rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Sep 15 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.1.0-7.el8

Browse Source 
- kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch [bz#1789757 bz#1870384]
- kvm-target-arm-Move-start-powered-off-property-to-generi.patch [bz#1849483]
- kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch [bz#1849483]
- kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch [bz#1849483]
- Resolves: bz#1789757
  ([IBM 8.4 FEAT] Add machine option to enable secure VM support)
- Resolves: bz#1849483
  (Failed to boot up guest when hotplugging vcpus on bios stage)
- Resolves: bz#1870384
  ([IBM 8.3 FEAT] Add interim/unsupported machine option to enable secure VM support for testing purposes)
This commit is contained in:
Danilo C. L. de Paula 2020-09-15 11:56:35 -04:00
parent 8198b6bf7f
commit 7b68902699
5 changed files with 530 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch Normal file
View File

@ -0,0 +1,82 @@
From 5dd7cdf3739c73d910d5df6443b39e9b0b79f3fd Mon Sep 17 00:00:00 2001
From: Laurent Vivier <lvivier@redhat.com>
Date: Tue, 8 Sep 2020 18:47:16 -0400
Subject: [PATCH 4/4] ppc/spapr: Use start-powered-off CPUState property
RH-Author: Laurent Vivier <lvivier@redhat.com>
Message-id: <20200908184716.1125192-4-lvivier@redhat.com>
Patchwork-id: 98302
O-Subject: [RHEL-AV-8.3.0 qemu-kvm PATCH 3/3] ppc/spapr: Use start-powered-off CPUState property
Bugzilla: 1849483
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: David Gibson <dgibson@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
From: Thiago Jung Bauermann <bauerman@linux.ibm.com>
PowerPC sPAPR CPUs start in the halted state, and spapr_reset_vcpu()
attempts to implement this by setting CPUState::halted to 1. But that's too
late for the case of hotplugged CPUs in a machine configure with 2 or more
threads per core.
By then, other parts of QEMU have already caused the vCPU to run in an
unitialized state a couple of times. For example, ppc_cpu_reset() calls
ppc_tlb_invalidate_all(), which ends up calling async_run_on_cpu(). This
kicks the new vCPU while it has CPUState::halted = 0, causing QEMU to issue
a KVM_RUN ioctl on the new vCPU before the guest is able to make the
start-cpu RTAS call to initialize its register state.
This problem doesn't seem to cause visible issues for regular guests, but
on a secure guest running under the Ultravisor it does. The Ultravisor
relies on being able to snoop on the start-cpu RTAS call to map vCPUs to
guests, and this issue causes it to see a stray vCPU that doesn't belong to
any guest.
Fix by setting the start-powered-off CPUState property in
spapr_create_vcpu(), which makes cpu_common_reset() initialize
CPUState::halted to 1 at an earlier moment.
Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Message-Id: <20200826055535.951207-4-bauerman@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 554c2169e9251ca2829ab968bd9ba5641a5abe1d)
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/ppc/spapr_cpu_core.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index f228f8bb75..86fed5c528 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -37,11 +37,6 @@ static void spapr_reset_vcpu(PowerPCCPU *cpu)
cpu_reset(cs);
- /* All CPUs start halted. CPU0 is unhalted from the machine level
- * reset code and the rest are explicitly started up by the guest
- * using an RTAS call */
- cs->halted = 1;
-
env->spr[SPR_HIOR] = 0;
lpcr = env->spr[SPR_LPCR];
@@ -287,6 +282,11 @@ static PowerPCCPU *spapr_create_vcpu(SpaprCpuCore *sc, int i, Error **errp)
cs = CPU(obj);
cpu = POWERPC_CPU(obj);
+ /*
+ * All CPUs start halted. CPU0 is unhalted from the machine level reset code
+ * and the rest are explicitly started up by the guest using an RTAS call.
+ */
+ cs->start_powered_off = true;
cs->cpu_index = cc->core_id + i;
spapr_set_vcpu_id(cpu, cs->cpu_index, &local_err);
if (local_err) {
--
2.27.0

66
kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch Normal file
View File

