* Mon Jul 18 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-9
- kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0])
This commit is contained in:
parent
da38d5c28e
commit
fbb94cc706
@ -0,0 +1,96 @@
|
||||
From 6ee4a8718dcce2d6da43ee200534b75baf1d7bbe Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 18 Nov 2021 12:57:32 +0100
|
||||
Subject: [PATCH 16/17] hw/block/fdc: Prevent end-of-track overrun
|
||||
(CVE-2021-3507)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 107: hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
|
||||
RH-Commit: [1/2] 9ffc5290348884d20b894fa79f4d0c8089247f8b (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1951522
|
||||
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Per the 82078 datasheet, if the end-of-track (EOT byte in
|
||||
the FIFO) is more than the number of sectors per side, the
|
||||
command is terminated unsuccessfully:
|
||||
|
||||
* 5.2.5 DATA TRANSFER TERMINATION
|
||||
|
||||
The 82078 supports terminal count explicitly through
|
||||
the TC pin and implicitly through the underrun/over-
|
||||
run and end-of-track (EOT) functions. For full sector
|
||||
transfers, the EOT parameter can define the last
|
||||
sector to be transferred in a single or multisector
|
||||
transfer. If the last sector to be transferred is a par-
|
||||
tial sector, the host can stop transferring the data in
|
||||
mid-sector, and the 82078 will continue to complete
|
||||
the sector as if a hardware TC was received. The
|
||||
only difference between these implicit functions and
|
||||
TC is that they return "abnormal termination" result
|
||||
status. Such status indications can be ignored if they
|
||||
were expected.
|
||||
|
||||
* 6.1.3 READ TRACK
|
||||
|
||||
This command terminates when the EOT specified
|
||||
number of sectors have been read. If the 82078
|
||||
does not find an I D Address Mark on the diskette
|
||||
after the second· occurrence of a pulse on the
|
||||
INDX# pin, then it sets the IC code in Status Regis-
|
||||
ter 0 to "01" (Abnormal termination), sets the MA bit
|
||||
in Status Register 1 to "1", and terminates the com-
|
||||
mand.
|
||||
|
||||
* 6.1.6 VERIFY
|
||||
|
||||
Refer to Table 6-6 and Table 6-7 for information
|
||||
concerning the values of MT and EC versus SC and
|
||||
EOT value.
|
||||
|
||||
* Table 6·6. Result Phase Table
|
||||
|
||||
* Table 6-7. Verify Command Result Phase Table
|
||||
|
||||
Fix by aborting the transfer when EOT > # Sectors Per Side.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Cc: Hervé Poussineau <hpoussin@reactos.org>
|
||||
Fixes: baca51faff0 ("floppy driver: disk geometry auto detect")
|
||||
Reported-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/339
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Message-Id: <20211118115733.4038610-2-philmd@redhat.com>
|
||||
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit defac5e2fbddf8423a354ff0454283a2115e1367)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/block/fdc.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
|
||||
index ca1776121f..6481ec0cfb 100644
|
||||
--- a/hw/block/fdc.c
|
||||
+++ b/hw/block/fdc.c
|
||||
@@ -1532,6 +1532,14 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction)
|
||||
int tmp;
|
||||
fdctrl->data_len = 128 << (fdctrl->fifo[5] > 7 ? 7 : fdctrl->fifo[5]);
|
||||
tmp = (fdctrl->fifo[6] - ks + 1);
|
||||
+ if (tmp < 0) {
|
||||
+ FLOPPY_DPRINTF("invalid EOT: %d\n", tmp);
|
||||
+ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
|
||||
+ fdctrl->fifo[3] = kt;
|
||||
+ fdctrl->fifo[4] = kh;
|
||||
+ fdctrl->fifo[5] = ks;
|
||||
+ return;
|
||||
+ }
|
||||
if (fdctrl->fifo[0] & 0x80)
|
||||
tmp += fdctrl->fifo[6];
|
||||
fdctrl->data_len *= tmp;
|
||||
--
|
||||
2.31.1
|
||||
|
180
kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch
Normal file
180
kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch
Normal file
@ -0,0 +1,180 @@
|
||||
From 2e38b4ec5c53b2b98539a70105d3046e1c452ab8 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 13/17] pc-bios/s390-ccw: Split virtio-scsi code from
|
||||
virtio_blk_setup_device()
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [8/10] f49c5fb77e05c9dc09ed9f037e37f6a461e4bba6 (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit cf30b7c4a9b2c64518be8037c2e6670aacdb00b9
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:19:00 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw: Split virtio-scsi code from virtio_blk_setup_device()
|
||||
|
||||
The next patch is going to add more virtio-block specific code to
|
||||
virtio_blk_setup_device(), and if the virtio-scsi code is also in
|
||||
there, this is more cumbersome. And the calling function virtio_setup()
|
||||
in main.c looks at the device type already anyway, so it's more
|
||||
logical to separate the virtio-scsi stuff into a new function in
|
||||
virtio-scsi.c instead.
|
||||
|
||||
Message-Id: <20220704111903.62400-10-thuth@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/main.c | 24 +++++++++++++++++-------
|
||||
pc-bios/s390-ccw/virtio-blkdev.c | 20 ++------------------
|
||||
pc-bios/s390-ccw/virtio-scsi.c | 19 ++++++++++++++++++-
|
||||
pc-bios/s390-ccw/virtio-scsi.h | 2 +-
|
||||
4 files changed, 38 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
|
||||
index 5d2b7ba94d..13e1d8fdf7 100644
|
||||
--- a/pc-bios/s390-ccw/main.c
|
||||
+++ b/pc-bios/s390-ccw/main.c
|
||||
@@ -14,6 +14,7 @@
|
||||
#include "s390-ccw.h"
|
||||
#include "cio.h"
|
||||
#include "virtio.h"
|
||||
+#include "virtio-scsi.h"
|
||||
#include "dasd-ipl.h"
|
||||
|
||||
char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
|
||||
@@ -218,6 +219,7 @@ static int virtio_setup(void)
|
||||
{
|
||||
VDev *vdev = virtio_get_device();
|
||||
QemuIplParameters *early_qipl = (QemuIplParameters *)QIPL_ADDRESS;
|
||||
+ int ret;
|
||||
|
||||
memcpy(&qipl, early_qipl, sizeof(QemuIplParameters));
|
||||
|
||||
@@ -225,18 +227,26 @@ static int virtio_setup(void)
|
||||
menu_setup();
|
||||
}
|
||||
|
||||
- if (virtio_get_device_type() == VIRTIO_ID_NET) {
|
||||
+ switch (vdev->senseid.cu_model) {
|
||||
+ case VIRTIO_ID_NET:
|
||||
sclp_print("Network boot device detected\n");
|
||||
vdev->netboot_start_addr = qipl.netboot_start_addr;
|
||||
- } else {
|
||||
- int ret = virtio_blk_setup_device(blk_schid);
|
||||
- if (ret) {
|
||||
- return ret;
|
||||
- }
|
||||
+ return 0;
|
||||
+ case VIRTIO_ID_BLOCK:
|
||||
+ ret = virtio_blk_setup_device(blk_schid);
|
||||
+ break;
|
||||
+ case VIRTIO_ID_SCSI:
|
||||
+ ret = virtio_scsi_setup_device(blk_schid);
|
||||
+ break;
|
||||
+ default:
|
||||
+ panic("\n! No IPL device available !\n");
|
||||
+ }
|
||||
+
|
||||
+ if (!ret) {
|
||||
IPL_assert(virtio_ipl_disk_is_valid(), "No valid IPL device detected");
|
||||
}
|
||||
|
||||
- return 0;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
static void ipl_boot_device(void)
|
||||
diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
index db1f7f44aa..c175b66a47 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
+++ b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
@@ -222,27 +222,11 @@ uint64_t virtio_get_blocks(void)
|
||||
int virtio_blk_setup_device(SubChannelId schid)
|
||||
{
|
||||
VDev *vdev = virtio_get_device();
|
||||
- int ret = 0;
|
||||
|
||||
vdev->schid = schid;
|
||||
virtio_setup_ccw(vdev);
|
||||
|
||||
- switch (vdev->senseid.cu_model) {
|
||||
- case VIRTIO_ID_BLOCK:
|
||||
- sclp_print("Using virtio-blk.\n");
|
||||
- break;
|
||||
- case VIRTIO_ID_SCSI:
|
||||
- IPL_assert(vdev->config.scsi.sense_size == VIRTIO_SCSI_SENSE_SIZE,
|
||||
- "Config: sense size mismatch");
|
||||
- IPL_assert(vdev->config.scsi.cdb_size == VIRTIO_SCSI_CDB_SIZE,
|
||||
- "Config: CDB size mismatch");
|
||||
+ sclp_print("Using virtio-blk.\n");
|
||||
|
||||
- sclp_print("Using virtio-scsi.\n");
|
||||
- ret = virtio_scsi_setup(vdev);
|
||||
- break;
|
||||
- default:
|
||||
- panic("\n! No IPL device available !\n");
|
||||
- }
|
||||
-
|
||||
- return ret;
|
||||
+ return 0;
|
||||
}
|
||||
diff --git a/pc-bios/s390-ccw/virtio-scsi.c b/pc-bios/s390-ccw/virtio-scsi.c
|
||||
index 2c8d0f3097..3b7069270c 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-scsi.c
|
||||
+++ b/pc-bios/s390-ccw/virtio-scsi.c
|
||||
@@ -329,7 +329,7 @@ static void scsi_parse_capacity_report(void *data,
|
||||
}
|
||||
}
|
||||
|
||||
-int virtio_scsi_setup(VDev *vdev)
|
||||
+static int virtio_scsi_setup(VDev *vdev)
|
||||
{
|
||||
int retry_test_unit_ready = 3;
|
||||
uint8_t data[256];
|
||||
@@ -430,3 +430,20 @@ int virtio_scsi_setup(VDev *vdev)
|
||||
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+int virtio_scsi_setup_device(SubChannelId schid)
|
||||
+{
|
||||
+ VDev *vdev = virtio_get_device();
|
||||
+
|
||||
