* Mon Jun 26 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.0.0-6

- kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216201]
- kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216201]
- kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch [bz#2180076]
- kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch [bz#2180076]
- kvm-Enable-libblkio-block-drivers.patch [bz#2213317]
- Resolves: bz#2216201
  ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode)
- Resolves: bz#2180076
  ([qemu-kvm] support fd passing for libblkio QEMU BlockDrivers)
- Resolves: bz#2213317
  (Enable libblkio-based block drivers in QEMU)

kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch

@@ -0,0 +1,108 @@
+From fd57241cf0f8c2906fa56118f8da1e65a5b1e4d8 Mon Sep 17 00:00:00 2001
+From: Stefano Garzarella <sgarzare@redhat.com>
+Date: Tue, 30 May 2023 09:19:40 +0200
+Subject: [PATCH 3/5] block/blkio: use qemu_open() to support fd passing for
+ virtio-blk
+
+RH-Author: Stefano Garzarella <sgarzare@redhat.com>
+RH-MergeRequest: 169: block/blkio: support fd passing for virtio-blk-vhost-vdpa driver
+RH-Bugzilla: 2180076
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Commit: [1/2] 9ff1a1510500db101648341207a36318a0c41c5a (sgarzarella/qemu-kvm-c-9-s)
+
+Some virtio-blk drivers (e.g. virtio-blk-vhost-vdpa) supports the fd
+passing. Let's expose this to the user, so the management layer
+can pass the file descriptor of an already opened path.
+
+If the libblkio virtio-blk driver supports fd passing, let's always
+use qemu_open() to open the `path`, so we can handle fd passing
+from the management layer through the "/dev/fdset/N" special path.
+
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Message-id: 20230530071941.8954-2-sgarzare@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit cad2ccc395c7113fb30bc9390774b67b34f06c68)
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+---
+ block/blkio.c | 53 ++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 44 insertions(+), 9 deletions(-)
+
+diff --git a/block/blkio.c b/block/blkio.c
+index 0cdc99a729..6a6f20f923 100644
+--- a/block/blkio.c
++++ b/block/blkio.c
+@@ -672,25 +672,60 @@ static int blkio_virtio_blk_common_open(BlockDriverState *bs,
+ {
+     const char *path = qdict_get_try_str(options, "path");
+     BDRVBlkioState *s = bs->opaque;
+-    int ret;
++    bool fd_supported = false;
++    int fd, ret;
+ 
+     if (!path) {
+         error_setg(errp, "missing 'path' option");
+         return -EINVAL;
+     }
+ 
+-    ret = blkio_set_str(s->blkio, "path", path);
+-    qdict_del(options, "path");
+-    if (ret < 0) {
+-        error_setg_errno(errp, -ret, "failed to set path: %s",
+-                         blkio_get_error_msg());
+-        return ret;
+-    }
+-
+     if (!(flags & BDRV_O_NOCACHE)) {
+         error_setg(errp, "cache.direct=off is not supported");
+         return -EINVAL;
+     }
++
++    if (blkio_get_int(s->blkio, "fd", &fd) == 0) {
++        fd_supported = true;
++    }
++
++    /*
++     * If the libblkio driver supports fd passing, let's always use qemu_open()
++     * to open the `path`, so we can handle fd passing from the management
++     * layer through the "/dev/fdset/N" special path.
++     */
++    if (fd_supported) {
++        int open_flags;
++
++        if (flags & BDRV_O_RDWR) {
++            open_flags = O_RDWR;
++        } else {
++            open_flags = O_RDONLY;
++        }
++
++        fd = qemu_open(path, open_flags, errp);
++        if (fd < 0) {
++            return -EINVAL;
++        }
++
++        ret = blkio_set_int(s->blkio, "fd", fd);
++        if (ret < 0) {
++            error_setg_errno(errp, -ret, "failed to set fd: %s",
++                             blkio_get_error_msg());
++            qemu_close(fd);
++            return ret;
++        }
++    } else {
++        ret = blkio_set_str(s->blkio, "path", path);
++        if (ret < 0) {
++            error_setg_errno(errp, -ret, "failed to set path: %s",
++                             blkio_get_error_msg());
++            return ret;
++        }
++    }
++
++    qdict_del(options, "path");
++
+     return 0;
+ }
+ 
+-- 
+2.39.3
+

kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch

@@ -0,0 +1,79 @@
+From 99f27e14856c528f442b628e8f4a7881e6e63179 Mon Sep 17 00:00:00 2001
+From: Stefano Garzarella <sgarzare@redhat.com>
+Date: Tue, 30 May 2023 09:19:41 +0200
+Subject: [PATCH 4/5] qapi: add '@fdset' feature for
+ BlockdevOptionsVirtioBlkVhostVdpa
+
+RH-Author: Stefano Garzarella <sgarzare@redhat.com>
+RH-MergeRequest: 169: block/blkio: support fd passing for virtio-blk-vhost-vdpa driver
+RH-Bugzilla: 2180076
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Commit: [2/2] abee2a542e41f9eaa17dd204b74778e232d1eb60 (sgarzarella/qemu-kvm-c-9-s)
+
+The virtio-blk-vhost-vdpa driver in libblkio 1.3.0 supports the fd
+passing through the new 'fd' property.
+
+Since now we are using qemu_open() on '@path' if the virtio-blk driver
+supports the fd passing, let's announce it.
+In this way, the management layer can pass the file descriptor of an
+already opened vhost-vdpa character device. This is useful especially
+when the device can only be accessed with certain privileges.
+
+Add the '@fdset' feature only when the virtio-blk-vhost-vdpa driver
+in libblkio supports it.
+
+Suggested-by: Markus Armbruster <armbru@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Message-id: 20230530071941.8954-3-sgarzare@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry picked from commit 98b126f5e3228a346c774e569e26689943b401dd)
+- changed doc indentantion since QAPI parser failed downstream because
+  we don't have commit 08349786c84306863a3b659c8a9b28bb74c405c6
+  downstream. It relaxed the indentation rules.
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+---
+ meson.build          | 4 ++++
+ qapi/block-core.json | 6 ++++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index d964e741e7..a18cc64531 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1843,6 +1843,10 @@ config_host_data.set('CONFIG_LZO', lzo.found())
+ config_host_data.set('CONFIG_MPATH', mpathpersist.found())
+ config_host_data.set('CONFIG_MPATH_NEW_API', mpathpersist_new_api)
+ config_host_data.set('CONFIG_BLKIO', blkio.found())
++if blkio.found()
++  config_host_data.set('CONFIG_BLKIO_VHOST_VDPA_FD',
++                       blkio.version().version_compare('>=1.3.0'))
++endif
+ config_host_data.set('CONFIG_CURL', curl.found())
+ config_host_data.set('CONFIG_CURSES', curses.found())
+ config_host_data.set('CONFIG_GBM', gbm.found())
+diff --git a/qapi/block-core.json b/qapi/block-core.json
+index c05ad0c07e..81b48a8d3b 100644
+--- a/qapi/block-core.json
++++ b/qapi/block-core.json
+@@ -3841,10 +3841,16 @@
+ #
+ # @path: path to the vhost-vdpa character device.
+ #
++# Features:
++# @fdset: Member @path supports the special "/dev/fdset/N" path
++#         (since 8.1)
++#
+ # Since: 7.2
+ ##
+ { 'struct': 'BlockdevOptionsVirtioBlkVhostVdpa',
+   'data': { 'path': 'str' },
++  'features': [ { 'name' :'fdset',
++                  'if': 'CONFIG_BLKIO_VHOST_VDPA_FD' } ],
+   'if': 'CONFIG_BLKIO' }
+ 
+ ##
+-- 
+2.39.3
+

