rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Synchronization with qemu-kvm-5.2.0-3.el8

Browse Source
This commit is contained in:
Miroslav Rezanina 2021-01-21 12:44:09 +01:00
parent 6c1454d3d0
commit b5941f2b18
17 changed files with 2252 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
0035-block-nvme-Implement-fake-truncate-coroutine.patch Normal file
View File

@ -0,0 +1,84 @@
From f4c65e14055e208e331a83b9340998ecbe796b5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 1 Jan 2021 17:18:13 -0500
Subject: block/nvme: Implement fake truncate() coroutine
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: <20210101171813.1734014-2-philmd@redhat.com>
Patchwork-id: 100503
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] block/nvme: Implement fake truncate() coroutine
Bugzilla: 1848834
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
NVMe drive cannot be shrunk.
Since commit c80d8b06cfa we can use the @exact parameter (set
to false) to return success if the block device is larger than
the requested offset (even if we can not be shrunk).
Use this parameter to implement the NVMe truncate() coroutine,
similarly how it is done for the iscsi and file-posix drivers
(see commit 82325ae5f2f "Evaluate @exact in protocol drivers").
Reported-by: Xueqiang Wei <xuwei@redhat.com>
Suggested-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201210125202.858656-1-philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit c8807c5edcc8bd8917a5b7531d47ef6a99e07bd8)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
block/nvme.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/block/nvme.c b/block/nvme.c
index a06a188d53..5a6fbacf4a 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -1389,6 +1389,29 @@ out:
}
+static int coroutine_fn nvme_co_truncate(BlockDriverState *bs, int64_t offset,
+ bool exact, PreallocMode prealloc,
+ BdrvRequestFlags flags, Error **errp)
+{
+ int64_t cur_length;
+
+ if (prealloc != PREALLOC_MODE_OFF) {
+ error_setg(errp, "Unsupported preallocation mode '%s'",
+ PreallocMode_str(prealloc));
+ return -ENOTSUP;
+ }
+
+ cur_length = nvme_getlength(bs);
+ if (offset != cur_length && exact) {
+ error_setg(errp, "Cannot resize NVMe devices");
+ return -ENOTSUP;
+ } else if (offset > cur_length) {
+ error_setg(errp, "Cannot grow NVMe devices");
+ return -EINVAL;
+ }
+
+ return 0;
+}
static int nvme_reopen_prepare(BDRVReopenState *reopen_state,
BlockReopenQueue *queue, Error **errp)
@@ -1523,6 +1546,7 @@ static BlockDriver bdrv_nvme = {
.bdrv_close = nvme_close,
.bdrv_getlength = nvme_getlength,
.bdrv_probe_blocksizes = nvme_probe_blocksizes,
+ .bdrv_co_truncate = nvme_co_truncate,
.bdrv_co_preadv = nvme_co_preadv,
.bdrv_co_pwritev = nvme_co_pwritev,
--
2.18.4

77
0037-build-system-use-b_staticpic-false.patch Normal file
View File

@ -0,0 +1,77 @@
From 50b575b27b9daa331da08d10dbe6524de0580833 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 16 Dec 2020 17:53:08 -0500
Subject: build-system: use b_staticpic=false
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20201216175308.1463822-3-pbonzini@redhat.com>
Patchwork-id: 100484
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/2] build-system: use b_staticpic=false
Bugzilla: 1899619
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
Meson 0.56.0 correctly builds non-PIC static libraries with -fPIE if
b_pie=true, while Meson 0.55.3 has a bug that causes the library
to use non-PIE objects and fail to link. Therefore, upstream
QEMU looks at the meson version in order to decide between
b_staticpic=false and b_staticpic=$pie.
Unfortunately, b_staticpic=$pie still has a negative effect
on performance when you QEMU is compiled with --enable-pie
like RHEL does. Therefore, we have backported the fix
to Meson 0.55.3-3.el8. We can require it and unconditionally
use b_staticpic=false.
The patch is RHEL-specific, but a similar change is included
in the larger patch for "meson: switch minimum meson version to
0.56.0".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
configure | 5 -----
meson.build | 4 ++--
redhat/qemu-kvm.spec.template | 2 +-
3 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/configure b/configure
index 18c26e0389..d60097c0d4 100755
--- a/configure
+++ b/configure
@@ -6979,10 +6979,6 @@ fi
mv $cross config-meson.cross
rm -rf meson-private meson-info meson-logs
-unset staticpic
-if ! version_ge "$($meson --version)" 0.56.0; then
- staticpic=$(if test "$pie" = yes; then echo true; else echo false; fi)
-fi
NINJA=$ninja $meson setup \
--prefix "$prefix" \
--libdir "$libdir" \
@@ -7002,7 +6998,6 @@ NINJA=$ninja $meson setup \
-Dwerror=$(if test "$werror" = yes; then echo true; else echo false; fi) \
-Dstrip=$(if test "$strip_opt" = yes; then echo true; else echo false; fi) \
-Db_pie=$(if test "$pie" = yes; then echo true; else echo false; fi) \
- ${staticpic:+-Db_staticpic=$staticpic} \
-Db_coverage=$(if test "$gcov" = yes; then echo true; else echo false; fi) \
-Dmalloc=$malloc -Dmalloc_trim=$malloc_trim -Dsparse=$sparse \
-Dkvm=$kvm -Dhax=$hax -Dwhpx=$whpx -Dhvf=$hvf \
diff --git a/meson.build b/meson.build
index 8c38b2ea36..c482d075d5 100644
--- a/meson.build
+++ b/meson.build
@@ -1,6 +1,6 @@
project('qemu', ['c'], meson_version: '>=0.55.0',
- default_options: ['warning_level=1', 'c_std=gnu99', 'cpp_std=gnu++11', 'b_colorout=auto'] +
- (meson.version().version_compare('>=0.56.0') ? [ 'b_staticpic=false' ] : []),
+ default_options: ['warning_level=1', 'c_std=gnu99', 'cpp_std=gnu++11', 'b_colorout=auto',
+ 'b_staticpic=false' ],
version: run_command('head', meson.source_root() / 'VERSION').stdout().strip())
not_found = dependency('', required: false)

131
0038-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch Normal file
View File

@ -0,0 +1,131 @@
From d66ae008007853df7d3a24bd2d5e7494f53f007c Mon Sep 17 00:00:00 2001
From: Greg Kurz <gkurz@redhat.com>
Date: Thu, 7 Jan 2021 10:10:20 -0500
Subject: spapr: Fix buffer overflow in spapr_numa_associativity_init()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Greg Kurz <gkurz@redhat.com>
Message-id: <20210107101020.579456-2-gkurz@redhat.com>
Patchwork-id: 100515
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] spapr: Fix buffer overflow in spapr_numa_associativity_init()
Bugzilla: 1908693
RH-Acked-by: David Gibson <dgibson@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
From: Greg Kurz <groug@kaod.org>
Running a guest with 128 NUMA nodes crashes QEMU:
../../util/error.c:59: error_setv: Assertion `*errp == NULL' failed.
The crash happens when setting the FWNMI migration blocker:
2861 if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI) == SPAPR_CAP_ON) {
2862 /* Create the error string for live migration blocker */
2863 error_setg(&spapr->fwnmi_migration_blocker,
2864 "A machine check is being handled during migration. The handler"
2865 "may run and log hardware error on the destination");
2866 }
Inspection reveals that papr->fwnmi_migration_blocker isn't NULL:
(gdb) p spapr->fwnmi_migration_blocker
$1 = (Error *) 0x8000000004000000
Since this is the only place where papr->fwnmi_migration_blocker is
set, this means someone wrote there in our back. Further analysis
points to spapr_numa_associativity_init(), especially the part
that initializes the associative arrays for NVLink GPUs:
max_nodes_with_gpus = nb_numa_nodes + NVGPU_MAX_NUM;
ie. max_nodes_with_gpus = 128 + 6, but the array isn't sized to
accommodate the 6 extra nodes:
struct SpaprMachineState {
.
.
.
uint32_t numa_assoc_array[MAX_NODES][NUMA_ASSOC_SIZE];
Error *fwnmi_migration_blocker;
};
and the following loops happily overwrite spapr->fwnmi_migration_blocker,
and probably more:
for (i = nb_numa_nodes; i < max_nodes_with_gpus; i++) {
spapr->numa_assoc_array[i][0] = cpu_to_be32(MAX_DISTANCE_REF_POINTS);
for (j = 1; j < MAX_DISTANCE_REF_POINTS; j++) {
uint32_t gpu_assoc = smc->pre_5_1_assoc_refpoints ?
SPAPR_GPU_NUMA_ID : cpu_to_be32(i);
spapr->numa_assoc_array[i][j] = gpu_assoc;
}
spapr->numa_assoc_array[i][MAX_DISTANCE_REF_POINTS] = cpu_to_be32(i);
}
Fix the size of the array. This requires "hw/ppc/spapr.h" to see
NVGPU_MAX_NUM. Including "hw/pci-host/spapr.h" introduces a
circular dependency that breaks the build, so this moves the
definition of NVGPU_MAX_NUM to "hw/ppc/spapr.h" instead.
Reported-by: Min Deng <mdeng@redhat.com>
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1908693
Fixes: dd7e1d7ae431 ("spapr_numa: move NVLink2 associativity handling to spapr_numa.c")
Cc: danielhb413@gmail.com
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <160829960428.734871.12634150161215429514.stgit@bahia.lan>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 30499fdd9883026e106d74e8199e2f1311fd4011)
Signed-off-by: Greg Kurz <gkurz@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
include/hw/pci-host/spapr.h | 2 --
include/hw/ppc/spapr.h | 5 ++++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/include/hw/pci-host/spapr.h b/include/hw/pci-host/spapr.h
index 4f58f0223b..bd014823a9 100644
--- a/include/hw/pci-host/spapr.h
+++ b/include/hw/pci-host/spapr.h
@@ -115,8 +115,6 @@ struct SpaprPhbState {
#define SPAPR_PCI_NV2RAM64_WIN_BASE SPAPR_PCI_LIMIT
#define SPAPR_PCI_NV2RAM64_WIN_SIZE (2 * TiB) /* For up to 6 GPUs 256GB each */
-/* Max number of these GPUsper a physical box */
-#define NVGPU_MAX_NUM 6
/* Max number of NVLinks per GPU in any physical box */
#define NVGPU_MAX_LINKS 3
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index ba2d81404b..28bbf07f8f 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -112,6 +112,9 @@ typedef enum {
#define NUMA_ASSOC_SIZE (MAX_DISTANCE_REF_POINTS + 1)
#define VCPU_ASSOC_SIZE (NUMA_ASSOC_SIZE + 1)
+/* Max number of these GPUsper a physical box */
+#define NVGPU_MAX_NUM 6
+
typedef struct SpaprCapabilities SpaprCapabilities;
struct SpaprCapabilities {
uint8_t caps[SPAPR_CAP_NUM];
@@ -243,7 +246,7 @@ struct SpaprMachineState {
unsigned gpu_numa_id;
SpaprTpmProxy *tpm_proxy;
- uint32_t numa_assoc_array[MAX_NODES][NUMA_ASSOC_SIZE];
+ uint32_t numa_assoc_array[MAX_NODES + NVGPU_MAX_NUM][NUMA_ASSOC_SIZE];
Error *fwnmi_migration_blocker;
};
--
2.18.4