+ vdev->schid = schid;
|
||||
+ virtio_setup_ccw(vdev);
|
||||
+
|
||||
+ IPL_assert(vdev->config.scsi.sense_size == VIRTIO_SCSI_SENSE_SIZE,
|
||||
+ "Config: sense size mismatch");
|
||||
+ IPL_assert(vdev->config.scsi.cdb_size == VIRTIO_SCSI_CDB_SIZE,
|
||||
+ "Config: CDB size mismatch");
|
||||
+
|
||||
+ sclp_print("Using virtio-scsi.\n");
|
||||
+
|
||||
+ return virtio_scsi_setup(vdev);
|
||||
+}
|
||||
diff --git a/pc-bios/s390-ccw/virtio-scsi.h b/pc-bios/s390-ccw/virtio-scsi.h
|
||||
index 4b14c2c2f9..e6b6cd4815 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-scsi.h
|
||||
+++ b/pc-bios/s390-ccw/virtio-scsi.h
|
||||
@@ -67,8 +67,8 @@ static inline bool virtio_scsi_response_ok(const VirtioScsiCmdResp *r)
|
||||
return r->response == VIRTIO_SCSI_S_OK && r->status == CDB_STATUS_GOOD;
|
||||
}
|
||||
|
||||
-int virtio_scsi_setup(VDev *vdev);
|
||||
int virtio_scsi_read_many(VDev *vdev,
|
||||
ulong sector, void *load_addr, int sec_num);
|
||||
+int virtio_scsi_setup_device(SubChannelId schid);
|
||||
|
||||
#endif /* VIRTIO_SCSI_H */
|
||||
--
|
||||
2.31.1
|
||||
|
102
kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch
Normal file
102
kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch
Normal file
@ -0,0 +1,102 @@
|
||||
From 64fa56e0520215e3909e442f09d8073c1870648a Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 07/17] pc-bios/s390-ccw/bootmap: Improve the guessing logic in
|
||||
zipl_load_vblk()
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [2/10] ca8f5e847617cf4ac2fd6c38edb2982f32fa3eba (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit 422865f6672ee1482b98d18321b55c1ecfb06c82
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:54 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/bootmap: Improve the guessing logic in zipl_load_vblk()
|
||||
|
||||
The logic of trying an final ISO or ECKD boot on virtio-block devices is
|
||||
very weird: Since the geometry hardly ever matches in virtio_disk_is_scsi(),
|
||||
virtio_blk_setup_device() always sets a "guessed" disk geometry via
|
||||
virtio_assume_scsi() (which is certainly also wrong in a lot of cases).
|
||||
|
||||
zipl_load_vblk() then sees that there's been a "virtio_guessed_disk_nature"
|
||||
and tries to fix up the geometry again via virtio_assume_iso9660() before
|
||||
always trying to do ipl_iso_el_torito(). That's a very brain-twisting
|
||||
way of attempting to boot from ISO images, which won't work anymore after
|
||||
the following patches that will clean up the virtio_assume_scsi() mess
|
||||
(and thus get rid of the "virtio_guessed_disk_nature" here).
|
||||
|
||||
Let's try a better approach instead: ISO files always have a magic
|
||||
string "CD001" at offset 0x8001 (see e.g. the ECMA-119 specification)
|
||||
which we can use to decide whether we should try to boot in ISO 9660
|
||||
mode (which we should also try if we see a sector size of 2048).
|
||||
|
||||
And if we were not able to boot in ISO mode here, the final boot attempt
|
||||
before panicking is to boot in ECKD mode. Since this is our last boot
|
||||
attempt anyway, simply always assume the ECKD geometry here (if the sector
|
||||
size was not 4096 yet), so that we also do not depend on the guessed disk
|
||||
geometry from virtio_blk_setup_device() here anymore.
|
||||
|
||||
Message-Id: <20220704111903.62400-4-thuth@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/bootmap.c | 27 +++++++++++++++++++++++----
|
||||
1 file changed, 23 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
|
||||
index 56411ab3b6..994e59c0b0 100644
|
||||
--- a/pc-bios/s390-ccw/bootmap.c
|
||||
+++ b/pc-bios/s390-ccw/bootmap.c
|
||||
@@ -780,18 +780,37 @@ static void ipl_iso_el_torito(void)
|
||||
}
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * Detect whether we're trying to boot from an .ISO image.
|
||||
+ * These always have a signature string "CD001" at offset 0x8001.
|
||||
+ */
|
||||
+static bool has_iso_signature(void)
|
||||
+{
|
||||
+ int blksize = virtio_get_block_size();
|
||||
+
|
||||
+ if (!blksize || virtio_read(0x8000 / blksize, sec)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return !memcmp("CD001", &sec[1], 5);
|
||||
+}
|
||||
+
|
||||
/***********************************************************************
|
||||
* Bus specific IPL sequences
|
||||
*/
|
||||
|
||||
static void zipl_load_vblk(void)
|
||||
{
|
||||
- if (virtio_guessed_disk_nature()) {
|
||||
- virtio_assume_iso9660();
|
||||
+ int blksize = virtio_get_block_size();
|
||||
+
|
||||
+ if (blksize == VIRTIO_ISO_BLOCK_SIZE || has_iso_signature()) {
|
||||
+ if (blksize != VIRTIO_ISO_BLOCK_SIZE) {
|
||||
+ virtio_assume_iso9660();
|
||||
+ }
|
||||
+ ipl_iso_el_torito();
|
||||
}
|
||||
- ipl_iso_el_torito();
|
||||
|
||||
- if (virtio_guessed_disk_nature()) {
|
||||
+ if (blksize != VIRTIO_DASD_DEFAULT_BLOCK_SIZE) {
|
||||
sclp_print("Using guessed DASD geometry.\n");
|
||||
virtio_assume_eckd();
|
||||
}
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,78 @@
|
||||
From 56674ee1f25f12978a6a8a1390e11b55b3e0fabe Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 15/17] pc-bios/s390-ccw/netboot.mak: Ignore Clang's warnings
|
||||
about GNU extensions
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [10/10] 037dab4df23ebb2b42871bca8c842a53a7204b50 (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit e2269220acb03e6c6a460c3090d804835e202239
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:19:03 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/netboot.mak: Ignore Clang's warnings about GNU extensions
|
||||
|
||||
When compiling the s390-ccw bios with Clang (v14.0), there is currently
|
||||
an unuseful warning like this:
|
||||
|
||||
CC pc-bios/s390-ccw/ipv6.o
|
||||
../../roms/SLOF/lib/libnet/ipv6.c:447:18: warning: variable length array
|
||||
folded to constant array as an extension [-Wgnu-folding-constant]
|
||||
unsigned short raw[ip6size];
|
||||
^
|
||||
|
||||
SLOF is currently GCC-only and cannot be compiled with Clang yet, so
|
||||
it is expected that such extensions sneak in there - and as long as
|
||||
we don't want to compile the code with a compiler that is neither GCC
|
||||
or Clang, it is also not necessary to avoid such extensions.
|
||||
|
||||
Thus these GNU-extension related warnings are completely useless in
|
||||
the s390-ccw bios, especially in the code that is coming from SLOF,
|
||||
so we should simply disable the related warnings here now.
|
||||
|
||||
Message-Id: <20220704111903.62400-13-thuth@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/netboot.mak | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
|
||||
index 68b4d7edcb..ad41898cb6 100644
|
||||
--- a/pc-bios/s390-ccw/netboot.mak
|
||||
+++ b/pc-bios/s390-ccw/netboot.mak
|
||||
@@ -16,9 +16,12 @@ s390-netboot.elf: $(NETOBJS) libnet.a libc.a
|
||||
s390-netboot.img: s390-netboot.elf
|
||||
$(call quiet-command,$(STRIP) --strip-unneeded $< -o $@,"STRIP","$(TARGET_DIR)$@")
|
||||
|
||||
+# SLOF is GCC-only, so ignore warnings about GNU extensions with Clang here
|
||||
+NO_GNU_WARN := $(call cc-option,-Werror $(QEMU_CFLAGS),-Wno-gnu)
|
||||
+
|
||||
# libc files:
|
||||
|
||||
-LIBC_CFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
|
||||
+LIBC_CFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(NO_GNU_WARN) $(LIBC_INC) $(LIBNET_INC) \
|
||||
-MMD -MP -MT $@ -MF $(@:%.o=%.d)
|
||||
|
||||
CTYPE_OBJS = isdigit.o isxdigit.o toupper.o
|
||||
@@ -52,7 +55,7 @@ libc.a: $(LIBCOBJS)
|
||||
|
||||
LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
|
||||
dhcpv6.o ethernet.o ipv4.o ndp.o tftp.o pxelinux.o
|
||||
-LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
|
||||
+LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(NO_GNU_WARN) $(LIBC_INC) $(LIBNET_INC) \
|
||||
-DDHCPARCH=0x1F -MMD -MP -MT $@ -MF $(@:%.o=%.d)
|
||||
|
||||
%.o : $(SLOF_DIR)/lib/libnet/%.c
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,56 @@
|
||||
From 430e76fd964390db86c8486f76b916a1cf7f74c2 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 12/17] pc-bios/s390-ccw/virtio: Beautify the code for reading
|
||||
virtqueue configuration
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [7/10] b15c06b4c5431837672b6cb5d57d09da20718441 (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit 070824885741f5d2a66626d3c4ecb2773c8e0552
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:59 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio: Beautify the code for reading virtqueue configuration
|
||||
|
||||
It looks nicer if we separate the run_ccw() from the IPL_assert()
|
||||
statement, and the error message should talk about "virtio device"
|
||||
instead of "block device", since this code is nowadays used for
|
||||
non-block (i.e. network) devices, too.
