diff --git a/0035-block-nvme-Implement-fake-truncate-coroutine.patch b/0035-block-nvme-Implement-fake-truncate-coroutine.patch new file mode 100644 index 0000000..237e9e1 --- /dev/null +++ b/0035-block-nvme-Implement-fake-truncate-coroutine.patch @@ -0,0 +1,84 @@ +From f4c65e14055e208e331a83b9340998ecbe796b5f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 1 Jan 2021 17:18:13 -0500 +Subject: block/nvme: Implement fake truncate() coroutine +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20210101171813.1734014-2-philmd@redhat.com> +Patchwork-id: 100503 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] block/nvme: Implement fake truncate() coroutine +Bugzilla: 1848834 +RH-Acked-by: Thomas Huth +RH-Acked-by: Max Reitz +RH-Acked-by: Stefan Hajnoczi + +NVMe drive cannot be shrunk. + +Since commit c80d8b06cfa we can use the @exact parameter (set +to false) to return success if the block device is larger than +the requested offset (even if we can not be shrunk). + +Use this parameter to implement the NVMe truncate() coroutine, +similarly how it is done for the iscsi and file-posix drivers +(see commit 82325ae5f2f "Evaluate @exact in protocol drivers"). + +Reported-by: Xueqiang Wei +Suggested-by: Max Reitz +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20201210125202.858656-1-philmd@redhat.com> +Signed-off-by: Max Reitz +(cherry picked from commit c8807c5edcc8bd8917a5b7531d47ef6a99e07bd8) +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Danilo C. L. de Paula +--- + block/nvme.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/block/nvme.c b/block/nvme.c +index a06a188d53..5a6fbacf4a 100644 +--- a/block/nvme.c ++++ b/block/nvme.c +@@ -1389,6 +1389,29 @@ out: + + } + ++static int coroutine_fn nvme_co_truncate(BlockDriverState *bs, int64_t offset, ++ bool exact, PreallocMode prealloc, ++ BdrvRequestFlags flags, Error **errp) ++{ ++ int64_t cur_length; ++ ++ if (prealloc != PREALLOC_MODE_OFF) { ++ error_setg(errp, "Unsupported preallocation mode '%s'", ++ PreallocMode_str(prealloc)); ++ return -ENOTSUP; ++ } ++ ++ cur_length = nvme_getlength(bs); ++ if (offset != cur_length && exact) { ++ error_setg(errp, "Cannot resize NVMe devices"); ++ return -ENOTSUP; ++ } else if (offset > cur_length) { ++ error_setg(errp, "Cannot grow NVMe devices"); ++ return -EINVAL; ++ } ++ ++ return 0; ++} + + static int nvme_reopen_prepare(BDRVReopenState *reopen_state, + BlockReopenQueue *queue, Error **errp) +@@ -1523,6 +1546,7 @@ static BlockDriver bdrv_nvme = { + .bdrv_close = nvme_close, + .bdrv_getlength = nvme_getlength, + .bdrv_probe_blocksizes = nvme_probe_blocksizes, ++ .bdrv_co_truncate = nvme_co_truncate, + + .bdrv_co_preadv = nvme_co_preadv, + .bdrv_co_pwritev = nvme_co_pwritev, +-- +2.18.4 + diff --git a/0037-build-system-use-b_staticpic-false.patch b/0037-build-system-use-b_staticpic-false.patch new file mode 100644 index 0000000..b47336b --- /dev/null +++ b/0037-build-system-use-b_staticpic-false.patch @@ -0,0 +1,77 @@ +From 50b575b27b9daa331da08d10dbe6524de0580833 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 16 Dec 2020 17:53:08 -0500 +Subject: build-system: use b_staticpic=false +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Paolo Bonzini +Message-id: <20201216175308.1463822-3-pbonzini@redhat.com> +Patchwork-id: 100484 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/2] build-system: use b_staticpic=false +Bugzilla: 1899619 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Danilo de Paula + +Meson 0.56.0 correctly builds non-PIC static libraries with -fPIE if +b_pie=true, while Meson 0.55.3 has a bug that causes the library +to use non-PIE objects and fail to link. Therefore, upstream +QEMU looks at the meson version in order to decide between +b_staticpic=false and b_staticpic=$pie. + +Unfortunately, b_staticpic=$pie still has a negative effect +on performance when you QEMU is compiled with --enable-pie +like RHEL does. Therefore, we have backported the fix +to Meson 0.55.3-3.el8. We can require it and unconditionally +use b_staticpic=false. + +The patch is RHEL-specific, but a similar change is included +in the larger patch for "meson: switch minimum meson version to +0.56.0". + +Signed-off-by: Paolo Bonzini +Signed-off-by: Danilo C. L. de Paula +--- + configure | 5 ----- + meson.build | 4 ++-- + redhat/qemu-kvm.spec.template | 2 +- + 3 files changed, 3 insertions(+), 8 deletions(-) + +diff --git a/configure b/configure +index 18c26e0389..d60097c0d4 100755 +--- a/configure ++++ b/configure +@@ -6979,10 +6979,6 @@ fi + mv $cross config-meson.cross + + rm -rf meson-private meson-info meson-logs +-unset staticpic +-if ! version_ge "$($meson --version)" 0.56.0; then +- staticpic=$(if test "$pie" = yes; then echo true; else echo false; fi) +-fi + NINJA=$ninja $meson setup \ + --prefix "$prefix" \ + --libdir "$libdir" \ +@@ -7002,7 +6998,6 @@ NINJA=$ninja $meson setup \ + -Dwerror=$(if test "$werror" = yes; then echo true; else echo false; fi) \ + -Dstrip=$(if test "$strip_opt" = yes; then echo true; else echo false; fi) \ + -Db_pie=$(if test "$pie" = yes; then echo true; else echo false; fi) \ +- ${staticpic:+-Db_staticpic=$staticpic} \ + -Db_coverage=$(if test "$gcov" = yes; then echo true; else echo false; fi) \ + -Dmalloc=$malloc -Dmalloc_trim=$malloc_trim -Dsparse=$sparse \ + -Dkvm=$kvm -Dhax=$hax -Dwhpx=$whpx -Dhvf=$hvf \ +diff --git a/meson.build b/meson.build +index 8c38b2ea36..c482d075d5 100644 +--- a/meson.build ++++ b/meson.build +@@ -1,6 +1,6 @@ + project('qemu', ['c'], meson_version: '>=0.55.0', +- default_options: ['warning_level=1', 'c_std=gnu99', 'cpp_std=gnu++11', 'b_colorout=auto'] + +- (meson.version().version_compare('>=0.56.0') ? [ 'b_staticpic=false' ] : []), ++ default_options: ['warning_level=1', 'c_std=gnu99', 'cpp_std=gnu++11', 'b_colorout=auto', ++ 'b_staticpic=false' ], + version: run_command('head', meson.source_root() / 'VERSION').stdout().strip()) + + not_found = dependency('', required: false) diff --git a/0038-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch b/0038-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch new file mode 100644 index 0000000..5c7f88d --- /dev/null +++ b/0038-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch @@ -0,0 +1,131 @@ +From d66ae008007853df7d3a24bd2d5e7494f53f007c Mon Sep 17 00:00:00 2001 +From: Greg Kurz +Date: Thu, 7 Jan 2021 10:10:20 -0500 +Subject: spapr: Fix buffer overflow in spapr_numa_associativity_init() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Greg Kurz +Message-id: <20210107101020.579456-2-gkurz@redhat.com> +Patchwork-id: 100515 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] spapr: Fix buffer overflow in spapr_numa_associativity_init() +Bugzilla: 1908693 +RH-Acked-by: David Gibson +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Laurent Vivier + +From: Greg Kurz + +Running a guest with 128 NUMA nodes crashes QEMU: + +../../util/error.c:59: error_setv: Assertion `*errp == NULL' failed. + +The crash happens when setting the FWNMI migration blocker: + +2861 if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI) == SPAPR_CAP_ON) { +2862 /* Create the error string for live migration blocker */ +2863 error_setg(&spapr->fwnmi_migration_blocker, +2864 "A machine check is being handled during migration. The handler" +2865 "may run and log hardware error on the destination"); +2866 } + +Inspection reveals that papr->fwnmi_migration_blocker isn't NULL: + +(gdb) p spapr->fwnmi_migration_blocker +$1 = (Error *) 0x8000000004000000 + +Since this is the only place where papr->fwnmi_migration_blocker is +set, this means someone wrote there in our back. Further analysis +points to spapr_numa_associativity_init(), especially the part +that initializes the associative arrays for NVLink GPUs: + + max_nodes_with_gpus = nb_numa_nodes + NVGPU_MAX_NUM; + +ie. max_nodes_with_gpus = 128 + 6, but the array isn't sized to +accommodate the 6 extra nodes: + +struct SpaprMachineState { + . + . + . + uint32_t numa_assoc_array[MAX_NODES][NUMA_ASSOC_SIZE]; + + Error *fwnmi_migration_blocker; +}; + +and the following loops happily overwrite spapr->fwnmi_migration_blocker, +and probably more: + + for (i = nb_numa_nodes; i < max_nodes_with_gpus; i++) { + spapr->numa_assoc_array[i][0] = cpu_to_be32(MAX_DISTANCE_REF_POINTS); + + for (j = 1; j < MAX_DISTANCE_REF_POINTS; j++) { + uint32_t gpu_assoc = smc->pre_5_1_assoc_refpoints ? + SPAPR_GPU_NUMA_ID : cpu_to_be32(i); + spapr->numa_assoc_array[i][j] = gpu_assoc; + } + + spapr->numa_assoc_array[i][MAX_DISTANCE_REF_POINTS] = cpu_to_be32(i); + } + +Fix the size of the array. This requires "hw/ppc/spapr.h" to see +NVGPU_MAX_NUM. Including "hw/pci-host/spapr.h" introduces a +circular dependency that breaks the build, so this moves the +definition of NVGPU_MAX_NUM to "hw/ppc/spapr.h" instead. + +Reported-by: Min Deng +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1908693 +Fixes: dd7e1d7ae431 ("spapr_numa: move NVLink2 associativity handling to spapr_numa.c") +Cc: danielhb413@gmail.com +Signed-off-by: Greg Kurz +Message-Id: <160829960428.734871.12634150161215429514.stgit@bahia.lan> +Reviewed-by: Daniel Henrique Barboza +Signed-off-by: David Gibson +(cherry picked from commit 30499fdd9883026e106d74e8199e2f1311fd4011) +Signed-off-by: Greg Kurz +Signed-off-by: Danilo C. L. de Paula +--- + include/hw/pci-host/spapr.h | 2 -- + include/hw/ppc/spapr.h | 5 ++++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/include/hw/pci-host/spapr.h b/include/hw/pci-host/spapr.h +index 4f58f0223b..bd014823a9 100644 +--- a/include/hw/pci-host/spapr.h ++++ b/include/hw/pci-host/spapr.h +@@ -115,8 +115,6 @@ struct SpaprPhbState { + #define SPAPR_PCI_NV2RAM64_WIN_BASE SPAPR_PCI_LIMIT + #define SPAPR_PCI_NV2RAM64_WIN_SIZE (2 * TiB) /* For up to 6 GPUs 256GB each */ + +-/* Max number of these GPUsper a physical box */ +-#define NVGPU_MAX_NUM 6 + /* Max number of NVLinks per GPU in any physical box */ + #define NVGPU_MAX_LINKS 3 + +diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h +index ba2d81404b..28bbf07f8f 100644 +--- a/include/hw/ppc/spapr.h ++++ b/include/hw/ppc/spapr.h +@@ -112,6 +112,9 @@ typedef enum { + #define NUMA_ASSOC_SIZE (MAX_DISTANCE_REF_POINTS + 1) + #define VCPU_ASSOC_SIZE (NUMA_ASSOC_SIZE + 