Compare commits
7 Commits
imports/c8
...
c8-stream-
Author | SHA1 | Date |
---|---|---|
eabdullin | eaa22a7b77 | |
eabdullin | 58444f1b3d | |
eabdullin | 803d7daeb6 | |
CentOS Sources | 9cf15efa74 | |
CentOS Sources | bb332c3e0a | |
CentOS Sources | cb066cbf03 | |
CentOS Sources | 97d5b9938f |
|
@ -1 +1,5 @@
|
|||
SOURCES/qemu-6.2.0.tar.xz
|
||||
SOURCES/tests_data_acpi_pc_SSDT.dimmpxm
|
||||
SOURCES/tests_data_acpi_q35_FACP.slic
|
||||
SOURCES/tests_data_acpi_q35_SSDT.dimmpxm
|
||||
SOURCES/tests_data_acpi_virt_SSDT.memhp
|
||||
|
|
|
@ -1 +1,5 @@
|
|||
68cd61a466170115b88817e2d52db2cd7a92f43a SOURCES/qemu-6.2.0.tar.xz
|
||||
c4b34092bc5af1ba7febfca1477320fb024e8acd SOURCES/tests_data_acpi_pc_SSDT.dimmpxm
|
||||
19349e3517143bd1af56a5444e927ba37a111f72 SOURCES/tests_data_acpi_q35_FACP.slic
|
||||
4632d10ae8cedad4d5d760ed211f83f0dc81005d SOURCES/tests_data_acpi_q35_SSDT.dimmpxm
|
||||
ef12eed43cc357fb134db6fa3c7ffc83e222a97d SOURCES/tests_data_acpi_virt_SSDT.memhp
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
From 9bacf8c4104ff3cff2e0e2c2179ec4fda633167f Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Mon, 16 Jan 2023 07:51:08 -0500
|
||||
Subject: [PATCH 05/11] KVM: keep track of running ioctls
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 247: accel: introduce accelerator blocker API
|
||||
RH-Bugzilla: 2161188
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [2/3] 357508389e2a0fd996206b406e9e235e50b5f0b6
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2161188
|
||||
|
||||
commit a27dd2de68f37ba96fe164a42121daa5f0750afc
|
||||
Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Fri Nov 11 10:47:57 2022 -0500
|
||||
|
||||
KVM: keep track of running ioctls
|
||||
|
||||
Using the new accel-blocker API, mark where ioctls are being called
|
||||
in KVM. Next, we will implement the critical section that will take
|
||||
care of performing memslots modifications atomically, therefore
|
||||
preventing any new ioctl from running and allowing the running ones
|
||||
to finish.
|
||||
|
||||
Signed-off-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Message-Id: <20221111154758.1372674-3-eesposit@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
accel/kvm/kvm-all.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
|
||||
index 8f2a53438f..221aadfda7 100644
|
||||
--- a/accel/kvm/kvm-all.c
|
||||
+++ b/accel/kvm/kvm-all.c
|
||||
@@ -2337,6 +2337,7 @@ static int kvm_init(MachineState *ms)
|
||||
assert(TARGET_PAGE_SIZE <= qemu_real_host_page_size);
|
||||
|
||||
s->sigmask_len = 8;
|
||||
+ accel_blocker_init();
|
||||
|
||||
#ifdef KVM_CAP_SET_GUEST_DEBUG
|
||||
QTAILQ_INIT(&s->kvm_sw_breakpoints);
|
||||
@@ -3018,7 +3019,9 @@ int kvm_vm_ioctl(KVMState *s, int type, ...)
|
||||
va_end(ap);
|
||||
|
||||
trace_kvm_vm_ioctl(type, arg);
|
||||
+ accel_ioctl_begin();
|
||||
ret = ioctl(s->vmfd, type, arg);
|
||||
+ accel_ioctl_end();
|
||||
if (ret == -1) {
|
||||
ret = -errno;
|
||||
}
|
||||
@@ -3036,7 +3039,9 @@ int kvm_vcpu_ioctl(CPUState *cpu, int type, ...)
|
||||
va_end(ap);
|
||||
|
||||
trace_kvm_vcpu_ioctl(cpu->cpu_index, type, arg);
|
||||
+ accel_cpu_ioctl_begin(cpu);
|
||||
ret = ioctl(cpu->kvm_fd, type, arg);
|
||||
+ accel_cpu_ioctl_end(cpu);
|
||||
if (ret == -1) {
|
||||
ret = -errno;
|
||||
}
|
||||
@@ -3054,7 +3059,9 @@ int kvm_device_ioctl(int fd, int type, ...)
|
||||
va_end(ap);
|
||||
|
||||
trace_kvm_device_ioctl(fd, type, arg);
|
||||
+ accel_ioctl_begin();
|
||||
ret = ioctl(fd, type, arg);
|
||||
+ accel_ioctl_end();
|
||||
if (ret == -1) {
|
||||
ret = -errno;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,181 @@
|
|||
From 440ee491240f2f02f9a6082d8aad98d88c1039dd Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon, 15 Jan 2024 14:00:04 +0100
|
||||
Subject: [PATCH 1/5] MAINTAINERS: split out s390x sections
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails
|
||||
RH-Jira: RHEL-18214
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
||||
RH-Commit: [1/5] a71a3c11922481f97c36570e361088d17474e481
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-18214
|
||||
|
||||
commit 56e34834029c7c6862cb0095d95ad83c50485f88
|
||||
Author: Cornelia Huck <cohuck@redhat.com>
|
||||
Date: Wed Dec 22 11:55:48 2021 +0100
|
||||
|
||||
MAINTAINERS: split out s390x sections
|
||||
|
||||
Split out some more specialized devices etc., so that we can build
|
||||
smarter lists of people to be put on cc: in the future.
|
||||
|
||||
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Acked-by: David Hildenbrand <david@redhat.com>
|
||||
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
|
||||
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
Acked-by: Halil Pasic <pasic@linux.ibm.com>
|
||||
Acked-by: Eric Farman <farman@linux.ibm.com>
|
||||
Message-Id: <20211222105548.356852-1-cohuck@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
MAINTAINERS | 85 ++++++++++++++++++++++++++++++++++++++++++++++-------
|
||||
1 file changed, 74 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/MAINTAINERS b/MAINTAINERS
|
||||
index 7543eb4d59..b893206fc3 100644
|
||||
--- a/MAINTAINERS
|
||||
+++ b/MAINTAINERS
|
||||
@@ -297,7 +297,6 @@ M: David Hildenbrand <david@redhat.com>
|
||||
S: Maintained
|
||||
F: target/s390x/
|
||||
F: target/s390x/tcg
|
||||
-F: target/s390x/cpu_models_*.[ch]
|
||||
F: hw/s390x/
|
||||
F: disas/s390.c
|
||||
F: tests/tcg/s390x/
|
||||
@@ -396,16 +395,10 @@ M: Halil Pasic <pasic@linux.ibm.com>
|
||||
M: Christian Borntraeger <borntraeger@de.ibm.com>
|
||||
S: Supported
|
||||
F: target/s390x/kvm/
|
||||
-F: target/s390x/ioinst.[ch]
|
||||
F: target/s390x/machine.c
|
||||
F: target/s390x/sigp.c
|
||||
-F: target/s390x/cpu_features*.[ch]
|
||||
-F: target/s390x/cpu_models.[ch]
|
||||
F: hw/s390x/pv.c
|
||||
F: include/hw/s390x/pv.h
|
||||
-F: hw/intc/s390_flic.c
|
||||
-F: hw/intc/s390_flic_kvm.c
|
||||
-F: include/hw/s390x/s390_flic.h
|
||||
F: gdb-xml/s390*.xml
|
||||
T: git https://github.com/borntraeger/qemu.git s390-next
|
||||
L: qemu-s390x@nongnu.org
|
||||
@@ -1529,12 +1522,8 @@ S390 Virtio-ccw
|
||||
M: Halil Pasic <pasic@linux.ibm.com>
|
||||
M: Christian Borntraeger <borntraeger@de.ibm.com>
|
||||
S: Supported
|
||||
-F: hw/char/sclp*.[hc]
|
||||
-F: hw/char/terminal3270.c
|
||||
F: hw/s390x/
|
||||
F: include/hw/s390x/
|
||||
-F: hw/watchdog/wdt_diag288.c
|
||||
-F: include/hw/watchdog/wdt_diag288.h
|
||||
F: configs/devices/s390x-softmmu/default.mak
|
||||
F: tests/avocado/machine_s390_ccw_virtio.py
|
||||
T: git https://github.com/borntraeger/qemu.git s390-next
|
||||
@@ -1559,6 +1548,37 @@ F: hw/s390x/s390-pci*
|
||||
F: include/hw/s390x/s390-pci*
|
||||
L: qemu-s390x@nongnu.org
|
||||
|
||||
+S390 channel subsystem
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+S: Supported
|
||||
+F: hw/s390x/ccw-device.[ch]
|
||||
+F: hw/s390x/css.c
|
||||
+F: hw/s390x/css-bridge.c
|
||||
+F: include/hw/s390x/css.h
|
||||
+F: include/hw/s390x/css-bridge.h
|
||||
+F: include/hw/s390x/ioinst.h
|
||||
+F: target/s390x/ioinst.c
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
+S390 CPU models
|
||||
+M: David Hildenbrand <david@redhat.com>
|
||||
+S: Maintained
|
||||
+F: target/s390x/cpu_features*.[ch]
|
||||
+F: target/s390x/cpu_models.[ch]
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
+S390 SCLP-backed devices
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+S: Supported
|
||||
+F: include/hw/s390x/event-facility.h
|
||||
+F: include/hw/s390x/sclp.h
|
||||
+F: hw/char/sclp*.[hc]
|
||||
+F: hw/s390x/event-facility.c
|
||||
+F: hw/s390x/sclp*.c
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
X86 Machines
|
||||
------------
|
||||
PC
|
||||
@@ -1956,6 +1976,7 @@ M: Halil Pasic <pasic@linux.ibm.com>
|
||||
S: Supported
|
||||
F: hw/s390x/virtio-ccw*.[hc]
|
||||
F: hw/s390x/vhost-vsock-ccw.c
|
||||
+F: hw/s390x/vhost-user-fs-ccw.c
|
||||
T: git https://gitlab.com/cohuck/qemu.git s390-next
|
||||
T: git https://github.com/borntraeger/qemu.git s390-next
|
||||
L: qemu-s390x@nongnu.org
|
||||
@@ -2294,6 +2315,48 @@ F: hw/timer/mips_gictimer.c
|
||||
F: include/hw/intc/mips_gic.h
|
||||
F: include/hw/timer/mips_gictimer.h
|
||||
|
||||
+S390 3270 device
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+S: Odd fixes
|
||||
+F: include/hw/s390x/3270-ccw.h
|
||||
+F: hw/char/terminal3270.c
|
||||
+F: hw/s390x/3270-ccw.c
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
+S390 diag 288 watchdog
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+S: Supported
|
||||
+F: hw/watchdog/wdt_diag288.c
|
||||
+F: include/hw/watchdog/wdt_diag288.h
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
+S390 storage key device
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+S: Supported
|
||||
+F: hw/s390x/storage-keys.h
|
||||
+F: hw/390x/s390-skeys*.c
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
+S390 storage attribute device
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+S: Supported
|
||||
+F: hw/s390x/storage-attributes.h
|
||||
+F: hw/s390/s390-stattrib*.c
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
+S390 floating interrupt controller
|
||||
+M: Halil Pasic <pasic@linux.ibm.com>
|
||||
+M: Christian Borntraeger <borntraeger@linux.ibm.com>
|
||||
+M: David Hildenbrand <david@redhat.com>
|
||||
+S: Supported
|
||||
+F: hw/intc/s390_flic*.c
|
||||
+F: include/hw/s390x/s390_flic.h
|
||||
+L: qemu-s390x@nongnu.org
|
||||
+
|
||||
Subsystems
|
||||
----------
|
||||
Overall Audio backends
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
From f1480fe9a4054113ddacd218961e29f31c33d329 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Xu <peterx@redhat.com>
|
||||
Date: Wed, 6 Sep 2023 16:29:23 -0400
|
||||
Subject: [PATCH 2/3] RHEL: Enable "x-not-migrate-acpi-index" for all pre-RHEL8
|
||||
guests
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Peter Xu <peterx@redhat.com>
|
||||
RH-MergeRequest: 343: acpi: fix acpi_index migration
|
||||
RH-Jira: RHEL-20189
|
||||
RH-Acked-by: Leonardo Brás <leobras@redhat.com>
|
||||
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
|
||||
RH-Acked-by: Prasad Pandit <None>
|
||||
RH-Commit: [2/2] 0a26a71236e68dd7feb5d2063254090e3852d6ba
|
||||
|
||||
The acpi index migration is simply broken before for all pre-RHEL8
|
||||
branches. Don't migrate it for all of them.
|
||||
|
||||
Signed-off-by: Peter Xu <peterx@redhat.com>
|
||||
---
|
||||
hw/core/machine.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/hw/core/machine.c b/hw/core/machine.c
|
||||
index 2724f6848a..6650a3d7b7 100644
|
||||
--- a/hw/core/machine.c
|
||||
+++ b/hw/core/machine.c
|
||||
@@ -44,6 +44,10 @@ GlobalProperty hw_compat_rhel_8_6[] = {
|
||||
* we need do disable it downstream on the latest hw_compat_rhel_8.