|
||||
|
||||
Message-Id: <20220704111903.62400-9-thuth@redhat.com>
|
||||
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
|
||||
index d8c2b52710..f37510f312 100644
|
||||
--- a/pc-bios/s390-ccw/virtio.c
|
||||
+++ b/pc-bios/s390-ccw/virtio.c
|
||||
@@ -289,9 +289,8 @@ void virtio_setup_ccw(VDev *vdev)
|
||||
.num = 0,
|
||||
};
|
||||
|
||||
- IPL_assert(
|
||||
- run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config), false) == 0,
|
||||
- "Could not get block device VQ configuration");
|
||||
+ rc = run_ccw(vdev, CCW_CMD_READ_VQ_CONF, &config, sizeof(config), false);
|
||||
+ IPL_assert(rc == 0, "Could not get virtio device VQ configuration");
|
||||
info.num = config.num;
|
||||
vring_init(&vdev->vrings[i], &info);
|
||||
vdev->vrings[i].schid = vdev->schid;
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,63 @@
|
||||
From 7d4f2454f95bfc087ad3f2fe3bc4625dcea3568e Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 06/17] pc-bios/s390-ccw/virtio: Introduce a macro for the DASD
|
||||
block size
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [1/10] 71033934e1e9988bcf71362e02665ceb7449009d (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit 1f2c2ee48e87ea743f8e23cc7569dd26c4cf9623
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:53 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio: Introduce a macro for the DASD block size
|
||||
|
||||
Use VIRTIO_DASD_DEFAULT_BLOCK_SIZE instead of the magic value 4096.
|
||||
|
||||
Message-Id: <20220704111903.62400-3-thuth@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio-blkdev.c | 2 +-
|
||||
pc-bios/s390-ccw/virtio.h | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
index 7d35050292..6483307630 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
+++ b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
@@ -155,7 +155,7 @@ void virtio_assume_eckd(void)
|
||||
vdev->config.blk.physical_block_exp = 0;
|
||||
switch (vdev->senseid.cu_model) {
|
||||
case VIRTIO_ID_BLOCK:
|
||||
- vdev->config.blk.blk_size = 4096;
|
||||
+ vdev->config.blk.blk_size = VIRTIO_DASD_DEFAULT_BLOCK_SIZE;
|
||||
break;
|
||||
case VIRTIO_ID_SCSI:
|
||||
vdev->config.blk.blk_size = vdev->scsi_block_size;
|
||||
diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h
|
||||
index 19fceb6495..9e410bde6f 100644
|
||||
--- a/pc-bios/s390-ccw/virtio.h
|
||||
+++ b/pc-bios/s390-ccw/virtio.h
|
||||
@@ -198,6 +198,7 @@ extern int virtio_read_many(ulong sector, void *load_addr, int sec_num);
|
||||
#define VIRTIO_SECTOR_SIZE 512
|
||||
#define VIRTIO_ISO_BLOCK_SIZE 2048
|
||||
#define VIRTIO_SCSI_BLOCK_SIZE 512
|
||||
+#define VIRTIO_DASD_DEFAULT_BLOCK_SIZE 4096
|
||||
|
||||
static inline ulong virtio_sector_adjust(ulong sector)
|
||||
{
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,67 @@
|
||||
From 20f8724d0837acbe642c8c7698a4b256f34c1209 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 11/17] pc-bios/s390-ccw/virtio: Read device config after
|
||||
feature negotiation
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [6/10] 54d21e430b2dfba9e0a0823d6bb8ec7e7f8ff2ff (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit aa5c69ce99411c4886bcd051f288afc02b6d968d
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:58 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio: Read device config after feature negotiation
|
||||
|
||||
Feature negotiation should be done first, since some fields in the
|
||||
config area can depend on the negotiated features and thus should
|
||||
rather be read afterwards.
|
||||
|
||||
While we're at it, also adjust the error message here a little bit
|
||||
(the code is nowadays used for non-block virtio devices, too).
|
||||
|
||||
Message-Id: <20220704111903.62400-8-thuth@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio.c | 7 +++----
|
||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
|
||||
index 4e85a2eb82..d8c2b52710 100644
|
||||
--- a/pc-bios/s390-ccw/virtio.c
|
||||
+++ b/pc-bios/s390-ccw/virtio.c
|
||||
@@ -262,10 +262,6 @@ void virtio_setup_ccw(VDev *vdev)
|
||||
rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
|
||||
IPL_assert(rc == 0, "Could not write DRIVER status to host");
|
||||
|
||||
- IPL_assert(
|
||||
- run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false) == 0,
|
||||
- "Could not get block device configuration");
|
||||
-
|
||||
/* Feature negotiation */
|
||||
for (i = 0; i < ARRAY_SIZE(vdev->guest_features); i++) {
|
||||
feats.features = 0;
|
||||
@@ -278,6 +274,9 @@ void virtio_setup_ccw(VDev *vdev)
|
||||
IPL_assert(rc == 0, "Could not set features bits");
|
||||
}
|
||||
|
||||
+ rc = run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false);
|
||||
+ IPL_assert(rc == 0, "Could not get virtio device configuration");
|
||||
+
|
||||
for (i = 0; i < vdev->nr_vqs; i++) {
|
||||
VqInfo info = {
|
||||
.queue = (unsigned long long) ring_area + (i * VIRTIO_RING_SIZE),
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,93 @@
|
||||
From 303fb3ddcdbbd1373c5b1aa28e03f90507e217f3 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 10/17] pc-bios/s390-ccw/virtio: Set missing status bits while
|
||||
initializing
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [5/10] 4bc44d9adae055fb60b79d04a2f08535b4d38d2b (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit 175aa06a152ef6b58ba9b2e47a1296b024dea70c
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:57 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio: Set missing status bits while initializing
|
||||
|
||||
According chapter "3.1.1 Driver Requirements: Device Initialization"
|
||||
of the Virtio specification (v1.1), a driver for a device has to set
|
||||
the ACKNOWLEDGE and DRIVER bits in the status field after resetting
|
||||
the device. The s390-ccw bios skipped these steps so far and seems
|
||||
like QEMU never cared. Anyway, it's better to follow the spec, so
|
||||
let's set these bits now in the right spots, too.
|
||||
|
||||
Message-Id: <20220704111903.62400-7-thuth@redhat.com>
|
||||
Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
|
||||
index 5d2c6e3381..4e85a2eb82 100644
|
||||
--- a/pc-bios/s390-ccw/virtio.c
|
||||
+++ b/pc-bios/s390-ccw/virtio.c
|
||||
@@ -220,7 +220,7 @@ int virtio_run(VDev *vdev, int vqid, VirtioCmd *cmd)
|
||||
void virtio_setup_ccw(VDev *vdev)
|
||||
{
|
||||
int i, rc, cfg_size = 0;
|
||||
- unsigned char status = VIRTIO_CONFIG_S_DRIVER_OK;
|
||||
+ uint8_t status;
|
||||
struct VirtioFeatureDesc {
|
||||
uint32_t features;
|
||||
uint8_t index;
|
||||
@@ -234,6 +234,10 @@ void virtio_setup_ccw(VDev *vdev)
|
||||
|
||||
run_ccw(vdev, CCW_CMD_VDEV_RESET, NULL, 0, false);
|
||||
|
||||
+ status = VIRTIO_CONFIG_S_ACKNOWLEDGE;
|
||||
+ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
|
||||
+ IPL_assert(rc == 0, "Could not write ACKNOWLEDGE status to host");
|
||||
+
|
||||
switch (vdev->senseid.cu_model) {
|
||||
case VIRTIO_ID_NET:
|
||||
vdev->nr_vqs = 2;
|
||||
@@ -253,6 +257,11 @@ void virtio_setup_ccw(VDev *vdev)
|
||||
default:
|
||||
panic("Unsupported virtio device\n");
|
||||
}
|
||||
+
|
||||
+ status |= VIRTIO_CONFIG_S_DRIVER;
|
||||
+ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
|
||||
+ IPL_assert(rc == 0, "Could not write DRIVER status to host");
|
||||
+
|
||||
IPL_assert(
|
||||
run_ccw(vdev, CCW_CMD_READ_CONF, &vdev->config, cfg_size, false) == 0,
|
||||
"Could not get block device configuration");
|
||||
@@ -291,9 +300,10 @@ void virtio_setup_ccw(VDev *vdev)
|
||||
run_ccw(vdev, CCW_CMD_SET_VQ, &info, sizeof(info), false) == 0,
|
||||
"Cannot set VQ info");
|
||||
}
|
||||
- IPL_assert(
|
||||
- run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false) == 0,
|
||||
- "Could not write status to host");
|
||||
+
|
||||
+ status |= VIRTIO_CONFIG_S_DRIVER_OK;
|
||||
+ rc = run_ccw(vdev, CCW_CMD_WRITE_STATUS, &status, sizeof(status), false);
|
||||
+ IPL_assert(rc == 0, "Could not write DRIVER_OK status to host");
|
||||
}
|
||||
|
||||
bool virtio_is_supported(SubChannelId schid)
|
||||
--
|
||||
2.31.1
|
||||
|
101
kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch
Normal file
101
kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From d3335a98a7b6e084aadf4907968536a67cf8e64c Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 09/17] pc-bios/s390-ccw/virtio-blkdev: Remove
|
||||
virtio_assume_scsi()
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [4/10] bf27f75344f220a03475a2918ed49ec9cd5ba317 (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit 5447de2619050a0a4dd480b97f88a9b58da360d1
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:56 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio-blkdev: Remove virtio_assume_scsi()
|
||||
|
||||
The virtio_assume_scsi() function is very questionable: First, it
|
||||
is only called for virtio-blk, and not for virtio-scsi, so the naming
|
||||
is already quite confusing. Second, it is called if we detected a
|
||||
"invalid" IPL disk, trying to fix it by blindly setting a sector
|
||||
size of 512. This of course won't work in most cases since disks
|
||||
might have a different sector size for a reason.
