From 7b68902699d81cdc8d2930229ea3e5c0680e74c9 Mon Sep 17 00:00:00 2001 From: "Danilo C. L. de Paula" Date: Tue, 15 Sep 2020 11:56:35 -0400 Subject: [PATCH] * Tue Sep 15 2020 Danilo Cesar Lemes de Paula - 5.1.0-7.el8 - kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch [bz#1789757 bz#1870384] - kvm-target-arm-Move-start-powered-off-property-to-generi.patch [bz#1849483] - kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch [bz#1849483] - kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch [bz#1849483] - Resolves: bz#1789757 ([IBM 8.4 FEAT] Add machine option to enable secure VM support) - Resolves: bz#1849483 (Failed to boot up guest when hotplugging vcpus on bios stage) - Resolves: bz#1870384 ([IBM 8.3 FEAT] Add interim/unsupported machine option to enable secure VM support for testing purposes) --- ...-start-powered-off-CPUState-property.patch | 82 +++++++ ...setting-of-CPU-halted-state-to-gener.patch | 66 ++++++ ...start-powered-off-property-to-generi.patch | 141 +++++++++++ ...xperimental-option-for-enabling-secu.patch | 219 ++++++++++++++++++ qemu-kvm.spec | 23 +- 5 files changed, 530 insertions(+), 1 deletion(-) create mode 100644 kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch create mode 100644 kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch create mode 100644 kvm-target-arm-Move-start-powered-off-property-to-generi.patch create mode 100644 kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch diff --git a/kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch b/kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch new file mode 100644 index 0000000..b8affe1 --- /dev/null +++ b/kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch @@ -0,0 +1,82 @@ +From 5dd7cdf3739c73d910d5df6443b39e9b0b79f3fd Mon Sep 17 00:00:00 2001 +From: Laurent Vivier +Date: Tue, 8 Sep 2020 18:47:16 -0400 +Subject: [PATCH 4/4] ppc/spapr: Use start-powered-off CPUState property + +RH-Author: Laurent Vivier +Message-id: <20200908184716.1125192-4-lvivier@redhat.com> +Patchwork-id: 98302 +O-Subject: [RHEL-AV-8.3.0 qemu-kvm PATCH 3/3] ppc/spapr: Use start-powered-off CPUState property +Bugzilla: 1849483 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: David Gibson +RH-Acked-by: Greg Kurz + +From: Thiago Jung Bauermann + +PowerPC sPAPR CPUs start in the halted state, and spapr_reset_vcpu() +attempts to implement this by setting CPUState::halted to 1. But that's too +late for the case of hotplugged CPUs in a machine configure with 2 or more +threads per core. + +By then, other parts of QEMU have already caused the vCPU to run in an +unitialized state a couple of times. For example, ppc_cpu_reset() calls +ppc_tlb_invalidate_all(), which ends up calling async_run_on_cpu(). This +kicks the new vCPU while it has CPUState::halted = 0, causing QEMU to issue +a KVM_RUN ioctl on the new vCPU before the guest is able to make the +start-cpu RTAS call to initialize its register state. + +This problem doesn't seem to cause visible issues for regular guests, but +on a secure guest running under the Ultravisor it does. The Ultravisor +relies on being able to snoop on the start-cpu RTAS call to map vCPUs to +guests, and this issue causes it to see a stray vCPU that doesn't belong to +any guest. + +Fix by setting the start-powered-off CPUState property in +spapr_create_vcpu(), which makes cpu_common_reset() initialize +CPUState::halted to 1 at an earlier moment. + +Suggested-by: Eduardo Habkost +Acked-by: David Gibson +Reviewed-by: Greg Kurz +Signed-off-by: Thiago Jung Bauermann +Message-Id: <20200826055535.951207-4-bauerman@linux.ibm.com> +Signed-off-by: David Gibson +(cherry picked from commit 554c2169e9251ca2829ab968bd9ba5641a5abe1d) +Signed-off-by: Laurent Vivier +Signed-off-by: Danilo C. L. de Paula +--- + hw/ppc/spapr_cpu_core.