@ -2,17 +2,17 @@ QA output created by 175
== creating image with default preallocation ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
-size=1048576, blocks=0
+size=1048576, nothing allocated
== creating image with preallocation off ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=off
-size=1048576, blocks=0
+size=1048576, nothing allocated
== creating image with preallocation full ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=full
-size=1048576, blocks=2048
+size=1048576, everything allocated
== creating image with preallocation falloc ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=falloc
-size=1048576, blocks=2048
+size=1048576, everything allocated
*** done
--
1.8.3.1

49
SOURCES/kvm-iotests-Filter-SSH-paths.patch Normal file
View File

@ -0,0 +1,49 @@
From 1d8ba61938b06c54749b96af34acf3fee751bc93 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:56 +0100
Subject: [PATCH 10/39] iotests: Filter SSH paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-6-ptoscano@redhat.com>
Patchwork-id: 89416
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 05/10] iotests: Filter SSH paths
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Max Reitz <mreitz@redhat.com>
8908b253c4ad5f8874c8d13abec169c696a5cd32 has implemented filtering of
remote paths for NFS, but forgot SSH. This patch takes care of that.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 20190210145736.1486-9-mreitz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit ac3589dc463c18e6726be2831196c7755bec39d5)
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/common.rc | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index d054cb9..6490c8d 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -145,6 +145,7 @@ else
TEST_IMG="nbd:127.0.0.1:10810"
elif [ "$IMGPROTO" = "ssh" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
+ REMOTE_TEST_DIR="ssh://127.0.0.1$TEST_DIR"
TEST_IMG="ssh://127.0.0.1$TEST_IMG_FILE"
elif [ "$IMGPROTO" = "nfs" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
--
1.8.3.1

95
SOURCES/kvm-iotests-Make-182-do-without-device_add.patch Normal file
View File

@ -0,0 +1,95 @@
From 58bf58e416a89ea5166865664887cfe4562b1fc0 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Wed, 26 Jun 2019 16:24:01 +0100
Subject: [PATCH 2/2] iotests: Make 182 do without device_add
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190626162401.11112-2-mreitz@redhat.com>
Patchwork-id: 88951
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] iotests: Make 182 do without device_add
Bugzilla: 1707598
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
182 fails if qemu has no support for hotplugging of a virtio-blk device.
Using an NBD server instead works just as well for the test, even on
qemus without hotplugging support.
Fixes: 6d0a4a0fb5c8f10c8eb68b52cfda0082b00ae963
Reported-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20190417153005.30096-1-mreitz@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 8fabb8be37775ebb32b0d78bc7be815a29b8a107)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/182 | 22 +++++++++++++++++-----
tests/qemu-iotests/182.out | 1 +
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/tests/qemu-iotests/182 b/tests/qemu-iotests/182
index 3b7689c..c1520ed 100755
--- a/tests/qemu-iotests/182
+++ b/tests/qemu-iotests/182
@@ -32,6 +32,7 @@ _cleanup()
{
_cleanup_test_img
rm -f "$TEST_IMG.overlay"
+ rm -f "$TEST_DIR/nbd.socket"
}
trap "_cleanup; exit \$status" 0 1 2 3 15
@@ -127,15 +128,26 @@ success_or_failure=y _send_qemu_cmd $QEMU_HANDLE \
'return' \
'error'
-# Now we attach the image to a virtio-blk device. This device does
-# require some permissions (at least WRITE and READ_CONSISTENT), so if
+# Start an NBD server to which we can attach node1
+success_or_failure=y _send_qemu_cmd $QEMU_HANDLE \
+ "{'execute': 'nbd-server-start',
+ 'arguments': {
+ 'addr': {
+ 'type': 'unix',
+ 'data': {
+ 'path': '$TEST_DIR/nbd.socket'
+ } } } }" \
+ 'return' \
+ 'error'
+
+# Now we attach the image to the NBD server. This server does require
+# some permissions (at least WRITE and READ_CONSISTENT), so if
# reopening node0 unshared any (which it should not have), this will
# fail (but it should not).
success_or_failure=y _send_qemu_cmd $QEMU_HANDLE \
- "{'execute': 'device_add',
+ "{'execute': 'nbd-server-add',
'arguments': {
- 'driver': 'virtio-blk',
- 'drive': 'node1'
+ 'device': 'node1'
} }" \
'return' \
'error'
diff --git a/tests/qemu-iotests/182.out b/tests/qemu-iotests/182.out
index af501ca..33d41ee 100644
--- a/tests/qemu-iotests/182.out
+++ b/tests/qemu-iotests/182.out
@@ -14,4 +14,5 @@ Formatting 'TEST_DIR/t.qcow2.overlay', fmt=qcow2 size=197120 backing_file=TEST_D
{"return": {}}
{"return": {}}
{"return": {}}
+{"return": {}}
*** done
--
1.8.3.1

108
SOURCES/kvm-iotests-Test-allocate_first_block-with-O_DIRECT.patch Normal file
View File

@ -0,0 +1,108 @@
From b4841fd40fefcffc99c4b52c8a06720edb4ef9ef Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 30 Aug 2019 12:56:28 +0100
Subject: [PATCH 10/10] iotests: Test allocate_first_block() with O_DIRECT
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20190830125628.23668-6-thuth@redhat.com>
Patchwork-id: 90212
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 5/5] iotests: Test allocate_first_block() with O_DIRECT
Bugzilla: 1738839
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
From: Nir Soffer <nirsof@gmail.com>
Using block_resize we can test allocate_first_block() with file
descriptor opened with O_DIRECT, ensuring that it works for any size
larger than 4096 bytes.
Testing smaller sizes is tricky as the result depends on the filesystem
used for testing. For example on NFS any size will work since O_DIRECT
does not require any alignment.
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190827010528.8818-3-nsoffer@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 4656fb5ebbece8c7bbca0bef56bea882c94b9132)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/175 | 28 ++++++++++++++++++++++++++++
tests/qemu-iotests/175.out | 8 ++++++++
2 files changed, 36 insertions(+)
diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
index b3b7712..74ca49d 100755
--- a/tests/qemu-iotests/175
+++ b/tests/qemu-iotests/175
@@ -50,6 +50,23 @@ _filter_blocks()
-e "s/blocks=$((extra_blocks + img_size / 512))\\(\$\\|[^0-9]\\)/max allocation/"
}
+# Resize image using block_resize.
+# Parameter 1: image path
+# Parameter 2: new size
+_block_resize()
+{
+ local path=$1
+ local size=$2
+
+ $QEMU -qmp stdio -nographic -nodefaults \
+ -blockdev file,node-name=file,filename=$path,cache.direct=on \
+ <<EOF
+{'execute': 'qmp_capabilities'}
+{'execute': 'block_resize', 'arguments': {'node-name': 'file', 'size': $size}}
+{'execute': 'quit'}
+EOF
+}
+
# get standard environment, filters and checks
. ./common.rc
. ./common.filter
@@ -58,6 +75,9 @@ _supported_fmt raw
_supported_proto file
_supported_os Linux
+_default_cache_mode none
+_supported_cache_modes none directsync
+
size=$((1 * 1024 * 1024))
touch "$TEST_DIR/empty"
@@ -80,6 +100,14 @@ for mode in off full falloc; do
stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $size
done
+for new_size in 4096 1048576; do
+ echo
+ echo "== resize empty image with block_resize =="
+ _make_test_img 0 | _filter_imgfmt
+ _block_resize $TEST_IMG $new_size >/dev/null
+ stat -c "size=%s, blocks=%b" $TEST_IMG | _filter_blocks $extra_blocks $min_blocks $new_size
+done
+
# success, all done
echo "*** done"
rm -f $seq.full
diff --git a/tests/qemu-iotests/175.out b/tests/qemu-iotests/175.out
index 263e521..39c2ee0 100644
--- a/tests/qemu-iotests/175.out
+++ b/tests/qemu-iotests/175.out
@@ -15,4 +15,12 @@ size=1048576, max allocation
== creating image with preallocation falloc ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 preallocation=falloc
size=1048576, max allocation
+
+== resize empty image with block_resize ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=0
+size=4096, min allocation
+
+== resize empty image with block_resize ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=0
+size=1048576, min allocation
*** done
--
1.8.3.1

182
SOURCES/kvm-iotests-Test-unaligned-raw-images-with-O_DIRECT.patch Normal file
View File

@ -0,0 +1,182 @@
From d193f7ee2bf7822408fa9a92b7e170330b7f6ec4 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:41 +0100
Subject: [PATCH 03/14] iotests: Test unaligned raw images with O_DIRECT
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-3-mreitz@redhat.com>
Patchwork-id: 89648
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 2/7] iotests: Test unaligned raw images with O_DIRECT
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
We already have 221 for accesses through the page cache, but it is
better to create a new file for O_DIRECT instead of integrating those
test cases into 221. This way, we can make use of
_supported_cache_modes (and _default_cache_mode) so the test is
automatically skipped on filesystems that do not support O_DIRECT.
As part of the split, add _supported_cache_modes to 221. With that, it
no longer fails when run with -c none or -c directsync.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2fab30c80b33cdc6157c7efe6207e54b6835cf92)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/221 | 4 +++
tests/qemu-iotests/253 | 84 ++++++++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/253.out | 14 ++++++++
tests/qemu-iotests/group | 1 +
4 files changed, 103 insertions(+)
create mode 100755 tests/qemu-iotests/253
create mode 100644 tests/qemu-iotests/253.out
diff --git a/tests/qemu-iotests/221 b/tests/qemu-iotests/221
index 41c4e4b..2cc29ba 100755
--- a/tests/qemu-iotests/221
+++ b/tests/qemu-iotests/221
@@ -1,6 +1,7 @@
#!/bin/bash
#
# Test qemu-img vs. unaligned images
+# (See also 253, which is the O_DIRECT version)
#
# Copyright (C) 2018 Red Hat, Inc.
#
@@ -38,6 +39,9 @@ _supported_fmt raw
_supported_proto file
_supported_os Linux
+_default_cache_mode writeback
+_supported_cache_modes writeback writethrough unsafe
+
echo
echo "=== Check mapping of unaligned raw image ==="
echo
diff --git a/tests/qemu-iotests/253 b/tests/qemu-iotests/253
new file mode 100755
index 0000000..d88d5af
--- /dev/null
+++ b/tests/qemu-iotests/253
@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+#
+# Test qemu-img vs. unaligned images; O_DIRECT version
+# (Originates from 221)
+#
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+status=1 # failure is the default!
+
+_cleanup()
+{
+ _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt raw
+_supported_proto file
+_supported_os Linux
+
+_default_cache_mode none
+_supported_cache_modes none directsync
+
+echo
+echo "=== Check mapping of unaligned raw image ==="
+echo
+
+# We do not know how large a physical sector is, but it is certainly
+# going to be a factor of 1 MB
+size=$((1 * 1024 * 1024 - 1))
+
+# qemu-img create rounds size up to BDRV_SECTOR_SIZE
+_make_test_img $size
+$QEMU_IMG map --output=json --image-opts \
+ "driver=$IMGFMT,file.driver=file,file.filename=$TEST_IMG,cache.direct=on" \
+ | _filter_qemu_img_map
+
+# so we resize it and check again
+truncate --size=$size "$TEST_IMG"
+$QEMU_IMG map --output=json --image-opts \
+ "driver=$IMGFMT,file.driver=file,file.filename=$TEST_IMG,cache.direct=on" \
+ | _filter_qemu_img_map
+
+# qemu-io with O_DIRECT always writes whole physical sectors. Again,
+# we do not know how large a physical sector is, so we just start
+# writing from a 64 kB boundary, which should always be aligned.
+offset=$((1 * 1024 * 1024 - 64 * 1024))
+$QEMU_IO -c "w $offset $((size - offset))" "$TEST_IMG" | _filter_qemu_io
+$QEMU_IMG map --output=json --image-opts \
+ "driver=$IMGFMT,file.driver=file,file.filename=$TEST_IMG,cache.direct=on" \
+ | _filter_qemu_img_map
+
+# Resize it and check again -- contrary to 221, we may not get partial
+# sectors here, so there should be only two areas (one zero, one
+# data).
+truncate --size=$size "$TEST_IMG"
+$QEMU_IMG map --output=json --image-opts \
+ "driver=$IMGFMT,file.driver=file,file.filename=$TEST_IMG,cache.direct=on" \
+ | _filter_qemu_img_map
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/253.out b/tests/qemu-iotests/253.out
new file mode 100644
index 0000000..607c0ba
--- /dev/null
+++ b/tests/qemu-iotests/253.out
@@ -0,0 +1,14 @@
+QA output created by 253
+
+=== Check mapping of unaligned raw image ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048575
+[{ "start": 0, "length": 1048576, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 1048576, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+wrote 65535/65535 bytes at offset 983040
+63.999 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+[{ "start": 0, "length": 983040, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+{ "start": 983040, "length": 65536, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+[{ "start": 0, "length": 983040, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+{ "start": 983040, "length": 65536, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 5cbdc24..b356d82 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -227,3 +227,4 @@
232 auto quick
234 auto quick migration
240 auto quick
+253 rw auto quick
--
1.8.3.1

101
SOURCES/kvm-iotests-Tweak-221-sizing-for-different-hole-granular.patch Normal file
View File

@ -0,0 +1,101 @@
From 6f5c54a54c05143cf9f69a626b398886d1c51358 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 30 Aug 2019 12:56:25 +0100
Subject: [PATCH 07/10] iotests: Tweak 221 sizing for different hole
granularities
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20190830125628.23668-3-thuth@redhat.com>
Patchwork-id: 90213
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 2/5] iotests: Tweak 221 sizing for different hole granularities
Bugzilla: 1738839
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
From: Eric Blake <eblake@redhat.com>
For some particular configurations of ext4, sizing an image to 84
sectors + 1 byte causes test failures when the size of the hole is
rounded to a 4k alignment. Let's instead size things to 128 sectors +
1 byte, as the 64k boundary is more likely to work with various hole
granularities.
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190506172111.31594-1-eblake@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit d3192de752cd6d383d38e50341b39d9550d21fa8)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/221 | 10 +++++-----
tests/qemu-iotests/221.out | 20 ++++++++++----------
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/tests/qemu-iotests/221 b/tests/qemu-iotests/221
index 2cc29ba..75aa192 100755
--- a/tests/qemu-iotests/221
+++ b/tests/qemu-iotests/221
@@ -3,7 +3,7 @@
# Test qemu-img vs. unaligned images
# (See also 253, which is the O_DIRECT version)
#
-# Copyright (C) 2018 Red Hat, Inc.
+# Copyright (C) 2018-2019 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -46,16 +46,16 @@ echo
echo "=== Check mapping of unaligned raw image ==="
echo
-_make_test_img 43009 # qemu-img create rounds size up
+_make_test_img 65537 # qemu-img create rounds size up
$QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
-truncate --size=43009 "$TEST_IMG" # so we resize it and check again
+truncate --size=65537 "$TEST_IMG" # so we resize it and check again
$QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
-$QEMU_IO -c 'w 43008 1' "$TEST_IMG" | _filter_qemu_io # writing also rounds up
+$QEMU_IO -c 'w 65536 1' "$TEST_IMG" | _filter_qemu_io # writing also rounds up
$QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
-truncate --size=43009 "$TEST_IMG" # so we resize it and check again
+truncate --size=65537 "$TEST_IMG" # so we resize it and check again
$QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
# success, all done
diff --git a/tests/qemu-iotests/221.out b/tests/qemu-iotests/221.out
index a9c0190..9f9dd52 100644
--- a/tests/qemu-iotests/221.out
+++ b/tests/qemu-iotests/221.out
@@ -2,15 +2,15 @@ QA output created by 221
=== Check mapping of unaligned raw image ===
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=43009
-[{ "start": 0, "length": 43520, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 43520, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
-wrote 1/1 bytes at offset 43008
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65537
+[{ "start": 0, "length": 66048, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 66048, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+wrote 1/1 bytes at offset 65536
1 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-[{ "start": 0, "length": 40960, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
-{ "start": 40960, "length": 2049, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 43009, "length": 511, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 40960, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
-{ "start": 40960, "length": 2049, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
-{ "start": 43009, "length": 511, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 65536, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+{ "start": 65536, "length": 1, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 65537, "length": 511, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 65536, "depth": 0, "zero": true, "data": false, "offset": OFFSET},
+{ "start": 65536, "length": 1, "depth": 0, "zero": false, "data": true, "offset": OFFSET},
+{ "start": 65537, "length": 511, "depth": 0, "zero": true, "data": false, "offset": OFFSET}]
*** done
--
1.8.3.1

2136
SOURCES/kvm-iotests-Unify-log-outputs-between-Python-2-and-3.patch Normal file
View File

File diff suppressed because it is too large Load Diff

267
SOURCES/kvm-iotests-Use-Python-byte-strings-where-appropriate.patch Normal file
View File

@ -0,0 +1,267 @@
From 3b36d09996dbcbfc15cb83b2287940243022fd6a Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:58 +0100
Subject: [PATCH 12/39] iotests: Use Python byte strings where appropriate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-8-ptoscano@redhat.com>
Patchwork-id: 89424
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 07/10] iotests: Use Python byte strings where appropriate
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Max Reitz <mreitz@redhat.com>
Since byte strings are no longer the default in Python 3, we have to
explicitly use them where we need to, which is mostly when working with
structures. It also means that we need to open a file in binary mode
when we want to use structures.
On the other hand, we have to accomodate for the fact that some
functions (still) work with byte strings but we want to use unicode
strings (in Python 3 at least, and it does not matter in Python 2).
This includes base64 encoding, but it is most notable when working with
the subprocess module: Either we set universal_newlines to True so that
the default streams are opened in text mode (hence this parameter is
aliased as "text" as of 3.7), or, if that is not possible, we have to
decode the output to a normal string.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20181022135307.14398-4-mreitz@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit 8eb5e6746feaf9e021b69ea2521899f8dc889033)
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
scripts/qtest.py | 2 +-
tests/qemu-iotests/044 | 8 ++++----
tests/qemu-iotests/149 | 8 +++++---
tests/qemu-iotests/207 | 4 ++--
tests/qemu-iotests/iotests.py | 11 +++++++----
tests/qemu-iotests/nbd-fault-injector.py | 4 ++--
tests/qemu-iotests/qcow2.py | 10 +++++-----
7 files changed, 26 insertions(+), 21 deletions(-)
diff --git a/scripts/qtest.py b/scripts/qtest.py
index df0daf2..adf1fe3 100644
--- a/scripts/qtest.py
+++ b/scripts/qtest.py
@@ -64,7 +64,7 @@ class QEMUQtestProtocol(object):
@param qtest_cmd: qtest command text to be sent
"""
- self._sock.sendall(qtest_cmd + "\n")
+ self._sock.sendall((qtest_cmd + "\n").encode('utf-8'))
def close(self):
self._sock.close()
diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
index 11ea0f4..69e736f 100755
--- a/tests/qemu-iotests/044
+++ b/tests/qemu-iotests/044
@@ -53,21 +53,21 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
fd.seek(off_reftable)
for i in xrange(0, h.refcount_table_clusters):
- sector = ''.join(struct.pack('>Q',
+ sector = b''.join(struct.pack('>Q',
off_refblock + i * 64 * 512 + j * 512)
for j in xrange(0, 64))
fd.write(sector)
# Write the refcount blocks
assert(fd.tell() == off_refblock)
- sector = ''.join(struct.pack('>H', 1) for j in xrange(0, 64 * 256))
+ sector = b''.join(struct.pack('>H', 1) for j in range(0, 64 * 256))
for block in xrange(0, h.refcount_table_clusters):
fd.write(sector)
# Write the L1 table
assert(fd.tell() == off_l1)
assert(off_l2 + 512 * h.l1_size == off_data)
- table = ''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
+ table = b''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
for j in xrange(0, h.l1_size))
fd.write(table)
@@ -85,7 +85,7 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
remaining = remaining - 1024 * 512
off = off + 1024 * 512
- table = ''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
+ table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
for j in xrange(0, remaining / 512))
fd.write(table)
diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149
index d3ffa25..87174b1 100755
--- a/tests/qemu-iotests/149
+++ b/tests/qemu-iotests/149
@@ -79,7 +79,7 @@ class LUKSConfig(object):
def first_password_base64(self):
(pw, slot) = self.first_password()
- return base64.b64encode(pw)
+ return base64.b64encode(pw.encode('ascii')).decode('ascii')
def active_slots(self):
slots = []
@@ -98,7 +98,8 @@ def verify_passwordless_sudo():
proc = subprocess.Popen(args,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
+ stderr=subprocess.STDOUT,
+ universal_newlines=True)
msg = proc.communicate()[0]
@@ -116,7 +117,8 @@ def cryptsetup(args, password=None):
proc = subprocess.Popen(fullargs,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
+ stderr=subprocess.STDOUT,
+ universal_newlines=True)
msg = proc.communicate(password)[0]
diff --git a/tests/qemu-iotests/207 b/tests/qemu-iotests/207
index 8202bd1..d45bf72 100755
--- a/tests/qemu-iotests/207
+++ b/tests/qemu-iotests/207
@@ -109,7 +109,7 @@ with iotests.FilePath('t.img') as disk_path, \
md5_key = subprocess.check_output(
'ssh-keyscan -t rsa 127.0.0.1 2>/dev/null | grep -v "\\^#" | ' +
'cut -d" " -f3 | base64 -d | md5sum -b | cut -d" " -f1',
- shell=True).rstrip()
+ shell=True).rstrip().decode('ascii')
vm.launch()
blockdev_create(vm, { 'driver': 'ssh',
@@ -147,7 +147,7 @@ with iotests.FilePath('t.img') as disk_path, \
sha1_key = subprocess.check_output(
'ssh-keyscan -t rsa 127.0.0.1 2>/dev/null | grep -v "\\^#" | ' +
'cut -d" " -f3 | base64 -d | sha1sum -b | cut -d" " -f1',
- shell=True).rstrip()
+ shell=True).rstrip().decode('ascii')
vm.launch()
blockdev_create(vm, { 'driver': 'ssh',
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 0f6980a..3d41ff0 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -104,7 +104,8 @@ def qemu_img_pipe(*args):
'''Run qemu-img and return its output'''
subp = subprocess.Popen(qemu_img_args + list(args),
stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
+ stderr=subprocess.STDOUT,
+ universal_newlines=True)
exitcode = subp.wait()
if exitcode < 0:
sys.stderr.write('qemu-img received signal %i: %s\n' % (-exitcode, ' '.join(qemu_img_args + list(args))))
@@ -128,7 +129,8 @@ def qemu_io(*args):
'''Run qemu-io and return the stdout data'''
args = qemu_io_args + list(args)
subp = subprocess.Popen(args, stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
+ stderr=subprocess.STDOUT,
+ universal_newlines=True)
exitcode = subp.wait()
if exitcode < 0:
sys.stderr.write('qemu-io received signal %i: %s\n' % (-exitcode, ' '.join(args)))
@@ -149,7 +151,8 @@ class QemuIoInteractive:
self.args = qemu_io_args + list(args)
self._p = subprocess.Popen(self.args, stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT)
+ stderr=subprocess.STDOUT,
+ universal_newlines=True)
assert self._p.stdout.read(9) == 'qemu-io> '
def close(self):
@@ -192,7 +195,7 @@ def compare_images(img1, img2, fmt1=imgfmt, fmt2=imgfmt):
def create_image(name, size):
'''Create a fully-allocated raw image with sector markers'''
- file = open(name, 'w')
+ file = open(name, 'wb')
i = 0
while i < size:
sector = struct.pack('>l504xl', i / 512, i / 512)
diff --git a/tests/qemu-iotests/nbd-fault-injector.py b/tests/qemu-iotests/nbd-fault-injector.py
index f9193c0..09668f6 100755
--- a/tests/qemu-iotests/nbd-fault-injector.py
+++ b/tests/qemu-iotests/nbd-fault-injector.py
@@ -86,7 +86,7 @@ def recvall(sock, bufsize):
raise Exception('unexpected disconnect')
chunks.append(chunk)
received += len(chunk)
- return ''.join(chunks)
+ return b''.join(chunks)
class Rule(object):
def __init__(self, name, event, io, when):
@@ -176,7 +176,7 @@ def handle_connection(conn, use_export):
req = read_request(conn)
if req.type == NBD_CMD_READ:
write_reply(conn, 0, req.handle)
- conn.send('\0' * req.len, event='data')
+ conn.send(b'\0' * req.len, event='data')
elif req.type == NBD_CMD_WRITE:
_ = conn.recv(req.len, event='data')
write_reply(conn, 0, req.handle)
diff --git a/tests/qemu-iotests/qcow2.py b/tests/qemu-iotests/qcow2.py
index b95a837..b392972 100755
--- a/tests/qemu-iotests/qcow2.py
+++ b/tests/qemu-iotests/qcow2.py
@@ -10,7 +10,7 @@ class QcowHeaderExtension:
def __init__(self, magic, length, data):
if length % 8 != 0:
padding = 8 - (length % 8)
- data += "\0" * padding
+ data += b"\0" * padding
self.magic = magic
self.length = length
@@ -103,7 +103,7 @@ class QcowHeader:
fd.seek(self.header_length)
extensions = self.extensions
- extensions.append(QcowHeaderExtension(0, 0, ""))
+ extensions.append(QcowHeaderExtension(0, 0, b""))
for ex in extensions:
buf = struct.pack('>II', ex.magic, ex.length)
fd.write(buf)
@@ -137,8 +137,8 @@ class QcowHeader:
for ex in self.extensions:
data = ex.data[:ex.length]
- if all(c in string.printable for c in data):
- data = "'%s'" % data
+ if all(c in string.printable.encode('ascii') for c in data):
+ data = "'%s'" % data.decode('ascii')
else:
data = "<binary>"
@@ -178,7 +178,7 @@ def cmd_add_header_ext(fd, magic, data):
sys.exit(1)
h = QcowHeader(fd)
- h.extensions.append(QcowHeaderExtension.create(magic, data))
+ h.extensions.append(QcowHeaderExtension.create(magic, data.encode('ascii')))
h.update(fd)
def cmd_add_header_ext_stdio(fd, magic):
--
1.8.3.1

81
SOURCES/kvm-iothread-fix-crash-with-invalid-properties.patch Normal file
View File

@ -0,0 +1,81 @@
From 287d819f015a624f321d34491e30b62a05912298 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu, 15 Aug 2019 13:23:10 +0100
Subject: [PATCH 08/10] iothread: fix crash with invalid properties
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20190815132311.22027-2-stefanha@redhat.com>
Patchwork-id: 89995
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 1/2] iothread: fix crash with invalid properties
Bugzilla: 1687541
RH-Acked-by: Peter Xu <peterx@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Marc-André Lureau <marcandre.lureau@redhat.com>
-object iothread,id=foo,? will crash qemu:
qemu-system-x86_64:qemu-thread-posix.c:128: qemu_cond_destroy: Assertion `cond->initialized' failed.
Use thread_id != -1 to check if iothread_complete() finished
successfully and the mutex/cond have been initialized.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180821100716.13803-1-marcandre.lureau@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
(cherry picked from commit 14a2d11825ddc37d6547a80704ae6450e9e376c7)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
iothread.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/iothread.c b/iothread.c
index aff1281..2fb1cdf 100644
--- a/iothread.c
+++ b/iothread.c
@@ -110,6 +110,7 @@ static void iothread_instance_init(Object *obj)
IOThread *iothread = IOTHREAD(obj);
iothread->poll_max_ns = IOTHREAD_POLL_MAX_NS_DEFAULT;
+ iothread->thread_id = -1;
}
static void iothread_instance_finalize(Object *obj)
@@ -117,6 +118,11 @@ static void iothread_instance_finalize(Object *obj)
IOThread *iothread = IOTHREAD(obj);
iothread_stop(iothread);
+
+ if (iothread->thread_id != -1) {
+ qemu_cond_destroy(&iothread->init_done_cond);
+ qemu_mutex_destroy(&iothread->init_done_lock);
+ }
/*
* Before glib2 2.33.10, there is a glib2 bug that GSource context
* pointer may not be cleared even if the context has already been
@@ -135,8 +141,6 @@ static void iothread_instance_finalize(Object *obj)
g_main_context_unref(iothread->worker_context);
iothread->worker_context = NULL;
}
- qemu_cond_destroy(&iothread->init_done_cond);
- qemu_mutex_destroy(&iothread->init_done_lock);
}
static void iothread_complete(UserCreatable *obj, Error **errp)
@@ -147,7 +151,6 @@ static void iothread_complete(UserCreatable *obj, Error **errp)
iothread->stopping = false;
iothread->running = true;
- iothread->thread_id = -1;
iothread->ctx = aio_context_new(&local_error);
if (!iothread->ctx) {
error_propagate(errp, local_error);
--
1.8.3.1