|
||||
|
||||
Thus let's remove this strange function now. The calling code can
|
||||
also be removed completely, since there is another spot in main.c
|
||||
that does "IPL_assert(virtio_ipl_disk_is_valid(), ...)" to make
|
||||
sure that we do not try to IPL from an invalid device.
|
||||
|
||||
Message-Id: <20220704111903.62400-6-thuth@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio-blkdev.c | 24 ------------------------
|
||||
pc-bios/s390-ccw/virtio.h | 1 -
|
||||
2 files changed, 25 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
index 7e13155589..db1f7f44aa 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
+++ b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
@@ -112,23 +112,6 @@ VirtioGDN virtio_guessed_disk_nature(void)
|
||||
return virtio_get_device()->guessed_disk_nature;
|
||||
}
|
||||
|
||||
-void virtio_assume_scsi(void)
|
||||
-{
|
||||
- VDev *vdev = virtio_get_device();
|
||||
-
|
||||
- switch (vdev->senseid.cu_model) {
|
||||
- case VIRTIO_ID_BLOCK:
|
||||
- vdev->guessed_disk_nature = VIRTIO_GDN_SCSI;
|
||||
- vdev->config.blk.blk_size = VIRTIO_SCSI_BLOCK_SIZE;
|
||||
- vdev->config.blk.physical_block_exp = 0;
|
||||
- vdev->blk_factor = 1;
|
||||
- break;
|
||||
- case VIRTIO_ID_SCSI:
|
||||
- vdev->scsi_block_size = VIRTIO_SCSI_BLOCK_SIZE;
|
||||
- break;
|
||||
- }
|
||||
-}
|
||||
-
|
||||
void virtio_assume_iso9660(void)
|
||||
{
|
||||
VDev *vdev = virtio_get_device();
|
||||
@@ -247,13 +230,6 @@ int virtio_blk_setup_device(SubChannelId schid)
|
||||
switch (vdev->senseid.cu_model) {
|
||||
case VIRTIO_ID_BLOCK:
|
||||
sclp_print("Using virtio-blk.\n");
|
||||
- if (!virtio_ipl_disk_is_valid()) {
|
||||
- /* make sure all getters but blocksize return 0 for
|
||||
- * invalid IPL disk
|
||||
- */
|
||||
- memset(&vdev->config.blk, 0, sizeof(vdev->config.blk));
|
||||
- virtio_assume_scsi();
|
||||
- }
|
||||
break;
|
||||
case VIRTIO_ID_SCSI:
|
||||
IPL_assert(vdev->config.scsi.sense_size == VIRTIO_SCSI_SENSE_SIZE,
|
||||
diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h
|
||||
index 241730effe..600ba5052b 100644
|
||||
--- a/pc-bios/s390-ccw/virtio.h
|
||||
+++ b/pc-bios/s390-ccw/virtio.h
|
||||
@@ -182,7 +182,6 @@ enum guessed_disk_nature_type {
|
||||
typedef enum guessed_disk_nature_type VirtioGDN;
|
||||
|
||||
VirtioGDN virtio_guessed_disk_nature(void);
|
||||
-void virtio_assume_scsi(void);
|
||||
void virtio_assume_eckd(void);
|
||||
void virtio_assume_iso9660(void);
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,63 @@
|
||||
From db58915fcaf3d24b64fe2c34cc15b5596b9a81bb Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 14/17] pc-bios/s390-ccw/virtio-blkdev: Request the right
|
||||
feature bits
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [9/10] 9dcd8c2f659f366f9487ab6473d1f0d7778b40a7 (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit 9125a314cca4a1838b09305a87d8efb98f80ab67
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:19:01 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio-blkdev: Request the right feature bits
|
||||
|
||||
The virtio-blk code uses the block size and geometry fields in the
|
||||
config area. According to the virtio-spec, these have to be negotiated
|
||||
with the right feature bits during initialization, otherwise they
|
||||
might not be available. QEMU is so far very forgiving and always
|
||||
provides them, but we should not rely on this behavior, so let's
|
||||
better request them properly via the VIRTIO_BLK_F_GEOMETRY and
|
||||
VIRTIO_BLK_F_BLK_SIZE feature bits.
|
||||
|
||||
Message-Id: <20220704111903.62400-11-thuth@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio-blkdev.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
index c175b66a47..8271c47296 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
+++ b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
@@ -13,6 +13,9 @@
|
||||
#include "virtio.h"
|
||||
#include "virtio-scsi.h"
|
||||
|
||||
+#define VIRTIO_BLK_F_GEOMETRY (1 << 4)
|
||||
+#define VIRTIO_BLK_F_BLK_SIZE (1 << 6)
|
||||
+
|
||||
static int virtio_blk_read_many(VDev *vdev, ulong sector, void *load_addr,
|
||||
int sec_num)
|
||||
{
|
||||
@@ -223,6 +226,7 @@ int virtio_blk_setup_device(SubChannelId schid)
|
||||
{
|
||||
VDev *vdev = virtio_get_device();
|
||||
|
||||
+ vdev->guest_features[0] = VIRTIO_BLK_F_GEOMETRY | VIRTIO_BLK_F_BLK_SIZE;
|
||||
vdev->schid = schid;
|
||||
virtio_setup_ccw(vdev);
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
124
kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch
Normal file
124
kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch
Normal file
@ -0,0 +1,124 @@
|
||||
From f07e4629a7c58407f903810a038660c88c6a6315 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 8 Jul 2022 20:49:01 +0200
|
||||
Subject: [PATCH 08/17] pc-bios/s390-ccw/virtio-blkdev: Simplify/fix
|
||||
virtio_ipl_disk_is_valid()
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 106: pc-bios/s390-ccw: Fix boot from disks with 4k sectors that do not have the typical DASD geometry
|
||||
RH-Commit: [3/10] fb06830a3e50d9da3d84913b50bb227865cc44b3 (thuth/qemu-kvm-cs9)
|
||||
RH-Bugzilla: 2098077
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: http://bugzilla.redhat.com/2098077
|
||||
|
||||
commit bbf615f7b707f009ef8e757d170902ad33b90644
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon Jul 4 13:18:55 2022 +0200
|
||||
|
||||
pc-bios/s390-ccw/virtio-blkdev: Simplify/fix virtio_ipl_disk_is_valid()
|
||||
|
||||
The s390-ccw bios fails to boot if the boot disk is a virtio-blk
|
||||
disk with a sector size of 4096. For example:
|
||||
|
||||
dasdfmt -b 4096 -d cdl -y -p -M quick /dev/dasdX
|
||||
fdasd -a /dev/dasdX
|
||||
install a guest onto /dev/dasdX1 using virtio-blk
|
||||
qemu-system-s390x -nographic -hda /dev/dasdX1
|
||||
|
||||
The bios then bails out with:
|
||||
|
||||
! Cannot read block 0 !
|
||||
|
||||
Looking at virtio_ipl_disk_is_valid() and especially the function
|
||||
virtio_disk_is_scsi(), it does not really make sense that we expect
|
||||
only such a limited disk geometry (like a block size of 512) for
|
||||
our boot disks. Let's relax the check and allow everything that
|
||||
remotely looks like a sane disk.