@ -0,0 +1,66 @@
From de7263538a5cab64163edd1bdb3a934dabd625f2 Mon Sep 17 00:00:00 2001
From: Laurent Vivier <lvivier@redhat.com>
Date: Tue, 8 Sep 2020 18:47:15 -0400
Subject: [PATCH 3/4] target/arm: Move setting of CPU halted state to generic
code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laurent Vivier <lvivier@redhat.com>
Message-id: <20200908184716.1125192-3-lvivier@redhat.com>
Patchwork-id: 98300
O-Subject: [RHEL-AV-8.3.0 qemu-kvm PATCH 2/3] target/arm: Move setting of CPU halted state to generic code
Bugzilla: 1849483
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: David Gibson <dgibson@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
From: Thiago Jung Bauermann <bauerman@linux.ibm.com>
This change is in a separate patch because it's not so obvious that it
won't cause a regression.
Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Message-Id: <20200826055535.951207-3-bauerman@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 6ad1da667c8e21f019d4adc21702e06dd9225790)
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/core/cpu.c | 2 +-
target/arm/cpu.c | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index 594441a150..71bb7859f1 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -258,7 +258,7 @@ static void cpu_common_reset(DeviceState *dev)
}
cpu->interrupt_request = 0;
- cpu->halted = 0;
+ cpu->halted = cpu->start_powered_off;
cpu->mem_io_pc = 0;
cpu->icount_extra = 0;
atomic_set(&cpu->icount_decr_ptr->u32, 0);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 54fb653229..059a5ced6e 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -175,7 +175,6 @@ static void arm_cpu_reset(DeviceState *dev)
env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2;
cpu->power_state = s->start_powered_off ? PSCI_OFF : PSCI_ON;
- s->halted = s->start_powered_off;
if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
--
2.27.0

141
kvm-target-arm-Move-start-powered-off-property-to-generi.patch Normal file
View File

@ -0,0 +1,141 @@
From 76821af8b6d74237718fb554ae1a96f969308c69 Mon Sep 17 00:00:00 2001
From: Laurent Vivier <lvivier@redhat.com>
Date: Tue, 8 Sep 2020 18:47:14 -0400
Subject: [PATCH 2/4] target/arm: Move start-powered-off property to generic
CPUState
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laurent Vivier <lvivier@redhat.com>
Message-id: <20200908184716.1125192-2-lvivier@redhat.com>
Patchwork-id: 98299
O-Subject: [RHEL-AV-8.3.0 qemu-kvm PATCH 1/3] target/arm: Move start-powered-off property to generic CPUState
Bugzilla: 1849483
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: David Gibson <dgibson@redhat.com>
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
From: Thiago Jung Bauermann <bauerman@linux.ibm.com>
There are other platforms which also have CPUs that start powered off, so
generalize the start-powered-off property so that it can be used by them.
Note that ARMv7MState also has a property of the same name but this patch
doesn't change it because that class isn't a subclass of CPUState so it
wouldn't be a trivial change.
This change should not cause any change in behavior.
Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Message-Id: <20200826055535.951207-2-bauerman@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit c1b701587e59d9569c38d1d6033cd7cc2a992105)
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
exec.c | 1 +
include/hw/core/cpu.h | 4 ++++
target/arm/cpu.c | 5 ++---
target/arm/cpu.h | 3 ---
target/arm/kvm32.c | 2 +-
target/arm/kvm64.c | 2 +-
6 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/exec.c b/exec.c
index 6f381f98e2..82e82fab09 100644
--- a/exec.c
+++ b/exec.c
@@ -899,6 +899,7 @@ Property cpu_common_props[] = {
DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
MemoryRegion *),
#endif
+ DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 8f145733ce..9fc2696db5 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -374,6 +374,10 @@ struct CPUState {
bool created;
bool stop;
bool stopped;
+
+ /* Should CPU start in powered-off state? */
+ bool start_powered_off;
+
bool unplug;
bool crash_occurred;
bool exit_request;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 13ad40aa7d..54fb653229 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -174,8 +174,8 @@ static void arm_cpu_reset(DeviceState *dev)
env->vfp.xregs[ARM_VFP_MVFR1] = cpu->isar.mvfr1;
env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2;
- cpu->power_state = cpu->start_powered_off ? PSCI_OFF : PSCI_ON;
- s->halted = cpu->start_powered_off;
+ cpu->power_state = s->start_powered_off ? PSCI_OFF : PSCI_ON;
+ s->halted = s->start_powered_off;
if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
@@ -2182,7 +2182,6 @@ static const ARMCPUInfo arm_cpus[] = {
};
static Property arm_cpu_properties[] = {
- DEFINE_PROP_BOOL("start-powered-off", ARMCPU, start_powered_off, false),
DEFINE_PROP_UINT32("psci-conduit", ARMCPU, psci_conduit, 0),
DEFINE_PROP_UINT64("midr", ARMCPU, midr, 0),
DEFINE_PROP_UINT64("mp-affinity", ARMCPU,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9e8ed423ea..a925d26996 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -810,9 +810,6 @@ struct ARMCPU {
*/
uint32_t psci_version;
- /* Should CPU start in PSCI powered-off state? */
- bool start_powered_off;
-
/* Current power state, access guarded by BQL */
ARMPSCIState power_state;
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 0af46b41c8..1f2b8f8b7a 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -218,7 +218,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
/* Determine init features for this CPU */
memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
- if (cpu->start_powered_off) {
+ if (cs->start_powered_off) {
cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
}
if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 1169237905..f8a6d905fb 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -775,7 +775,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
/* Determine init features for this CPU */
memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
- if (cpu->start_powered_off) {
+ if (cs->start_powered_off) {
cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
}
if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
--
2.27.0