117
SOURCES/kvm-iothread-replace-init_done_cond-with-a-semaphore.patch Normal file
View File

@ -0,0 +1,117 @@
From 9db6f24509ee8a28818693d6a15257b873d9422a Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu, 15 Aug 2019 13:23:11 +0100
Subject: [PATCH 09/10] iothread: replace init_done_cond with a semaphore
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: <20190815132311.22027-3-stefanha@redhat.com>
Patchwork-id: 89996
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 2/2] iothread: replace init_done_cond with a semaphore
Bugzilla: 1687541
RH-Acked-by: Peter Xu <peterx@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Peter Xu <peterx@redhat.com>
Only sending an init-done message using lock+cond seems an overkill to
me. Replacing it with a simpler semaphore.
Meanwhile, init the semaphore unconditionally, then we can destroy it
unconditionally too in finalize which seems cleaner.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 20190306115532.23025-2-peterx@redhat.com
Message-Id: <20190306115532.23025-2-peterx@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 21c4d15b4708b7d30c450041a560df670f36cac8)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
include/sysemu/iothread.h | 3 +--
iothread.c | 17 ++++-------------
2 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
index 8a7ac2c..50411ba 100644
--- a/include/sysemu/iothread.h
+++ b/include/sysemu/iothread.h
@@ -27,8 +27,7 @@ typedef struct {
GMainContext *worker_context;
GMainLoop *main_loop;
GOnce once;
- QemuMutex init_done_lock;
- QemuCond init_done_cond; /* is thread initialization done? */
+ QemuSemaphore init_done_sem; /* is thread init done? */
bool stopping; /* has iothread_stop() been called? */
bool running; /* should iothread_run() continue? */
int thread_id;
diff --git a/iothread.c b/iothread.c
index 2fb1cdf..b92232f 100644
--- a/iothread.c
+++ b/iothread.c
@@ -55,10 +55,8 @@ static void *iothread_run(void *opaque)
rcu_register_thread();
my_iothread = iothread;
- qemu_mutex_lock(&iothread->init_done_lock);
iothread->thread_id = qemu_get_thread_id();
- qemu_cond_signal(&iothread->init_done_cond);
- qemu_mutex_unlock(&iothread->init_done_lock);
+ qemu_sem_post(&iothread->init_done_sem);
while (iothread->running) {
aio_poll(iothread->ctx, true);
@@ -111,6 +109,7 @@ static void iothread_instance_init(Object *obj)
iothread->poll_max_ns = IOTHREAD_POLL_MAX_NS_DEFAULT;
iothread->thread_id = -1;
+ qemu_sem_init(&iothread->init_done_sem, 0);
}
static void iothread_instance_finalize(Object *obj)
@@ -119,10 +118,6 @@ static void iothread_instance_finalize(Object *obj)
iothread_stop(iothread);
- if (iothread->thread_id != -1) {
- qemu_cond_destroy(&iothread->init_done_cond);
- qemu_mutex_destroy(&iothread->init_done_lock);
- }
/*
* Before glib2 2.33.10, there is a glib2 bug that GSource context
* pointer may not be cleared even if the context has already been
@@ -141,6 +136,7 @@ static void iothread_instance_finalize(Object *obj)
g_main_context_unref(iothread->worker_context);
iothread->worker_context = NULL;
}
+ qemu_sem_destroy(&iothread->init_done_sem);
}
static void iothread_complete(UserCreatable *obj, Error **errp)
@@ -169,8 +165,6 @@ static void iothread_complete(UserCreatable *obj, Error **errp)
return;
}
- qemu_mutex_init(&iothread->init_done_lock);
- qemu_cond_init(&iothread->init_done_cond);
iothread->once = (GOnce) G_ONCE_INIT;
/* This assumes we are called from a thread with useful CPU affinity for us
@@ -184,12 +178,9 @@ static void iothread_complete(UserCreatable *obj, Error **errp)
g_free(name);
/* Wait for initialization to complete */
- qemu_mutex_lock(&iothread->init_done_lock);
while (iothread->thread_id == -1) {
- qemu_cond_wait(&iothread->init_done_cond,
- &iothread->init_done_lock);
+ qemu_sem_wait(&iothread->init_done_sem);
}
- qemu_mutex_unlock(&iothread->init_done_lock);
}
typedef struct {
--
1.8.3.1

334
SOURCES/kvm-linux-headers-synchronize-generic-and-x86-KVM-header.patch Normal file
View File

@ -0,0 +1,334 @@
From 4a8e202ddd9bde207a5a9caaee6e0f06399a3052 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 22 Jul 2019 18:22:13 +0100
Subject: [PATCH 32/39] linux-headers: synchronize generic and x86 KVM headers
with upstream [rhel-only]
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20190722182220.19374-12-pbonzini@redhat.com>
Patchwork-id: 89628
O-Subject: [RHEL-8.1.0 PATCH qemu-kvm v3 11/18] linux-headers: synchronize generic and x86 KVM headers with upstream [rhel-only]
Bugzilla: 1689269
RH-Acked-by: Peter Xu <zhexu@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
From: Liran Alon <liran.alon@oracle.com>
Relevant files copied from upstream QEMU at commit
1d33bea4d013104f01d1c4badc4c670e55c16cca.
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
linux-headers/asm-x86/kvm.h | 76 ++++++++++++++++++++++++++++++++++++--
linux-headers/linux/kvm.h | 89 +++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 158 insertions(+), 7 deletions(-)
diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index dcf4dc9..6e7dd79 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -288,6 +288,7 @@ struct kvm_reinject_control {
#define KVM_VCPUEVENT_VALID_SIPI_VECTOR 0x00000002
#define KVM_VCPUEVENT_VALID_SHADOW 0x00000004
#define KVM_VCPUEVENT_VALID_SMM 0x00000008
+#define KVM_VCPUEVENT_VALID_PAYLOAD 0x00000010
/* Interrupt shadow states */
#define KVM_X86_SHADOW_INT_MOV_SS 0x01
@@ -299,7 +300,7 @@ struct kvm_vcpu_events {
__u8 injected;
__u8 nr;
__u8 has_error_code;
- __u8 pad;
+ __u8 pending;
__u32 error_code;
} exception;
struct {
@@ -322,7 +323,9 @@ struct kvm_vcpu_events {
__u8 smm_inside_nmi;
__u8 latched_init;
} smi;
- __u32 reserved[9];
+ __u8 reserved[27];
+ __u8 exception_has_payload;
+ __u64 exception_payload;
};
/* for KVM_GET/SET_DEBUGREGS */
@@ -354,12 +357,79 @@ struct kvm_xcrs {
__u64 padding[16];
};
-/* definition of registers in kvm_run */
+#define KVM_SYNC_X86_REGS (1UL << 0)
+#define KVM_SYNC_X86_SREGS (1UL << 1)
+#define KVM_SYNC_X86_EVENTS (1UL << 2)
+
+#define KVM_SYNC_X86_VALID_FIELDS \
+ (KVM_SYNC_X86_REGS| \
+ KVM_SYNC_X86_SREGS| \
+ KVM_SYNC_X86_EVENTS)
+
+/* kvm_sync_regs struct included by kvm_run struct */
struct kvm_sync_regs {
+ /* Members of this structure are potentially malicious.
+ * Care must be taken by code reading, esp. interpreting,
+ * data fields from them inside KVM to prevent TOCTOU and
+ * double-fetch types of vulnerabilities.
+ */
+ struct kvm_regs regs;
+ struct kvm_sregs sregs;
+ struct kvm_vcpu_events events;
};
#define KVM_X86_QUIRK_LINT0_REENABLED (1 << 0)
#define KVM_X86_QUIRK_CD_NW_CLEARED (1 << 1)
#define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2)
+#define KVM_X86_QUIRK_OUT_7E_INC_RIP (1 << 3)
+
+#define KVM_STATE_NESTED_FORMAT_VMX 0
+#define KVM_STATE_NESTED_FORMAT_SVM 1
+
+#define KVM_STATE_NESTED_GUEST_MODE 0x00000001
+#define KVM_STATE_NESTED_RUN_PENDING 0x00000002
+#define KVM_STATE_NESTED_EVMCS 0x00000004
+
+#define KVM_STATE_NESTED_VMX_VMCS_SIZE 0x1000
+
+#define KVM_STATE_NESTED_SMM_GUEST_MODE 0x00000001
+#define KVM_STATE_NESTED_SMM_VMXON 0x00000002
+
+struct kvm_vmx_nested_state_data {
+ __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
+ __u8 shadow_vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
+};
+
+struct kvm_vmx_nested_state_hdr {
+ __u64 vmxon_pa;
+ __u64 vmcs12_pa;
+
+ struct {
+ __u16 flags;
+ } smm;
+};
+
+/* for KVM_CAP_NESTED_STATE */
+struct kvm_nested_state {
+ __u16 flags;
+ __u16 format;
+ __u32 size;
+
+ union {
+ struct kvm_vmx_nested_state_hdr vmx;
+
+ /* Pad the header to 128 bytes. */
+ __u8 pad[120];
+ } hdr;
+
+ /*
+ * Define data region as 0 bytes to preserve backwards-compatability
+ * to old definition of kvm_nested_state in order to avoid changing
+ * KVM_{GET,PUT}_NESTED_STATE ioctl values.
+ */
+ union {
+ struct kvm_vmx_nested_state_data vmx[0];
+ } data;
+};
#endif /* _ASM_X86_KVM_H */
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 8be1232..c8423e7 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -396,6 +396,10 @@ struct kvm_run {
char padding[256];
};
+ /* 2048 is the size of the char array used to bound/pad the size
+ * of the union that holds sync regs.
+ */
+ #define SYNC_REGS_SIZE_BYTES 2048
/*
* shared registers between kvm and userspace.
* kvm_valid_regs specifies the register classes set by the host
@@ -407,7 +411,7 @@ struct kvm_run {
__u64 kvm_dirty_regs;
union {
struct kvm_sync_regs regs;
- char padding[2048];
+ char padding[SYNC_REGS_SIZE_BYTES];
} s;
};
@@ -416,13 +420,19 @@ struct kvm_run {
struct kvm_coalesced_mmio_zone {
__u64 addr;
__u32 size;
- __u32 pad;
+ union {
+ __u32 pad;
+ __u32 pio;
+ };
};
struct kvm_coalesced_mmio {
__u64 phys_addr;
__u32 len;
- __u32 pad;
+ union {
+ __u32 pad;
+ __u32 pio;
+ };
__u8 data[8];
};
@@ -482,6 +492,17 @@ struct kvm_dirty_log {
};
};
+/* for KVM_CLEAR_DIRTY_LOG */
+struct kvm_clear_dirty_log {
+ __u32 slot;
+ __u32 num_pages;
+ __u64 first_page;
+ union {
+ void *dirty_bitmap; /* one bit per page */
+ __u64 padding2;
+ };
+};
+
/* for KVM_SET_SIGNAL_MASK */
struct kvm_signal_mask {
__u32 len;
@@ -672,6 +693,13 @@ struct kvm_ioeventfd {
__u8 pad[36];
};
+#define KVM_X86_DISABLE_EXITS_MWAIT (1 << 0)
+#define KVM_X86_DISABLE_EXITS_HLT (1 << 1)
+#define KVM_X86_DISABLE_EXITS_PAUSE (1 << 2)
+#define KVM_X86_DISABLE_VALID_EXITS (KVM_X86_DISABLE_EXITS_MWAIT | \
+ KVM_X86_DISABLE_EXITS_HLT | \
+ KVM_X86_DISABLE_EXITS_PAUSE)
+
/* for KVM_ENABLE_CAP */
struct kvm_enable_cap {
/* in */
@@ -708,6 +736,7 @@ struct kvm_ppc_one_seg_page_size {
#define KVM_PPC_PAGE_SIZES_REAL 0x00000001
#define KVM_PPC_1T_SEGMENTS 0x00000002
+#define KVM_PPC_NO_HASH 0x00000004
struct kvm_ppc_smmu_info {
__u64 flags;
@@ -740,6 +769,15 @@ struct kvm_ppc_resize_hpt {
#define KVM_S390_SIE_PAGE_OFFSET 1
/*
+ * On arm64, machine type can be used to request the physical
+ * address size for the VM. Bits[7-0] are reserved for the guest
+ * PA size shift (i.e, log2(PA_Size)). For backward compatibility,
+ * value 0 implies the default IPA size, 40bits.
+ */
+#define KVM_VM_TYPE_ARM_IPA_SIZE_MASK 0xffULL
+#define KVM_VM_TYPE_ARM_IPA_SIZE(x) \
+ ((x) & KVM_VM_TYPE_ARM_IPA_SIZE_MASK)
+/*
* ioctls for /dev/kvm fds:
*/
#define KVM_GET_API_VERSION _IO(KVMIO, 0x00)
@@ -925,7 +963,7 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_S390_GS 140
#define KVM_CAP_S390_AIS 141
#define KVM_CAP_SPAPR_TCE_VFIO 142
-#define KVM_CAP_X86_GUEST_MWAIT 143
+#define KVM_CAP_X86_DISABLE_EXITS 143
#define KVM_CAP_ARM_USER_IRQ 144
#define KVM_CAP_S390_CMMA_MIGRATION 145
#define KVM_CAP_PPC_FWNMI 146
@@ -936,11 +974,25 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_PPC_GET_CPU_CHAR 151
#define KVM_CAP_S390_BPB 152
#define KVM_CAP_GET_MSR_FEATURES 153
+#define KVM_CAP_HYPERV_EVENTFD 154
+#define KVM_CAP_HYPERV_TLBFLUSH 155
#define KVM_CAP_S390_HPAGE_1M 156
#define KVM_CAP_NESTED_STATE 157
#define KVM_CAP_ARM_INJECT_SERROR_ESR 158
#define KVM_CAP_MSR_PLATFORM_INFO 159
#define KVM_CAP_PPC_NESTED_HV 160
+#define KVM_CAP_HYPERV_SEND_IPI 161
+#define KVM_CAP_COALESCED_PIO 162
+#define KVM_CAP_HYPERV_ENLIGHTENED_VMCS 163
+#define KVM_CAP_EXCEPTION_PAYLOAD 164
+#define KVM_CAP_ARM_VM_IPA_SIZE 165
+#define KVM_CAP_MANUAL_DIRTY_LOG_PROTECT 166 /* Obsolete */
+#define KVM_CAP_HYPERV_CPUID 167
+#define KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 168
+#define KVM_CAP_PPC_IRQ_XIVE 169
+#define KVM_CAP_ARM_SVE 170
+#define KVM_CAP_ARM_PTRAUTH_ADDRESS 171
+#define KVM_CAP_ARM_PTRAUTH_GENERIC 172
#ifdef KVM_CAP_IRQ_ROUTING
@@ -1098,6 +1150,7 @@ struct kvm_dirty_tlb {
#define KVM_REG_SIZE_U256 0x0050000000000000ULL
#define KVM_REG_SIZE_U512 0x0060000000000000ULL
#define KVM_REG_SIZE_U1024 0x0070000000000000ULL
+#define KVM_REG_SIZE_U2048 0x0080000000000000ULL
struct kvm_reg_list {
__u64 n; /* number of regs */
@@ -1164,6 +1217,8 @@ enum kvm_device_type {
#define KVM_DEV_TYPE_ARM_VGIC_V3 KVM_DEV_TYPE_ARM_VGIC_V3
KVM_DEV_TYPE_ARM_VGIC_ITS,
#define KVM_DEV_TYPE_ARM_VGIC_ITS KVM_DEV_TYPE_ARM_VGIC_ITS
+ KVM_DEV_TYPE_XIVE,
+#define KVM_DEV_TYPE_XIVE KVM_DEV_TYPE_XIVE
KVM_DEV_TYPE_MAX,
};
@@ -1380,6 +1435,22 @@ struct kvm_enc_region {
#define KVM_MEMORY_ENCRYPT_REG_REGION _IOR(KVMIO, 0xbb, struct kvm_enc_region)
#define KVM_MEMORY_ENCRYPT_UNREG_REGION _IOR(KVMIO, 0xbc, struct kvm_enc_region)
+/* Available with KVM_CAP_HYPERV_EVENTFD */
+#define KVM_HYPERV_EVENTFD _IOW(KVMIO, 0xbd, struct kvm_hyperv_eventfd)
+
+/* Available with KVM_CAP_NESTED_STATE */
+#define KVM_GET_NESTED_STATE _IOWR(KVMIO, 0xbe, struct kvm_nested_state)
+#define KVM_SET_NESTED_STATE _IOW(KVMIO, 0xbf, struct kvm_nested_state)
+
+/* Available with KVM_CAP_MANUAL_DIRTY_LOG_PROTECT_2 */
+#define KVM_CLEAR_DIRTY_LOG _IOWR(KVMIO, 0xc0, struct kvm_clear_dirty_log)
+
+/* Available with KVM_CAP_HYPERV_CPUID */
+#define KVM_GET_SUPPORTED_HV_CPUID _IOWR(KVMIO, 0xc1, struct kvm_cpuid2)
+
+/* Available with KVM_CAP_ARM_SVE */
+#define KVM_ARM_VCPU_FINALIZE _IOW(KVMIO, 0xc2, int)
+
/* Secure Encrypted Virtualization command */
enum sev_cmd_id {
/* Guest initialization commands */
@@ -1520,4 +1591,14 @@ struct kvm_assigned_msix_entry {
#define KVM_ARM_DEV_EL1_PTIMER (1 << 1)
#define KVM_ARM_DEV_PMU (1 << 2)
+struct kvm_hyperv_eventfd {
+ __u32 conn_id;
+ __s32 fd;
+ __u32 flags;
+ __u32 padding[3];
+};
+
+#define KVM_HYPERV_CONN_ID_MASK 0x00ffffff
+#define KVM_HYPERV_EVENTFD_DEASSIGN (1 << 0)
+
#endif /* __LINUX_KVM_H */
--
1.8.3.1

174
SOURCES/kvm-mmap-alloc-fix-hugetlbfs-misaligned-length-in-ppc64.patch Normal file
View File

@ -0,0 +1,174 @@
From e69f257e657473ba59f48692d387e292a24892bb Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Tue, 20 Aug 2019 16:12:50 +0100
Subject: [PATCH 03/11] mmap-alloc: fix hugetlbfs misaligned length in ppc64
RH-Author: plai@redhat.com
Message-id: <1566317571-5697-4-git-send-email-plai@redhat.com>
Patchwork-id: 90082
O-Subject: [RHEL8.2 qemu-kvm PATCH 3/4] mmap-alloc: fix hugetlbfs misaligned length in ppc64
Bugzilla: 1539282
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Pankaj Gupta <pagupta@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
The commit 7197fb4058bcb68986bae2bb2c04d6370f3e7218 ("util/mmap-alloc:
fix hugetlb support on ppc64") fixed Huge TLB mappings on ppc64.
However, we still need to consider the underlying huge page size
during munmap() because it requires that both address and length be a
multiple of the underlying huge page size for Huge TLB mappings.
Quote from "Huge page (Huge TLB) mappings" paragraph under NOTES
section of the munmap(2) manual:
"For munmap(), addr and length must both be a multiple of the
underlying huge page size."
On ppc64, the munmap() in qemu_ram_munmap() does not work for Huge TLB
mappings because the mapped segment can be aligned with the underlying
huge page size, not aligned with the native system page size, as
returned by getpagesize().
This has the side effect of not releasing huge pages back to the pool
after a hugetlbfs file-backed memory device is hot-unplugged.
This patch fixes the situation in qemu_ram_mmap() and
qemu_ram_munmap() by considering the underlying page size on ppc64.
After this patch, memory hot-unplug releases huge pages back to the
pool.
Fixes: 7197fb4058bcb68986bae2bb2c04d6370f3e7218
Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 53adb9d43e1abba187387a51f238e878e934c647)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
exec.c | 4 ++--
include/qemu/mmap-alloc.h | 2 +-
util/mmap-alloc.c | 22 ++++++++++++++++------
util/oslib-posix.c | 2 +-
4 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/exec.c b/exec.c
index a79eaa3..9112d8b 100644
--- a/exec.c
+++ b/exec.c
@@ -1679,7 +1679,7 @@ static void *file_ram_alloc(RAMBlock *block,
if (mem_prealloc) {
os_mem_prealloc(fd, area, memory, smp_cpus, errp);
if (errp && *errp) {
- qemu_ram_munmap(area, memory);
+ qemu_ram_munmap(fd, area, memory);
return NULL;
}
}
@@ -2200,7 +2200,7 @@ static void reclaim_ramblock(RAMBlock *block)
xen_invalidate_map_cache_entry(block->host);
#ifndef _WIN32
} else if (block->fd >= 0) {
- qemu_ram_munmap(block->host, block->max_length);
+ qemu_ram_munmap(block->fd, block->host, block->max_length);
close(block->fd);
#endif
} else {
diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h
index 190688a..eec98d8 100644
--- a/include/qemu/mmap-alloc.h
+++ b/include/qemu/mmap-alloc.h
@@ -28,6 +28,6 @@ void *qemu_ram_mmap(int fd,
bool shared,
bool is_pmem);
-void qemu_ram_munmap(void *ptr, size_t size);
+void qemu_ram_munmap(int fd, void *ptr, size_t size);
#endif
diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
index b29fcee..bbd9077 100644
--- a/util/mmap-alloc.c
+++ b/util/mmap-alloc.c
@@ -82,6 +82,7 @@ void *qemu_ram_mmap(int fd,
int flags;
int guardfd;
size_t offset;
+ size_t pagesize;
size_t total;
void *guardptr;
void *ptr;
@@ -102,7 +103,8 @@ void *qemu_ram_mmap(int fd,
* anonymous memory is OK.
*/
flags = MAP_PRIVATE;
- if (fd == -1 || qemu_fd_getpagesize(fd) == getpagesize()) {
+ pagesize = qemu_fd_getpagesize(fd);
+ if (fd == -1 || pagesize == getpagesize()) {
guardfd = -1;
flags |= MAP_ANONYMOUS;
} else {
@@ -111,6 +113,7 @@ void *qemu_ram_mmap(int fd,
}
#else
guardfd = -1;
+ pagesize = getpagesize();
flags = MAP_PRIVATE | MAP_ANONYMOUS;
#endif
@@ -122,7 +125,7 @@ void *qemu_ram_mmap(int fd,
assert(is_power_of_2(align));
/* Always align to host page size */
- assert(align >= getpagesize());
+ assert(align >= pagesize);
flags = MAP_FIXED;
flags |= fd == -1 ? MAP_ANONYMOUS : 0;
@@ -145,17 +148,24 @@ void *qemu_ram_mmap(int fd,
* a guard page guarding against potential buffer overflows.
*/
total -= offset;
- if (total > size + getpagesize()) {
- munmap(ptr + size + getpagesize(), total - size - getpagesize());
+ if (total > size + pagesize) {
+ munmap(ptr + size + pagesize, total - size - pagesize);
}
return ptr;
}
-void qemu_ram_munmap(void *ptr, size_t size)
+void qemu_ram_munmap(int fd, void *ptr, size_t size)
{
+ size_t pagesize;
+
if (ptr) {
/* Unmap both the RAM block and the guard page */
- munmap(ptr, size + getpagesize());
+#if defined(__powerpc64__) && defined(__linux__)
+ pagesize = qemu_fd_getpagesize(fd);
+#else
+ pagesize = getpagesize();
+#endif
+ munmap(ptr, size + pagesize);
}
}
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index c36b2bb..7b6db04 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -153,7 +153,7 @@ void qemu_vfree(void *ptr)
void qemu_anon_ram_free(void *ptr, size_t size)
{
trace_qemu_anon_ram_free(ptr, size);
- qemu_ram_munmap(ptr, size);
+ qemu_ram_munmap(-1, ptr, size);
}
void qemu_set_block(int fd)
--
1.8.3.1

139
SOURCES/kvm-mmap-alloc-unfold-qemu_ram_mmap.patch Normal file
View File

@ -0,0 +1,139 @@
From 6b3478bb8b5718d86cb04f41043a8e0cce4df24c Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Tue, 20 Aug 2019 16:12:49 +0100
Subject: [PATCH 02/11] mmap-alloc: unfold qemu_ram_mmap()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: plai@redhat.com
Message-id: <1566317571-5697-3-git-send-email-plai@redhat.com>
Patchwork-id: 90083
O-Subject: [RHEL8.2 qemu-kvm PATCH 2/4] mmap-alloc: unfold qemu_ram_mmap()
Bugzilla: 1539282
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Pankaj Gupta <pagupta@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
Unfold parts of qemu_ram_mmap() for the sake of understanding, moving
declarations to the top, and keeping architecture-specifics in the
ifdef-else blocks. No changes in the function behaviour.
Give ptr and ptr1 meaningful names:
ptr -> guardptr : pointer to the PROT_NONE guard region
ptr1 -> ptr : pointer to the mapped memory returned to caller
Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 2044c3e7116eeac0449dcb4a4130cc8f8b9310da)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
util/mmap-alloc.c | 53 ++++++++++++++++++++++++++++++++++-------------------
1 file changed, 34 insertions(+), 19 deletions(-)
diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
index 55d1890..b29fcee 100644
--- a/util/mmap-alloc.c
+++ b/util/mmap-alloc.c
@@ -79,11 +79,19 @@ void *qemu_ram_mmap(int fd,
bool shared,
bool is_pmem)
{
+ int flags;
+ int guardfd;
+ size_t offset;
+ size_t total;
+ void *guardptr;
+ void *ptr;
+
/*
* Note: this always allocates at least one extra page of virtual address
* space, even if size is already aligned.
*/
- size_t total = size + align;
+ total = size + align;
+
#if defined(__powerpc64__) && defined(__linux__)
/* On ppc64 mappings in the same segment (aka slice) must share the same
* page size. Since we will be re-allocating part of this segment
@@ -93,16 +101,22 @@ void *qemu_ram_mmap(int fd,
* We do this unless we are using the system page size, in which case
* anonymous memory is OK.
*/
- int anonfd = fd == -1 || qemu_fd_getpagesize(fd) == getpagesize() ? -1 : fd;
- int flags = anonfd == -1 ? MAP_ANONYMOUS : MAP_NORESERVE;
- void *ptr = mmap(0, total, PROT_NONE, flags | MAP_PRIVATE, anonfd, 0);
+ flags = MAP_PRIVATE;
+ if (fd == -1 || qemu_fd_getpagesize(fd) == getpagesize()) {
+ guardfd = -1;
+ flags |= MAP_ANONYMOUS;
+ } else {
+ guardfd = fd;
+ flags |= MAP_NORESERVE;
+ }
#else
- void *ptr = mmap(0, total, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+ guardfd = -1;
+ flags = MAP_PRIVATE | MAP_ANONYMOUS;
#endif
- size_t offset;
- void *ptr1;
- if (ptr == MAP_FAILED) {
+ guardptr = mmap(0, total, PROT_NONE, flags, guardfd, 0);
+
+ if (guardptr == MAP_FAILED) {
return MAP_FAILED;
}
@@ -110,19 +124,20 @@ void *qemu_ram_mmap(int fd,
/* Always align to host page size */
assert(align >= getpagesize());
- offset = QEMU_ALIGN_UP((uintptr_t)ptr, align) - (uintptr_t)ptr;
- ptr1 = mmap(ptr + offset, size, PROT_READ | PROT_WRITE,
- MAP_FIXED |
- (fd == -1 ? MAP_ANONYMOUS : 0) |
- (shared ? MAP_SHARED : MAP_PRIVATE),
- fd, 0);
- if (ptr1 == MAP_FAILED) {
- munmap(ptr, total);
+ flags = MAP_FIXED;
+ flags |= fd == -1 ? MAP_ANONYMOUS : 0;
+ flags |= shared ? MAP_SHARED : MAP_PRIVATE;
+ offset = QEMU_ALIGN_UP((uintptr_t)guardptr, align) - (uintptr_t)guardptr;
+
+ ptr = mmap(guardptr + offset, size, PROT_READ | PROT_WRITE, flags, fd, 0);
+
+ if (ptr == MAP_FAILED) {
+ munmap(guardptr, total);
return MAP_FAILED;
}
if (offset > 0) {
- munmap(ptr, offset);
+ munmap(guardptr, offset);
}
/*
@@ -131,10 +146,10 @@ void *qemu_ram_mmap(int fd,
*/
total -= offset;
if (total > size + getpagesize()) {
- munmap(ptr1 + size + getpagesize(), total - size - getpagesize());
+ munmap(ptr + size + getpagesize(), total - size - getpagesize());
}
- return ptr1;
+ return ptr;
}
void qemu_ram_munmap(void *ptr, size_t size)
--
1.8.3.1

119
SOURCES/kvm-nbd-client-Lower-min_block-for-block-status-unaligne.patch Normal file
View File

@ -0,0 +1,119 @@
From 569674a3b855f516a8bec22ca365fc7614639ce6 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:42 +0100
Subject: [PATCH 04/14] nbd/client: Lower min_block for block-status, unaligned
size
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-4-mreitz@redhat.com>
Patchwork-id: 89650
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 3/7] nbd/client: Lower min_block for block-status, unaligned size
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Eric Blake <eblake@redhat.com>
We have a latent bug in our NBD client code, tickled by the brand new
nbdkit 1.11.10 block status support:
$ nbdkit --filter=log --filter=truncate -U - \
data data="1" size=511 truncate=64K logfile=/dev/stdout \
--run 'qemu-img convert $nbd /var/tmp/out'
...
qemu-img: block/io.c:2122: bdrv_co_block_status: Assertion `*pnum && QEMU_IS_ALIGNED(*pnum, align) && align > offset - aligned_offset' failed.
The culprit? Our implementation of .bdrv_co_block_status can return
unaligned block status for any server that operates with a lower
actual alignment than what we tell the block layer in
request_alignment, in violation of the block layer's constraints. To
date, we've been unable to trip the bug, because qemu as NBD server
always advertises block sizing (at which point it is a server bug if
the server sends unaligned status - although qemu 3.1 is such a server
and I've sent separate patches for 4.0 both to get the server to obey
the spec, and to let the client to tolerate server oddities at EOF).
But nbdkit does not (yet) advertise block sizing, and therefore is not
in violation of the spec for returning block status at whatever
boundaries it wants, and those unaligned results can occur anywhere
rather than just at EOF. While we are still wise to avoid sending
sub-sector read/write requests to a server of unknown origin, we MUST
consider that a server telling us block status without an advertised
block size is correct. So, we either have to munge unaligned answers
from the server into aligned ones that we hand back to the block
layer, or we have to tell the block layer about a smaller alignment.
Similarly, if the server advertises an image size that is not
sector-aligned, we might as well assume that the server intends to let
us access those tail bytes, and therefore supports a minimum block
size of 1, regardless of whether the server supports block status
(although we still need more patches to fix the problem that with an
unaligned image, we can send read or block status requests that exceed
EOF to the server). Again, qemu as server cannot trip this problem
(because it rounds images to sector alignment), but nbdkit advertised
unaligned size even before it gained block status support.
Solve both alignment problems at once by using better heuristics on
what alignment to report to the block layer when the server did not
give us something to work with. Note that very few NBD servers
implement block status (to date, only qemu and nbdkit are known to do
so); and as the NBD spec mentioned block sizing constraints prior to
documenting block status, it can be assumed that any future
implementations of block status are aware that they must advertise
block size if they want a minimum size other than 1.
We've had a long history of struggles with picking the right alignment
to use in the block layer, as evidenced by the commit message of
fd8d372d (v2.12) that introduced the current choice of forced 512-byte
alignment.
There is no iotest coverage for this fix, because qemu can't provoke
it, and I didn't want to make test 241 dependent on nbdkit.
Fixes: fd8d372d
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190329042750.14704-3-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 7da537f70d929800ba9c657b8a47a7b827695ccc)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/nbd.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/block/nbd.c b/block/nbd.c
index f29c10f..3d642cd 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -473,7 +473,24 @@ static void nbd_refresh_limits(BlockDriverState *bs, Error **errp)
uint32_t min = s->info.min_block;
uint32_t max = MIN_NON_ZERO(NBD_MAX_BUFFER_SIZE, s->info.max_block);
- bs->bl.request_alignment = min ? min : BDRV_SECTOR_SIZE;
+ /*
+ * If the server did not advertise an alignment:
+ * - a size that is not sector-aligned implies that an alignment
+ * of 1 can be used to access those tail bytes
+ * - advertisement of block status requires an alignment of 1, so
+ * that we don't violate block layer constraints that block
+ * status is always aligned (as we can't control whether the
+ * server will report sub-sector extents, such as a hole at EOF
+ * on an unaligned POSIX file)
+ * - otherwise, assume the server is so old that we are safer avoiding
+ * sub-sector requests
+ */
+ if (!min) {
+ min = (!QEMU_IS_ALIGNED(s->info.size, BDRV_SECTOR_SIZE) ||
+ s->info.base_allocation) ? 1 : BDRV_SECTOR_SIZE;
+ }
+
+ bs->bl.request_alignment = min;
bs->bl.max_pdiscard = max;
bs->bl.max_pwrite_zeroes = max;
bs->bl.max_transfer = max;
--
1.8.3.1