kvm-target-i386-add-support-for-FB_CLEAR-feature.patch

@@ -0,0 +1,71 @@
+From 0d056d6da9e4147d5965bf3507f6d6d6a413924d Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Wed, 24 May 2023 06:52:43 -0400
+Subject: [PATCH 2/5] target/i386: add support for FB_CLEAR feature
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 167: target/i386: add support for FB_CLEAR feature
+RH-Bugzilla: 2216201
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [2/2] 5f191964ba25754107a06ef907f4ac614280aaa1 (eesposit/qemu-kvm)
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2216201
+
+commit 22e1094ca82d5518c1b69aff3e87c550776ae1eb
+Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date:   Wed Feb 1 08:57:59 2023 -0500
+
+    target/i386: add support for FB_CLEAR feature
+
+    As reported by the Intel's doc:
+    "FB_CLEAR: The processor will overwrite fill buffer values as part of
+    MD_CLEAR operations with the VERW instruction.
+    On these processors, L1D_FLUSH does not overwrite fill buffer values."
+
+    If this cpu feature is present in host, allow QEMU to choose whether to
+    show it to the guest too.
+    One disadvantage of not exposing it is that the guest will report
+    a non existing vulnerability in
+    /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
+    because the mitigation is present only when the cpu has
+            (FLUSH_L1D and MD_CLEAR) or FB_CLEAR
+    features enabled.
+
+    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+    Message-Id: <20230201135759.555607-3-eesposit@redhat.com>
+    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ target/i386/cpu.c | 2 +-
+ target/i386/cpu.h | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index caf6338cc0..839706b430 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1012,7 +1012,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+             "ssb-no", "mds-no", "pschange-mc-no", "tsx-ctrl",
+             "taa-no", NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+-            NULL, NULL, NULL, NULL,
++            NULL, "fb-clear", NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 74fa649b60..c28b9df217 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -989,6 +989,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ #define MSR_ARCH_CAP_PSCHANGE_MC_NO     (1U << 6)
+ #define MSR_ARCH_CAP_TSX_CTRL_MSR       (1U << 7)
+ #define MSR_ARCH_CAP_TAA_NO             (1U << 8)
++#define MSR_ARCH_CAP_FB_CLEAR           (1U << 17)
+ 
+ #define MSR_CORE_CAP_SPLIT_LOCK_DETECT  (1U << 5)
+ 
+-- 
+2.39.3
+

kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch

@@ -0,0 +1,70 @@
+From 14eae569030805680570d93412100ad26242c7e6 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Wed, 24 May 2023 06:52:34 -0400
+Subject: [PATCH 1/5] target/i386: add support for FLUSH_L1D feature
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 167: target/i386: add support for FB_CLEAR feature
+RH-Bugzilla: 2216201
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/2] e296c75c5cd7e1d16d3c70483d52aeba9f9eb2cd (eesposit/qemu-kvm)
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2216201
+
+commit 0e7e3bf1a552c178924867fa7c2f30ccc8a179e0
+Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date:   Wed Feb 1 08:57:58 2023 -0500
+
+    target/i386: add support for FLUSH_L1D feature
+
+    As reported by Intel's doc:
+    "L1D_FLUSH: Writeback and invalidate the L1 data cache"
+
+    If this cpu feature is present in host, allow QEMU to choose whether to
+    show it to the guest too.
+    One disadvantage of not exposing it is that the guest will report
+    a non existing vulnerability in
+    /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
+    because the mitigation is present only when the cpu has
+            (FLUSH_L1D and MD_CLEAR) or FB_CLEAR
+    features enabled.
+
+    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+    Message-Id: <20230201135759.555607-2-eesposit@redhat.com>
+    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ target/i386/cpu.c | 2 +-
+ target/i386/cpu.h | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 0ef2bf1b93..caf6338cc0 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -860,7 +860,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+             "tsx-ldtrk", NULL, NULL /* pconfig */, "arch-lbr",
+             NULL, NULL, "amx-bf16", "avx512-fp16",
+             "amx-tile", "amx-int8", "spec-ctrl", "stibp",
+-            NULL, "arch-capabilities", "core-capability", "ssbd",
++            "flush-l1d", "arch-capabilities", "core-capability", "ssbd",
+         },
+         .cpuid = {
+             .eax = 7,
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index d243e290d3..74fa649b60 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -896,6 +896,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ #define CPUID_7_0_EDX_SPEC_CTRL         (1U << 26)
+ /* Single Thread Indirect Branch Predictors */
+ #define CPUID_7_0_EDX_STIBP             (1U << 27)
++/* Flush L1D cache */
++#define CPUID_7_0_EDX_FLUSH_L1D         (1U << 28)
+ /* Arch Capabilities */
+ #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)
+ /* Core Capability */
+-- 
+2.39.3
+

