* Mon Aug 19 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-2.el8

- kvm-spec-Update-seavgabios-dependency.patch [bz#1725664]
- kvm-pc-Don-t-make-die-id-mandatory-unless-necessary.patch [bz#1741451]
- kvm-display-bochs-fix-pcie-support.patch [bz#1733977 bz#1740692]
- kvm-spapr-Reset-CAS-IRQ-subsystem-after-devices.patch [bz#1733977]
- kvm-spapr-xive-Fix-migration-of-hot-plugged-CPUs.patch [bz#1733977]
- kvm-riscv-roms-Fix-make-rules-for-building-sifive_u-bios.patch [bz#1733977 bz#1740692]
- kvm-Update-version-for-v4.1.0-release.patch [bz#1733977 bz#1740692]
- Resolves: bz#1725664
  (Update seabios dependency)
- Resolves: bz#1733977
  (Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed)
- Resolves: bz#1740692
  (Backport QEMU 4.1.0 rc5 & ga patches)
- Resolves: bz#1741451
  (Failed to hot-plug vcpus)

kvm-Update-version-for-v4.1.0-release.patch

@@ -0,0 +1,42 @@
+From cf5e1c094d045cbbb9fd58fd9ec9c8fe8342eb4f Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 19 Aug 2019 08:54:19 +0100
+Subject: [PATCH 7/7] Update version for v4.1.0 release
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+Message-id: <7fdfb1e847814fc97d2ef85172e75e2af70b5cae.1566204425.git.mrezanin@redhat.com>
+Patchwork-id: 90055
+O-Subject: [RHEL-AV-8.1 qemu-kvm PATCH 5/5] Update version for v4.1.0 release
+Bugzilla: 1733977 1740692
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Yash Mankad <ymankad@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+
+From: Peter Maydell <peter.maydell@linaro.org>
+
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 9e06029aea3b2eca1d5261352e695edc1e7d7b8b)
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+
+Conflicts:
+	VERSION - we do not backport rc5 version change
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ VERSION | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/VERSION b/VERSION
+index 8048f65..ee74734 100644
+--- a/VERSION
++++ b/VERSION
+@@ -1 +1 @@
+-4.0.94
++4.1.0
+-- 
+1.8.3.1
+

kvm-display-bochs-fix-pcie-support.patch

@@ -0,0 +1,86 @@
+From 8ba44c5854ab6e6feac8bc979f07ae241825673d Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 19 Aug 2019 08:54:15 +0100
+Subject: [PATCH 3/7] display/bochs: fix pcie support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+Message-id: <f28bd8b4856b92e01d423efda42ac5530c6cd8be.1566204425.git.mrezanin@redhat.com>
+Patchwork-id: 90060
+O-Subject: [RHEL-AV-8.1 qemu-kvm PATCH 1/5] display/bochs: fix pcie support
+Bugzilla: 1733977 1740692
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Yash Mankad <ymankad@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+
+From: Gerd Hoffmann <kraxel@redhat.com>
+
+Set QEMU_PCI_CAP_EXPRESS unconditionally in init(), then clear it in
+realize() in case the device is not connected to a PCIe bus.
+
+This makes sure the pci config space allocation is big enough, so
+accessing the PCIe extended config space doesn't overflow the pci
+config space buffer.
+
+PCI(e) config space is guest writable.  Writes are limited by
+write mask (which probably is also filled with random stuff),
+so the guest can only flip enabled bits.  But I suspect it
+still might be exploitable, so rather serious because it might
+be a host escape for the guest.  On the other hand the device
+is probably not yet in widespread use.
+
+(For a QEMU version without this commit, a mitigation for the
+bug is available: use "-device bochs-display" as a conventional pci
+device only.)
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20190812065221.20907-2-kraxel@redhat.com
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 5e7bcdcfe69ce0fad66012b2cfb2035003c37eef)
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/display/bochs-display.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c
+index 582133d..8e83b51 100644
+--- a/hw/display/bochs-display.c
++++ b/hw/display/bochs-display.c
+@@ -297,9 +297,10 @@ static void bochs_display_realize(PCIDevice *dev, Error **errp)
+     }
+ 
+     if (pci_bus_is_express(pci_get_bus(dev))) {
+-        dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
+         ret = pcie_endpoint_cap_init(dev, 0x80);
+         assert(ret > 0);
++    } else {
++        dev->cap_present &= ~QEMU_PCI_CAP_EXPRESS;
+     }
+ 
+     memory_region_set_log(&s->vram, true, DIRTY_MEMORY_VGA);
+@@ -322,11 +323,15 @@ static void bochs_display_set_big_endian_fb(Object *obj, bool value,
+ 
+ static void bochs_display_init(Object *obj)
+ {
++    PCIDevice *dev = PCI_DEVICE(obj);
++
+     /* Expose framebuffer byteorder via QOM */
+     object_property_add_bool(obj, "big-endian-framebuffer",
+                              bochs_display_get_big_endian_fb,
+                              bochs_display_set_big_endian_fb,
+                              NULL);
++
++    dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
+ }
+ 
+ static void bochs_display_exit(PCIDevice *dev)
+-- 
+1.8.3.1
+