64
SOURCES/kvm-nbd-client-Reject-inaccessible-tail-of-inconsistent-.patch Normal file
View File

@ -0,0 +1,64 @@
From e49b010d5f866b3ee7efbf40398f0a0832ce8801 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:43 +0100
Subject: [PATCH 05/14] nbd/client: Reject inaccessible tail of inconsistent
server
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-5-mreitz@redhat.com>
Patchwork-id: 89649
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 4/7] nbd/client: Reject inaccessible tail of inconsistent server
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Eric Blake <eblake@redhat.com>
The NBD spec suggests that a server should never advertise a size
inconsistent with its minimum block alignment, as that tail is
effectively inaccessible to a compliant client obeying those block
constraints. Since we have a habit of rounding up rather than
truncating, to avoid losing the last few bytes of user input, and we
cannot access the tail when the server advertises bogus block sizing,
abort the connection to alert the server to fix their bug. And
rejecting such servers matches what we already did for a min_block
that was not a power of 2 or which was larger than max_block.
Does not impact either qemu (which always sends properly aligned
sizes) or nbdkit (which does not send minimum block requirements yet);
so this is mostly aimed at new NBD server implementations, and ensures
that the rest of our code can assume the size is aligned.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190330155704.24191-1-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
(cherry picked from commit 3add3ab78247fd347fd6f377a4b951022ac35d35)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
nbd/client.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/nbd/client.c b/nbd/client.c
index 25603f2..c828faf 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -416,6 +416,14 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
nbd_send_opt_abort(ioc);
return -1;
}
+ if (info->min_block &&
+ !QEMU_IS_ALIGNED(info->size, info->min_block)) {
+ error_setg(errp, "export size %" PRIu64 "is not multiple of "
+ "minimum block size %" PRIu32, info->size,
+ info->min_block);
+ nbd_send_opt_abort(ioc);
+ return -1;
+ }
be16_to_cpus(&info->flags);
trace_nbd_receive_negotiate_size_flags(info->size, info->flags);
break;
--
1.8.3.1

132
SOURCES/kvm-nbd-client-Support-qemu-img-convert-from-unaligned-s.patch Normal file
View File

@ -0,0 +1,132 @@
From 25bfe4a95b02b6fefafdfa1651c50a4d0c5bc87b Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:44 +0100
Subject: [PATCH 06/14] nbd/client: Support qemu-img convert from unaligned
size
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-6-mreitz@redhat.com>
Patchwork-id: 89651
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 5/7] nbd/client: Support qemu-img convert from unaligned size
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Eric Blake <eblake@redhat.com>
If an NBD server advertises a size that is not a multiple of a sector,
the block layer rounds up that size, even though we set info.size to
the exact byte value sent by the server. The block layer then proceeds
to let us read or query block status on the hole that it added past
EOF, which the NBD server is unlikely to be happy with. Fortunately,
qemu as a server never advertizes an unaligned size, so we generally
don't run into this problem; but the nbdkit server makes it easy to
test:
$ printf %1000d 1 > f1
$ ~/nbdkit/nbdkit -fv file f1 & pid=$!
$ qemu-img convert -f raw nbd://localhost:10809 f2
$ kill $pid
$ qemu-img compare f1 f2
Pre-patch, the server attempts a 1024-byte read, which nbdkit
rightfully rejects as going beyond its advertised 1000 byte size; the
conversion fails and the output files differ (not even the first
sector is copied, because qemu-img does not follow ddrescue's habit of
trying smaller reads to get as much information as possible in spite
of errors). Post-patch, the client's attempts to read (and query block
status, for new enough nbdkit) are properly truncated to the server's
length, with sane handling of the hole the block layer forced on
us. Although f2 ends up as a larger file (1024 bytes instead of 1000),
qemu-img compare shows the two images to have identical contents for
display to the guest.
I didn't add iotests coverage since I didn't want to add a dependency
on nbdkit in iotests. I also did NOT patch write, trim, or write
zeroes - these commands continue to fail (usually with ENOSPC, but
whatever the server chose), because we really can't write to the end
of the file, and because 'qemu-img convert' is the most common case
where we care about being tolerant (which is read-only). Perhaps we
could truncate the request if the client is writing zeros to the tail,
but that seems like more work, especially if the block layer is fixed
in 4.1 to track byte-accurate sizing (in which case this patch would
be reverted as unnecessary).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190329042750.14704-5-eblake@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9cf638508c0090b33ada4155c7cbb684e08e5ee9)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/nbd-client.c | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/block/nbd-client.c b/block/nbd-client.c
index 80d3625..6b33fe3 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -790,6 +790,25 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t offset,
if (!bytes) {
return 0;
}
+ /*
+ * Work around the fact that the block layer doesn't do
+ * byte-accurate sizing yet - if the read exceeds the server's
+ * advertised size because the block layer rounded size up, then
+ * truncate the request to the server and tail-pad with zero.
+ */
+ if (offset >= client->info.size) {
+ assert(bytes < BDRV_SECTOR_SIZE);
+ qemu_iovec_memset(qiov, 0, 0, bytes);
+ return 0;
+ }
+ if (offset + bytes > client->info.size) {
+ uint64_t slop = offset + bytes - client->info.size;
+
+ assert(slop < BDRV_SECTOR_SIZE);
+ qemu_iovec_memset(qiov, bytes - slop, 0, slop);
+ request.len -= slop;
+ }
+
ret = nbd_co_send_request(bs, &request, NULL);
if (ret < 0) {
return ret;
@@ -904,7 +923,8 @@ int coroutine_fn nbd_client_co_block_status(BlockDriverState *bs,
.from = offset,
.len = MIN(MIN_NON_ZERO(QEMU_ALIGN_DOWN(INT_MAX,
bs->bl.request_alignment),
- client->info.max_block), bytes),
+ client->info.max_block),
+ MIN(bytes, client->info.size - offset)),
.flags = NBD_CMD_FLAG_REQ_ONE,
};
@@ -913,6 +933,23 @@ int coroutine_fn nbd_client_co_block_status(BlockDriverState *bs,
return BDRV_BLOCK_DATA;
}
+ /*
+ * Work around the fact that the block layer doesn't do
+ * byte-accurate sizing yet - if the status request exceeds the
+ * server's advertised size because the block layer rounded size
+ * up, we truncated the request to the server (above), or are
+ * called on just the hole.
+ */
+ if (offset >= client->info.size) {
+ *pnum = bytes;
+ assert(bytes < BDRV_SECTOR_SIZE);
+ /* Intentionally don't report offset_valid for the hole */
+ return BDRV_BLOCK_ZERO;
+ }
+
+ if (client->info.min_block) {
+ assert(QEMU_IS_ALIGNED(request.len, client->info.min_block));
+ }
ret = nbd_co_send_request(bs, &request, NULL);
if (ret < 0) {
return ret;
--
1.8.3.1

120
SOURCES/kvm-nbd-server-Advertise-actual-minimum-block-size.patch Normal file
View File

@ -0,0 +1,120 @@
From 1832a90928232cb91a8542613b754079fd1f0f0e Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Tue, 23 Jul 2019 14:45:46 +0100
Subject: [PATCH 08/14] nbd/server: Advertise actual minimum block size
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20190723144546.23701-8-mreitz@redhat.com>
Patchwork-id: 89652
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 7/7] nbd/server: Advertise actual minimum block size
Bugzilla: 1678979
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Eric Blake <eblake@redhat.com>
Both NBD_CMD_BLOCK_STATUS and structured NBD_CMD_READ will split their
reply according to bdrv_block_status() boundaries. If the block device
has a request_alignment smaller than 512, but we advertise a block
alignment of 512 to the client, then this can result in the server
reply violating client expectations by reporting a smaller region of
the export than what the client is permitted to address (although this
is less of an issue for qemu 4.0 clients, given recent client patches
to overlook our non-compliance at EOF). Since it's always better to
be strict in what we send, it is worth advertising the actual minimum
block limit rather than blindly rounding it up to 512.
Note that this patch is not foolproof - it is still possible to
provoke non-compliant server behavior using:
$ qemu-nbd --image-opts driver=blkdebug,align=512,image.driver=file,image.filename=/path/to/non-aligned-file
That is arguably a bug in the blkdebug driver (it should never pass
back block status smaller than its alignment, even if it has to make
multiple bdrv_get_status calls and determine the
least-common-denominator status among the group to return). It may
also be possible to observe issues with a backing layer with smaller
alignment than the active layer, although so far I have been unable to
write a reliable iotest for that scenario (but again, an issue like
that could be argued to be a bug in the block layer, or something
where we need a flag to bdrv_block_status() to state whether the
result must be aligned to the current layer's limits or can be
subdivided for accuracy when chasing backing files).
Anyways, as blkdebug is not normally used, and as this patch makes our
server more interoperable with qemu 3.1 clients, it is worth applying
now, even while we still work on a larger patch series for the 4.1
timeframe to have byte-accurate file lengths.
Note that the iotests output changes - for 223 and 233, we can see the
server's better granularity advertisement; and for 241, the three test
cases have the following effects:
- natural alignment: the server's smaller alignment is now advertised,
and the hole reported at EOF is now the right result; we've gotten rid
of the server's non-compliance
- forced server alignment: the server still advertises 512 bytes, but
still sends a mid-sector hole. This is still a server compliance bug,
which needs to be fixed in the block layer in a later patch; output
does not change because the client is already being tolerant of the
non-compliance
- forced client alignment: the server's smaller alignment means that
the client now sees the server's status change mid-sector without any
protocol violations, but the fact that the map shows an unaligned
mid-sector hole is evidence of the block layer problems with aligned
block status, to be fixed in a later patch
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190329042750.14704-7-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
[eblake: rebase to enhanced iotest 241 coverage]
(cherry picked from commit b0245d6478ea5906e3d7a542244d5c015fd47bc7)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
- tests/qemu-iotests/223.out: We are missing
ddd09448fd833d646952c769ae9ce3d39bee989f downstream, which adds
qemu-nbd --list tests to 223. (qemu-nbd --list does not exist
downstream.)
- tests/qemu-iotests/233.out: Does not exist downstream.
- tests/qemu-iotests/241.out: Does not exist downstream, because it
would require qemu-nbd --list.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
nbd/server.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/nbd/server.c b/nbd/server.c
index e094300..96b6631 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -608,13 +608,16 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint16_t myflags,
/* Send NBD_INFO_BLOCK_SIZE always, but tweak the minimum size
* according to whether the client requested it, and according to
* whether this is OPT_INFO or OPT_GO. */
- /* minimum - 1 for back-compat, or 512 if client is new enough.
- * TODO: consult blk_bs(blk)->bl.request_alignment? */
- sizes[0] =
- (client->opt == NBD_OPT_INFO || blocksize) ? BDRV_SECTOR_SIZE : 1;
+ /* minimum - 1 for back-compat, or actual if client will obey it. */
+ if (client->opt == NBD_OPT_INFO || blocksize) {
+ sizes[0] = blk_get_request_alignment(exp->blk);
+ } else {
+ sizes[0] = 1;
+ }
+ assert(sizes[0] <= NBD_MAX_BUFFER_SIZE);
/* preferred - Hard-code to 4096 for now.
* TODO: is blk_bs(blk)->bl.opt_transfer appropriate? */
- sizes[1] = 4096;
+ sizes[1] = MAX(4096, sizes[0]);
/* maximum - At most 32M, but smaller as appropriate. */
sizes[2] = MIN(blk_get_max_transfer(exp->blk), NBD_MAX_BUFFER_SIZE);
trace_nbd_negotiate_handle_info_block_size(sizes[0], sizes[1], sizes[2]);
--
1.8.3.1

398
SOURCES/kvm-opts-don-t-silently-truncate-long-option-values.patch Normal file
View File

@ -0,0 +1,398 @@
From 6abc65aaa666bf41070fa772293982cb0d1ae835 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Sep 2019 13:05:00 +0100
Subject: [PATCH 03/22] opts: don't silently truncate long option values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20190912130503.14094-4-lersek@redhat.com>
Patchwork-id: 90436
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 3/6] opts: don't silently truncate long option values
Bugzilla: 1749022
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
The existing QemuOpts parsing code uses a fixed size 1024 byte buffer
for storing the option values. If a value exceeded this size it was
silently truncated and no error reported to the user. Long option values
is not a common scenario, but it is conceivable that they will happen.
eg if the user has a very deeply nested filesystem it would be possible
to come up with a disk path that was > 1024 bytes. Most of the time if
such data was silently truncated, the user would get an error about
opening a non-existant disk. If they're unlucky though, QEMU might use a
completely different disk image from another VM, which could be
considered a security issue. Another example program was in using the
-smbios command line arg with very large data blobs. In this case the
silent truncation will be providing semantically incorrect data to the
guest OS for SMBIOS tables.
If the operating system didn't limit the user's argv when spawning QEMU,
the code should honour whatever length arguments were given without
imposing its own length restrictions. This patch thus changes the code
to use a heap allocated buffer for storing the values during parsing,
lifting the arbitrary length restriction.
RHEL8 notes:
- Fix up upstream's obviously garbled UTF8 sequences in Dan's name (Author
meta-datum, Signed-off-by tags).
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180416111743.8473-4-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/multiboot.c | 33 +++++++++------
include/qemu/option.h | 2 +-
util/qemu-option.c | 111 +++++++++++++++++++++++++++-----------------------
3 files changed, 81 insertions(+), 65 deletions(-)
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 5bc0a2c..7a2953e 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -291,12 +291,16 @@ int load_multiboot(FWCfgState *fw_cfg,
cmdline_len = strlen(kernel_filename) + 1;
cmdline_len += strlen(kernel_cmdline) + 1;
if (initrd_filename) {
- const char *r = initrd_filename;
+ const char *r = get_opt_value(initrd_filename, NULL);
cmdline_len += strlen(r) + 1;
mbs.mb_mods_avail = 1;
- while (*(r = get_opt_value(NULL, 0, r))) {
- mbs.mb_mods_avail++;
- r++;
+ while (1) {
+ mbs.mb_mods_avail++;
+ r = get_opt_value(r, NULL);
+ if (!*r) {
+ break;
+ }
+ r++;
}
}
@@ -313,7 +317,8 @@ int load_multiboot(FWCfgState *fw_cfg,
if (initrd_filename) {
const char *next_initrd;
- char not_last, tmpbuf[strlen(initrd_filename) + 1];
+ char not_last;
+ char *one_file = NULL;
mbs.offset_mods = mbs.mb_buf_size;
@@ -322,24 +327,26 @@ int load_multiboot(FWCfgState *fw_cfg,
int mb_mod_length;
uint32_t offs = mbs.mb_buf_size;
- next_initrd = get_opt_value(tmpbuf, sizeof(tmpbuf), initrd_filename);
+ next_initrd = get_opt_value(initrd_filename, &one_file);
not_last = *next_initrd;
/* if a space comes after the module filename, treat everything
after that as parameters */
- hwaddr c = mb_add_cmdline(&mbs, tmpbuf);
- if ((next_space = strchr(tmpbuf, ' ')))
+ hwaddr c = mb_add_cmdline(&mbs, one_file);
+ next_space = strchr(one_file, ' ');
+ if (next_space) {
*next_space = '\0';
- mb_debug("multiboot loading module: %s", tmpbuf);
- mb_mod_length = get_image_size(tmpbuf);
+ }
+ mb_debug("multiboot loading module: %s", one_file);
+ mb_mod_length = get_image_size(one_file);
if (mb_mod_length < 0) {
- error_report("Failed to open file '%s'", tmpbuf);
+ error_report("Failed to open file '%s'", one_file);
exit(1);
}
mbs.mb_buf_size = TARGET_PAGE_ALIGN(mb_mod_length + mbs.mb_buf_size);
mbs.mb_buf = g_realloc(mbs.mb_buf, mbs.mb_buf_size);
- load_image(tmpbuf, (unsigned char *)mbs.mb_buf + offs);
+ load_image(one_file, (unsigned char *)mbs.mb_buf + offs);
mb_add_mod(&mbs, mbs.mb_buf_phys + offs,
mbs.mb_buf_phys + offs + mb_mod_length, c);
@@ -347,6 +354,8 @@ int load_multiboot(FWCfgState *fw_cfg,
(char *)mbs.mb_buf + offs,
(char *)mbs.mb_buf + offs + mb_mod_length, c);
initrd_filename = next_initrd+1;
+ g_free(one_file);
+ one_file = NULL;
} while (not_last);
}
diff --git a/include/qemu/option.h b/include/qemu/option.h
index 1cfe5cb..3dfb449 100644
--- a/include/qemu/option.h
+++ b/include/qemu/option.h
@@ -28,7 +28,7 @@
#include "qemu/queue.h"
-const char *get_opt_value(char *buf, int buf_size, const char *p);
+const char *get_opt_value(const char *p, char **value);
void parse_option_size(const char *name, const char *value,
uint64_t *ret, Error **errp);
diff --git a/util/qemu-option.c b/util/qemu-option.c
index b99568f..ba44a08 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -70,25 +70,37 @@ static const char *get_opt_name(const char *p, char **option, char delim)
* delimiter is fixed to be comma which starts a new option. To specify an
* option value that contains commas, double each comma.
*/
-const char *get_opt_value(char *buf, int buf_size, const char *p)
+const char *get_opt_value(const char *p, char **value)
{
- char *q;
+ size_t capacity = 0, length;
+ const char *offset;
+
+ *value = NULL;
+ while (1) {
+ offset = strchr(p, ',');
+ if (!offset) {
+ offset = p + strlen(p);
+ }
- q = buf;
- while (*p != '\0') {
- if (*p == ',') {
- if (*(p + 1) != ',')
- break;
- p++;
+ length = offset - p;
+ if (*offset != '\0' && *(offset + 1) == ',') {
+ length++;
+ }
+ if (value) {
+ *value = g_renew(char, *value, capacity + length + 1);
+ strncpy(*value + capacity, p, length);
+ (*value)[capacity + length] = '\0';
+ }
+ capacity += length;
+ if (*offset == '\0' ||
+ *(offset + 1) != ',') {
+ break;
}
- if (q && (q - buf) < buf_size - 1)
- *q++ = *p;
- p++;
+
+ p += (offset - p) + 2;
}
- if (q)
- *q = '\0';
- return p;
+ return offset;
}
static void parse_option_bool(const char *name, const char *value, bool *ret,
@@ -162,50 +174,43 @@ void parse_option_size(const char *name, const char *value,
bool has_help_option(const char *param)
{
- size_t buflen = strlen(param) + 1;
- char *buf = g_malloc(buflen);
const char *p = param;
bool result = false;
- while (*p) {
- p = get_opt_value(buf, buflen, p);
+ while (*p && !result) {
+ char *value;
+
+ p = get_opt_value(p, &value);
if (*p) {
p++;
}
- if (is_help_option(buf)) {
- result = true;
- goto out;
- }
+ result = is_help_option(value);
+ g_free(value);
}
-out:
- g_free(buf);
return result;
}
-bool is_valid_option_list(const char *param)
+bool is_valid_option_list(const char *p)
{
- size_t buflen = strlen(param) + 1;
- char *buf = g_malloc(buflen);
- const char *p = param;
- bool result = true;
+ char *value = NULL;
+ bool result = false;
while (*p) {
- p = get_opt_value(buf, buflen, p);
- if (*p && !*++p) {
- result = false;
+ p = get_opt_value(p, &value);
+ if ((*p && !*++p) ||
+ (!*value || *value == ',')) {
goto out;
}
- if (!*buf || *buf == ',') {
- result = false;
- goto out;
- }
+ g_free(value);
+ value = NULL;
}
+ result = true;
out:
- g_free(buf);
+ g_free(value);
return result;
}
@@ -486,7 +491,7 @@ int qemu_opt_unset(QemuOpts *opts, const char *name)
}
}
-static void opt_set(QemuOpts *opts, const char *name, const char *value,
+static void opt_set(QemuOpts *opts, const char *name, char *value,
bool prepend, Error **errp)
{
QemuOpt *opt;
@@ -495,6 +500,7 @@ static void opt_set(QemuOpts *opts, const char *name, const char *value,
desc = find_desc_by_name(opts->list->desc, name);
if (!desc && !opts_accepts_any(opts)) {
+ g_free(value);
error_setg(errp, QERR_INVALID_PARAMETER, name);
return;
}
@@ -508,8 +514,7 @@ static void opt_set(QemuOpts *opts, const char *name, const char *value,
QTAILQ_INSERT_TAIL(&opts->head, opt, next);
}
opt->desc = desc;
- opt->str = g_strdup(value);
- assert(opt->str);
+ opt->str = value;
qemu_opt_parse(opt, &local_err);
if (local_err) {
error_propagate(errp, local_err);
@@ -520,7 +525,7 @@ static void opt_set(QemuOpts *opts, const char *name, const char *value,
void qemu_opt_set(QemuOpts *opts, const char *name, const char *value,
Error **errp)
{
- opt_set(opts, name, value, false, errp);
+ opt_set(opts, name, g_strdup(value), false, errp);
}
void qemu_opt_set_bool(QemuOpts *opts, const char *name, bool val,
@@ -754,7 +759,7 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
const char *firstname, bool prepend, Error **errp)
{
char *option = NULL;
- char value[1024];
+ char *value = NULL;
const char *p,*pe,*pc;
Error *local_err = NULL;
@@ -766,15 +771,15 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
if (p == params && firstname) {
/* implicitly named first option */
option = g_strdup(firstname);
- p = get_opt_value(value, sizeof(value), p);
+ p = get_opt_value(p, &value);
} else {
/* option without value, probably a flag */
p = get_opt_name(p, &option, ',');
if (strncmp(option, "no", 2) == 0) {
memmove(option, option+2, strlen(option+2)+1);
- pstrcpy(value, sizeof(value), "off");
+ value = g_strdup("off");
} else {
- pstrcpy(value, sizeof(value), "on");
+ value = g_strdup("on");
}
}
} else {
@@ -782,11 +787,12 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
p = get_opt_name(p, &option, '=');
assert(*p == '=');
p++;
- p = get_opt_value(value, sizeof(value), p);
+ p = get_opt_value(p, &value);
}
if (strcmp(option, "id") != 0) {
/* store and parse */
opt_set(opts, option, value, prepend, &local_err);
+ value = NULL;
if (local_err) {
error_propagate(errp, local_err);
goto cleanup;
@@ -796,11 +802,13 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
break;
}
g_free(option);
- option = NULL;
+ g_free(value);
+ option = value = NULL;
}
cleanup:
g_free(option);
+ g_free(value);
}
/**
@@ -819,7 +827,7 @@ static QemuOpts *opts_parse(QemuOptsList *list, const char *params,
bool permit_abbrev, bool defaults, Error **errp)
{
const char *firstname;
- char value[1024], *id = NULL;
+ char *id = NULL;
const char *p;
QemuOpts *opts;
Error *local_err = NULL;
@@ -828,11 +836,9 @@ static QemuOpts *opts_parse(QemuOptsList *list, const char *params,
firstname = permit_abbrev ? list->implied_opt_name : NULL;
if (strncmp(params, "id=", 3) == 0) {
- get_opt_value(value, sizeof(value), params+3);
- id = value;
+ get_opt_value(params + 3, &id);
} else if ((p = strstr(params, ",id=")) != NULL) {
- get_opt_value(value, sizeof(value), p+4);
- id = value;
+ get_opt_value(p + 4, &id);
}
/*
@@ -844,6 +850,7 @@ static QemuOpts *opts_parse(QemuOptsList *list, const char *params,
*/
assert(!defaults || list->merge_lists);
opts = qemu_opts_create(list, id, !defaults, &local_err);
+ g_free(id);
if (opts == NULL) {
error_propagate(errp, local_err);
return NULL;
--
1.8.3.1

198
SOURCES/kvm-opts-don-t-silently-truncate-long-parameter-keys.patch Normal file
View File

@ -0,0 +1,198 @@
From 5fe3c58c3a57a04254b3083b070fdf99fba82c93 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Sep 2019 13:04:59 +0100
Subject: [PATCH 02/22] opts: don't silently truncate long parameter keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20190912130503.14094-3-lersek@redhat.com>
Patchwork-id: 90435
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 2/6] opts: don't silently truncate long parameter keys
Bugzilla: 1749022
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
The existing QemuOpts parsing code uses a fixed size 128 byte buffer
for storing the parameter keys. If a key exceeded this size it was
silently truncate and no error reported to the user. This behaviour was
reasonable & harmless because traditionally the key names are all
statically declared, and it was known that no code was declaring a key
longer than 127 bytes. This assumption, however, ceased to be valid once
the block layer added support for dot-separate compound keys. This
syntax allows for keys that can be arbitrarily long, limited only by the
number of block drivers you can stack up. With this usage, silently
truncating the key name can never lead to correct behaviour.
Hopefully such truncation would turn into an error, when the block code
then tried to extract options later, but there's no guarantee that will
happen. It is conceivable that an option specified by the user may be
truncated and then ignored. This could have serious consequences,
possibly even leading to security problems if the ignored option set a
security relevant parameter.
If the operating system didn't limit the user's argv when spawning QEMU,
the code should honour whatever length arguments were given without
imposing its own length restrictions. This patch thus changes the code
to use a heap allocated buffer for storing the keys during parsing,
lifting the arbitrary length restriction.
RHEL8 notes:
- Fix up upstream's obviously garbled UTF8 sequences in Dan's name (Author
meta-datum, Signed-off-by tags).
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180416111743.8473-3-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit e652714f98f22e8882e88e3d563b025c5b00feec)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/test-qemu-opts.c | 18 ------------------
util/qemu-option.c | 44 ++++++++++++++++++++++----------------------
2 files changed, 22 insertions(+), 40 deletions(-)
diff --git a/tests/test-qemu-opts.c b/tests/test-qemu-opts.c
index 77dd72b..7092e21 100644
--- a/tests/test-qemu-opts.c
+++ b/tests/test-qemu-opts.c
@@ -459,8 +459,6 @@ static void test_opts_parse(void)
{
Error *err = NULL;
QemuOpts *opts;
- char long_key[129];
- char *params;
/* Nothing */
opts = qemu_opts_parse(&opts_list_03, "", false, &error_abort);
@@ -471,22 +469,6 @@ static void test_opts_parse(void)
g_assert_cmpuint(opts_count(opts), ==, 1);
g_assert_cmpstr(qemu_opt_get(opts, ""), ==, "val");
- /* Long key */
- memset(long_key, 'a', 127);
- long_key[127] = 'z';
- long_key[128] = 0;
- params = g_strdup_printf("%s=v", long_key);
- opts = qemu_opts_parse(&opts_list_03, params + 1, NULL, &error_abort);
- g_assert_cmpuint(opts_count(opts), ==, 1);
- g_assert_cmpstr(qemu_opt_get(opts, long_key + 1), ==, "v");
-
- /* Overlong key gets truncated */
- opts = qemu_opts_parse(&opts_list_03, params, NULL, &error_abort);
- g_assert(opts_count(opts) == 1);
- long_key[127] = 0;
- g_assert_cmpstr(qemu_opt_get(opts, long_key), ==, "v");
- g_free(params);
-
/* Multiple keys, last one wins */
opts = qemu_opts_parse(&opts_list_03, "a=1,b=2,,x,a=3",
false, &error_abort);
diff --git a/util/qemu-option.c b/util/qemu-option.c
index a8db173..b99568f 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -43,27 +43,23 @@
* first byte of the option name)
*
* The option name is delimited by delim (usually , or =) or the string end
- * and is copied into buf. If the option name is longer than buf_size, it is
- * truncated. buf is always zero terminated.
+ * and is copied into option. The caller is responsible for free'ing option
+ * when no longer required.
*
* The return value is the position of the delimiter/zero byte after the option
* name in p.
*/
-static const char *get_opt_name(char *buf, int buf_size, const char *p,
- char delim)
+static const char *get_opt_name(const char *p, char **option, char delim)
{
- char *q;
+ char *offset = strchr(p, delim);
- q = buf;
- while (*p != '\0' && *p != delim) {
- if (q && (q - buf) < buf_size - 1)
- *q++ = *p;
- p++;
+ if (offset) {
+ *option = g_strndup(p, offset - p);
+ return offset;
+ } else {
+ *option = g_strdup(p);
+ return p + strlen(p);
}
- if (q)
- *q = '\0';
-
- return p;
}
/*
@@ -757,7 +753,8 @@ void qemu_opts_print(QemuOpts *opts, const char *separator)
static void opts_do_parse(QemuOpts *opts, const char *params,
const char *firstname, bool prepend, Error **errp)
{
- char option[128], value[1024];
+ char *option = NULL;
+ char value[1024];
const char *p,*pe,*pc;
Error *local_err = NULL;
@@ -768,11 +765,11 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
/* found "foo,more" */
if (p == params && firstname) {
/* implicitly named first option */
- pstrcpy(option, sizeof(option), firstname);
+ option = g_strdup(firstname);
p = get_opt_value(value, sizeof(value), p);
} else {
/* option without value, probably a flag */
- p = get_opt_name(option, sizeof(option), p, ',');
+ p = get_opt_name(p, &option, ',');
if (strncmp(option, "no", 2) == 0) {
memmove(option, option+2, strlen(option+2)+1);
pstrcpy(value, sizeof(value), "off");
@@ -782,10 +779,8 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
}
} else {
/* found "foo=bar,more" */
- p = get_opt_name(option, sizeof(option), p, '=');
- if (*p != '=') {
- break;
- }
+ p = get_opt_name(p, &option, '=');
+ assert(*p == '=');
p++;
p = get_opt_value(value, sizeof(value), p);
}
@@ -794,13 +789,18 @@ static void opts_do_parse(QemuOpts *opts, const char *params,
opt_set(opts, option, value, prepend, &local_err);
if (local_err) {
error_propagate(errp, local_err);
- return;
+ goto cleanup;
}
}
if (*p != ',') {
break;
}
+ g_free(option);
+ option = NULL;
}
+
+ cleanup:
+ g_free(option);
}
/**
--
1.8.3.1