1) + ++/* Max number of these GPUsper a physical box */ ++#define NVGPU_MAX_NUM 6 ++ + typedef struct SpaprCapabilities SpaprCapabilities; + struct SpaprCapabilities { + uint8_t caps[SPAPR_CAP_NUM]; +@@ -243,7 +246,7 @@ struct SpaprMachineState { + unsigned gpu_numa_id; + SpaprTpmProxy *tpm_proxy; + +- uint32_t numa_assoc_array[MAX_NODES][NUMA_ASSOC_SIZE]; ++ uint32_t numa_assoc_array[MAX_NODES + NVGPU_MAX_NUM][NUMA_ASSOC_SIZE]; + + Error *fwnmi_migration_blocker; + }; +-- +2.18.4 + diff --git a/0039-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch b/0039-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch new file mode 100644 index 0000000..01edcf3 --- /dev/null +++ b/0039-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch @@ -0,0 +1,175 @@ +From e85ee5f0196b85ad6f9faa02571325831b612c37 Mon Sep 17 00:00:00 2001 +From: "Dr. David Alan Gilbert" +Date: Thu, 7 Jan 2021 14:12:25 -0500 +Subject: usb/hcd-xhci-pci: Fixup capabilities ordering (again) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Dr. David Alan Gilbert +Message-id: <20210107141225.19709-2-dgilbert@redhat.com> +Patchwork-id: 100518 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] usb/hcd-xhci-pci: Fixup capabilities ordering (again) +Bugzilla: 1912846 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Gerd Hoffmann + +From: "Dr. David Alan Gilbert" + +Allow the reordering of the PCIe capabilities for MSI around the PCIe +capability. +This changed incompatibly way back in QEMU 2.7 and in RHEL we fixed +it up in bz 1447874 unconditionally putting it back. + +The xhci code got reorganised between 5.0 and 5.2; and we lost this +fixup on rebase. + +This time, add it as a property, and enable the property for old +machine types; this will allow us to drop this patch once the +old machine types go. + +Signed-off-by: Dr. David Alan Gilbert +Signed-off-by: Danilo C. L. de Paula +--- + hw/core/machine.c | 4 ++- + hw/usb/hcd-xhci-pci.c | 59 +++++++++++++++++++++++++++++++++---------- + hw/usb/hcd-xhci-pci.h | 1 + + 3 files changed, 49 insertions(+), 15 deletions(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index aba05ad676..68495b9411 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -29,7 +29,7 @@ + #include "migration/vmstate.h" + + /* +- * The same as hw_compat_5_1 ++ * Mostly the same as hw_compat_5_1 + */ + GlobalProperty hw_compat_rhel_8_3[] = { + /* hw_compat_rhel_8_3 from hw_compat_5_1 */ +@@ -46,6 +46,8 @@ GlobalProperty hw_compat_rhel_8_3[] = { + { "nvme", "use-intel-id", "on"}, + /* hw_compat_rhel_8_3 from hw_compat_5_1 */ + { "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */ ++ /* hw_compat_rhel_8_3 bz 1912846 */ ++ { "pci-xhci", "x-rh-late-msi-cap", "off" }, + }; + const size_t hw_compat_rhel_8_3_len = G_N_ELEMENTS(hw_compat_rhel_8_3); + +diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c +index bba628d3d2..d045a2a8be 100644 +--- a/hw/usb/hcd-xhci-pci.c ++++ b/hw/usb/hcd-xhci-pci.c +@@ -101,6 +101,33 @@ static int xhci_pci_vmstate_post_load(void *opaque, int version_id) + return 0; + } + ++/* RH bz 1912846 */ ++static bool usb_xhci_pci_add_msi(struct PCIDevice *dev, Error **errp) ++{ ++ int ret; ++ Error *err = NULL; ++ XHCIPciState *s = XHCI_PCI(dev); ++ ++ ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err); ++ /* ++ * Any error other than -ENOTSUP(board's MSI support is broken) ++ * is a programming error ++ */ ++ assert(!ret || ret == -ENOTSUP); ++ if (ret && s->msi == ON_OFF_AUTO_ON) { ++ /* Can't satisfy user's explicit msi=on request, fail */ ++ error_append_hint(&err, "You have to use msi=auto (default) or " ++ "msi=off with this machine type.\n"); ++ error_propagate(errp, err); ++ return true; ++ } ++ assert(!err || s->msi == ON_OFF_AUTO_AUTO); ++ /* With msi=auto, we fall back to MSI off silently */ ++ error_free(err); ++ ++ return false; ++} ++ + static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp) + { + int ret; +@@ -124,23 +151,12 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp) + s->xhci.nec_quirks = true; + } + +- if (s->msi != ON_OFF_AUTO_OFF) { +- ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err); +- /* +- * Any error other than -ENOTSUP(board's MSI support is broken) +- * is a programming error +- */ +- assert(!ret || ret == -ENOTSUP); +- if (ret && s->msi == ON_OFF_AUTO_ON) { +- /* Can't satisfy user's explicit msi=on request, fail */ +- error_append_hint(&err, "You have to use msi=auto (default) or " +- "msi=off with this machine type.\n"); ++ if (s->msi != ON_OFF_AUTO_OFF && s->rh_late_msi_cap) { ++ /* This gives the behaviour from 5.2.0 onwards, lspci shows 90,a0,70 */ ++ if (usb_xhci_pci_add_msi(dev, &err)) { + error_propagate(errp, err); + return; + } +- assert(!err || s->msi == ON_OFF_AUTO_AUTO); +- /* With msi=auto, we fall back to MSI off silently */ +- error_free(err); + } + pci_register_bar(dev, 0, + PCI_BASE_ADDRESS_SPACE_MEMORY | +@@ -153,6 +169,14 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp) + assert(ret > 0); + } + ++ /* RH bz 1912846 */ ++ if (s->msi != ON_OFF_AUTO_OFF && !s->rh_late_msi_cap) { ++ /* This gives the older RH machine behaviour, lspci shows 90,70,a0 */ ++ if (usb_xhci_pci_add_msi(dev, &err)) { ++ error_propagate(errp, err); ++ return; ++ } ++ } + if (s->msix != ON_OFF_AUTO_OFF) { + /* TODO check for errors, and should fail when msix=on */ + msix_init(dev, s->xhci.numintrs, +@@ -197,11 +221,18 @@ static void xhci_instance_init(Object *obj) + qdev_alias_all_properties(DEVICE(&s->xhci), obj); + } + ++static Property xhci_pci_properties[] = { ++ /* RH bz 1912846 */ ++ DEFINE_PROP_BOOL("x-rh-late-msi-cap", XHCIPciState, rh_late_msi_cap, true), ++ DEFINE_PROP_END_OF_LIST() ++}; ++ + static void xhci_class_init(ObjectClass *klass, void *data) + { + PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); + ++ device_class_set_props(dc, xhci_pci_properties); + dc->reset = xhci_pci_reset; + dc->vmsd = &vmstate_xhci_pci; + set_bit(DEVICE_CATEGORY_USB, dc->categories); +diff --git a/hw/usb/hcd-xhci-pci.h b/hw/usb/hcd-xhci-pci.h +index c193f79443..086a1feb1e 100644 +--- a/hw/usb/hcd-xhci-pci.h ++++ b/hw/usb/hcd-xhci-pci.h +@@ -39,6 +39,7 @@ typedef struct XHCIPciState { + XHCIState xhci; + OnOffAuto msi; + OnOffAuto msix; ++ bool rh_late_msi_cap; /* bz 1912846 */ + } XHCIPciState; + + #endif +-- +2.18.4 + diff --git a/0040-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch b/0040-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch new file mode 100644 index 0000000..cd881aa --- /dev/null +++ b/0040-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch @@ -0,0 +1,132 @@ +From 0e1bc444240fb2d8d3ee65533baaa72a7267c53a Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Fri, 8 Jan 2021 12:27:19 -0500 +Subject: qga/commands-posix: Send CCW address on s390x with the fsinfo data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Thomas Huth +Message-id: <20210108122719.73201-2-thuth@redhat.com> +Patchwork-id: 100532 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH v2 1/1] qga/commands-posix: Send CCW address on s390x with the fsinfo data +Bugzilla: 1755075 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Cornelia Huck +RH-Acked-by: David Hildenbrand + +We need the CCW address on the libvirt side to correctly identify +the disk, so add this information to the GuestDiskAddress on s390x. + +Signed-off-by: Thomas Huth +Reviewed-by: Cornelia Huck +Reviewed-by: Michael Roth +Message-Id: <20201127082353.448251-1-thuth@redhat.com> +Signed-off-by: Cornelia Huck +(cherry picked from commit 5b723a5d8df44b69b8ba350e643059c8fd889315) +Signed-off-by: Danilo C. L. de Paula +--- + qga/commands-posix.c | 34 ++++++++++++++++++++++++++++++++++ + qga/qapi-schema.json | 20 +++++++++++++++++++- + 2 files changed, 53 insertions(+), 1 deletion(-) + +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index c089e38120..5aa5eff84f 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -1029,6 +1029,38 @@ static bool build_guest_fsinfo_for_nonpci_virtio(char const *syspath, + return true; + } + ++/* ++ * Store disk device info for CCW devices (s390x channel I/O devices). ++ * Returns true if information has been stored, or false for failure. ++ */ ++static bool build_guest_fsinfo_for_ccw_dev(char const *syspath, ++ GuestDiskAddress *disk, ++ Error **errp) ++{ ++ unsigned int cssid, ssid, subchno, devno; ++ char *p; ++ ++ p = strstr(syspath, "/devices/css"); ++ if (!p || sscanf(p + 12, "%*x/%x.%x.%x/%*x.%*x.%x/", ++ &cssid, &ssid, &subchno, &devno) < 4) { ++ g_debug("could not parse ccw device sysfs path: %s", syspath); ++ return false; ++ } ++ ++ disk->has_ccw_address = true; ++ disk->ccw_address = g_new0(GuestCCWAddress, 1); ++ disk->ccw_address->cssid = cssid; ++ disk->ccw_address->ssid = ssid; ++ disk->ccw_address->subchno = subchno; ++ disk->ccw_address->devno = devno; ++ ++ if (strstr(p, "/virtio")) { ++ build_guest_fsinfo_for_nonpci_virtio(syspath, disk, errp); ++ } ++ ++ return true; ++} ++ + /* Store disk device info specified by @sysfs into @fs */ + static void build_guest_fsinfo_for_real_device(char const *syspath, + GuestFilesystemInfo *fs, +@@ -1081,6 +1113,8 @@ static void build_guest_fsinfo_for_real_device(char const *syspath, + + if (strstr(syspath, "/devices/pci")) { + has_hwinf = build_guest_fsinfo_for_pci_dev(syspath, disk, errp); ++ } else if (strstr(syspath, "/devices/css")) { ++ has_hwinf = build_guest_fsinfo_for_ccw_dev(syspath, disk, errp); + } else if (strstr(syspath, "/virtio")) { + has_hwinf = build_guest_fsinfo_for_nonpci_virtio(syspath, disk, errp); + } else { +diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json +index 3b3d1d0bd9..9a82b7e952 100644 +--- a/qga/qapi-schema.json ++++ b/qga/qapi-schema.json +@@ -846,6 +846,22 @@ + 'data': {'domain': 'int', 'bus': 'int', + 'slot': 'int', 'function': 'int'} } + ++## ++# @GuestCCWAddress: ++# ++# @cssid: channel subsystem image id ++# @ssid: subchannel set id ++# @subchno: subchannel number ++# @devno: device number ++# ++# Since: 6.0 ++## ++{ 'struct': 'GuestCCWAddress', ++ 'data': {'cssid': 'int', ++ 'ssid': 'int', ++ 'subchno': 'int', ++ 'devno': 'int'} } ++ + ## + # @GuestDiskAddress: + # +@@ -856,6 +872,7 @@ + # @unit: unit id + # @serial: serial number (since: 3.1) + # @dev: device node (POSIX) or