|
||||
*/
|
||||
{ "vhost-vsock-device", "seqpacket", "off" },
|
||||
+ /*
|
||||
+ * RHEL-2186: all rhel8 machines should not migrate acpi index.
|
||||
+ */
|
||||
+ { "PIIX4_PM", "x-not-migrate-acpi-index", "on"},
|
||||
};
|
||||
const size_t hw_compat_rhel_8_6_len = G_N_ELEMENTS(hw_compat_rhel_8_6);
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,171 @@
|
|||
From 10fc28b61a6fba1e6dc44fd544cf31c7f313c622 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
|
||||
Date: Fri, 28 Oct 2022 17:48:00 +0100
|
||||
Subject: [PATCH 05/42] Update linux headers to v6.0-rc4
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [5/41] ca55f497d1bf1e72179330f8f613781bf999d898
|
||||
|
||||
Based on upstream commit d525f73f9186a5bc641b8caf0b2c9bb94e5aa963
|
||||
("Update linux headers to v6.0-rc4"), but this is focusing only on the
|
||||
ZPCI and protected dump changes.
|
||||
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
linux-headers/linux/kvm.h | 87 +++++++++++++++++++++++++++++++++
|
||||
linux-headers/linux/vfio_zdev.h | 7 +++
|
||||
2 files changed, 94 insertions(+)
|
||||
|
||||
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
|
||||
index 0d05d02ee4..c65930288c 100644
|
||||
--- a/linux-headers/linux/kvm.h
|
||||
+++ b/linux-headers/linux/kvm.h
|
||||
@@ -1150,6 +1150,9 @@ struct kvm_ppc_resize_hpt {
|
||||
#define KVM_CAP_DISABLE_QUIRKS2 213
|
||||
/* #define KVM_CAP_VM_TSC_CONTROL 214 */
|
||||
#define KVM_CAP_SYSTEM_EVENT_DATA 215
|
||||
+#define KVM_CAP_S390_PROTECTED_DUMP 217
|
||||
+#define KVM_CAP_S390_ZPCI_OP 221
|
||||
+#define KVM_CAP_S390_CPU_TOPOLOGY 222
|
||||
|
||||
#ifdef KVM_CAP_IRQ_ROUTING
|
||||
|
||||
@@ -1651,6 +1654,55 @@ struct kvm_s390_pv_unp {
|
||||
__u64 tweak;
|
||||
};
|
||||
|
||||
+enum pv_cmd_dmp_id {
|
||||
+ KVM_PV_DUMP_INIT,
|
||||
+ KVM_PV_DUMP_CONFIG_STOR_STATE,
|
||||
+ KVM_PV_DUMP_COMPLETE,
|
||||
+ KVM_PV_DUMP_CPU,
|
||||
+};
|
||||
+
|
||||
+struct kvm_s390_pv_dmp {
|
||||
+ __u64 subcmd;
|
||||
+ __u64 buff_addr;
|
||||
+ __u64 buff_len;
|
||||
+ __u64 gaddr; /* For dump storage state */
|
||||
+ __u64 reserved[4];
|
||||
+};
|
||||
+
|
||||
+enum pv_cmd_info_id {
|
||||
+ KVM_PV_INFO_VM,
|
||||
+ KVM_PV_INFO_DUMP,
|
||||
+};
|
||||
+
|
||||
+struct kvm_s390_pv_info_dump {
|
||||
+ __u64 dump_cpu_buffer_len;
|
||||
+ __u64 dump_config_mem_buffer_per_1m;
|
||||
+ __u64 dump_config_finalize_len;
|
||||
+};
|
||||
+
|
||||
+struct kvm_s390_pv_info_vm {
|
||||
+ __u64 inst_calls_list[4];
|
||||
+ __u64 max_cpus;
|
||||
+ __u64 max_guests;
|
||||
+ __u64 max_guest_addr;
|
||||
+ __u64 feature_indication;
|
||||
+};
|
||||
+
|
||||
+struct kvm_s390_pv_info_header {
|
||||
+ __u32 id;
|
||||
+ __u32 len_max;
|
||||
+ __u32 len_written;
|
||||
+ __u32 reserved;
|
||||
+};
|
||||
+
|
||||
+struct kvm_s390_pv_info {
|
||||
+ struct kvm_s390_pv_info_header header;
|
||||
+ union {
|
||||
+ struct kvm_s390_pv_info_dump dump;
|
||||
+ struct kvm_s390_pv_info_vm vm;
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
enum pv_cmd_id {
|
||||
KVM_PV_ENABLE,
|
||||
KVM_PV_DISABLE,
|
||||
@@ -1659,6 +1711,8 @@ enum pv_cmd_id {
|
||||
KVM_PV_VERIFY,
|
||||
KVM_PV_PREP_RESET,
|
||||
KVM_PV_UNSHARE_ALL,
|
||||
+ KVM_PV_INFO,
|
||||
+ KVM_PV_DUMP,
|
||||
};
|
||||
|
||||
struct kvm_pv_cmd {
|
||||
@@ -2066,4 +2120,37 @@ struct kvm_stats_desc {
|
||||
/* Available with KVM_CAP_XSAVE2 */
|
||||
#define KVM_GET_XSAVE2 _IOR(KVMIO, 0xcf, struct kvm_xsave)
|
||||
|
||||
+/* Available with KVM_CAP_S390_PROTECTED_DUMP */
|
||||
+#define KVM_S390_PV_CPU_COMMAND _IOWR(KVMIO, 0xd0, struct kvm_pv_cmd)
|
||||
+
|
||||
+/* Available with KVM_CAP_S390_ZPCI_OP */
|
||||
+#define KVM_S390_ZPCI_OP _IOW(KVMIO, 0xd1, struct kvm_s390_zpci_op)
|
||||
+
|
||||
+struct kvm_s390_zpci_op {
|
||||
+ /* in */
|
||||
+ __u32 fh; /* target device */
|
||||
+ __u8 op; /* operation to perform */
|
||||
+ __u8 pad[3];
|
||||
+ union {
|
||||
+ /* for KVM_S390_ZPCIOP_REG_AEN */
|
||||
+ struct {
|
||||
+ __u64 ibv; /* Guest addr of interrupt bit vector */
|
||||
+ __u64 sb; /* Guest addr of summary bit */
|
||||
+ __u32 flags;
|
||||
+ __u32 noi; /* Number of interrupts */
|
||||
+ __u8 isc; /* Guest interrupt subclass */
|
||||
+ __u8 sbo; /* Offset of guest summary bit vector */
|
||||
+ __u16 pad;
|
||||
+ } reg_aen;
|
||||
+ __u64 reserved[8];
|
||||
+ } u;
|
||||
+};
|
||||
+
|
||||
+/* types for kvm_s390_zpci_op->op */
|
||||
+#define KVM_S390_ZPCIOP_REG_AEN 0
|
||||
+#define KVM_S390_ZPCIOP_DEREG_AEN 1
|
||||
+
|
||||
+/* flags for kvm_s390_zpci_op->u.reg_aen.flags */
|
||||
+#define KVM_S390_ZPCIOP_REGAEN_HOST (1 << 0)
|
||||
+
|
||||
#endif /* __LINUX_KVM_H */
|
||||
diff --git a/linux-headers/linux/vfio_zdev.h b/linux-headers/linux/vfio_zdev.h
|
||||
index b4309397b6..77f2aff1f2 100644
|
||||
--- a/linux-headers/linux/vfio_zdev.h
|
||||
+++ b/linux-headers/linux/vfio_zdev.h
|
||||
@@ -29,6 +29,9 @@ struct vfio_device_info_cap_zpci_base {
|
||||
__u16 fmb_length; /* Measurement Block Length (in bytes) */
|
||||
__u8 pft; /* PCI Function Type */
|
||||
__u8 gid; /* PCI function group ID */
|
||||
+ /* End of version 1 */
|
||||
+ __u32 fh; /* PCI function handle */
|
||||
+ /* End of version 2 */
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -47,6 +50,10 @@ struct vfio_device_info_cap_zpci_group {
|
||||
__u16 noi; /* Maximum number of MSIs */
|
||||
__u16 maxstbl; /* Maximum Store Block Length */
|
||||
__u8 version; /* Supported PCI Version */
|
||||
+ /* End of version 1 */
|
||||
+ __u8 reserved;
|
||||
+ __u16 imaxstbl; /* Maximum Interpreted Store Block Length */
|
||||
+ /* End of version 2 */
|
||||
};
|
||||
|
||||
/**
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,349 @@
|
|||
From a5e7bb1f7a88efb5574266a76e80fd7604d19921 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Mon, 16 Jan 2023 07:49:59 -0500
|
||||
Subject: [PATCH 04/11] accel: introduce accelerator blocker API
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 247: accel: introduce accelerator blocker API
|
||||
RH-Bugzilla: 2161188
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/3] 9d3d7f9554974a79042c915763288cce07aef135
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2161188
|
||||
|
||||
commit bd688fc93120fb3e28aa70e3dfdf567ccc1e0bc1
|
||||
Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Fri Nov 11 10:47:56 2022 -0500
|
||||
|
||||
accel: introduce accelerator blocker API
|
||||
|
||||
This API allows the accelerators to prevent vcpus from issuing
|
||||
new ioctls while execting a critical section marked with the
|
||||
accel_ioctl_inhibit_begin/end functions.
|
||||
|
||||
Note that all functions submitting ioctls must mark where the
|
||||
ioctl is being called with accel_{cpu_}ioctl_begin/end().
|
||||
|
||||
This API requires the caller to always hold the BQL.
|
||||
API documentation is in sysemu/accel-blocker.h
|
||||
|
||||
Internally, it uses a QemuLockCnt together with a per-CPU QemuLockCnt
|
||||
(to minimize cache line bouncing) to keep avoid that new ioctls
|
||||
run when the critical section starts, and a QemuEvent to wait
|
||||
that all running ioctls finish.
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Message-Id: <20221111154758.1372674-2-eesposit@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
util/meson.build: files are missing in rhel 8.8.0
|
||||
namely int128.c, memalign.c and interval-tree.c
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
accel/accel-blocker.c | 154 +++++++++++++++++++++++++++++++++
|
||||
accel/meson.build | 2 +-
|
||||
hw/core/cpu-common.c | 2 +
|
||||
include/hw/core/cpu.h | 3 +
|
||||
include/sysemu/accel-blocker.h | 56 ++++++++++++
|
||||
util/meson.build | 2 +-
|
||||
6 files changed, 217 insertions(+), 2 deletions(-)
|
||||
create mode 100644 accel/accel-blocker.c
|
||||
create mode 100644 include/sysemu/accel-blocker.h
|
||||
|
||||
diff --git a/accel/accel-blocker.c b/accel/accel-blocker.c
|
||||
new file mode 100644
|
||||
index 0000000000..1e7f423462
|
||||
--- /dev/null
|
||||
+++ b/accel/accel-blocker.c
|
||||
@@ -0,0 +1,154 @@
|
||||
+/*
|
||||
+ * Lock to inhibit accelerator ioctls
|
||||
+ *
|
||||
+ * Copyright (c) 2022 Red Hat Inc.
|
||||
+ *
|
||||
+ * Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
+ *
|
||||
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
+ * of this software and associated documentation files (the "Software"), to deal
|
||||
+ * in the Software without restriction, including without limitation the rights
|
||||
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
+ * copies of the Software, and to permit persons to whom the Software is
|
||||
+ * furnished to do so, subject to the following conditions:
|
||||
+ *
|
||||
+ * The above copyright notice and this permission notice shall be included in
|
||||
+ * all copies or substantial portions of the Software.
|
||||
+ *
|
||||
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
||||
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
+ * THE SOFTWARE.
|
||||
+ */
|
||||
+
|
||||
+#include "qemu/osdep.h"
|
||||
+#include "qemu/thread.h"
|
||||
+#include "qemu/main-loop.h"
|
||||
+#include "hw/core/cpu.h"
|
||||
+#include "sysemu/accel-blocker.h"
|
||||
+
|
||||
+static QemuLockCnt accel_in_ioctl_lock;
|
||||
+static QemuEvent accel_in_ioctl_event;
|
||||
+
|
||||
+void accel_blocker_init(void)
|
||||
+{
|
||||
+ qemu_lockcnt_init(&accel_in_ioctl_lock);
|
||||
+ qemu_event_init(&accel_in_ioctl_event, false);
|
||||
+}
|
||||
+
|
||||
+void accel_ioctl_begin(void)
|
||||
+{
|
||||
+ if (likely(qemu_mutex_iothread_locked())) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* block if lock is taken in kvm_ioctl_inhibit_begin() */
|
||||
+ qemu_lockcnt_inc(&accel_in_ioctl_lock);
|
||||
+}
|
||||
+
|
||||
+void accel_ioctl_end(void)
|
||||
+{
|
||||
+ if (likely(qemu_mutex_iothread_locked())) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ qemu_lockcnt_dec(&accel_in_ioctl_lock);
|
||||
+ /* change event to SET. If event was BUSY, wake up all waiters */
|
||||
+ qemu_event_set(&accel_in_ioctl_event);
|
||||
+}
|
||||
+
|
||||
+void accel_cpu_ioctl_begin(CPUState *cpu)
|
||||
+{
|
||||
+ if (unlikely(qemu_mutex_iothread_locked())) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* block if lock is taken in kvm_ioctl_inhibit_begin() */
|
||||
+ qemu_lockcnt_inc(&cpu->in_ioctl_lock);
|
||||
+}
|
||||
+
|
||||
+void accel_cpu_ioctl_end(CPUState *cpu)
|
||||
+{
|
||||
+ if (unlikely(qemu_mutex_iothread_locked())) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ qemu_lockcnt_dec(&cpu->in_ioctl_lock);
|
||||
+ /* change event to SET. If event was BUSY, wake up all waiters */
|
||||
+ qemu_event_set(&accel_in_ioctl_event);
|
||||
+}
|
||||
+
|
||||
+static bool accel_has_to_wait(void)
|
||||
+{
|
||||
+ CPUState *cpu;
|
||||
+ bool needs_to_wait = false;
|
||||
+
|
||||
+ CPU_FOREACH(cpu) {
|
||||
+ if (qemu_lockcnt_count(&cpu->in_ioctl_lock)) {
|
||||
+ /* exit the ioctl, if vcpu is running it */
|
||||
+ qemu_cpu_kick(cpu);
|
||||
+ needs_to_wait = true;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return needs_to_wait || qemu_lockcnt_count(&accel_in_ioctl_lock);
|
||||
+}
|
||||
+
|
||||
+void accel_ioctl_inhibit_begin(void)
|
||||
+{
|
||||
+ CPUState *cpu;
|
||||
+
|
||||
+ /*
|
||||
+ * We allow to inhibit only when holding the BQL, so we can identify
|
||||
+ * when an inhibitor wants to issue an ioctl easily.