74
SOURCES/kvm-opts-remove-redundant-check-for-NULL-parameter.patch Normal file
View File

@ -0,0 +1,74 @@
From 1906ff6940bb9f84f0f6a66980354e66b5124558 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Sep 2019 13:05:03 +0100
Subject: [PATCH 06/22] opts: remove redundant check for NULL parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20190912130503.14094-7-lersek@redhat.com>
Patchwork-id: 90432
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 6/6] opts: remove redundant check for NULL parameter
Bugzilla: 1749022
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
No callers of get_opt_value() pass in a NULL for the "value" parameter,
so the check is redundant.
RHEL8 notes:
- Context difference in "util/qemu-option.c", function get_opt_value();
upstream has commit 5c99fa375da1 ("cutils: Provide strchrnul",
2018-06-29), part of v3.0.0, but downstream lacks it. Harmless, because
said upstream commit only refactors get_opt_value().
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180514171913.17664-4-berrange@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0c2f6e7ee99517449b4ed6cf333c2d9456d8fe35)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
util/qemu-option.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/util/qemu-option.c b/util/qemu-option.c
index a396d60..940f7a3 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -75,9 +75,7 @@ const char *get_opt_value(const char *p, char **value)
size_t capacity = 0, length;
const char *offset;
- if (value) {
- *value = NULL;
- }
+ *value = NULL;
while (1) {
offset = strchr(p, ',');
if (!offset) {
@@ -88,11 +86,9 @@ const char *get_opt_value(const char *p, char **value)
if (*offset != '\0' && *(offset + 1) == ',') {
length++;
}
- if (value) {
- *value = g_renew(char, *value, capacity + length + 1);
- strncpy(*value + capacity, p, length);
- (*value)[capacity + length] = '\0';
- }
+ *value = g_renew(char, *value, capacity + length + 1);
+ strncpy(*value + capacity, p, length);
+ (*value)[capacity + length] = '\0';
capacity += length;
if (*offset == '\0' ||
*(offset + 1) != ',') {
--
1.8.3.1

122
SOURCES/kvm-pc-bios-s390-ccw-define-loadparm-length.patch Normal file
View File

@ -0,0 +1,122 @@
From ad3b92699ba5e2280950fa9866f79673cecdb695 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:29 +0100
Subject: [PATCH 04/21] pc-bios/s390-ccw: define loadparm length
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-2-thuth@redhat.com>
Patchwork-id: 91780
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 01/17] pc-bios/s390-ccw: define loadparm length
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Loadparm is defined by the s390 architecture to be 8 bytes
in length. Let's define this size in the s390-ccw bios.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a0e11b617b9ef41cefe8739dff4d6a7b01ca967f)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/iplb.h | 4 +++-
pc-bios/s390-ccw/main.c | 8 ++++----
pc-bios/s390-ccw/sclp.c | 2 +-
pc-bios/s390-ccw/sclp.h | 2 +-
4 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h
index ded20c8..772d5c5 100644
--- a/pc-bios/s390-ccw/iplb.h
+++ b/pc-bios/s390-ccw/iplb.h
@@ -12,6 +12,8 @@
#ifndef IPLB_H
#define IPLB_H
+#define LOADPARM_LEN 8
+
struct IplBlockCcw {
uint8_t reserved0[85];
uint8_t ssid;
@@ -61,7 +63,7 @@ struct IplParameterBlock {
uint8_t pbt;
uint8_t flags;
uint16_t reserved01;
- uint8_t loadparm[8];
+ uint8_t loadparm[LOADPARM_LEN];
union {
IplBlockCcw ccw;
IplBlockFcp fcp;
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 26f9adf..544851d 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -15,7 +15,7 @@
char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
static SubChannelId blk_schid = { .one = 1 };
IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
-static char loadparm_str[9] = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+static char loadparm_str[LOADPARM_LEN + 1] = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
QemuIplParameters qipl;
#define LOADPARM_PROMPT "PROMPT "
@@ -80,13 +80,13 @@ static bool find_dev(Schib *schib, int dev_no)
static void menu_setup(void)
{
- if (memcmp(loadparm_str, LOADPARM_PROMPT, 8) == 0) {
+ if (memcmp(loadparm_str, LOADPARM_PROMPT, LOADPARM_LEN) == 0) {
menu_set_parms(QIPL_FLAG_BM_OPTS_CMD, 0);
return;
}
/* If loadparm was set to any other value, then do not enable menu */
- if (memcmp(loadparm_str, LOADPARM_EMPTY, 8) != 0) {
+ if (memcmp(loadparm_str, LOADPARM_EMPTY, LOADPARM_LEN) != 0) {
return;
}
@@ -117,7 +117,7 @@ static void virtio_setup(void)
enable_mss_facility();
sclp_get_loadparm_ascii(loadparm_str);
- memcpy(ldp + 10, loadparm_str, 8);
+ memcpy(ldp + 10, loadparm_str, LOADPARM_LEN);
sclp_print(ldp);
memcpy(&qipl, early_qipl, sizeof(QemuIplParameters));
diff --git a/pc-bios/s390-ccw/sclp.c b/pc-bios/s390-ccw/sclp.c
index 3836cb4..c0223fa 100644
--- a/pc-bios/s390-ccw/sclp.c
+++ b/pc-bios/s390-ccw/sclp.c
@@ -114,7 +114,7 @@ void sclp_get_loadparm_ascii(char *loadparm)
memset((char *)_sccb, 0, sizeof(ReadInfo));
sccb->h.length = sizeof(ReadInfo);
if (!sclp_service_call(SCLP_CMDW_READ_SCP_INFO, sccb)) {
- ebcdic_to_ascii((char *) sccb->loadparm, loadparm, 8);
+ ebcdic_to_ascii((char *) sccb->loadparm, loadparm, LOADPARM_LEN);
}
}
diff --git a/pc-bios/s390-ccw/sclp.h b/pc-bios/s390-ccw/sclp.h
index 0dd987f..8450161 100644
--- a/pc-bios/s390-ccw/sclp.h
+++ b/pc-bios/s390-ccw/sclp.h
@@ -56,7 +56,7 @@ typedef struct ReadInfo {
uint16_t rnmax;
uint8_t rnsize;
uint8_t reserved[13];
- uint8_t loadparm[8];
+ uint8_t loadparm[LOADPARM_LEN];
} __attribute__((packed)) ReadInfo;
typedef struct SCCB {
--
1.8.3.1

328
SOURCES/kvm-pc-bios-s390-ccw-net-Use-diag308-to-reset-machine-be.patch Normal file
View File

@ -0,0 +1,328 @@
From 2f0454ccd0dd12429e8c204933cafe71a248d4eb Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:30 +0100
Subject: [PATCH 05/21] pc-bios/s390-ccw/net: Use diag308 to reset machine
before jumping to the OS
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-3-thuth@redhat.com>
Patchwork-id: 91777
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 02/17] pc-bios/s390-ccw/net: Use diag308 to reset machine before jumping to the OS
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
The netboot firmware so far simply jumped directly into the OS kernel
after the download has been completed. This, however, bears the risk
that the virtio-net device still might be active in the background and
incoming packets are still placed into the buffers - which could destroy
memory of the now-running Linux kernel in case it did not take over the
device fast enough. Also the SCLP console is not put into a well-defined
state here. We should hand over the system in a clean state when jumping
into the kernel, so let's use the same mechanism as it's done in the
main s390-ccw firmware and reset the machine with diag308 into a clean
state before jumping into the OS kernel code. To be able to share the
code with the main s390-ccw firmware, the related functions are now
extracted from bootmap.c into a new file called jump2ipl.c.
Since we now also set the boot device schid at address 184 for the network
boot device, this patch also slightly changes the way how we detect the
entry points for non-ELF binary images: The code now looks for the "S390EP"
magic first and then jumps to 0x10000 in case it has been found. This is
necessary for booting from network devices, since the normal kernel code
(where the PSW at ddress 0 points to) tries to do a block load from the
boot device. This of course fails for a virtio-net device and causes the
kernel to abort with a panic-PSW silently.
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 9a848adf45d6732e62551decb3c0255173090767)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/Makefile | 4 +-
pc-bios/s390-ccw/bootmap.c | 63 +-----------------------------
pc-bios/s390-ccw/bootmap.h | 4 --
pc-bios/s390-ccw/jump2ipl.c | 91 ++++++++++++++++++++++++++++++++++++++++++++
pc-bios/s390-ccw/netboot.mak | 3 +-
pc-bios/s390-ccw/netmain.c | 11 +++++-
pc-bios/s390-ccw/s390-ccw.h | 4 ++
7 files changed, 111 insertions(+), 69 deletions(-)
create mode 100644 pc-bios/s390-ccw/jump2ipl.c
diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile
index 1712c2d..439e3cc 100644
--- a/pc-bios/s390-ccw/Makefile
+++ b/pc-bios/s390-ccw/Makefile
@@ -9,7 +9,9 @@ $(call set-vpath, $(SRC_PATH)/pc-bios/s390-ccw)
.PHONY : all clean build-all
-OBJECTS = start.o main.o bootmap.o sclp.o virtio.o virtio-scsi.o virtio-blkdev.o libc.o menu.o
+OBJECTS = start.o main.o bootmap.o jump2ipl.o sclp.o menu.o \
+ virtio.o virtio-scsi.o virtio-blkdev.o libc.o
+
QEMU_CFLAGS := $(filter -W%, $(QEMU_CFLAGS))
QEMU_CFLAGS += -ffreestanding -fno-delete-null-pointer-checks -msoft-float
QEMU_CFLAGS += -march=z900 -fPIE -fno-strict-aliasing
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index ffbf671..d13b7cb 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -29,14 +29,6 @@
/* Scratch space */
static uint8_t sec[MAX_SECTOR_SIZE*4] __attribute__((__aligned__(PAGE_SIZE)));
-typedef struct ResetInfo {
- uint32_t ipl_mask;
- uint32_t ipl_addr;
- uint32_t ipl_continue;
-} ResetInfo;
-
-static ResetInfo save;
-
const uint8_t el_torito_magic[] = "EL TORITO SPECIFICATION"
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
@@ -57,53 +49,6 @@ static inline bool is_iso_vd_valid(IsoVolDesc *vd)
vd->type <= VOL_DESC_TYPE_PARTITION;
}
-static void jump_to_IPL_2(void)
-{
- ResetInfo *current = 0;
-
- void (*ipl)(void) = (void *) (uint64_t) current->ipl_continue;
- *current = save;
- ipl(); /* should not return */
-}
-
-static void jump_to_IPL_code(uint64_t address)
-{
- /* store the subsystem information _after_ the bootmap was loaded */
- write_subsystem_identification();
-
- /* prevent unknown IPL types in the guest */
- if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) {
- iplb.pbt = S390_IPL_TYPE_CCW;
- set_iplb(&iplb);
- }
-
- /*
- * The IPL PSW is at address 0. We also must not overwrite the
- * content of non-BIOS memory after we loaded the guest, so we
- * save the original content and restore it in jump_to_IPL_2.
- */
- ResetInfo *current = 0;
-
- save = *current;
- current->ipl_addr = (uint32_t) (uint64_t) &jump_to_IPL_2;
- current->ipl_continue = address & 0x7fffffff;
-
- debug_print_int("set IPL addr to", current->ipl_continue);
-
- /* Ensure the guest output starts fresh */
- sclp_print("\n");
-
- /*
- * HACK ALERT.
- * We use the load normal reset to keep r15 unchanged. jump_to_IPL_2
- * can then use r15 as its stack pointer.
- */
- asm volatile("lghi 1,1\n\t"
- "diag 1,1,0x308\n\t"
- : : : "1", "memory");
- panic("\n! IPL returns !\n");
-}
-
/***********************************************************************
* IPL an ECKD DASD (CDL or LDL/CMS format)
*/
@@ -744,13 +689,7 @@ static void load_iso_bc_entry(IsoBcSection *load)
(void *)((uint64_t)bswap16(s.load_segment)),
blks_to_load);
- /* Trying to get PSW at zero address */
- if (*((uint64_t *)0) & IPL_PSW_MASK) {
- jump_to_IPL_code((*((uint64_t *)0)) & 0x7fffffff);
- }
-
- /* Try default linux start address */
- jump_to_IPL_code(KERN_IMAGE_START);
+ jump_to_low_kernel();
}
static uint32_t find_iso_bc(void)
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
index f1ce423..94f53a5 100644
--- a/pc-bios/s390-ccw/bootmap.h
+++ b/pc-bios/s390-ccw/bootmap.h
@@ -355,10 +355,6 @@ static inline uint32_t iso_733_to_u32(uint64_t x)
#define ISO_SECTOR_SIZE 2048
/* El Torito specifies boot image size in 512 byte blocks */
#define ET_SECTOR_SHIFT 2
-#define KERN_IMAGE_START 0x010000UL
-#define PSW_MASK_64 0x0000000100000000ULL
-#define PSW_MASK_32 0x0000000080000000ULL
-#define IPL_PSW_MASK (PSW_MASK_32 | PSW_MASK_64)
#define ISO_PRIMARY_VD_SECTOR 16
diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
new file mode 100644
index 0000000..266f150
--- /dev/null
+++ b/pc-bios/s390-ccw/jump2ipl.c
@@ -0,0 +1,91 @@
+/*
+ * QEMU s390-ccw firmware - jump to IPL code
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "libc.h"
+#include "s390-ccw.h"
+
+#define KERN_IMAGE_START 0x010000UL
+#define PSW_MASK_64 0x0000000100000000ULL
+#define PSW_MASK_32 0x0000000080000000ULL
+#define IPL_PSW_MASK (PSW_MASK_32 | PSW_MASK_64)
+
+typedef struct ResetInfo {
+ uint32_t ipl_mask;
+ uint32_t ipl_addr;
+ uint32_t ipl_continue;
+} ResetInfo;
+
+static ResetInfo save;
+
+static void jump_to_IPL_2(void)
+{
+ ResetInfo *current = 0;
+
+ void (*ipl)(void) = (void *) (uint64_t) current->ipl_continue;
+ *current = save;
+ ipl(); /* should not return */
+}
+
+void jump_to_IPL_code(uint64_t address)
+{
+ /* store the subsystem information _after_ the bootmap was loaded */
+ write_subsystem_identification();
+
+ /* prevent unknown IPL types in the guest */
+ if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) {
+ iplb.pbt = S390_IPL_TYPE_CCW;
+ set_iplb(&iplb);
+ }
+
+ /*
+ * The IPL PSW is at address 0. We also must not overwrite the
+ * content of non-BIOS memory after we loaded the guest, so we
+ * save the original content and restore it in jump_to_IPL_2.
+ */
+ ResetInfo *current = 0;
+
+ save = *current;
+ current->ipl_addr = (uint32_t) (uint64_t) &jump_to_IPL_2;
+ current->ipl_continue = address & 0x7fffffff;
+
+ debug_print_int("set IPL addr to", current->ipl_continue);
+
+ /* Ensure the guest output starts fresh */
+ sclp_print("\n");
+
+ /*
+ * HACK ALERT.
+ * We use the load normal reset to keep r15 unchanged. jump_to_IPL_2
+ * can then use r15 as its stack pointer.
+ */
+ asm volatile("lghi 1,1\n\t"
+ "diag 1,1,0x308\n\t"
+ : : : "1", "memory");
+ panic("\n! IPL returns !\n");
+}
+
+void jump_to_low_kernel(void)
+{
+ /*
+ * If it looks like a Linux binary, i.e. there is the "S390EP" magic from
+ * arch/s390/kernel/head.S here, then let's jump to the well-known Linux
+ * kernel start address (when jumping to the PSW-at-zero address instead,
+ * the kernel startup code fails when we booted from a network device).
+ */
+ if (!memcmp((char *)0x10008, "S390EP", 6)) {
+ jump_to_IPL_code(KERN_IMAGE_START);
+ }
+
+ /* Trying to get PSW at zero address */
+ if (*((uint64_t *)0) & IPL_PSW_MASK) {
+ jump_to_IPL_code((*((uint64_t *)0)) & 0x7fffffff);
+ }
+
+ /* No other option left, so use the Linux kernel start address */
+ jump_to_IPL_code(KERN_IMAGE_START);
+}
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
index a25d238..4f64128 100644
--- a/pc-bios/s390-ccw/netboot.mak
+++ b/pc-bios/s390-ccw/netboot.mak
@@ -1,7 +1,8 @@
SLOF_DIR := $(SRC_PATH)/roms/SLOF
-NETOBJS := start.o sclp.o virtio.o virtio-net.o netmain.o libnet.a libc.a
+NETOBJS := start.o sclp.o virtio.o virtio-net.o jump2ipl.o netmain.o \
+ libnet.a libc.a
LIBC_INC := -nostdinc -I$(SLOF_DIR)/lib/libc/include
LIBNET_INC := -I$(SLOF_DIR)/lib/libnet
diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
index d86d46b..d60e84f 100644
--- a/pc-bios/s390-ccw/netmain.c
+++ b/pc-bios/s390-ccw/netmain.c
@@ -281,6 +281,15 @@ void panic(const char *string)
}
}
+void write_subsystem_identification(void)
+{
+ SubChannelId *schid = (SubChannelId *) 184;
+ uint32_t *zeroes = (uint32_t *) 188;
+
+ *schid = net_schid;
+ *zeroes = 0;
+}
+
static bool find_net_dev(Schib *schib, int dev_no)
{
int i, r;
@@ -354,7 +363,7 @@ void main(void)
rc = net_load(NULL, (long)_start);
if (rc > 0) {
sclp_print("Network loading done, starting kernel...\n");
- asm volatile (" lpsw 0(%0) " : : "r"(0) : "memory");
+ jump_to_low_kernel();
}
panic("Failed to load OS from network\n");
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index a1bdb4c..9828aa2 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -87,6 +87,10 @@ ulong get_second(void);
/* bootmap.c */
void zipl_load(void);
+/* jump2ipl.c */
+void jump_to_IPL_code(uint64_t address);
+void jump_to_low_kernel(void);
+
/* menu.c */
void menu_set_parms(uint8_t boot_menu_flag, uint32_t boot_menu_timeout);
int menu_get_zipl_boot_index(const char *menu_data);
--
1.8.3.1

87
SOURCES/kvm-pc-q35-Disallow-vfio-pci-hotplug-without-VT-d-cachin.patch Normal file
View File

@ -0,0 +1,87 @@
From f117f5fb216e45796a32579c03673c1d79164037 Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 9 Oct 2019 12:39:46 +0100
Subject: [PATCH 20/22] pc/q35: Disallow vfio-pci hotplug without VT-d caching
mode
RH-Author: Peter Xu <peterx@redhat.com>
Message-id: <20191009123947.21505-5-peterx@redhat.com>
Patchwork-id: 91352
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 4/5] pc/q35: Disallow vfio-pci hotplug without VT-d caching mode
Bugzilla: 1738440
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
hw/i386/pc.c: context differs on quite a few places in
pc_machine_class_init(), but none of them is really relevant to
current change.
Instead of bailing out when trying to hotplug a vfio-pci device with
below configuration:
-device intel-iommu,caching-mode=off
With this we can return a warning message to the user via QMP/HMP and
the VM will continue to work after failing the hotplug:
(qemu) device_add vfio-pci,bus=root.3,host=05:00.0,id=vfio1
Error: Device assignment is not allowed without enabling caching-mode=on for Intel IOMMU.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190916080718.3299-4-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit c6cbc29d36fe8df078776ed715c37cebac582238)
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/pc.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 9e1e6ae..d6c4050 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -2340,6 +2340,26 @@ static void x86_nmi(NMIState *n, int cpu_index, Error **errp)
}
}
+
+static bool pc_hotplug_allowed(MachineState *ms, DeviceState *dev, Error **errp)
+{
+ X86IOMMUState *iommu = x86_iommu_get_default();
+ IntelIOMMUState *intel_iommu;
+
+ if (iommu &&
+ object_dynamic_cast((Object *)iommu, TYPE_INTEL_IOMMU_DEVICE) &&
+ object_dynamic_cast((Object *)dev, "vfio-pci")) {
+ intel_iommu = INTEL_IOMMU_DEVICE(iommu);
+ if (!intel_iommu->caching_mode) {
+ error_setg(errp, "Device assignment is not allowed without "
+ "enabling caching-mode=on for Intel IOMMU.");
+ return false;
+ }
+ }
+
+ return true;
+}
+
static void pc_machine_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
@@ -2369,6 +2389,7 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
*/
mc->async_pf_vmexit_disable = true;
mc->get_hotplug_handler = pc_get_hotpug_handler;
+ mc->hotplug_allowed = pc_hotplug_allowed;
mc->cpu_index_to_instance_props = pc_cpu_index_to_props;
mc->get_default_cpu_node_id = pc_get_default_cpu_node_id;
mc->possible_cpu_arch_ids = pc_possible_cpu_arch_ids;
--
1.8.3.1

108
SOURCES/kvm-pseries-do-not-allow-memory-less-cpu-less-NUMA-node.patch Normal file
View File

@ -0,0 +1,108 @@
From 7ab2261eebf90ea8a3cf5701fa177d181fe665d1 Mon Sep 17 00:00:00 2001
From: Laurent Vivier <lvivier@redhat.com>
Date: Thu, 10 Oct 2019 07:34:38 +0100
Subject: [PATCH 22/22] pseries: do not allow memory-less/cpu-less NUMA node
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laurent Vivier <lvivier@redhat.com>
Message-id: <20191010073438.16478-1-lvivier@redhat.com>
Patchwork-id: 91379
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH] pseries: do not allow memory-less/cpu-less NUMA node
Bugzilla: 1651474
RH-Acked-by: David Gibson <dgibson@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
When we hotplug a CPU on memory-less/cpu-less node, the linux kernel
crashes.
This happens because linux kernel needs to know the NUMA topology at
start to be able to initialize the distance lookup table.
On pseries, the topology is provided by the firmware via the existing
CPUs and memory information. Thus a node without memory and CPU cannot be
discovered by the kernel.
To avoid the kernel crash, do not allow to start pseries with empty
nodes.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20190830161345.22436-1-lvivier@redhat.com>
[dwg: Rework to cope with movement of numa state from globals to MachineState]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 58c46efa451caa3935224223f950216872e2eee3)
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Conflicts in the context:
hw/ppc/spapr.c
because of missing downstream commits:
0550b1206a91 ("spapr: don't advertise radix GTSE if max-compat-cpu < power9")
ad99d04c76de ("target/ppc: Allow cpu compatiblity checks based on type, not instance")
because of missing donwtream commit:
7e721e7b10e1 ("numa: move numa global variable numa_info into MachineState")
replaced numa_state by numa_info (revert dwg rework), back to original
patch I sent:
https://patchew.org/QEMU/20190830161345.22436-1-lvivier@redhat.com/
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1651474
BRANCH: rhel-8.2.0
UPSTREAM: merged
BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23924908
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/ppc/spapr.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 1a2f0d9..b4c9993 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2527,6 +2527,39 @@ static void spapr_machine_init(MachineState *machine)
/* init CPUs */
spapr_init_cpus(spapr);
+ /*
+ * check we don't have a memory-less/cpu-less NUMA node
+ * Firmware relies on the existing memory/cpu topology to provide the
+ * NUMA topology to the kernel.
+ * And the linux kernel needs to know the NUMA topology at start
+ * to be able to hotplug CPUs later.
+ */
+ if (nb_numa_nodes) {
+ for (i = 0; i < nb_numa_nodes; ++i) {
+ /* check for memory-less node */
+ if (numa_info[i].node_mem == 0) {
+ CPUState *cs;
+ int found = 0;
+ /* check for cpu-less node */
+ CPU_FOREACH(cs) {
+ PowerPCCPU *cpu = POWERPC_CPU(cs);
+ if (cpu->node_id == i) {
+ found = 1;
+ break;
+ }
+ }
+ /* memory-less and cpu-less node */
+ if (!found) {
+ error_report(
+ "Memory-less/cpu-less nodes are not supported (node %d)",
+ i);
+ exit(1);
+ }
+ }
+ }
+
+ }
+
if (kvm_enabled()) {
/* Enable H_LOGICAL_CI_* so SLOF can talk to in-kernel devices */
kvmppc_enable_logical_ci_hcalls();
--
1.8.3.1

116
SOURCES/kvm-qapi-fill-in-CpuInfoFast.arch-in-query-cpus-fast.patch Normal file
View File

@ -0,0 +1,116 @@
From 9000286ea20abb4e03c76ab8f873a6e9eb708377 Mon Sep 17 00:00:00 2001
From: Maxim Levitsky <mlevitsk@redhat.com>
Date: Thu, 14 Nov 2019 08:20:41 +0000
Subject: [PATCH 1/8] qapi: fill in CpuInfoFast.arch in query-cpus-fast
RH-Author: Maxim Levitsky <mlevitsk@redhat.com>
Message-id: <20191114082041.20840-2-mlevitsk@redhat.com>
Patchwork-id: 92245
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 1/1] qapi: fill in CpuInfoFast.arch in query-cpus-fast
Bugzilla: 1730969
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Laszlo Ersek <lersek@redhat.com>
* Commit ca230ff33f89 added the @arch field to @CpuInfoFast, but it failed
to set the new field in qmp_query_cpus_fast(), when TARGET_S390X was not
defined. The updated @query-cpus-fast example in "qapi-schema.json"
showed "arch":"x86" only because qmp_query_cpus_fast() calls g_malloc0()
to allocate @CpuInfoFast, and the CPU_INFO_ARCH_X86 enum constant is
generated with value 0.
All @arch values other than @s390 implied the @CpuInfoOther sub-struct
for @CpuInfoFast -- at the time of writing the patch --, thus no fields
other than @arch needed to be set when TARGET_S390X was not defined. Set
@arch now, by copying the corresponding assignments from
qmp_query_cpus().
* Commit 25fa194b7b11 added the @riscv enum constant to @CpuInfoArch (used
in both @CpuInfo and @CpuInfoFast -- the return types of the @query-cpus
and @query-cpus-fast commands, respectively), and assigned, in both
return structures, the @CpuInfoRISCV sub-structure to the new enum
value.
However, qmp_query_cpus_fast() would not populate either the @arch field
or the @CpuInfoRISCV sub-structure, when TARGET_RISCV was defined; only
qmp_query_cpus() would.
Assign @CpuInfoOther to the @riscv enum constant in @CpuInfoFast, and
populate only the @arch field in qmp_query_cpus_fast(). Getting CPU
state without interrupting KVM is an exceptional thing that only S390X
does currently. Quoting Cornelia Huck <cohuck@redhat.com>, "s390x is
exceptional in that it has state in QEMU that is actually interesting
for upper layers and can be retrieved without performance penalty". See
also
<https://www.redhat.com/archives/libvir-list/2018-February/msg00121.html>.
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Eric Blake <eblake@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Viktor VM Mihajlovski <mihajlov@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Fixes: ca230ff33f89bf7102cbfbc2328716da6750aaed
Fixes: 25fa194b7b11901561532e435beb83d046899f7a
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180427192852.15013-2-lersek@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
(cherry picked from commit 96054f56396eaa0b9b5c681fc3e42a0004b17ade)
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
cpus.c | 16 +++++++++++++++-
qapi/misc.json | 2 +-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/cpus.c b/cpus.c
index 6100089..cea42f9 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2218,11 +2218,25 @@ CpuInfoFastList *qmp_query_cpus_fast(Error **errp)
info->value->props = props;
}
-#if defined(TARGET_S390X)
+#if defined(TARGET_I386)
+ info->value->arch = CPU_INFO_ARCH_X86;
+#elif defined(TARGET_PPC)
+ info->value->arch = CPU_INFO_ARCH_PPC;
+#elif defined(TARGET_SPARC)
+ info->value->arch = CPU_INFO_ARCH_SPARC;
+#elif defined(TARGET_MIPS)
+ info->value->arch = CPU_INFO_ARCH_MIPS;
+#elif defined(TARGET_TRICORE)
+ info->value->arch = CPU_INFO_ARCH_TRICORE;
+#elif defined(TARGET_S390X)
s390_cpu = S390_CPU(cpu);
env = &s390_cpu->env;
info->value->arch = CPU_INFO_ARCH_S390;
info->value->u.s390.cpu_state = env->cpu_state;
+#elif defined(TARGET_RISCV)
+ info->value->arch = CPU_INFO_ARCH_RISCV;
+#else
+ info->value->arch = CPU_INFO_ARCH_OTHER;
#endif
if (!cur_item) {
head = cur_item = info;
diff --git a/qapi/misc.json b/qapi/misc.json
index 5636f4a..104d013 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -573,7 +573,7 @@
'mips': 'CpuInfoOther',
'tricore': 'CpuInfoOther',
's390': 'CpuInfoS390',
- 'riscv': 'CpuInfoRISCV',
+ 'riscv': 'CpuInfoOther',
'other': 'CpuInfoOther' } }
##
--
1.8.3.1