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c +index f228f8bb75..86fed5c528 100644 +--- a/hw/ppc/spapr_cpu_core.c ++++ b/hw/ppc/spapr_cpu_core.c +@@ -37,11 +37,6 @@ static void spapr_reset_vcpu(PowerPCCPU *cpu) + + cpu_reset(cs); + +- /* All CPUs start halted. CPU0 is unhalted from the machine level +- * reset code and the rest are explicitly started up by the guest +- * using an RTAS call */ +- cs->halted = 1; +- + env->spr[SPR_HIOR] = 0; + + lpcr = env->spr[SPR_LPCR]; +@@ -287,6 +282,11 @@ static PowerPCCPU *spapr_create_vcpu(SpaprCpuCore *sc, int i, Error **errp) + + cs = CPU(obj); + cpu = POWERPC_CPU(obj); ++ /* ++ * All CPUs start halted. CPU0 is unhalted from the machine level reset code ++ * and the rest are explicitly started up by the guest using an RTAS call. ++ */ ++ cs->start_powered_off = true; + cs->cpu_index = cc->core_id + i; + spapr_set_vcpu_id(cpu, cs->cpu_index, &local_err); + if (local_err) { +-- +2.27.0 + diff --git a/kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch b/kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch new file mode 100644 index 0000000..f7d6940 --- /dev/null +++ b/kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch @@ -0,0 +1,66 @@ +From de7263538a5cab64163edd1bdb3a934dabd625f2 Mon Sep 17 00:00:00 2001 +From: Laurent Vivier +Date: Tue, 8 Sep 2020 18:47:15 -0400 +Subject: [PATCH 3/4] target/arm: Move setting of CPU halted state to generic + code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laurent Vivier +Message-id: <20200908184716.1125192-3-lvivier@redhat.com> +Patchwork-id: 98300 +O-Subject: [RHEL-AV-8.3.0 qemu-kvm PATCH 2/3] target/arm: Move setting of CPU halted state to generic code +Bugzilla: 1849483 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: David Gibson +RH-Acked-by: Greg Kurz + +From: Thiago Jung Bauermann + +This change is in a separate patch because it's not so obvious that it +won't cause a regression. + +Suggested-by: Eduardo Habkost +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: David Gibson +Reviewed-by: Greg Kurz +Signed-off-by: Thiago Jung Bauermann +Message-Id: <20200826055535.951207-3-bauerman@linux.ibm.com> +Signed-off-by: David Gibson +(cherry picked from commit 6ad1da667c8e21f019d4adc21702e06dd9225790) +Signed-off-by: Laurent Vivier +Signed-off-by: Danilo C. L. de Paula +--- + hw/core/cpu.c | 2 +- + target/arm/cpu.c | 1 - + 2 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/hw/core/cpu.c b/hw/core/cpu.c +index 594441a150..71bb7859f1 100644 +--- a/hw/core/cpu.c ++++ b/hw/core/cpu.c +@@ -258,7 +258,7 @@ static void cpu_common_reset(DeviceState *dev) + } + + cpu->interrupt_request = 0; +- cpu->halted = 0; ++ cpu->halted = cpu->start_powered_off; + cpu->mem_io_pc = 0; + cpu->icount_extra = 0; + atomic_set(&cpu->icount_decr_ptr->u32, 0); +diff --git a/target/arm/cpu.c b/target/arm/cpu.c +index 54fb653229..059a5ced6e 100644 +--- a/target/arm/cpu.c ++++ b/target/arm/cpu.c +@@ -175,7 +175,6 @@ static void arm_cpu_reset(DeviceState *dev) + env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2; + + cpu->power_state = s->start_powered_off ? PSCI_OFF : PSCI_ON; +- s->halted = s->start_powered_off; + + if (arm_feature(env, ARM_FEATURE_IWMMXT)) { + env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q'; +-- +2.27.0 + diff --git a/kvm-target-arm-Move-start-powered-off-property-to-generi.patch b/kvm-target-arm-Move-start-powered-off-property-to-generi.patch new file mode 100644 index 0000000..9a39a56 --- /dev/null +++ b/kvm-target-arm-Move-start-powered-off-property-to-generi.patch @@ -0,0 +1,141 @@ +From 76821af8b6d74237718fb554ae1a96f969308c69 Mon Sep 17 00:00:00 2001 +From: Laurent Vivier +Date: Tue, 8 Sep 2020 18:47:14 -0400 +Subject: [PATCH 2/4] target/arm: Move start-powered-off property to generic + CPUState +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laurent Vivier +Message-id: <20200908184716.1125192-2-lvivier@redhat.com> +Patchwork-id: 98299 +O-Subject: [RHEL-AV-8.3.0 qemu-kvm PATCH 1/3] target/arm: Move start-powered-off property to generic CPUState +Bugzilla: 1849483 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: David Gibson +RH-Acked-by: Greg Kurz + +From: Thiago Jung Bauermann + +There are other platforms which also have CPUs that start powered off, so +generalize the start-powered-off property so that it can be used by them. + +Note that ARMv7MState also has a property of the same name but this patch +doesn't change it because that class isn't a subclass of CPUState so it +wouldn't be a trivial change. + +This change should not cause any change in behavior. + +Suggested-by: Eduardo Habkost +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: David Gibson +Reviewed-by: Greg Kurz +Signed-off-by: Thiago Jung Bauermann +Message-Id: <20200826055535.951207-2-bauerman@linux.ibm.com> +Signed-off-by: David Gibson +(cherry picked from commit c1b701587e59d9569c38d1d6033cd7cc2a992105) +Signed-off-by: Laurent Vivier +Signed-off-by: Danilo C. L. de Paula +--- + exec.c | 1 + + include/hw/core/cpu.h | 4 ++++ + target/arm/cpu.c | 5 ++--- + target/arm/cpu.h | 3 --- + target/arm/kvm32.c | 2 +- + target/arm/kvm64.c | 2 +- + 6 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/exec.c b/exec.c +index 6f381f98e2..82e82fab09 100644 +--- a/exec.c ++++ b/exec.c +@@ -899,6 +899,7 @@ Property cpu_common_props[] = { + DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION, + MemoryRegion *), + #endif ++ DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false), + DEFINE_PROP_END_OF_LIST(), + }; + +diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h +index 8f145733ce..9fc2696db5 100644 +--- a/include/hw/core/cpu.h ++++ b/include/hw/core/cpu.h +@@ -374,6 +374,10 @@ struct CPUState { + bool created; + bool stop; + bool stopped; ++ ++ /* Should CPU start in powered-off state? */ ++ bool start_powered_off; ++ + bool unplug; + bool crash_occurred; + bool exit_request; +diff --git a/target/arm/cpu.c b/target/arm/cpu.c +index 13ad40aa7d..54fb653229 100644 +--- a/target/arm/cpu.c ++++ b/target/arm/cpu.c +@@ -174,8 +174,8 @@ static void arm_cpu_reset(DeviceState *dev) + env->vfp.xregs[ARM_VFP_MVFR1] = cpu->isar.mvfr1; + env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2; + +- cpu->power_state = cpu->start_powered_off ? PSCI_OFF : PSCI_ON; +- s->halted = cpu->start_powered_off; ++ cpu->power_state = s->start_powered_off ? PSCI_OFF : PSCI_ON; ++ s->halted = s->start_powered_off; + + if (arm_feature(env, ARM_FEATURE_IWMMXT)) { + env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q'; +@@ -2182,7 +2182,6 @@ static const ARMCPUInfo arm_cpus[] = { + }; + + static Property arm_cpu_properties[] = { +- DEFINE_PROP_BOOL("start-powered-off", ARMCPU, start_powered_off, false), + DEFINE_PROP_UINT32("psci-conduit", ARMCPU, psci_conduit, 0), + DEFINE_PROP_UINT64("midr", ARMCPU, midr, 0), + DEFINE_PROP_UINT64("mp-affinity", ARMCPU, +diff --git a/target/arm/cpu.h b/target/arm/cpu.h +index 9e8ed423ea..a925d26996 100644 +--- a/target/arm/cpu.h ++++ b/target/arm/cpu.h +@@ -810,9 +810,6 @@ struct ARMCPU { + */ + uint32_t psci_version; + +- /* Should CPU start in PSCI powered-off state? */ +- bool