175
0039-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch Normal file
View File

@ -0,0 +1,175 @@
From e85ee5f0196b85ad6f9faa02571325831b612c37 Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Thu, 7 Jan 2021 14:12:25 -0500
Subject: usb/hcd-xhci-pci: Fixup capabilities ordering (again)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: <20210107141225.19709-2-dgilbert@redhat.com>
Patchwork-id: 100518
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] usb/hcd-xhci-pci: Fixup capabilities ordering (again)
Bugzilla: 1912846
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Allow the reordering of the PCIe capabilities for MSI around the PCIe
capability.
This changed incompatibly way back in QEMU 2.7 and in RHEL we fixed
it up in bz 1447874 unconditionally putting it back.
The xhci code got reorganised between 5.0 and 5.2; and we lost this
fixup on rebase.
This time, add it as a property, and enable the property for old
machine types; this will allow us to drop this patch once the
old machine types go.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/core/machine.c | 4 ++-
hw/usb/hcd-xhci-pci.c | 59 +++++++++++++++++++++++++++++++++----------
hw/usb/hcd-xhci-pci.h | 1 +
3 files changed, 49 insertions(+), 15 deletions(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
index aba05ad676..68495b9411 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -29,7 +29,7 @@
#include "migration/vmstate.h"
/*
- * The same as hw_compat_5_1
+ * Mostly the same as hw_compat_5_1
*/
GlobalProperty hw_compat_rhel_8_3[] = {
/* hw_compat_rhel_8_3 from hw_compat_5_1 */
@@ -46,6 +46,8 @@ GlobalProperty hw_compat_rhel_8_3[] = {
{ "nvme", "use-intel-id", "on"},
/* hw_compat_rhel_8_3 from hw_compat_5_1 */
{ "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */
+ /* hw_compat_rhel_8_3 bz 1912846 */
+ { "pci-xhci", "x-rh-late-msi-cap", "off" },
};
const size_t hw_compat_rhel_8_3_len = G_N_ELEMENTS(hw_compat_rhel_8_3);
diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c
index bba628d3d2..d045a2a8be 100644
--- a/hw/usb/hcd-xhci-pci.c
+++ b/hw/usb/hcd-xhci-pci.c
@@ -101,6 +101,33 @@ static int xhci_pci_vmstate_post_load(void *opaque, int version_id)
return 0;
}
+/* RH bz 1912846 */
+static bool usb_xhci_pci_add_msi(struct PCIDevice *dev, Error **errp)
+{
+ int ret;
+ Error *err = NULL;
+ XHCIPciState *s = XHCI_PCI(dev);
+
+ ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err);
+ /*
+ * Any error other than -ENOTSUP(board's MSI support is broken)
+ * is a programming error
+ */
+ assert(!ret || ret == -ENOTSUP);
+ if (ret && s->msi == ON_OFF_AUTO_ON) {
+ /* Can't satisfy user's explicit msi=on request, fail */
+ error_append_hint(&err, "You have to use msi=auto (default) or "
+ "msi=off with this machine type.\n");
+ error_propagate(errp, err);
+ return true;
+ }
+ assert(!err || s->msi == ON_OFF_AUTO_AUTO);
+ /* With msi=auto, we fall back to MSI off silently */
+ error_free(err);
+
+ return false;
+}
+
static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
{
int ret;
@@ -124,23 +151,12 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
s->xhci.nec_quirks = true;
}
- if (s->msi != ON_OFF_AUTO_OFF) {
- ret = msi_init(dev, 0x70, s->xhci.numintrs, true, false, &err);
- /*
- * Any error other than -ENOTSUP(board's MSI support is broken)
- * is a programming error
- */
- assert(!ret || ret == -ENOTSUP);
- if (ret && s->msi == ON_OFF_AUTO_ON) {
- /* Can't satisfy user's explicit msi=on request, fail */
- error_append_hint(&err, "You have to use msi=auto (default) or "
- "msi=off with this machine type.\n");
+ if (s->msi != ON_OFF_AUTO_OFF && s->rh_late_msi_cap) {
+ /* This gives the behaviour from 5.2.0 onwards, lspci shows 90,a0,70 */
+ if (usb_xhci_pci_add_msi(dev, &err)) {
error_propagate(errp, err);
return;
}
- assert(!err || s->msi == ON_OFF_AUTO_AUTO);
- /* With msi=auto, we fall back to MSI off silently */
- error_free(err);
}
pci_register_bar(dev, 0,
PCI_BASE_ADDRESS_SPACE_MEMORY |
@@ -153,6 +169,14 @@ static void usb_xhci_pci_realize(struct PCIDevice *dev, Error **errp)
assert(ret > 0);
}
+ /* RH bz 1912846 */
+ if (s->msi != ON_OFF_AUTO_OFF && !s->rh_late_msi_cap) {
+ /* This gives the older RH machine behaviour, lspci shows 90,70,a0 */
+ if (usb_xhci_pci_add_msi(dev, &err)) {
+ error_propagate(errp, err);
+ return;
+ }
+ }
if (s->msix != ON_OFF_AUTO_OFF) {
/* TODO check for errors, and should fail when msix=on */
msix_init(dev, s->xhci.numintrs,
@@ -197,11 +221,18 @@ static void xhci_instance_init(Object *obj)
qdev_alias_all_properties(DEVICE(&s->xhci), obj);
}
+static Property xhci_pci_properties[] = {
+ /* RH bz 1912846 */
+ DEFINE_PROP_BOOL("x-rh-late-msi-cap", XHCIPciState, rh_late_msi_cap, true),
+ DEFINE_PROP_END_OF_LIST()
+};
+
static void xhci_class_init(ObjectClass *klass, void *data)
{
PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
DeviceClass *dc = DEVICE_CLASS(klass);
+ device_class_set_props(dc, xhci_pci_properties);
dc->reset = xhci_pci_reset;
dc->vmsd = &vmstate_xhci_pci;
set_bit(DEVICE_CATEGORY_USB, dc->categories);
diff --git a/hw/usb/hcd-xhci-pci.h b/hw/usb/hcd-xhci-pci.h
index c193f79443..086a1feb1e 100644
--- a/hw/usb/hcd-xhci-pci.h
+++ b/hw/usb/hcd-xhci-pci.h
@@ -39,6 +39,7 @@ typedef struct XHCIPciState {
XHCIState xhci;
OnOffAuto msi;
OnOffAuto msix;
+ bool rh_late_msi_cap; /* bz 1912846 */
} XHCIPciState;
#endif
--
2.18.4

132
0040-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch Normal file
View File

@ -0,0 +1,132 @@
From 0e1bc444240fb2d8d3ee65533baaa72a7267c53a Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 8 Jan 2021 12:27:19 -0500
Subject: qga/commands-posix: Send CCW address on s390x with the fsinfo data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20210108122719.73201-2-thuth@redhat.com>
Patchwork-id: 100532
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH v2 1/1] qga/commands-posix: Send CCW address on s390x with the fsinfo data
Bugzilla: 1755075
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
We need the CCW address on the libvirt side to correctly identify
the disk, so add this information to the GuestDiskAddress on s390x.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Michael Roth <michael.roth@amd.com>
Message-Id: <20201127082353.448251-1-thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
(cherry picked from commit 5b723a5d8df44b69b8ba350e643059c8fd889315)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
qga/commands-posix.c | 34 ++++++++++++++++++++++++++++++++++
qga/qapi-schema.json | 20 +++++++++++++++++++-
2 files changed, 53 insertions(+), 1 deletion(-)
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index c089e38120..5aa5eff84f 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1029,6 +1029,38 @@ static bool build_guest_fsinfo_for_nonpci_virtio(char const *syspath,
return true;
}
+/*
+ * Store disk device info for CCW devices (s390x channel I/O devices).
+ * Returns true if information has been stored, or false for failure.
+ */
+static bool build_guest_fsinfo_for_ccw_dev(char const *syspath,
+ GuestDiskAddress *disk,
+ Error **errp)
+{
+ unsigned int cssid, ssid, subchno, devno;
+ char *p;
+
+ p = strstr(syspath, "/devices/css");
+ if (!p || sscanf(p + 12, "%*x/%x.%x.%x/%*x.%*x.%x/",
+ &cssid, &ssid, &subchno, &devno) < 4) {
+ g_debug("could not parse ccw device sysfs path: %s", syspath);
+ return false;
+ }
+
+ disk->has_ccw_address = true;
+ disk->ccw_address = g_new0(GuestCCWAddress, 1);
+ disk->ccw_address->cssid = cssid;
+ disk->ccw_address->ssid = ssid;
+ disk->ccw_address->subchno = subchno;
+ disk->ccw_address->devno = devno;
+
+ if (strstr(p, "/virtio")) {
+ build_guest_fsinfo_for_nonpci_virtio(syspath, disk, errp);
+ }
+
+ return true;
+}
+
/* Store disk device info specified by @sysfs into @fs */
static void build_guest_fsinfo_for_real_device(char const *syspath,
GuestFilesystemInfo *fs,
@@ -1081,6 +1113,8 @@ static void build_guest_fsinfo_for_real_device(char const *syspath,
if (strstr(syspath, "/devices/pci")) {
has_hwinf = build_guest_fsinfo_for_pci_dev(syspath, disk, errp);
+ } else if (strstr(syspath, "/devices/css")) {
+ has_hwinf = build_guest_fsinfo_for_ccw_dev(syspath, disk, errp);
} else if (strstr(syspath, "/virtio")) {
has_hwinf = build_guest_fsinfo_for_nonpci_virtio(syspath, disk, errp);
} else {
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 3b3d1d0bd9..9a82b7e952 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -846,6 +846,22 @@
'data': {'domain': 'int', 'bus': 'int',
'slot': 'int', 'function': 'int'} }
+##
+# @GuestCCWAddress:
+#
+# @cssid: channel subsystem image id
+# @ssid: subchannel set id
+# @subchno: subchannel number
+# @devno: device number
+#
+# Since: 6.0
+##
+{ 'struct': 'GuestCCWAddress',
+ 'data': {'cssid': 'int',
+ 'ssid': 'int',
+ 'subchno': 'int',
+ 'devno': 'int'} }
+
##
# @GuestDiskAddress:
#
@@ -856,6 +872,7 @@
# @unit: unit id
# @serial: serial number (since: 3.1)
# @dev: device node (POSIX) or device UNC (Windows) (since: 3.1)
+# @ccw-address: CCW address on s390x (since: 6.0)
#
# Since: 2.2
##
@@ -863,7 +880,8 @@
'data': {'pci-controller': 'GuestPCIAddress',
'bus-type': 'GuestDiskBusType',
'bus': 'int', 'target': 'int', 'unit': 'int',
- '*serial': 'str', '*dev': 'str'} }
+ '*serial': 'str', '*dev': 'str',
+ '*ccw-address': 'GuestCCWAddress'} }
##
# @GuestDiskInfo:
--
2.18.4