135
SOURCES/kvm-qdev-machine-Introduce-hotplug_allowed-hook.patch Normal file
View File

@ -0,0 +1,135 @@
From 6a2ee1fd8d36ed8407b403a7307de1633462759c Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 9 Oct 2019 12:39:45 +0100
Subject: [PATCH 19/22] qdev/machine: Introduce hotplug_allowed hook
RH-Author: Peter Xu <peterx@redhat.com>
Message-id: <20191009123947.21505-4-peterx@redhat.com>
Patchwork-id: 91351
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 3/5] qdev/machine: Introduce hotplug_allowed hook
Bugzilla: 1738440
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
hw/core/qdev.c: don't have 14405c274e86e ("qdev: Provide
qdev_get_bus_hotplug_handler()")
include/hw/boards: plenty of new things missing in
MachineClass (kvm_type, numa_mem_supported, smp_parse)
include/hw/qdev-core.h: don't have 17cc0128da3 ("qdev: Let machine
hotplug handler to override bus hotplug handler")
Introduce this new per-machine hook to give any machine class a chance
to do a sanity check on the to-be-hotplugged device as a sanity test.
This will be used for x86 to try to detect some illegal configuration
of devices, e.g., possible conflictions between vfio-pci and x86
vIOMMU.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190916080718.3299-3-peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit d2321d31ff98b75b652c2b1594f00a4cfd48102a)
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/core/qdev.c | 17 +++++++++++++++++
include/hw/boards.h | 9 +++++++++
include/hw/qdev-core.h | 1 +
qdev-monitor.c | 7 +++++++
4 files changed, 34 insertions(+)
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 24f1ae7..5971242 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -259,6 +259,23 @@ HotplugHandler *qdev_get_machine_hotplug_handler(DeviceState *dev)
return NULL;
}
+bool qdev_hotplug_allowed(DeviceState *dev, Error **errp)
+{
+ MachineState *machine;
+ MachineClass *mc;
+ Object *m_obj = qdev_get_machine();
+
+ if (object_dynamic_cast(m_obj, TYPE_MACHINE)) {
+ machine = MACHINE(m_obj);
+ mc = MACHINE_GET_CLASS(machine);
+ if (mc->hotplug_allowed) {
+ return mc->hotplug_allowed(machine, dev, errp);
+ }
+ }
+
+ return true;
+}
+
HotplugHandler *qdev_get_hotplug_handler(DeviceState *dev)
{
HotplugHandler *hotplug_ctrl;
diff --git a/include/hw/boards.h b/include/hw/boards.h
index 9b4a69b..e568a3c 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -156,6 +156,13 @@ typedef struct {
* should instead use "unimplemented-device" for all memory ranges where
* the guest will attempt to probe for a device that QEMU doesn't
* implement and a stub device is required.
+ * @hotplug_allowed:
+ * If the hook is provided, then it'll be called for each device
+ * hotplug to check whether the device hotplug is allowed. Return
+ * true to grant allowance or false to reject the hotplug. When
+ * false is returned, an error must be set to show the reason of
+ * the rejection. If the hook is not provided, all hotplug will be
+ * allowed.
*/
struct MachineClass {
/*< private >*/
@@ -210,6 +217,8 @@ struct MachineClass {
HotplugHandler *(*get_hotplug_handler)(MachineState *machine,
DeviceState *dev);
+ bool (*hotplug_allowed)(MachineState *state, DeviceState *dev,
+ Error **errp);
CpuInstanceProperties (*cpu_index_to_instance_props)(MachineState *machine,
unsigned cpu_index);
const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine);
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 9453588..b8d1cac 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -286,6 +286,7 @@ void qdev_init_nofail(DeviceState *dev);
void qdev_set_legacy_instance_id(DeviceState *dev, int alias_id,
int required_for_version);
HotplugHandler *qdev_get_machine_hotplug_handler(DeviceState *dev);
+bool qdev_hotplug_allowed(DeviceState *dev, Error **errp);
HotplugHandler *qdev_get_hotplug_handler(DeviceState *dev);
void qdev_unplug(DeviceState *dev, Error **errp);
void qdev_simple_device_unplug_cb(HotplugHandler *hotplug_dev,
diff --git a/qdev-monitor.c b/qdev-monitor.c
index f439b83..70bce8f 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -606,6 +606,13 @@ DeviceState *qdev_device_add(QemuOpts *opts, Error **errp)
/* create device */
dev = DEVICE(object_new(driver));
+ /* Check whether the hotplug is allowed by the machine */
+ if (qdev_hotplug && !qdev_hotplug_allowed(dev, &err)) {
+ /* Error must be set in the machine hook */
+ assert(err);
+ goto err_del_dev;
+ }
+
if (bus) {
qdev_set_parent_bus(dev, bus);
} else if (qdev_hotplug && !qdev_get_machine_hotplug_handler(dev)) {
--
1.8.3.1

124
SOURCES/kvm-qemu-img-fix-regression-copying-secrets-during-conve.patch Normal file
View File

@ -0,0 +1,124 @@
From 14768fe9b44d6c89c066ebf597b9be79f7d43f30 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 14 Aug 2019 11:28:11 +0100
Subject: [PATCH 3/3] qemu-img: fix regression copying secrets during convert
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Kevin Wolf <kwolf@redhat.com>
Message-id: <20190814112811.28642-2-kwolf@redhat.com>
Patchwork-id: 89987
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] qemu-img: fix regression copying secrets during convert
Bugzilla: 1727821
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
When the convert command is creating an output file that needs
secrets, we need to ensure those secrets are passed to both the
blk_new_open and bdrv_create API calls.
This is done by qemu-img extracting all opts matching the name
suffix "key-secret". Unfortunately the code doing this was run after the
call to bdrv_create(), which meant the QemuOpts it was extracting
secrets from was now empty.
Previously this worked by luks as a bug meant the "key-secret"
parameters were not purged from the QemuOpts. This bug was fixed in
commit b76b4f604521e59f857d6177bc55f6f2e41fd392
Author: Kevin Wolf <kwolf@redhat.com>
Date: Thu Jan 11 16:18:08 2018 +0100
qcow2: Use visitor for options in qcow2_create()
Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.
Cc: qemu-stable@nongnu.org
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8d65a3ccfd5db7f0436e095cd952f5d0c3a873ba)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
qemu-img.c | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index f42750a..fa0cbd7 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -348,21 +348,6 @@ static int img_add_key_secrets(void *opaque,
return 0;
}
-static BlockBackend *img_open_new_file(const char *filename,
- QemuOpts *create_opts,
- const char *fmt, int flags,
- bool writethrough, bool quiet,
- bool force_share)
-{
- QDict *options = NULL;
-
- options = qdict_new();
- qemu_opt_foreach(create_opts, img_add_key_secrets, options, &error_abort);
-
- return img_open_file(filename, options, fmt, flags, writethrough, quiet,
- force_share);
-}
-
static BlockBackend *img_open(bool image_opts,
const char *filename,
@@ -1994,6 +1979,7 @@ static int img_convert(int argc, char **argv)
BlockDriverState *out_bs;
QemuOpts *opts = NULL, *sn_opts = NULL;
QemuOptsList *create_opts = NULL;
+ QDict *open_opts = NULL;
char *options = NULL;
Error *local_err = NULL;
bool writethrough, src_writethrough, quiet = false, image_opts = false,
@@ -2342,6 +2328,16 @@ static int img_convert(int argc, char **argv)
}
}
+ /*
+ * The later open call will need any decryption secrets, and
+ * bdrv_create() will purge "opts", so extract them now before
+ * they are lost.
+ */
+ if (!skip_create) {
+ open_opts = qdict_new();
+ qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
+ }
+
if (!skip_create) {
/* Create the new image */
ret = bdrv_create(drv, out_filename, opts, &local_err);
@@ -2368,8 +2364,9 @@ static int img_convert(int argc, char **argv)
* That has to wait for bdrv_create to be improved
* to allow filenames in option syntax
*/
- s.target = img_open_new_file(out_filename, opts, out_fmt,
- flags, writethrough, quiet, false);
+ s.target = img_open_file(out_filename, open_opts, out_fmt,
+ flags, writethrough, quiet, false);
+ open_opts = NULL; /* blk_new_open will have freed it */
}
if (!s.target) {
ret = -1;
@@ -2437,6 +2434,7 @@ out:
qemu_opts_del(opts);
qemu_opts_free(create_opts);
qemu_opts_del(sn_opts);
+ qobject_unref(open_opts);
blk_unref(s.target);
if (s.src) {
for (bs_i = 0; bs_i < s.src_num; bs_i++) {
--
1.8.3.1

110
SOURCES/kvm-qemu-iotests-Filter-NFS-paths.patch Normal file
View File

@ -0,0 +1,110 @@
From 065df0fad17065597ffb3baf5b697c82c95c2ed0 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:55 +0100
Subject: [PATCH 09/39] qemu-iotests: Filter NFS paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-5-ptoscano@redhat.com>
Patchwork-id: 89419
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 04/10] qemu-iotests: Filter NFS paths
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Kevin Wolf <kwolf@redhat.com>
NFS paths were only partially filtered in _filter_img_create, _img_info
and _filter_img_info, resulting in "nfs://127.0.0.1TEST_DIR/t.IMGFMT".
This adds another replacement to the sed calls that matches the test
directory not as a host path, but as an NFS URL (the prefix as used for
$TEST_IMG).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
(cherry picked from commit 8908b253c4ad5f8874c8d13abec169c696a5cd32)
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/126.out | 2 +-
tests/qemu-iotests/common.filter | 6 ++++--
tests/qemu-iotests/common.rc | 8 +++++++-
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/tests/qemu-iotests/126.out b/tests/qemu-iotests/126.out
index 50d7308..17d03d5 100644
--- a/tests/qemu-iotests/126.out
+++ b/tests/qemu-iotests/126.out
@@ -3,7 +3,7 @@ QA output created by 126
=== Testing plain files ===
Formatting 'TEST_DIR/a:b.IMGFMT', fmt=IMGFMT size=67108864
-Formatting 'TEST_DIR/a:b.IMGFMT', fmt=IMGFMT size=67108864
+Formatting 'file:TEST_DIR/a:b.IMGFMT', fmt=IMGFMT size=67108864
=== Testing relative backing filename resolution ===
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 7acb454..2031e35 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -118,7 +118,8 @@ _filter_actual_image_size()
# replace driver-specific options in the "Formatting..." line
_filter_img_create()
{
- sed -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
+ sed -e "s#$REMOTE_TEST_DIR#TEST_DIR#g" \
+ -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
-e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$IMGFMT#IMGFMT#g" \
-e 's#nbd:127.0.0.1:10810#TEST_DIR/t.IMGFMT#g' \
@@ -153,7 +154,8 @@ _filter_img_info()
discard=0
regex_json_spec_start='^ *"format-specific": \{'
- sed -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
+ sed -e "s#$REMOTE_TEST_DIR#TEST_DIR#g" \
+ -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
-e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$IMGFMT#IMGFMT#g" \
-e 's#nbd://127.0.0.1:10810$#TEST_DIR/t.IMGFMT#g' \
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index cb5fa14..d054cb9 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -148,6 +148,7 @@ else
TEST_IMG="ssh://127.0.0.1$TEST_IMG_FILE"
elif [ "$IMGPROTO" = "nfs" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
+ REMOTE_TEST_DIR="nfs://127.0.0.1$TEST_DIR"
TEST_IMG="nfs://127.0.0.1$TEST_IMG_FILE"
elif [ "$IMGPROTO" = "vxhs" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
@@ -173,6 +174,10 @@ if [ ! -d "$TEST_DIR" ]; then
exit 1
fi
+if [ -z "$REMOTE_TEST_DIR" ]; then
+ REMOTE_TEST_DIR="$TEST_DIR"
+fi
+
if [ ! -d "$SAMPLE_IMG_DIR" ]; then
echo "common.config: Error: \$SAMPLE_IMG_DIR ($SAMPLE_IMG_DIR) is not a directory"
exit 1
@@ -333,7 +338,8 @@ _img_info()
discard=0
regex_json_spec_start='^ *"format-specific": \{'
$QEMU_IMG info $QEMU_IMG_EXTRA_ARGS "$@" "$TEST_IMG" 2>&1 | \
- sed -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
+ sed -e "s#$REMOTE_TEST_DIR#TEST_DIR#g" \
+ -e "s#$IMGPROTO:$TEST_DIR#TEST_DIR#g" \
-e "s#$TEST_DIR#TEST_DIR#g" \
-e "s#$IMGFMT#IMGFMT#g" \
-e "/^disk size:/ D" \
--
1.8.3.1

51
SOURCES/kvm-qemu-iotests-Fix-paths-for-NFS.patch Normal file
View File

@ -0,0 +1,51 @@
From 5e41ecd75bc95d1390328218676c72ac1cf4562b Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 8 Jul 2019 15:25:54 +0100
Subject: [PATCH 08/39] qemu-iotests: Fix paths for NFS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Pino Toscano <ptoscano@redhat.com>
Message-id: <20190708152601.21123-4-ptoscano@redhat.com>
Patchwork-id: 89423
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v3 03/10] qemu-iotests: Fix paths for NFS
Bugzilla: 1513367
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
From: Kevin Wolf <kwolf@redhat.com>
Test cases were trying to use nfs:// URLs as local filenames, which made
every test fail for NFS. With TEST_IMG and TEST_IMG_FILE set like for
the other protocols, NFS tests can pass again.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
(cherry picked from commit 655ae6bb91998a01964759406cb38ef215a6ba5b)
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qemu-iotests/common.rc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index 9a65a11..cb5fa14 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -147,8 +147,8 @@ else
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
TEST_IMG="ssh://127.0.0.1$TEST_IMG_FILE"
elif [ "$IMGPROTO" = "nfs" ]; then
- TEST_DIR="nfs://127.0.0.1/$TEST_DIR"
- TEST_IMG=$TEST_DIR/t.$IMGFMT
+ TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
+ TEST_IMG="nfs://127.0.0.1$TEST_IMG_FILE"
elif [ "$IMGPROTO" = "vxhs" ]; then
TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
TEST_IMG="vxhs://127.0.0.1:9999/t.$IMGFMT"
--
1.8.3.1

50
SOURCES/kvm-qxl-check-release-info-object.patch Normal file
View File

@ -0,0 +1,50 @@
From 56a21c3a967a6cbf99e2ecb2dff30d4dca759532 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 20 Jun 2019 13:07:31 +0100
Subject: [PATCH 1/2] qxl: check release info object
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20190620130731.18034-2-philmd@redhat.com>
Patchwork-id: 88745
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] qxl: check release info object
Bugzilla: 1712705
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
From: Prasad J Pandit <pjp@fedoraproject.org>
When releasing spice resources in release_resource() routine,
if release info object 'ext.info' is null, it leads to null
pointer dereference. Add check to avoid it.
Reported-by: Bugs SysSec <bugs-syssec@rub.de>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20190425063534.32747-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit d52680fc932efb8a2f334cc6993e705ed1e31e99)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/display/qxl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index b373c50..a8c953b 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -776,6 +776,9 @@ static void interface_release_resource(QXLInstance *sin,
QXLReleaseRing *ring;
uint64_t *item, id;
+ if (!ext.info) {
+ return;
+ }
if (ext.group_id == MEMSLOT_GROUP_HOST) {
/* host group -> vga mode update request */
QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
--
1.8.3.1

61
SOURCES/kvm-s390-PCI-fix-IOMMU-region-init.patch Normal file
View File

@ -0,0 +1,61 @@
From 324a0ffc5140c4ece5b720708da2c673a8d1b9cc Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Tue, 1 Oct 2019 06:02:58 +0100
Subject: [PATCH 12/22] s390: PCI: fix IOMMU region init
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191001060258.28206-2-thuth@redhat.com>
Patchwork-id: 90929
O-Subject: [RHEL-8.2.0/RHEL-8.1.z qemu-kvm PATCH 1/1] s390: PCI: fix IOMMU region init
Bugzilla: 1754643
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Maxim Levitsky <mlevitsk@redhat.com>
From: Matthew Rosato <mjrosato@linux.ibm.com>
The fix in dbe9cf606c shrinks the IOMMU memory region to a size
that seems reasonable on the surface, however is actually too
small as it is based against a 0-mapped address space. This
causes breakage with small guests as they can overrun the IOMMU window.
Let's go back to the prior method of initializing iommu for now.
Fixes: dbe9cf606c ("s390x/pci: Set the iommu region size mpcifc request")
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Reported-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Tested-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reported-by: Stefan Zimmerman <stzi@linux.ibm.com>
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <1569507036-15314-1-git-send-email-mjrosato@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
(cherry picked from commit 7df1dac5f1c85312474df9cb3a8fcae72303da62)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/s390x/s390-pci-bus.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 383b3e7..069e152 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -691,10 +691,15 @@ static const MemoryRegionOps s390_msi_ctrl_ops = {
void s390_pci_iommu_enable(S390PCIIOMMU *iommu)
{
+ /*
+ * The iommu region is initialized against a 0-mapped address space,
+ * so the smallest IOMMU region we can define runs from 0 to the end
+ * of the PCI address space.
+ */
char *name = g_strdup_printf("iommu-s390-%04x", iommu->pbdev->uid);
memory_region_init_iommu(&iommu->iommu_mr, sizeof(iommu->iommu_mr),
TYPE_S390_IOMMU_MEMORY_REGION, OBJECT(&iommu->mr),
- name, iommu->pal - iommu->pba + 1);
+ name, iommu->pal + 1);
iommu->enabled = true;
memory_region_add_subregion(&iommu->mr, 0, MEMORY_REGION(&iommu->iommu_mr));
g_free(name);
--
1.8.3.1

88
SOURCES/kvm-s390-bios-Add-channel-command-codes-structs-needed-f.patch Normal file
View File

@ -0,0 +1,88 @@
From 81d722eaf6284d55e2da0ba6cc4874bfd262a7e2 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:43 +0100
Subject: [PATCH 18/21] s390-bios: Add channel command codes/structs needed for
dasd-ipl
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-16-thuth@redhat.com>
Patchwork-id: 91792
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 15/17] s390-bios: Add channel command codes/structs needed for dasd-ipl
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
The dasd IPL procedure needs to execute a few previously unused
channel commands. Let's define them and their associated data
structures.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-15-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 69333c36dc85b84b021766747cffc2b53df93ae8)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/cio.h | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/pc-bios/s390-ccw/cio.h b/pc-bios/s390-ccw/cio.h
index 1637e32..aaa432d 100644
--- a/pc-bios/s390-ccw/cio.h
+++ b/pc-bios/s390-ccw/cio.h
@@ -200,11 +200,14 @@ typedef struct ccw1 {
#define CCW_FLAG_IDA 0x04
#define CCW_FLAG_SUSPEND 0x02
+/* Common CCW commands */
+#define CCW_CMD_READ_IPL 0x02
#define CCW_CMD_NOOP 0x03
#define CCW_CMD_BASIC_SENSE 0x04
#define CCW_CMD_TIC 0x08
#define CCW_CMD_SENSE_ID 0xe4
+/* Virtio CCW commands */
#define CCW_CMD_SET_VQ 0x13
#define CCW_CMD_VDEV_RESET 0x33
#define CCW_CMD_READ_FEAT 0x12
@@ -216,6 +219,12 @@ typedef struct ccw1 {
#define CCW_CMD_SET_CONF_IND 0x53
#define CCW_CMD_READ_VQ_CONF 0x32
+/* DASD CCW commands */
+#define CCW_CMD_DASD_READ 0x06
+#define CCW_CMD_DASD_SEEK 0x07
+#define CCW_CMD_DASD_SEARCH_ID_EQ 0x31
+#define CCW_CMD_DASD_READ_MT 0x86
+
/*
* Command-mode operation request block
*/
@@ -333,6 +342,20 @@ typedef struct irb {
__u32 emw[8];
} __attribute__ ((packed, aligned(4))) Irb;
+/* Used for SEEK ccw commands */
+typedef struct CcwSeekData {
+ uint16_t reserved;
+ uint16_t cyl;
+ uint16_t head;
+} __attribute__((packed)) CcwSeekData;
+
+/* Used for SEARCH ID ccw commands */
+typedef struct CcwSearchIdData {
+ uint16_t cyl;
+ uint16_t head;
+ uint8_t record;
+} __attribute__((packed)) CcwSearchIdData;
+
int enable_mss_facility(void);
void enable_subchannel(SubChannelId schid);
uint16_t cu_type(SubChannelId schid);
--
1.8.3.1

251
SOURCES/kvm-s390-bios-Clean-up-cio.h.patch Normal file
View File

@ -0,0 +1,251 @@
From fc07c126ddd0796c1996b2e527e69486c9c848b9 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:33 +0100
Subject: [PATCH 08/21] s390-bios: Clean up cio.h
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-6-thuth@redhat.com>
Patchwork-id: 91782
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 05/17] s390-bios: Clean up cio.h
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Add proper typedefs to all structs and modify all bit fields to use consistent
formatting.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-5-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit d96c5db77f1058ee9509554f43b945c66b3aa7c9)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/cio.h | 114 ++++++++++++++++++++++----------------------
pc-bios/s390-ccw/s390-ccw.h | 8 ----
2 files changed, 57 insertions(+), 65 deletions(-)
diff --git a/pc-bios/s390-ccw/cio.h b/pc-bios/s390-ccw/cio.h
index 1a0795f..ed5b2cb 100644
--- a/pc-bios/s390-ccw/cio.h
+++ b/pc-bios/s390-ccw/cio.h
@@ -17,35 +17,35 @@
* path management control word
*/
struct pmcw {
- __u32 intparm; /* interruption parameter */
- __u32 qf : 1; /* qdio facility */
- __u32 w : 1;
- __u32 isc : 3; /* interruption sublass */
- __u32 res5 : 3; /* reserved zeros */
- __u32 ena : 1; /* enabled */
- __u32 lm : 2; /* limit mode */
- __u32 mme : 2; /* measurement-mode enable */
- __u32 mp : 1; /* multipath mode */
- __u32 tf : 1; /* timing facility */
- __u32 dnv : 1; /* device number valid */
- __u32 dev : 16; /* device number */
- __u8 lpm; /* logical path mask */
- __u8 pnom; /* path not operational mask */
- __u8 lpum; /* last path used mask */
- __u8 pim; /* path installed mask */
- __u16 mbi; /* measurement-block index */
- __u8 pom; /* path operational mask */
- __u8 pam; /* path available mask */
- __u8 chpid[8]; /* CHPID 0-7 (if available) */
- __u32 unused1 : 8; /* reserved zeros */
- __u32 st : 3; /* subchannel type */
- __u32 unused2 : 18; /* reserved zeros */
- __u32 mbfc : 1; /* measurement block format control */
- __u32 xmwme : 1; /* extended measurement word mode enable */
- __u32 csense : 1; /* concurrent sense; can be enabled ...*/
- /* ... per MSCH, however, if facility */
- /* ... is not installed, this results */
- /* ... in an operand exception. */
+ __u32 intparm; /* interruption parameter */
+ __u32 qf:1; /* qdio facility */
+ __u32 w:1;
+ __u32 isc:3; /* interruption sublass */
+ __u32 res5:3; /* reserved zeros */
+ __u32 ena:1; /* enabled */
+ __u32 lm:2; /* limit mode */
+ __u32 mme:2; /* measurement-mode enable */
+ __u32 mp:1; /* multipath mode */
+ __u32 tf:1; /* timing facility */
+ __u32 dnv:1; /* device number valid */
+ __u32 dev:16; /* device number */
+ __u8 lpm; /* logical path mask */
+ __u8 pnom; /* path not operational mask */
+ __u8 lpum; /* last path used mask */
+ __u8 pim; /* path installed mask */
+ __u16 mbi; /* measurement-block index */
+ __u8 pom; /* path operational mask */
+ __u8 pam; /* path available mask */
+ __u8 chpid[8]; /* CHPID 0-7 (if available) */
+ __u32 unused1:8; /* reserved zeros */
+ __u32 st:3; /* subchannel type */
+ __u32 unused2:18; /* reserved zeros */
+ __u32 mbfc:1; /* measurement block format control */
+ __u32 xmwme:1; /* extended measurement word mode enable */
+ __u32 csense:1; /* concurrent sense; can be enabled ...*/
+ /* ... per MSCH, however, if facility */
+ /* ... is not installed, this results */
+ /* ... in an operand exception. */
} __attribute__ ((packed));
/* Target SCHIB configuration. */
@@ -77,28 +77,28 @@ struct scsw {
/*
* subchannel information block
*/
-struct schib {
+typedef struct schib {
struct pmcw pmcw; /* path management control word */
struct scsw scsw; /* subchannel status word */
__u64 mba; /* measurement block address */
__u8 mda[4]; /* model dependent area */
-} __attribute__ ((packed,aligned(4)));
-
-struct subchannel_id {
- __u32 cssid : 8;
- __u32 : 4;
- __u32 m : 1;
- __u32 ssid : 2;
- __u32 one : 1;
- __u32 sch_no : 16;
-} __attribute__ ((packed, aligned(4)));
+} __attribute__ ((packed, aligned(4))) Schib;
+
+typedef struct subchannel_id {
+ __u32 cssid:8;
+ __u32:4;
+ __u32 m:1;
+ __u32 ssid:2;
+ __u32 one:1;
+ __u32 sch_no:16;
+} __attribute__ ((packed, aligned(4))) SubChannelId;
struct chsc_header {
__u16 length;
__u16 code;
} __attribute__((packed));
-struct chsc_area_sda {
+typedef struct chsc_area_sda {
struct chsc_header request;
__u8 reserved1:4;
__u8 format:4;
@@ -111,29 +111,29 @@ struct chsc_area_sda {
__u32 reserved5:4;
__u32 format2:4;
__u32 reserved6:24;
-} __attribute__((packed));
+} __attribute__((packed)) ChscAreaSda;
/*
* TPI info structure
*/
struct tpi_info {
struct subchannel_id schid;
- __u32 intparm; /* interruption parameter */
- __u32 adapter_IO : 1;
- __u32 reserved2 : 1;
- __u32 isc : 3;
- __u32 reserved3 : 12;
- __u32 int_type : 3;
- __u32 reserved4 : 12;
+ __u32 intparm; /* interruption parameter */
+ __u32 adapter_IO:1;
+ __u32 reserved2:1;
+ __u32 isc:3;
+ __u32 reserved3:12;
+ __u32 int_type:3;
+ __u32 reserved4:12;
} __attribute__ ((packed, aligned(4)));
/* channel command word (type 1) */
-struct ccw1 {
+typedef struct ccw1 {
__u8 cmd_code;
__u8 flags;
__u16 count;
__u32 cda;
-} __attribute__ ((packed, aligned(8)));
+} __attribute__ ((packed, aligned(8))) Ccw1;
#define CCW_FLAG_DC 0x80
#define CCW_FLAG_CC 0x40
@@ -162,7 +162,7 @@ struct ccw1 {
/*
* Command-mode operation request block
*/
-struct cmd_orb {
+typedef struct cmd_orb {
__u32 intparm; /* interruption parameter */
__u32 key:4; /* flags, like key, suspend control, etc. */
__u32 spnd:1; /* suspend control */
@@ -182,7 +182,7 @@ struct cmd_orb {
__u32 zero:6; /* reserved zeros */
__u32 orbx:1; /* ORB extension control */
__u32 cpa; /* channel program address */
-} __attribute__ ((packed, aligned(4)));
+} __attribute__ ((packed, aligned(4))) CmdOrb;
struct ciw {
__u8 type;
@@ -193,7 +193,7 @@ struct ciw {
/*
* sense-id response buffer layout
*/
-struct senseid {
+typedef struct senseid {
/* common part */
__u8 reserved; /* always 0x'FF' */
__u16 cu_type; /* control unit type */
@@ -203,15 +203,15 @@ struct senseid {
__u8 unused; /* padding byte */
/* extended part */
struct ciw ciw[62];
-} __attribute__ ((packed, aligned(4)));
+} __attribute__ ((packed, aligned(4))) SenseId;
/* interruption response block */
-struct irb {
+typedef struct irb {
struct scsw scsw;
__u32 esw[5];
__u32 ecw[8];
__u32 emw[8];
-} __attribute__ ((packed, aligned(4)));
+} __attribute__ ((packed, aligned(4))) Irb;
/*
* Some S390 specific IO instructions as inline
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 9828aa2..241c6d0 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -49,14 +49,6 @@ typedef unsigned long long __u64;
#include "cio.h"
#include "iplb.h"
-typedef struct irb Irb;
-typedef struct ccw1 Ccw1;
-typedef struct cmd_orb CmdOrb;
-typedef struct schib Schib;
-typedef struct chsc_area_sda ChscAreaSda;
-typedef struct senseid SenseId;
-typedef struct subchannel_id SubChannelId;
-
/* start.s */
void disabled_wait(void);
void consume_sclp_int(void);
--
1.8.3.1