start_powered_off; +- + /* Current power state, access guarded by BQL */ + ARMPSCIState power_state; + +diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c +index 0af46b41c8..1f2b8f8b7a 100644 +--- a/target/arm/kvm32.c ++++ b/target/arm/kvm32.c +@@ -218,7 +218,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + + /* Determine init features for this CPU */ + memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features)); +- if (cpu->start_powered_off) { ++ if (cs->start_powered_off) { + cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF; + } + if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) { +diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c +index 1169237905..f8a6d905fb 100644 +--- a/target/arm/kvm64.c ++++ b/target/arm/kvm64.c +@@ -775,7 +775,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + + /* Determine init features for this CPU */ + memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features)); +- if (cpu->start_powered_off) { ++ if (cs->start_powered_off) { + cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF; + } + if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) { +-- +2.27.0 + diff --git a/kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch b/kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch new file mode 100644 index 0000000..f229a28 --- /dev/null +++ b/kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch @@ -0,0 +1,219 @@ +From b162af531abdf6f5e8ad13b93699a3ba28de6702 Mon Sep 17 00:00:00 2001 +From: Michael Roth +Date: Thu, 20 Aug 2020 23:00:51 -0400 +Subject: [PATCH 1/4] target/ppc: Add experimental option for enabling secure + guests + +RH-Author: Michael Roth +Message-id: <20200820230051.516359-2-mroth@redhat.com> +Patchwork-id: 98208 +O-Subject: [RHEL-AV-8.3.0 qemu virt PATCH 1/1] target/ppc: Add experimental option for enabling secure guests +Bugzilla: 1870384 +RH-Acked-by: Greg Kurz +RH-Acked-by: Laurent Vivier +RH-Acked-by: David Gibson + +From: Fabiano Rosas + +Making use of ppc's Protected Execution Facility (PEF) feature, a +guest can become a secure guest (aka. secure VM - SVM) and have its +memory protected from access by the host. This feature is mediated by +a piece of firmware called the Ultravisor (UV). + +The transition from a regular to a secure VM is initiated by the guest +kernel during prom_init via the use of an ultracall (enter secure mode +- UV_ESM) and with cooperation from the hypervisor via an hcall +(H_SVM_INIT_START). + +Currently QEMU has no knowledge of this process and no way to +determine if a host supports the feature. A guest with PEF support +enabled would always try to enter secure mode regardless of user +intent or hardware support. + +To address the above, a new KVM capability (KVM_CAP_PPC_SECURE_GUEST +[1]) is being introduced in the kernel without which KVM will block +the secure transition. + +This patch adds support for checking/enabling this KVM capability via +a new experimental spapr machine option, e.g.: + + -machine pseries,x-svm-allowed=on + +The capability defaults to off. + +1- https://lore.kernel.org/kvm/20200319043301.GA13052@blackberry + +Signed-off-by: Fabiano Rosas + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1789757 +Upstream: RHEL-only +*re-worked to drop use of spapr capabilities infrastructure in favor + of a simple one-off machine option +Signed-off-by: Michael Roth +Signed-off-by: Danilo C. L. de Paula +--- + hw/ppc/spapr.c | 23 +++++++++++++++++++++++ + include/hw/ppc/spapr.h | 3 +++ + target/ppc/kvm.c | 27 +++++++++++++++++++++++++++ + target/ppc/kvm_ppc.h | 13 +++++++++++++ + 4 files changed, 66 