|
||||
+ */
|
||||
+ g_assert(qemu_mutex_iothread_locked());
|
||||
+
|
||||
+ /* Block further invocations of the ioctls outside the BQL. */
|
||||
+ CPU_FOREACH(cpu) {
|
||||
+ qemu_lockcnt_lock(&cpu->in_ioctl_lock);
|
||||
+ }
|
||||
+ qemu_lockcnt_lock(&accel_in_ioctl_lock);
|
||||
+
|
||||
+ /* Keep waiting until there are running ioctls */
|
||||
+ while (true) {
|
||||
+
|
||||
+ /* Reset event to FREE. */
|
||||
+ qemu_event_reset(&accel_in_ioctl_event);
|
||||
+
|
||||
+ if (accel_has_to_wait()) {
|
||||
+ /*
|
||||
+ * If event is still FREE, and there are ioctls still in progress,
|
||||
+ * wait.
|
||||
+ *
|
||||
+ * If an ioctl finishes before qemu_event_wait(), it will change
|
||||
+ * the event state to SET. This will prevent qemu_event_wait() from
|
||||
+ * blocking, but it's not a problem because if other ioctls are
|
||||
+ * still running the loop will iterate once more and reset the event
|
||||
+ * status to FREE so that it can wait properly.
|
||||
+ *
|
||||
+ * If an ioctls finishes while qemu_event_wait() is blocking, then
|
||||
+ * it will be waken up, but also here the while loop makes sure
|
||||
+ * to re-enter the wait if there are other running ioctls.
|
||||
+ */
|
||||
+ qemu_event_wait(&accel_in_ioctl_event);
|
||||
+ } else {
|
||||
+ /* No ioctl is running */
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void accel_ioctl_inhibit_end(void)
|
||||
+{
|
||||
+ CPUState *cpu;
|
||||
+
|
||||
+ qemu_lockcnt_unlock(&accel_in_ioctl_lock);
|
||||
+ CPU_FOREACH(cpu) {
|
||||
+ qemu_lockcnt_unlock(&cpu->in_ioctl_lock);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
diff --git a/accel/meson.build b/accel/meson.build
|
||||
index dfd808d2c8..801b4d44e8 100644
|
||||
--- a/accel/meson.build
|
||||
+++ b/accel/meson.build
|
||||
@@ -1,4 +1,4 @@
|
||||
-specific_ss.add(files('accel-common.c'))
|
||||
+specific_ss.add(files('accel-common.c', 'accel-blocker.c'))
|
||||
softmmu_ss.add(files('accel-softmmu.c'))
|
||||
user_ss.add(files('accel-user.c'))
|
||||
|
||||
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
|
||||
index 9e3241b430..b6e83acf0a 100644
|
||||
--- a/hw/core/cpu-common.c
|
||||
+++ b/hw/core/cpu-common.c
|
||||
@@ -238,6 +238,7 @@ static void cpu_common_initfn(Object *obj)
|
||||
cpu->nr_threads = 1;
|
||||
|
||||
qemu_mutex_init(&cpu->work_mutex);
|
||||
+ qemu_lockcnt_init(&cpu->in_ioctl_lock);
|
||||
QSIMPLEQ_INIT(&cpu->work_list);
|
||||
QTAILQ_INIT(&cpu->breakpoints);
|
||||
QTAILQ_INIT(&cpu->watchpoints);
|
||||
@@ -249,6 +250,7 @@ static void cpu_common_finalize(Object *obj)
|
||||
{
|
||||
CPUState *cpu = CPU(obj);
|
||||
|
||||
+ qemu_lockcnt_destroy(&cpu->in_ioctl_lock);
|
||||
qemu_mutex_destroy(&cpu->work_mutex);
|
||||
}
|
||||
|
||||
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
|
||||
index e948e81f1a..49d9c73f97 100644
|
||||
--- a/include/hw/core/cpu.h
|
||||
+++ b/include/hw/core/cpu.h
|
||||
@@ -383,6 +383,9 @@ struct CPUState {
|
||||
uint32_t kvm_fetch_index;
|
||||
uint64_t dirty_pages;
|
||||
|
||||
+ /* Use by accel-block: CPU is executing an ioctl() */
|
||||
+ QemuLockCnt in_ioctl_lock;
|
||||
+
|
||||
/* Used for events with 'vcpu' and *without* the 'disabled' properties */
|
||||
DECLARE_BITMAP(trace_dstate_delayed, CPU_TRACE_DSTATE_MAX_EVENTS);
|
||||
DECLARE_BITMAP(trace_dstate, CPU_TRACE_DSTATE_MAX_EVENTS);
|
||||
diff --git a/include/sysemu/accel-blocker.h b/include/sysemu/accel-blocker.h
|
||||
new file mode 100644
|
||||
index 0000000000..72020529ef
|
||||
--- /dev/null
|
||||
+++ b/include/sysemu/accel-blocker.h
|
||||
@@ -0,0 +1,56 @@
|
||||
+/*
|
||||
+ * Accelerator blocking API, to prevent new ioctls from starting and wait the
|
||||
+ * running ones finish.
|
||||
+ * This mechanism differs from pause/resume_all_vcpus() in that it does not
|
||||
+ * release the BQL.
|
||||
+ *
|
||||
+ * Copyright (c) 2022 Red Hat Inc.
|
||||
+ *
|
||||
+ * Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
+ *
|
||||
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
|
||||
+ * See the COPYING file in the top-level directory.
|
||||
+ */
|
||||
+#ifndef ACCEL_BLOCKER_H
|
||||
+#define ACCEL_BLOCKER_H
|
||||
+
|
||||
+#include "qemu/osdep.h"
|
||||
+#include "sysemu/cpus.h"
|
||||
+
|
||||
+extern void accel_blocker_init(void);
|
||||
+
|
||||
+/*
|
||||
+ * accel_{cpu_}ioctl_begin/end:
|
||||
+ * Mark when ioctl is about to run or just finished.
|
||||
+ *
|
||||
+ * accel_{cpu_}ioctl_begin will block after accel_ioctl_inhibit_begin() is
|
||||
+ * called, preventing new ioctls to run. They will continue only after
|
||||
+ * accel_ioctl_inibith_end().
|
||||
+ */
|
||||
+extern void accel_ioctl_begin(void);
|
||||
+extern void accel_ioctl_end(void);
|
||||
+extern void accel_cpu_ioctl_begin(CPUState *cpu);
|
||||
+extern void accel_cpu_ioctl_end(CPUState *cpu);
|
||||
+
|
||||
+/*
|
||||
+ * accel_ioctl_inhibit_begin: start critical section
|
||||
+ *
|
||||
+ * This function makes sure that:
|
||||
+ * 1) incoming accel_{cpu_}ioctl_begin() calls block
|
||||
+ * 2) wait that all ioctls that were already running reach
|
||||
+ * accel_{cpu_}ioctl_end(), kicking vcpus if necessary.
|
||||
+ *
|
||||
+ * This allows the caller to access shared data or perform operations without
|
||||
+ * worrying of concurrent vcpus accesses.
|
||||
+ */
|
||||
+extern void accel_ioctl_inhibit_begin(void);
|
||||
+
|
||||
+/*
|
||||
+ * accel_ioctl_inhibit_end: end critical section started by
|
||||
+ * accel_ioctl_inhibit_begin()
|
||||
+ *
|
||||
+ * This function allows blocked accel_{cpu_}ioctl_begin() to continue.
|
||||
+ */
|
||||
+extern void accel_ioctl_inhibit_end(void);
|
||||
+
|
||||
+#endif /* ACCEL_BLOCKER_H */
|
||||
diff --git a/util/meson.build b/util/meson.build
|
||||
index 05b593055a..b5f153b0e8 100644
|
||||
--- a/util/meson.build
|
||||
+++ b/util/meson.build
|
||||
@@ -48,6 +48,7 @@ util_ss.add(files('transactions.c'))
|
||||
util_ss.add(when: 'CONFIG_POSIX', if_true: files('drm.c'))
|
||||
util_ss.add(files('guest-random.c'))
|
||||
util_ss.add(files('yank.c'))
|
||||
+util_ss.add(files('lockcnt.c'))
|
||||
|
||||
if have_user
|
||||
util_ss.add(files('selfmap.c'))
|
||||
@@ -69,7 +70,6 @@ if have_block
|
||||
util_ss.add(files('hexdump.c'))
|
||||
util_ss.add(files('iova-tree.c'))
|
||||
util_ss.add(files('iov.c', 'qemu-sockets.c', 'uri.c'))
|
||||
- util_ss.add(files('lockcnt.c'))
|
||||
util_ss.add(files('main-loop.c'))
|
||||
util_ss.add(files('nvdimm-utils.c'))
|
||||
util_ss.add(files('qemu-coroutine.c', 'qemu-coroutine-lock.c', 'qemu-coroutine-io.c'))
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,165 @@
|
|||
From 3deffc03c2e9b0053eec5aeb5b5d633dfe29f499 Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Date: Wed, 6 Apr 2022 14:58:12 -0400
|
||||
Subject: [PATCH 1/3] acpi: fix acpi_index migration
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Peter Xu <peterx@redhat.com>
|
||||
RH-MergeRequest: 343: acpi: fix acpi_index migration
|
||||
RH-Jira: RHEL-20189
|
||||
RH-Acked-by: Leonardo Brás <leobras@redhat.com>
|
||||
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
|
||||
RH-Acked-by: Prasad Pandit <None>
|
||||
RH-Commit: [1/2] c5b9cdf5791cd856207b7df7e2ef5df360ec8de4
|
||||
|
||||
vmstate_acpi_pcihp_use_acpi_index() was expecting AcpiPciHpState
|
||||
as state but it actually received PIIX4PMState, because
|
||||
VMSTATE_PCI_HOTPLUG is a macro and not another struct.
|
||||
So it ended up accessing random pointer, which resulted
|
||||
in 'false' return value and acpi_index field wasn't ever
|
||||
sent.
|
||||
|
||||
However in 7.0 that pointer de-references to value > 0, and
|
||||
destination QEMU starts to expect the field which isn't
|
||||
sent in migratioon stream from older QEMU (6.2 and older).
|
||||
As result migration fails with:
|
||||
qemu-system-x86_64: Missing section footer for 0000:00:01.3/piix4_pm
|
||||
qemu-system-x86_64: load of migration failed: Invalid argument
|
||||
|
||||
In addition with QEMU-6.2, destination due to not expected
|
||||
state, also never expects the acpi_index field in migration
|
||||
stream.
|
||||
|
||||
Q35 is not affected as it always sends/expects the field as
|
||||
long as acpi based PCI hotplug is enabled.
|
||||
|
||||
Fix issue by introducing compat knob to never send/expect
|
||||
acpi_index in migration stream for 6.2 and older PC machine
|
||||
types and always send it for 7.0 and newer PC machine types.