qemu-kvm.spec

@@ -100,7 +100,7 @@
 %endif
 
 %global target_list %{kvm_target}-softmmu
-%global block_drivers_rw_list qcow2,raw,file,host_device,nbd,iscsi,rbd,blkdebug,luks,null-co,nvme,copy-on-read,throttle,compress
+%global block_drivers_rw_list qcow2,raw,file,host_device,nbd,iscsi,rbd,blkdebug,luks,null-co,nvme,copy-on-read,throttle,compress,virtio-blk-vdpa-blk,virtio-blk-vfio-pci,virtio-blk-vhost-user,io_uring,nvme-io_uring
 %global block_drivers_ro_list vdi,vmdk,vhdx,vpc,https
 %define qemudocdir %{_docdir}/%{name}
 %global firmwaredirs "%{_datadir}/qemu-firmware:%{_datadir}/ipxe/qemu:%{_datadir}/seavgabios:%{_datadir}/seabios"
@@ -125,6 +125,7 @@ Requires: %{name}-device-usb-host = %{epoch}:%{version}-%{release}   \
 %if %{have_usbredir}                                             \
 Requires: %{name}-device-usb-redirect = %{epoch}:%{version}-%{release}   \
 %endif                                                           \
+Requires: %{name}-block-blkio = %{epoch}:%{version}-%{release}   \
 Requires: %{name}-block-rbd = %{epoch}:%{version}-%{release}     \
 Requires: %{name}-audio-pa = %{epoch}:%{version}-%{release}
 
@@ -148,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version}                    \
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 8.0.0
-Release: 5%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 6%{?rcrel}%{?dist}%{?cc_suffix}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 # Epoch 15 used for RHEL 8
 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -351,6 +352,14 @@ Patch98: kvm-multifd-Fix-the-number-of-channels-ready.patch
 Patch99: kvm-util-async-teardown-wire-up-query-command-line-optio.patch
 # For bz#2168500 - [IBM 9.3 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - qemu part
 Patch100: kvm-s390x-pv-Fix-spurious-warning-with-asynchronous-tear.patch
+# For bz#2216201 - [qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode
+Patch101: kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch
+# For bz#2216201 - [qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode
+Patch102: kvm-target-i386-add-support-for-FB_CLEAR-feature.patch
+# For bz#2180076 - [qemu-kvm] support fd passing for libblkio QEMU BlockDrivers
+Patch103: kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch
+# For bz#2180076 - [qemu-kvm] support fd passing for libblkio QEMU BlockDrivers
+Patch104: kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch
 
 %if %{have_clang}
 BuildRequires: clang
@@ -367,6 +376,7 @@ BuildRequires: glib2-devel
 BuildRequires: gnutls-devel
 BuildRequires: cyrus-sasl-devel
 BuildRequires: libaio-devel
+BuildRequires: libblkio-devel
 BuildRequires: liburing-devel
 BuildRequires: python3-devel
 BuildRequires: libattr-devel
@@ -554,6 +564,17 @@ Install this package if you want access to the avocado_qemu
 tests, or qemu-iotests.
 
 
+%package  block-blkio
+Summary: QEMU libblkio block drivers
+Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
+%description block-blkio
+This package provides the additional libblkio block drivers for QEMU.
+
+Install this package if you want to use virtio-blk-vdpa-blk,
+virtio-blk-vfio-pci, virtio-blk-vhost-user, io_uring, and nvme-io_uring block
+drivers provided by libblkio.
+
+
 %package  block-curl
 Summary: QEMU CURL block driver
 Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release}
@@ -847,6 +868,7 @@ run_configure \
   --block-drv-ro-whitelist=%{block_drivers_ro_list} \
 %endif
   --enable-attr \
+  --enable-blkio \
   --enable-cap-ng \
   --enable-capstone \
   --enable-coroutine-pool \
@@ -1347,6 +1369,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %{testsdir}
 %{_libdir}/%{name}/accel-qtest-%{kvm_target}.so
 
+%files block-blkio
+%{_libdir}/%{name}/block-blkio.so
+
 %files block-curl
 %{_libdir}/%{name}/block-curl.so
 %if %{have_block_rbd}
@@ -1375,6 +1400,19 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Mon Jun 26 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.0.0-6
+- kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216201]
+- kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216201]
+- kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch [bz#2180076]
+- kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch [bz#2180076]
+- kvm-Enable-libblkio-block-drivers.patch [bz#2213317]
+- Resolves: bz#2216201
+  ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode)
+- Resolves: bz#2180076
+  ([qemu-kvm] support fd passing for libblkio QEMU BlockDrivers)
+- Resolves: bz#2213317
+  (Enable libblkio-based block drivers in QEMU)
+
 * Tue Jun 13 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.0.0-5
 - kvm-block-compile-out-assert_bdrv_graph_readable-by-defa.patch [bz#2186725]
 - kvm-graph-lock-Disable-locking-for-now.patch [bz#2186725]