|
||||
|
||||
Message-Id: <20220704111903.62400-5-thuth@redhat.com>
|
||||
Reviewed-by: Eric Farman <farman@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/virtio-blkdev.c | 41 ++++++--------------------------
|
||||
pc-bios/s390-ccw/virtio.h | 2 --
|
||||
2 files changed, 7 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/virtio-blkdev.c b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
index 6483307630..7e13155589 100644
|
||||
--- a/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
+++ b/pc-bios/s390-ccw/virtio-blkdev.c
|
||||
@@ -166,46 +166,19 @@ void virtio_assume_eckd(void)
|
||||
virtio_eckd_sectors_for_block_size(vdev->config.blk.blk_size);
|
||||
}
|
||||
|
||||
-bool virtio_disk_is_scsi(void)
|
||||
-{
|
||||
- VDev *vdev = virtio_get_device();
|
||||
-
|
||||
- if (vdev->guessed_disk_nature == VIRTIO_GDN_SCSI) {
|
||||
- return true;
|
||||
- }
|
||||
- switch (vdev->senseid.cu_model) {
|
||||
- case VIRTIO_ID_BLOCK:
|
||||
- return (vdev->config.blk.geometry.heads == 255)
|
||||
- && (vdev->config.blk.geometry.sectors == 63)
|
||||
- && (virtio_get_block_size() == VIRTIO_SCSI_BLOCK_SIZE);
|
||||
- case VIRTIO_ID_SCSI:
|
||||
- return true;
|
||||
- }
|
||||
- return false;
|
||||
-}
|
||||
-
|
||||
-bool virtio_disk_is_eckd(void)
|
||||
+bool virtio_ipl_disk_is_valid(void)
|
||||
{
|
||||
+ int blksize = virtio_get_block_size();
|
||||
VDev *vdev = virtio_get_device();
|
||||
- const int block_size = virtio_get_block_size();
|
||||
|
||||
- if (vdev->guessed_disk_nature == VIRTIO_GDN_DASD) {
|
||||
+ if (vdev->guessed_disk_nature == VIRTIO_GDN_SCSI ||
|
||||
+ vdev->guessed_disk_nature == VIRTIO_GDN_DASD) {
|
||||
return true;
|
||||
}
|
||||
- switch (vdev->senseid.cu_model) {
|
||||
- case VIRTIO_ID_BLOCK:
|
||||
- return (vdev->config.blk.geometry.heads == 15)
|
||||
- && (vdev->config.blk.geometry.sectors ==
|
||||
- virtio_eckd_sectors_for_block_size(block_size));
|
||||
- case VIRTIO_ID_SCSI:
|
||||
- return false;
|
||||
- }
|
||||
- return false;
|
||||
-}
|
||||
|
||||
-bool virtio_ipl_disk_is_valid(void)
|
||||
-{
|
||||
- return virtio_disk_is_scsi() || virtio_disk_is_eckd();
|
||||
+ return (vdev->senseid.cu_model == VIRTIO_ID_BLOCK ||
|
||||
+ vdev->senseid.cu_model == VIRTIO_ID_SCSI) &&
|
||||
+ blksize >= 512 && blksize <= 4096;
|
||||
}
|
||||
|
||||
int virtio_get_block_size(void)
|
||||
diff --git a/pc-bios/s390-ccw/virtio.h b/pc-bios/s390-ccw/virtio.h
|
||||
index 9e410bde6f..241730effe 100644
|
||||
--- a/pc-bios/s390-ccw/virtio.h
|
||||
+++ b/pc-bios/s390-ccw/virtio.h
|
||||
@@ -186,8 +186,6 @@ void virtio_assume_scsi(void);
|
||||
void virtio_assume_eckd(void);
|
||||
void virtio_assume_iso9660(void);
|
||||
|
||||
-extern bool virtio_disk_is_scsi(void);
|
||||
-extern bool virtio_disk_is_eckd(void);
|
||||
extern bool virtio_ipl_disk_is_valid(void);
|
||||
extern int virtio_get_block_size(void);
|
||||
extern uint8_t virtio_get_heads(void);
|
||||
--
|
||||
2.31.1
|
||||
|
119
kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch
Normal file
119
kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch
Normal file
@ -0,0 +1,119 @@
|
||||
From cea7b15c613a11ea15a1458d6990be7044df6643 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 18 Nov 2021 12:57:33 +0100
|
||||
Subject: [PATCH 17/17] tests/qtest/fdc-test: Add a regression test for
|
||||
CVE-2021-3507
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 107: hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
|
||||
RH-Commit: [2/2] 067c052df790959c28c1fcc16547676d36523bd9 (mrezanin/centos-src-qemu-kvm)
|
||||
RH-Bugzilla: 1951522
|
||||
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339
|
||||
|
||||
Without the previous commit, when running 'make check-qtest-i386'
|
||||
with QEMU configured with '--enable-sanitizers' we get:
|
||||
|
||||
==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000062a00 at pc 0x5626d03c491a bp 0x7ffdb4199410 sp 0x7ffdb4198bc0
|
||||
READ of size 786432 at 0x619000062a00 thread T0
|
||||
#0 0x5626d03c4919 in __asan_memcpy (qemu-system-i386+0x1e65919)
|
||||
#1 0x5626d1c023cc in flatview_write_continue softmmu/physmem.c:2787:13
|
||||
#2 0x5626d1bf0c0f in flatview_write softmmu/physmem.c:2822:14
|
||||
#3 0x5626d1bf0798 in address_space_write softmmu/physmem.c:2914:18
|
||||
#4 0x5626d1bf0f37 in address_space_rw softmmu/physmem.c:2924:16
|
||||
#5 0x5626d1bf14c8 in cpu_physical_memory_rw softmmu/physmem.c:2933:5
|
||||
#6 0x5626d0bd5649 in cpu_physical_memory_write include/exec/cpu-common.h:82:5
|
||||
#7 0x5626d0bd0a07 in i8257_dma_write_memory hw/dma/i8257.c:452:9
|
||||
#8 0x5626d09f825d in fdctrl_transfer_handler hw/block/fdc.c:1616:13
|
||||
#9 0x5626d0a048b4 in fdctrl_start_transfer hw/block/fdc.c:1539:13
|
||||
#10 0x5626d09f4c3e in fdctrl_write_data hw/block/fdc.c:2266:13
|
||||
#11 0x5626d09f22f7 in fdctrl_write hw/block/fdc.c:829:9
|
||||
#12 0x5626d1c20bc5 in portio_write softmmu/ioport.c:207:17
|
||||
|
||||
0x619000062a00 is located 0 bytes to the right of 512-byte region [0x619000062800,0x619000062a00)
|
||||
allocated by thread T0 here:
|
||||
#0 0x5626d03c66ec in posix_memalign (qemu-system-i386+0x1e676ec)
|
||||
#1 0x5626d2b988d4 in qemu_try_memalign util/oslib-posix.c:210:11
|
||||
#2 0x5626d2b98b0c in qemu_memalign util/oslib-posix.c:226:27
|
||||
#3 0x5626d09fbaf0 in fdctrl_realize_common hw/block/fdc.c:2341:20
|
||||
#4 0x5626d0a150ed in isabus_fdc_realize hw/block/fdc-isa.c:113:5
|
||||
#5 0x5626d2367935 in device_set_realized hw/core/qdev.c:531:13
|
||||
|
||||
SUMMARY: AddressSanitizer: heap-buffer-overflow (qemu-system-i386+0x1e65919) in __asan_memcpy
|
||||
Shadow bytes around the buggy address:
|
||||
0x0c32800044f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c3280004500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
0x0c3280004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
0x0c3280004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
0x0c3280004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
=>0x0c3280004540:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c3280004550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c3280004560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c3280004570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c3280004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c3280004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
Shadow byte legend (one shadow byte represents 8 application bytes):
|
||||
Addressable: 00
|
||||
Heap left redzone: fa
|
||||
Freed heap region: fd
|
||||
==4028352==ABORTING
|
||||
|
||||
[ kwolf: Added snapshot=on to prevent write file lock failure ]
|
||||
|
||||
Reported-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit 46609b90d9e3a6304def11038a76b58ff43f77bc)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
tests/qtest/fdc-test.c | 21 +++++++++++++++++++++
|
||||
1 file changed, 21 insertions(+)
|
||||
|
||||
diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c
|
||||
index b0d40012e6..1d4f852128 100644
|
||||
--- a/tests/qtest/fdc-test.c
|
||||
+++ b/tests/qtest/fdc-test.c
|
||||
@@ -583,6 +583,26 @@ static void test_cve_2021_20196(void)
|
||||
qtest_quit(s);
|
||||
}
|
||||
|
||||
+static void test_cve_2021_3507(void)
|
||||
+{
|
||||
+ QTestState *s;
|
||||
+
|
||||
+ s = qtest_initf("-nographic -m 32M -nodefaults "
|
||||
+ "-drive file=%s,format=raw,if=floppy,snapshot=on",
|
||||
+ test_image);
|
||||
+ qtest_outl(s, 0x9, 0x0a0206);
|
||||
+ qtest_outw(s, 0x3f4, 0x1600);
|
||||
+ qtest_outw(s, 0x3f4, 0x0000);
|
||||
+ qtest_outw(s, 0x3f4, 0x0000);
|
||||
+ qtest_outw(s, 0x3f4, 0x0000);
|
||||
+ qtest_outw(s, 0x3f4, 0x0200);
|
||||
+ qtest_outw(s, 0x3f4, 0x0200);
|
||||
+ qtest_outw(s, 0x3f4, 0x0000);
|
||||
+ qtest_outw(s, 0x3f4, 0x0000);
|
||||
+ qtest_outw(s, 0x3f4, 0x0000);
|
||||
+ qtest_quit(s);
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int fd;
|
||||
@@ -614,6 +634,7 @@ int main(int argc, char **argv)
|
||||
qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19);
|
||||
qtest_add_func("/fdc/fuzz-registers", fuzz_registers);
|
||||
qtest_add_func("/fdc/fuzz/cve_2021_20196", test_cve_2021_20196);
|
||||
+ qtest_add_func("/fdc/fuzz/cve_2021_3507", test_cve_2021_3507);
|
||||
|
||||
ret = g_test_run();
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,46 @@
|
||||
From 643d9c28ff8b15c333cc748c5e712659ad2a257c Mon Sep 17 00:00:00 2001
|
||||
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Date: Mon, 13 Jun 2022 14:10:10 +0800
|
||||
Subject: [PATCH 03/17] virtio-iommu: Add an assert check in translate routine
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
|
||||
RH-Commit: [3/5] 19f309fd0beda40d65f51c454e37936658ac9f38 (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 2100106
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
|
||||
|
||||
With address space switch supported, dma access translation only
|
||||
happen after endpoint is attached to a non-bypass domain.