219
kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch Normal file
View File

@ -0,0 +1,219 @@
From b162af531abdf6f5e8ad13b93699a3ba28de6702 Mon Sep 17 00:00:00 2001
From: Michael Roth <mroth@redhat.com>
Date: Thu, 20 Aug 2020 23:00:51 -0400
Subject: [PATCH 1/4] target/ppc: Add experimental option for enabling secure
guests
RH-Author: Michael Roth <mroth@redhat.com>
Message-id: <20200820230051.516359-2-mroth@redhat.com>
Patchwork-id: 98208
O-Subject: [RHEL-AV-8.3.0 qemu virt PATCH 1/1] target/ppc: Add experimental option for enabling secure guests
Bugzilla: 1870384
RH-Acked-by: Greg Kurz <gkurz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: David Gibson <dgibson@redhat.com>
From: Fabiano Rosas <farosas@linux.ibm.com>
Making use of ppc's Protected Execution Facility (PEF) feature, a
guest can become a secure guest (aka. secure VM - SVM) and have its
memory protected from access by the host. This feature is mediated by
a piece of firmware called the Ultravisor (UV).
The transition from a regular to a secure VM is initiated by the guest
kernel during prom_init via the use of an ultracall (enter secure mode
- UV_ESM) and with cooperation from the hypervisor via an hcall
(H_SVM_INIT_START).
Currently QEMU has no knowledge of this process and no way to
determine if a host supports the feature. A guest with PEF support
enabled would always try to enter secure mode regardless of user
intent or hardware support.
To address the above, a new KVM capability (KVM_CAP_PPC_SECURE_GUEST
[1]) is being introduced in the kernel without which KVM will block
the secure transition.
This patch adds support for checking/enabling this KVM capability via
a new experimental spapr machine option, e.g.:
-machine pseries,x-svm-allowed=on
The capability defaults to off.
1- https://lore.kernel.org/kvm/20200319043301.GA13052@blackberry
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1789757
Upstream: RHEL-only
*re-worked to drop use of spapr capabilities infrastructure in favor
of a simple one-off machine option
Signed-off-by: Michael Roth <mroth@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/ppc/spapr.c | 23 +++++++++++++++++++++++
include/hw/ppc/spapr.h | 3 +++
target/ppc/kvm.c | 27 +++++++++++++++++++++++++++
target/ppc/kvm_ppc.h | 13 +++++++++++++
4 files changed, 66 insertions(+)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5e3964326d..e77c90bfc5 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1636,6 +1636,9 @@ static void spapr_machine_reset(MachineState *machine)
kvmppc_svm_off(&error_fatal);
spapr_caps_apply(spapr);
+ if (spapr->svm_allowed) {
+ kvmppc_svm_allow(&error_fatal);
+ }
first_ppc_cpu = POWERPC_CPU(first_cpu);
if (kvm_enabled() && kvmppc_has_cap_mmu_radix() &&
@@ -3303,6 +3306,20 @@ static void spapr_set_host_serial(Object *obj, const char *value, Error **errp)
spapr->host_serial = g_strdup(value);
}
+static bool spapr_get_svm_allowed(Object *obj, Error **errp)
+{
+ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
+
+ return spapr->svm_allowed;
+}
+
+static void spapr_set_svm_allowed(Object *obj, bool value, Error **errp)
+{
+ SpaprMachineState *spapr = SPAPR_MACHINE(obj);
+
+ spapr->svm_allowed = value;
+}
+
static void spapr_instance_init(Object *obj)
{
SpaprMachineState *spapr = SPAPR_MACHINE(obj);
@@ -3358,6 +3375,12 @@ static void spapr_instance_init(Object *obj)
spapr_get_host_serial, spapr_set_host_serial);
object_property_set_description(obj, "host-serial",
"Host serial number to advertise in guest device tree");