226
SOURCES/kvm-s390-bios-Decouple-channel-i-o-logic-from-virtio.patch Normal file
View File

@ -0,0 +1,226 @@
From 9fa5a139c303dd7cedabafda03bcd79807b01086 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:34 +0100
Subject: [PATCH 09/21] s390-bios: Decouple channel i/o logic from virtio
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-7-thuth@redhat.com>
Patchwork-id: 91779
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 06/17] s390-bios: Decouple channel i/o logic from virtio
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Create a separate library for channel i/o related code. This decouples
channel i/o operations from virtio and allows us to make use of them for
the real dasd boot path.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-6-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 120d04103e3f870d0fcd2a23c2ada0a4a4f036cc)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/Makefile | 2 +-
pc-bios/s390-ccw/cio.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
pc-bios/s390-ccw/cio.h | 3 +++
pc-bios/s390-ccw/main.c | 1 +
pc-bios/s390-ccw/netboot.mak | 2 +-
pc-bios/s390-ccw/netmain.c | 1 +
pc-bios/s390-ccw/s390-ccw.h | 1 -
pc-bios/s390-ccw/virtio.c | 27 ++-------------------------
8 files changed, 53 insertions(+), 28 deletions(-)
create mode 100644 pc-bios/s390-ccw/cio.c
diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile
index 439e3cc..acca961 100644
--- a/pc-bios/s390-ccw/Makefile
+++ b/pc-bios/s390-ccw/Makefile
@@ -10,7 +10,7 @@ $(call set-vpath, $(SRC_PATH)/pc-bios/s390-ccw)
.PHONY : all clean build-all
OBJECTS = start.o main.o bootmap.o jump2ipl.o sclp.o menu.o \
- virtio.o virtio-scsi.o virtio-blkdev.o libc.o
+ virtio.o virtio-scsi.o virtio-blkdev.o libc.o cio.o
QEMU_CFLAGS := $(filter -W%, $(QEMU_CFLAGS))
QEMU_CFLAGS += -ffreestanding -fno-delete-null-pointer-checks -msoft-float
diff --git a/pc-bios/s390-ccw/cio.c b/pc-bios/s390-ccw/cio.c
new file mode 100644
index 0000000..87c6b34
--- /dev/null
+++ b/pc-bios/s390-ccw/cio.c
@@ -0,0 +1,44 @@
+/*
+ * S390 Channel I/O
+ *
+ * Copyright (c) 2013 Alexander Graf <agraf@suse.de>
+ * Copyright (c) 2019 IBM Corp.
+ *
+ * Author(s): Jason J. Herne <jjherne@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "libc.h"
+#include "s390-ccw.h"
+#include "cio.h"
+
+static char chsc_page[PAGE_SIZE] __attribute__((__aligned__(PAGE_SIZE)));
+
+int enable_mss_facility(void)
+{
+ int ret;
+ ChscAreaSda *sda_area = (ChscAreaSda *) chsc_page;
+
+ memset(sda_area, 0, PAGE_SIZE);
+ sda_area->request.length = 0x0400;
+ sda_area->request.code = 0x0031;
+ sda_area->operation_code = 0x2;
+
+ ret = chsc(sda_area);
+ if ((ret == 0) && (sda_area->response.code == 0x0001)) {
+ return 0;
+ }
+ return -EIO;
+}
+
+void enable_subchannel(SubChannelId schid)
+{
+ Schib schib;
+
+ stsch_err(schid, &schib);
+ schib.pmcw.ena = 1;
+ msch(schid, &schib);
+}
diff --git a/pc-bios/s390-ccw/cio.h b/pc-bios/s390-ccw/cio.h
index ed5b2cb..218fd96 100644
--- a/pc-bios/s390-ccw/cio.h
+++ b/pc-bios/s390-ccw/cio.h
@@ -213,6 +213,9 @@ typedef struct irb {
__u32 emw[8];
} __attribute__ ((packed, aligned(4))) Irb;
+int enable_mss_facility(void);
+void enable_subchannel(SubChannelId schid);
+
/*
* Some S390 specific IO instructions as inline
*/
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 67df421..10f04c6 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -10,6 +10,7 @@
#include "libc.h"
#include "s390-ccw.h"
+#include "cio.h"
#include "virtio.h"
char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
index 4f64128..d17b424 100644
--- a/pc-bios/s390-ccw/netboot.mak
+++ b/pc-bios/s390-ccw/netboot.mak
@@ -1,7 +1,7 @@
SLOF_DIR := $(SRC_PATH)/roms/SLOF
-NETOBJS := start.o sclp.o virtio.o virtio-net.o jump2ipl.o netmain.o \
+NETOBJS := start.o sclp.o cio.o virtio.o virtio-net.o jump2ipl.o netmain.o \
libnet.a libc.a
LIBC_INC := -nostdinc -I$(SLOF_DIR)/lib/libc/include
diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
index d60e84f..4e1b8cf 100644
--- a/pc-bios/s390-ccw/netmain.c
+++ b/pc-bios/s390-ccw/netmain.c
@@ -32,6 +32,7 @@
#include <time.h>
#include "s390-ccw.h"
+#include "cio.h"
#include "virtio.h"
#define DEFAULT_BOOT_RETRIES 10
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 241c6d0..b39ee5d 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -72,7 +72,6 @@ unsigned long virtio_load_direct(ulong rec_list1, ulong rec_list2,
bool virtio_is_supported(SubChannelId schid);
void virtio_blk_setup_device(SubChannelId schid);
int virtio_read(ulong sector, void *load_addr);
-int enable_mss_facility(void);
u64 get_clock(void);
ulong get_second(void);
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
index cdb66f4..aa9da72 100644
--- a/pc-bios/s390-ccw/virtio.c
+++ b/pc-bios/s390-ccw/virtio.c
@@ -10,6 +10,7 @@
#include "libc.h"
#include "s390-ccw.h"
+#include "cio.h"
#include "virtio.h"
#include "virtio-scsi.h"
#include "bswap.h"
@@ -20,8 +21,6 @@ static VRing block[VIRTIO_MAX_VQS];
static char ring_area[VIRTIO_RING_SIZE * VIRTIO_MAX_VQS]
__attribute__((__aligned__(PAGE_SIZE)));
-static char chsc_page[PAGE_SIZE] __attribute__((__aligned__(PAGE_SIZE)));
-
static VDev vdev = {
.nr_vqs = 1,
.vrings = block,
@@ -94,14 +93,9 @@ static int run_ccw(VDev *vdev, int cmd, void *ptr, int len)
{
Ccw1 ccw = {};
CmdOrb orb = {};
- Schib schib;
int r;
- /* start command processing */
- stsch_err(vdev->schid, &schib);
- /* enable the subchannel for IPL device */
- schib.pmcw.ena = 1;
- msch(vdev->schid, &schib);
+ enable_subchannel(vdev->schid);
/* start subchannel command */
orb.fmt = 1;
@@ -343,20 +337,3 @@ bool virtio_is_supported(SubChannelId schid)
}
return false;
}
-
-int enable_mss_facility(void)
-{
- int ret;
- ChscAreaSda *sda_area = (ChscAreaSda *) chsc_page;
-
- memset(sda_area, 0, PAGE_SIZE);
- sda_area->request.length = 0x0400;
- sda_area->request.code = 0x0031;
- sda_area->operation_code = 0x2;
-
- ret = chsc(sda_area);
- if ((ret == 0) && (sda_area->response.code == 0x0001)) {
- return 0;
- }
- return -EIO;
-}
--
1.8.3.1

72
SOURCES/kvm-s390-bios-Extend-find_dev-for-non-virtio-devices.patch Normal file
View File

@ -0,0 +1,72 @@
From edf2dd4c4eda49957b845ea90a084dde0951f92a Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:39 +0100
Subject: [PATCH 14/21] s390-bios: Extend find_dev() for non-virtio devices
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-12-thuth@redhat.com>
Patchwork-id: 91784
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 11/17] s390-bios: Extend find_dev() for non-virtio devices
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
We need a method for finding the subchannel of a dasd device. Let's
modify find_dev to handle this since it mostly does what we need. Up to
this point find_dev has been specific to only virtio devices.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <1554388475-18329-11-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 930072d2bf30986e57dac5c5945a32492f288944)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index e403b5f..d04ea89 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -52,6 +52,12 @@ unsigned int get_loadparm_index(void)
return atoui(loadparm_str);
}
+/*
+ * Find the subchannel connected to the given device (dev_no) and fill in the
+ * subchannel information block (schib) with the connected subchannel's info.
+ * NOTE: The global variable blk_schid is updated to contain the subchannel
+ * information.
+ */
static bool find_dev(Schib *schib, int dev_no)
{
int i, r;
@@ -65,15 +71,15 @@ static bool find_dev(Schib *schib, int dev_no)
if (!schib->pmcw.dnv) {
continue;
}
- if (!virtio_is_supported(blk_schid)) {
- continue;
- }
+
/* Skip net devices since no IPLB is created and therefore no
- * no network bootloader has been loaded
+ * network bootloader has been loaded
*/
- if (virtio_get_device_type() == VIRTIO_ID_NET && dev_no < 0) {
+ if (virtio_is_supported(blk_schid) &&
+ virtio_get_device_type() == VIRTIO_ID_NET && dev_no < 0) {
continue;
}
+
if ((dev_no < 0) || (schib->pmcw.dev == dev_no)) {
return true;
}
--
1.8.3.1

201
SOURCES/kvm-s390-bios-Factor-finding-boot-device-out-of-virtio-c.patch Normal file
View File

@ -0,0 +1,201 @@
From e9b154b1297ac5aff8737dde61b6793fcd7c0a69 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:40 +0100
Subject: [PATCH 15/21] s390-bios: Factor finding boot device out of virtio
code path
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-13-thuth@redhat.com>
Patchwork-id: 91789
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 12/17] s390-bios: Factor finding boot device out of virtio code path
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Make a new routine find_boot_device to locate the boot device for all
cases, not just virtio.
The error message for the case where no boot device has been specified
and a suitable boot device cannot be auto detected was specific to
virtio devices. We update this message to remove virtio specific wording.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <1554388475-18329-12-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 7b361db37b18a75860decc0a85e0194936401d66)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
tests/boot-serial-test.c
(we're missing commit 052888f043ba in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 85 ++++++++++++++++++++++++++----------------------
tests/boot-serial-test.c | 2 +-
2 files changed, 47 insertions(+), 40 deletions(-)
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index d04ea89..d3a161c 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -58,17 +58,18 @@ unsigned int get_loadparm_index(void)
* NOTE: The global variable blk_schid is updated to contain the subchannel
* information.
*/
-static bool find_dev(Schib *schib, int dev_no)
+static bool find_subch(int dev_no)
{
+ Schib schib;
int i, r;
for (i = 0; i < 0x10000; i++) {
blk_schid.sch_no = i;
- r = stsch_err(blk_schid, schib);
+ r = stsch_err(blk_schid, &schib);
if ((r == 3) || (r == -EIO)) {
break;
}
- if (!schib->pmcw.dnv) {
+ if (!schib.pmcw.dnv) {
continue;
}
@@ -80,7 +81,7 @@ static bool find_dev(Schib *schib, int dev_no)
continue;
}
- if ((dev_no < 0) || (schib->pmcw.dev == dev_no)) {
+ if ((dev_no < 0) || (schib.pmcw.dev == dev_no)) {
return true;
}
}
@@ -136,56 +137,61 @@ static void boot_setup(void)
have_iplb = store_iplb(&iplb);
}
-static void virtio_setup(void)
+static void find_boot_device(void)
{
- Schib schib;
- int ssid;
- bool found = false;
- uint16_t dev_no;
VDev *vdev = virtio_get_device();
- QemuIplParameters *early_qipl = (QemuIplParameters *)QIPL_ADDRESS;
-
- memcpy(&qipl, early_qipl, sizeof(QemuIplParameters));
+ int ssid;
+ bool found;
- if (have_iplb) {
- switch (iplb.pbt) {
- case S390_IPL_TYPE_CCW:
- dev_no = iplb.ccw.devno;
- debug_print_int("device no. ", dev_no);
- blk_schid.ssid = iplb.ccw.ssid & 0x3;
- debug_print_int("ssid ", blk_schid.ssid);
- found = find_dev(&schib, dev_no);
- break;
- case S390_IPL_TYPE_QEMU_SCSI:
- vdev->scsi_device_selected = true;
- vdev->selected_scsi_device.channel = iplb.scsi.channel;
- vdev->selected_scsi_device.target = iplb.scsi.target;
- vdev->selected_scsi_device.lun = iplb.scsi.lun;
- blk_schid.ssid = iplb.scsi.ssid & 0x3;
- found = find_dev(&schib, iplb.scsi.devno);
- break;
- default:
- panic("List-directed IPL not supported yet!\n");
- }
- menu_setup();
- } else {
+ if (!have_iplb) {
for (ssid = 0; ssid < 0x3; ssid++) {
blk_schid.ssid = ssid;
- found = find_dev(&schib, -1);
+ found = find_subch(-1);
if (found) {
- break;
+ return;
}
}
+ panic("Could not find a suitable boot device (none specified)\n");
+ }
+
+ switch (iplb.pbt) {
+ case S390_IPL_TYPE_CCW:
+ debug_print_int("device no. ", iplb.ccw.devno);
+ blk_schid.ssid = iplb.ccw.ssid & 0x3;
+ debug_print_int("ssid ", blk_schid.ssid);
+ found = find_subch(iplb.ccw.devno);
+ break;
+ case S390_IPL_TYPE_QEMU_SCSI:
+ vdev->scsi_device_selected = true;
+ vdev->selected_scsi_device.channel = iplb.scsi.channel;
+ vdev->selected_scsi_device.target = iplb.scsi.target;
+ vdev->selected_scsi_device.lun = iplb.scsi.lun;
+ blk_schid.ssid = iplb.scsi.ssid & 0x3;
+ found = find_subch(iplb.scsi.devno);
+ break;
+ default:
+ panic("List-directed IPL not supported yet!\n");
}
- IPL_assert(found, "No virtio device found");
+ IPL_assert(found, "Boot device not found\n");
+}
+
+static void virtio_setup(void)
+{
+ VDev *vdev = virtio_get_device();
+ QemuIplParameters *early_qipl = (QemuIplParameters *)QIPL_ADDRESS;
+
+ memcpy(&qipl, early_qipl, sizeof(QemuIplParameters));
+
+ if (have_iplb) {
+ menu_setup();
+ }
if (virtio_get_device_type() == VIRTIO_ID_NET) {
sclp_print("Network boot device detected\n");
vdev->netboot_start_addr = qipl.netboot_start_addr;
} else {
virtio_blk_setup_device(blk_schid);
-
IPL_assert(virtio_ipl_disk_is_valid(), "No valid IPL device detected");
}
}
@@ -195,8 +201,9 @@ int main(void)
sclp_setup();
css_setup();
boot_setup();
- virtio_setup();
+ find_boot_device();
+ virtio_setup();
zipl_load(); /* no return */
panic("Failed to load OS from hard disk\n");
diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index dc682c1..fe52668 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -97,7 +97,7 @@ static testdef_t tests[] = {
{ "sparc", "SS-600MP", "", "TMS390Z55" },
{ "sparc64", "sun4u", "", "UltraSPARC" },
{ "s390x", "s390-ccw-virtio",
- "-nodefaults -device sclpconsole,chardev=serial0", "virtio device" },
+ "-nodefaults -device sclpconsole,chardev=serial0", "device" },
{ "m68k", "mcf5208evb", "", "TT", sizeof(kernel_mcf5208), kernel_mcf5208 },
{ "microblaze", "petalogix-s3adsp1800", "", "TT",
sizeof(kernel_pls3adsp1800), kernel_pls3adsp1800 },
--
1.8.3.1

152
SOURCES/kvm-s390-bios-Map-low-core-memory.patch Normal file
View File

@ -0,0 +1,152 @@
From 256d99ee0acedd9ca8f21c9ebec83eee5e905c9d Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:35 +0100
Subject: [PATCH 10/21] s390-bios: Map low core memory
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-8-thuth@redhat.com>
Patchwork-id: 91786
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 07/17] s390-bios: Map low core memory
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Create a new header for basic architecture specific definitions and add a
mapping of low core memory. This mapping will be used by the real dasd boot
process.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-7-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit c95df3d108028ff5a709ee3aefdb14401b07cb39)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 2 +
pc-bios/s390-ccw/s390-arch.h | 90 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 92 insertions(+)
create mode 100644 pc-bios/s390-ccw/s390-arch.h
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 10f04c6..e403b5f 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -9,6 +9,7 @@
*/
#include "libc.h"
+#include "s390-arch.h"
#include "s390-ccw.h"
#include "cio.h"
#include "virtio.h"
@@ -19,6 +20,7 @@ static char loadparm_str[LOADPARM_LEN + 1] = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
QemuIplParameters qipl;
IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
static bool have_iplb;
+LowCore const *lowcore; /* Yes, this *is* a pointer to address 0 */
#define LOADPARM_PROMPT "PROMPT "
#define LOADPARM_EMPTY " "
diff --git a/pc-bios/s390-ccw/s390-arch.h b/pc-bios/s390-ccw/s390-arch.h
new file mode 100644
index 0000000..5e92c7a
--- /dev/null
+++ b/pc-bios/s390-ccw/s390-arch.h
@@ -0,0 +1,90 @@
+/*
+ * S390 Basic Architecture
+ *
+ * Copyright (c) 2019 Jason J. Herne <jjherne@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef S390_ARCH_H
+#define S390_ARCH_H
+
+typedef struct PSW {
+ uint64_t mask;
+ uint64_t addr;
+} __attribute__ ((aligned(8))) PSW;
+_Static_assert(sizeof(struct PSW) == 16, "PSW size incorrect");
+
+/* Older PSW format used by LPSW instruction */
+typedef struct PSWLegacy {
+ uint32_t mask;
+ uint32_t addr;
+} __attribute__ ((aligned(8))) PSWLegacy;
+_Static_assert(sizeof(struct PSWLegacy) == 8, "PSWLegacy size incorrect");
+
+/* s390 psw bit masks */
+#define PSW_MASK_IOINT 0x0200000000000000ULL
+#define PSW_MASK_WAIT 0x0002000000000000ULL
+#define PSW_MASK_EAMODE 0x0000000100000000ULL
+#define PSW_MASK_BAMODE 0x0000000080000000ULL
+#define PSW_MASK_ZMODE (PSW_MASK_EAMODE | PSW_MASK_BAMODE)
+
+/* Low core mapping */
+typedef struct LowCore {
+ /* prefix area: defined by architecture */
+ PSWLegacy ipl_psw; /* 0x000 */
+ uint32_t ccw1[2]; /* 0x008 */
+ uint32_t ccw2[2]; /* 0x010 */
+ uint8_t pad1[0x80 - 0x18]; /* 0x018 */
+ uint32_t ext_params; /* 0x080 */
+ uint16_t cpu_addr; /* 0x084 */
+ uint16_t ext_int_code; /* 0x086 */
+ uint16_t svc_ilen; /* 0x088 */
+ uint16_t svc_code; /* 0x08a */
+ uint16_t pgm_ilen; /* 0x08c */
+ uint16_t pgm_code; /* 0x08e */
+ uint32_t data_exc_code; /* 0x090 */
+ uint16_t mon_class_num; /* 0x094 */
+ uint16_t per_perc_atmid; /* 0x096 */
+ uint64_t per_address; /* 0x098 */
+ uint8_t exc_access_id; /* 0x0a0 */
+ uint8_t per_access_id; /* 0x0a1 */
+ uint8_t op_access_id; /* 0x0a2 */
+ uint8_t ar_access_id; /* 0x0a3 */
+ uint8_t pad2[0xA8 - 0xA4]; /* 0x0a4 */
+ uint64_t trans_exc_code; /* 0x0a8 */
+ uint64_t monitor_code; /* 0x0b0 */
+ uint16_t subchannel_id; /* 0x0b8 */
+ uint16_t subchannel_nr; /* 0x0ba */
+ uint32_t io_int_parm; /* 0x0bc */
+ uint32_t io_int_word; /* 0x0c0 */
+ uint8_t pad3[0xc8 - 0xc4]; /* 0x0c4 */
+ uint32_t stfl_fac_list; /* 0x0c8 */
+ uint8_t pad4[0xe8 - 0xcc]; /* 0x0cc */
+ uint64_t mcic; /* 0x0e8 */
+ uint8_t pad5[0xf4 - 0xf0]; /* 0x0f0 */
+ uint32_t external_damage_code; /* 0x0f4 */
+ uint64_t failing_storage_address; /* 0x0f8 */
+ uint8_t pad6[0x110 - 0x100]; /* 0x100 */
+ uint64_t per_breaking_event_addr; /* 0x110 */
+ uint8_t pad7[0x120 - 0x118]; /* 0x118 */
+ PSW restart_old_psw; /* 0x120 */
+ PSW external_old_psw; /* 0x130 */
+ PSW svc_old_psw; /* 0x140 */
+ PSW program_old_psw; /* 0x150 */
+ PSW mcck_old_psw; /* 0x160 */
+ PSW io_old_psw; /* 0x170 */
+ uint8_t pad8[0x1a0 - 0x180]; /* 0x180 */
+ PSW restart_new_psw; /* 0x1a0 */
+ PSW external_new_psw; /* 0x1b0 */
+ PSW svc_new_psw; /* 0x1c0 */
+ PSW program_new_psw; /* 0x1d0 */
+ PSW mcck_new_psw; /* 0x1e0 */
+ PSW io_new_psw; /* 0x1f0 */
+} __attribute__((packed, aligned(8192))) LowCore;
+
+extern LowCore const *lowcore;
+
+#endif
--
1.8.3.1

159
SOURCES/kvm-s390-bios-Refactor-virtio-to-run-channel-programs-vi.patch Normal file
View File

@ -0,0 +1,159 @@
From 776fe22777dd348073449622797cfd9d12058f38 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:41 +0100
Subject: [PATCH 16/21] s390-bios: Refactor virtio to run channel programs via
cio
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-14-thuth@redhat.com>
Patchwork-id: 91793
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 13/17] s390-bios: Refactor virtio to run channel programs via cio
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Now that we have a Channel I/O library let's modify virtio boot code to
make use of it for running channel programs.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-13-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 9de6cbb152bee3917e58ad00633eddafb40d6678)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/virtio.c | 57 ++++++++++++++++++++++-------------------------
1 file changed, 27 insertions(+), 30 deletions(-)
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
index aa9da72..35278eae 100644
--- a/pc-bios/s390-ccw/virtio.c
+++ b/pc-bios/s390-ccw/virtio.c
@@ -14,6 +14,7 @@
#include "virtio.h"
#include "virtio-scsi.h"
#include "bswap.h"
+#include "helper.h"
#define VRING_WAIT_REPLY_TIMEOUT 30
@@ -89,33 +90,20 @@ int drain_irqs(SubChannelId schid)
}
}
-static int run_ccw(VDev *vdev, int cmd, void *ptr, int len)
+static int run_ccw(VDev *vdev, int cmd, void *ptr, int len, bool sli)
{
Ccw1 ccw = {};
- CmdOrb orb = {};
- int r;
-
- enable_subchannel(vdev->schid);
-
- /* start subchannel command */
- orb.fmt = 1;
- orb.cpa = (u32)(long)&ccw;
- orb.lpm = 0x80;
ccw.cmd_code = cmd;
ccw.cda = (long)ptr;
ccw.count = len;
- r = ssch(vdev->schid, &orb);
- /*
- * XXX Wait until device is done processing the CCW. For now we can
- * assume that a simple tsch will have finished the CCW processing,
- * but the architecture allows for asynchronous operation
- */
- if (!r) {
- r = drain_irqs(vdev->schid);
+ if (sli) {
+ ccw.flags |= CCW_FLAG_SLI;
}
- return r;
+
+ enable_subchannel(vdev->schid);
+ return do_cio(vdev->schid, vdev->senseid.cu_type, ptr2u32(&ccw), CCW_FMT1);
}
static void vring_init(VRing *vr, VqInfo *info)
@@ -257,7 +245,7 @@ void virtio_setup_ccw(VDev *vdev)
vdev->config.blk.blk_size = 0; /* mark "illegal" - setup started... */
vdev->guessed_disk_nature = VIRTIO_GDN_NONE;
- run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0);
+ run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0, false);
switch (vdev->senseid.cu_model) {
case VIRTIO_ID_NET:
@@ -278,18 +266,19 @@ void virtio_setup_ccw(VDev *vdev)
default:
panic("Unsupported virtio device\n");
}
- IPL_assert(run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size) == 0,
- "Could not get block device configuration");
+ IPL_assert(
+ run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false) == 0,
+ "Could not get block device configuration");
/* Feature negotiation */
for (i = 0; i < ARRAY_SIZE(vdev->guest_features); i++) {
feats.features = 0;
feats.index = i;
- rc = run_ccw(vdev, CCW_CMD_READ_FEAT, &feats, sizeof(feats));
+ rc = run_ccw(vdev, CCW_CMD_READ_FEAT, &feats, sizeof(feats), false);
IPL_assert(rc == 0, "Could not get features bits");
vdev->guest_features[i] &= bswap32(feats.features);
feats.features = bswap32(vdev->guest_features[i]);
- rc = run_ccw(vdev, CCW_CMD_WRITE_FEAT, &feats, sizeof(feats));
+ rc = run_ccw(vdev, CCW_CMD_WRITE_FEAT, &feats, sizeof(feats), false);
IPL_assert(rc == 0, "Could not set features bits");
}
@@ -306,16 +295,17 @@ void virtio_setup_ccw(VDev *vdev)
};
IPL_assert(
- run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config)) == 0,
+ run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config), false) == 0,
"Could not get block device VQ configuration");
info.num = config.num;
vring_init(&vdev->vrings[i], &info);
vdev->vrings[i].schid = vdev->schid;
- IPL_assert(run_ccw(vdev, CCW_CMD_SET_VQ, &info, sizeof(info)) == 0,
- "Cannot set VQ info");
+ IPL_assert(
+ run_ccw(vdev, CCW_CMD_SET_VQ, &info, sizeof(info), false) == 0,
+ "Cannot set VQ info");
}
IPL_assert(
- run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status)) == 0,
+ run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false) == 0,
"Could not write status to host");
}
@@ -323,8 +313,15 @@ bool virtio_is_supported(SubChannelId schid)
{
vdev.schid = schid;
memset(&vdev.senseid, 0, sizeof(vdev.senseid));
- /* run sense id command */
- if (run_ccw(&vdev, CCW_CMD_SENSE_ID, &vdev.senseid, sizeof(vdev.senseid))) {
+
+ /*
+ * Run sense id command.
+ * The size of the senseid data differs between devices (notably,
+ * between virtio devices and dasds), so specify the largest possible
+ * size and suppress the incorrect length indication for smaller sizes.
+ */
+ if (run_ccw(&vdev, CCW_CMD_SENSE_ID, &vdev.senseid, sizeof(vdev.senseid),
+ true)) {
return false;
}
if (vdev.senseid.cu_type == 0x3832) {
--
1.8.3.1