|
||||
|
||||
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Message-Id: <20220613061010.2674054-4-zhenzhong.duan@intel.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit 23b5f0ff6d923d3bca11cf44eed3daf7a0a836a8)
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
---
|
||||
hw/virtio/virtio-iommu.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
|
||||
index 440a1c28a7..e970d4d5a6 100644
|
||||
--- a/hw/virtio/virtio-iommu.c
|
||||
+++ b/hw/virtio/virtio-iommu.c
|
||||
@@ -866,6 +866,10 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
|
||||
qemu_rec_mutex_lock(&s->mutex);
|
||||
|
||||
ep = g_tree_lookup(s->endpoints, GUINT_TO_POINTER(sid));
|
||||
+
|
||||
+ if (bypass_allowed)
|
||||
+ assert(ep && ep->domain && !ep->domain->bypass);
|
||||
+
|
||||
if (!ep) {
|
||||
if (!bypass_allowed) {
|
||||
error_report_once("%s sid=%d is not known!!", __func__, sid);
|
||||
--
|
||||
2.31.1
|
||||
|
250
kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch
Normal file
250
kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch
Normal file
@ -0,0 +1,250 @@
|
||||
From d60774ee3168eefb21a4120a38107cd36ae17e07 Mon Sep 17 00:00:00 2001
|
||||
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Date: Mon, 13 Jun 2022 14:10:08 +0800
|
||||
Subject: [PATCH 01/17] virtio-iommu: Add bypass mode support to assigned
|
||||
device
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
|
||||
RH-Commit: [1/5] 4777815533b31c7f4f09af8902e378fd3fc1186a (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 2100106
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
|
||||
|
||||
Currently assigned devices can not work in virtio-iommu bypass mode.
|
||||
Guest driver fails to probe the device due to DMA failure. And the
|
||||
reason is because of lacking GPA -> HPA mappings when VM is created.
|
||||
|
||||
Add a root container memory region to hold both bypass memory region
|
||||
and iommu memory region, so the switch between them is supported
|
||||
just like the implementation in virtual VT-d.
|
||||
|
||||
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Message-Id: <20220613061010.2674054-2-zhenzhong.duan@intel.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit 90519b90539b16258d1d52b908b199f44877dc18)
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
---
|
||||
hw/virtio/trace-events | 1 +
|
||||
hw/virtio/virtio-iommu.c | 115 ++++++++++++++++++++++++++++++-
|
||||
include/hw/virtio/virtio-iommu.h | 2 +
|
||||
3 files changed, 116 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
|
||||
index a5102eac9e..2ab5881b88 100644
|
||||
--- a/hw/virtio/trace-events
|
||||
+++ b/hw/virtio/trace-events
|
||||
@@ -114,6 +114,7 @@ virtio_iommu_remap(const char *name, uint64_t virt_start, uint64_t virt_end, uin
|
||||
virtio_iommu_set_page_size_mask(const char *name, uint64_t old, uint64_t new) "mr=%s old_mask=0x%"PRIx64" new_mask=0x%"PRIx64
|
||||
virtio_iommu_notify_flag_add(const char *name) "add notifier to mr %s"
|
||||
virtio_iommu_notify_flag_del(const char *name) "del notifier from mr %s"
|
||||
+virtio_iommu_switch_address_space(uint8_t bus, uint8_t slot, uint8_t fn, bool on) "Device %02x:%02x.%x switching address space (iommu enabled=%d)"
|
||||
|
||||
# virtio-mem.c
|
||||
virtio_mem_send_response(uint16_t type) "type=%" PRIu16
|
||||
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
|
||||
index 6d5ea0bdf1..5e99e6c62b 100644
|
||||
--- a/hw/virtio/virtio-iommu.c
|
||||
+++ b/hw/virtio/virtio-iommu.c
|
||||
@@ -70,6 +70,77 @@ static inline uint16_t virtio_iommu_get_bdf(IOMMUDevice *dev)
|
||||
return PCI_BUILD_BDF(pci_bus_num(dev->bus), dev->devfn);
|
||||
}
|
||||
|
||||
+static bool virtio_iommu_device_bypassed(IOMMUDevice *sdev)
|
||||
+{
|
||||
+ uint32_t sid;
|
||||
+ bool bypassed;
|
||||
+ VirtIOIOMMU *s = sdev->viommu;
|
||||
+ VirtIOIOMMUEndpoint *ep;
|
||||
+
|
||||
+ sid = virtio_iommu_get_bdf(sdev);
|
||||
+
|
||||
+ qemu_mutex_lock(&s->mutex);
|
||||
+ /* need to check bypass before system reset */
|
||||
+ if (!s->endpoints) {
|
||||
+ bypassed = s->config.bypass;
|
||||
+ goto unlock;
|
||||
+ }
|
||||
+
|
||||
+ ep = g_tree_lookup(s->endpoints, GUINT_TO_POINTER(sid));
|
||||
+ if (!ep || !ep->domain) {
|
||||
+ bypassed = s->config.bypass;
|
||||
+ } else {
|
||||
+ bypassed = ep->domain->bypass;
|
||||
+ }
|
||||
+
|
||||
+unlock:
|
||||
+ qemu_mutex_unlock(&s->mutex);
|
||||
+ return bypassed;
|
||||
+}
|
||||
+
|
||||
+/* Return whether the device is using IOMMU translation. */
|
||||
+static bool virtio_iommu_switch_address_space(IOMMUDevice *sdev)
|
||||
+{
|
||||
+ bool use_remapping;
|
||||
+
|
||||
+ assert(sdev);
|
||||
+
|
||||
+ use_remapping = !virtio_iommu_device_bypassed(sdev);
|
||||
+
|
||||
+ trace_virtio_iommu_switch_address_space(pci_bus_num(sdev->bus),
|
||||
+ PCI_SLOT(sdev->devfn),
|
||||
+ PCI_FUNC(sdev->devfn),
|
||||
+ use_remapping);
|
||||
+
|
||||
+ /* Turn off first then on the other */
|
||||
+ if (use_remapping) {
|
||||
+ memory_region_set_enabled(&sdev->bypass_mr, false);
|
||||
+ memory_region_set_enabled(MEMORY_REGION(&sdev->iommu_mr), true);
|
||||
+ } else {
|
||||
+ memory_region_set_enabled(MEMORY_REGION(&sdev->iommu_mr), false);
|
||||
+ memory_region_set_enabled(&sdev->bypass_mr, true);
|
||||
+ }
|
||||
+
|
||||
+ return use_remapping;
|
||||
+}
|
||||
+
|
||||
+static void virtio_iommu_switch_address_space_all(VirtIOIOMMU *s)
|
||||
+{
|
||||
+ GHashTableIter iter;
|
||||
+ IOMMUPciBus *iommu_pci_bus;
|
||||
+ int i;
|
||||
+
|
||||
+ g_hash_table_iter_init(&iter, s->as_by_busptr);
|
||||
+ while (g_hash_table_iter_next(&iter, NULL, (void **)&iommu_pci_bus)) {
|
||||
+ for (i = 0; i < PCI_DEVFN_MAX; i++) {
|
||||
+ if (!iommu_pci_bus->pbdev[i]) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ virtio_iommu_switch_address_space(iommu_pci_bus->pbdev[i]);
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* The bus number is used for lookup when SID based operations occur.
|
||||
* In that case we lazily populate the IOMMUPciBus array from the bus hash
|
||||
@@ -214,6 +285,7 @@ static gboolean virtio_iommu_notify_map_cb(gpointer key, gpointer value,
|
||||
static void virtio_iommu_detach_endpoint_from_domain(VirtIOIOMMUEndpoint *ep)
|
||||
{
|
||||
VirtIOIOMMUDomain *domain = ep->domain;
|
||||
+ IOMMUDevice *sdev = container_of(ep->iommu_mr, IOMMUDevice, iommu_mr);
|
||||
|
||||
if (!ep->domain) {
|
||||
return;
|
||||
@@ -222,6 +294,7 @@ static void virtio_iommu_detach_endpoint_from_domain(VirtIOIOMMUEndpoint *ep)
|
||||
ep->iommu_mr);
|
||||
QLIST_REMOVE(ep, next);
|
||||
ep->domain = NULL;
|
||||
+ virtio_iommu_switch_address_space(sdev);
|
||||
}
|
||||
|
||||
static VirtIOIOMMUEndpoint *virtio_iommu_get_endpoint(VirtIOIOMMU *s,
|
||||
@@ -324,12 +397,39 @@ static AddressSpace *virtio_iommu_find_add_as(PCIBus *bus, void *opaque,
|
||||
|
||||
trace_virtio_iommu_init_iommu_mr(name);
|
||||
|
||||
+ memory_region_init(&sdev->root, OBJECT(s), name, UINT64_MAX);
|
||||
+ address_space_init(&sdev->as, &sdev->root, TYPE_VIRTIO_IOMMU);
|
||||
+
|
||||
+ /*
|
||||
+ * Build the IOMMU disabled container with aliases to the
|
||||
+ * shared MRs. Note that aliasing to a shared memory region
|
||||
+ * could help the memory API to detect same FlatViews so we
|
||||
+ * can have devices to share the same FlatView when in bypass
|
||||
+ * mode. (either by not configuring virtio-iommu driver or with
|
||||
+ * "iommu=pt"). It will greatly reduce the total number of
|
||||
+ * FlatViews of the system hence VM runs faster.