kvm-pc-Don-t-make-die-id-mandatory-unless-necessary.patch

@@ -0,0 +1,115 @@
+From 7909ad1654df63be6321af36f1ef436a990ab6df Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Fri, 16 Aug 2019 17:16:33 +0100
+Subject: [PATCH 2/7] pc: Don't make die-id mandatory unless necessary
+
+RH-Author: Eduardo Habkost <ehabkost@redhat.com>
+Message-id: <20190816171633.26797-2-ehabkost@redhat.com>
+Patchwork-id: 90038
+O-Subject: [RHEL-AV-8.1.0 qemu-kvm PATCH v2 1/1] pc: Don't make die-id mandatory unless necessary
+Bugzilla: 1741451
+RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+RH-Acked-by: Erik Skultety <eskultet@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+We have this issue reported when using libvirt to hotplug CPUs:
+https://bugzilla.redhat.com/show_bug.cgi?id=1741451
+
+Basically, libvirt is not copying die-id from
+query-hotpluggable-cpus, but die-id is now mandatory.
+
+We could blame libvirt and say it is not following the documented
+interface, because we have this buried in the QAPI schema
+documentation:
+
+> Note: currently there are 5 properties that could be present
+> but management should be prepared to pass through other
+> properties with device_add command to allow for future
+> interface extension. This also requires the filed names to be kept in
+> sync with the properties passed to -device/device_add.
+
+But I don't think this would be reasonable from us.  We can just
+make QEMU more flexible and let die-id to be omitted when there's
+no ambiguity.  This will allow us to keep compatibility with
+existing libvirt versions.
+
+Test case included to ensure we don't break this again.
+
+Fixes: commit 176d2cda0dee ("i386/cpu: Consolidate die-id validity in smp context")
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+---
+Changes v1 -> v2:
+* v1 was "pc: Don't make CPU properties mandatory unless necessary"
+* Make only die-id optional (Igor Mammedov)
+
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/i386/pc.c                             |  8 ++++++++
+ tests/acceptance/pc_cpu_hotplug_props.py | 35 ++++++++++++++++++++++++++++++++
+ 2 files changed, 43 insertions(+)
+ create mode 100644 tests/acceptance/pc_cpu_hotplug_props.py
+
+diff --git a/hw/i386/pc.c b/hw/i386/pc.c
+index 9ded0db..b3d2d1e 100644
+--- a/hw/i386/pc.c
++++ b/hw/i386/pc.c
+@@ -2622,6 +2622,14 @@ static void pc_cpu_pre_plug(HotplugHandler *hotplug_dev,
+         int max_socket = (ms->smp.max_cpus - 1) /
+                                 smp_threads / smp_cores / pcms->smp_dies;
+ 
++        /*
++         * die-id was optional in QEMU 4.0 and older, so keep it optional
++         * if there's only one die per socket.
++         */
++        if (cpu->die_id < 0 && pcms->smp_dies == 1) {
++            cpu->die_id = 0;
++        }
++
+         if (cpu->socket_id < 0) {
+             error_setg(errp, "CPU socket-id is not set");
+             return;
+diff --git a/tests/acceptance/pc_cpu_hotplug_props.py b/tests/acceptance/pc_cpu_hotplug_props.py
+new file mode 100644
+index 0000000..08b7e63
+--- /dev/null
++++ b/tests/acceptance/pc_cpu_hotplug_props.py
+@@ -0,0 +1,35 @@
++#
++# Ensure CPU die-id can be omitted on -device
++#
++#  Copyright (c) 2019 Red Hat Inc
++#
++# Author:
++#  Eduardo Habkost <ehabkost@redhat.com>
++#
++# This library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2 of the License, or (at your option) any later version.
++#
++# This library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++# Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public
++# License along with this library; if not, see <http://www.gnu.org/licenses/>.
++#
++
++from avocado_qemu import Test
++
++class OmittedCPUProps(Test):
++    """
++    :avocado: tags=arch:x86_64
++    """
++    def test_no_die_id(self):
++        self.vm.add_args('-nodefaults', '-S')
++        self.vm.add_args('-smp', '1,sockets=2,cores=2,threads=2,maxcpus=8')
++        self.vm.add_args('-cpu', 'qemu64')
++        self.vm.add_args('-device', 'qemu64-x86_64-cpu,socket-id=1,core-id=0,thread-id=0')
++        self.vm.launch()
++        self.assertEquals(len(self.vm.command('query-cpus')), 2)
+-- 
+1.8.3.1
+