188
0041-AArch64-machine-types-cleanup.patch Normal file
View File

@ -0,0 +1,188 @@
From bfa3dc6e290c7b4f7f8825e4d4320ba062ed445a Mon Sep 17 00:00:00 2001
From: Andrew Jones <drjones@redhat.com>
Date: Sat, 9 Jan 2021 22:19:27 -0500
Subject: AArch64 machine types cleanup
RH-Author: Andrew Jones <drjones@redhat.com>
Message-id: <20210109221928.31407-2-drjones@redhat.com>
Patchwork-id: 100547
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH v2 1/2] AArch64 machine types cleanup
Bugzilla: 1895276
RH-Acked-by: Gavin Shan <gshan@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
No functional change here, just a reduction of downstream-only
changes and whitespace differences. Also the removal of a nested
'#if 0 /* disabled for RHEL */' block.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/arm/virt.c | 69 +++++++++++++++++++++++----------------------------
1 file changed, 31 insertions(+), 38 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 21e0485ac5..530072fce0 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -123,7 +123,6 @@
static const TypeInfo rhel##m##n##s##_machvirt_info = { \
.name = MACHINE_TYPE_NAME("virt-rhel" # m "." # n "." # s), \
.parent = TYPE_RHEL_MACHINE, \
- .instance_init = rhel##m##n##s##_virt_instance_init, \
.class_init = rhel##m##n##s##_virt_class_init, \
}; \
static void rhel##m##n##s##_machvirt_init(void) \
@@ -2098,8 +2097,8 @@ static void virt_set_virt(Object *obj, bool value, Error **errp)
vms->virt = value;
}
-
#endif /* disabled for RHEL */
+
static bool virt_get_highmem(Object *obj, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -2167,14 +2166,13 @@ static void virt_set_ras(Object *obj, bool value, Error **errp)
vms->ras = value;
}
-#if 0 /* Disabled for Red Hat Enterprise Linux */
+
static bool virt_get_mte(Object *obj, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
return vms->mte;
}
-#endif /* disabled for RHEL */
static void virt_set_mte(Object *obj, bool value, Error **errp)
{
@@ -2182,7 +2180,8 @@ static void virt_set_mte(Object *obj, bool value, Error **errp)
vms->mte = value;
}
-#endif
+#endif /* disabled for RHEL */
+
static char *virt_get_gic_version(Object *obj, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -2818,25 +2817,6 @@ static void rhel_machine_class_init(ObjectClass *oc, void *data)
"Enable ACPI");
}
-static const TypeInfo rhel_machine_info = {
- .name = TYPE_RHEL_MACHINE,
- .parent = TYPE_MACHINE,
- .abstract = true,
- .instance_size = sizeof(VirtMachineState),
- .class_size = sizeof(VirtMachineClass),
- .class_init = rhel_machine_class_init,
- .interfaces = (InterfaceInfo[]) {
- { TYPE_HOTPLUG_HANDLER },
- { }
- },
-};
-
-static void rhel_machine_init(void)
-{
- type_register_static(&rhel_machine_info);
-}
-type_init(rhel_machine_init);
-
static void rhel_virt_instance_init(Object *obj)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -2844,22 +2824,23 @@ static void rhel_virt_instance_init(Object *obj)
/* EL3 is disabled by default and non-configurable for RHEL */
vms->secure = false;
+
/* EL2 is disabled by default and non-configurable for RHEL */
vms->virt = false;
- /* High memory is enabled by default for RHEL */
+
+ /* High memory is enabled by default */
vms->highmem = true;
object_property_add_bool(obj, "highmem", virt_get_highmem,
virt_set_highmem);
object_property_set_description(obj, "highmem",
"Set on/off to enable/disable using "
"physical address space above 32 bits");
-
vms->gic_version = VIRT_GIC_VERSION_NOSEL;
object_property_add_str(obj, "gic-version", virt_get_gic_version,
virt_set_gic_version);
object_property_set_description(obj, "gic-version",
"Set GIC version. "
- "Valid values are 2, 3 and host");
+ "Valid values are 2, 3, host and max");
vms->highmem_ecam = !vmc->no_highmem_ecam;
@@ -2882,18 +2863,36 @@ static void rhel_virt_instance_init(Object *obj)
"Set the IOMMU type. "
"Valid values are none and smmuv3");
+ /* Default disallows RAS instantiation and is non-configurable for RHEL */
vms->ras = false;
- /* MTE is disabled by default. */
+
+ /* MTE is disabled by default and non-configurable for RHEL */
vms->mte = false;
- vms->irqmap=a15irqmap;
+ vms->irqmap = a15irqmap;
+
virt_flash_create(vms);
}
-static void rhel830_virt_instance_init(Object *obj)
+static const TypeInfo rhel_machine_info = {
+ .name = TYPE_RHEL_MACHINE,
+ .parent = TYPE_MACHINE,
+ .abstract = true,
+ .instance_size = sizeof(VirtMachineState),
+ .class_size = sizeof(VirtMachineClass),
+ .class_init = rhel_machine_class_init,
+ .instance_init = rhel_virt_instance_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_HOTPLUG_HANDLER },
+ { }
+ },
+};
+
+static void rhel_machine_init(void)
{
- rhel_virt_instance_init(obj);
+ type_register_static(&rhel_machine_info);
}
+type_init(rhel_machine_init);
static void rhel830_virt_options(MachineClass *mc)
{
@@ -2901,16 +2900,10 @@ static void rhel830_virt_options(MachineClass *mc)
}
DEFINE_RHEL_MACHINE_AS_LATEST(8, 3, 0)
-static void rhel820_virt_instance_init(Object *obj)
-{
- rhel_virt_instance_init(obj);
-}
-
static void rhel820_virt_options(MachineClass *mc)
{
rhel830_virt_options(mc);
- compat_props_add(mc->compat_props, hw_compat_rhel_8_2,
- hw_compat_rhel_8_2_len);
+ compat_props_add(mc->compat_props, hw_compat_rhel_8_2, hw_compat_rhel_8_2_len);
mc->numa_mem_supported = true;
mc->auto_enable_numa_with_memdev = false;
}
--
2.18.4

55
0042-hw-arm-virt-Add-8.4-Machine-type.patch Normal file
View File

@ -0,0 +1,55 @@
From 1bc68127d1531ed519cb839844febaecb2a3f6d0 Mon Sep 17 00:00:00 2001
From: Andrew Jones <drjones@redhat.com>
Date: Sat, 9 Jan 2021 22:19:28 -0500
Subject: hw/arm/virt: Add 8.4 Machine type
RH-Author: Andrew Jones <drjones@redhat.com>
Message-id: <20210109221928.31407-3-drjones@redhat.com>
Patchwork-id: 100548
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH v2 2/2] hw/arm/virt: Add 8.4 Machine type
Bugzilla: 1895276
RH-Acked-by: Gavin Shan <gshan@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
8.4 isn't much different than 8.3, except it adds the steal-time
feature and enables it by default.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/arm/virt.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 530072fce0..208c360342 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2894,11 +2894,21 @@ static void rhel_machine_init(void)
}
type_init(rhel_machine_init);
-static void rhel830_virt_options(MachineClass *mc)
+static void rhel840_virt_options(MachineClass *mc)
{
compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len);
}
-DEFINE_RHEL_MACHINE_AS_LATEST(8, 3, 0)
+DEFINE_RHEL_MACHINE_AS_LATEST(8, 4, 0)
+
+static void rhel830_virt_options(MachineClass *mc)
+{
+ VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
+
+ rhel840_virt_options(mc);
+ compat_props_add(mc->compat_props, hw_compat_rhel_8_3, hw_compat_rhel_8_3_len);
+ vmc->no_kvm_steal_time = true;
+}
+DEFINE_RHEL_MACHINE(8, 3, 0)
static void rhel820_virt_options(MachineClass *mc)
{
--
2.18.4

146
0044-memory-Rename-memory_region_notify_one-to-memory_reg.patch Normal file
View File