520
SOURCES/kvm-s390-bios-Support-booting-from-real-dasd-device.patch Normal file
View File

@ -0,0 +1,520 @@
From 2267eadd85126ea711cc8314c7df45a70486651c Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:44 +0100
Subject: [PATCH 19/21] s390-bios: Support booting from real dasd device
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-17-thuth@redhat.com>
Patchwork-id: 91791
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 16/17] s390-bios: Support booting from real dasd device
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Allows guest to boot from a vfio configured real dasd device.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <1554388475-18329-16-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit efa47d36da89f4b23c315a7cc085fab0d15eb47c)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
MAINTAINERS
(simple contextual conflict due to missing downstream commits)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
MAINTAINERS | 3 +-
docs/devel/s390-dasd-ipl.txt | 133 ++++++++++++++++++++++++
pc-bios/s390-ccw/Makefile | 2 +-
pc-bios/s390-ccw/dasd-ipl.c | 235 +++++++++++++++++++++++++++++++++++++++++++
pc-bios/s390-ccw/dasd-ipl.h | 16 +++
pc-bios/s390-ccw/main.c | 5 +
pc-bios/s390-ccw/s390-arch.h | 13 +++
7 files changed, 405 insertions(+), 2 deletions(-)
create mode 100644 docs/devel/s390-dasd-ipl.txt
create mode 100644 pc-bios/s390-ccw/dasd-ipl.c
create mode 100644 pc-bios/s390-ccw/dasd-ipl.h
diff --git a/MAINTAINERS b/MAINTAINERS
index 9b74756..770885a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -896,7 +896,8 @@ M: Thomas Huth <thuth@redhat.com>
S: Supported
F: pc-bios/s390-ccw/
F: pc-bios/s390-ccw.img
-T: git git://github.com/borntraeger/qemu.git s390-next
+F: docs/devel/s390-dasd-ipl.txt
+T: git https://github.com/borntraeger/qemu.git s390-next
L: qemu-s390x@nongnu.org
UniCore32 Machines
diff --git a/docs/devel/s390-dasd-ipl.txt b/docs/devel/s390-dasd-ipl.txt
new file mode 100644
index 0000000..9107e04
--- /dev/null
+++ b/docs/devel/s390-dasd-ipl.txt
@@ -0,0 +1,133 @@
+*****************************
+***** s390 hardware IPL *****
+*****************************
+
+The s390 hardware IPL process consists of the following steps.
+
+1. A READ IPL ccw is constructed in memory location 0x0.
+ This ccw, by definition, reads the IPL1 record which is located on the disk
+ at cylinder 0 track 0 record 1. Note that the chain flag is on in this ccw
+ so when it is complete another ccw will be fetched and executed from memory
+ location 0x08.
+
+2. Execute the Read IPL ccw at 0x00, thereby reading IPL1 data into 0x00.
+ IPL1 data is 24 bytes in length and consists of the following pieces of
+ information: [psw][read ccw][tic ccw]. When the machine executes the Read
+ IPL ccw it read the 24-bytes of IPL1 to be read into memory starting at
+ location 0x0. Then the ccw program at 0x08 which consists of a read
+ ccw and a tic ccw is automatically executed because of the chain flag from
+ the original READ IPL ccw. The read ccw will read the IPL2 data into memory
+ and the TIC (Transfer In Channel) will transfer control to the channel
+ program contained in the IPL2 data. The TIC channel command is the
+ equivalent of a branch/jump/goto instruction for channel programs.
+ NOTE: The ccws in IPL1 are defined by the architecture to be format 0.
+
+3. Execute IPL2.
+ The TIC ccw instruction at the end of the IPL1 channel program will begin
+ the execution of the IPL2 channel program. IPL2 is stage-2 of the boot
+ process and will contain a larger channel program than IPL1. The point of
+ IPL2 is to find and load either the operating system or a small program that
+ loads the operating system from disk. At the end of this step all or some of
+ the real operating system is loaded into memory and we are ready to hand
+ control over to the guest operating system. At this point the guest
+ operating system is entirely responsible for loading any more data it might
+ need to function. NOTE: The IPL2 channel program might read data into memory
+ location 0 thereby overwriting the IPL1 psw and channel program. This is ok
+ as long as the data placed in location 0 contains a psw whose instruction
+ address points to the guest operating system code to execute at the end of
+ the IPL/boot process.
+ NOTE: The ccws in IPL2 are defined by the architecture to be format 0.
+
+4. Start executing the guest operating system.
+ The psw that was loaded into memory location 0 as part of the ipl process
+ should contain the needed flags for the operating system we have loaded. The
+ psw's instruction address will point to the location in memory where we want
+ to start executing the operating system. This psw is loaded (via LPSW
+ instruction) causing control to be passed to the operating system code.
+
+In a non-virtualized environment this process, handled entirely by the hardware,
+is kicked off by the user initiating a "Load" procedure from the hardware
+management console. This "Load" procedure crafts a special "Read IPL" ccw in
+memory location 0x0 that reads IPL1. It then executes this ccw thereby kicking
+off the reading of IPL1 data. Since the channel program from IPL1 will be
+written immediately after the special "Read IPL" ccw, the IPL1 channel program
+will be executed immediately (the special read ccw has the chaining bit turned
+on). The TIC at the end of the IPL1 channel program will cause the IPL2 channel
+program to be executed automatically. After this sequence completes the "Load"
+procedure then loads the psw from 0x0.
+
+**********************************************************
+***** How this all pertains to QEMU (and the kernel) *****
+**********************************************************
+
+In theory we should merely have to do the following to IPL/boot a guest
+operating system from a DASD device:
+
+1. Place a "Read IPL" ccw into memory location 0x0 with chaining bit on.
+2. Execute channel program at 0x0.
+3. LPSW 0x0.
+
+However, our emulation of the machine's channel program logic within the kernel
+is missing one key feature that is required for this process to work:
+non-prefetch of ccw data.
+
+When we start a channel program we pass the channel subsystem parameters via an
+ORB (Operation Request Block). One of those parameters is a prefetch bit. If the
+bit is on then the vfio-ccw kernel driver is allowed to read the entire channel
+program from guest memory before it starts executing it. This means that any
+channel commands that read additional channel commands will not work as expected
+because the newly read commands will only exist in guest memory and NOT within
+the kernel's channel subsystem memory. The kernel vfio-ccw driver currently
+requires this bit to be on for all channel programs. This is a problem because
+the IPL process consists of transferring control from the "Read IPL" ccw
+immediately to the IPL1 channel program that was read by "Read IPL".
+
+Not being able to turn off prefetch will also prevent the TIC at the end of the
+IPL1 channel program from transferring control to the IPL2 channel program.
+
+Lastly, in some cases (the zipl bootloader for example) the IPL2 program also
+transfers control to another channel program segment immediately after reading
+it from the disk. So we need to be able to handle this case.
+
+**************************
+***** What QEMU does *****
+**************************
+
+Since we are forced to live with prefetch we cannot use the very simple IPL
+procedure we defined in the preceding section. So we compensate by doing the
+following.
+
+1. Place "Read IPL" ccw into memory location 0x0, but turn off chaining bit.
+2. Execute "Read IPL" at 0x0.
+
+ So now IPL1's psw is at 0x0 and IPL1's channel program is at 0x08.
+
+4. Write a custom channel program that will seek to the IPL2 record and then
+ execute the READ and TIC ccws from IPL1. Normally the seek is not required
+ because after reading the IPL1 record the disk is automatically positioned
+ to read the very next record which will be IPL2. But since we are not reading
+ both IPL1 and IPL2 as part of the same channel program we must manually set
+ the position.
+
+5. Grab the target address of the TIC instruction from the IPL1 channel program.
+ This address is where the IPL2 channel program starts.
+
+ Now IPL2 is loaded into memory somewhere, and we know the address.
+
+6. Execute the IPL2 channel program at the address obtained in step #5.
+
+ Because this channel program can be dynamic, we must use a special algorithm
+ that detects a READ immediately followed by a TIC and breaks the ccw chain
+ by turning off the chain bit in the READ ccw. When control is returned from
+ the kernel/hardware to the QEMU bios code we immediately issue another start
+ subchannel to execute the remaining TIC instruction. This causes the entire
+ channel program (starting from the TIC) and all needed data to be refetched
+ thereby stepping around the limitation that would otherwise prevent this
+ channel program from executing properly.
+
+ Now the operating system code is loaded somewhere in guest memory and the psw
+ in memory location 0x0 will point to entry code for the guest operating
+ system.
+
+7. LPSW 0x0.
+ LPSW transfers control to the guest operating system and we're done.
diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile
index acca961..d6a6e18 100644
--- a/pc-bios/s390-ccw/Makefile
+++ b/pc-bios/s390-ccw/Makefile
@@ -10,7 +10,7 @@ $(call set-vpath, $(SRC_PATH)/pc-bios/s390-ccw)
.PHONY : all clean build-all
OBJECTS = start.o main.o bootmap.o jump2ipl.o sclp.o menu.o \
- virtio.o virtio-scsi.o virtio-blkdev.o libc.o cio.o
+ virtio.o virtio-scsi.o virtio-blkdev.o libc.o cio.o dasd-ipl.o
QEMU_CFLAGS := $(filter -W%, $(QEMU_CFLAGS))
QEMU_CFLAGS += -ffreestanding -fno-delete-null-pointer-checks -msoft-float
diff --git a/pc-bios/s390-ccw/dasd-ipl.c b/pc-bios/s390-ccw/dasd-ipl.c
new file mode 100644
index 0000000..0fc879b
--- /dev/null
+++ b/pc-bios/s390-ccw/dasd-ipl.c
@@ -0,0 +1,235 @@
+/*
+ * S390 IPL (boot) from a real DASD device via vfio framework.
+ *
+ * Copyright (c) 2019 Jason J. Herne <jjherne@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "libc.h"
+#include "s390-ccw.h"
+#include "s390-arch.h"
+#include "dasd-ipl.h"
+#include "helper.h"
+
+static char prefix_page[PAGE_SIZE * 2]
+ __attribute__((__aligned__(PAGE_SIZE * 2)));
+
+static void enable_prefixing(void)
+{
+ memcpy(&prefix_page, lowcore, 4096);
+ set_prefix(ptr2u32(&prefix_page));
+}
+
+static void disable_prefixing(void)
+{
+ set_prefix(0);
+ /* Copy io interrupt info back to low core */
+ memcpy((void *)&lowcore->subchannel_id, prefix_page + 0xB8, 12);
+}
+
+static bool is_read_tic_ccw_chain(Ccw0 *ccw)
+{
+ Ccw0 *next_ccw = ccw + 1;
+
+ return ((ccw->cmd_code == CCW_CMD_DASD_READ ||
+ ccw->cmd_code == CCW_CMD_DASD_READ_MT) &&
+ ccw->chain && next_ccw->cmd_code == CCW_CMD_TIC);
+}
+
+static bool dynamic_cp_fixup(uint32_t ccw_addr, uint32_t *next_cpa)
+{
+ Ccw0 *cur_ccw = (Ccw0 *)(uint64_t)ccw_addr;
+ Ccw0 *tic_ccw;
+
+ while (true) {
+ /* Skip over inline TIC (it might not have the chain bit on) */
+ if (cur_ccw->cmd_code == CCW_CMD_TIC &&
+ cur_ccw->cda == ptr2u32(cur_ccw) - 8) {
+ cur_ccw += 1;
+ continue;
+ }
+
+ if (!cur_ccw->chain) {
+ break;
+ }
+ if (is_read_tic_ccw_chain(cur_ccw)) {
+ /*
+ * Breaking a chain of CCWs may alter the semantics or even the
+ * validity of a channel program. The heuristic implemented below
+ * seems to work well in practice for the channel programs
+ * generated by zipl.
+ */
+ tic_ccw = cur_ccw + 1;
+ *next_cpa = tic_ccw->cda;
+ cur_ccw->chain = 0;
+ return true;
+ }
+ cur_ccw += 1;
+ }
+ return false;
+}
+
+static int run_dynamic_ccw_program(SubChannelId schid, uint16_t cutype,
+ uint32_t cpa)
+{
+ bool has_next;
+ uint32_t next_cpa = 0;
+ int rc;
+
+ do {
+ has_next = dynamic_cp_fixup(cpa, &next_cpa);
+
+ print_int("executing ccw chain at ", cpa);
+ enable_prefixing();
+ rc = do_cio(schid, cutype, cpa, CCW_FMT0);
+ disable_prefixing();
+
+ if (rc) {
+ break;
+ }
+ cpa = next_cpa;
+ } while (has_next);
+
+ return rc;
+}
+
+static void make_readipl(void)
+{
+ Ccw0 *ccwIplRead = (Ccw0 *)0x00;
+
+ /* Create Read IPL ccw at address 0 */
+ ccwIplRead->cmd_code = CCW_CMD_READ_IPL;
+ ccwIplRead->cda = 0x00; /* Read into address 0x00 in main memory */
+ ccwIplRead->chain = 0; /* Chain flag */
+ ccwIplRead->count = 0x18; /* Read 0x18 bytes of data */
+}
+
+static void run_readipl(SubChannelId schid, uint16_t cutype)
+{
+ if (do_cio(schid, cutype, 0x00, CCW_FMT0)) {
+ panic("dasd-ipl: Failed to run Read IPL channel program\n");
+ }
+}
+
+/*
+ * The architecture states that IPL1 data should consist of a psw followed by
+ * format-0 READ and TIC CCWs. Let's sanity check.
+ */
+static void check_ipl1(void)
+{
+ Ccw0 *ccwread = (Ccw0 *)0x08;
+ Ccw0 *ccwtic = (Ccw0 *)0x10;
+
+ if (ccwread->cmd_code != CCW_CMD_DASD_READ ||
+ ccwtic->cmd_code != CCW_CMD_TIC) {
+ panic("dasd-ipl: IPL1 data invalid. Is this disk really bootable?\n");
+ }
+}
+
+static void check_ipl2(uint32_t ipl2_addr)
+{
+ Ccw0 *ccw = u32toptr(ipl2_addr);
+
+ if (ipl2_addr == 0x00) {
+ panic("IPL2 address invalid. Is this disk really bootable?\n");
+ }
+ if (ccw->cmd_code == 0x00) {
+ panic("IPL2 ccw data invalid. Is this disk really bootable?\n");
+ }
+}
+
+static uint32_t read_ipl2_addr(void)
+{
+ Ccw0 *ccwtic = (Ccw0 *)0x10;
+
+ return ccwtic->cda;
+}
+
+static void ipl1_fixup(void)
+{
+ Ccw0 *ccwSeek = (Ccw0 *) 0x08;
+ Ccw0 *ccwSearchID = (Ccw0 *) 0x10;
+ Ccw0 *ccwSearchTic = (Ccw0 *) 0x18;
+ Ccw0 *ccwRead = (Ccw0 *) 0x20;
+ CcwSeekData *seekData = (CcwSeekData *) 0x30;
+ CcwSearchIdData *searchData = (CcwSearchIdData *) 0x38;
+
+ /* move IPL1 CCWs to make room for CCWs needed to locate record 2 */
+ memcpy(ccwRead, (void *)0x08, 16);
+
+ /* Disable chaining so we don't TIC to IPL2 channel program */
+ ccwRead->chain = 0x00;
+
+ ccwSeek->cmd_code = CCW_CMD_DASD_SEEK;
+ ccwSeek->cda = ptr2u32(seekData);
+ ccwSeek->chain = 1;
+ ccwSeek->count = sizeof(*seekData);
+ seekData->reserved = 0x00;
+ seekData->cyl = 0x00;
+ seekData->head = 0x00;
+
+ ccwSearchID->cmd_code = CCW_CMD_DASD_SEARCH_ID_EQ;
+ ccwSearchID->cda = ptr2u32(searchData);
+ ccwSearchID->chain = 1;
+ ccwSearchID->count = sizeof(*searchData);
+ searchData->cyl = 0;
+ searchData->head = 0;
+ searchData->record = 2;
+
+ /* Go back to Search CCW if correct record not yet found */
+ ccwSearchTic->cmd_code = CCW_CMD_TIC;
+ ccwSearchTic->cda = ptr2u32(ccwSearchID);
+}
+
+static void run_ipl1(SubChannelId schid, uint16_t cutype)
+ {
+ uint32_t startAddr = 0x08;
+
+ if (do_cio(schid, cutype, startAddr, CCW_FMT0)) {
+ panic("dasd-ipl: Failed to run IPL1 channel program\n");
+ }
+}
+
+static void run_ipl2(SubChannelId schid, uint16_t cutype, uint32_t addr)
+{
+ if (run_dynamic_ccw_program(schid, cutype, addr)) {
+ panic("dasd-ipl: Failed to run IPL2 channel program\n");
+ }
+}
+
+/*
+ * Limitations in vfio-ccw support complicate the IPL process. Details can
+ * be found in docs/devel/s390-dasd-ipl.txt
+ */
+void dasd_ipl(SubChannelId schid, uint16_t cutype)
+{
+ PSWLegacy *pswl = (PSWLegacy *) 0x00;
+ uint32_t ipl2_addr;
+
+ /* Construct Read IPL CCW and run it to read IPL1 from boot disk */
+ make_readipl();
+ run_readipl(schid, cutype);
+ ipl2_addr = read_ipl2_addr();
+ check_ipl1();
+
+ /*
+ * Fixup IPL1 channel program to account for vfio-ccw limitations, then run
+ * it to read IPL2 channel program from boot disk.
+ */
+ ipl1_fixup();
+ run_ipl1(schid, cutype);
+ check_ipl2(ipl2_addr);
+
+ /*
+ * Run IPL2 channel program to read operating system code from boot disk
+ */
+ run_ipl2(schid, cutype, ipl2_addr);
+
+ /* Transfer control to the guest operating system */
+ pswl->mask |= PSW_MASK_EAMODE; /* Force z-mode */
+ pswl->addr |= PSW_MASK_BAMODE; /* ... */
+ jump_to_low_kernel();
+}
diff --git a/pc-bios/s390-ccw/dasd-ipl.h b/pc-bios/s390-ccw/dasd-ipl.h
new file mode 100644
index 0000000..c394828
--- /dev/null
+++ b/pc-bios/s390-ccw/dasd-ipl.h
@@ -0,0 +1,16 @@
+/*
+ * S390 IPL (boot) from a real DASD device via vfio framework.
+ *
+ * Copyright (c) 2019 Jason J. Herne <jjherne@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef DASD_IPL_H
+#define DASD_IPL_H
+
+void dasd_ipl(SubChannelId schid, uint16_t cutype);
+
+#endif /* DASD_IPL_H */
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 57a1013..3c449ad 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -13,6 +13,7 @@
#include "s390-ccw.h"
#include "cio.h"
#include "virtio.h"
+#include "dasd-ipl.h"
char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
static SubChannelId blk_schid = { .one = 1 };
@@ -209,6 +210,10 @@ int main(void)
cutype = cu_type(blk_schid);
switch (cutype) {
+ case CU_TYPE_DASD_3990:
+ case CU_TYPE_DASD_2107:
+ dasd_ipl(blk_schid, cutype); /* no return */
+ break;
case CU_TYPE_VIRTIO:
virtio_setup();
zipl_load(); /* no return */
diff --git a/pc-bios/s390-ccw/s390-arch.h b/pc-bios/s390-ccw/s390-arch.h
index 5e92c7a..504fc7c 100644
--- a/pc-bios/s390-ccw/s390-arch.h
+++ b/pc-bios/s390-ccw/s390-arch.h
@@ -87,4 +87,17 @@ typedef struct LowCore {
extern LowCore const *lowcore;
+static inline void set_prefix(uint32_t address)
+{
+ asm volatile("spx %0" : : "m" (address) : "memory");
+}
+
+static inline uint32_t store_prefix(void)
+{
+ uint32_t address;
+
+ asm volatile("stpx %0" : "=m" (address));
+ return address;
+}
+
#endif
--
1.8.3.1

445
SOURCES/kvm-s390-bios-Support-for-running-format-0-1-channel-pro.patch Normal file
View File

@ -0,0 +1,445 @@
From 363d844cccb965c9eb0e0e6b5ca100e9532a2f0a Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:37 +0100
Subject: [PATCH 12/21] s390-bios: Support for running format-0/1 channel
programs
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-10-thuth@redhat.com>
Patchwork-id: 91783
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 09/17] s390-bios: Support for running format-0/1 channel programs
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Introduce a library function for executing format-0 and format-1
channel programs and waiting for their completion before continuing
execution.
Add cu_type() to channel io library. This will be used to query control
unit type which is used to determine if we are booting a virtio device or a
real dasd device.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Message-Id: <1554388475-18329-9-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 3083a1bbb8716e9052fe375f68f330107ee13127)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/cio.c | 144 ++++++++++++++++++++++++++++++++++++++++++++
pc-bios/s390-ccw/cio.h | 130 ++++++++++++++++++++++++++++++++++++++-
pc-bios/s390-ccw/s390-ccw.h | 1 +
pc-bios/s390-ccw/start.S | 29 +++++++++
4 files changed, 301 insertions(+), 3 deletions(-)
diff --git a/pc-bios/s390-ccw/cio.c b/pc-bios/s390-ccw/cio.c
index 87c6b34..c43e50b 100644
--- a/pc-bios/s390-ccw/cio.c
+++ b/pc-bios/s390-ccw/cio.c
@@ -13,10 +13,14 @@
#include "libc.h"
#include "s390-ccw.h"
+#include "s390-arch.h"
+#include "helper.h"
#include "cio.h"
static char chsc_page[PAGE_SIZE] __attribute__((__aligned__(PAGE_SIZE)));
+static int __do_cio(SubChannelId schid, uint32_t ccw_addr, int fmt, Irb *irb);
+
int enable_mss_facility(void)
{
int ret;
@@ -42,3 +46,143 @@ void enable_subchannel(SubChannelId schid)
schib.pmcw.ena = 1;
msch(schid, &schib);
}
+
+uint16_t cu_type(SubChannelId schid)
+{
+ Ccw1 sense_id_ccw;
+ SenseId sense_data;
+
+ sense_id_ccw.cmd_code = CCW_CMD_SENSE_ID;
+ sense_id_ccw.cda = ptr2u32(&sense_data);
+ sense_id_ccw.count = sizeof(sense_data);
+ sense_id_ccw.flags |= CCW_FLAG_SLI;
+
+ if (do_cio(schid, CU_TYPE_UNKNOWN, ptr2u32(&sense_id_ccw), CCW_FMT1)) {
+ panic("Failed to run SenseID CCw\n");
+ }
+
+ return sense_data.cu_type;
+}
+
+int basic_sense(SubChannelId schid, uint16_t cutype, void *sense_data,
+ uint16_t data_size)
+{
+ Ccw1 senseCcw;
+ Irb irb;
+
+ senseCcw.cmd_code = CCW_CMD_BASIC_SENSE;
+ senseCcw.cda = ptr2u32(sense_data);
+ senseCcw.count = data_size;
+
+ return __do_cio(schid, ptr2u32(&senseCcw), CCW_FMT1, &irb);
+}
+
+static bool irb_error(Irb *irb)
+{
+ if (irb->scsw.cstat) {
+ return true;
+ }
+ return irb->scsw.dstat != (SCSW_DSTAT_DEVEND | SCSW_DSTAT_CHEND);
+}
+
+/*
+ * Handles executing ssch, tsch and returns the irb obtained from tsch.
+ * Returns 0 on success, -1 if unexpected status pending and we need to retry,
+ * otherwise returns condition code from ssch/tsch for error cases.
+ */
+static int __do_cio(SubChannelId schid, uint32_t ccw_addr, int fmt, Irb *irb)
+{
+ CmdOrb orb = {};
+ int rc;
+
+ IPL_assert(fmt == 0 || fmt == 1, "Invalid ccw format");
+
+ /* ccw_addr must be <= 24 bits and point to at least one whole ccw. */
+ if (fmt == 0) {
+ IPL_assert(ccw_addr <= 0xFFFFFF - 8, "Invalid ccw address");
+ }
+
+ orb.fmt = fmt;
+ orb.pfch = 1; /* QEMU's cio implementation requires prefetch */
+ orb.c64 = 1; /* QEMU's cio implementation requires 64-bit idaws */
+ orb.lpm = 0xFF; /* All paths allowed */
+ orb.cpa = ccw_addr;
+
+ rc = ssch(schid, &orb);
+ if (rc == 1 || rc == 2) {
+ /* Subchannel status pending or busy. Eat status and ask for retry. */
+ tsch(schid, irb);
+ return -1;
+ }
+ if (rc) {
+ print_int("ssch failed with cc=", rc);
+ return rc;
+ }
+
+ consume_io_int();
+
+ /* collect status */
+ rc = tsch(schid, irb);
+ if (rc) {
+ print_int("tsch failed with cc=", rc);
+ }
+
+ return rc;
+}
+
+/*
+ * Executes a channel program at a given subchannel. The request to run the
+ * channel program is sent to the subchannel, we then wait for the interrupt
+ * signaling completion of the I/O operation(s) performed by the channel
+ * program. Lastly we verify that the i/o operation completed without error and
+ * that the interrupt we received was for the subchannel used to run the
+ * channel program.
+ *
+ * Note: This function assumes it is running in an environment where no other
+ * cpus are generating or receiving I/O interrupts. So either run it in a
+ * single-cpu environment or make sure all other cpus are not doing I/O and
+ * have I/O interrupts masked off. We also assume that only one device is
+ * active (generating i/o interrupts).
+ *
+ * Returns non-zero on error.
+ */
+int do_cio(SubChannelId schid, uint16_t cutype, uint32_t ccw_addr, int fmt)
+{
+ Irb irb = {};
+ SenseDataEckdDasd sd;
+ int rc, retries = 0;
+
+ while (true) {
+ rc = __do_cio(schid, ccw_addr, fmt, &irb);
+
+ if (rc == -1) {
+ retries++;
+ continue;
+ }
+ if (rc) {
+ /* ssch/tsch error. Message already reported by __do_cio */
+ break;
+ }
+
+ if (!irb_error(&irb)) {
+ break;
+ }
+
+ /*
+ * Unexpected unit check, or interface-control-check. Use sense to
+ * clear (unit check only) then retry.
+ */
+ if ((unit_check(&irb) || iface_ctrl_check(&irb)) && retries <= 2) {
+ if (unit_check(&irb)) {
+ basic_sense(schid, cutype, &sd, sizeof(sd));
+ }
+ retries++;
+ continue;
+ }
+
+ rc = -1;
+ break;
+ }
+
+ return rc;
+}
diff --git a/pc-bios/s390-ccw/cio.h b/pc-bios/s390-ccw/cio.h
index 218fd96..1637e32 100644
--- a/pc-bios/s390-ccw/cio.h
+++ b/pc-bios/s390-ccw/cio.h
@@ -70,9 +70,46 @@ struct scsw {
__u16 count;
} __attribute__ ((packed));
-#define SCSW_FCTL_CLEAR_FUNC 0x1000
-#define SCSW_FCTL_HALT_FUNC 0x2000
+/* Function Control */
#define SCSW_FCTL_START_FUNC 0x4000
+#define SCSW_FCTL_HALT_FUNC 0x2000
+#define SCSW_FCTL_CLEAR_FUNC 0x1000
+
+/* Activity Control */
+#define SCSW_ACTL_RESUME_PEND 0x0800
+#define SCSW_ACTL_START_PEND 0x0400
+#define SCSW_ACTL_HALT_PEND 0x0200
+#define SCSW_ACTL_CLEAR_PEND 0x0100
+#define SCSW_ACTL_CH_ACTIVE 0x0080
+#define SCSW_ACTL_DEV_ACTIVE 0x0040
+#define SCSW_ACTL_SUSPENDED 0x0020
+
+/* Status Control */
+#define SCSW_SCTL_ALERT 0x0010
+#define SCSW_SCTL_INTERMED 0x0008
+#define SCSW_SCTL_PRIMARY 0x0004
+#define SCSW_SCTL_SECONDARY 0x0002
+#define SCSW_SCTL_STATUS_PEND 0x0001
+
+/* SCSW Device Status Flags */
+#define SCSW_DSTAT_ATTN 0x80
+#define SCSW_DSTAT_STATMOD 0x40
+#define SCSW_DSTAT_CUEND 0x20
+#define SCSW_DSTAT_BUSY 0x10
+#define SCSW_DSTAT_CHEND 0x08
+#define SCSW_DSTAT_DEVEND 0x04
+#define SCSW_DSTAT_UCHK 0x02
+#define SCSW_DSTAT_UEXCP 0x01
+
+/* SCSW Subchannel Status Flags */
+#define SCSW_CSTAT_PCINT 0x80
+#define SCSW_CSTAT_BADLEN 0x40
+#define SCSW_CSTAT_PROGCHK 0x20
+#define SCSW_CSTAT_PROTCHK 0x10
+#define SCSW_CSTAT_CHDCHK 0x08
+#define SCSW_CSTAT_CHCCHK 0x04
+#define SCSW_CSTAT_ICCHK 0x02
+#define SCSW_CSTAT_CHAINCHK 0x01
/*
* subchannel information block
@@ -127,7 +164,23 @@ struct tpi_info {
__u32 reserved4:12;
} __attribute__ ((packed, aligned(4)));
-/* channel command word (type 1) */
+/* channel command word (format 0) */
+typedef struct ccw0 {
+ __u8 cmd_code;
+ __u32 cda:24;
+ __u32 chainData:1;
+ __u32 chain:1;
+ __u32 sli:1;
+ __u32 skip:1;
+ __u32 pci:1;
+ __u32 ida:1;
+ __u32 suspend:1;
+ __u32 mida:1;
+ __u8 reserved;
+ __u16 count;
+} __attribute__ ((packed, aligned(8))) Ccw0;
+
+/* channel command word (format 1) */
typedef struct ccw1 {
__u8 cmd_code;
__u8 flags;
@@ -135,6 +188,10 @@ typedef struct ccw1 {
__u32 cda;
} __attribute__ ((packed, aligned(8))) Ccw1;
+/* do_cio() CCW formats */
+#define CCW_FMT0 0x00
+#define CCW_FMT1 0x01
+
#define CCW_FLAG_DC 0x80
#define CCW_FLAG_CC 0x40
#define CCW_FLAG_SLI 0x20
@@ -190,6 +247,11 @@ struct ciw {
__u16 count;
};
+#define CU_TYPE_UNKNOWN 0x0000
+#define CU_TYPE_DASD_2107 0x2107
+#define CU_TYPE_VIRTIO 0x3832
+#define CU_TYPE_DASD_3990 0x3990
+
/*
* sense-id response buffer layout
*/
@@ -205,6 +267,64 @@ typedef struct senseid {
struct ciw ciw[62];
} __attribute__ ((packed, aligned(4))) SenseId;
+/*
+ * architected values for first sense byte - common_status. Bits 0-5 of this
+ * field are common to all device types.
+ */
+#define SNS_STAT0_CMD_REJECT 0x80
+#define SNS_STAT0_INTERVENTION_REQ 0x40
+#define SNS_STAT0_BUS_OUT_CHECK 0x20
+#define SNS_STAT0_EQUIPMENT_CHECK 0x10
+#define SNS_STAT0_DATA_CHECK 0x08
+#define SNS_STAT0_OVERRUN 0x04
+#define SNS_STAT0_INCOMPL_DOMAIN 0x01
+
+/* ECKD DASD status[0] byte */
+#define SNS_STAT1_PERM_ERR 0x80
+#define SNS_STAT1_INV_TRACK_FORMAT 0x40
+#define SNS_STAT1_EOC 0x20
+#define SNS_STAT1_MESSAGE_TO_OPER 0x10
+#define SNS_STAT1_NO_REC_FOUND 0x08
+#define SNS_STAT1_FILE_PROTECTED 0x04
+#define SNS_STAT1_WRITE_INHIBITED 0x02
+#define SNS_STAT1_IMPRECISE_END 0x01
+
+/* ECKD DASD status[1] byte */
+#define SNS_STAT2_REQ_INH_WRITE 0x80
+#define SNS_STAT2_CORRECTABLE 0x40
+#define SNS_STAT2_FIRST_LOG_ERR 0x20
+#define SNS_STAT2_ENV_DATA_PRESENT 0x10
+#define SNS_STAT2_IMPRECISE_END 0x04
+
+/* ECKD DASD 24-byte Sense fmt_msg codes */
+#define SENSE24_FMT_PROG_SYS 0x0
+#define SENSE24_FMT_EQUIPMENT 0x2
+#define SENSE24_FMT_CONTROLLER 0x3
+#define SENSE24_FMT_MISC 0xF
+
+/* basic sense response buffer layout */
+typedef struct SenseDataEckdDasd {
+ uint8_t common_status;
+ uint8_t status[2];
+ uint8_t res_count;
+ uint8_t phys_drive_id;
+ uint8_t low_cyl_addr;
+ uint8_t head_high_cyl_addr;
+ uint8_t fmt_msg;
+ uint64_t fmt_dependent_info[2];
+ uint8_t reserved;
+ uint8_t program_action_code;
+ uint16_t config_info;
+ uint8_t mcode_hicyl;
+ uint8_t cyl_head_addr[3];
+} __attribute__ ((packed, aligned(4))) SenseDataEckdDasd;
+
+#define ECKD_SENSE24_GET_FMT(sd) (sd->fmt_msg & 0xF0 >> 4)
+#define ECKD_SENSE24_GET_MSG(sd) (sd->fmt_msg & 0x0F)
+
+#define unit_check(irb) ((irb)->scsw.dstat & SCSW_DSTAT_UCHK)
+#define iface_ctrl_check(irb) ((irb)->scsw.cstat & SCSW_CSTAT_ICCHK)
+
/* interruption response block */
typedef struct irb {
struct scsw scsw;
@@ -215,6 +335,10 @@ typedef struct irb {
int enable_mss_facility(void);
void enable_subchannel(SubChannelId schid);
+uint16_t cu_type(SubChannelId schid);
+int basic_sense(SubChannelId schid, uint16_t cutype, void *sense_data,
+ uint16_t data_size);
+int do_cio(SubChannelId schid, uint16_t cutype, uint32_t ccw_addr, int fmt);
/*
* Some S390 specific IO instructions as inline
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index b39ee5d..11bce7d 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -52,6 +52,7 @@ typedef unsigned long long __u64;
/* start.s */
void disabled_wait(void);
void consume_sclp_int(void);
+void consume_io_int(void);
/* main.c */
void panic(const char *string);
diff --git a/pc-bios/s390-ccw/start.S b/pc-bios/s390-ccw/start.S
index eb8d024..fe2a4c3 100644
--- a/pc-bios/s390-ccw/start.S
+++ b/pc-bios/s390-ccw/start.S
@@ -71,6 +71,26 @@ consume_sclp_int:
larl %r1, enabled_wait_psw
lpswe 0(%r1)
+/*
+ * void consume_io_int(void)
+ *
+ * eats one I/O interrupt
+ */
+ .globl consume_io_int
+consume_io_int:
+ /* enable I/O interrupts in cr6 */
+ stctg %c6,%c6,0(%r15)
+ oi 4(%r15), 0xff
+ lctlg %c6,%c6,0(%r15)
+ /* prepare i/o call handler */
+ larl %r1, io_new_code
+ stg %r1, 0x1f8
+ larl %r1, io_new_mask
+ mvc 0x1f0(8),0(%r1)
+ /* load enabled wait PSW */
+ larl %r1, enabled_wait_psw
+ lpswe 0(%r1)
+
external_new_code:
/* disable service interrupts in cr0 */
stctg 0,0,0(15)
@@ -78,6 +98,13 @@ external_new_code:
lctlg 0,0,0(15)
br 14
+io_new_code:
+ /* disable I/O interrupts in cr6 */
+ stctg %c6,%c6,0(%r15)
+ ni 4(%r15), 0x00
+ lctlg %c6,%c6,0(%r15)
+ br %r14
+
.align 8
disabled_wait_psw:
.quad 0x0002000180000000,0x0000000000000000
@@ -85,3 +112,5 @@ enabled_wait_psw:
.quad 0x0302000180000000,0x0000000000000000
external_new_mask:
.quad 0x0000000180000000
+io_new_mask:
+ .quad 0x0000000180000000
--
1.8.3.1

