* Mon Nov 25 2024 Miroslav Rezanina <mrezanin@redhat.com> - 9.1.0-6

- kvm-vfio-container-Fix-container-object-destruction.patch [RHEL-67936] - kvm-virtio-net-disable-USO-for-RHEL9.patch [RHEL-40950] - kvm-qemu-guest-agent-add-new-api-to-allow-rpc.patch [RHEL-60223] - Resolves: RHEL-67936 (QEMU should fail gracefully with passthrough devices in SEV-SNP guests) - Resolves: RHEL-40950 ([Stable_Guest_ABI][USO]From 10-beta to RHEL.9.5.0 the guest with 9.4 machine type only, the guest crashed with - qemu-kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7 ) - Resolves: RHEL-60223 ([qemu-guest-agent] Add new api 'guest-network-get-route' to allow-rpc)
2024-11-25 03:05:39 -05:00 · 2024-11-25 03:05:39 -05:00 · d67258da44
commit d67258da44
parent 1889838d24
4 changed files with 127 additions and 2 deletions
--- a/kvm-vfio-container-Fix-container-object-destruction.patch
+++ b/kvm-vfio-container-Fix-container-object-destruction.patch
@ -0,0 +1,61 @@
+From 21236464550a1a4c844de937e48ff88619228ed7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Mon, 18 Nov 2024 16:34:40 +0100
+Subject: [PATCH 1/3] vfio/container: Fix container object destruction
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Cédric Le Goater <clg@redhat.com>
+RH-MergeRequest: 294: vfio/container: Fix container object destruction
+RH-Jira: RHEL-67936
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Acked-by: Alex Williamson <None>
+RH-Commit: [1/1] 5ae46457515b16aee12f5e010d9ef3179525f57f (clegoate/qemu-kvm-centos)
+
+JIRA: https://issues.redhat.com/browse/RHEL-67936
+
+commit ebbf7c60bbd1ceedf9faf962e428ceda2388c248
+Author: Cédric Le Goater <clg@redhat.com>
+Date:   Fri Nov 15 09:34:40 2024 +0100
+
+    vfio/container: Fix container object destruction
+
+    When commit 96b7af4388b3 intoduced a .instance_finalize() handler,
+    it did not take into account that the container was not necessarily
+    inserted into the container list of the address space. Hence, if
+    the container object is destroyed, by calling object_unref() for
+    example, before vfio_address_space_insert() is called, QEMU may
+    crash when removing the container from the list as done in
+    vfio_container_instance_finalize(). This was seen with an SEV-SNP
+    guest for which discarding of RAM fails.
+
+    To resolve this issue, use the safe version of QLIST_REMOVE().
+
+    Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
+    Cc: Eric Auger <eric.auger@redhat.com>
+    Fixes: 96b7af4388b3 ("vfio/container: Move vfio_container_destroy() to an instance_finalize() handler")
+    Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+    Signed-off-by: Cédric Le Goater <clg@redhat.com>
+
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ hw/vfio/container-base.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/vfio/container-base.c b/hw/vfio/container-base.c
+index 809b157674..6f86c37d97 100644
+--- a/hw/vfio/container-base.c
+++ b/hw/vfio/container-base.c
+@@ -103,7 +103,7 @@ static void vfio_container_instance_finalize(Object *obj)
+     VFIOContainerBase *bcontainer = VFIO_IOMMU(obj);
+     VFIOGuestIOMMU *giommu, *tmp;
+ 
+-    QLIST_REMOVE(bcontainer, next);
+    QLIST_SAFE_REMOVE(bcontainer, next);
+ 
+     QLIST_FOREACH_SAFE(giommu, &bcontainer->giommu_list, giommu_next, tmp) {
+         memory_region_unregister_iommu_notifier(
+-- 
+2.39.3
+
--- a/kvm-virtio-net-disable-USO-for-RHEL9.patch
+++ b/kvm-virtio-net-disable-USO-for-RHEL9.patch
@ -0,0 +1,49 @@
+From cd94a5c750554f21ddbff37f53ff629128200259 Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Wed, 6 Nov 2024 17:29:35 -0500
+Subject: [PATCH 2/3] virtio-net: disable USO for RHEL9
+
+RH-Author: MST <mst@redhat.com>
+RH-MergeRequest: 289: Disable USO for virtio-net to fix RHEL10 to RHEL9 migration
+RH-Jira: RHEL-40950
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/1] 9fc588b66c5bad72df1e9b644f48a2a7aa82bfa3 (mstredhat/qemu-kvm-centos)
+
+Theoretically, QEMU from RHEL9.3 and on supports USO,
+but practically we clear the support because RHEL9
+kernels do not support that.
+
+Now that RHEL10 beta does we suddenly get a migration compatibility
+issue. We should not have enabled the feature in RHEL9 userspace,
+but luckily, it's not too late to fix that.
+
+Note: if we ever change RHEL9 kernel to enable USO, we will need to
+mask this in RHEL9 QEMU, too.
+
+Upstream status: n/a: upstream has no guarantee if kernel features change
+Tested: lightly on developer's machine.
+JIRA: https://issues.redhat.com/browse/RHEL-40950
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/core/machine.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index d95f246f66..04d180eac4 100644
+--- a/hw/core/machine.c
+++ b/hw/core/machine.c
+@@ -337,6 +337,11 @@ GlobalProperty hw_compat_rhel_9_5[] = {
+     { TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" },
+   /* hw_compat_rhel_9_5 from hw_compat_8_2 */
+     { "virtio-gpu-device", "x-scanout-vmstate-version", "1" },
+    /* supported by userspace, but RHEL 9 *kernels* do not support USO. */
+    /* TODO: if we ever add 9.6 compat, this has to be there, too */
+    { TYPE_VIRTIO_NET, "host_uso", "off"},
+    { TYPE_VIRTIO_NET, "guest_uso4", "off"},
+    { TYPE_VIRTIO_NET, "guest_uso6", "off"},
+ };
+ const size_t hw_compat_rhel_9_5_len = G_N_ELEMENTS(hw_compat_rhel_9_5);
+ 
+-- 
+2.39.3
+
--- a/qemu-ga.sysconfig
+++ b/qemu-ga.sysconfig
@ -13,7 +13,7 @@
 #
 # You can get the list of RPC commands using "qemu-ga --allow-rpcs='?'".
 # There should be no spaces between commas and commands in the allow list.
-FILTER_RPC_ARGS="--allow-rpcs=guest-sync-delimited,guest-sync,guest-ping,guest-get-time,guest-set-time,guest-info,guest-shutdown,guest-fsfreeze-status,guest-fsfreeze-freeze,guest-fsfreeze-freeze-list,guest-fsfreeze-thaw,guest-fstrim,guest-suspend-disk,guest-suspend-ram,guest-suspend-hybrid,guest-network-get-interfaces,guest-get-vcpus,guest-set-vcpus,guest-get-disks,guest-get-fsinfo,guest-set-user-password,guest-get-memory-blocks,guest-set-memory-blocks,guest-get-memory-block-info,guest-get-host-name,guest-get-users,guest-get-timezone,guest-get-osinfo,guest-get-devices,guest-ssh-get-authorized-keys,guest-ssh-add-authorized-keys,guest-ssh-remove-authorized-keys,guest-get-diskstats,guest-get-cpustats"
+FILTER_RPC_ARGS="--allow-rpcs=guest-sync-delimited,guest-sync,guest-ping,guest-get-time,guest-set-time,guest-info,guest-shutdown,guest-fsfreeze-status,guest-fsfreeze-freeze,guest-fsfreeze-freeze-list,guest-fsfreeze-thaw,guest-fstrim,guest-suspend-disk,guest-suspend-ram,guest-suspend-hybrid,guest-network-get-interfaces,guest-get-vcpus,guest-set-vcpus,guest-get-disks,guest-get-fsinfo,guest-set-user-password,guest-get-memory-blocks,guest-set-memory-blocks,guest-get-memory-block-info,guest-get-host-name,guest-get-users,guest-get-timezone,guest-get-osinfo,guest-get-devices,guest-ssh-get-authorized-keys,guest-ssh-add-authorized-keys,guest-ssh-remove-authorized-keys,guest-get-diskstats,guest-get-cpustats,guest-network-get-route"