device UNC (Windows) (since: 3.1) ++# @ccw-address: CCW address on s390x (since: 6.0) + # + # Since: 2.2 + ## +@@ -863,7 +880,8 @@ + 'data': {'pci-controller': 'GuestPCIAddress', + 'bus-type': 'GuestDiskBusType', + 'bus': 'int', 'target': 'int', 'unit': 'int', +- '*serial': 'str', '*dev': 'str'} } ++ '*serial': 'str', '*dev': 'str', ++ '*ccw-address': 'GuestCCWAddress'} } + + ## + # @GuestDiskInfo: +-- +2.18.4 + diff --git a/0041-AArch64-machine-types-cleanup.patch b/0041-AArch64-machine-types-cleanup.patch new file mode 100644 index 0000000..0ac8f70 --- /dev/null +++ b/0041-AArch64-machine-types-cleanup.patch @@ -0,0 +1,188 @@ +From bfa3dc6e290c7b4f7f8825e4d4320ba062ed445a Mon Sep 17 00:00:00 2001 +From: Andrew Jones +Date: Sat, 9 Jan 2021 22:19:27 -0500 +Subject: AArch64 machine types cleanup + +RH-Author: Andrew Jones +Message-id: <20210109221928.31407-2-drjones@redhat.com> +Patchwork-id: 100547 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH v2 1/2] AArch64 machine types cleanup +Bugzilla: 1895276 +RH-Acked-by: Gavin Shan +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Auger Eric +RH-Acked-by: Thomas Huth + +No functional change here, just a reduction of downstream-only +changes and whitespace differences. Also the removal of a nested +'#if 0 /* disabled for RHEL */' block. + +Signed-off-by: Andrew Jones +Signed-off-by: Danilo C. L. de Paula +--- + hw/arm/virt.c | 69 +++++++++++++++++++++++---------------------------- + 1 file changed, 31 insertions(+), 38 deletions(-) + +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index 21e0485ac5..530072fce0 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -123,7 +123,6 @@ + static const TypeInfo rhel##m##n##s##_machvirt_info = { \ + .name = MACHINE_TYPE_NAME("virt-rhel" # m "." # n "." # s), \ + .parent = TYPE_RHEL_MACHINE, \ +- .instance_init = rhel##m##n##s##_virt_instance_init, \ + .class_init = rhel##m##n##s##_virt_class_init, \ + }; \ + static void rhel##m##n##s##_machvirt_init(void) \ +@@ -2098,8 +2097,8 @@ static void virt_set_virt(Object *obj, bool value, Error **errp) + + vms->virt = value; + } +- + #endif /* disabled for RHEL */ ++ + static bool virt_get_highmem(Object *obj, Error **errp) + { + VirtMachineState *vms = VIRT_MACHINE(obj); +@@ -2167,14 +2166,13 @@ static void virt_set_ras(Object *obj, bool value, Error **errp) + + vms->ras = value; + } +-#if 0 /* Disabled for Red Hat Enterprise Linux */ ++ + static bool virt_get_mte(Object *obj, Error **errp) + { + VirtMachineState *vms = VIRT_MACHINE(obj); + + return vms->mte; + } +-#endif /* disabled for RHEL */ + + static void virt_set_mte(Object *obj, bool value, Error **errp) + { +@@ -2182,7 +2180,8 @@ static void virt_set_mte(Object *obj, bool value, Error **errp) + + vms->mte = value; + } +-#endif ++#endif /* disabled for RHEL */ ++ + static char *virt_get_gic_version(Object *obj, Error **errp) + { + VirtMachineState *vms = VIRT_MACHINE(obj); +@@ -2818,25 +2817,6 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data) + "Enable ACPI"); + } + +-static const TypeInfo rhel_machine_info = { +- .name = TYPE_RHEL_MACHINE, +- .parent = TYPE_MACHINE, +- .abstract = true, +- .instance_size = sizeof(VirtMachineState), +- .class_size = sizeof(VirtMachineClass), +- .class_init = rhel_machine_class_init, +- .interfaces = (InterfaceInfo[]) { +- { TYPE_HOTPLUG_HANDLER }, +- { } +- }, +-}; +- +-static void rhel_machine_init(void) +-{ +- type_register_static(&rhel_machine_info); +-} +-type_init(rhel_machine_init); +- + static void rhel_virt_instance_init(Object *obj) + { + VirtMachineState *vms = VIRT_MACHINE(obj); +@@ -2844,22 +2824,23 @@ static void rhel_virt_instance_init(Object *obj) + + /* EL3 is disabled by default and non-configurable for RHEL */ + vms->secure = false; ++ + /* EL2 is disabled by default and non-configurable for RHEL */ + vms->virt = false; +- /* High memory is enabled by default for RHEL */ ++ ++ /* High memory is enabled by default */ + vms->highmem = true; + object_property_add_bool(obj, "highmem", virt_get_highmem, + virt_set_highmem); + object_property_set_description(obj, "highmem", + "Set on/off to enable/disable using " + "physical address space above 32 bits"); +- + vms->gic_version = VIRT_GIC_VERSION_NOSEL; + object_property_add_str(obj, "gic-version", virt_get_gic_version, + virt_set_gic_version); + object_property_set_description(obj, "gic-version", + "Set GIC version. " +- "Valid values are 2, 3 and host"); ++ "Valid values are 2, 3, host and max"); + + vms->highmem_ecam = !vmc->no_highmem_ecam; + +@@ -2882,18 +2863,36 @@ static void rhel_virt_instance_init(Object *obj) + "Set the IOMMU type. " + "Valid values are none and smmuv3"); + ++ /* Default disallows RAS instantiation and is non-configurable for RHEL */ + vms->ras = false; +- /* MTE is disabled by default. */ ++ ++ /* MTE is disabled by default and non-configurable for RHEL */ + vms->mte = false; + +- vms->irqmap=a15irqmap; ++ vms->irqmap = a15irqmap; ++ + virt_flash_create(vms); + } + +-static void rhel830_virt_instance_init(Object *obj) ++static const TypeInfo rhel_machine_info = { ++ .name = TYPE_RHEL_MACHINE, ++ .parent = TYPE_MACHINE, ++ .abstract = true, ++ .instance_size = sizeof(VirtMachineState), ++ .class_size = sizeof(VirtMachineClass), ++ .class_init = rhel_machine_class_init, ++ .instance_init = rhel_virt_instance_init, ++ .interfaces = (InterfaceInfo[]) { ++ { TYPE_HOTPLUG_HANDLER }, ++ { } ++ }, ++}; ++ ++static void rhel_machine_init(void) + { +- rhel_virt_instance_init(obj); ++ type_register_static(&rhel_machine_info); + } ++type_init(rhel_machine_init); + + static void rhel830_virt_options(MachineClass *mc) + { +@@ -2901,16 +2900,10 @@ static void rhel830_virt_options(MachineClass *mc) + } + DEFINE_RHEL_MACHINE_AS_LATEST(8, 3, 0) + +-static void rhel820_virt_instance_init(Object *obj) +-{ +- rhel_virt_instance_init(obj); +-} +- + static void rhel820_virt_options(MachineClass *mc) + { + rhel830_virt_options(mc); +- compat_props_add(mc->compat_props, hw_compat_rhel_8_2, +- hw_compat_rhel_8_2_len); ++ compat_props_add(mc->compat_props, hw_compat_rhel_8_2, hw_compat_rhel_8_2_len); + mc->numa_mem_supported = true; + mc->auto_enable_numa_with_memdev = false; + } +-- +2.18.4 + diff --git a/0042-hw-arm-virt-Add-8.4-Machine-type.patch b/0042-hw-arm-virt-Add-8.4-Machine-type.patch new file mode 100644 index 0000000..89753c9 --- /dev/null +++ b/0042-hw-arm-virt-Add-8.4-Machine-type.patch @@ -0,0 +1,55 @@ +From 1bc68127d1531ed519cb839844febaecb2a3f6d0 Mon Sep 17 00:00:00 2001 +From: Andrew Jones +Date: Sat, 9 Jan 2021 22:19:28 -0500 +Subject: hw/arm/virt: Add 8.4 Machine type + +RH-Author: Andrew Jones +Message-id: <20210109221928.31407-3-drjones@redhat.com> +Patchwork-id: 100548 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH v2 2/2] hw/arm/virt: Add 8.4 Machine type +Bugzilla: 1895276 +RH-Acked-by: Gavin Shan +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Auger Eric +RH-Acked-by: Thomas Huth + +8.4 isn't much different than 8.3, except it adds the steal-time +feature and enables it by default. + +Signed-off-by: Andrew Jones +Signed-off-by: Danilo C. L. de Paula +--- + hw/arm/virt.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index 530072fce0..208c360342 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -2894,11 +2894,21 @@ static void rhel_machine_init(void) + } + type_init(rhel_machine_init); + +-static void rhel830_virt_options(MachineClass *mc) ++static void rhel840_virt_options(MachineClass *mc) + { + compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len); + } +-DEFINE_RHEL_MACHINE_AS_LATEST(8, 3, 0) ++DEFINE_RHEL_MACHINE_AS_LATEST(8, 4, 0) ++ ++static void rhel830_virt_options(MachineClass *mc) ++{ ++ VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc)); ++ ++ rhel840_virt_options(mc); ++ compat_props_add(mc->compat_props, hw_compat_rhel_8_3, hw_compat_rhel_8_3_len); ++ vmc->no_kvm_steal_time = true; ++} ++DEFINE_RHEL_MACHINE(8, 3, 0) + + static void rhel820_virt_options(MachineClass *mc) + { +-- +2.18.4 + diff --git a/0044-memory-Rename-memory_region_notify_one-to-memory_reg.patch b/0044-memory-Rename-memory_region_notify_one-to-memory_reg.patch new file mode 100644 index 0000000..419535a --- /dev/null +++ b/0044-memory-Rename-memory_region_notify_one-to-memory_reg.patch @@ -0,0 +1,146 @@ +From 256180b78107813b8e8c292bc799f5d7c7676cd2 Mon Sep 17 00:00:00 2001 +From: eperezma +Date: Mon, 11 Jan 2021 14:36:11 -0500 +Subject: memory: Rename memory_region_notify_one to + memory_region_notify_iommu_one +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: eperezma +Message-id: <20210111143615.303645-2-eperezma@redhat.com> +Patchwork-id: 100570 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/5] memory: Rename memory_region_notify_one to memory_region_notify_iommu_one +Bugzilla: 1845758 +RH-Acked-by: Xiao Wang +RH-Acked-by: David Hildenbrand +RH-Acked-by: Peter Xu + +Previous name didn't reflect the iommu operation. + +Signed-off-by: Eugenio Pérez +Reviewed-by: Peter Xu +Reviewed-by: David Gibson +Reviewed-by: Juan Quintela +Reviewed-by: Eric Auger +Acked-by: Jason Wang +Message-Id: <20201116165506.31315-2-eperezma@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 3b5ebf8532afdc1518bd8b0961ed802bc3f5f07c) +Signed-off-by: Eugenio Pérez +Signed-off-by: Danilo C. L. de Paula +--- + hw/arm/smmu-common.c | 2 +- + hw/arm/smmuv3.c | 2 +- + hw/i386/intel_iommu.c | 4 ++-- + include/exec/memory.h | 6 +++--- + softmmu/memory.c | 6 +++--- + 5 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c +index 3838db1395..88d2c454f0 100644 +--- a/hw/arm/smmu-common.c ++++ b/hw/arm/smmu-common.c +@@ -472,7 +472,7 @@ static void smmu_unmap_notifier_range(IOMMUNotifier *n) + entry.perm = IOMMU_NONE; + entry.addr_mask = n->end - n->start; + +- memory_region_notify_one(n, &entry); ++ memory_region_notify_iommu_one(n, &entry); + } + + /* Unmap all notifiers attached to @mr */ +diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c +index 22607c3784..273f5f7dce 100644 +--- a/hw/arm/smmuv3.c ++++ b/hw/arm/smmuv3.c +@@ -828,7 +828,7 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, + entry.addr_mask = num_pages * (1 << granule) - 1; + entry.perm = IOMMU_NONE; + +- memory_region_notify_one(n, &entry); ++ memory_region_notify_iommu_one(n, &entry); + } + + /* invalidate an asid/iova range tuple in all mr's */ +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index 70ac837733..067593b9e4 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -3497,7 +3497,7 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n) + /* This field is meaningless for unmap */ + entry.translated_addr = 0; + +- memory_region_notify_one(n, &entry); ++ memory_region_notify_iommu_one(n, &entry); + + start += mask; + remain -= mask; +@@ -3535,7 +3535,7 @@ static void vtd_address_space_refresh_all(IntelIOMMUState *s) + + static int vtd_replay_hook(IOMMUTLBEntry *entry, void *private) + { +- memory_region_notify_one((IOMMUNotifier *)private, entry); ++ memory_region_notify_iommu_one((IOMMUNotifier *)private, entry); + return 0; + } + +diff --git a/include/exec/memory.h b/include/exec/memory.h +index 0f3e6bcd5e..d8456ccf52 100644 +--- a/include/exec/memory.h ++++ b/include/exec/memory.h +@@ -236,7 +236,7 @@ enum IOMMUMemoryRegionAttr { + * The IOMMU implementation must use the IOMMU notifier infrastructure + * to report whenever mappings are changed, by calling + * memory_region_notify_iommu() (or, if necessary, by calling +- * memory_region_notify_one() for each registered notifier). ++ * memory_region_notify_iommu_one() for each registered notifier). + * + * Conceptually an IOMMU provides a mapping from input address + * to an output TLB entry. If the IOMMU is aware of memory transaction +@@ -1346,7 +1346,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + IOMMUTLBEntry entry); + + /** +- * memory_region_notify_one: notify a change in an IOMMU translation ++ * memory_region_notify_iommu_one: notify a change in an IOMMU translation + * entry to a single notifier + * + * This works just like memory_region_notify_iommu(), but it only +@@ -1357,7 +1357,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + * replaces all old entries for the same virtual I/O address range. + * Deleted entries have .@perm == 0. + */ +-void memory_region_notify_one(IOMMUNotifier *notifier, ++void memory_region_notify_iommu_one(IOMMUNotifier *notifier, + IOMMUTLBEntry *entry); + + /** +diff --git a/softmmu/memory.c b/softmmu/memory.c +index 11ca94d037..44de610c72 100644 +--- a/softmmu/memory.c ++++ b/softmmu/memory.c +@@ -1942,8 +1942,8 @@ void memory_region_unregister_iommu_notifier(MemoryRegion *mr, + memory_region_update_iommu_notify_flags(iommu_mr, NULL); + } + +-void memory_region_notify_one(IOMMUNotifier *notifier, +- IOMMUTLBEntry *entry) ++void memory_region_notify_iommu_one(IOMMUNotifier *notifier, ++ IOMMUTLBEntry *entry) + { + IOMMUNotifierFlag request_flags; + hwaddr entry_end = entry->iova + entry->addr_mask; +@@ -1979,7 +1979,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + + IOMMU_NOTIFIER_FOREACH(iommu_notifier, iommu_mr) { + if (iommu_notifier->iommu_idx == iommu_idx) { +- memory_region_notify_one(iommu_notifier, &entry); ++ memory_region_notify_iommu_one(iommu_notifier, &entry); + } + } + } +-- +2.18.4 + diff --git a/0045-memory-Add-IOMMUTLBEvent.patch b/0045-memory-Add-IOMMUTLBEvent.patch new file mode 100644 index 0000000..0cc568b --- /dev/null +++ b/0045-memory-Add-IOMMUTLBEvent.patch @@ -0,0 +1,647 @@ +From d282fdd88e60aa081365d8e0903ceb18743ccc9d Mon Sep 17 00:00:00 2001 +From: eperezma +Date: Mon, 11 Jan 2021 14:36:12 -0500 +Subject: memory: Add IOMMUTLBEvent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: eperezma +Message-id: <20210111143615.303645-3-eperezma@redhat.com> +Patchwork-id: 100568 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/5] memory: Add IOMMUTLBEvent +Bugzilla: 1845758 +RH-Acked-by: Xiao Wang +RH-Acked-by: David Hildenbrand +RH-Acked-by: Peter Xu + +This way we can tell between regular IOMMUTLBEntry (entry of IOMMU +hardware) and notifications. + +In the notifications, we set explicitly if it is a MAPs or an UNMAP, +instead of trusting in entry permissions to differentiate them. + +Signed-off-by: Eugenio Pérez +Reviewed-by: Peter Xu +Reviewed-by: Juan Quintela +Acked-by: Jason Wang +Message-Id: <20201116165506.31315-3-eperezma@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Matthew Rosato +Acked-by: David Gibson +(cherry picked from commit 5039caf3c449c49e625d34e134463260cf8e00e0) +Signed-off-by: Eugenio Pérez +Signed-off-by: Danilo C. L. de Paula +--- + hw/arm/smmu-common.c | 13 +++--- + hw/arm/smmuv3.c | 13 +++--- + hw/i386/intel_iommu.c | 88 ++++++++++++++++++++++------------------ + hw/misc/tz-mpc.c | 32 ++++++++------- + hw/ppc/spapr_iommu.c | 15 +++---- + hw/s390x/s390-pci-inst.c | 27 +++++++----- + hw/virtio/virtio-iommu.c | 30 +++++++------- + include/exec/memory.h | 27 ++++++------ + softmmu/memory.c | 20 ++++----- + 9 files changed, 143 insertions(+), 122 deletions(-) + +diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c +index 88d2c454f0..405d5c5325 100644 +--- a/hw/arm/smmu-common.c ++++ b/hw/arm/smmu-common.c +@@ -465,14 +465,15 @@ IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid) + /* Unmap the whole notifier's range */ + static void smmu_unmap_notifier_range(IOMMUNotifier *n) + { +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + +- entry.target_as = &address_space_memory; +- entry.iova = n->start; +- entry.perm = IOMMU_NONE; +- entry.addr_mask = n->end - n->start; ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.target_as = &address_space_memory; ++ event.entry.iova = n->start; ++ event.entry.perm = IOMMU_NONE; ++ event.entry.addr_mask = n->end - n->start; + +- memory_region_notify_iommu_one(n, &entry); ++ memory_region_notify_iommu_one(n, &event); + } + + /* Unmap all notifiers attached to @mr */ +diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c +index 273f5f7dce..bbca0e9f20 100644 +--- a/hw/arm/smmuv3.c ++++ b/hw/arm/smmuv3.c +@@ -800,7 +800,7 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, + uint8_t tg, uint64_t num_pages) + { + SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu); +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + uint8_t granule = tg; + + if (!tg) { +@@ -823,12 +823,13 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, + granule = tt->granule_sz; + } + +- entry.target_as = &address_space_memory; +- entry.iova = iova; +- entry.addr_mask = num_pages * (1 << granule) - 1; +- entry.perm = IOMMU_NONE; ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.target_as = &address_space_memory; ++ event.entry.iova = iova; ++ event.entry.addr_mask = num_pages * (1 << granule) - 1; ++ event.entry.perm = IOMMU_NONE; + +- memory_region_notify_iommu_one(n, &entry); ++ memory_region_notify_iommu_one(n, &event); + } + + /* invalidate an asid/iova range tuple in all mr's */ +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index 067593b9e4..56180b1c43 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -1073,7 +1073,7 @@ static int vtd_iova_to_slpte(IntelIOMMUState *s, VTDContextEntry *ce, + } + } + +-typedef int (*vtd_page_walk_hook)(IOMMUTLBEntry *entry, void *private); ++typedef int (*vtd_page_walk_hook)(IOMMUTLBEvent *event, void *private); + + /** + * Constant information used during page walking +@@ -1094,11 +1094,12 @@ typedef struct { + uint16_t domain_id; + } vtd_page_walk_info; + +-static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info) ++static int vtd_page_walk_one(IOMMUTLBEvent *event, vtd_page_walk_info *info) + { + VTDAddressSpace *as = info->as; + vtd_page_walk_hook hook_fn = info->hook_fn; + void *private = info->private; ++ IOMMUTLBEntry *entry = &event->entry; + DMAMap target = { + .iova = entry->iova, + .size = entry->addr_mask, +@@ -1107,7 +1108,7 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info) + }; + DMAMap *mapped = iova_tree_find(as->iova_tree, &target); + +- if (entry->perm == IOMMU_NONE && !info->notify_unmap) { ++ if (event->type == IOMMU_NOTIFIER_UNMAP && !info->notify_unmap) { + trace_vtd_page_walk_one_skip_unmap(entry->iova, entry->addr_mask); + return 0; + } +@@ -1115,7 +1116,7 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info) + assert(hook_fn); + + /* Update local IOVA mapped ranges */ +- if (entry->perm) { ++ if (event->type == IOMMU_NOTIFIER_MAP) { + if (mapped) { + /* If it's exactly the same translation, skip */ + if (!memcmp(mapped, &target, sizeof(target))) { +@@ -1141,19 +1142,21 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info) + int ret; + + /* Emulate an UNMAP */ ++ event->type = IOMMU_NOTIFIER_UNMAP; + entry->perm = IOMMU_NONE; + trace_vtd_page_walk_one(info->domain_id, + entry->iova, + entry->translated_addr, + entry->addr_mask, + entry->perm); +- ret = hook_fn(entry, private); ++ ret = hook_fn(event, private); + if (ret) { + return ret; + } + /* Drop any existing mapping */ + iova_tree_remove(as->iova_tree, &target); +- /* Recover the correct permission */ ++ /* Recover the correct type */ ++ event->type = IOMMU_NOTIFIER_MAP; + entry->perm = cache_perm; + } + } +@@ -1170,7 +1173,7 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info) + trace_vtd_page_walk_one(info->domain_id, entry->iova, + entry->translated_addr, entry->addr_mask, + entry->perm); +- return hook_fn(entry, private); ++ return hook_fn(event, private); + } + + /** +@@ -1191,7 +1194,7 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t start, + uint32_t offset; + uint64_t slpte; + uint64_t subpage_size, subpage_mask; +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + uint64_t iova = start; + uint64_t iova_next; + int ret = 0; +@@ -1245,13 +1248,15 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t start, + * + * In either case, we send an IOTLB notification down. + */ +- entry.target_as = &address_space_memory; +- entry.iova = iova & subpage_mask; +- entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur); +- entry.addr_mask = ~subpage_mask; ++ event.entry.target_as = &address_space_memory; ++ event.entry.iova = iova & subpage_mask; ++ event.entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur); ++ event.entry.addr_mask = ~subpage_mask; + /* NOTE: this is only meaningful if entry_valid == true */ +- entry.translated_addr = vtd_get_slpte_addr(slpte, info->aw); +- ret = vtd_page_walk_one(&entry, info); ++ event.entry.translated_addr = vtd_get_slpte_addr(slpte, info->aw); ++ event.type = event.entry.perm ? IOMMU_NOTIFIER_MAP : ++ IOMMU_NOTIFIER_UNMAP; ++ ret = vtd_page_walk_one(&event, info); + } + + if (ret < 0) { +@@ -1430,10 +1435,10 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, uint8_t bus_num, + return 0; + } + +-static int vtd_sync_shadow_page_hook(IOMMUTLBEntry *entry, ++static int vtd_sync_shadow_page_hook(IOMMUTLBEvent *event, + void *private) + { +- memory_region_notify_iommu((IOMMUMemoryRegion *)private, 0, *entry); ++ memory_region_notify_iommu(private, 0, *event); + return 0; + } + +@@ -1993,14 +1998,17 @@ static void vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s, + * page tables. We just deliver the PSI down to + * invalidate caches. + */ +- IOMMUTLBEntry entry = { +- .target_as = &address_space_memory, +- .iova = addr, +- .translated_addr = 0, +- .addr_mask = size - 1, +- .perm = IOMMU_NONE, ++ IOMMUTLBEvent event = { ++ .type = IOMMU_NOTIFIER_UNMAP, ++ .entry = { ++ .target_as = &address_space_memory, ++ .iova = addr, ++ .translated_addr = 0, ++ .addr_mask = size - 1, ++ .perm = IOMMU_NONE, ++ }, + }; +- memory_region_notify_iommu(&vtd_as->iommu, 0, entry); ++ memory_region_notify_iommu(&vtd_as->iommu, 0, event); + } + } + } +@@ -2412,7 +2420,7 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s, + VTDInvDesc *inv_desc) + { + VTDAddressSpace *vtd_dev_as; +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + struct VTDBus *vtd_bus; + hwaddr addr; + uint64_t sz; +@@ -2460,12 +2468,13 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s, + sz = VTD_PAGE_SIZE; + } + +- entry.target_as = &vtd_dev_as->as; +- entry.addr_mask = sz - 1; +- entry.iova = addr; +- entry.perm = IOMMU_NONE; +- entry.translated_addr = 0; +- memory_region_notify_iommu(&vtd_dev_as->iommu, 0, entry); ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.target_as = &vtd_dev_as->as; ++ event.entry.addr_mask = sz - 1; ++ event.entry.iova = addr; ++ event.entry.perm = IOMMU_NONE; ++ event.entry.translated_addr = 0; ++ memory_region_notify_iommu(&vtd_dev_as->iommu, 0, event); + + done: + return true; +@@ -3485,19 +3494,20 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n) + size = remain = end - start + 1; + + while (remain >= VTD_PAGE_SIZE) { +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + uint64_t mask = get_naturally_aligned_size(start, remain, s->aw_bits); + + assert(mask); + +- entry.iova = start; +- entry.addr_mask = mask - 1; +- entry.target_as = &address_space_memory; +- entry.perm = IOMMU_NONE; ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.iova = start; ++ event.entry.addr_mask = mask - 1; ++ event.entry.target_as = &address_space_memory; ++ event.entry.perm = IOMMU_NONE; + /* This field is meaningless for unmap */ +- entry.translated_addr = 0; ++ event.entry.translated_addr = 0; + +- memory_region_notify_iommu_one(n, &entry); ++ memory_region_notify_iommu_one(n, &event); + + start += mask; + remain -= mask; +@@ -3533,9 +3543,9 @@ static void vtd_address_space_refresh_all(IntelIOMMUState *s) + vtd_switch_address_space_all(s); + } + +-static int vtd_replay_hook(IOMMUTLBEntry *entry, void *private) ++static int vtd_replay_hook(IOMMUTLBEvent *event, void *private) + { +- memory_region_notify_iommu_one((IOMMUNotifier *)private, entry); ++ memory_region_notify_iommu_one(private, event); + return 0; + } + +diff --git a/hw/misc/tz-mpc.c b/hw/misc/tz-mpc.c +index 98f151237f..30481e1c90 100644 +--- a/hw/misc/tz-mpc.c ++++ b/hw/misc/tz-mpc.c +@@ -82,8 +82,10 @@ static void tz_mpc_iommu_notify(TZMPC *s, uint32_t lutidx, + /* Called when the LUT word at lutidx has changed from oldlut to newlut; + * must call the IOMMU notifiers for the changed blocks. + */ +- IOMMUTLBEntry entry = { +- .addr_mask = s->blocksize - 1, ++ IOMMUTLBEvent event = { ++ .entry = { ++ .addr_mask = s->blocksize - 1, ++ } + }; + hwaddr addr = lutidx * s->blocksize * 32; + int i; +@@ -100,26 +102,28 @@ static void tz_mpc_iommu_notify(TZMPC *s, uint32_t lutidx, + block_is_ns = newlut & (1 << i); + + trace_tz_mpc_iommu_notify(addr); +- entry.iova = addr; +- entry.translated_addr = addr; ++ event.entry.iova = addr; ++ event.entry.translated_addr = addr; + +- entry.perm = IOMMU_NONE; +- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, entry); +- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, entry); ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.perm = IOMMU_NONE; ++ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, event); ++ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, event); + +- entry.perm = IOMMU_RW; ++ event.type = IOMMU_NOTIFIER_MAP; ++ event.entry.perm = IOMMU_RW; + if (block_is_ns) { +- entry.target_as = &s->blocked_io_as; ++ event.entry.target_as = &s->blocked_io_as; + } else { +- entry.target_as = &s->downstream_as; ++ event.entry.target_as = &s->downstream_as; + } +- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, entry); ++ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, event); + if (block_is_ns) { +- entry.target_as = &s->downstream_as; ++ event.entry.target_as = &s->downstream_as; + } else { +- entry.target_as = &s->blocked_io_as; ++ event.entry.target_as = &s->blocked_io_as; + } +- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, entry); ++ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, event); + } + } + +diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c +index 0790239ba5..30352df00e 100644 +--- a/hw/ppc/spapr_iommu.c ++++ b/hw/ppc/spapr_iommu.c +@@ -445,7 +445,7 @@ static void spapr_tce_reset(DeviceState *dev) + static target_ulong put_tce_emu(SpaprTceTable *tcet, target_ulong ioba, + target_ulong tce) + { +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + hwaddr page_mask = IOMMU_PAGE_MASK(tcet->page_shift); + unsigned long index = (ioba - tcet->bus_offset) >> tcet->page_shift; + +@@ -457,12 +457,13 @@ static target_ulong put_tce_emu(SpaprTceTable *tcet, target_ulong ioba, + + tcet->table[index] = tce; + +- entry.target_as = &address_space_memory, +- entry.iova = (ioba - tcet->bus_offset) & page_mask; +- entry.translated_addr = tce & page_mask; +- entry.addr_mask = ~page_mask; +- entry.perm = spapr_tce_iommu_access_flags(tce); +- memory_region_notify_iommu(&tcet->iommu, 0, entry); ++ event.entry.target_as = &address_space_memory, ++ event.entry.iova = (ioba - tcet->bus_offset) & page_mask; ++ event.entry.translated_addr = tce & page_mask; ++ event.entry.addr_mask = ~page_mask; ++ event.entry.perm = spapr_tce_iommu_access_flags(tce); ++ event.type = event.entry.perm ? IOMMU_NOTIFIER_MAP : IOMMU_NOTIFIER_UNMAP; ++ memory_region_notify_iommu(&tcet->iommu, 0, event); + + return H_SUCCESS; + } +diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c +index 70bfd91bf7..d9e1e29f1e 100644 +--- a/hw/s390x/s390-pci-inst.c ++++ b/hw/s390x/s390-pci-inst.c +@@ -602,15 +602,18 @@ static uint32_t s390_pci_update_iotlb(S390PCIIOMMU *iommu, + S390IOTLBEntry *entry) + { + S390IOTLBEntry *cache = g_hash_table_lookup(iommu->iotlb, &entry->iova); +- IOMMUTLBEntry notify = { +- .target_as = &address_space_memory, +- .iova = entry->iova, +- .translated_addr = entry->translated_addr, +- .perm = entry->perm, +- .addr_mask = ~PAGE_MASK, ++ IOMMUTLBEvent event = { ++ .type = entry->perm ? IOMMU_NOTIFIER_MAP : IOMMU_NOTIFIER_UNMAP, ++ .entry = { ++ .target_as = &address_space_memory, ++ .iova = entry->iova, ++ .translated_addr = entry->translated_addr, ++ .perm = entry->perm, ++ .addr_mask = ~PAGE_MASK, ++ }, + }; + +- if (entry->perm == IOMMU_NONE) { ++ if (event.type == IOMMU_NOTIFIER_UNMAP) { + if (!cache) { + goto out; + } +@@ -623,9 +626,11 @@ static uint32_t s390_pci_update_iotlb(S390PCIIOMMU *iommu, + goto out; + } + +- notify.perm = IOMMU_NONE; +- memory_region_notify_iommu(&iommu->iommu_mr, 0, notify); +- notify.perm = entry->perm; ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.perm = IOMMU_NONE; ++ memory_region_notify_iommu(&iommu->iommu_mr, 0, event); ++ event.type = IOMMU_NOTIFIER_MAP; ++ event.entry.perm = entry->perm; + } + + cache = g_new(S390IOTLBEntry, 1); +@@ -637,7 +642,7 @@ static uint32_t s390_pci_update_iotlb(S390PCIIOMMU *iommu, + dec_dma_avail(iommu); + } + +- memory_region_notify_iommu(&iommu->iommu_mr, 0, notify); ++ memory_region_notify_iommu(&iommu->iommu_mr, 0, event); + + out: + return iommu->dma_limit ? iommu->dma_limit->avail : 1; +diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c +index fc5c75d693..cea8811295 100644 +--- a/hw/virtio/virtio-iommu.c ++++ b/hw/virtio/virtio-iommu.c +@@ -129,7 +129,7 @@ static void virtio_iommu_notify_map(IOMMUMemoryRegion *mr, hwaddr virt_start, + hwaddr virt_end, hwaddr paddr, + uint32_t flags) + { +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + IOMMUAccessFlags perm = IOMMU_ACCESS_FLAG(flags & VIRTIO_IOMMU_MAP_F_READ, + flags & VIRTIO_IOMMU_MAP_F_WRITE); + +@@ -141,19 +141,20 @@ static void virtio_iommu_notify_map(IOMMUMemoryRegion *mr, hwaddr virt_start, + trace_virtio_iommu_notify_map(mr->parent_obj.name, virt_start, virt_end, + paddr, perm); + +- entry.target_as = &address_space_memory; +- entry.addr_mask = virt_end - virt_start; +- entry.iova = virt_start; +- entry.perm = perm; +- entry.translated_addr = paddr; ++ event.type = IOMMU_NOTIFIER_MAP; ++ event.entry.target_as = &address_space_memory; ++ event.entry.addr_mask = virt_end - virt_start; ++ event.entry.iova = virt_start; ++ event.entry.perm = perm; ++ event.entry.translated_addr = paddr; + +- memory_region_notify_iommu(mr, 0, entry); ++ memory_region_notify_iommu(mr, 0, event); + } + + static void virtio_iommu_notify_unmap(IOMMUMemoryRegion *mr, hwaddr virt_start, + hwaddr virt_end) + { +- IOMMUTLBEntry entry; ++ IOMMUTLBEvent event; + + if (!