@ -0,0 +1,146 @@
From 256180b78107813b8e8c292bc799f5d7c7676cd2 Mon Sep 17 00:00:00 2001
From: eperezma <eperezma@redhat.com>
Date: Mon, 11 Jan 2021 14:36:11 -0500
Subject: memory: Rename memory_region_notify_one to
memory_region_notify_iommu_one
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: eperezma <eperezma@redhat.com>
Message-id: <20210111143615.303645-2-eperezma@redhat.com>
Patchwork-id: 100570
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/5] memory: Rename memory_region_notify_one to memory_region_notify_iommu_one
Bugzilla: 1845758
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Peter Xu <peterx@redhat.com>
Previous name didn't reflect the iommu operation.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20201116165506.31315-2-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 3b5ebf8532afdc1518bd8b0961ed802bc3f5f07c)
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/arm/smmu-common.c | 2 +-
hw/arm/smmuv3.c | 2 +-
hw/i386/intel_iommu.c | 4 ++--
include/exec/memory.h | 6 +++---
softmmu/memory.c | 6 +++---
5 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 3838db1395..88d2c454f0 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -472,7 +472,7 @@ static void smmu_unmap_notifier_range(IOMMUNotifier *n)
entry.perm = IOMMU_NONE;
entry.addr_mask = n->end - n->start;
- memory_region_notify_one(n, &entry);
+ memory_region_notify_iommu_one(n, &entry);
}
/* Unmap all notifiers attached to @mr */
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 22607c3784..273f5f7dce 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -828,7 +828,7 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
entry.addr_mask = num_pages * (1 << granule) - 1;
entry.perm = IOMMU_NONE;
- memory_region_notify_one(n, &entry);
+ memory_region_notify_iommu_one(n, &entry);
}
/* invalidate an asid/iova range tuple in all mr's */
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 70ac837733..067593b9e4 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3497,7 +3497,7 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
/* This field is meaningless for unmap */
entry.translated_addr = 0;
- memory_region_notify_one(n, &entry);
+ memory_region_notify_iommu_one(n, &entry);
start += mask;
remain -= mask;
@@ -3535,7 +3535,7 @@ static void vtd_address_space_refresh_all(IntelIOMMUState *s)
static int vtd_replay_hook(IOMMUTLBEntry *entry, void *private)
{
- memory_region_notify_one((IOMMUNotifier *)private, entry);
+ memory_region_notify_iommu_one((IOMMUNotifier *)private, entry);
return 0;
}
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 0f3e6bcd5e..d8456ccf52 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -236,7 +236,7 @@ enum IOMMUMemoryRegionAttr {
* The IOMMU implementation must use the IOMMU notifier infrastructure
* to report whenever mappings are changed, by calling
* memory_region_notify_iommu() (or, if necessary, by calling
- * memory_region_notify_one() for each registered notifier).
+ * memory_region_notify_iommu_one() for each registered notifier).
*
* Conceptually an IOMMU provides a mapping from input address
* to an output TLB entry. If the IOMMU is aware of memory transaction
@@ -1346,7 +1346,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
IOMMUTLBEntry entry);
/**
- * memory_region_notify_one: notify a change in an IOMMU translation
+ * memory_region_notify_iommu_one: notify a change in an IOMMU translation
* entry to a single notifier
*
* This works just like memory_region_notify_iommu(), but it only
@@ -1357,7 +1357,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
* replaces all old entries for the same virtual I/O address range.
* Deleted entries have .@perm == 0.
*/
-void memory_region_notify_one(IOMMUNotifier *notifier,
+void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
IOMMUTLBEntry *entry);
/**
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 11ca94d037..44de610c72 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -1942,8 +1942,8 @@ void memory_region_unregister_iommu_notifier(MemoryRegion *mr,
memory_region_update_iommu_notify_flags(iommu_mr, NULL);
}
-void memory_region_notify_one(IOMMUNotifier *notifier,
- IOMMUTLBEntry *entry)
+void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
+ IOMMUTLBEntry *entry)
{
IOMMUNotifierFlag request_flags;
hwaddr entry_end = entry->iova + entry->addr_mask;
@@ -1979,7 +1979,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
IOMMU_NOTIFIER_FOREACH(iommu_notifier, iommu_mr) {
if (iommu_notifier->iommu_idx == iommu_idx) {
- memory_region_notify_one(iommu_notifier, &entry);
+ memory_region_notify_iommu_one(iommu_notifier, &entry);
}
}
}
--
2.18.4