|
||||
+ */
|
||||
+ memory_region_init_alias(&sdev->bypass_mr, OBJECT(s),
|
||||
+ "system", get_system_memory(), 0,
|
||||
+ memory_region_size(get_system_memory()));
|
||||
+
|
||||
memory_region_init_iommu(&sdev->iommu_mr, sizeof(sdev->iommu_mr),
|
||||
TYPE_VIRTIO_IOMMU_MEMORY_REGION,
|
||||
OBJECT(s), name,
|
||||
UINT64_MAX);
|
||||
- address_space_init(&sdev->as,
|
||||
- MEMORY_REGION(&sdev->iommu_mr), TYPE_VIRTIO_IOMMU);
|
||||
+
|
||||
+ /*
|
||||
+ * Hook both the containers under the root container, we
|
||||
+ * switch between iommu & bypass MRs by enable/disable
|
||||
+ * corresponding sub-containers
|
||||
+ */
|
||||
+ memory_region_add_subregion_overlap(&sdev->root, 0,
|
||||
+ MEMORY_REGION(&sdev->iommu_mr),
|
||||
+ 0);
|
||||
+ memory_region_add_subregion_overlap(&sdev->root, 0,
|
||||
+ &sdev->bypass_mr, 0);
|
||||
+
|
||||
+ virtio_iommu_switch_address_space(sdev);
|
||||
g_free(name);
|
||||
}
|
||||
return &sdev->as;
|
||||
@@ -343,6 +443,7 @@ static int virtio_iommu_attach(VirtIOIOMMU *s,
|
||||
uint32_t flags = le32_to_cpu(req->flags);
|
||||
VirtIOIOMMUDomain *domain;
|
||||
VirtIOIOMMUEndpoint *ep;
|
||||
+ IOMMUDevice *sdev;
|
||||
|
||||
trace_virtio_iommu_attach(domain_id, ep_id);
|
||||
|
||||
@@ -376,6 +477,8 @@ static int virtio_iommu_attach(VirtIOIOMMU *s,
|
||||
QLIST_INSERT_HEAD(&domain->endpoint_list, ep, next);
|
||||
|
||||
ep->domain = domain;
|
||||
+ sdev = container_of(ep->iommu_mr, IOMMUDevice, iommu_mr);
|
||||
+ virtio_iommu_switch_address_space(sdev);
|
||||
|
||||
/* Replay domain mappings on the associated memory region */
|
||||
g_tree_foreach(domain->mappings, virtio_iommu_notify_map_cb,
|
||||
@@ -888,6 +991,7 @@ static void virtio_iommu_set_config(VirtIODevice *vdev,
|
||||
return;
|
||||
}
|
||||
dev_config->bypass = in_config->bypass;
|
||||
+ virtio_iommu_switch_address_space_all(dev);
|
||||
}
|
||||
|
||||
trace_virtio_iommu_set_config(in_config->bypass);
|
||||
@@ -1027,6 +1131,8 @@ static void virtio_iommu_system_reset(void *opaque)
|
||||
* system reset
|
||||
*/
|
||||
s->config.bypass = s->boot_bypass;
|
||||
+ virtio_iommu_switch_address_space_all(s);
|
||||
+
|
||||
}
|
||||
|
||||
static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
|
||||
@@ -1043,6 +1149,11 @@ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
|
||||
virtio_iommu_handle_command);
|
||||
s->event_vq = virtio_add_queue(vdev, VIOMMU_DEFAULT_QUEUE_SIZE, NULL);
|
||||
|
||||
+ /*
|
||||
+ * config.bypass is needed to get initial address space early, such as
|
||||
+ * in vfio realize
|
||||
+ */
|
||||
+ s->config.bypass = s->boot_bypass;
|
||||
s->config.page_size_mask = TARGET_PAGE_MASK;
|
||||
s->config.input_range.end = UINT64_MAX;
|
||||
s->config.domain_range.end = UINT32_MAX;
|
||||
diff --git a/include/hw/virtio/virtio-iommu.h b/include/hw/virtio/virtio-iommu.h
|
||||
index 84391f8448..102eeefa73 100644
|
||||
--- a/include/hw/virtio/virtio-iommu.h
|
||||
+++ b/include/hw/virtio/virtio-iommu.h
|
||||
@@ -37,6 +37,8 @@ typedef struct IOMMUDevice {
|
||||
int devfn;
|
||||
IOMMUMemoryRegion iommu_mr;
|
||||
AddressSpace as;
|
||||
+ MemoryRegion root; /* The root container of the device */
|
||||
+ MemoryRegion bypass_mr; /* The alias of shared memory MR */
|
||||
} IOMMUDevice;
|
||||
|
||||
typedef struct IOMMUPciBus {
|
||||
--
|
||||
2.31.1
|
||||
|
54
kvm-virtio-iommu-Fix-migration-regression.patch
Normal file
54
kvm-virtio-iommu-Fix-migration-regression.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 8d45902b4884315ec090e607e9f03606b21001cf Mon Sep 17 00:00:00 2001
|
||||
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Date: Fri, 24 Jun 2022 17:37:40 +0800
|
||||
Subject: [PATCH 05/17] virtio-iommu: Fix migration regression
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
|
||||
RH-Commit: [5/5] 9652c4aaaf88e24083fab1fbc3d1423260c93ca6 (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 2100106
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
|
||||
|
||||
We also need to switch to the right address space on dest side
|
||||
after loading the device status. DMA to wrong address space is
|
||||
destructive.
|
||||
|
||||
Fixes: 3facd774962fd ("virtio-iommu: Add bypass mode support to assigned device")
|
||||
Suggested-by: Eric Auger <eric.auger@redhat.com>
|
||||
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Message-Id: <20220624093740.3525267-1-zhenzhong.duan@intel.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Eric Auger <eric.auger@redhat.com>
|
||||
(cherry picked from commit d355566bd958e24e7e384da6ea89a9fc88d7bfed)
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
---
|
||||
hw/virtio/virtio-iommu.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
|
||||
index 44a041dec9..2012835554 100644
|
||||
--- a/hw/virtio/virtio-iommu.c
|
||||
+++ b/hw/virtio/virtio-iommu.c
|
||||
@@ -1324,6 +1324,14 @@ static int iommu_post_load(void *opaque, int version_id)
|
||||
VirtIOIOMMU *s = opaque;
|
||||
|
||||
g_tree_foreach(s->domains, reconstruct_endpoints, s);
|
||||
+
|
||||
+ /*
|
||||
+ * Memory regions are dynamically turned on/off depending on
|
||||
+ * 'config.bypass' and attached domain type if there is. After
|
||||
+ * migration, we need to make sure the memory regions are
|
||||
+ * still correct.
|
||||
+ */
|
||||
+ virtio_iommu_switch_address_space_all(s);
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
67
kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch
Normal file
67
kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch
Normal file
@ -0,0 +1,67 @@
|
||||
From b681247c29b59af40c86f8f0ae5709138ae9bf1a Mon Sep 17 00:00:00 2001
|
||||
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Date: Thu, 23 Jun 2022 10:31:52 +0800
|
||||
Subject: [PATCH 04/17] virtio-iommu: Fix the partial copy of probe request
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
|
||||
RH-Commit: [4/5] c402164414a8e69bbb6df20af3c2b6d2589d6f3e (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 2100106
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
|
||||
|
||||
The structure of probe request doesn't include the tail, this leads
|
||||
to a few field missed to be copied. Currently this isn't an issue as
|
||||
those missed field belong to reserved field, just in case reserved
|
||||
field will be used in the future.
|
||||
|
||||
Changed 4th parameter of virtio_iommu_iov_to_req() to receive size
|
||||
of device-readable part.
|
||||
|
||||
Fixes: 1733eebb9e75b ("virtio-iommu: Implement RESV_MEM probe request")
|
||||
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Message-Id: <20220623023152.3473231-1-zhenzhong.duan@intel.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
|
||||
Reviewed-by: Eric Auger <eric.auger@redhat.com>
|
||||
(cherry picked from commit 45461aace83d961e933b27519b81d17b4c690514)
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
---
|
||||
hw/virtio/virtio-iommu.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
|
||||
index e970d4d5a6..44a041dec9 100644
|
||||
--- a/hw/virtio/virtio-iommu.c
|
||||
+++ b/hw/virtio/virtio-iommu.c
|
||||
@@ -676,11 +676,10 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
|
||||
|
||||
static int virtio_iommu_iov_to_req(struct iovec *iov,
|
||||
unsigned int iov_cnt,
|
||||
- void *req, size_t req_sz)
|
||||
+ void *req, size_t payload_sz)
|
||||
{
|
||||
- size_t sz, payload_sz = req_sz - sizeof(struct virtio_iommu_req_tail);
|
||||
+ size_t sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
|
||||
|
||||
- sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
|
||||
if (unlikely(sz != payload_sz)) {
|
||||
return VIRTIO_IOMMU_S_INVAL;
|
||||
}
|
||||
@@ -693,7 +692,8 @@ static int virtio_iommu_handle_ ## __req(VirtIOIOMMU *s, \
|
||||
unsigned int iov_cnt) \
|
||||
{ \
|
||||
struct virtio_iommu_req_ ## __req req; \
|
||||
- int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); \
|
||||
+ int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, \
|
||||
+ sizeof(req) - sizeof(struct virtio_iommu_req_tail));\
|
||||
\
|
||||
return ret ? ret : virtio_iommu_ ## __req(s, &req); \
|
||||
}
|
||||
--
|
||||
2.31.1
|
||||
|
141
kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch
Normal file
141
kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch
Normal file
@ -0,0 +1,141 @@
|
||||
From 881c999e302e7ee1212b47c523a2cf442c549417 Mon Sep 17 00:00:00 2001
|
||||
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Date: Mon, 13 Jun 2022 14:10:09 +0800
|
||||
Subject: [PATCH 02/17] virtio-iommu: Use recursive lock to avoid deadlock
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 105: virtio-iommu: Fix bypass mode for assigned devices
|
||||
RH-Commit: [2/5] 67dce1eecb49555f728f119f8efac00417ff65bf (eauger1/centos-qemu-kvm)
|
||||
RH-Bugzilla: 2100106
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100106
|
||||
|
||||
When switching address space with mutex lock hold, mapping will be
|
||||
replayed for assigned device. This will trigger relock deadlock.