insertions(+) + +diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c +index 5e3964326d..e77c90bfc5 100644 +--- a/hw/ppc/spapr.c ++++ b/hw/ppc/spapr.c +@@ -1636,6 +1636,9 @@ static void spapr_machine_reset(MachineState *machine) + + kvmppc_svm_off(&error_fatal); + spapr_caps_apply(spapr); ++ if (spapr->svm_allowed) { ++ kvmppc_svm_allow(&error_fatal); ++ } + + first_ppc_cpu = POWERPC_CPU(first_cpu); + if (kvm_enabled() && kvmppc_has_cap_mmu_radix() && +@@ -3303,6 +3306,20 @@ static void spapr_set_host_serial(Object *obj, const char *value, Error **errp) + spapr->host_serial = g_strdup(value); + } + ++static bool spapr_get_svm_allowed(Object *obj, Error **errp) ++{ ++ SpaprMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ return spapr->svm_allowed; ++} ++ ++static void spapr_set_svm_allowed(Object *obj, bool value, Error **errp) ++{ ++ SpaprMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ spapr->svm_allowed = value; ++} ++ + static void spapr_instance_init(Object *obj) + { + SpaprMachineState *spapr = SPAPR_MACHINE(obj); +@@ -3358,6 +3375,12 @@ static void spapr_instance_init(Object *obj) + spapr_get_host_serial, spapr_set_host_serial); + object_property_set_description(obj, "host-serial", + "Host serial number to advertise in guest device tree"); ++ object_property_add_bool(obj, "x-svm-allowed", ++ spapr_get_svm_allowed, ++ spapr_set_svm_allowed); ++ object_property_set_description(obj, "x-svm-allowed", ++ "Allow the guest to become a Secure Guest" ++ " (experimental only)"); + } + + static void spapr_machine_finalizefn(Object *obj) +diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h +index f48089edba..d0728a4758 100644 +--- a/include/hw/ppc/spapr.h ++++ b/include/hw/ppc/spapr.h +@@ -212,6 +212,9 @@ struct SpaprMachineState { + int fwnmi_machine_check_interlock; + QemuCond fwnmi_machine_check_interlock_cond; + ++ /* Secure Guest support via x-svm-allowed */ ++ bool svm_allowed; ++ + /*< public >*/ + char *kvm_type; + char *host_model; +diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c +index d85ba8ffe0..ce63f8b6f3 100644 +--- a/target/ppc/kvm.c ++++ b/target/ppc/kvm.c +@@ -89,6 +89,7 @@ static int cap_ppc_count_cache_flush_assist; + static int cap_ppc_nested_kvm_hv; + static int cap_large_decr; + static int cap_fwnmi; ++static int cap_ppc_secure_guest; + + static uint32_t debug_inst_opcode; + +@@ -136,6 +137,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) + cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT); + kvmppc_get_cpu_characteristics(s); + cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV); ++ cap_ppc_secure_guest = kvm_vm_check_extension(s, KVM_CAP_PPC_SECURE_GUEST); + cap_large_decr = kvmppc_get_dec_bits(); + cap_fwnmi = kvm_vm_check_extension(s, KVM_CAP_PPC_FWNMI); + /* +@@ -2538,6 +2540,16 @@ int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable) + return 0; + } + ++bool kvmppc_has_cap_secure_guest(void) ++{ ++ return !!cap_ppc_secure_guest; ++} ++ ++int kvmppc_enable_cap_secure_guest(void) ++{ ++ return kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1); ++} ++ + PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void) + { + uint32_t host_pvr = mfpvr(); +@@ -2948,3 +2960,18 @@ void kvmppc_svm_off(Error **errp) + error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed"); + } + } ++ ++void kvmppc_svm_allow(Error **errp) ++{ ++ if (!kvm_enabled()) { ++ error_setg(errp, "No PEF support in tcg, try x-svm-allowed=off"); ++ return; ++ } ++ ++ if (!kvmppc_has_cap_secure_guest()) { ++ error_setg(errp, "KVM implementation does not support secure guests, " ++ "try x-svm-allowed=off"); ++ } else if (kvmppc_enable_cap_secure_guest() < 0) { ++ error_setg(errp, "Error