kvm-riscv-roms-Fix-make-rules-for-building-sifive_u-bios.patch

@@ -0,0 +1,50 @@
+From 21412b5480ec8432fb47fad1a460512424d53dce Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 19 Aug 2019 08:54:18 +0100
+Subject: [PATCH 6/7] riscv: roms: Fix make rules for building sifive_u bios
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+Message-id: <87c86632af83319c3c4a7ab01f2cf6de7e455ef6.1566204425.git.mrezanin@redhat.com>
+Patchwork-id: 90059
+O-Subject: [RHEL-AV-8.1 qemu-kvm PATCH 4/5] riscv: roms: Fix make rules for building sifive_u bios
+Bugzilla: 1733977 1740692
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Yash Mankad <ymankad@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+
+From: Bin Meng <bmeng.cn@gmail.com>
+
+Currently the make rules are wrongly using qemu/virt opensbi image
+for sifive_u machine. Correct it.
+
+Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
+Reviewed-by: Chih-Min Chao <chihmin.chao@sifive.com>
+Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Message-id: 1564812484-20385-1-git-send-email-bmeng.cn@gmail.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 02db1be1d074d75ad1c9bd1e9681f1b0b6299cee)
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ roms/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/roms/Makefile b/roms/Makefile
+index dc70fb5..775c963 100644
+--- a/roms/Makefile
++++ b/roms/Makefile
+@@ -183,7 +183,7 @@ opensbi64-sifive_u:
+ 	$(MAKE) -C opensbi \
+ 		CROSS_COMPILE=$(riscv64_cross_prefix) \
+ 		PLATFORM="qemu/sifive_u"
+-	cp opensbi/build/platform/qemu/virt/firmware/fw_jump.bin ../pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
++	cp opensbi/build/platform/qemu/sifive_u/firmware/fw_jump.bin ../pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
+ 
+ clean:
+ 	rm -rf seabios/.config seabios/out seabios/builds
+-- 
+1.8.3.1
+