(mr->iommu_notify_flags & IOMMU_NOTIFIER_UNMAP)) { + return; +@@ -161,13 +162,14 @@ static void virtio_iommu_notify_unmap(IOMMUMemoryRegion *mr, hwaddr virt_start, + + trace_virtio_iommu_notify_unmap(mr->parent_obj.name, virt_start, virt_end); + +- entry.target_as = &address_space_memory; +- entry.addr_mask = virt_end - virt_start; +- entry.iova = virt_start; +- entry.perm = IOMMU_NONE; +- entry.translated_addr = 0; ++ event.type = IOMMU_NOTIFIER_UNMAP; ++ event.entry.target_as = &address_space_memory; ++ event.entry.addr_mask = virt_end - virt_start; ++ event.entry.iova = virt_start; ++ event.entry.perm = IOMMU_NONE; ++ event.entry.translated_addr = 0; + +- memory_region_notify_iommu(mr, 0, entry); ++ memory_region_notify_iommu(mr, 0, event); + } + + static gboolean virtio_iommu_notify_unmap_cb(gpointer key, gpointer value, +diff --git a/include/exec/memory.h b/include/exec/memory.h +index d8456ccf52..e86b5e92da 100644 +--- a/include/exec/memory.h ++++ b/include/exec/memory.h +@@ -116,6 +116,11 @@ struct IOMMUNotifier { + }; + typedef struct IOMMUNotifier IOMMUNotifier; + ++typedef struct IOMMUTLBEvent { ++ IOMMUNotifierFlag type; ++ IOMMUTLBEntry entry; ++} IOMMUTLBEvent; ++ + /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */ + #define RAM_PREALLOC (1 << 0) + +@@ -1326,24 +1331,18 @@ uint64_t memory_region_iommu_get_min_page_size(IOMMUMemoryRegion *iommu_mr); + /** + * memory_region_notify_iommu: notify a change in an IOMMU translation entry. + * +- * The notification type will be decided by entry.perm bits: +- * +- * - For UNMAP (cache invalidation) notifies: set entry.perm to IOMMU_NONE. +- * - For MAP (newly added entry) notifies: set entry.perm to the +- * permission of the page (which is definitely !IOMMU_NONE). +- * + * Note: for any IOMMU implementation, an in-place mapping change + * should be notified with an UNMAP followed by a MAP. + * + * @iommu_mr: the memory region that was changed + * @iommu_idx: the IOMMU index for the translation table which has changed +- * @entry: the new entry in the IOMMU translation table. The entry +- * replaces all old entries for the same virtual I/O address range. +- * Deleted entries have .@perm == 0. ++ * @event: TLB event with the new entry in the IOMMU translation table. ++ * The entry replaces all old entries for the same virtual I/O address ++ * range. + */ + void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + int iommu_idx, +- IOMMUTLBEntry entry); ++ IOMMUTLBEvent event); + + /** + * memory_region_notify_iommu_one: notify a change in an IOMMU translation +@@ -1353,12 +1352,12 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + * notifies a specific notifier, not all of them. + * + * @notifier: the notifier to be notified +- * @entry: the new entry in the IOMMU translation table. The entry +- * replaces all old entries for the same virtual I/O address range. +- * Deleted entries have .@perm == 0. ++ * @event: TLB event with the new entry in the IOMMU translation table. ++ * The entry replaces all old entries for the same virtual I/O address ++ * range. + */ + void memory_region_notify_iommu_one(IOMMUNotifier *notifier, +- IOMMUTLBEntry *entry); ++ IOMMUTLBEvent *event); + + /** + * memory_region_register_iommu_notifier: register a notifier for changes to +diff --git a/softmmu/memory.c b/softmmu/memory.c +index 44de610c72..6ca87e8d73 100644 +--- a/softmmu/memory.c ++++ b/softmmu/memory.c +@@ -1943,11 +1943,15 @@ void memory_region_unregister_iommu_notifier(MemoryRegion *mr, + } + + void memory_region_notify_iommu_one(IOMMUNotifier *notifier, +- IOMMUTLBEntry *entry) ++ IOMMUTLBEvent *event) + { +- IOMMUNotifierFlag request_flags; ++ IOMMUTLBEntry *entry = &event->entry; + hwaddr entry_end = entry->iova + entry->addr_mask; + ++ if (event->type == IOMMU_NOTIFIER_UNMAP) { ++ assert(entry->perm == IOMMU_NONE); ++ } ++ + /* + * Skip the notification if the notification does not overlap + * with registered range. +@@ -1958,20 +1962,14 @@ void memory_region_notify_iommu_one(IOMMUNotifier *notifier, + + assert(entry->iova >= notifier->start && entry_end <= notifier->end); + +- if (entry->perm & IOMMU_RW) { +- request_flags = IOMMU_NOTIFIER_MAP; +- } else { +- request_flags = IOMMU_NOTIFIER_UNMAP; +- } +- +- if (notifier->notifier_flags & request_flags) { ++ if (event->type & notifier->notifier_flags) { + notifier->notify(notifier, entry); + } + } + + void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + int iommu_idx, +- IOMMUTLBEntry entry) ++ IOMMUTLBEvent event) + { + IOMMUNotifier *iommu_notifier; + +@@ -1979,7 +1977,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr, + + IOMMU_NOTIFIER_FOREACH(iommu_notifier, iommu_mr) { + if (iommu_notifier->iommu_idx == iommu_idx) { +- memory_region_notify_iommu_one(iommu_notifier, &entry); ++ memory_region_notify_iommu_one(iommu_notifier, &event); + } + } + } +-- +2.18.4 + diff --git a/0046-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch b/0046-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch new file mode 100644 index 0000000..6201e2f --- /dev/null +++ b/0046-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch @@ -0,0 +1,88 @@ +From 6eb76ae169aaf695a5fb6ef052859828e3ea91bc Mon Sep 17 00:00:00 2001 +From: eperezma +Date: Mon, 11 Jan 2021 14:36:13 -0500 +Subject: memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: eperezma +Message-id: <20210111143615.303645-4-eperezma@redhat.com> +Patchwork-id: 100571 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 3/5] memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType +Bugzilla: 1845758 +RH-Acked-by: Xiao Wang +RH-Acked-by: David Hildenbrand +RH-Acked-by: Peter Xu + +This allows us to differentiate between regular IOMMU map/unmap events +and DEVIOTLB unmap. Doing so, notifiers that only need device IOTLB +invalidations will not receive regular IOMMU unmappings. + +Adapt intel and vhost to use it. + +Signed-off-by: Eugenio Pérez +Reviewed-by: Peter Xu +Reviewed-by: Juan Quintela +Acked-by: Jason Wang +Message-Id: <20201116165506.31315-4-eperezma@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit b68ba1ca57677acf870d5ab10579e6105c1f5338) +Signed-off-by: Eugenio Pérez +Signed-off-by: Danilo C. L. de Paula +--- + hw/i386/intel_iommu.c | 2 +- + hw/virtio/vhost.c | 2 +- + include/exec/memory.h | 7 ++++++- + 3 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index 56180b1c43..edc3090f91 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -2468,7 +2468,7 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s, + sz = VTD_PAGE_SIZE; + } + +- event.type = IOMMU_NOTIFIER_UNMAP; ++ event.type = IOMMU_NOTIFIER_DEVIOTLB_UNMAP; + event.entry.target_as = &vtd_dev_as->as; + event.entry.addr_mask = sz - 1; + event.entry.iova = addr; +diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c +index 614ccc2bcb..28c7d78172 100644 +--- a/hw/virtio/vhost.c ++++ b/hw/virtio/vhost.c +@@ -718,7 +718,7 @@ static void vhost_iommu_region_add(MemoryListener *listener, + iommu_idx = memory_region_iommu_attrs_to_index(iommu_mr, + MEMTXATTRS_UNSPECIFIED); + iommu_notifier_init(&iommu->n, vhost_iommu_unmap_notify, +- IOMMU_NOTIFIER_UNMAP, ++ IOMMU_NOTIFIER_DEVIOTLB_UNMAP, + section->offset_within_region, + int128_get64(end), + iommu_idx); +diff --git a/include/exec/memory.h b/include/exec/memory.h +index e86b5e92da..521d9901d7 100644 +--- a/include/exec/memory.h ++++ b/include/exec/memory.h +@@ -97,9 +97,14 @@ typedef enum { + IOMMU_NOTIFIER_UNMAP = 0x1, + /* Notify entry changes (newly created entries) */ + IOMMU_NOTIFIER_MAP = 0x2, ++ /* Notify changes on device IOTLB entries */ ++ IOMMU_NOTIFIER_DEVIOTLB_UNMAP = 0x04, + } IOMMUNotifierFlag; + +-#define IOMMU_NOTIFIER_ALL (IOMMU_NOTIFIER_MAP | IOMMU_NOTIFIER_UNMAP) ++#define IOMMU_NOTIFIER_IOTLB_EVENTS (IOMMU_NOTIFIER_MAP | IOMMU_NOTIFIER_UNMAP) ++#define IOMMU_NOTIFIER_DEVIOTLB_EVENTS IOMMU_NOTIFIER_DEVIOTLB_UNMAP ++#define IOMMU_NOTIFIER_ALL (IOMMU_NOTIFIER_IOTLB_EVENTS | \ ++ IOMMU_NOTIFIER_DEVIOTLB_EVENTS) + + struct IOMMUNotifier; + typedef void (*IOMMUNotify)(struct IOMMUNotifier *notifier, +-- +2.18.4 + diff --git a/0047-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch b/0047-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch new file mode 100644 index 0000000..e5fd578 --- /dev/null +++ b/0047-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch @@ -0,0 +1,57 @@ +From add80ba59a85aca4c5e2619dee95557d2ec14169 Mon Sep 17 00:00:00 2001 +From: eperezma +Date: Mon, 11 Jan 2021 14:36:14 -0500 +Subject: intel_iommu: Skip page walking on device iotlb invalidations +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: eperezma +Message-id: <20210111143615.303645-5-eperezma@redhat.com> +Patchwork-id: 100572 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 4/5] intel_iommu: Skip page walking on device iotlb invalidations +Bugzilla: 1845758 +RH-Acked-by: Xiao Wang +RH-Acked-by: David Hildenbrand +RH-Acked-by: Peter Xu + +Although they didn't reach the notifier because of the filtering in +memory_region_notify_iommu_one, the vt-d was still splitting huge +memory invalidations in chunks. Skipping it. + +This improves performance in case of netperf with vhost-net: +* TCP_STREAM: From 1923.6Mbit/s to 2175.13Mbit/s (13%) +* TCP_RR: From 8464.73 trans/s to 8932.703333 trans/s (5.5%) +* UDP_RR: From 8562.08 trans/s to 9005.62/s (5.1%) +* UDP_STREAM: No change observed (insignificant 0.1% improvement) + +Signed-off-by: Eugenio Pérez +Acked-by: Jason Wang +Message-Id: <20201116165506.31315-5-eperezma@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit f7701e2c7983b680790af47117577b285b6a1aed) +Signed-off-by: Eugenio Pérez +Signed-off-by: Danilo C. L. de Paula +--- + hw/i386/intel_iommu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index edc3090f91..0cc71e4057 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -1478,6 +1478,10 @@ static int vtd_sync_shadow_page_table(VTDAddressSpace *vtd_as) + VTDContextEntry ce; + IOMMUNotifier *n; + ++ if (!(vtd_as->iommu.iommu_notify_flags & IOMMU_NOTIFIER_IOTLB_EVENTS)) { ++ return 0; ++ } ++ + ret = vtd_dev_to_context_entry(vtd_as->iommu_state, + pci_bus_num(vtd_as->bus), + vtd_as->devfn, &ce); +-- +2.18.4 + diff --git a/0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch b/0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch new file mode 100644 index 0000000..25fb623 --- /dev/null +++ b/0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch @@ -0,0 +1,69 @@ +From ce5295813c0f1c94964cbd126f37a3202c360b92 Mon Sep 17 00:00:00 2001 +From: eperezma +Date: Mon, 11 Jan 2021 14:36:15 -0500 +Subject: memory: Skip bad range assertion if notifier is DEVIOTLB_UNMAP type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: eperezma +Message-id: <20210111143615.303645-6-eperezma@redhat.com> +Patchwork-id: 100573 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 5/5] memory: Skip bad range assertion if notifier is DEVIOTLB_UNMAP type +Bugzilla: 1845758 +RH-Acked-by: Xiao Wang +RH-Acked-by: David Hildenbrand +RH-Acked-by: Peter Xu + +Device IOTLB invalidations can unmap arbitrary ranges, eiter outside of +the memory region or even [0, ~0ULL] for all the space. The assertion +could be hit by a guest, and rhel7 guest effectively hit it. + +Signed-off-by: Eugenio Pérez +Reviewed-by: Peter Xu +Reviewed-by: Juan Quintela +Acked-by: Jason Wang +Message-Id: <20201116165506.31315-6-eperezma@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 1804857f19f612f6907832e35599cdb51d4ec764) +Signed-off-by: Eugenio Pérez +Signed-off-by: Danilo C. L. de Paula +--- + softmmu/memory.