|
||||
|
||||
Also release the mutex resource in unrealize routine.
|
||||
|
||||
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||||
Message-Id: <20220613061010.2674054-3-zhenzhong.duan@intel.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit 08f2030a2e46f1e93d186b3a683e5caef1df562b)
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
---
|
||||
hw/virtio/virtio-iommu.c | 20 +++++++++++---------
|
||||
include/hw/virtio/virtio-iommu.h | 2 +-
|
||||
2 files changed, 12 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
|
||||
index 5e99e6c62b..440a1c28a7 100644
|
||||
--- a/hw/virtio/virtio-iommu.c
|
||||
+++ b/hw/virtio/virtio-iommu.c
|
||||
@@ -79,7 +79,7 @@ static bool virtio_iommu_device_bypassed(IOMMUDevice *sdev)
|
||||
|
||||
sid = virtio_iommu_get_bdf(sdev);
|
||||
|
||||
- qemu_mutex_lock(&s->mutex);
|
||||
+ qemu_rec_mutex_lock(&s->mutex);
|
||||
/* need to check bypass before system reset */
|
||||
if (!s->endpoints) {
|
||||
bypassed = s->config.bypass;
|
||||
@@ -94,7 +94,7 @@ static bool virtio_iommu_device_bypassed(IOMMUDevice *sdev)
|
||||
}
|
||||
|
||||
unlock:
|
||||
- qemu_mutex_unlock(&s->mutex);
|
||||
+ qemu_rec_mutex_unlock(&s->mutex);
|
||||
return bypassed;
|
||||
}
|
||||
|
||||
@@ -746,7 +746,7 @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
|
||||
tail.status = VIRTIO_IOMMU_S_DEVERR;
|
||||
goto out;
|
||||
}
|
||||
- qemu_mutex_lock(&s->mutex);
|
||||
+ qemu_rec_mutex_lock(&s->mutex);
|
||||
switch (head.type) {
|
||||
case VIRTIO_IOMMU_T_ATTACH:
|
||||
tail.status = virtio_iommu_handle_attach(s, iov, iov_cnt);
|
||||
@@ -775,7 +775,7 @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
|
||||
default:
|
||||
tail.status = VIRTIO_IOMMU_S_UNSUPP;
|
||||
}
|
||||
- qemu_mutex_unlock(&s->mutex);
|
||||
+ qemu_rec_mutex_unlock(&s->mutex);
|
||||
|
||||
out:
|
||||
sz = iov_from_buf(elem->in_sg, elem->in_num, 0,
|
||||
@@ -863,7 +863,7 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
|
||||
sid = virtio_iommu_get_bdf(sdev);
|
||||
|
||||
trace_virtio_iommu_translate(mr->parent_obj.name, sid, addr, flag);
|
||||
- qemu_mutex_lock(&s->mutex);
|
||||
+ qemu_rec_mutex_lock(&s->mutex);
|
||||
|
||||
ep = g_tree_lookup(s->endpoints, GUINT_TO_POINTER(sid));
|
||||
if (!ep) {
|
||||
@@ -947,7 +947,7 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
|
||||
trace_virtio_iommu_translate_out(addr, entry.translated_addr, sid);
|
||||
|
||||
unlock:
|
||||
- qemu_mutex_unlock(&s->mutex);
|
||||
+ qemu_rec_mutex_unlock(&s->mutex);
|
||||
return entry;
|
||||
}
|
||||
|
||||
@@ -1036,7 +1036,7 @@ static void virtio_iommu_replay(IOMMUMemoryRegion *mr, IOMMUNotifier *n)
|
||||
|
||||
sid = virtio_iommu_get_bdf(sdev);
|
||||
|
||||
- qemu_mutex_lock(&s->mutex);
|
||||
+ qemu_rec_mutex_lock(&s->mutex);
|
||||
|
||||
if (!s->endpoints) {
|
||||
goto unlock;
|
||||
@@ -1050,7 +1050,7 @@ static void virtio_iommu_replay(IOMMUMemoryRegion *mr, IOMMUNotifier *n)
|
||||
g_tree_foreach(ep->domain->mappings, virtio_iommu_remap, mr);
|
||||
|
||||
unlock:
|
||||
- qemu_mutex_unlock(&s->mutex);
|
||||
+ qemu_rec_mutex_unlock(&s->mutex);
|
||||
}
|
||||
|
||||
static int virtio_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu_mr,
|
||||
@@ -1169,7 +1169,7 @@ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
|
||||
virtio_add_feature(&s->features, VIRTIO_IOMMU_F_PROBE);
|
||||
virtio_add_feature(&s->features, VIRTIO_IOMMU_F_BYPASS_CONFIG);
|
||||
|
||||
- qemu_mutex_init(&s->mutex);
|
||||
+ qemu_rec_mutex_init(&s->mutex);
|
||||
|
||||
s->as_by_busptr = g_hash_table_new_full(NULL, NULL, NULL, g_free);
|
||||
|
||||
@@ -1197,6 +1197,8 @@ static void virtio_iommu_device_unrealize(DeviceState *dev)
|
||||
g_tree_destroy(s->endpoints);
|
||||
}
|
||||
|
||||
+ qemu_rec_mutex_destroy(&s->mutex);
|
||||
+
|
||||
virtio_delete_queue(s->req_vq);
|
||||
virtio_delete_queue(s->event_vq);
|
||||
virtio_cleanup(vdev);
|
||||
diff --git a/include/hw/virtio/virtio-iommu.h b/include/hw/virtio/virtio-iommu.h
|
||||
index 102eeefa73..2ad5ee320b 100644
|
||||
--- a/include/hw/virtio/virtio-iommu.h
|
||||
+++ b/include/hw/virtio/virtio-iommu.h
|
||||
@@ -58,7 +58,7 @@ struct VirtIOIOMMU {
|
||||
ReservedRegion *reserved_regions;
|
||||
uint32_t nb_reserved_regions;
|
||||
GTree *domains;
|
||||
- QemuMutex mutex;
|
||||
+ QemuRecMutex mutex;
|
||||
GTree *endpoints;
|
||||
bool boot_bypass;
|
||||
};
|
||||
--
|
||||
2.31.1
|
||||
|
@ -151,7 +151,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \
|
||||
Summary: QEMU is a machine emulator and virtualizer
|
||||
Name: qemu-kvm
|
||||
Version: 7.0.0
|
||||
Release: 8%{?rcrel}%{?dist}%{?cc_suffix}
|
||||
Release: 9%{?rcrel}%{?dist}%{?cc_suffix}
|
||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||
# Epoch 15 used for RHEL 8
|
||||
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
|
||||
@ -324,6 +324,40 @@ Patch84: kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch
|
||||
Patch85: kvm-migration-Change-zero_copy_send-from-migration-param.patch
|
||||
# For bz#2096143 - The migration port is not released if use it again for recovering postcopy migration
|
||||
Patch86: kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch
|
||||
# For bz#2100106 - Fix virtio-iommu/vfio bypass
|
||||
Patch87: kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch
|
||||
# For bz#2100106 - Fix virtio-iommu/vfio bypass
|
||||
Patch88: kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch
|
||||
# For bz#2100106 - Fix virtio-iommu/vfio bypass
|
||||
Patch89: kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch
|
||||
# For bz#2100106 - Fix virtio-iommu/vfio bypass
|
||||
Patch90: kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch
|
||||
# For bz#2100106 - Fix virtio-iommu/vfio bypass
|
||||
Patch91: kvm-virtio-iommu-Fix-migration-regression.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch92: kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch93: kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch94: kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch95: kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch96: kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch97: kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch98: kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch99: kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch100: kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch
|
||||
# For bz#2098077 - virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions
|
||||
Patch101: kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch
|
||||
# For bz#1951522 - CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]
|
||||
Patch102: kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch
|
||||
# For bz#1951522 - CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]
|
||||
Patch103: kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch
|
||||
|
||||
# Source-git patches
|
||||
|
||||
@ -1359,6 +1393,31 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jul 18 2022 Miroslav Rezanina <mrezanin@redhat.com> - 7.0.0-9
|
||||
- kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106]
|
||||
- kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106]
|
||||
- kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106]
|
||||
- kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106]
|
||||
- kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106]
|
||||
- kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077]
|
||||
- kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077]
|
||||
- kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522]
|
||||
- kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522]
|
||||
- Resolves: bz#2100106
|
||||
(Fix virtio-iommu/vfio bypass)
|
||||
- Resolves: bz#2098077
|
||||
(virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions)
|
||||
- Resolves: bz#1951522
|
||||
(CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0])
|
||||
|
||||
* Tue Jul 05 2022 Camilla Conte <cconte@redhat.com> - 7.0.0-8
|
||||
- kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839]
|
||||
- kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839]
|
||||
|
Loading…
Reference in New Issue
Block a user