kvm-spapr-Reset-CAS-IRQ-subsystem-after-devices.patch

@@ -0,0 +1,125 @@
+From 2edb7c1181fb69e410ffc688986a12d36899f976 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 19 Aug 2019 08:54:16 +0100
+Subject: [PATCH 4/7] spapr: Reset CAS & IRQ subsystem after devices
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+Message-id: <9b7c319c271fa2c8cda410e87aef985d8c180049.1566204425.git.mrezanin@redhat.com>
+Patchwork-id: 90057
+O-Subject: [RHEL-AV-8.1 qemu-kvm PATCH 2/5] spapr: Reset CAS & IRQ subsystem after devices
+Bugzilla: 1733977
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Yash Mankad <ymankad@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+
+From: David Gibson <david@gibson.dropbear.id.au>
+
+Bugzilla: 1733977
+
+This fixes a nasty regression in qemu-4.1 for the 'pseries' machine,
+caused by the new "dual" interrupt controller model.  Specifically,
+qemu can crash when used with KVM if a 'system_reset' is requested
+while there's active I/O in the guest.
+
+The problem is that in spapr_machine_reset() we:
+
+1. Reset the CAS vector state
+	spapr_ovec_cleanup(spapr->ov5_cas);
+
+2. Reset all devices
+	qemu_devices_reset()
+
+3. Reset the irq subsystem
+	spapr_irq_reset();
+
+However (1) implicitly changes the interrupt delivery mode, because
+whether we're using XICS or XIVE depends on the CAS state.  We don't
+properly initialize the new irq mode until (3) though - in particular
+setting up the KVM devices.
+
+During (2), we can temporarily drop the BQL allowing some irqs to be
+delivered which will go to an irq system that's not properly set up.
+
+Specifically, if the previous guest was in (KVM) XIVE mode, the CAS
+reset will put us back in XICS mode.  kvm_kernel_irqchip() still
+returns true, because XIVE was using KVM, however XICs doesn't have
+its KVM components intialized and kernel_xics_fd == -1.  When the irq
+is delivered it goes via ics_kvm_set_irq() which assert()s that
+kernel_xics_fd != -1.
+
+This change addresses the problem by delaying the CAS reset until
+after the devices reset.  The device reset should quiesce all the
+devices so we won't get irqs delivered while we mess around with the
+IRQ.  The CAS reset and irq re-initialize should also now be under the
+same BQL critical section so nothing else should be able to interrupt
+it either.
+
+We also move the spapr_irq_msi_reset() used in one of the legacy irq
+modes, since it logically makes sense at the same point as the
+spapr_irq_reset() (it's essentially an equivalent operation for older
+machine types).  Since we don't need to switch between different
+interrupt controllers for those old machine types it shouldn't
+actually be broken in those cases though.
+
+Cc: Cédric Le Goater <clg@kaod.org>
+
+Fixes: b2e22477 "spapr: add a 'reset' method to the sPAPR IRQ backend"
+Fixes: 13db0cd9 "spapr: introduce a new sPAPR IRQ backend supporting
+                 XIVE and XICS"
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+(cherry picked from commit 25c9780d38d4494f8610371d883865cf40b35dd6)
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/ppc/spapr.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
+index ab64d43..669eae1 100644
+--- a/hw/ppc/spapr.c
++++ b/hw/ppc/spapr.c
+@@ -1727,6 +1727,18 @@ static void spapr_machine_reset(MachineState *machine)
+     }
+ 
+     /*
++     * NVLink2-connected GPU RAM needs to be placed on a separate NUMA node.
++     * We assign a new numa ID per GPU in spapr_pci_collect_nvgpu() which is
++     * called from vPHB reset handler so we initialize the counter here.
++     * If no NUMA is configured from the QEMU side, we start from 1 as GPU RAM
++     * must be equally distant from any other node.
++     * The final value of spapr->gpu_numa_id is going to be written to
++     * max-associativity-domains in spapr_build_fdt().
++     */
++    spapr->gpu_numa_id = MAX(1, nb_numa_nodes);
++    qemu_devices_reset();
++
++    /*
+      * If this reset wasn't generated by CAS, we should reset our
+      * negotiated options and start from scratch
+      */
+@@ -1742,18 +1754,6 @@ static void spapr_machine_reset(MachineState *machine)
+     }
+ 
+     /*
+-     * NVLink2-connected GPU RAM needs to be placed on a separate NUMA node.
+-     * We assign a new numa ID per GPU in spapr_pci_collect_nvgpu() which is
+-     * called from vPHB reset handler so we initialize the counter here.
+-     * If no NUMA is configured from the QEMU side, we start from 1 as GPU RAM
+-     * must be equally distant from any other node.
+-     * The final value of spapr->gpu_numa_id is going to be written to
+-     * max-associativity-domains in spapr_build_fdt().
+-     */
+-    spapr->gpu_numa_id = MAX(1, nb_numa_nodes);
+-    qemu_devices_reset();
+-
+-    /*
+      * This is fixing some of the default configuration of the XIVE
+      * devices. To be called after the reset of the machine devices.
+      */
+-- 
+1.8.3.1
+