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/softmmu/memory.c b/softmmu/memory.c +index 6ca87e8d73..22bacbbc78 100644 +--- a/softmmu/memory.c ++++ b/softmmu/memory.c +@@ -1947,6 +1947,7 @@ void memory_region_notify_iommu_one(IOMMUNotifier *notifier, + { + IOMMUTLBEntry *entry = &event->entry; + hwaddr entry_end = entry->iova + entry->addr_mask; ++ IOMMUTLBEntry tmp = *entry; + + if (event->type == IOMMU_NOTIFIER_UNMAP) { + assert(entry->perm == IOMMU_NONE); +@@ -1960,10 +1961,16 @@ void memory_region_notify_iommu_one(IOMMUNotifier *notifier, + return; + } + +- assert(entry->iova >= notifier->start && entry_end <= notifier->end); ++ if (notifier->notifier_flags & IOMMU_NOTIFIER_DEVIOTLB_UNMAP) { ++ /* Crop (iova, addr_mask) to range */ ++ tmp.iova = MAX(tmp.iova, notifier->start); ++ tmp.addr_mask = MIN(entry_end, notifier->end) - tmp.iova; ++ } else { ++ assert(entry->iova >= notifier->start && entry_end <= notifier->end); ++ } + + if (event->type & notifier->notifier_flags) { +- notifier->notify(notifier, entry); ++ notifier->notify(notifier, &tmp); + } + } + +-- +2.18.4 + diff --git a/0049-RHEL-Switch-pvpanic-test-to-q35.patch b/0049-RHEL-Switch-pvpanic-test-to-q35.patch new file mode 100644 index 0000000..7b6f4bf --- /dev/null +++ b/0049-RHEL-Switch-pvpanic-test-to-q35.patch @@ -0,0 +1,47 @@ +From c489d2cd175e879071a3c5504a17d7f656dd7b06 Mon Sep 17 00:00:00 2001 +From: "Dr. David Alan Gilbert" +Date: Tue, 8 Dec 2020 16:27:15 -0500 +Subject: RHEL: Switch pvpanic test to q35 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Dr. David Alan Gilbert +Message-id: <20201208162716.30836-3-dgilbert@redhat.com> +Patchwork-id: 100360 +O-Subject: [RHEL-av-8.4.0 qemu-kvm PATCH v2 2/3] RHEL: Switch pvpanic test to q35 +Bugzilla: 1885555 +RH-Acked-by: Thomas Huth +RH-Acked-by: Juan Quintela +RH-Acked-by: Philippe Mathieu-Daudé + +From: "Dr. David Alan Gilbert" + +Since b1b0393c3c5 the pvpanic test checks for a different +result (3) expecting it to get that on new machine types. +But, downstream, our 'pc' machine type is old, so switch the +test to q35, so it gets the new behaviour it's expecting. + +Signed-off-by: Dr. David Alan Gilbert +Signed-off-by: Danilo C. L. de Paula +--- + tests/qtest/pvpanic-test.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/qtest/pvpanic-test.c b/tests/qtest/pvpanic-test.c +index 016b32ebee..f0a7282b47 100644 +--- a/tests/qtest/pvpanic-test.c ++++ b/tests/qtest/pvpanic-test.c +@@ -17,7 +17,8 @@ static void test_panic(void) + QDict *response, *data; + QTestState *qts; + +- qts = qtest_init("-device pvpanic"); ++ /* RHEL: Use q35 */ ++ qts = qtest_init("-M q35 -device pvpanic"); + + val = qtest_inb(qts, 0x505); + g_assert_cmpuint(val, ==, 3); +-- +2.18.4 + diff --git a/0050-8.4-x86-machine-type.patch b/0050-8.4-x86-machine-type.patch new file mode 100644 index 0000000..70d0554 --- /dev/null +++ b/0050-8.4-x86-machine-type.patch @@ -0,0 +1,144 @@ +From cb95a2dd9f549a4b7fcfac97b9a83c46a232d41e Mon Sep 17 00:00:00 2001 +From: "Dr. David Alan Gilbert" +Date: Tue, 8 Dec 2020 16:27:16 -0500 +Subject: 8.4 x86 machine type + +RH-Author: Dr. David Alan Gilbert +Message-id: <20201208162716.30836-4-dgilbert@redhat.com> +Patchwork-id: 100362 +O-Subject: [RHEL-av-8.4.0 qemu-kvm PATCH v2 3/3] 8.4 x86 machine type +Bugzilla: 1885555 +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Igor Mammedov +RH-Acked-by: Juan Quintela + +From: "Dr. David Alan Gilbert" + +Add pc-q35-rhel8.4.0 and fix all the compatiiblity glue up. + +Note the moving of x-smi-cpu-hotplug follows bz 1846886 comment 18 +part 2. + +Signed-off-by: Dr. David Alan Gilbert +Signed-off-by: Danilo C. L. de Paula +--- + hw/i386/pc.c | 8 ++++++-- + hw/i386/pc_piix.c | 5 +++++ + hw/i386/pc_q35.c | 30 +++++++++++++++++++++++++++--- + include/hw/i386/pc.h | 3 +++ + 4 files changed, 41 insertions(+), 5 deletions(-) + +diff --git a/hw/i386/pc.c b/hw/i386/pc.c +index f3fc695fe2..d5ea5b634c 100644 +--- a/hw/i386/pc.c ++++ b/hw/i386/pc.c +@@ -363,11 +363,15 @@ GlobalProperty pc_rhel_compat[] = { + { TYPE_X86_CPU, "vmx-exit-load-perf-global-ctrl", "off" }, + /* bz 1508330 */ + { "vfio-pci", "x-no-geforce-quirks", "on" }, +- /* BZ 1846886 */ +- { "ICH9-LPC", "x-smi-cpu-hotplug", "off" }, + }; + const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat); + ++GlobalProperty pc_rhel_8_3_compat[] = { ++ /* pc_rhel_8_3_compat from pc_compat_5_1 */ ++ { "ICH9-LPC", "x-smi-cpu-hotplug", "off" }, ++}; ++const size_t pc_rhel_8_3_compat_len = G_N_ELEMENTS(pc_rhel_8_3_compat); ++ + GlobalProperty pc_rhel_8_2_compat[] = { + /* pc_rhel_8_2_compat from pc_compat_4_2 */ + { "mch", "smbase-smram", "off" }, +diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c +index 815da79108..1b1cc18ae0 100644 +--- a/hw/i386/pc_piix.c ++++ b/hw/i386/pc_piix.c +@@ -1045,6 +1045,11 @@ static void pc_machine_rhel760_options(MachineClass *m) + m->smbus_no_migration_support = true; + pcmc->pvh_enabled = false; + pcmc->default_cpu_version = CPU_VERSION_LEGACY; ++ pcmc->kvmclock_create_always = false; ++ compat_props_add(m->compat_props, hw_compat_rhel_8_3, ++ hw_compat_rhel_8_3_len); ++ compat_props_add(m->compat_props, pc_rhel_8_3_compat, ++ pc_rhel_8_3_compat_len); + compat_props_add(m->compat_props, hw_compat_rhel_8_2, + hw_compat_rhel_8_2_len); + compat_props_add(m->compat_props, pc_rhel_8_2_compat, +diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c +index 3340008c00..5acb47afcf 100644 +--- a/hw/i386/pc_q35.c ++++ b/hw/i386/pc_q35.c +@@ -593,6 +593,24 @@ static void pc_q35_machine_rhel_options(MachineClass *m) + compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len); + } + ++static void pc_q35_init_rhel840(MachineState *machine) ++{ ++ pc_q35_init(machine); ++} ++ ++static void pc_q35_machine_rhel840_options(MachineClass *m) ++{ ++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m); ++ pc_q35_machine_rhel_options(m); ++ m->desc = "RHEL-8.4.0 PC (Q35 + ICH9, 2009)"; ++ pcmc->smbios_stream_product = "RHEL-AV"; ++ pcmc->smbios_stream_version = "8.4.0"; ++} ++ ++DEFINE_PC_MACHINE(q35_rhel840, "pc-q35-rhel8.4.0", pc_q35_init_rhel840, ++ pc_q35_machine_rhel840_options); ++ ++ + static void pc_q35_init_rhel830(MachineState *machine) + { + pc_q35_init(machine); +@@ -601,10 +619,17 @@ static void pc_q35_init_rhel830(MachineState *machine) + static void pc_q35_machine_rhel830_options(MachineClass *m) + { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); +- pc_q35_machine_rhel_options(m); ++ pc_q35_machine_rhel840_options(m); + m->desc = "RHEL-8.3.0 PC (Q35 + ICH9, 2009)"; ++ m->alias = NULL; + pcmc->smbios_stream_product = "RHEL-AV"; + pcmc->smbios_stream_version = "8.3.0"; ++ compat_props_add(m->compat_props, hw_compat_rhel_8_3, ++ hw_compat_rhel_8_3_len); ++ compat_props_add(m->compat_props, pc_rhel_8_3_compat, ++ pc_rhel_8_3_compat_len); ++ /* From pc_q35_5_1_machine_options() */ ++ pcmc->kvmclock_create_always = false; + } + + DEFINE_PC_MACHINE(q35_rhel830, "pc-q35-rhel8.3.0", pc_q35_init_rhel830, +@@ -618,9 +643,8 @@ static void pc_q35_init_rhel820(MachineState *machine) + static void pc_q35_machine_rhel820_options(MachineClass *m) + { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); +- pc_q35_machine_rhel_options(m); ++ pc_q35_machine_rhel830_options(m); + m->desc = "RHEL-8.2.0 PC (Q35 + ICH9, 2009)"; +- m->alias = NULL; + m->numa_mem_supported = true; + m->auto_enable_numa_with_memdev = false; + pcmc->smbios_stream_product = "RHEL-AV"; +diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h +index e2ba9a4b58..68091bea98 100644 +--- a/include/hw/i386/pc.h ++++ b/include/hw/i386/pc.h +@@ -272,6 +272,9 @@ extern const size_t pc_compat_1_4_len; + extern GlobalProperty pc_rhel_compat[]; + extern const size_t pc_rhel_compat_len; + ++extern GlobalProperty pc_rhel_8_3_compat[]; ++extern const size_t pc_rhel_8_3_compat_len; ++ + extern GlobalProperty pc_rhel_8_2_compat[]; + extern const size_t pc_rhel_8_2_compat_len; + +-- +2.18.4 + diff --git a/0051-memory-clamp-cached-translation-in-case-it-points-to.patch b/0051-memory-clamp-cached-translation-in-case-it-points-to.patch new file mode 100644 index 0000000..7700dcf --- /dev/null +++ b/0051-memory-clamp-cached-translation-in-case-it-points-to.patch @@ -0,0 +1,153 @@ +From cf7723d08da5b371ef8b89a6e4edfaa21f88f03f Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Tue, 12 Jan 2021 21:01:25 -0500 +Subject: memory: clamp cached translation in case it points to an MMIO region + +RH-Author: Jon Maloy +Message-id: <20210112210125.851866-2-jmaloy@redhat.com> +Patchwork-id: 100614 +O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] memory: clamp cached translation in case it points to an MMIO region +Bugzilla: 1904392 +RH-Acked-by: Danilo de Paula +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Thomas Huth + +From: Paolo Bonzini + +In using the address_space_translate_internal API, address_space_cache_init +forgot one piece of advice that can be found in the code for +address_space_translate_internal: + + /* MMIO registers can be expected to perform full-width accesses based only + * on their address, without considering adjacent registers that could + * decode to completely different MemoryRegions. When such registers + * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO + * regions overlap wildly. For this reason we cannot clamp the accesses + * here. + * + * If the length is small (as is the case for address_space_ldl/stl), + * everything works fine. If the incoming length is large, however, + * the caller really has to do the clamping through memory_access_size. + */ + +address_space_cache_init is exactly one such case where "the incoming length +is large", therefore we need to clamp the resulting length---not to +memory_access_size though, since we are not doing an access yet, but to +the size of the resulting section. This ensures that subsequent accesses +to the cached MemoryRegionSection will be in range. + +With this patch, the enclosed testcase notices that the used ring does +not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" +error. + +Signed-off-by: Paolo Bonzini + +(cherry picked from 4bfb024bc76973d40a359476dc0291f46e435442) +Signed-off-by: Jon Maloy +Signed-off-by: Danilo C. L. de Paula +--- + softmmu/physmem.c | 10 ++++++++ + tests/qtest/fuzz-test.c | 52 ++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 61 insertions(+), 1 deletion(-) + +diff --git a/softmmu/physmem.c b/softmmu/physmem.c +index 3027747c03..fb3f276844 100644 +--- a/softmmu/physmem.c ++++ b/softmmu/physmem.c +@@ -3255,6 +3255,7 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, + AddressSpaceDispatch *d; + hwaddr l; + MemoryRegion *mr; ++ Int128 diff; + + assert(len > 0); + +@@ -3263,6 +3264,15 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, + d = flatview_to_dispatch(cache->fv); + cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true); + ++ /* ++ * cache->xlat is now relative to cache->mrs.mr, not to the section itself. ++ * Take that into account to compute how many bytes are there between ++ * cache->xlat and the end of the section. ++ */ ++ diff = int128_sub(cache->mrs.size, ++ int128_make64(cache->xlat - cache->mrs.offset_within_region)); ++ l = int128_get64(int128_min(diff, int128_make64(l))); ++ + mr = cache->mrs.mr; + memory_region_ref(mr); + if (memory_access_is_direct(mr, is_write)) { +diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c +index 2692d556d9..99d1a3ee12 100644 +--- a/tests/qtest/fuzz-test.c ++++ b/tests/qtest/fuzz-test.c +@@ -73,6 +73,55 @@ static void test_lp1879531_eth_get_rss_ex_dst_addr(void) + qtest_quit(s); + } + ++ /* ++ * Here a MemoryRegionCache pointed to an MMIO region but had a ++ * larger size than the underlying region. ++ */ ++static void test_mmio_oob_from_memory_region_cache(void) ++{ ++ QTestState *s; ++ ++ s = qtest_init("-M pc-q35-5.2 -display none -m 512M " ++ "-device virtio-scsi,num_queues=8,addr=03.0 "); ++ ++ qtest_outl(s, 0xcf8, 0x80001811); ++ qtest_outb(s, 0xcfc, 0x6e); ++ qtest_outl(s, 0xcf8, 0x80001824); ++ qtest_outl(s, 0xcf8, 0x80001813); ++ qtest_outl(s, 0xcfc, 0xa080000); ++ qtest_outl(s, 0xcf8, 0x80001802); ++ qtest_outl(s, 0xcfc, 0x5a175a63); ++ qtest_outb(s, 0x6e08, 0x9e); ++ qtest_writeb(s, 0x9f003, 0xff); ++ qtest_writeb(s, 0x9f004, 0x01); ++ qtest_writeb(s, 0x9e012, 0x0e); ++ qtest_writeb(s, 0x9e01b, 0x0e); ++ qtest_writeb(s, 0x9f006, 0x01); ++ qtest_writeb(s, 0x9f008, 0x01); ++ qtest_writeb(s, 0x9f00a, 0x01); ++ qtest_writeb(s, 0x9f00c, 0x01); ++ qtest_writeb(s, 0x9f00e, 0x01); ++ qtest_writeb(s, 0x9f010, 0x01); ++ qtest_writeb(s, 0x9f012, 0x01); ++ qtest_writeb(s, 0x9f014, 0x01); ++ qtest_writeb(s, 0x9f016, 0x01); ++ qtest_writeb(s, 0x9f018, 0x01); ++ qtest_writeb(s, 0x9f01a, 0x01); ++ qtest_writeb(s, 0x9f01c, 0x01); ++ qtest_writeb(s, 0x9f01e, 0x01); ++ qtest_writeb(s, 0x9f020, 0x01); ++ qtest_writeb(s, 0x9f022, 0x01); ++ qtest_writeb(s, 0x9f024, 0x01); ++ qtest_writeb(s, 0x9f026, 0x01); ++ qtest_writeb(s, 0x9f028, 0x01); ++ qtest_writeb(s, 0x9f02a, 0x01); ++ qtest_writeb(s, 0x9f02c, 0x01); ++ qtest_writeb(s, 0x9f02e, 0x01); ++ qtest_writeb(s, 0x9f030, 0x01); ++ qtest_outb(s, 0x6e10, 0x00); ++ qtest_quit(s); ++} ++ + int main(int argc, char **argv) + { + const char *arch = qtest_get_arch(); +@@ -86,7 +135,8 @@ int main(int argc, char **argv) + test_lp1878642_pci_bus_get_irq_level_assert); + qtest_add_func("fuzz/test_lp1879531_eth_get_rss_ex_dst_addr", + test_lp1879531_eth_get_rss_ex_dst_addr); +- ++ qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", ++ test_mmio_oob_from_memory_region_cache); + } + + return g_test_run(); +-- +2.18.4 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 9c7c40a..39fd078 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -64,7 +64,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release} Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 5.2.0 -Release: 2.1%{?dist} +Release: 3%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -129,11 +129,26 @@ Patch0031: 0031-s390x-Use-strpadcpy-for-copying-vm-name.patch Patch0032: 0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch Patch0033: 0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch Patch0034: 0034-net-eth-Fix-stack-buffer-overflow-in.patch +Patch0035: 0035-block-nvme-Implement-fake-truncate-coroutine.patch +Patch0037: 0037-build-system-use-b_staticpic-false.patch +Patch0038: 0038-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch +Patch0039: 0039-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch +Patch0040: 0040-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch +Patch0041: 0041-AArch64-machine-types-cleanup.patch +Patch0042: 0042-hw-arm-virt-Add-8.4-Machine-type.patch +Patch0044: 0044-memory-Rename-memory_region_notify_one-to-memory_reg.patch +Patch0045: 0045-memory-Add-IOMMUTLBEvent.patch +Patch0046: 0046-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch +Patch0047: 0047-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch +Patch0048: 0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch +Patch0049: 0049-RHEL-Switch-pvpanic-test-to-q35.patch +Patch0050: 0050-8.4-x86-machine-type.patch +Patch0051: 0051-memory-clamp-cached-translation-in-case-it-points-to.patch BuildRequires: wget BuildRequires: rpm-build BuildRequires: ninja-build -BuildRequires: meson +BuildRequires: meson >= 0.55.3-3 BuildRequires: zlib-devel BuildRequires: glib2-devel BuildRequires: which @@ -580,7 +595,7 @@ pushd %{qemu_kvm_build} --with-pkgversion="%{name}-%{version}-%{release}" \ --with-suffix="%{name}" \ --firmwarepath=%{_prefix}/share/qemu-firmware \ - --python=%{__python3} \ + --meson="%{__meson}" \ --target-list="%{buildarch}" \ --block-drv-rw-whitelist=%{block_drivers_list} \ --audio-drv-list= \ @@ -711,7 +726,7 @@ find ../default-configs -name "*-rh-devices.mak" \ --with-pkgversion="%{name}-%{version}-%{release}" \ --with-suffix="%{name}" \ --firmwarepath=%{_prefix}/share/qemu-firmware \ - --python=%{__python3} \ + --meson="%{__meson}" \ --target-list="%{buildarch}" \ --block-drv-rw-whitelist=%{block_drivers_list} \ --audio-drv-list= \ @@ -1309,6 +1324,45 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %changelog +* Mon Jan 18 2021 Danilo Cesar Lemes de Paula - 5.2.0-3.el8 +- kvm-block-nvme-Implement-fake-truncate-coroutine.patch [bz#1848834] +- kvm-spec-find-system-python-via-meson.patch [bz#1899619] +- kvm-build-system-use-b_staticpic-false.patch [bz#1899619] +- kvm-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch [bz#1908693] +- kvm-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch [bz#1912846] +- kvm-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch [bz#1755075] +- kvm-AArch64-machine-types-cleanup.patch [bz#1895276] +- kvm-hw-arm-virt-Add-8.4-Machine-type.patch [bz#1895276] +- kvm-udev-kvm-check-remove-the-exceeded-subscription-limi.patch [bz#1914463] +- kvm-memory-Rename-memory_region_notify_one-to-memory_reg.patch [bz#1845758] +- kvm-memory-Add-IOMMUTLBEvent.patch [bz#1845758] +- kvm-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch [bz#1845758] +- kvm-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch [bz#1845758] +- kvm-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch [bz#1845758] +- kvm-RHEL-Switch-pvpanic-test-to-q35.patch [bz#1885555] +- kvm-8.4-x86-machine-type.patch [bz#1885555] +- kvm-memory-clamp-cached-translation-in-case-it-points-to.patch [bz#1904392] +- Resolves: bz#1848834 + (Failed to create luks format image on NVMe device) +- Resolves: bz#1899619 + (QEMU 5.2 is built with PIC objects instead of PIE) +- Resolves: bz#1908693 + ([ppc64le]boot up a guest with 128 numa nodes ,qemu got coredump) +- Resolves: bz#1912846 + (qemu-kvm: Failed to load xhci:parent_obj during migration) +- Resolves: bz#1755075 + ([qemu-guest-agent] fsinfo doesn't return disk info on s390x) +- Resolves: bz#1895276 + (Machine types update for aarch64 for QEMU 5.2.0) +- Resolves: bz#1914463 + (Remove KVM guest count and limit info message) +- Resolves: bz#1845758 + (qemu core dumped: qemu-kvm: /builddir/build/BUILD/qemu-4.2.0/memory.c:1928: memory_region_notify_one: Assertion `entry->iova >= notifier->start && entry_end <= notifier->end' failed.) +- Resolves: bz#1885555 + (8.4 machine types for x86) +- Resolves: bz#1904392 + (CVE-2020-27821 virt:8.4/qemu-kvm: QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c [rhel-av-8]) + * Tue Dec 15 2020 Danilo Cesar Lemes de Paula - 5.2.0-2.el8 - kvm-redhat-Define-hw_compat_8_3.patch [bz#1893935] - kvm-redhat-Add-spapr_machine_rhel_default_class_options.patch [bz#1893935] diff --git a/udev-kvm-check.c b/udev-kvm-check.c index cb0ecba..928b9de 100644 --- a/udev-kvm-check.c +++ b/udev-kvm-check.c @@ -32,14 +32,6 @@ #define COUNT_MSG \ "%d %s now active" -#define SUBSCRIPTION_MSG \ - "%d %s now active; your Red Hat Enterprise Linux subscription" \ - " limit is %d guests. Please review your Red Hat Enterprise Linux" \ - " subscription agreement or contact your Red Hat" \ - " support representative for more information. You" \ - " may review the Red Hat Enterprise subscription" \ - " limits at http://www.redhat.com/rhel-virt-limits" - int get_threshold_from_file(FILE *fp) { static const char key[] = "THRESHOLD="; @@ -139,13 +131,6 @@ void emit_count_message(int count) closelog(); } -void emit_subscription_message(int count, int threshold) -{ - openlog(FACILITY, LOG_CONS, LOG_USER); - syslog(LOG_WARNING, SUBSCRIPTION_MSG, count, guest(count), threshold); - closelog(); -} - int main(int argc, char **argv) { int count, threshold; @@ -157,10 +142,8 @@ int main(int argc, char **argv) threshold = get_threshold(); if (!strcmp(argv[2], "create")) { - if (threshold == 0) { + if (threshold == 0 || count > threshold) { emit_count_message(count); - } else if (count > threshold) { - emit_subscription_message(count, threshold); } } else { if (count >= threshold) {