 # Fsfreeze hook script specification.
 #
--- a/qemu-kvm.spec
+++ b/qemu-kvm.spec
@ -143,7 +143,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version}                    \
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 9.1.0
-Release: 5%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 6%{?rcrel}%{?dist}%{?cc_suffix}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 # Epoch 15 used for RHEL 8
 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@ -336,6 +336,10 @@ Patch79: kvm-KVM-Define-KVM_MEMSLOTS_NUM_MAX_DEFAULT.patch
 Patch80: kvm-KVM-Rename-KVMMemoryListener.nr_used_slots-to-nr_slo.patch
 # For RHEL-57685 - Bad migration performance when performing vGPU VM live migration 
 Patch81: kvm-KVM-Rename-KVMState-nr_slots-to-nr_slots_max.patch
+# For RHEL-67936 - QEMU should fail gracefully with passthrough devices in SEV-SNP guests
+Patch82: kvm-vfio-container-Fix-container-object-destruction.patch
+# For RHEL-40950 - [Stable_Guest_ABI][USO]From 10-beta to RHEL.9.5.0  the guest with 9.4 machine type only, the guest crashed  with - qemu-kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7 
+Patch83: kvm-virtio-net-disable-USO-for-RHEL9.patch

 %if %{have_clang}
 BuildRequires: clang
@ -1402,6 +1406,17 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif

 %changelog
+* Mon Nov 25 2024 Miroslav Rezanina <mrezanin@redhat.com> - 9.1.0-6
+- kvm-vfio-container-Fix-container-object-destruction.patch [RHEL-67936]
+- kvm-virtio-net-disable-USO-for-RHEL9.patch [RHEL-40950]
+- kvm-qemu-guest-agent-add-new-api-to-allow-rpc.patch [RHEL-60223]
+- Resolves: RHEL-67936
+  (QEMU should fail gracefully with passthrough devices in SEV-SNP guests)
+- Resolves: RHEL-40950
+  ([Stable_Guest_ABI][USO]From 10-beta to RHEL.9.5.0  the guest with 9.4 machine type only, the guest crashed  with - qemu-kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7 )
+- Resolves: RHEL-60223
+  ([qemu-guest-agent] Add new api 'guest-network-get-route' to allow-rpc)
+
 * Tue Nov 19 2024 Miroslav Rezanina <mrezanin@redhat.com> - 9.1.0-5
 - kvm-migration-Ensure-vmstate_save-sets-errp.patch [RHEL-63051]
 - kvm-kvm-replace-fprintf-with-error_report-printf-in-kvm_.patch [RHEL-57685]