+ object_property_add_bool(obj, "x-svm-allowed",
+ spapr_get_svm_allowed,
+ spapr_set_svm_allowed);
+ object_property_set_description(obj, "x-svm-allowed",
+ "Allow the guest to become a Secure Guest"
+ " (experimental only)");
}
static void spapr_machine_finalizefn(Object *obj)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index f48089edba..d0728a4758 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -212,6 +212,9 @@ struct SpaprMachineState {
int fwnmi_machine_check_interlock;
QemuCond fwnmi_machine_check_interlock_cond;
+ /* Secure Guest support via x-svm-allowed */
+ bool svm_allowed;
+
/*< public >*/
char *kvm_type;
char *host_model;
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index d85ba8ffe0..ce63f8b6f3 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -89,6 +89,7 @@ static int cap_ppc_count_cache_flush_assist;
static int cap_ppc_nested_kvm_hv;
static int cap_large_decr;
static int cap_fwnmi;
+static int cap_ppc_secure_guest;
static uint32_t debug_inst_opcode;
@@ -136,6 +137,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
kvmppc_get_cpu_characteristics(s);
cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV);
+ cap_ppc_secure_guest = kvm_vm_check_extension(s, KVM_CAP_PPC_SECURE_GUEST);
cap_large_decr = kvmppc_get_dec_bits();
cap_fwnmi = kvm_vm_check_extension(s, KVM_CAP_PPC_FWNMI);
/*
@@ -2538,6 +2540,16 @@ int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable)
return 0;
}
+bool kvmppc_has_cap_secure_guest(void)
+{
+ return !!cap_ppc_secure_guest;
+}
+
+int kvmppc_enable_cap_secure_guest(void)
+{
+ return kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
+}
+
PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void)
{
uint32_t host_pvr = mfpvr();
@@ -2948,3 +2960,18 @@ void kvmppc_svm_off(Error **errp)
error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
}
}
+
+void kvmppc_svm_allow(Error **errp)
+{
+ if (!kvm_enabled()) {
+ error_setg(errp, "No PEF support in tcg, try x-svm-allowed=off");
+ return;
+ }
+
+ if (!kvmppc_has_cap_secure_guest()) {
+ error_setg(errp, "KVM implementation does not support secure guests, "
+ "try x-svm-allowed=off");
+ } else if (kvmppc_enable_cap_secure_guest() < 0) {
+ error_setg(errp, "Error enabling x-svm-allowed, try x-svm-allowed=off");
+ }
+}
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index 72e05f1cd2..3fd5ea2414 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -40,6 +40,7 @@ target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
bool radix, bool gtse,
uint64_t proc_tbl);
void kvmppc_svm_off(Error **errp);
+void kvmppc_svm_allow(Error **errp);
#ifndef CONFIG_USER_ONLY
bool kvmppc_spapr_use_multitce(void);
int kvmppc_spapr_enable_inkernel_multitce(void);
@@ -73,6 +74,8 @@ int kvmppc_set_cap_nested_kvm_hv(int enable);
int kvmppc_get_cap_large_decr(void);
int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable);
int kvmppc_enable_hwrng(void);
+bool kvmppc_has_cap_secure_guest(void);
+int kvmppc_enable_cap_secure_guest(void);
int kvmppc_put_books_sregs(PowerPCCPU *cpu);
PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void);
void kvmppc_check_papr_resize_hpt(Error **errp);
@@ -386,6 +389,16 @@ static inline int kvmppc_enable_cap_large_decr(PowerPCCPU *cpu, int enable)
return -1;
}
+static inline bool kvmppc_has_cap_secure_guest(void)
+{
+ return false;
+}
+
+static inline int kvmppc_enable_cap_secure_guest(void)
+{
+ return -1;
+}
+
static inline int kvmppc_enable_hwrng(void)
{
return -1;
--
2.27.0