647
0045-memory-Add-IOMMUTLBEvent.patch Normal file
View File

@ -0,0 +1,647 @@
From d282fdd88e60aa081365d8e0903ceb18743ccc9d Mon Sep 17 00:00:00 2001
From: eperezma <eperezma@redhat.com>
Date: Mon, 11 Jan 2021 14:36:12 -0500
Subject: memory: Add IOMMUTLBEvent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: eperezma <eperezma@redhat.com>
Message-id: <20210111143615.303645-3-eperezma@redhat.com>
Patchwork-id: 100568
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 2/5] memory: Add IOMMUTLBEvent
Bugzilla: 1845758
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Peter Xu <peterx@redhat.com>
This way we can tell between regular IOMMUTLBEntry (entry of IOMMU
hardware) and notifications.
In the notifications, we set explicitly if it is a MAPs or an UNMAP,
instead of trusting in entry permissions to differentiate them.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20201116165506.31315-3-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit 5039caf3c449c49e625d34e134463260cf8e00e0)
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/arm/smmu-common.c | 13 +++---
hw/arm/smmuv3.c | 13 +++---
hw/i386/intel_iommu.c | 88 ++++++++++++++++++++++------------------
hw/misc/tz-mpc.c | 32 ++++++++-------
hw/ppc/spapr_iommu.c | 15 +++----
hw/s390x/s390-pci-inst.c | 27 +++++++-----
hw/virtio/virtio-iommu.c | 30 +++++++-------
include/exec/memory.h | 27 ++++++------
softmmu/memory.c | 20 ++++-----
9 files changed, 143 insertions(+), 122 deletions(-)
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 88d2c454f0..405d5c5325 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -465,14 +465,15 @@ IOMMUMemoryRegion *smmu_iommu_mr(SMMUState *s, uint32_t sid)
/* Unmap the whole notifier's range */
static void smmu_unmap_notifier_range(IOMMUNotifier *n)
{
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
- entry.target_as = &address_space_memory;
- entry.iova = n->start;
- entry.perm = IOMMU_NONE;
- entry.addr_mask = n->end - n->start;
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.target_as = &address_space_memory;
+ event.entry.iova = n->start;
+ event.entry.perm = IOMMU_NONE;
+ event.entry.addr_mask = n->end - n->start;
- memory_region_notify_iommu_one(n, &entry);
+ memory_region_notify_iommu_one(n, &event);
}
/* Unmap all notifiers attached to @mr */
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 273f5f7dce..bbca0e9f20 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -800,7 +800,7 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
uint8_t tg, uint64_t num_pages)
{
SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
uint8_t granule = tg;
if (!tg) {
@@ -823,12 +823,13 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
granule = tt->granule_sz;
}
- entry.target_as = &address_space_memory;
- entry.iova = iova;
- entry.addr_mask = num_pages * (1 << granule) - 1;
- entry.perm = IOMMU_NONE;
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.target_as = &address_space_memory;
+ event.entry.iova = iova;
+ event.entry.addr_mask = num_pages * (1 << granule) - 1;
+ event.entry.perm = IOMMU_NONE;
- memory_region_notify_iommu_one(n, &entry);
+ memory_region_notify_iommu_one(n, &event);
}
/* invalidate an asid/iova range tuple in all mr's */
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 067593b9e4..56180b1c43 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -1073,7 +1073,7 @@ static int vtd_iova_to_slpte(IntelIOMMUState *s, VTDContextEntry *ce,
}
}
-typedef int (*vtd_page_walk_hook)(IOMMUTLBEntry *entry, void *private);
+typedef int (*vtd_page_walk_hook)(IOMMUTLBEvent *event, void *private);
/**
* Constant information used during page walking
@@ -1094,11 +1094,12 @@ typedef struct {
uint16_t domain_id;
} vtd_page_walk_info;
-static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info)
+static int vtd_page_walk_one(IOMMUTLBEvent *event, vtd_page_walk_info *info)
{
VTDAddressSpace *as = info->as;
vtd_page_walk_hook hook_fn = info->hook_fn;
void *private = info->private;
+ IOMMUTLBEntry *entry = &event->entry;
DMAMap target = {
.iova = entry->iova,
.size = entry->addr_mask,
@@ -1107,7 +1108,7 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info)
};
DMAMap *mapped = iova_tree_find(as->iova_tree, &target);
- if (entry->perm == IOMMU_NONE && !info->notify_unmap) {
+ if (event->type == IOMMU_NOTIFIER_UNMAP && !info->notify_unmap) {
trace_vtd_page_walk_one_skip_unmap(entry->iova, entry->addr_mask);
return 0;
}
@@ -1115,7 +1116,7 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info)
assert(hook_fn);
/* Update local IOVA mapped ranges */
- if (entry->perm) {
+ if (event->type == IOMMU_NOTIFIER_MAP) {
if (mapped) {
/* If it's exactly the same translation, skip */
if (!memcmp(mapped, &target, sizeof(target))) {
@@ -1141,19 +1142,21 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info)
int ret;
/* Emulate an UNMAP */
+ event->type = IOMMU_NOTIFIER_UNMAP;
entry->perm = IOMMU_NONE;
trace_vtd_page_walk_one(info->domain_id,
entry->iova,
entry->translated_addr,
entry->addr_mask,
entry->perm);
- ret = hook_fn(entry, private);
+ ret = hook_fn(event, private);
if (ret) {
return ret;
}
/* Drop any existing mapping */
iova_tree_remove(as->iova_tree, &target);
- /* Recover the correct permission */
+ /* Recover the correct type */
+ event->type = IOMMU_NOTIFIER_MAP;
entry->perm = cache_perm;
}
}
@@ -1170,7 +1173,7 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, vtd_page_walk_info *info)
trace_vtd_page_walk_one(info->domain_id, entry->iova,
entry->translated_addr, entry->addr_mask,
entry->perm);
- return hook_fn(entry, private);
+ return hook_fn(event, private);
}
/**
@@ -1191,7 +1194,7 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t start,
uint32_t offset;
uint64_t slpte;
uint64_t subpage_size, subpage_mask;
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
uint64_t iova = start;
uint64_t iova_next;
int ret = 0;
@@ -1245,13 +1248,15 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t start,
*
* In either case, we send an IOTLB notification down.
*/
- entry.target_as = &address_space_memory;
- entry.iova = iova & subpage_mask;
- entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur);
- entry.addr_mask = ~subpage_mask;
+ event.entry.target_as = &address_space_memory;
+ event.entry.iova = iova & subpage_mask;
+ event.entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur);
+ event.entry.addr_mask = ~subpage_mask;
/* NOTE: this is only meaningful if entry_valid == true */
- entry.translated_addr = vtd_get_slpte_addr(slpte, info->aw);
- ret = vtd_page_walk_one(&entry, info);
+ event.entry.translated_addr = vtd_get_slpte_addr(slpte, info->aw);
+ event.type = event.entry.perm ? IOMMU_NOTIFIER_MAP :
+ IOMMU_NOTIFIER_UNMAP;
+ ret = vtd_page_walk_one(&event, info);
}
if (ret < 0) {
@@ -1430,10 +1435,10 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, uint8_t bus_num,
return 0;
}
-static int vtd_sync_shadow_page_hook(IOMMUTLBEntry *entry,
+static int vtd_sync_shadow_page_hook(IOMMUTLBEvent *event,
void *private)
{
- memory_region_notify_iommu((IOMMUMemoryRegion *)private, 0, *entry);
+ memory_region_notify_iommu(private, 0, *event);
return 0;
}
@@ -1993,14 +1998,17 @@ static void vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s,
* page tables. We just deliver the PSI down to
* invalidate caches.
*/
- IOMMUTLBEntry entry = {
- .target_as = &address_space_memory,
- .iova = addr,
- .translated_addr = 0,
- .addr_mask = size - 1,
- .perm = IOMMU_NONE,
+ IOMMUTLBEvent event = {
+ .type = IOMMU_NOTIFIER_UNMAP,
+ .entry = {
+ .target_as = &address_space_memory,
+ .iova = addr,
+ .translated_addr = 0,
+ .addr_mask = size - 1,
+ .perm = IOMMU_NONE,
+ },
};
- memory_region_notify_iommu(&vtd_as->iommu, 0, entry);
+ memory_region_notify_iommu(&vtd_as->iommu, 0, event);
}
}
}
@@ -2412,7 +2420,7 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s,
VTDInvDesc *inv_desc)
{
VTDAddressSpace *vtd_dev_as;
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
struct VTDBus *vtd_bus;
hwaddr addr;
uint64_t sz;
@@ -2460,12 +2468,13 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s,
sz = VTD_PAGE_SIZE;
}
- entry.target_as = &vtd_dev_as->as;
- entry.addr_mask = sz - 1;
- entry.iova = addr;
- entry.perm = IOMMU_NONE;
- entry.translated_addr = 0;
- memory_region_notify_iommu(&vtd_dev_as->iommu, 0, entry);
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.target_as = &vtd_dev_as->as;
+ event.entry.addr_mask = sz - 1;
+ event.entry.iova = addr;
+ event.entry.perm = IOMMU_NONE;
+ event.entry.translated_addr = 0;
+ memory_region_notify_iommu(&vtd_dev_as->iommu, 0, event);
done:
return true;
@@ -3485,19 +3494,20 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
size = remain = end - start + 1;
while (remain >= VTD_PAGE_SIZE) {
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
uint64_t mask = get_naturally_aligned_size(start, remain, s->aw_bits);
assert(mask);
- entry.iova = start;
- entry.addr_mask = mask - 1;
- entry.target_as = &address_space_memory;
- entry.perm = IOMMU_NONE;
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.iova = start;
+ event.entry.addr_mask = mask - 1;
+ event.entry.target_as = &address_space_memory;
+ event.entry.perm = IOMMU_NONE;
/* This field is meaningless for unmap */
- entry.translated_addr = 0;
+ event.entry.translated_addr = 0;
- memory_region_notify_iommu_one(n, &entry);
+ memory_region_notify_iommu_one(n, &event);
start += mask;
remain -= mask;
@@ -3533,9 +3543,9 @@ static void vtd_address_space_refresh_all(IntelIOMMUState *s)
vtd_switch_address_space_all(s);
}
-static int vtd_replay_hook(IOMMUTLBEntry *entry, void *private)
+static int vtd_replay_hook(IOMMUTLBEvent *event, void *private)
{
- memory_region_notify_iommu_one((IOMMUNotifier *)private, entry);
+ memory_region_notify_iommu_one(private, event);
return 0;
}
diff --git a/hw/misc/tz-mpc.c b/hw/misc/tz-mpc.c
index 98f151237f..30481e1c90 100644
--- a/hw/misc/tz-mpc.c
+++ b/hw/misc/tz-mpc.c
@@ -82,8 +82,10 @@ static void tz_mpc_iommu_notify(TZMPC *s, uint32_t lutidx,
/* Called when the LUT word at lutidx has changed from oldlut to newlut;
* must call the IOMMU notifiers for the changed blocks.
*/
- IOMMUTLBEntry entry = {
- .addr_mask = s->blocksize - 1,
+ IOMMUTLBEvent event = {
+ .entry = {
+ .addr_mask = s->blocksize - 1,
+ }
};
hwaddr addr = lutidx * s->blocksize * 32;
int i;
@@ -100,26 +102,28 @@ static void tz_mpc_iommu_notify(TZMPC *s, uint32_t lutidx,
block_is_ns = newlut & (1 << i);
trace_tz_mpc_iommu_notify(addr);
- entry.iova = addr;
- entry.translated_addr = addr;
+ event.entry.iova = addr;
+ event.entry.translated_addr = addr;
- entry.perm = IOMMU_NONE;
- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, entry);
- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, entry);
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.perm = IOMMU_NONE;
+ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, event);
+ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, event);
- entry.perm = IOMMU_RW;
+ event.type = IOMMU_NOTIFIER_MAP;
+ event.entry.perm = IOMMU_RW;
if (block_is_ns) {
- entry.target_as = &s->blocked_io_as;
+ event.entry.target_as = &s->blocked_io_as;
} else {
- entry.target_as = &s->downstream_as;
+ event.entry.target_as = &s->downstream_as;
}
- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, entry);
+ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, event);
if (block_is_ns) {
- entry.target_as = &s->downstream_as;
+ event.entry.target_as = &s->downstream_as;
} else {
- entry.target_as = &s->blocked_io_as;
+ event.entry.target_as = &s->blocked_io_as;
}
- memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, entry);
+ memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, event);
}
}
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 0790239ba5..30352df00e 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -445,7 +445,7 @@ static void spapr_tce_reset(DeviceState *dev)
static target_ulong put_tce_emu(SpaprTceTable *tcet, target_ulong ioba,
target_ulong tce)
{
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
hwaddr page_mask = IOMMU_PAGE_MASK(tcet->page_shift);
unsigned long index = (ioba - tcet->bus_offset) >> tcet->page_shift;
@@ -457,12 +457,13 @@ static target_ulong put_tce_emu(SpaprTceTable *tcet, target_ulong ioba,
tcet->table[index] = tce;
- entry.target_as = &address_space_memory,
- entry.iova = (ioba - tcet->bus_offset) & page_mask;
- entry.translated_addr = tce & page_mask;
- entry.addr_mask = ~page_mask;
- entry.perm = spapr_tce_iommu_access_flags(tce);
- memory_region_notify_iommu(&tcet->iommu, 0, entry);
+ event.entry.target_as = &address_space_memory,
+ event.entry.iova = (ioba - tcet->bus_offset) & page_mask;
+ event.entry.translated_addr = tce & page_mask;
+ event.entry.addr_mask = ~page_mask;
+ event.entry.perm = spapr_tce_iommu_access_flags(tce);
+ event.type = event.entry.perm ? IOMMU_NOTIFIER_MAP : IOMMU_NOTIFIER_UNMAP;
+ memory_region_notify_iommu(&tcet->iommu, 0, event);
return H_SUCCESS;
}
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 70bfd91bf7..d9e1e29f1e 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -602,15 +602,18 @@ static uint32_t s390_pci_update_iotlb(S390PCIIOMMU *iommu,
S390IOTLBEntry *entry)
{
S390IOTLBEntry *cache = g_hash_table_lookup(iommu->iotlb, &entry->iova);
- IOMMUTLBEntry notify = {
- .target_as = &address_space_memory,
- .iova = entry->iova,
- .translated_addr = entry->translated_addr,
- .perm = entry->perm,
- .addr_mask = ~PAGE_MASK,
+ IOMMUTLBEvent event = {
+ .type = entry->perm ? IOMMU_NOTIFIER_MAP : IOMMU_NOTIFIER_UNMAP,
+ .entry = {
+ .target_as = &address_space_memory,
+ .iova = entry->iova,
+ .translated_addr = entry->translated_addr,
+ .perm = entry->perm,
+ .addr_mask = ~PAGE_MASK,
+ },
};
- if (entry->perm == IOMMU_NONE) {
+ if (event.type == IOMMU_NOTIFIER_UNMAP) {
if (!cache) {
goto out;
}
@@ -623,9 +626,11 @@ static uint32_t s390_pci_update_iotlb(S390PCIIOMMU *iommu,
goto out;
}
- notify.perm = IOMMU_NONE;
- memory_region_notify_iommu(&iommu->iommu_mr, 0, notify);
- notify.perm = entry->perm;
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.perm = IOMMU_NONE;
+ memory_region_notify_iommu(&iommu->iommu_mr, 0, event);
+ event.type = IOMMU_NOTIFIER_MAP;
+ event.entry.perm = entry->perm;
}
cache = g_new(S390IOTLBEntry, 1);
@@ -637,7 +642,7 @@ static uint32_t s390_pci_update_iotlb(S390PCIIOMMU *iommu,
dec_dma_avail(iommu);
}
- memory_region_notify_iommu(&iommu->iommu_mr, 0, notify);
+ memory_region_notify_iommu(&iommu->iommu_mr, 0, event);
out:
return iommu->dma_limit ? iommu->dma_limit->avail : 1;
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
index fc5c75d693..cea8811295 100644
--- a/hw/virtio/virtio-iommu.c
+++ b/hw/virtio/virtio-iommu.c
@@ -129,7 +129,7 @@ static void virtio_iommu_notify_map(IOMMUMemoryRegion *mr, hwaddr virt_start,
hwaddr virt_end, hwaddr paddr,
uint32_t flags)
{
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
IOMMUAccessFlags perm = IOMMU_ACCESS_FLAG(flags & VIRTIO_IOMMU_MAP_F_READ,
flags & VIRTIO_IOMMU_MAP_F_WRITE);
@@ -141,19 +141,20 @@ static void virtio_iommu_notify_map(IOMMUMemoryRegion *mr, hwaddr virt_start,
trace_virtio_iommu_notify_map(mr->parent_obj.name, virt_start, virt_end,
paddr, perm);
- entry.target_as = &address_space_memory;
- entry.addr_mask = virt_end - virt_start;
- entry.iova = virt_start;
- entry.perm = perm;
- entry.translated_addr = paddr;
+ event.type = IOMMU_NOTIFIER_MAP;
+ event.entry.target_as = &address_space_memory;
+ event.entry.addr_mask = virt_end - virt_start;
+ event.entry.iova = virt_start;
+ event.entry.perm = perm;
+ event.entry.translated_addr = paddr;
- memory_region_notify_iommu(mr, 0, entry);
+ memory_region_notify_iommu(mr, 0, event);
}
static void virtio_iommu_notify_unmap(IOMMUMemoryRegion *mr, hwaddr virt_start,
hwaddr virt_end)
{
- IOMMUTLBEntry entry;
+ IOMMUTLBEvent event;
if (!(mr->iommu_notify_flags & IOMMU_NOTIFIER_UNMAP)) {
return;
@@ -161,13 +162,14 @@ static void virtio_iommu_notify_unmap(IOMMUMemoryRegion *mr, hwaddr virt_start,
trace_virtio_iommu_notify_unmap(mr->parent_obj.name, virt_start, virt_end);
- entry.target_as = &address_space_memory;
- entry.addr_mask = virt_end - virt_start;
- entry.iova = virt_start;
- entry.perm = IOMMU_NONE;
- entry.translated_addr = 0;
+ event.type = IOMMU_NOTIFIER_UNMAP;
+ event.entry.target_as = &address_space_memory;
+ event.entry.addr_mask = virt_end - virt_start;
+ event.entry.iova = virt_start;
+ event.entry.perm = IOMMU_NONE;
+ event.entry.translated_addr = 0;
- memory_region_notify_iommu(mr, 0, entry);
+ memory_region_notify_iommu(mr, 0, event);
}
static gboolean virtio_iommu_notify_unmap_cb(gpointer key, gpointer value,
diff --git a/include/exec/memory.h b/include/exec/memory.h
index d8456ccf52..e86b5e92da 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -116,6 +116,11 @@ struct IOMMUNotifier {
};
typedef struct IOMMUNotifier IOMMUNotifier;
+typedef struct IOMMUTLBEvent {
+ IOMMUNotifierFlag type;
+ IOMMUTLBEntry entry;
+} IOMMUTLBEvent;
+
/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
#define RAM_PREALLOC (1 << 0)
@@ -1326,24 +1331,18 @@ uint64_t memory_region_iommu_get_min_page_size(IOMMUMemoryRegion *iommu_mr);
/**
* memory_region_notify_iommu: notify a change in an IOMMU translation entry.
*
- * The notification type will be decided by entry.perm bits:
- *
- * - For UNMAP (cache invalidation) notifies: set entry.perm to IOMMU_NONE.
- * - For MAP (newly added entry) notifies: set entry.perm to the
- * permission of the page (which is definitely !IOMMU_NONE).
- *
* Note: for any IOMMU implementation, an in-place mapping change
* should be notified with an UNMAP followed by a MAP.
*
* @iommu_mr: the memory region that was changed
* @iommu_idx: the IOMMU index for the translation table which has changed
- * @entry: the new entry in the IOMMU translation table. The entry
- * replaces all old entries for the same virtual I/O address range.
- * Deleted entries have .@perm == 0.
+ * @event: TLB event with the new entry in the IOMMU translation table.
+ * The entry replaces all old entries for the same virtual I/O address
+ * range.
*/
void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
int iommu_idx,
- IOMMUTLBEntry entry);
+ IOMMUTLBEvent event);
/**
* memory_region_notify_iommu_one: notify a change in an IOMMU translation
@@ -1353,12 +1352,12 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
* notifies a specific notifier, not all of them.
*
* @notifier: the notifier to be notified
- * @entry: the new entry in the IOMMU translation table. The entry
- * replaces all old entries for the same virtual I/O address range.
- * Deleted entries have .@perm == 0.
+ * @event: TLB event with the new entry in the IOMMU translation table.
+ * The entry replaces all old entries for the same virtual I/O address
+ * range.
*/
void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
- IOMMUTLBEntry *entry);
+ IOMMUTLBEvent *event);
/**
* memory_region_register_iommu_notifier: register a notifier for changes to
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 44de610c72..6ca87e8d73 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -1943,11 +1943,15 @@ void memory_region_unregister_iommu_notifier(MemoryRegion *mr,
}
void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
- IOMMUTLBEntry *entry)
+ IOMMUTLBEvent *event)
{
- IOMMUNotifierFlag request_flags;
+ IOMMUTLBEntry *entry = &event->entry;
hwaddr entry_end = entry->iova + entry->addr_mask;
+ if (event->type == IOMMU_NOTIFIER_UNMAP) {
+ assert(entry->perm == IOMMU_NONE);
+ }
+
/*
* Skip the notification if the notification does not overlap
* with registered range.
@@ -1958,20 +1962,14 @@ void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
assert(entry->iova >= notifier->start && entry_end <= notifier->end);
- if (entry->perm & IOMMU_RW) {
- request_flags = IOMMU_NOTIFIER_MAP;
- } else {
- request_flags = IOMMU_NOTIFIER_UNMAP;
- }
-
- if (notifier->notifier_flags & request_flags) {
+ if (event->type & notifier->notifier_flags) {
notifier->notify(notifier, entry);
}
}
void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
int iommu_idx,
- IOMMUTLBEntry entry)
+ IOMMUTLBEvent event)
{
IOMMUNotifier *iommu_notifier;
@@ -1979,7 +1977,7 @@ void memory_region_notify_iommu(IOMMUMemoryRegion *iommu_mr,
IOMMU_NOTIFIER_FOREACH(iommu_notifier, iommu_mr) {
if (iommu_notifier->iommu_idx == iommu_idx) {
- memory_region_notify_iommu_one(iommu_notifier, &entry);
+ memory_region_notify_iommu_one(iommu_notifier, &event);
}
}
}
--
2.18.4