enabling x-svm-allowed, try x-svm-allowed=off"); ++ } ++} +diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h +index 72e05f1cd2..3fd5ea2414 100644 +--- a/target/ppc/kvm_ppc.h ++++ b/target/ppc/kvm_ppc.h +@@ -40,6 +40,7 @@ target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu, + bool radix, bool gtse, + uint64_t proc_tbl); + void kvmppc_svm_off(Error **errp); ++void kvmppc_svm_allow(Error **errp); + #ifndef CONFIG_USER_ONLY + bool kvmppc_spapr_use_multitce(void); + int kvmppc_spapr_enable_inkernel_multitce(void); +@@ -73,6 +74,8 @@ int kvmppc_set_cap_nested_kvm_hv(int enable); + int kvmppc_get_cap_large_decr(void); + int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable); + int kvmppc_enable_hwrng(void); ++bool kvmppc_has_cap_secure_guest(void); ++int kvmppc_enable_cap_secure_guest(void); + int kvmppc_put_books_sregs(PowerPCCPU *cpu); + PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void); + void kvmppc_check_papr_resize_hpt(Error **errp); +@@ -386,6 +389,16 @@ static inline int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable) + return -1; + } + ++static inline bool kvmppc_has_cap_secure_guest(void) ++{ ++ return false; ++} ++ ++static inline int kvmppc_enable_cap_secure_guest(void) ++{ ++ return -1; ++} ++ + static inline int kvmppc_enable_hwrng(void) + { + return -1; +-- +2.27.0 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 10df9c8..64848ce 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -69,7 +69,7 @@ Obsoletes: %1-rhev Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 5.1.0 -Release: 6%{?dist} +Release: 7%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -176,6 +176,15 @@ Patch53: kvm-Revert-hw-386-Add-EPYC-mode-topology-decoding-functi.patch Patch54: kvm-nvram-Exit-QEMU-if-NVRAM-cannot-contain-all-prom-env.patch # For bz#1869715 - CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-av-8.3.0] Patch55: kvm-usb-fix-setup_len-init-CVE-2020-14364.patch +# For bz#1789757 - [IBM 8.4 FEAT] Add machine option to enable secure VM support +# For bz#1870384 - [IBM 8.3 FEAT] Add interim/unsupported machine option to enable secure VM support for testing purposes +Patch56: kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch +# For bz#1849483 - Failed to boot up guest when hotplugging vcpus on bios stage +Patch57: kvm-target-arm-Move-start-powered-off-property-to-generi.patch +# For bz#1849483 - Failed to boot up guest when hotplugging vcpus on bios stage +Patch58: kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch +# For bz#1849483 - Failed to boot up guest when hotplugging vcpus on bios stage +Patch59: kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch BuildRequires: wget BuildRequires: rpm-build @@ -1135,6 +1144,18 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Tue Sep 15 2020 Danilo Cesar Lemes de Paula - 5.1.0-7.el8 +- kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch [bz#1789757 bz#1870384] +- kvm-target-arm-Move-start-powered-off-property-to-generi.patch [bz#1849483] +- kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch [bz#1849483] +- kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch [bz#1849483] +- Resolves: bz#1789757 + ([IBM 8.4 FEAT] Add machine option to enable secure VM support) +- Resolves: bz#1849483 + (Failed to boot up guest when hotplugging vcpus on bios stage) +- Resolves: bz#1870384 + ([IBM 8.3 FEAT] Add interim/unsupported machine option to enable secure VM support for testing purposes) + * Thu Sep 10 2020 Danilo Cesar Lemes de Paula - 5.1.0-6.el8 - kvm-spec-Move-qemu-pr-helper-back-to-usr-bin.patch [bz#1869635] - kvm-Bump-required-libusbx-version.patch [bz#1856591]