23
qemu-kvm.spec
View File

@ -69,7 +69,7 @@ Obsoletes: %1-rhev
Summary: QEMU is a machine emulator and virtualizer Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm Name: qemu-kvm
Version: 5.1.0 Version: 5.1.0
Release: 6%{?dist} Release: 7%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 15 Epoch: 15
License: GPLv2 and GPLv2+ and CC-BY License: GPLv2 and GPLv2+ and CC-BY
@ -176,6 +176,15 @@ Patch53: kvm-Revert-hw-386-Add-EPYC-mode-topology-decoding-functi.patch
Patch54: kvm-nvram-Exit-QEMU-if-NVRAM-cannot-contain-all-prom-env.patch Patch54: kvm-nvram-Exit-QEMU-if-NVRAM-cannot-contain-all-prom-env.patch
# For bz#1869715 - CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-av-8.3.0] # For bz#1869715 - CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-av-8.3.0]
Patch55: kvm-usb-fix-setup_len-init-CVE-2020-14364.patch Patch55: kvm-usb-fix-setup_len-init-CVE-2020-14364.patch
# For bz#1789757 - [IBM 8.4 FEAT] Add machine option to enable secure VM support
# For bz#1870384 - [IBM 8.3 FEAT] Add interim/unsupported machine option to enable secure VM support for testing purposes
Patch56: kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch
# For bz#1849483 - Failed to boot up guest when hotplugging vcpus on bios stage
Patch57: kvm-target-arm-Move-start-powered-off-property-to-generi.patch
# For bz#1849483 - Failed to boot up guest when hotplugging vcpus on bios stage
Patch58: kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch
# For bz#1849483 - Failed to boot up guest when hotplugging vcpus on bios stage
Patch59: kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch
BuildRequires: wget BuildRequires: wget
BuildRequires: rpm-build BuildRequires: rpm-build
@ -1135,6 +1144,18 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%changelog %changelog
* Tue Sep 15 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.1.0-7.el8
- kvm-target-ppc-Add-experimental-option-for-enabling-secu.patch [bz#1789757 bz#1870384]
- kvm-target-arm-Move-start-powered-off-property-to-generi.patch [bz#1849483]
- kvm-target-arm-Move-setting-of-CPU-halted-state-to-gener.patch [bz#1849483]
- kvm-ppc-spapr-Use-start-powered-off-CPUState-property.patch [bz#1849483]
- Resolves: bz#1789757
([IBM 8.4 FEAT] Add machine option to enable secure VM support)
- Resolves: bz#1849483
(Failed to boot up guest when hotplugging vcpus on bios stage)
- Resolves: bz#1870384
([IBM 8.3 FEAT] Add interim/unsupported machine option to enable secure VM support for testing purposes)
* Thu Sep 10 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.1.0-6.el8 * Thu Sep 10 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.1.0-6.el8
- kvm-spec-Move-qemu-pr-helper-back-to-usr-bin.patch [bz#1869635] - kvm-spec-Move-qemu-pr-helper-back-to-usr-bin.patch [bz#1869635]
- kvm-Bump-required-libusbx-version.patch [bz#1856591] - kvm-Bump-required-libusbx-version.patch [bz#1856591]