|
||||
|
||||
Diagnosed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Fixes: b32bd76 ("pci: introduce acpi-index property for PCI device")
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/932
|
||||
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
(cherry picked from commit a83c2844903c45aa7d32cdd17305f23ce2c56ab9)
|
||||
Signed-off-by: Peter Xu <peterx@redhat.com>
|
||||
---
|
||||
hw/acpi/acpi-pci-hotplug-stub.c | 4 ----
|
||||
hw/acpi/pcihp.c | 6 ------
|
||||
hw/acpi/piix4.c | 15 ++++++++++++++-
|
||||
hw/core/machine.c | 5 +++++
|
||||
include/hw/acpi/pcihp.h | 2 --
|
||||
5 files changed, 19 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/hw/acpi/acpi-pci-hotplug-stub.c b/hw/acpi/acpi-pci-hotplug-stub.c
|
||||
index 734e4c5986..a43f6dafc9 100644
|
||||
--- a/hw/acpi/acpi-pci-hotplug-stub.c
|
||||
+++ b/hw/acpi/acpi-pci-hotplug-stub.c
|
||||
@@ -41,7 +41,3 @@ void acpi_pcihp_reset(AcpiPciHpState *s, bool acpihp_root_off)
|
||||
return;
|
||||
}
|
||||
|
||||
-bool vmstate_acpi_pcihp_use_acpi_index(void *opaque, int version_id)
|
||||
-{
|
||||
- return false;
|
||||
-}
|
||||
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
|
||||
index be0e846b34..ec861661c3 100644
|
||||
--- a/hw/acpi/pcihp.c
|
||||
+++ b/hw/acpi/pcihp.c
|
||||
@@ -559,12 +559,6 @@ void acpi_pcihp_init(Object *owner, AcpiPciHpState *s, PCIBus *root_bus,
|
||||
OBJ_PROP_FLAG_READ);
|
||||
}
|
||||
|
||||
-bool vmstate_acpi_pcihp_use_acpi_index(void *opaque, int version_id)
|
||||
-{
|
||||
- AcpiPciHpState *s = opaque;
|
||||
- return s->acpi_index;
|
||||
-}
|
||||
-
|
||||
const VMStateDescription vmstate_acpi_pcihp_pci_status = {
|
||||
.name = "acpi_pcihp_pci_status",
|
||||
.version_id = 1,
|
||||
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
|
||||
index 8d6011c0a3..033e75ce5b 100644
|
||||
--- a/hw/acpi/piix4.c
|
||||
+++ b/hw/acpi/piix4.c
|
||||
@@ -82,6 +82,7 @@ struct PIIX4PMState {
|
||||
AcpiPciHpState acpi_pci_hotplug;
|
||||
bool use_acpi_hotplug_bridge;
|
||||
bool use_acpi_root_pci_hotplug;
|
||||
+ bool not_migrate_acpi_index;
|
||||
|
||||
uint8_t disable_s3;
|
||||
uint8_t disable_s4;
|
||||
@@ -269,6 +270,16 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
|
||||
return pm_smbus_vmstate_needed();
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * This is a fudge to turn off the acpi_index field,
|
||||
+ * whose test was always broken on piix4 with 6.2 and older machine types.
|
||||
+ */
|
||||
+static bool vmstate_test_migrate_acpi_index(void *opaque, int version_id)
|
||||
+{
|
||||
+ PIIX4PMState *s = PIIX4_PM(opaque);
|
||||
+ return s->use_acpi_hotplug_bridge && !s->not_migrate_acpi_index;
|
||||
+}
|
||||
+
|
||||
/* qemu-kvm 1.2 uses version 3 but advertised as 2
|
||||
* To support incoming qemu-kvm 1.2 migration, change version_id
|
||||
* and minimum_version_id to 2 below (which breaks migration from
|
||||
@@ -299,7 +310,7 @@ static const VMStateDescription vmstate_acpi = {
|
||||
struct AcpiPciHpPciStatus),
|
||||
VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
|
||||
vmstate_test_use_acpi_hotplug_bridge,
|
||||
- vmstate_acpi_pcihp_use_acpi_index),
|
||||
+ vmstate_test_migrate_acpi_index),
|
||||
VMSTATE_END_OF_LIST()
|
||||
},
|
||||
.subsections = (const VMStateDescription*[]) {
|
||||
@@ -654,6 +665,8 @@ static Property piix4_pm_properties[] = {
|
||||
DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
|
||||
acpi_memory_hotplug.is_enabled, true),
|
||||
DEFINE_PROP_BOOL("smm-compat", PIIX4PMState, smm_compat, false),
|
||||
+ DEFINE_PROP_BOOL("x-not-migrate-acpi-index", PIIX4PMState,
|
||||
+ not_migrate_acpi_index, false),
|
||||
DEFINE_PROP_END_OF_LIST(),
|
||||
};
|
||||
|
||||
diff --git a/hw/core/machine.c b/hw/core/machine.c
|
||||
index 76fcabec7a..2724f6848a 100644
|
||||
--- a/hw/core/machine.c
|
||||
+++ b/hw/core/machine.c
|
||||
@@ -331,6 +331,11 @@ GlobalProperty hw_compat_rhel_7_1[] = {
|
||||
};
|
||||
const size_t hw_compat_rhel_7_1_len = G_N_ELEMENTS(hw_compat_rhel_7_1);
|
||||
|
||||
+GlobalProperty hw_compat_6_2[] = {
|
||||
+ { "PIIX4_PM", "x-not-migrate-acpi-index", "on"},
|
||||
+};
|
||||
+const size_t hw_compat_6_2_len = G_N_ELEMENTS(hw_compat_6_2);
|
||||
+
|
||||
GlobalProperty hw_compat_6_1[] = {
|
||||
{ "vhost-user-vsock-device", "seqpacket", "off" },
|
||||
{ "nvme-ns", "shared", "off" },
|
||||
diff --git a/include/hw/acpi/pcihp.h b/include/hw/acpi/pcihp.h
|
||||
index af1a169fc3..7e268c2c9c 100644
|
||||
--- a/include/hw/acpi/pcihp.h
|
||||
+++ b/include/hw/acpi/pcihp.h
|
||||
@@ -73,8 +73,6 @@ void acpi_pcihp_reset(AcpiPciHpState *s, bool acpihp_root_off);
|
||||
|
||||
extern const VMStateDescription vmstate_acpi_pcihp_pci_status;
|
||||
|
||||
-bool vmstate_acpi_pcihp_use_acpi_index(void *opaque, int version_id);
|
||||
-
|
||||
#define VMSTATE_PCI_HOTPLUG(pcihp, state, test_pcihp, test_acpi_index) \
|
||||
VMSTATE_UINT32_TEST(pcihp.hotplug_select, state, \
|
||||
test_pcihp), \
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
From 953c5c0982b61b0a3f8f03452844b5487eb22fc7 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:13:17 -0500
|
||||
Subject: [PATCH 06/13] aio-wait: switch to smp_mb__after_rmw()
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [6/10] 9f30f97754139ffd18d36b2350f9ed4e59ac496e
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit b532526a07ef3b903ead2e055fe6cc87b41057a3
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Fri Mar 3 11:03:52 2023 +0100
|
||||
|
||||
aio-wait: switch to smp_mb__after_rmw()
|
||||
|
||||
The barrier comes after an atomic increment, so it is enough to use
|
||||
smp_mb__after_rmw(); this avoids a double barrier on x86 systems.
|
||||
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
include/block/aio-wait.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
|
||||
index 54840f8622..03b6394c78 100644
|
||||
--- a/include/block/aio-wait.h
|
||||
+++ b/include/block/aio-wait.h
|
||||
@@ -82,7 +82,7 @@ extern AioWait global_aio_wait;
|
||||
/* Increment wait_->num_waiters before evaluating cond. */ \
|
||||
qatomic_inc(&wait_->num_waiters); \
|
||||
/* Paired with smp_mb in aio_wait_kick(). */ \
|
||||
- smp_mb(); \
|
||||
+ smp_mb__after_rmw(); \
|
||||
if (ctx_ && in_aio_context_home_thread(ctx_)) { \
|
||||
while ((cond)) { \
|
||||
aio_poll(ctx_, true); \
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
From d7eae0ff4c7f7f7bf10f10272adf7c6971c0db9b Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 09:26:35 -0500
|
||||
Subject: [PATCH 01/13] aio_wait_kick: add missing memory barrier
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [1/10] eb774aee79864052e14e706d931e52e7bd1162c8
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit 7455ff1aa01564cc175db5b2373e610503ad4411
|
||||
Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Tue May 24 13:30:54 2022 -0400
|
||||
|
||||
aio_wait_kick: add missing memory barrier
|
||||
|
||||
It seems that aio_wait_kick always required a memory barrier
|
||||
or atomic operation in the caller, but nobody actually
|
||||
took care of doing it.
|
||||
|
||||
Let's put the barrier in the function instead, and pair it
|
||||
with another one in AIO_WAIT_WHILE. Read aio_wait_kick()
|
||||
comment for further explanation.
|
||||
|
||||
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Message-Id: <20220524173054.12651-1-eesposit@redhat.com>
|
||||
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
include/block/aio-wait.h | 2 ++
|
||||
util/aio-wait.c | 16 +++++++++++++++-
|
||||
2 files changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
|
||||
index b39eefb38d..54840f8622 100644
|
||||
--- a/include/block/aio-wait.h
|
||||
+++ b/include/block/aio-wait.h
|
||||
@@ -81,6 +81,8 @@ extern AioWait global_aio_wait;
|
||||
AioContext *ctx_ = (ctx); \
|
||||
/* Increment wait_->num_waiters before evaluating cond. */ \
|
||||
qatomic_inc(&wait_->num_waiters); \
|
||||
+ /* Paired with smp_mb in aio_wait_kick(). */ \
|
||||
+ smp_mb(); \
|
||||
if (ctx_ && in_aio_context_home_thread(ctx_)) { \
|
||||
while ((cond)) { \
|
||||
aio_poll(ctx_, true); \
|
||||
diff --git a/util/aio-wait.c b/util/aio-wait.c
|
||||
index bdb3d3af22..98c5accd29 100644
|
||||
--- a/util/aio-wait.c
|
||||
+++ b/util/aio-wait.c
|
||||
@@ -35,7 +35,21 @@ static void dummy_bh_cb(void *opaque)
|
||||
|
||||
void aio_wait_kick(void)
|
||||
{
|
||||
- /* The barrier (or an atomic op) is in the caller. */
|
||||
+ /*
|
||||
+ * Paired with smp_mb in AIO_WAIT_WHILE. Here we have:
|
||||
+ * write(condition);
|
||||
+ * aio_wait_kick() {
|
||||
+ * smp_mb();
|
||||
+ * read(num_waiters);
|
||||
+ * }
|
||||
+ *
|
||||
+ * And in AIO_WAIT_WHILE:
|
||||
+ * write(num_waiters);
|
||||
+ * smp_mb();
|
||||
+ * read(condition);
|
||||
+ */
|
||||
+ smp_mb();
|
||||
+
|
||||
if (qatomic_read(&global_aio_wait.num_waiters)) {
|
||||
aio_bh_schedule_oneshot(qemu_get_aio_context(), dummy_bh_cb, NULL);
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From 47d027147694fde94dd73305ee53b6a136cbeced Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 08/15] apic: disable reentrancy detection for apic-msi
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [8/12] 25c3cf99b00cd9adc10d6e7afa9c3e3b7da08de2 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit 50795ee051a342c681a9b45671c552fbd6274db8
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:13 2023 -0400
|
||||
|
||||
apic: disable reentrancy detection for apic-msi
|
||||
|
||||
As the code is designed for re-entrant calls to apic-msi, mark apic-msi
|
||||
as reentrancy-safe.
|
||||
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Message-Id: <20230427211013.2994127-9-alxndr@bu.edu>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/intc/apic.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
|
||||
index 3df11c34d6..a7c2b301a8 100644
|
||||
--- a/hw/intc/apic.c
|
||||
+++ b/hw/intc/apic.c
|
||||
@@ -883,6 +883,13 @@ static void apic_realize(DeviceState *dev, Error **errp)
|
||||
memory_region_init_io(&s->io_memory, OBJECT(s), &apic_io_ops, s, "apic-msi",
|
||||
APIC_SPACE_SIZE);
|
||||
|
||||
+ /*
|
||||
+ * apic-msi's apic_mem_write can call into ioapic_eoi_broadcast, which can
|
||||
+ * write back to apic-msi. As such mark the apic-msi region re-entrancy
|
||||
+ * safe.
|
||||
+ */
|
||||
+ s->io_memory.disable_reentrancy_guard = true;
|
||||
+
|
||||
s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, apic_timer, s);
|
||||
local_apics[s->id] = s;
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,235 @@
|
|||
From 8996ac4369de7e0cb6f911db6f47c3e4ae88c8aa Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 02/15] async: Add an optional reentrancy guard to the BH API
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [2/12] b03f247e242a6cdb3eebec36477234ac77dcd20c (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
Conflict: The file block/graph-lock.h, inluded from include/block/aio.h,
|
||||
doesn't exist in this code version. The code compiles without
|
||||
issues if this include is just omitted, so we do that.
|
||||
|
||||
commit 9c86c97f12c060bf7484dd931f38634e166a81f0
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:07 2023 -0400
|
||||
|
||||
async: Add an optional reentrancy guard to the BH API
|
||||
|
||||
Devices can pass their MemoryReentrancyGuard (from their DeviceState),
|
||||
when creating new BHes. Then, the async API will toggle the guard
|
||||
before/after calling the BH call-back. This prevents bh->mmio reentrancy
|
||||
issues.