88
0046-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch Normal file
View File

@ -0,0 +1,88 @@
From 6eb76ae169aaf695a5fb6ef052859828e3ea91bc Mon Sep 17 00:00:00 2001
From: eperezma <eperezma@redhat.com>
Date: Mon, 11 Jan 2021 14:36:13 -0500
Subject: memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: eperezma <eperezma@redhat.com>
Message-id: <20210111143615.303645-4-eperezma@redhat.com>
Patchwork-id: 100571
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 3/5] memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType
Bugzilla: 1845758
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Peter Xu <peterx@redhat.com>
This allows us to differentiate between regular IOMMU map/unmap events
and DEVIOTLB unmap. Doing so, notifiers that only need device IOTLB
invalidations will not receive regular IOMMU unmappings.
Adapt intel and vhost to use it.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20201116165506.31315-4-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit b68ba1ca57677acf870d5ab10579e6105c1f5338)
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/intel_iommu.c | 2 +-
hw/virtio/vhost.c | 2 +-
include/exec/memory.h | 7 ++++++-
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 56180b1c43..edc3090f91 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2468,7 +2468,7 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s,
sz = VTD_PAGE_SIZE;
}
- event.type = IOMMU_NOTIFIER_UNMAP;
+ event.type = IOMMU_NOTIFIER_DEVIOTLB_UNMAP;
event.entry.target_as = &vtd_dev_as->as;
event.entry.addr_mask = sz - 1;
event.entry.iova = addr;
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 614ccc2bcb..28c7d78172 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -718,7 +718,7 @@ static void vhost_iommu_region_add(MemoryListener *listener,
iommu_idx = memory_region_iommu_attrs_to_index(iommu_mr,
MEMTXATTRS_UNSPECIFIED);
iommu_notifier_init(&iommu->n, vhost_iommu_unmap_notify,
- IOMMU_NOTIFIER_UNMAP,
+ IOMMU_NOTIFIER_DEVIOTLB_UNMAP,
section->offset_within_region,
int128_get64(end),
iommu_idx);
diff --git a/include/exec/memory.h b/include/exec/memory.h
index e86b5e92da..521d9901d7 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -97,9 +97,14 @@ typedef enum {
IOMMU_NOTIFIER_UNMAP = 0x1,
/* Notify entry changes (newly created entries) */
IOMMU_NOTIFIER_MAP = 0x2,
+ /* Notify changes on device IOTLB entries */
+ IOMMU_NOTIFIER_DEVIOTLB_UNMAP = 0x04,
} IOMMUNotifierFlag;
-#define IOMMU_NOTIFIER_ALL (IOMMU_NOTIFIER_MAP | IOMMU_NOTIFIER_UNMAP)
+#define IOMMU_NOTIFIER_IOTLB_EVENTS (IOMMU_NOTIFIER_MAP | IOMMU_NOTIFIER_UNMAP)
+#define IOMMU_NOTIFIER_DEVIOTLB_EVENTS IOMMU_NOTIFIER_DEVIOTLB_UNMAP
+#define IOMMU_NOTIFIER_ALL (IOMMU_NOTIFIER_IOTLB_EVENTS | \
+ IOMMU_NOTIFIER_DEVIOTLB_EVENTS)
struct IOMMUNotifier;
typedef void (*IOMMUNotify)(struct IOMMUNotifier *notifier,
--
2.18.4

57
0047-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch Normal file
View File

@ -0,0 +1,57 @@
From add80ba59a85aca4c5e2619dee95557d2ec14169 Mon Sep 17 00:00:00 2001
From: eperezma <eperezma@redhat.com>
Date: Mon, 11 Jan 2021 14:36:14 -0500
Subject: intel_iommu: Skip page walking on device iotlb invalidations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: eperezma <eperezma@redhat.com>
Message-id: <20210111143615.303645-5-eperezma@redhat.com>
Patchwork-id: 100572
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 4/5] intel_iommu: Skip page walking on device iotlb invalidations
Bugzilla: 1845758
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Peter Xu <peterx@redhat.com>
Although they didn't reach the notifier because of the filtering in
memory_region_notify_iommu_one, the vt-d was still splitting huge
memory invalidations in chunks. Skipping it.
This improves performance in case of netperf with vhost-net:
* TCP_STREAM: From 1923.6Mbit/s to 2175.13Mbit/s (13%)
* TCP_RR: From 8464.73 trans/s to 8932.703333 trans/s (5.5%)
* UDP_RR: From 8562.08 trans/s to 9005.62/s (5.1%)
* UDP_STREAM: No change observed (insignificant 0.1% improvement)
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20201116165506.31315-5-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit f7701e2c7983b680790af47117577b285b6a1aed)
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/intel_iommu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index edc3090f91..0cc71e4057 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -1478,6 +1478,10 @@ static int vtd_sync_shadow_page_table(VTDAddressSpace *vtd_as)
VTDContextEntry ce;
IOMMUNotifier *n;
+ if (!(vtd_as->iommu.iommu_notify_flags & IOMMU_NOTIFIER_IOTLB_EVENTS)) {
+ return 0;
+ }
+
ret = vtd_dev_to_context_entry(vtd_as->iommu_state,
pci_bus_num(vtd_as->bus),
vtd_as->devfn, &ce);
--
2.18.4

69
0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch Normal file
View File

@ -0,0 +1,69 @@
From ce5295813c0f1c94964cbd126f37a3202c360b92 Mon Sep 17 00:00:00 2001
From: eperezma <eperezma@redhat.com>
Date: Mon, 11 Jan 2021 14:36:15 -0500
Subject: memory: Skip bad range assertion if notifier is DEVIOTLB_UNMAP type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: eperezma <eperezma@redhat.com>
Message-id: <20210111143615.303645-6-eperezma@redhat.com>
Patchwork-id: 100573
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 5/5] memory: Skip bad range assertion if notifier is DEVIOTLB_UNMAP type
Bugzilla: 1845758
RH-Acked-by: Xiao Wang <jasowang@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Peter Xu <peterx@redhat.com>
Device IOTLB invalidations can unmap arbitrary ranges, eiter outside of
the memory region or even [0, ~0ULL] for all the space. The assertion
could be hit by a guest, and rhel7 guest effectively hit it.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20201116165506.31315-6-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 1804857f19f612f6907832e35599cdb51d4ec764)
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
softmmu/memory.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 6ca87e8d73..22bacbbc78 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -1947,6 +1947,7 @@ void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
{
IOMMUTLBEntry *entry = &event->entry;
hwaddr entry_end = entry->iova + entry->addr_mask;
+ IOMMUTLBEntry tmp = *entry;
if (event->type == IOMMU_NOTIFIER_UNMAP) {
assert(entry->perm == IOMMU_NONE);
@@ -1960,10 +1961,16 @@ void memory_region_notify_iommu_one(IOMMUNotifier *notifier,
return;
}
- assert(entry->iova >= notifier->start && entry_end <= notifier->end);
+ if (notifier->notifier_flags & IOMMU_NOTIFIER_DEVIOTLB_UNMAP) {
+ /* Crop (iova, addr_mask) to range */
+ tmp.iova = MAX(tmp.iova, notifier->start);
+ tmp.addr_mask = MIN(entry_end, notifier->end) - tmp.iova;
+ } else {
+ assert(entry->iova >= notifier->start && entry_end <= notifier->end);
+ }
if (event->type & notifier->notifier_flags) {
- notifier->notify(notifier, entry);
+ notifier->notify(notifier, &tmp);
}
}
--
2.18.4