106
SOURCES/kvm-s390-bios-Use-control-unit-type-to-determine-boot-me.patch Normal file
View File

@ -0,0 +1,106 @@
From 4b0f36b50e79fe6d345c85f60f12508c17c44f1d Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:42 +0100
Subject: [PATCH 17/21] s390-bios: Use control unit type to determine boot
method
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-15-thuth@redhat.com>
Patchwork-id: 91785
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 14/17] s390-bios: Use control unit type to determine boot method
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
The boot method is different depending on which device type we are
booting from. Let's examine the control unit type to determine if we're
a virtio device. We'll eventually add a case to check for a real dasd device
here as well.
Since we have to call enable_subchannel() in main now, might as well
remove that call from virtio.c : run_ccw(). This requires adding some
additional enable_subchannel calls to not break calls to
virtio_is_supported().
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-14-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 3668cb7ce864ee9351d5d20a1ec6b427cd0b3be4)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 16 ++++++++++++++--
pc-bios/s390-ccw/netmain.c | 1 +
pc-bios/s390-ccw/virtio.c | 1 -
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index d3a161c..57a1013 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -76,6 +76,7 @@ static bool find_subch(int dev_no)
/* Skip net devices since no IPLB is created and therefore no
* network bootloader has been loaded
*/
+ enable_subchannel(blk_schid);
if (virtio_is_supported(blk_schid) &&
virtio_get_device_type() == VIRTIO_ID_NET && dev_no < 0) {
continue;
@@ -198,13 +199,24 @@ static void virtio_setup(void)
int main(void)
{
+ uint16_t cutype;
+
sclp_setup();
css_setup();
boot_setup();
find_boot_device();
+ enable_subchannel(blk_schid);
- virtio_setup();
- zipl_load(); /* no return */
+ cutype = cu_type(blk_schid);
+ switch (cutype) {
+ case CU_TYPE_VIRTIO:
+ virtio_setup();
+ zipl_load(); /* no return */
+ break;
+ default:
+ print_int("Attempting to boot from unexpected device type", cutype);
+ panic("");
+ }
panic("Failed to load OS from hard disk\n");
return 0; /* make compiler happy */
diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
index 4e1b8cf..69cf59d 100644
--- a/pc-bios/s390-ccw/netmain.c
+++ b/pc-bios/s390-ccw/netmain.c
@@ -304,6 +304,7 @@ static bool find_net_dev(Schib *schib, int dev_no)
if (!schib->pmcw.dnv) {
continue;
}
+ enable_subchannel(net_schid);
if (!virtio_is_supported(net_schid)) {
continue;
}
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
index 35278eae..fb40ca9 100644
--- a/pc-bios/s390-ccw/virtio.c
+++ b/pc-bios/s390-ccw/virtio.c
@@ -102,7 +102,6 @@ static int run_ccw(VDev *vdev, int cmd, void *ptr, int len, bool sli)
ccw.flags |= CCW_FLAG_SLI;
}
- enable_subchannel(vdev->schid);
return do_cio(vdev->schid, vdev->senseid.cu_type, ptr2u32(&ccw), CCW_FMT1);
}
--
1.8.3.1

127
SOURCES/kvm-s390-bios-Use-control-unit-type-to-find-bootable-dev.patch Normal file
View File

@ -0,0 +1,127 @@
From cdc1df196d9e1cf5e6f6fe2900637b78d606ee85 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:45 +0100
Subject: [PATCH 20/21] s390-bios: Use control unit type to find bootable
devices
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-18-thuth@redhat.com>
Patchwork-id: 91790
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 17/17] s390-bios: Use control unit type to find bootable devices
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
When the user does not specify which device to boot from then we end
up guessing. Instead of simply grabbing the first available device let's
be a little bit smarter and only choose devices that might be bootable
like disk, and not console devices.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Message-Id: <1554388475-18329-17-git-send-email-jjherne@linux.ibm.com>
[thuth: Added fix for virtio_is_supported() not being called anymore]
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 2880469c95e42f8a5b0acbe8c4808255cc6c9e5b)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 45 +++++++++++++++++++++++++++++++++++----------
1 file changed, 35 insertions(+), 10 deletions(-)
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 3c449ad..a69c733 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -21,6 +21,7 @@ static char loadparm_str[LOADPARM_LEN + 1] = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
QemuIplParameters qipl;
IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
static bool have_iplb;
+static uint16_t cutype;
LowCore const *lowcore; /* Yes, this *is* a pointer to address 0 */
#define LOADPARM_PROMPT "PROMPT "
@@ -58,11 +59,15 @@ unsigned int get_loadparm_index(void)
* subchannel information block (schib) with the connected subchannel's info.
* NOTE: The global variable blk_schid is updated to contain the subchannel
* information.
+ *
+ * If the caller gives dev_no=-1 then the user did not specify a boot device.
+ * In this case we'll just use the first potentially bootable device we find.
*/
static bool find_subch(int dev_no)
{
Schib schib;
int i, r;
+ bool is_virtio;
for (i = 0; i < 0x10000; i++) {
blk_schid.sch_no = i;
@@ -74,16 +79,39 @@ static bool find_subch(int dev_no)
continue;
}
- /* Skip net devices since no IPLB is created and therefore no
- * network bootloader has been loaded
- */
enable_subchannel(blk_schid);
- if (virtio_is_supported(blk_schid) &&
- virtio_get_device_type() == VIRTIO_ID_NET && dev_no < 0) {
- continue;
+ cutype = cu_type(blk_schid);
+
+ /*
+ * Note: we always have to run virtio_is_supported() here to make
+ * sure that the vdev.senseid data gets pre-initialized correctly
+ */
+ is_virtio = virtio_is_supported(blk_schid);
+
+ /* No specific devno given, just return 1st possibly bootable device */
+ if (dev_no < 0) {
+ switch (cutype) {
+ case CU_TYPE_VIRTIO:
+ if (is_virtio) {
+ /*
+ * Skip net devices since no IPLB is created and therefore
+ * no network bootloader has been loaded
+ */
+ if (virtio_get_device_type() != VIRTIO_ID_NET) {
+ return true;
+ }
+ }
+ continue;
+ case CU_TYPE_DASD_3990:
+ case CU_TYPE_DASD_2107:
+ return true;
+ default:
+ continue;
+ }
}
- if ((dev_no < 0) || (schib.pmcw.dev == dev_no)) {
+ /* Caller asked for a specific devno */
+ if (schib.pmcw.dev == dev_no) {
return true;
}
}
@@ -200,15 +228,12 @@ static void virtio_setup(void)
int main(void)
{
- uint16_t cutype;
-
sclp_setup();
css_setup();
boot_setup();
find_boot_device();
enable_subchannel(blk_schid);
- cutype = cu_type(blk_schid);
switch (cutype) {
case CU_TYPE_DASD_3990:
case CU_TYPE_DASD_2107:
--
1.8.3.1

341
SOURCES/kvm-s390-bios-cio-error-handling.patch Normal file
View File

@ -0,0 +1,341 @@
From f7d509d82aeb0af595c6dcfade7904b248ed180b Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:38 +0100
Subject: [PATCH 13/21] s390-bios: cio error handling
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-11-thuth@redhat.com>
Patchwork-id: 91787
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 10/17] s390-bios: cio error handling
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Add verbose error output for when unexpected i/o errors happen. This eases the
burden of debugging and reporting i/o errors. No error information is printed
in the success case, here is an example of what is output on error:
cio device error
ssid : 0x0000000000000000
cssid : 0x0000000000000000
sch_no: 0x0000000000000000
Interrupt Response Block Data:
Function Ctrl : [Start]
Activity Ctrl : [Start-Pending]
Status Ctrl : [Alert] [Primary] [Secondary] [Status-Pending]
Device Status : [Unit-Check]
Channel Status :
cpa=: 0x000000007f8d6038
prev_ccw=: 0x0000000000000000
this_ccw=: 0x0000000000000000
Eckd Dasd Sense Data (fmt 32-bytes):
Sense Condition Flags :
Residual Count =: 0x0000000000000000
Phys Drive ID =: 0x000000000000009e
low cyl address =: 0x0000000000000000
head addr & hi cyl =: 0x0000000000000000
format/message =: 0x0000000000000008
fmt-dependent[0-7] =: 0x0000000000000004
fmt-dependent[8-15]=: 0xe561282305082fff
prog action code =: 0x0000000000000016
Configuration info =: 0x00000000000040e0
mcode / hi-cyl =: 0x0000000000000000
cyl & head addr [0]=: 0x0000000000000000
cyl & head addr [1]=: 0x0000000000000000
cyl & head addr [2]=: 0x0000000000000000
The Sense Data section is currently only printed for ECKD DASD.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <1554388475-18329-10-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 86c58705bb186cfa73a03851047da2c2c37b9418)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/cio.c | 235 ++++++++++++++++++++++++++++++++++++++++++++++++
pc-bios/s390-ccw/libc.h | 11 +++
2 files changed, 246 insertions(+)
diff --git a/pc-bios/s390-ccw/cio.c b/pc-bios/s390-ccw/cio.c
index c43e50b..339ec5f 100644
--- a/pc-bios/s390-ccw/cio.c
+++ b/pc-bios/s390-ccw/cio.c
@@ -85,6 +85,228 @@ static bool irb_error(Irb *irb)
return irb->scsw.dstat != (SCSW_DSTAT_DEVEND | SCSW_DSTAT_CHEND);
}
+static void print_eckd_dasd_sense_data(SenseDataEckdDasd *sd)
+{
+ char msgline[512];
+
+ if (sd->config_info & 0x8000) {
+ sclp_print("Eckd Dasd Sense Data (fmt 24-bytes):\n");
+ } else {
+ sclp_print("Eckd Dasd Sense Data (fmt 32-bytes):\n");
+ }
+
+ strcat(msgline, " Sense Condition Flags :");
+ if (sd->common_status & SNS_STAT0_CMD_REJECT) {
+ strcat(msgline, " [Cmd-Reject]");
+ }
+ if (sd->common_status & SNS_STAT0_INTERVENTION_REQ) {
+ strcat(msgline, " [Intervention-Required]");
+ }
+ if (sd->common_status & SNS_STAT0_BUS_OUT_CHECK) {
+ strcat(msgline, " [Bus-Out-Parity-Check]");
+ }
+ if (sd->common_status & SNS_STAT0_EQUIPMENT_CHECK) {
+ strcat(msgline, " [Equipment-Check]");
+ }
+ if (sd->common_status & SNS_STAT0_DATA_CHECK) {
+ strcat(msgline, " [Data-Check]");
+ }
+ if (sd->common_status & SNS_STAT0_OVERRUN) {
+ strcat(msgline, " [Overrun]");
+ }
+ if (sd->common_status & SNS_STAT0_INCOMPL_DOMAIN) {
+ strcat(msgline, " [Incomplete-Domain]");
+ }
+
+ if (sd->status[0] & SNS_STAT1_PERM_ERR) {
+ strcat(msgline, " [Permanent-Error]");
+ }
+ if (sd->status[0] & SNS_STAT1_INV_TRACK_FORMAT) {
+ strcat(msgline, " [Invalid-Track-Fmt]");
+ }
+ if (sd->status[0] & SNS_STAT1_EOC) {
+ strcat(msgline, " [End-of-Cyl]");
+ }
+ if (sd->status[0] & SNS_STAT1_MESSAGE_TO_OPER) {
+ strcat(msgline, " [Operator-Msg]");
+ }
+ if (sd->status[0] & SNS_STAT1_NO_REC_FOUND) {
+ strcat(msgline, " [No-Record-Found]");
+ }
+ if (sd->status[0] & SNS_STAT1_FILE_PROTECTED) {
+ strcat(msgline, " [File-Protected]");
+ }
+ if (sd->status[0] & SNS_STAT1_WRITE_INHIBITED) {
+ strcat(msgline, " [Write-Inhibited]");
+ }
+ if (sd->status[0] & SNS_STAT1_IMPRECISE_END) {
+ strcat(msgline, " [Imprecise-Ending]");
+ }
+
+ if (sd->status[1] & SNS_STAT2_REQ_INH_WRITE) {
+ strcat(msgline, " [Req-Inhibit-Write]");
+ }
+ if (sd->status[1] & SNS_STAT2_CORRECTABLE) {
+ strcat(msgline, " [Correctable-Data-Check]");
+ }
+ if (sd->status[1] & SNS_STAT2_FIRST_LOG_ERR) {
+ strcat(msgline, " [First-Error-Log]");
+ }
+ if (sd->status[1] & SNS_STAT2_ENV_DATA_PRESENT) {
+ strcat(msgline, " [Env-Data-Present]");
+ }
+ if (sd->status[1] & SNS_STAT2_IMPRECISE_END) {
+ strcat(msgline, " [Imprecise-End]");
+ }
+ strcat(msgline, "\n");
+ sclp_print(msgline);
+
+ print_int(" Residual Count =", sd->res_count);
+ print_int(" Phys Drive ID =", sd->phys_drive_id);
+ print_int(" low cyl address =", sd->low_cyl_addr);
+ print_int(" head addr & hi cyl =", sd->head_high_cyl_addr);
+ print_int(" format/message =", sd->fmt_msg);
+ print_int(" fmt-dependent[0-7] =", sd->fmt_dependent_info[0]);
+ print_int(" fmt-dependent[8-15]=", sd->fmt_dependent_info[1]);
+ print_int(" prog action code =", sd->program_action_code);
+ print_int(" Configuration info =", sd->config_info);
+ print_int(" mcode / hi-cyl =", sd->mcode_hicyl);
+ print_int(" cyl & head addr [0]=", sd->cyl_head_addr[0]);
+ print_int(" cyl & head addr [1]=", sd->cyl_head_addr[1]);
+ print_int(" cyl & head addr [2]=", sd->cyl_head_addr[2]);
+}
+
+static void print_irb_err(Irb *irb)
+{
+ uint64_t this_ccw = *(uint64_t *)u32toptr(irb->scsw.cpa);
+ uint64_t prev_ccw = *(uint64_t *)u32toptr(irb->scsw.cpa - 8);
+ char msgline[256];
+
+ sclp_print("Interrupt Response Block Data:\n");
+
+ strcat(msgline, " Function Ctrl :");
+ if (irb->scsw.ctrl & SCSW_FCTL_START_FUNC) {
+ strcat(msgline, " [Start]");
+ }
+ if (irb->scsw.ctrl & SCSW_FCTL_HALT_FUNC) {
+ strcat(msgline, " [Halt]");
+ }
+ if (irb->scsw.ctrl & SCSW_FCTL_CLEAR_FUNC) {
+ strcat(msgline, " [Clear]");
+ }
+ strcat(msgline, "\n");
+ sclp_print(msgline);
+
+ msgline[0] = '\0';
+ strcat(msgline, " Activity Ctrl :");
+ if (irb->scsw.ctrl & SCSW_ACTL_RESUME_PEND) {
+ strcat(msgline, " [Resume-Pending]");
+ }
+ if (irb->scsw.ctrl & SCSW_ACTL_START_PEND) {
+ strcat(msgline, " [Start-Pending]");
+ }
+ if (irb->scsw.ctrl & SCSW_ACTL_HALT_PEND) {
+ strcat(msgline, " [Halt-Pending]");
+ }
+ if (irb->scsw.ctrl & SCSW_ACTL_CLEAR_PEND) {
+ strcat(msgline, " [Clear-Pending]");
+ }
+ if (irb->scsw.ctrl & SCSW_ACTL_CH_ACTIVE) {
+ strcat(msgline, " [Channel-Active]");
+ }
+ if (irb->scsw.ctrl & SCSW_ACTL_DEV_ACTIVE) {
+ strcat(msgline, " [Device-Active]");
+ }
+ if (irb->scsw.ctrl & SCSW_ACTL_SUSPENDED) {
+ strcat(msgline, " [Suspended]");
+ }
+ strcat(msgline, "\n");
+ sclp_print(msgline);
+
+ msgline[0] = '\0';
+ strcat(msgline, " Status Ctrl :");
+ if (irb->scsw.ctrl & SCSW_SCTL_ALERT) {
+ strcat(msgline, " [Alert]");
+ }
+ if (irb->scsw.ctrl & SCSW_SCTL_INTERMED) {
+ strcat(msgline, " [Intermediate]");
+ }
+ if (irb->scsw.ctrl & SCSW_SCTL_PRIMARY) {
+ strcat(msgline, " [Primary]");
+ }
+ if (irb->scsw.ctrl & SCSW_SCTL_SECONDARY) {
+ strcat(msgline, " [Secondary]");
+ }
+ if (irb->scsw.ctrl & SCSW_SCTL_STATUS_PEND) {
+ strcat(msgline, " [Status-Pending]");
+ }
+
+ strcat(msgline, "\n");
+ sclp_print(msgline);
+
+ msgline[0] = '\0';
+ strcat(msgline, " Device Status :");
+ if (irb->scsw.dstat & SCSW_DSTAT_ATTN) {
+ strcat(msgline, " [Attention]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_STATMOD) {
+ strcat(msgline, " [Status-Modifier]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_CUEND) {
+ strcat(msgline, " [Ctrl-Unit-End]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_BUSY) {
+ strcat(msgline, " [Busy]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_CHEND) {
+ strcat(msgline, " [Channel-End]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_DEVEND) {
+ strcat(msgline, " [Device-End]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_UCHK) {
+ strcat(msgline, " [Unit-Check]");
+ }
+ if (irb->scsw.dstat & SCSW_DSTAT_UEXCP) {
+ strcat(msgline, " [Unit-Exception]");
+ }
+ strcat(msgline, "\n");
+ sclp_print(msgline);
+
+ msgline[0] = '\0';
+ strcat(msgline, " Channel Status :");
+ if (irb->scsw.cstat & SCSW_CSTAT_PCINT) {
+ strcat(msgline, " [Program-Ctrl-Interruption]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_BADLEN) {
+ strcat(msgline, " [Incorrect-Length]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_PROGCHK) {
+ strcat(msgline, " [Program-Check]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_PROTCHK) {
+ strcat(msgline, " [Protection-Check]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_CHDCHK) {
+ strcat(msgline, " [Channel-Data-Check]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_CHCCHK) {
+ strcat(msgline, " [Channel-Ctrl-Check]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_ICCHK) {
+ strcat(msgline, " [Interface-Ctrl-Check]");
+ }
+ if (irb->scsw.cstat & SCSW_CSTAT_CHAINCHK) {
+ strcat(msgline, " [Chaining-Check]");
+ }
+ strcat(msgline, "\n");
+ sclp_print(msgline);
+
+ print_int(" cpa=", irb->scsw.cpa);
+ print_int(" prev_ccw=", prev_ccw);
+ print_int(" this_ccw=", this_ccw);
+}
+
/*
* Handles executing ssch, tsch and returns the irb obtained from tsch.
* Returns 0 on success, -1 if unexpected status pending and we need to retry,
@@ -180,6 +402,19 @@ int do_cio(SubChannelId schid, uint16_t cutype, uint32_t ccw_addr, int fmt)
continue;
}
+ sclp_print("cio device error\n");
+ print_int(" ssid ", schid.ssid);
+ print_int(" cssid ", schid.cssid);
+ print_int(" sch_no", schid.sch_no);
+ print_int(" ctrl-unit type", cutype);
+ sclp_print("\n");
+ print_irb_err(&irb);
+ if (cutype == CU_TYPE_DASD_3990 || cutype == CU_TYPE_DASD_2107 ||
+ cutype == CU_TYPE_UNKNOWN) {
+ if (!basic_sense(schid, cutype, &sd, sizeof(sd))) {
+ print_eckd_dasd_sense_data(&sd);
+ }
+ }
rc = -1;
break;
}
diff --git a/pc-bios/s390-ccw/libc.h b/pc-bios/s390-ccw/libc.h
index 818517f..bcdc457 100644
--- a/pc-bios/s390-ccw/libc.h
+++ b/pc-bios/s390-ccw/libc.h
@@ -67,6 +67,17 @@ static inline size_t strlen(const char *str)
return i;
}
+static inline char *strcat(char *dest, const char *src)
+{
+ int i;
+ char *dest_end = dest + strlen(dest);
+
+ for (i = 0; i <= strlen(src); i++) {
+ dest_end[i] = src[i];
+ }
+ return dest;
+}
+
static inline int isdigit(int c)
{
return (c >= '0') && (c <= '9');
--
1.8.3.1

82
SOURCES/kvm-s390-bios-decouple-cio-setup-from-virtio.patch Normal file
View File

@ -0,0 +1,82 @@
From 19b96c7f412b9b8d893ec9ebd2603565d6afa178 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:31 +0100
Subject: [PATCH 06/21] s390-bios: decouple cio setup from virtio
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-4-thuth@redhat.com>
Patchwork-id: 91776
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 03/17] s390-bios: decouple cio setup from virtio
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Move channel i/o setup code out to a separate function. This decouples cio
setup from the virtio code path and allows us to make use of it for booting
dasd devices.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <1554388475-18329-3-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 87f910c142d5589ef937ac216f92c6dcddae955e)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 544851d..e82fe2c 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -99,6 +99,18 @@ static void menu_setup(void)
}
}
+/*
+ * Initialize the channel I/O subsystem so we can talk to our ipl/boot device.
+ */
+static void css_setup(void)
+{
+ /*
+ * Unconditionally enable mss support. In every sane configuration this
+ * will succeed; and even if it doesn't, stsch_err() can handle it.
+ */
+ enable_mss_facility();
+}
+
static void virtio_setup(void)
{
Schib schib;
@@ -109,13 +121,6 @@ static void virtio_setup(void)
VDev *vdev = virtio_get_device();
QemuIplParameters *early_qipl = (QemuIplParameters *)QIPL_ADDRESS;
- /*
- * We unconditionally enable mss support. In every sane configuration,
- * this will succeed; and even if it doesn't, stsch_err() can deal
- * with the consequences.
- */
- enable_mss_facility();
-
sclp_get_loadparm_ascii(loadparm_str);
memcpy(ldp + 10, loadparm_str, LOADPARM_LEN);
sclp_print(ldp);
@@ -168,6 +173,7 @@ static void virtio_setup(void)
int main(void)
{
sclp_setup();
+ css_setup();
virtio_setup();
zipl_load(); /* no return */
--
1.8.3.1

110
SOURCES/kvm-s390-bios-decouple-common-boot-logic-from-virtio.patch Normal file
View File

@ -0,0 +1,110 @@
From 59ef4d9a3358627fbd7001028903cd89e061a216 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:32 +0100
Subject: [PATCH 07/21] s390-bios: decouple common boot logic from virtio
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-5-thuth@redhat.com>
Patchwork-id: 91778
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 04/17] s390-bios: decouple common boot logic from virtio
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Create a boot_setup function to handle getting boot information from
the machine/hypervisor. This decouples common boot logic from the
virtio code path and allows us to make use of it for the real dasd boot
scenario.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <1554388475-18329-4-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a5f6e0975b1f1b79f446c8323e62fd0534408da6)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/main.c | 28 ++++++++++++++++++++--------
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index e82fe2c..67df421 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -14,16 +14,17 @@
char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
static SubChannelId blk_schid = { .one = 1 };
-IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
static char loadparm_str[LOADPARM_LEN + 1] = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
QemuIplParameters qipl;
+IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
+static bool have_iplb;
#define LOADPARM_PROMPT "PROMPT "
#define LOADPARM_EMPTY " "
#define BOOT_MENU_FLAG_MASK (QIPL_FLAG_BM_OPTS_CMD | QIPL_FLAG_BM_OPTS_ZIPL)
/*
- * Priniciples of Operations (SA22-7832-09) chapter 17 requires that
+ * Principles of Operations (SA22-7832-09) chapter 17 requires that
* a subsystem-identification is at 184-187 and bytes 188-191 are zero
* after list-directed-IPL and ccw-IPL.
*/
@@ -111,23 +112,33 @@ static void css_setup(void)
enable_mss_facility();
}
+/*
+ * Collect various pieces of information from the hypervisor/hardware that
+ * we'll use to determine exactly how we'll boot.
+ */
+static void boot_setup(void)
+{
+ char lpmsg[] = "LOADPARM=[________]\n";
+
+ sclp_get_loadparm_ascii(loadparm_str);
+ memcpy(lpmsg + 10, loadparm_str, 8);
+ sclp_print(lpmsg);
+
+ have_iplb = store_iplb(&iplb);
+}
+
static void virtio_setup(void)
{
Schib schib;
int ssid;
bool found = false;
uint16_t dev_no;
- char ldp[] = "LOADPARM=[________]\n";
VDev *vdev = virtio_get_device();
QemuIplParameters *early_qipl = (QemuIplParameters *)QIPL_ADDRESS;
- sclp_get_loadparm_ascii(loadparm_str);
- memcpy(ldp + 10, loadparm_str, LOADPARM_LEN);
- sclp_print(ldp);
-
memcpy(&qipl, early_qipl, sizeof(QemuIplParameters));
- if (store_iplb(&iplb)) {
+ if (have_iplb) {
switch (iplb.pbt) {
case S390_IPL_TYPE_CCW:
dev_no = iplb.ccw.devno;
@@ -174,6 +185,7 @@ int main(void)
{
sclp_setup();
css_setup();
+ boot_setup();
virtio_setup();
zipl_load(); /* no return */
--
1.8.3.1

72
SOURCES/kvm-s390-bios-ptr2u32-and-u32toptr.patch Normal file
View File

@ -0,0 +1,72 @@
From d032dae613dc006c91ad8581f203af1bd4bdbf9c Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Mon, 14 Oct 2019 10:06:36 +0100
Subject: [PATCH 11/21] s390-bios: ptr2u32 and u32toptr
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20191014100645.22862-9-thuth@redhat.com>
Patchwork-id: 91788
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 08/17] s390-bios: ptr2u32 and u32toptr
Bugzilla: 1664376
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Introduce inline functions to convert between pointers and unsigned 32-bit
ints. These are used to hide the ugliness required to avoid compiler
warnings.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1554388475-18329-8-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 1fb3e5cde8dcd9b5917aea9a0b2918e16be8be1e)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
pc-bios/s390-ccw/helper.h | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 pc-bios/s390-ccw/helper.h
diff --git a/pc-bios/s390-ccw/helper.h b/pc-bios/s390-ccw/helper.h
new file mode 100644
index 0000000..78d5bc7
--- /dev/null
+++ b/pc-bios/s390-ccw/helper.h
@@ -0,0 +1,31 @@
+/*
+ * Helper Functions
+ *
+ * Copyright (c) 2019 IBM Corp.
+ *
+ * Author(s): Jason J. Herne <jjherne@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#ifndef S390_CCW_HELPER_H
+#define S390_CCW_HELPER_H
+
+#include "s390-ccw.h"
+
+/* Avoids compiler warnings when casting a pointer to a u32 */
+static inline uint32_t ptr2u32(void *ptr)
+{
+ IPL_assert((uint64_t)ptr <= 0xffffffff, "ptr2u32: ptr too large");
+ return (uint32_t)(uint64_t)ptr;
+}
+
+/* Avoids compiler warnings when casting a u32 to a pointer */
+static inline void *u32toptr(uint32_t n)
+{
+ return (void *)(uint64_t)n;
+}
+
+#endif
--
1.8.3.1

48
SOURCES/kvm-s390-cpumodel-fix-description-for-the-new-vector-fac.patch Normal file
View File

@ -0,0 +1,48 @@
From bd0e218dc19724fb4c61d259601d116113f114a5 Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david@redhat.com>
Date: Tue, 16 Jul 2019 20:44:19 +0100
Subject: [PATCH 17/39] s390: cpumodel: fix description for the new vector
facility
RH-Author: David Hildenbrand <david@redhat.com>
Message-id: <20190716204422.9350-2-david@redhat.com>
Patchwork-id: 89547
O-Subject: [RHEL8.1 qemu-kvm PATCH 1/4] s390: cpumodel: fix description for the new vector facility
Bugzilla: 1729975
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: Jens Freimann <jfreimann@redhat.com>
Conflicts: upstream moved the definitions
The new facility is called "Vector-Packed-Decimal-Enhancement Facility"
and not "Vector BCD enhancements facility 1". As the shortname might
have already found its way into some backports, let's keep vxbeh.
Fixes: 54d65de0b525 ("s390x/cpumodel: vector enhancements")
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20190708150931.93448-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
(cherry picked from commit d05be57ddc2e1722f527aa4c20d84dfd15c840ec)
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/s390x/cpu_features.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c
index f64f581..5be6f59 100644
--- a/target/s390x/cpu_features.c
+++ b/target/s390x/cpu_features.c
@@ -111,7 +111,7 @@ static const S390FeatDef s390_features[] = {
FEAT_INIT("vxeh2", S390_FEAT_TYPE_STFL, 148, "Vector Enhancements facility 2"),
FEAT_INIT("esort-base", S390_FEAT_TYPE_STFL, 150, "Enhanced-sort facility (excluding subfunctions)"),
FEAT_INIT("deflate-base", S390_FEAT_TYPE_STFL, 151, "Deflate-conversion facility (excluding subfunctions)"),
- FEAT_INIT("vxbeh", S390_FEAT_TYPE_STFL, 152, "Vector BCD enhancements facility 1"),
+ FEAT_INIT("vxbeh", S390_FEAT_TYPE_STFL, 152, "Vector-Packed-Decimal-Enhancement Facility"),
FEAT_INIT("msa9-base", S390_FEAT_TYPE_STFL, 155, "Message-security-assist-extension-9 facility (excluding subfunctions)"),
FEAT_INIT("etoken", S390_FEAT_TYPE_STFL, 156, "Etoken facility"),
--
1.8.3.1

1168
SOURCES/kvm-s390x-cpumodel-Rework-CPU-feature-definition.patch Normal file
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More