|
||||
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Message-Id: <20230427211013.2994127-3-alxndr@bu.edu>
|
||||
[thuth: Fix "line over 90 characters" checkpatch.pl error]
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
docs/devel/multiple-iothreads.txt | 7 +++++++
|
||||
include/block/aio.h | 18 ++++++++++++++++--
|
||||
include/qemu/main-loop.h | 7 +++++--
|
||||
tests/unit/ptimer-test-stubs.c | 3 ++-
|
||||
util/async.c | 18 +++++++++++++++++-
|
||||
util/main-loop.c | 6 ++++--
|
||||
util/trace-events | 1 +
|
||||
7 files changed, 52 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/docs/devel/multiple-iothreads.txt b/docs/devel/multiple-iothreads.txt
|
||||
index aeb997bed5..a11576bc74 100644
|
||||
--- a/docs/devel/multiple-iothreads.txt
|
||||
+++ b/docs/devel/multiple-iothreads.txt
|
||||
@@ -61,6 +61,7 @@ There are several old APIs that use the main loop AioContext:
|
||||
* LEGACY qemu_aio_set_event_notifier() - monitor an event notifier
|
||||
* LEGACY timer_new_ms() - create a timer
|
||||
* LEGACY qemu_bh_new() - create a BH
|
||||
+ * LEGACY qemu_bh_new_guarded() - create a BH with a device re-entrancy guard
|
||||
* LEGACY qemu_aio_wait() - run an event loop iteration
|
||||
|
||||
Since they implicitly work on the main loop they cannot be used in code that
|
||||
@@ -72,8 +73,14 @@ Instead, use the AioContext functions directly (see include/block/aio.h):
|
||||
* aio_set_event_notifier() - monitor an event notifier
|
||||
* aio_timer_new() - create a timer
|
||||
* aio_bh_new() - create a BH
|
||||
+ * aio_bh_new_guarded() - create a BH with a device re-entrancy guard
|
||||
* aio_poll() - run an event loop iteration
|
||||
|
||||
+The qemu_bh_new_guarded/aio_bh_new_guarded APIs accept a "MemReentrancyGuard"
|
||||
+argument, which is used to check for and prevent re-entrancy problems. For
|
||||
+BHs associated with devices, the reentrancy-guard is contained in the
|
||||
+corresponding DeviceState and named "mem_reentrancy_guard".
|
||||
+
|
||||
The AioContext can be obtained from the IOThread using
|
||||
iothread_get_aio_context() or for the main loop using qemu_get_aio_context().
|
||||
Code that takes an AioContext argument works both in IOThreads or the main
|
||||
diff --git a/include/block/aio.h b/include/block/aio.h
|
||||
index 47fbe9d81f..c7da152985 100644
|
||||
--- a/include/block/aio.h
|
||||
+++ b/include/block/aio.h
|
||||
@@ -22,6 +22,8 @@
|
||||
#include "qemu/event_notifier.h"
|
||||
#include "qemu/thread.h"
|
||||
#include "qemu/timer.h"
|
||||
+#include "hw/qdev-core.h"
|
||||
+
|
||||
|
||||
typedef struct BlockAIOCB BlockAIOCB;
|
||||
typedef void BlockCompletionFunc(void *opaque, int ret);
|
||||
@@ -321,9 +323,11 @@ void aio_bh_schedule_oneshot_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque,
|
||||
* is opaque and must be allocated prior to its use.
|
||||
*
|
||||
* @name: A human-readable identifier for debugging purposes.
|
||||
+ * @reentrancy_guard: A guard set when entering a cb to prevent
|
||||
+ * device-reentrancy issues
|
||||
*/
|
||||
QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque,
|
||||
- const char *name);
|
||||
+ const char *name, MemReentrancyGuard *reentrancy_guard);
|
||||
|
||||
/**
|
||||
* aio_bh_new: Allocate a new bottom half structure
|
||||
@@ -332,7 +336,17 @@ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque,
|
||||
* string.
|
||||
*/
|
||||
#define aio_bh_new(ctx, cb, opaque) \
|
||||
- aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)))
|
||||
+ aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)), NULL)
|
||||
+
|
||||
+/**
|
||||
+ * aio_bh_new_guarded: Allocate a new bottom half structure with a
|
||||
+ * reentrancy_guard
|
||||
+ *
|
||||
+ * A convenience wrapper for aio_bh_new_full() that uses the cb as the name
|
||||
+ * string.
|
||||
+ */
|
||||
+#define aio_bh_new_guarded(ctx, cb, opaque, guard) \
|
||||
+ aio_bh_new_full((ctx), (cb), (opaque), (stringify(cb)), guard)
|
||||
|
||||
/**
|
||||
* aio_notify: Force processing of pending events.
|
||||
diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
|
||||
index 8dbc6fcb89..85dd5ada9e 100644
|
||||
--- a/include/qemu/main-loop.h
|
||||
+++ b/include/qemu/main-loop.h
|
||||
@@ -294,9 +294,12 @@ void qemu_cond_timedwait_iothread(QemuCond *cond, int ms);
|
||||
|
||||
void qemu_fd_register(int fd);
|
||||
|
||||
+#define qemu_bh_new_guarded(cb, opaque, guard) \
|
||||
+ qemu_bh_new_full((cb), (opaque), (stringify(cb)), guard)
|
||||
#define qemu_bh_new(cb, opaque) \
|
||||
- qemu_bh_new_full((cb), (opaque), (stringify(cb)))
|
||||
-QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name);
|
||||
+ qemu_bh_new_full((cb), (opaque), (stringify(cb)), NULL)
|
||||
+QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name,
|
||||
+ MemReentrancyGuard *reentrancy_guard);
|
||||
void qemu_bh_schedule_idle(QEMUBH *bh);
|
||||
|
||||
enum {
|
||||
diff --git a/tests/unit/ptimer-test-stubs.c b/tests/unit/ptimer-test-stubs.c
|
||||
index 2a3ef58799..a7a2d08e7e 100644
|
||||
--- a/tests/unit/ptimer-test-stubs.c
|
||||
+++ b/tests/unit/ptimer-test-stubs.c
|
||||
@@ -108,7 +108,8 @@ int64_t qemu_clock_deadline_ns_all(QEMUClockType type, int attr_mask)
|
||||
return deadline;
|
||||
}
|
||||
|
||||
-QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name)
|
||||
+QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name,
|
||||
+ MemReentrancyGuard *reentrancy_guard)
|
||||
{
|
||||
QEMUBH *bh = g_new(QEMUBH, 1);
|
||||
|
||||
diff --git a/util/async.c b/util/async.c
|
||||
index 2a63bf90f2..1fff02e7fc 100644
|
||||
--- a/util/async.c
|
||||
+++ b/util/async.c
|
||||
@@ -62,6 +62,7 @@ struct QEMUBH {
|
||||
void *opaque;
|
||||
QSLIST_ENTRY(QEMUBH) next;
|
||||
unsigned flags;
|
||||
+ MemReentrancyGuard *reentrancy_guard;
|
||||
};
|
||||
|
||||
/* Called concurrently from any thread */
|
||||
@@ -127,7 +128,7 @@ void aio_bh_schedule_oneshot_full(AioContext *ctx, QEMUBHFunc *cb,
|
||||
}
|
||||
|
||||
QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque,
|
||||
- const char *name)
|
||||
+ const char *name, MemReentrancyGuard *reentrancy_guard)
|
||||
{
|
||||
QEMUBH *bh;
|
||||
bh = g_new(QEMUBH, 1);
|
||||
@@ -136,13 +137,28 @@ QEMUBH *aio_bh_new_full(AioContext *ctx, QEMUBHFunc *cb, void *opaque,
|
||||
.cb = cb,
|
||||
.opaque = opaque,
|
||||
.name = name,
|
||||
+ .reentrancy_guard = reentrancy_guard,
|
||||
};
|
||||
return bh;
|
||||
}
|
||||
|
||||
void aio_bh_call(QEMUBH *bh)
|
||||
{
|
||||
+ bool last_engaged_in_io = false;
|
||||
+
|
||||
+ if (bh->reentrancy_guard) {
|
||||
+ last_engaged_in_io = bh->reentrancy_guard->engaged_in_io;
|
||||
+ if (bh->reentrancy_guard->engaged_in_io) {
|
||||
+ trace_reentrant_aio(bh->ctx, bh->name);
|
||||
+ }
|
||||
+ bh->reentrancy_guard->engaged_in_io = true;
|
||||
+ }
|
||||
+
|
||||
bh->cb(bh->opaque);
|
||||
+
|
||||
+ if (bh->reentrancy_guard) {
|
||||
+ bh->reentrancy_guard->engaged_in_io = last_engaged_in_io;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Multiple occurrences of aio_bh_poll cannot be called concurrently. */
|
||||
diff --git a/util/main-loop.c b/util/main-loop.c
|
||||
index 06b18b195c..1eacf04691 100644
|
||||
--- a/util/main-loop.c
|
||||
+++ b/util/main-loop.c
|
||||
@@ -544,9 +544,11 @@ void main_loop_wait(int nonblocking)
|
||||
|
||||
/* Functions to operate on the main QEMU AioContext. */
|
||||
|
||||
-QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name)
|
||||
+QEMUBH *qemu_bh_new_full(QEMUBHFunc *cb, void *opaque, const char *name,
|
||||
+ MemReentrancyGuard *reentrancy_guard)
|
||||
{
|
||||
- return aio_bh_new_full(qemu_aio_context, cb, opaque, name);
|
||||
+ return aio_bh_new_full(qemu_aio_context, cb, opaque, name,
|
||||
+ reentrancy_guard);
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/util/trace-events b/util/trace-events
|
||||
index c8f53d7d9f..dc3b1eb3bf 100644
|
||||
--- a/util/trace-events
|
||||
+++ b/util/trace-events
|
||||
@@ -11,6 +11,7 @@ poll_remove(void *ctx, void *node, int fd) "ctx %p node %p fd %d"
|
||||
# async.c
|
||||
aio_co_schedule(void *ctx, void *co) "ctx %p co %p"
|
||||
aio_co_schedule_bh_cb(void *ctx, void *co) "ctx %p co %p"
|
||||
+reentrant_aio(void *ctx, const char *name) "ctx %p name %s"
|
||||
|
||||
# thread-pool.c
|
||||
thread_pool_submit(void *pool, void *req, void *opaque) "pool %p req %p opaque %p"
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
From d754050d260e2ad890cecd975df6e163c531b40e Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 09/15] async: avoid use-after-free on re-entrancy guard
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [9/12] d357650e581c3921bbfe3e2fde5e3f55853b5fab (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit 7915bd06f25e1803778081161bf6fa10c42dc7cd
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Mon May 1 10:19:56 2023 -0400
|
||||
|
||||
async: avoid use-after-free on re-entrancy guard
|
||||
|
||||
A BH callback can free the BH, causing a use-after-free in aio_bh_call.
|
||||
Fix that by keeping a local copy of the re-entrancy guard pointer.
|
||||
|
||||
Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58513
|
||||
Fixes: 9c86c97f12 ("async: Add an optional reentrancy guard to the BH API")
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Message-Id: <20230501141956.3444868-1-alxndr@bu.edu>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
util/async.c | 14 ++++++++------
|
||||
1 file changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/util/async.c b/util/async.c
|
||||
index 1fff02e7fc..ffe0541c3b 100644
|
||||
--- a/util/async.c
|
||||
+++ b/util/async.c
|
||||
@@ -146,18 +146,20 @@ void aio_bh_call(QEMUBH *bh)
|
||||
{
|
||||
bool last_engaged_in_io = false;
|
||||
|
||||
- if (bh->reentrancy_guard) {
|
||||
- last_engaged_in_io = bh->reentrancy_guard->engaged_in_io;
|
||||
- if (bh->reentrancy_guard->engaged_in_io) {
|
||||
+ /* Make a copy of the guard-pointer as cb may free the bh */
|
||||
+ MemReentrancyGuard *reentrancy_guard = bh->reentrancy_guard;
|
||||
+ if (reentrancy_guard) {
|
||||
+ last_engaged_in_io = reentrancy_guard->engaged_in_io;
|
||||
+ if (reentrancy_guard->engaged_in_io) {
|
||||
trace_reentrant_aio(bh->ctx, bh->name);
|
||||
}
|
||||
- bh->reentrancy_guard->engaged_in_io = true;
|
||||
+ reentrancy_guard->engaged_in_io = true;
|
||||
}
|
||||
|
||||
bh->cb(bh->opaque);
|
||||
|
||||
- if (bh->reentrancy_guard) {
|
||||
- bh->reentrancy_guard->engaged_in_io = last_engaged_in_io;
|
||||
+ if (reentrancy_guard) {
|
||||
+ reentrancy_guard->engaged_in_io = last_engaged_in_io;
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
From 187eb7a418af93375e42298d06e231e2bec3cf00 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:15:42 -0500
|
||||
Subject: [PATCH 10/13] async: clarify usage of barriers in the polling case
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [10/10] 3be07ccc6137a0336becfe63a818d9cbadb38e9c
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit 6229438cca037d42f44a96d38feb15cb102a444f
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon Mar 6 10:43:52 2023 +0100
|
||||
|
||||
async: clarify usage of barriers in the polling case
|
||||
|
||||
Explain that aio_context_notifier_poll() relies on
|
||||
aio_notify_accept() to catch all the memory writes that were
|
||||
done before ctx->notified was set to true.
|
||||
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
util/async.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/util/async.c b/util/async.c
|
||||
index 795fe699b6..2a63bf90f2 100644
|
||||
--- a/util/async.c
|
||||
+++ b/util/async.c
|
||||
@@ -463,8 +463,9 @@ void aio_notify_accept(AioContext *ctx)
|
||||
qatomic_set(&ctx->notified, false);
|
||||
|
||||
/*
|
||||
- * Write ctx->notified before reading e.g. bh->flags. Pairs with smp_wmb
|
||||
- * in aio_notify.
|
||||
+ * Order reads of ctx->notified (in aio_context_notifier_poll()) and the
|
||||
+ * above clearing of ctx->notified before reads of e.g. bh->flags. Pairs
|
||||
+ * with smp_wmb() in aio_notify.