47
0049-RHEL-Switch-pvpanic-test-to-q35.patch Normal file
View File

@ -0,0 +1,47 @@
From c489d2cd175e879071a3c5504a17d7f656dd7b06 Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Tue, 8 Dec 2020 16:27:15 -0500
Subject: RHEL: Switch pvpanic test to q35
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: <20201208162716.30836-3-dgilbert@redhat.com>
Patchwork-id: 100360
O-Subject: [RHEL-av-8.4.0 qemu-kvm PATCH v2 2/3] RHEL: Switch pvpanic test to q35
Bugzilla: 1885555
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Juan Quintela <quintela@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Since b1b0393c3c5 the pvpanic test checks for a different
result (3) expecting it to get that on new machine types.
But, downstream, our 'pc' machine type is old, so switch the
test to q35, so it gets the new behaviour it's expecting.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
tests/qtest/pvpanic-test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/qtest/pvpanic-test.c b/tests/qtest/pvpanic-test.c
index 016b32ebee..f0a7282b47 100644
--- a/tests/qtest/pvpanic-test.c
+++ b/tests/qtest/pvpanic-test.c
@@ -17,7 +17,8 @@ static void test_panic(void)
QDict *response, *data;
QTestState *qts;
- qts = qtest_init("-device pvpanic");
+ /* RHEL: Use q35 */
+ qts = qtest_init("-M q35 -device pvpanic");
val = qtest_inb(qts, 0x505);
g_assert_cmpuint(val, ==, 3);
--
2.18.4

144
0050-8.4-x86-machine-type.patch Normal file
View File

@ -0,0 +1,144 @@
From cb95a2dd9f549a4b7fcfac97b9a83c46a232d41e Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Tue, 8 Dec 2020 16:27:16 -0500
Subject: 8.4 x86 machine type
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: <20201208162716.30836-4-dgilbert@redhat.com>
Patchwork-id: 100362
O-Subject: [RHEL-av-8.4.0 qemu-kvm PATCH v2 3/3] 8.4 x86 machine type
Bugzilla: 1885555
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
RH-Acked-by: Juan Quintela <quintela@redhat.com>
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Add pc-q35-rhel8.4.0 and fix all the compatiiblity glue up.
Note the moving of x-smi-cpu-hotplug follows bz 1846886 comment 18
part 2.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/i386/pc.c | 8 ++++++--
hw/i386/pc_piix.c | 5 +++++
hw/i386/pc_q35.c | 30 +++++++++++++++++++++++++++---
include/hw/i386/pc.h | 3 +++
4 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index f3fc695fe2..d5ea5b634c 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -363,11 +363,15 @@ GlobalProperty pc_rhel_compat[] = {
{ TYPE_X86_CPU, "vmx-exit-load-perf-global-ctrl", "off" },
/* bz 1508330 */
{ "vfio-pci", "x-no-geforce-quirks", "on" },
- /* BZ 1846886 */
- { "ICH9-LPC", "x-smi-cpu-hotplug", "off" },
};
const size_t pc_rhel_compat_len = G_N_ELEMENTS(pc_rhel_compat);
+GlobalProperty pc_rhel_8_3_compat[] = {
+ /* pc_rhel_8_3_compat from pc_compat_5_1 */
+ { "ICH9-LPC", "x-smi-cpu-hotplug", "off" },
+};
+const size_t pc_rhel_8_3_compat_len = G_N_ELEMENTS(pc_rhel_8_3_compat);
+
GlobalProperty pc_rhel_8_2_compat[] = {
/* pc_rhel_8_2_compat from pc_compat_4_2 */
{ "mch", "smbase-smram", "off" },
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 815da79108..1b1cc18ae0 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -1045,6 +1045,11 @@ static void pc_machine_rhel760_options(MachineClass *m)
m->smbus_no_migration_support = true;
pcmc->pvh_enabled = false;
pcmc->default_cpu_version = CPU_VERSION_LEGACY;
+ pcmc->kvmclock_create_always = false;
+ compat_props_add(m->compat_props, hw_compat_rhel_8_3,
+ hw_compat_rhel_8_3_len);
+ compat_props_add(m->compat_props, pc_rhel_8_3_compat,
+ pc_rhel_8_3_compat_len);
compat_props_add(m->compat_props, hw_compat_rhel_8_2,
hw_compat_rhel_8_2_len);
compat_props_add(m->compat_props, pc_rhel_8_2_compat,
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 3340008c00..5acb47afcf 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -593,6 +593,24 @@ static void pc_q35_machine_rhel_options(MachineClass *m)
compat_props_add(m->compat_props, pc_rhel_compat, pc_rhel_compat_len);
}
+static void pc_q35_init_rhel840(MachineState *machine)
+{
+ pc_q35_init(machine);
+}
+
+static void pc_q35_machine_rhel840_options(MachineClass *m)
+{
+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+ pc_q35_machine_rhel_options(m);
+ m->desc = "RHEL-8.4.0 PC (Q35 + ICH9, 2009)";
+ pcmc->smbios_stream_product = "RHEL-AV";
+ pcmc->smbios_stream_version = "8.4.0";
+}
+
+DEFINE_PC_MACHINE(q35_rhel840, "pc-q35-rhel8.4.0", pc_q35_init_rhel840,
+ pc_q35_machine_rhel840_options);
+
+
static void pc_q35_init_rhel830(MachineState *machine)
{
pc_q35_init(machine);
@@ -601,10 +619,17 @@ static void pc_q35_init_rhel830(MachineState *machine)
static void pc_q35_machine_rhel830_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
- pc_q35_machine_rhel_options(m);
+ pc_q35_machine_rhel840_options(m);
m->desc = "RHEL-8.3.0 PC (Q35 + ICH9, 2009)";
+ m->alias = NULL;
pcmc->smbios_stream_product = "RHEL-AV";
pcmc->smbios_stream_version = "8.3.0";
+ compat_props_add(m->compat_props, hw_compat_rhel_8_3,
+ hw_compat_rhel_8_3_len);
+ compat_props_add(m->compat_props, pc_rhel_8_3_compat,
+ pc_rhel_8_3_compat_len);
+ /* From pc_q35_5_1_machine_options() */
+ pcmc->kvmclock_create_always = false;
}
DEFINE_PC_MACHINE(q35_rhel830, "pc-q35-rhel8.3.0", pc_q35_init_rhel830,
@@ -618,9 +643,8 @@ static void pc_q35_init_rhel820(MachineState *machine)
static void pc_q35_machine_rhel820_options(MachineClass *m)
{
PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
- pc_q35_machine_rhel_options(m);
+ pc_q35_machine_rhel830_options(m);
m->desc = "RHEL-8.2.0 PC (Q35 + ICH9, 2009)";
- m->alias = NULL;
m->numa_mem_supported = true;
m->auto_enable_numa_with_memdev = false;
pcmc->smbios_stream_product = "RHEL-AV";
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index e2ba9a4b58..68091bea98 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -272,6 +272,9 @@ extern const size_t pc_compat_1_4_len;
extern GlobalProperty pc_rhel_compat[];
extern const size_t pc_rhel_compat_len;
+extern GlobalProperty pc_rhel_8_3_compat[];
+extern const size_t pc_rhel_8_3_compat_len;
+
extern GlobalProperty pc_rhel_8_2_compat[];
extern const size_t pc_rhel_8_2_compat_len;
--
2.18.4

153
0051-memory-clamp-cached-translation-in-case-it-points-to.patch Normal file
View File