kvm-spapr-xive-Fix-migration-of-hot-plugged-CPUs.patch

@@ -0,0 +1,135 @@
+From 1a1ee2ef4c4c1dc310929e5d752a64eeb3f5245b Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 19 Aug 2019 08:54:17 +0100
+Subject: [PATCH 5/7] spapr/xive: Fix migration of hot-plugged CPUs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+Message-id: <7cdadb2fe39b9edfc4c281f4efb6f5afa0b1503f.1566204425.git.mrezanin@redhat.com>
+Patchwork-id: 90058
+O-Subject: [RHEL-AV-8.1 qemu-kvm PATCH 3/5] spapr/xive: Fix migration of hot-plugged CPUs
+Bugzilla: 1733977
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Yash Mankad <ymankad@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+
+From: Cédric Le Goater <clg@kaod.org>
+
+Bugzilla: 1733977
+
+The migration sequence of a guest using the XIVE exploitation mode
+relies on the fact that the states of all devices are restored before
+the machine is. This is not true for hot-plug devices such as CPUs
+which state come after the machine. This breaks migration because the
+thread interrupt context registers are not correctly set.
+
+Fix migration of hotplugged CPUs by restoring their context in the
+'post_load' handler of the XiveTCTX model.
+
+Fixes: 277dd3d7712a ("spapr/xive: add migration support for KVM")
+Signed-off-by: Cédric Le Goater <clg@kaod.org>
+Message-Id: <20190813064853.29310-1-clg@kaod.org>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+(cherry picked from commit 310cda5b5e9df642b19a0e9c504368ffba3b3ab9)
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ hw/intc/spapr_xive_kvm.c | 19 +++++++++++++++++--
+ hw/intc/xive.c           | 21 ++++++++++++++++++++-
+ include/hw/ppc/xive.h    |  1 +
+ 3 files changed, 38 insertions(+), 3 deletions(-)
+
+diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
+index 3bf8e7a..8898615 100644
+--- a/hw/intc/spapr_xive_kvm.c
++++ b/hw/intc/spapr_xive_kvm.c
+@@ -72,11 +72,17 @@ static void kvm_cpu_disable_all(void)
+  * XIVE Thread Interrupt Management context (KVM)
+  */
+ 
+-static void kvmppc_xive_cpu_set_state(XiveTCTX *tctx, Error **errp)
++void kvmppc_xive_cpu_set_state(XiveTCTX *tctx, Error **errp)
+ {
++    SpaprXive *xive = SPAPR_MACHINE(qdev_get_machine())->xive;
+     uint64_t state[2];
+     int ret;
+ 
++    /* The KVM XIVE device is not in use yet */
++    if (xive->fd == -1) {
++        return;
++    }
++
+     /* word0 and word1 of the OS ring. */
+     state[0] = *((uint64_t *) &tctx->regs[TM_QW1_OS]);
+ 
+@@ -655,7 +661,16 @@ int kvmppc_xive_post_load(SpaprXive *xive, int version_id)
+         }
+     }
+ 
+-    /* Restore the thread interrupt contexts */
++    /*
++     * Restore the thread interrupt contexts of initial CPUs.
++     *
++     * The context of hotplugged CPUs is restored later, by the
++     * 'post_load' handler of the XiveTCTX model because they are not
++     * available at the time the SpaprXive 'post_load' method is
++     * called. We can not restore the context of all CPUs in the
++     * 'post_load' handler of XiveTCTX because the machine is not
++     * necessarily connected to the KVM device at that time.
++     */
+     CPU_FOREACH(cs) {
+         PowerPCCPU *cpu = POWERPC_CPU(cs);
+ 