|
||||
*/
|
||||
smp_mb();
|
||||
}
|
||||
@@ -487,6 +488,11 @@ static bool aio_context_notifier_poll(void *opaque)
|
||||
EventNotifier *e = opaque;
|
||||
AioContext *ctx = container_of(e, AioContext, notifier);
|
||||
|
||||
+ /*
|
||||
+ * No need for load-acquire because we just want to kick the
|
||||
+ * event loop. aio_notify_accept() takes care of synchronizing
|
||||
+ * the event loop with the producers.
|
||||
+ */
|
||||
return qatomic_read(&ctx->notified);
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,111 @@
|
|||
From ea3856bb545d19499602830cdc3076d83a981e7a Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:15:36 -0500
|
||||
Subject: [PATCH 09/13] async: update documentation of the memory barriers
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [9/10] d471da2acf7a107cf75f3327c5e8d7456307160e
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit 8dd48650b43dfde4ebea34191ac267e474bcc29e
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon Mar 6 10:15:06 2023 +0100
|
||||
|
||||
async: update documentation of the memory barriers
|
||||
|
||||
Ever since commit 8c6b0356b539 ("util/async: make bh_aio_poll() O(1)",
|
||||
2020-02-22), synchronization between qemu_bh_schedule() and aio_bh_poll()
|
||||
is happening when the bottom half is enqueued in the bh_list; not
|
||||
when the flags are set. Update the documentation to match.
|
||||
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
util/async.c | 33 +++++++++++++++++++--------------
|
||||
1 file changed, 19 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/util/async.c b/util/async.c
|
||||
index 6f6717a34b..795fe699b6 100644
|
||||
--- a/util/async.c
|
||||
+++ b/util/async.c
|
||||
@@ -71,14 +71,21 @@ static void aio_bh_enqueue(QEMUBH *bh, unsigned new_flags)
|
||||
unsigned old_flags;
|
||||
|
||||
/*
|
||||
- * The memory barrier implicit in qatomic_fetch_or makes sure that:
|
||||
- * 1. idle & any writes needed by the callback are done before the
|
||||
- * locations are read in the aio_bh_poll.
|
||||
- * 2. ctx is loaded before the callback has a chance to execute and bh
|
||||
- * could be freed.
|
||||
+ * Synchronizes with atomic_fetch_and() in aio_bh_dequeue(), ensuring that
|
||||
+ * insertion starts after BH_PENDING is set.
|
||||
*/
|
||||
old_flags = qatomic_fetch_or(&bh->flags, BH_PENDING | new_flags);
|
||||
+
|
||||
if (!(old_flags & BH_PENDING)) {
|
||||
+ /*
|
||||
+ * At this point the bottom half becomes visible to aio_bh_poll().
|
||||
+ * This insertion thus synchronizes with QSLIST_MOVE_ATOMIC in
|
||||
+ * aio_bh_poll(), ensuring that:
|
||||
+ * 1. any writes needed by the callback are visible from the callback
|
||||
+ * after aio_bh_dequeue() returns bh.
|
||||
+ * 2. ctx is loaded before the callback has a chance to execute and bh
|
||||
+ * could be freed.
|
||||
+ */
|
||||
QSLIST_INSERT_HEAD_ATOMIC(&ctx->bh_list, bh, next);
|
||||
}
|
||||
|
||||
@@ -97,11 +104,8 @@ static QEMUBH *aio_bh_dequeue(BHList *head, unsigned *flags)
|
||||
QSLIST_REMOVE_HEAD(head, next);
|
||||
|
||||
/*
|
||||
- * The qatomic_and is paired with aio_bh_enqueue(). The implicit memory
|
||||
- * barrier ensures that the callback sees all writes done by the scheduling
|
||||
- * thread. It also ensures that the scheduling thread sees the cleared
|
||||
- * flag before bh->cb has run, and thus will call aio_notify again if
|
||||
- * necessary.
|
||||
+ * Synchronizes with qatomic_fetch_or() in aio_bh_enqueue(), ensuring that
|
||||
+ * the removal finishes before BH_PENDING is reset.
|
||||
*/
|
||||
*flags = qatomic_fetch_and(&bh->flags,
|
||||
~(BH_PENDING | BH_SCHEDULED | BH_IDLE));
|
||||
@@ -148,6 +152,7 @@ int aio_bh_poll(AioContext *ctx)
|
||||
BHListSlice *s;
|
||||
int ret = 0;
|
||||
|
||||
+ /* Synchronizes with QSLIST_INSERT_HEAD_ATOMIC in aio_bh_enqueue(). */
|
||||
QSLIST_MOVE_ATOMIC(&slice.bh_list, &ctx->bh_list);
|
||||
QSIMPLEQ_INSERT_TAIL(&ctx->bh_slice_list, &slice, next);
|
||||
|
||||
@@ -437,15 +442,15 @@ LuringState *aio_get_linux_io_uring(AioContext *ctx)
|
||||
void aio_notify(AioContext *ctx)
|
||||
{
|
||||
/*
|
||||
- * Write e.g. bh->flags before writing ctx->notified. Pairs with smp_mb in
|
||||
- * aio_notify_accept.
|
||||
+ * Write e.g. ctx->bh_list before writing ctx->notified. Pairs with
|
||||
+ * smp_mb() in aio_notify_accept().
|
||||
*/
|
||||
smp_wmb();
|
||||
qatomic_set(&ctx->notified, true);
|
||||
|
||||
/*
|
||||
- * Write ctx->notified before reading ctx->notify_me. Pairs
|
||||
- * with smp_mb in aio_ctx_prepare or aio_poll.
|
||||
+ * Write ctx->notified (and also ctx->bh_list) before reading ctx->notify_me.
|
||||
+ * Pairs with smp_mb() in aio_ctx_prepare or aio_poll.
|
||||
*/
|
||||
smp_mb();
|
||||
if (qatomic_read(&ctx->notify_me)) {
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
From 60da56e3685969493ae483c3cc2c66af13d00baf Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Wed, 10 Aug 2022 14:57:18 +0200
|
||||
Subject: [PATCH 1/3] backends/hostmem: Fix support of memory-backend-memfd in
|
||||
qemu_maxrampagesize()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <None>
|
||||
RH-MergeRequest: 221: backends/hostmem: Fix support of memory-backend-memfd in qemu_maxrampagesize()
|
||||
RH-Bugzilla: 2117149
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Commit: [1/1] b5a1047750af32c0a261b8385ea0e819eb16681a
|
||||
|
||||
It is currently not possible yet to use "memory-backend-memfd" on s390x
|
||||
with hugepages enabled. This problem is caused by qemu_maxrampagesize()
|
||||
not taking memory-backend-memfd objects into account yet, so the code
|
||||
in s390_memory_init() fails to enable the huge page support there via
|
||||
s390_set_max_pagesize(). Fix it by generalizing the code, so that it
|
||||
looks at qemu_ram_pagesize(memdev->mr.ram_block) instead of re-trying
|
||||
to get the information from the filesystem.
|
||||
|
||||
Suggested-by: David Hildenbrand <david@redhat.com>
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2116496
|
||||
Message-Id: <20220810125720.3849835-2-thuth@redhat.com>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
(cherry picked from commit 8be934b70e923104da883b990dee18f02552d40e)
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2117149
|
||||
[clg: Resolved conflict on qemu_real_host_page_size() ]
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
backends/hostmem.c | 14 ++------------
|
||||
1 file changed, 2 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/backends/hostmem.c b/backends/hostmem.c
|
||||
index 4c05862ed5..0c4654ea85 100644
|
||||
--- a/backends/hostmem.c
|
||||
+++ b/backends/hostmem.c
|
||||
@@ -305,22 +305,12 @@ bool host_memory_backend_is_mapped(HostMemoryBackend *backend)
|
||||
return backend->is_mapped;
|
||||
}
|
||||
|
||||
-#ifdef __linux__
|
||||
size_t host_memory_backend_pagesize(HostMemoryBackend *memdev)
|
||||
{
|
||||
- Object *obj = OBJECT(memdev);
|
||||
- char *path = object_property_get_str(obj, "mem-path", NULL);
|
||||
- size_t pagesize = qemu_mempath_getpagesize(path);
|
||||
-
|
||||
- g_free(path);
|
||||
+ size_t pagesize = qemu_ram_pagesize(memdev->mr.ram_block);
|
||||
+ g_assert(pagesize >= qemu_real_host_page_size);
|
||||
return pagesize;
|
||||
}
|
||||
-#else
|
||||
-size_t host_memory_backend_pagesize(HostMemoryBackend *memdev)
|
||||
-{
|
||||
- return qemu_real_host_page_size;
|
||||
-}
|
||||
-#endif
|
||||
|
||||
static void
|
||||
host_memory_backend_memory_complete(UserCreatable *uc, Error **errp)
|
||||
--
|
||||
2.35.3
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
From 7715635d018351e0a5c4c25aec2c71a2fe3b9e69 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 06/15] bcm2835_property: disable reentrancy detection for
|
||||
iomem
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [6/12] 4d6187430ca1c4309a36824c0c6815d2a763db1a (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit 985c4a4e547afb9573b6bd6843d20eb2c3d1d1cd
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:11 2023 -0400
|
||||
|
||||
bcm2835_property: disable reentrancy detection for iomem
|
||||
|
||||
As the code is designed for re-entrant calls from bcm2835_property to
|
||||
bcm2835_mbox and back into bcm2835_property, mark iomem as
|
||||
reentrancy-safe.
|
||||
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Message-Id: <20230427211013.2994127-7-alxndr@bu.edu>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/misc/bcm2835_property.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
|
||||
index 73941bdae9..022b5a849c 100644
|
||||
--- a/hw/misc/bcm2835_property.c
|
||||
+++ b/hw/misc/bcm2835_property.c
|
||||
@@ -377,6 +377,13 @@ static void bcm2835_property_init(Object *obj)
|
||||
|
||||
memory_region_init_io(&s->iomem, OBJECT(s), &bcm2835_property_ops, s,
|
||||
TYPE_BCM2835_PROPERTY, 0x10);
|
||||
+
|
||||
+ /*
|
||||
+ * bcm2835_property_ops call into bcm2835_mbox, which in-turn reads from
|
||||
+ * iomem. As such, mark iomem as re-entracy safe.
|
||||
+ */
|
||||
+ s->iomem.disable_reentrancy_guard = true;
|
||||
+
|
||||
sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
|
||||
sysbus_init_irq(SYS_BUS_DEVICE(s), &s->mbox_irq);
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,359 @@
|
|||
From 1f7520baa6f0bf02ccba2ebfe7d1d5bf6520f95a Mon Sep 17 00:00:00 2001
|
||||
From: Hanna Czenczek <hreitz@redhat.com>
|
||||
Date: Tue, 11 Apr 2023 19:34:16 +0200
|
||||
Subject: [PATCH 2/5] block: Collapse padded I/O vecs exceeding IOV_MAX
|
||||
|
||||
RH-Author: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-MergeRequest: 291: block: Split padded I/O vectors exceeding IOV_MAX
|
||||
RH-Bugzilla: 2141964
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Commit: [2/5] 1d86ce8398e4ab66e308a686f9855c963e52b0a9
|
||||
|
||||
When processing vectored guest requests that are not aligned to the
|
||||
storage request alignment, we pad them by adding head and/or tail
|
||||
buffers for a read-modify-write cycle.
|
||||
|
||||
The guest can submit I/O vectors up to IOV_MAX (1024) in length, but
|
||||
with this padding, the vector can exceed that limit. As of
|
||||
4c002cef0e9abe7135d7916c51abce47f7fc1ee2 ("util/iov: make
|
||||
qemu_iovec_init_extended() honest"), we refuse to pad vectors beyond the
|
||||
limit, instead returning an error to the guest.
|
||||
|
||||
To the guest, this appears as a random I/O error. We should not return
|
||||
an I/O error to the guest when it issued a perfectly valid request.
|
||||
|
||||
Before 4c002cef0e9abe7135d7916c51abce47f7fc1ee2, we just made the vector
|
||||
longer than IOV_MAX, which generally seems to work (because the guest
|
||||
assumes a smaller alignment than we really have, file-posix's
|
||||
raw_co_prw() will generally see bdrv_qiov_is_aligned() return false, and
|
||||
so emulate the request, so that the IOV_MAX does not matter). However,
|
||||
that does not seem exactly great.
|
||||
|
||||
I see two ways to fix this problem:
|
||||
1. We split such long requests into two requests.
|
||||
2. We join some elements of the vector into new buffers to make it
|
||||
shorter.
|
||||
|
||||
I am wary of (1), because it seems like it may have unintended side
|
||||
effects.
|
||||
|
||||
(2) on the other hand seems relatively simple to implement, with
|
||||
hopefully few side effects, so this patch does that.
|
||||
|
||||
To do this, the use of qemu_iovec_init_extended() in bdrv_pad_request()
|
||||
is effectively replaced by the new function bdrv_create_padded_qiov(),
|
||||
which not only wraps the request IOV with padding head/tail, but also
|
||||
ensures that the resulting vector will not have more than IOV_MAX
|
||||
elements. Putting that functionality into qemu_iovec_init_extended() is
|
||||
infeasible because it requires allocating a bounce buffer; doing so
|
||||
would require many more parameters (buffer alignment, how to initialize
|
||||
the buffer, and out parameters like the buffer, its length, and the
|
||||
original elements), which is not reasonable.
|
||||
|
||||
Conversely, it is not difficult to move qemu_iovec_init_extended()'s
|
||||
functionality into bdrv_create_padded_qiov() by using public
|
||||
qemu_iovec_* functions, so that is what this patch does.