@ -0,0 +1,153 @@
From cf7723d08da5b371ef8b89a6e4edfaa21f88f03f Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 12 Jan 2021 21:01:25 -0500
Subject: memory: clamp cached translation in case it points to an MMIO region
RH-Author: Jon Maloy <jmaloy@redhat.com>
Message-id: <20210112210125.851866-2-jmaloy@redhat.com>
Patchwork-id: 100614
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] memory: clamp cached translation in case it points to an MMIO region
Bugzilla: 1904392
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
In using the address_space_translate_internal API, address_space_cache_init
forgot one piece of advice that can be found in the code for
address_space_translate_internal:
/* MMIO registers can be expected to perform full-width accesses based only
* on their address, without considering adjacent registers that could
* decode to completely different MemoryRegions. When such registers
* exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
* regions overlap wildly. For this reason we cannot clamp the accesses
* here.
*
* If the length is small (as is the case for address_space_ldl/stl),
* everything works fine. If the incoming length is large, however,
* the caller really has to do the clamping through memory_access_size.
*/
address_space_cache_init is exactly one such case where "the incoming length
is large", therefore we need to clamp the resulting length---not to
memory_access_size though, since we are not doing an access yet, but to
the size of the resulting section. This ensures that subsequent accesses
to the cached MemoryRegionSection will be in range.
With this patch, the enclosed testcase notices that the used ring does
not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used"
error.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from 4bfb024bc76973d40a359476dc0291f46e435442)
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
softmmu/physmem.c | 10 ++++++++
tests/qtest/fuzz-test.c | 52 ++++++++++++++++++++++++++++++++++++++++-
2 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 3027747c03..fb3f276844 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -3255,6 +3255,7 @@ int64_t address_space_cache_init(MemoryRegionCache *cache,
AddressSpaceDispatch *d;
hwaddr l;
MemoryRegion *mr;
+ Int128 diff;
assert(len > 0);
@@ -3263,6 +3264,15 @@ int64_t address_space_cache_init(MemoryRegionCache *cache,
d = flatview_to_dispatch(cache->fv);
cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true);
+ /*
+ * cache->xlat is now relative to cache->mrs.mr, not to the section itself.
+ * Take that into account to compute how many bytes are there between
+ * cache->xlat and the end of the section.
+ */
+ diff = int128_sub(cache->mrs.size,
+ int128_make64(cache->xlat - cache->mrs.offset_within_region));
+ l = int128_get64(int128_min(diff, int128_make64(l)));
+
mr = cache->mrs.mr;
memory_region_ref(mr);
if (memory_access_is_direct(mr, is_write)) {
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c
index 2692d556d9..99d1a3ee12 100644
--- a/tests/qtest/fuzz-test.c
+++ b/tests/qtest/fuzz-test.c
@@ -73,6 +73,55 @@ static void test_lp1879531_eth_get_rss_ex_dst_addr(void)
qtest_quit(s);
}
+ /*
+ * Here a MemoryRegionCache pointed to an MMIO region but had a
+ * larger size than the underlying region.
+ */
+static void test_mmio_oob_from_memory_region_cache(void)
+{
+ QTestState *s;
+
+ s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
+ "-device virtio-scsi,num_queues=8,addr=03.0 ");
+
+ qtest_outl(s, 0xcf8, 0x80001811);
+ qtest_outb(s, 0xcfc, 0x6e);
+ qtest_outl(s, 0xcf8, 0x80001824);
+ qtest_outl(s, 0xcf8, 0x80001813);
+ qtest_outl(s, 0xcfc, 0xa080000);
+ qtest_outl(s, 0xcf8, 0x80001802);
+ qtest_outl(s, 0xcfc, 0x5a175a63);
+ qtest_outb(s, 0x6e08, 0x9e);
+ qtest_writeb(s, 0x9f003, 0xff);
+ qtest_writeb(s, 0x9f004, 0x01);
+ qtest_writeb(s, 0x9e012, 0x0e);
+ qtest_writeb(s, 0x9e01b, 0x0e);
+ qtest_writeb(s, 0x9f006, 0x01);
+ qtest_writeb(s, 0x9f008, 0x01);
+ qtest_writeb(s, 0x9f00a, 0x01);
+ qtest_writeb(s, 0x9f00c, 0x01);
+ qtest_writeb(s, 0x9f00e, 0x01);
+ qtest_writeb(s, 0x9f010, 0x01);
+ qtest_writeb(s, 0x9f012, 0x01);
+ qtest_writeb(s, 0x9f014, 0x01);
+ qtest_writeb(s, 0x9f016, 0x01);
+ qtest_writeb(s, 0x9f018, 0x01);
+ qtest_writeb(s, 0x9f01a, 0x01);
+ qtest_writeb(s, 0x9f01c, 0x01);
+ qtest_writeb(s, 0x9f01e, 0x01);
+ qtest_writeb(s, 0x9f020, 0x01);
+ qtest_writeb(s, 0x9f022, 0x01);
+ qtest_writeb(s, 0x9f024, 0x01);
+ qtest_writeb(s, 0x9f026, 0x01);
+ qtest_writeb(s, 0x9f028, 0x01);
+ qtest_writeb(s, 0x9f02a, 0x01);
+ qtest_writeb(s, 0x9f02c, 0x01);
+ qtest_writeb(s, 0x9f02e, 0x01);
+ qtest_writeb(s, 0x9f030, 0x01);
+ qtest_outb(s, 0x6e10, 0x00);
+ qtest_quit(s);
+}
+
int main(int argc, char **argv)
{
const char *arch = qtest_get_arch();
@@ -86,7 +135,8 @@ int main(int argc, char **argv)
test_lp1878642_pci_bus_get_irq_level_assert);
qtest_add_func("fuzz/test_lp1879531_eth_get_rss_ex_dst_addr",
test_lp1879531_eth_get_rss_ex_dst_addr);
-
+ qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache",
+ test_mmio_oob_from_memory_region_cache);
}
return g_test_run();
--
2.18.4

62
qemu-kvm.spec
View File

@ -64,7 +64,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 5.2.0
Release: 2.1%{?dist}
Release: 3%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 15
License: GPLv2 and GPLv2+ and CC-BY
@ -129,11 +129,26 @@ Patch0031: 0031-s390x-Use-strpadcpy-for-copying-vm-name.patch
Patch0032: 0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch
Patch0033: 0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch
Patch0034: 0034-net-eth-Fix-stack-buffer-overflow-in.patch
Patch0035: 0035-block-nvme-Implement-fake-truncate-coroutine.patch
Patch0037: 0037-build-system-use-b_staticpic-false.patch
Patch0038: 0038-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch
Patch0039: 0039-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch
Patch0040: 0040-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch
Patch0041: 0041-AArch64-machine-types-cleanup.patch
Patch0042: 0042-hw-arm-virt-Add-8.4-Machine-type.patch
Patch0044: 0044-memory-Rename-memory_region_notify_one-to-memory_reg.patch
Patch0045: 0045-memory-Add-IOMMUTLBEvent.patch
Patch0046: 0046-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch
Patch0047: 0047-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch
Patch0048: 0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch
Patch0049: 0049-RHEL-Switch-pvpanic-test-to-q35.patch
Patch0050: 0050-8.4-x86-machine-type.patch
Patch0051: 0051-memory-clamp-cached-translation-in-case-it-points-to.patch
BuildRequires: wget
BuildRequires: rpm-build
BuildRequires: ninja-build
BuildRequires: meson
BuildRequires: meson >= 0.55.3-3
BuildRequires: zlib-devel
BuildRequires: glib2-devel
BuildRequires: which
@ -580,7 +595,7 @@ pushd %{qemu_kvm_build}
--with-pkgversion="%{name}-%{version}-%{release}" \
--with-suffix="%{name}" \
--firmwarepath=%{_prefix}/share/qemu-firmware \
--python=%{__python3} \
--meson="%{__meson}" \
--target-list="%{buildarch}" \
--block-drv-rw-whitelist=%{block_drivers_list} \
--audio-drv-list= \
@ -711,7 +726,7 @@ find ../default-configs -name "*-rh-devices.mak" \
--with-pkgversion="%{name}-%{version}-%{release}" \
--with-suffix="%{name}" \
--firmwarepath=%{_prefix}/share/qemu-firmware \
--python=%{__python3} \
--meson="%{__meson}" \
--target-list="%{buildarch}" \
--block-drv-rw-whitelist=%{block_drivers_list} \
--audio-drv-list= \
@ -1309,6 +1324,45 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%changelog
* Mon Jan 18 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-3.el8
- kvm-block-nvme-Implement-fake-truncate-coroutine.patch [bz#1848834]
- kvm-spec-find-system-python-via-meson.patch [bz#1899619]
- kvm-build-system-use-b_staticpic-false.patch [bz#1899619]
- kvm-spapr-Fix-buffer-overflow-in-spapr_numa_associativit.patch [bz#1908693]
- kvm-usb-hcd-xhci-pci-Fixup-capabilities-ordering-again.patch [bz#1912846]
- kvm-qga-commands-posix-Send-CCW-address-on-s390x-with-th.patch [bz#1755075]
- kvm-AArch64-machine-types-cleanup.patch [bz#1895276]
- kvm-hw-arm-virt-Add-8.4-Machine-type.patch [bz#1895276]
- kvm-udev-kvm-check-remove-the-exceeded-subscription-limi.patch [bz#1914463]
- kvm-memory-Rename-memory_region_notify_one-to-memory_reg.patch [bz#1845758]
- kvm-memory-Add-IOMMUTLBEvent.patch [bz#1845758]
- kvm-memory-Add-IOMMU_NOTIFIER_DEVIOTLB_UNMAP-IOMMUTLBNot.patch [bz#1845758]
- kvm-intel_iommu-Skip-page-walking-on-device-iotlb-invali.patch [bz#1845758]
- kvm-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch [bz#1845758]
- kvm-RHEL-Switch-pvpanic-test-to-q35.patch [bz#1885555]
- kvm-8.4-x86-machine-type.patch [bz#1885555]
- kvm-memory-clamp-cached-translation-in-case-it-points-to.patch [bz#1904392]
- Resolves: bz#1848834
(Failed to create luks format image on NVMe device)
- Resolves: bz#1899619
(QEMU 5.2 is built with PIC objects instead of PIE)
- Resolves: bz#1908693
([ppc64le]boot up a guest with 128 numa nodes ,qemu got coredump)
- Resolves: bz#1912846
(qemu-kvm: Failed to load xhci:parent_obj during migration)
- Resolves: bz#1755075
([qemu-guest-agent] fsinfo doesn't return disk info on s390x)
- Resolves: bz#1895276
(Machine types update for aarch64 for QEMU 5.2.0)
- Resolves: bz#1914463
(Remove KVM guest count and limit info message)
- Resolves: bz#1845758
(qemu core dumped: qemu-kvm: /builddir/build/BUILD/qemu-4.2.0/memory.c:1928: memory_region_notify_one: Assertion `entry->iova >= notifier->start && entry_end <= notifier->end' failed.)
- Resolves: bz#1885555
(8.4 machine types for x86)
- Resolves: bz#1904392
(CVE-2020-27821 virt:8.4/qemu-kvm: QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c [rhel-av-8])
* Tue Dec 15 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-2.el8
- kvm-redhat-Define-hw_compat_8_3.patch [bz#1893935]
- kvm-redhat-Add-spapr_machine_rhel_default_class_options.patch [bz#1893935]

19
udev-kvm-check.c
View File

@ -32,14 +32,6 @@
#define COUNT_MSG \
"%d %s now active"
#define SUBSCRIPTION_MSG \
"%d %s now active; your Red Hat Enterprise Linux subscription" \
" limit is %d guests. Please review your Red Hat Enterprise Linux" \
" subscription agreement or contact your Red Hat" \
" support representative for more information. You" \
" may review the Red Hat Enterprise subscription" \
" limits at http://www.redhat.com/rhel-virt-limits"
int get_threshold_from_file(FILE *fp)
{
static const char key[] = "THRESHOLD=";
@ -139,13 +131,6 @@ void emit_count_message(int count)
closelog();
}
void emit_subscription_message(int count, int threshold)
{
openlog(FACILITY, LOG_CONS, LOG_USER);
syslog(LOG_WARNING, SUBSCRIPTION_MSG, count, guest(count), threshold);
closelog();
}
int main(int argc, char **argv)
{
int count, threshold;
@ -157,10 +142,8 @@ int main(int argc, char **argv)
threshold = get_threshold();
if (!strcmp(argv[2], "create")) {
if (threshold == 0) {
if (threshold == 0 || count > threshold) {
emit_count_message(count);
} else if (count > threshold) {
emit_subscription_message(count, threshold);
}
} else {
if (count >= threshold) {