+diff --git a/hw/intc/xive.c b/hw/intc/xive.c
+index cf77bdb..da148e9 100644
+--- a/hw/intc/xive.c
++++ b/hw/intc/xive.c
+@@ -615,12 +615,31 @@ static int vmstate_xive_tctx_pre_save(void *opaque)
+     return 0;
+ }
+ 
++static int vmstate_xive_tctx_post_load(void *opaque, int version_id)
++{
++    Error *local_err = NULL;
++
++    if (kvm_irqchip_in_kernel()) {
++        /*
++         * Required for hotplugged CPU, for which the state comes
++         * after all states of the machine.
++         */
++        kvmppc_xive_cpu_set_state(XIVE_TCTX(opaque), &local_err);
++        if (local_err) {
++            error_report_err(local_err);
++            return -1;
++        }
++    }
++
++    return 0;
++}
++
+ static const VMStateDescription vmstate_xive_tctx = {
+     .name = TYPE_XIVE_TCTX,
+     .version_id = 1,
+     .minimum_version_id = 1,
+     .pre_save = vmstate_xive_tctx_pre_save,
+-    .post_load = NULL, /* handled by the sPAPRxive model */
++    .post_load = vmstate_xive_tctx_post_load,
+     .fields = (VMStateField[]) {
+         VMSTATE_BUFFER(regs, XiveTCTX),
+         VMSTATE_END_OF_LIST()
+diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
+index 55c53c7..7363351 100644
+--- a/include/hw/ppc/xive.h
++++ b/include/hw/ppc/xive.h
+@@ -438,5 +438,6 @@ void kvmppc_xive_source_set_irq(void *opaque, int srcno, int val);
+ void kvmppc_xive_cpu_connect(XiveTCTX *tctx, Error **errp);
+ void kvmppc_xive_cpu_synchronize_state(XiveTCTX *tctx, Error **errp);
+ void kvmppc_xive_cpu_get_state(XiveTCTX *tctx, Error **errp);
++void kvmppc_xive_cpu_set_state(XiveTCTX *tctx, Error **errp);
+ 
+ #endif /* PPC_XIVE_H */
+-- 
+1.8.3.1
+

kvm-spec-Update-seavgabios-dependency.patch

@@ -0,0 +1,48 @@
+From a6e6495fc1369e1c9f8db872411eea7e0a4f2a67 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Tue, 9 Jul 2019 12:57:07 +0100
+Subject: [PATCH 1/7] spec: Update seavgabios dependency
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+Message-id: <1562677027-9619-1-git-send-email-mrezanin@redhat.com>
+Patchwork-id: 89436
+O-Subject: [RHEL-AV-8.1.0 qemu-kvm PATCH] spec: Update seavgabios dependency
+Bugzilla: 1725664
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
+RH-Acked-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+
+From: Miroslav Rezanina <mrezanin@redhat.com>
+
+Branch: rhel-av-8.1.0/master-4.0.0
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1725664
+Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=22574916
+Upstream: n/a
+
+We introduced new vga bios files (vgabios-ramfb.bin and
+vgabios-bochs-display.bin) recently. To prevent dangling symlinks,
+we bump required seavgabios-bin package to version adding these
+bios files.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ redhat/qemu-kvm.spec.template | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/qemu-kvm.spec b/qemu-kvm.spec
+index e6c0980..a43ebc8 100644
+--- a/qemu-kvm.spec
++++ b/qemu-kvm.spec
+@@ -244,7 +244,7 @@ Requires: edk2-aarch64
+ %endif
+ 
+ %ifnarch aarch64 s390x
+-Requires: seavgabios-bin >= 1.10.2-1
++Requires: seavgabios-bin >= 1.12.0-3
+ Requires: ipxe-roms-qemu >= 20170123-1
+ %endif
+ %ifarch %{power64}
+-- 
+1.8.3.1
+