|
||||
|
||||
Because bdrv_pad_request() was the only "serious" user of
|
||||
qemu_iovec_init_extended(), the next patch will remove the latter
|
||||
function, so the functionality is not implemented twice.
|
||||
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2141964
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Message-Id: <20230411173418.19549-3-hreitz@redhat.com>
|
||||
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
|
||||
(cherry picked from commit 18743311b829cafc1737a5f20bc3248d5f91ee2a)
|
||||
|
||||
Conflicts:
|
||||
block/io.c: Downstream bdrv_pad_request() has no @flags
|
||||
parameter.
|
||||
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
---
|
||||
block/io.c | 166 ++++++++++++++++++++++++++++++++++++++++++++++++-----
|
||||
1 file changed, 151 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/block/io.c b/block/io.c
|
||||
index c3e7301613..0fe8f0dd40 100644
|
||||
--- a/block/io.c
|
||||
+++ b/block/io.c
|
||||
@@ -1624,6 +1624,14 @@ out:
|
||||
* @merge_reads is true for small requests,
|
||||
* if @buf_len == @head + bytes + @tail. In this case it is possible that both
|
||||
* head and tail exist but @buf_len == align and @tail_buf == @buf.
|
||||
+ *
|
||||
+ * @write is true for write requests, false for read requests.
|
||||
+ *
|
||||
+ * If padding makes the vector too long (exceeding IOV_MAX), then we need to
|
||||
+ * merge existing vector elements into a single one. @collapse_bounce_buf acts
|
||||
+ * as the bounce buffer in such cases. @pre_collapse_qiov has the pre-collapse
|
||||
+ * I/O vector elements so for read requests, the data can be copied back after
|
||||
+ * the read is done.
|
||||
*/
|
||||
typedef struct BdrvRequestPadding {
|
||||
uint8_t *buf;
|
||||
@@ -1632,11 +1640,17 @@ typedef struct BdrvRequestPadding {
|
||||
size_t head;
|
||||
size_t tail;
|
||||
bool merge_reads;
|
||||
+ bool write;
|
||||
QEMUIOVector local_qiov;
|
||||
+
|
||||
+ uint8_t *collapse_bounce_buf;
|
||||
+ size_t collapse_len;
|
||||
+ QEMUIOVector pre_collapse_qiov;
|
||||
} BdrvRequestPadding;
|
||||
|
||||
static bool bdrv_init_padding(BlockDriverState *bs,
|
||||
int64_t offset, int64_t bytes,
|
||||
+ bool write,
|
||||
BdrvRequestPadding *pad)
|
||||
{
|
||||
int64_t align = bs->bl.request_alignment;
|
||||
@@ -1668,6 +1682,8 @@ static bool bdrv_init_padding(BlockDriverState *bs,
|
||||
pad->tail_buf = pad->buf + pad->buf_len - align;
|
||||
}
|
||||
|
||||
+ pad->write = write;
|
||||
+
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -1733,8 +1749,23 @@ zero_mem:
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void bdrv_padding_destroy(BdrvRequestPadding *pad)
|
||||
+/**
|
||||
+ * Free *pad's associated buffers, and perform any necessary finalization steps.
|
||||
+ */
|
||||
+static void bdrv_padding_finalize(BdrvRequestPadding *pad)
|
||||
{
|
||||
+ if (pad->collapse_bounce_buf) {
|
||||
+ if (!pad->write) {
|
||||
+ /*
|
||||
+ * If padding required elements in the vector to be collapsed into a
|
||||
+ * bounce buffer, copy the bounce buffer content back
|
||||
+ */
|
||||
+ qemu_iovec_from_buf(&pad->pre_collapse_qiov, 0,
|
||||
+ pad->collapse_bounce_buf, pad->collapse_len);
|
||||
+ }
|
||||
+ qemu_vfree(pad->collapse_bounce_buf);
|
||||
+ qemu_iovec_destroy(&pad->pre_collapse_qiov);
|
||||
+ }
|
||||
if (pad->buf) {
|
||||
qemu_vfree(pad->buf);
|
||||
qemu_iovec_destroy(&pad->local_qiov);
|
||||
@@ -1742,6 +1773,101 @@ static void bdrv_padding_destroy(BdrvRequestPadding *pad)
|
||||
memset(pad, 0, sizeof(*pad));
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Create pad->local_qiov by wrapping @iov in the padding head and tail, while
|
||||
+ * ensuring that the resulting vector will not exceed IOV_MAX elements.
|
||||
+ *
|
||||
+ * To ensure this, when necessary, the first two or three elements of @iov are
|
||||
+ * merged into pad->collapse_bounce_buf and replaced by a reference to that
|
||||
+ * bounce buffer in pad->local_qiov.
|
||||
+ *
|
||||
+ * After performing a read request, the data from the bounce buffer must be
|
||||
+ * copied back into pad->pre_collapse_qiov (e.g. by bdrv_padding_finalize()).
|
||||
+ */
|
||||
+static int bdrv_create_padded_qiov(BlockDriverState *bs,
|
||||
+ BdrvRequestPadding *pad,
|
||||
+ struct iovec *iov, int niov,
|
||||
+ size_t iov_offset, size_t bytes)
|
||||
+{
|
||||
+ int padded_niov, surplus_count, collapse_count;
|
||||
+
|
||||
+ /* Assert this invariant */
|
||||
+ assert(niov <= IOV_MAX);
|
||||
+
|
||||
+ /*
|
||||
+ * Cannot pad if resulting length would exceed SIZE_MAX. Returning an error
|
||||
+ * to the guest is not ideal, but there is little else we can do. At least
|
||||
+ * this will practically never happen on 64-bit systems.
|
||||
+ */
|
||||
+ if (SIZE_MAX - pad->head < bytes ||
|
||||
+ SIZE_MAX - pad->head - bytes < pad->tail)
|
||||
+ {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+
|
||||
+ /* Length of the resulting IOV if we just concatenated everything */
|
||||
+ padded_niov = !!pad->head + niov + !!pad->tail;
|
||||
+
|
||||
+ qemu_iovec_init(&pad->local_qiov, MIN(padded_niov, IOV_MAX));
|
||||
+
|
||||
+ if (pad->head) {
|
||||
+ qemu_iovec_add(&pad->local_qiov, pad->buf, pad->head);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * If padded_niov > IOV_MAX, we cannot just concatenate everything.
|
||||
+ * Instead, merge the first two or three elements of @iov to reduce the
|
||||
+ * number of vector elements as necessary.
|
||||
+ */
|
||||
+ if (padded_niov > IOV_MAX) {
|
||||
+ /*
|
||||
+ * Only head and tail can have lead to the number of entries exceeding
|
||||
+ * IOV_MAX, so we can exceed it by the head and tail at most. We need
|
||||
+ * to reduce the number of elements by `surplus_count`, so we merge that
|
||||
+ * many elements plus one into one element.
|
||||
+ */
|
||||
+ surplus_count = padded_niov - IOV_MAX;
|
||||
+ assert(surplus_count <= !!pad->head + !!pad->tail);
|
||||
+ collapse_count = surplus_count + 1;
|
||||
+
|
||||
+ /*
|
||||
+ * Move the elements to collapse into `pad->pre_collapse_qiov`, then
|
||||
+ * advance `iov` (and associated variables) by those elements.
|
||||
+ */
|
||||
+ qemu_iovec_init(&pad->pre_collapse_qiov, collapse_count);
|
||||
+ qemu_iovec_concat_iov(&pad->pre_collapse_qiov, iov,
|
||||
+ collapse_count, iov_offset, SIZE_MAX);
|
||||
+ iov += collapse_count;
|
||||
+ iov_offset = 0;
|
||||
+ niov -= collapse_count;
|
||||
+ bytes -= pad->pre_collapse_qiov.size;
|
||||
+
|
||||
+ /*
|
||||
+ * Construct the bounce buffer to match the length of the to-collapse
|
||||
+ * vector elements, and for write requests, initialize it with the data
|
||||
+ * from those elements. Then add it to `pad->local_qiov`.
|
||||
+ */
|
||||
+ pad->collapse_len = pad->pre_collapse_qiov.size;
|
||||
+ pad->collapse_bounce_buf = qemu_blockalign(bs, pad->collapse_len);
|
||||
+ if (pad->write) {
|
||||
+ qemu_iovec_to_buf(&pad->pre_collapse_qiov, 0,
|
||||
+ pad->collapse_bounce_buf, pad->collapse_len);
|
||||
+ }
|
||||
+ qemu_iovec_add(&pad->local_qiov,
|
||||
+ pad->collapse_bounce_buf, pad->collapse_len);
|
||||
+ }
|
||||
+
|
||||
+ qemu_iovec_concat_iov(&pad->local_qiov, iov, niov, iov_offset, bytes);
|
||||
+
|
||||
+ if (pad->tail) {
|
||||
+ qemu_iovec_add(&pad->local_qiov,
|
||||
+ pad->buf + pad->buf_len - pad->tail, pad->tail);
|
||||
+ }
|
||||
+
|
||||
+ assert(pad->local_qiov.niov == MIN(padded_niov, IOV_MAX));
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* bdrv_pad_request
|
||||
*
|
||||
@@ -1749,6 +1875,8 @@ static void bdrv_padding_destroy(BdrvRequestPadding *pad)
|
||||
* read of padding, bdrv_padding_rmw_read() should be called separately if
|
||||
* needed.
|
||||
*
|
||||
+ * @write is true for write requests, false for read requests.
|
||||
+ *
|
||||
* Request parameters (@qiov, &qiov_offset, &offset, &bytes) are in-out:
|
||||
* - on function start they represent original request
|
||||
* - on failure or when padding is not needed they are unchanged
|
||||
@@ -1757,25 +1885,33 @@ static void bdrv_padding_destroy(BdrvRequestPadding *pad)
|
||||
static int bdrv_pad_request(BlockDriverState *bs,
|
||||
QEMUIOVector **qiov, size_t *qiov_offset,
|
||||
int64_t *offset, int64_t *bytes,
|
||||
+ bool write,
|
||||
BdrvRequestPadding *pad, bool *padded)
|
||||
{
|
||||
int ret;
|
||||
+ struct iovec *sliced_iov;
|
||||
+ int sliced_niov;
|
||||
+ size_t sliced_head, sliced_tail;
|
||||
|
||||
bdrv_check_qiov_request(*offset, *bytes, *qiov, *qiov_offset, &error_abort);
|
||||
|
||||
- if (!bdrv_init_padding(bs, *offset, *bytes, pad)) {
|
||||
+ if (!bdrv_init_padding(bs, *offset, *bytes, write, pad)) {
|
||||
if (padded) {
|
||||
*padded = false;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
- ret = qemu_iovec_init_extended(&pad->local_qiov, pad->buf, pad->head,
|
||||
- *qiov, *qiov_offset, *bytes,
|
||||
- pad->buf + pad->buf_len - pad->tail,
|
||||
- pad->tail);
|
||||
+ sliced_iov = qemu_iovec_slice(*qiov, *qiov_offset, *bytes,
|
||||
+ &sliced_head, &sliced_tail,
|
||||
+ &sliced_niov);
|
||||
+
|
||||
+ /* Guaranteed by bdrv_check_qiov_request() */
|
||||
+ assert(*bytes <= SIZE_MAX);
|
||||
+ ret = bdrv_create_padded_qiov(bs, pad, sliced_iov, sliced_niov,
|
||||
+ sliced_head, *bytes);
|
||||
if (ret < 0) {
|
||||
- bdrv_padding_destroy(pad);
|
||||
+ bdrv_padding_finalize(pad);
|
||||
return ret;
|
||||
}
|
||||
*bytes += pad->head + pad->tail;
|
||||
@@ -1836,8 +1972,8 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
|
||||
flags |= BDRV_REQ_COPY_ON_READ;
|
||||
}
|
||||
|
||||
- ret = bdrv_pad_request(bs, &qiov, &qiov_offset, &offset, &bytes, &pad,
|
||||
- NULL);
|
||||
+ ret = bdrv_pad_request(bs, &qiov, &qiov_offset, &offset, &bytes, false,
|
||||
+ &pad, NULL);
|
||||
if (ret < 0) {
|
||||
goto fail;
|
||||
}
|
||||
@@ -1847,7 +1983,7 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
|
||||
bs->bl.request_alignment,
|
||||
qiov, qiov_offset, flags);
|
||||
tracked_request_end(&req);
|
||||
- bdrv_padding_destroy(&pad);
|
||||
+ bdrv_padding_finalize(&pad);
|
||||
|
||||
fail:
|
||||
bdrv_dec_in_flight(bs);
|
||||
@@ -2167,7 +2303,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BdrvChild *child,
|
||||
bool padding;
|
||||
BdrvRequestPadding pad;
|
||||
|
||||
- padding = bdrv_init_padding(bs, offset, bytes, &pad);
|
||||
+ padding = bdrv_init_padding(bs, offset, bytes, true, &pad);
|
||||
if (padding) {
|
||||
bdrv_make_request_serialising(req, align);
|
||||
|
||||
@@ -2214,7 +2350,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BdrvChild *child,
|
||||
}
|
||||
|
||||
out:
|
||||
- bdrv_padding_destroy(&pad);
|
||||
+ bdrv_padding_finalize(&pad);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -2280,8 +2416,8 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
|
||||
* bdrv_co_do_zero_pwritev() does aligning by itself, so, we do
|
||||
* alignment only if there is no ZERO flag.