qemu-kvm.spec

@@ -67,7 +67,7 @@ Obsoletes: %1-rhev
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 4.1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 15
 License: GPLv2 and GPLv2+ and CC-BY
@@ -120,6 +120,21 @@ Patch0016: 0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch
 Patch0017: 0017-usb-xhci-Fix-PCI-capability-order.patch
 Patch0018: 0018-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch
 Patch0019: 0019-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch
+# For bz#1741451 - Failed to hot-plug vcpus
+Patch21: kvm-pc-Don-t-make-die-id-mandatory-unless-necessary.patch
+# For bz#1733977 - Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed
+# For bz#1740692 - Backport QEMU 4.1.0 rc5 & ga patches
+Patch22: kvm-display-bochs-fix-pcie-support.patch
+# For bz#1733977 - Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed
+Patch23: kvm-spapr-Reset-CAS-IRQ-subsystem-after-devices.patch
+# For bz#1733977 - Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed
+Patch24: kvm-spapr-xive-Fix-migration-of-hot-plugged-CPUs.patch
+# For bz#1733977 - Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed
+# For bz#1740692 - Backport QEMU 4.1.0 rc5 & ga patches
+Patch25: kvm-riscv-roms-Fix-make-rules-for-building-sifive_u-bios.patch
+# For bz#1733977 - Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed
+# For bz#1740692 - Backport QEMU 4.1.0 rc5 & ga patches
+Patch26: kvm-Update-version-for-v4.1.0-release.patch
 
 BuildRequires: wget
 BuildRequires: rpm-build
@@ -259,7 +274,7 @@ Requires: edk2-aarch64
 %endif
 
 %ifnarch aarch64 s390x
-Requires: seavgabios-bin >= 1.10.2-1
+Requires: seavgabios-bin >= 1.12.0-3
 Requires: ipxe-roms-qemu >= 20170123-1
 %endif
 %ifarch %{power64}
@@ -1061,6 +1076,23 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 
 
 %changelog
+* Mon Aug 19 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-2.el8
+- kvm-spec-Update-seavgabios-dependency.patch [bz#1725664]
+- kvm-pc-Don-t-make-die-id-mandatory-unless-necessary.patch [bz#1741451]
+- kvm-display-bochs-fix-pcie-support.patch [bz#1733977 bz#1740692]
+- kvm-spapr-Reset-CAS-IRQ-subsystem-after-devices.patch [bz#1733977]
+- kvm-spapr-xive-Fix-migration-of-hot-plugged-CPUs.patch [bz#1733977]
+- kvm-riscv-roms-Fix-make-rules-for-building-sifive_u-bios.patch [bz#1733977 bz#1740692]
+- kvm-Update-version-for-v4.1.0-release.patch [bz#1733977 bz#1740692]
+- Resolves: bz#1725664
+  (Update seabios dependency)
+- Resolves: bz#1733977
+  (Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed)
+- Resolves: bz#1740692
+  (Backport QEMU 4.1.0 rc5 & ga patches)
+- Resolves: bz#1741451
+  (Failed to hot-plug vcpus)
+
 * Wed Aug 14 2019 Miroslav Rezanina <mrezanin@redhat.com> - 4.1.0-1.el8
 - Rebase to qemu 4.1.0 rc4 [bz#1705235]
 - Resolves: bz#1705235