|
||||
*/
|
||||
- ret = bdrv_pad_request(bs, &qiov, &qiov_offset, &offset, &bytes, &pad,
|
||||
- &padded);
|
||||
+ ret = bdrv_pad_request(bs, &qiov, &qiov_offset, &offset, &bytes, true,
|
||||
+ &pad, &padded);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
@@ -2310,7 +2446,7 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
|
||||
ret = bdrv_aligned_pwritev(child, &req, offset, bytes, align,
|
||||
qiov, qiov_offset, flags);
|
||||
|
||||
- bdrv_padding_destroy(&pad);
|
||||
+ bdrv_padding_finalize(&pad);
|
||||
|
||||
out:
|
||||
tracked_request_end(&req);
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
From b9866279996ee065cb524bf30bc70e22efbab303 Mon Sep 17 00:00:00 2001
|
||||
From: Hanna Czenczek <hreitz@redhat.com>
|
||||
Date: Fri, 14 Jul 2023 10:59:38 +0200
|
||||
Subject: [PATCH 5/5] block: Fix pad_request's request restriction
|
||||
|
||||
RH-Author: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-MergeRequest: 291: block: Split padded I/O vectors exceeding IOV_MAX
|
||||
RH-Bugzilla: 2141964
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Commit: [5/5] f9188bd089d6c67185ea1accde20d491a2ed3193
|
||||
|
||||
bdrv_pad_request() relies on requests' lengths not to exceed SIZE_MAX,
|
||||
which bdrv_check_qiov_request() does not guarantee.
|
||||
|
||||
bdrv_check_request32() however will guarantee this, and both of
|
||||
bdrv_pad_request()'s callers (bdrv_co_preadv_part() and
|
||||
bdrv_co_pwritev_part()) already run it before calling
|
||||
bdrv_pad_request(). Therefore, bdrv_pad_request() can safely call
|
||||
bdrv_check_request32() without expecting error, too.
|
||||
|
||||
In effect, this patch will not change guest-visible behavior. It is a
|
||||
clean-up to tighten a condition to match what is guaranteed by our
|
||||
callers, and which exists purely to show clearly why the subsequent
|
||||
assertion (`assert(*bytes <= SIZE_MAX)`) is always true.
|
||||
|
||||
Note there is a difference between the interfaces of
|
||||
bdrv_check_qiov_request() and bdrv_check_request32(): The former takes
|
||||
an errp, the latter does not, so we can no longer just pass
|
||||
&error_abort. Instead, we need to check the returned value. While we
|
||||
do expect success (because the callers have already run this function),
|
||||
an assert(ret == 0) is not much simpler than just to return an error if
|
||||
it occurs, so let us handle errors by returning them up the stack now.
|
||||
|
||||
Reported-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Message-id: 20230714085938.202730-1-hreitz@redhat.com
|
||||
Fixes: 18743311b829cafc1737a5f20bc3248d5f91ee2a
|
||||
("block: Collapse padded I/O vecs exceeding IOV_MAX")
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
---
|
||||
block/io.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/block/io.c b/block/io.c
|
||||
index 0fe8f0dd40..8ae57728a6 100644
|
||||
--- a/block/io.c
|
||||
+++ b/block/io.c
|
||||
@@ -1893,7 +1893,11 @@ static int bdrv_pad_request(BlockDriverState *bs,
|
||||
int sliced_niov;
|
||||
size_t sliced_head, sliced_tail;
|
||||
|
||||
- bdrv_check_qiov_request(*offset, *bytes, *qiov, *qiov_offset, &error_abort);
|
||||
+ /* Should have been checked by the caller already */
|
||||
+ ret = bdrv_check_request32(*offset, *bytes, *qiov, *qiov_offset);
|
||||
+ if (ret < 0) {
|
||||
+ return ret;
|
||||
+ }
|
||||
|
||||
if (!bdrv_init_padding(bs, *offset, *bytes, write, pad)) {
|
||||
if (padded) {
|
||||
@@ -1906,7 +1910,7 @@ static int bdrv_pad_request(BlockDriverState *bs,
|
||||
&sliced_head, &sliced_tail,
|
||||
&sliced_niov);
|
||||
|
||||
- /* Guaranteed by bdrv_check_qiov_request() */
|
||||
+ /* Guaranteed by bdrv_check_request32() */
|
||||
assert(*bytes <= SIZE_MAX);
|
||||
ret = bdrv_create_padded_qiov(bs, pad, sliced_iov, sliced_niov,
|
||||
sliced_head, *bytes);
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,153 @@
|
|||
From 192f956f2b0761f270070555f8feb1f0544e5558 Mon Sep 17 00:00:00 2001
|
||||
From: Hanna Reitz <hreitz@redhat.com>
|
||||
Date: Wed, 9 Nov 2022 17:54:48 +0100
|
||||
Subject: [PATCH 01/11] block/mirror: Do not wait for active writes
|
||||
|
||||
RH-Author: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-MergeRequest: 246: block/mirror: Make active mirror progress even under full load
|
||||
RH-Bugzilla: 2125119
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [1/3] 652d1e55b954f13eaec2c86f58735d4942837e16
|
||||
|
||||
Waiting for all active writes to settle before daring to create a
|
||||
background copying operation means that we will never do background
|
||||
operations while the guest does anything (in write-blocking mode), and
|
||||
therefore cannot converge. Yes, we also will not diverge, but actually
|
||||
converging would be even nicer.
|
||||
|
||||
It is unclear why we did decide to wait for all active writes to settle
|
||||
before creating a background operation, but it just does not seem
|
||||
necessary. Active writes will put themselves into the in_flight bitmap
|
||||
and thus properly block actually conflicting background requests.
|
||||
|
||||
It is important for active requests to wait on overlapping background
|
||||
requests, which we do in active_write_prepare(). However, so far it was
|
||||
not documented why it is important. Add such documentation now, and
|
||||
also to the other call of mirror_wait_on_conflicts(), so that it becomes
|
||||
more clear why and when requests need to actively wait for other
|
||||
requests to settle.
|
||||
|
||||
Another thing to note is that of course we need to ensure that there are
|
||||
no active requests when the job completes, but that is done by virtue of
|
||||
the BDS being drained anyway, so there cannot be any active requests at
|
||||
that point.
|
||||
|
||||
With this change, we will need to explicitly keep track of how many
|
||||
bytes are in flight in active requests so that
|
||||
job_progress_set_remaining() in mirror_run() can set the correct number
|
||||
of remaining bytes.
|
||||
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2123297
|
||||
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
||||
Message-Id: <20221109165452.67927-2-hreitz@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit d69a879bdf1aed586478eaa161ee064fe1b92f1a)
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
---
|
||||
block/mirror.c | 37 ++++++++++++++++++++++++++++++-------
|
||||
1 file changed, 30 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/block/mirror.c b/block/mirror.c
|
||||
index efec2c7674..282f428cb7 100644
|
||||
--- a/block/mirror.c
|
||||
+++ b/block/mirror.c
|
||||
@@ -81,6 +81,7 @@ typedef struct MirrorBlockJob {
|
||||
int max_iov;
|
||||
bool initial_zeroing_ongoing;
|
||||
int in_active_write_counter;
|
||||
+ int64_t active_write_bytes_in_flight;
|
||||
bool prepared;
|
||||
bool in_drain;
|
||||
} MirrorBlockJob;
|
||||
@@ -493,6 +494,13 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
|
||||
}
|
||||
bdrv_dirty_bitmap_unlock(s->dirty_bitmap);
|
||||
|
||||
+ /*
|
||||
+ * Wait for concurrent requests to @offset. The next loop will limit the
|
||||
+ * copied area based on in_flight_bitmap so we only copy an area that does
|
||||
+ * not overlap with concurrent in-flight requests. Still, we would like to
|
||||
+ * copy something, so wait until there are at least no more requests to the
|
||||
+ * very beginning of the area.
|
||||
+ */
|
||||
mirror_wait_on_conflicts(NULL, s, offset, 1);
|
||||
|
||||
job_pause_point(&s->common.job);
|
||||
@@ -993,12 +1001,6 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
|
||||
int64_t cnt, delta;
|
||||
bool should_complete;
|
||||
|
||||
- /* Do not start passive operations while there are active
|
||||
- * writes in progress */
|
||||
- while (s->in_active_write_counter) {
|
||||
- mirror_wait_for_any_operation(s, true);
|
||||
- }
|
||||
-
|
||||
if (s->ret < 0) {
|
||||
ret = s->ret;
|
||||
goto immediate_exit;
|
||||
@@ -1015,7 +1017,9 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
|
||||
/* cnt is the number of dirty bytes remaining and s->bytes_in_flight is
|
||||
* the number of bytes currently being processed; together those are
|
||||
* the current remaining operation length */
|
||||
- job_progress_set_remaining(&s->common.job, s->bytes_in_flight + cnt);
|
||||
+ job_progress_set_remaining(&s->common.job,
|
||||
+ s->bytes_in_flight + cnt +
|
||||
+ s->active_write_bytes_in_flight);
|
||||
|
||||
/* Note that even when no rate limit is applied we need to yield
|
||||
* periodically with no pending I/O so that bdrv_drain_all() returns.
|
||||
@@ -1073,6 +1077,10 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
|
||||
|
||||
s->in_drain = true;
|
||||
bdrv_drained_begin(bs);
|
||||
+
|
||||
+ /* Must be zero because we are drained */
|
||||
+ assert(s->in_active_write_counter == 0);
|
||||
+
|
||||
cnt = bdrv_get_dirty_count(s->dirty_bitmap);
|
||||
if (cnt > 0 || mirror_flush(s) < 0) {
|
||||
bdrv_drained_end(bs);
|
||||
@@ -1306,6 +1314,7 @@ do_sync_target_write(MirrorBlockJob *job, MirrorMethod method,
|
||||
}
|
||||
|
||||
job_progress_increase_remaining(&job->common.job, bytes);
|
||||
+ job->active_write_bytes_in_flight += bytes;
|
||||
|
||||
switch (method) {
|
||||
case MIRROR_METHOD_COPY:
|
||||
@@ -1327,6 +1336,7 @@ do_sync_target_write(MirrorBlockJob *job, MirrorMethod method,
|
||||
abort();
|
||||
}
|
||||
|
||||
+ job->active_write_bytes_in_flight -= bytes;
|
||||
if (ret >= 0) {
|
||||
job_progress_update(&job->common.job, bytes);
|
||||
} else {
|
||||
@@ -1375,6 +1385,19 @@ static MirrorOp *coroutine_fn active_write_prepare(MirrorBlockJob *s,
|
||||
|
||||
s->in_active_write_counter++;
|
||||
|
||||
+ /*
|
||||
+ * Wait for concurrent requests affecting the area. If there are already
|
||||
+ * running requests that are copying off now-to-be stale data in the area,
|
||||
+ * we must wait for them to finish before we begin writing fresh data to the
|
||||
+ * target so that the write operations appear in the correct order.
|
||||
+ * Note that background requests (see mirror_iteration()) in contrast only
|
||||
+ * wait for conflicting requests at the start of the dirty area, and then
|
||||
+ * (based on the in_flight_bitmap) truncate the area to copy so it will not
|
||||
+ * conflict with any requests beyond that. For active writes, however, we
|
||||
+ * cannot truncate that area. The request from our parent must be blocked
|
||||
+ * until the area is copied in full. Therefore, we must wait for the whole
|
||||
+ * area to become free of concurrent requests.
|
||||
+ */
|
||||
mirror_wait_on_conflicts(op, s, offset, bytes);
|
||||
|
||||
bitmap_set(s->in_flight_bitmap, start_chunk, end_chunk - start_chunk);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
From 57c79ed20cb73aa9aa4dd7487379b85ea3f936f6 Mon Sep 17 00:00:00 2001
|
||||
From: Hanna Reitz <hreitz@redhat.com>
|
||||
Date: Wed, 9 Nov 2022 17:54:49 +0100
|
||||
Subject: [PATCH 02/11] block/mirror: Drop mirror_wait_for_any_operation()
|
||||
|
||||
RH-Author: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-MergeRequest: 246: block/mirror: Make active mirror progress even under full load
|
||||
RH-Bugzilla: 2125119
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [2/3] dec37883bcc491441ae08d9592d1ec26a47765c0
|
||||
|
||||
mirror_wait_for_free_in_flight_slot() is the only remaining user of
|
||||
mirror_wait_for_any_operation(), so inline the latter into the former.
|
||||
|
||||
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
||||
Message-Id: <20221109165452.67927-3-hreitz@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit eb994912993077f178ccb43b20e422ecf9ae4ac7)
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
---
|
||||
block/mirror.c | 21 ++++++++-------------
|
||||
1 file changed, 8 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/block/mirror.c b/block/mirror.c
|
||||
index 282f428cb7..6b02555ad7 100644
|
||||
--- a/block/mirror.c
|
||||
+++ b/block/mirror.c
|
||||
@@ -304,19 +304,21 @@ static int mirror_cow_align(MirrorBlockJob *s, int64_t *offset,
|
||||
}
|
||||
|
||||
static inline void coroutine_fn
|
||||
-mirror_wait_for_any_operation(MirrorBlockJob *s, bool active)
|
||||
+mirror_wait_for_free_in_flight_slot(MirrorBlockJob *s)
|
||||
{
|
||||
MirrorOp *op;
|
||||
|
||||
QTAILQ_FOREACH(op, &s->ops_in_flight, next) {
|
||||
- /* Do not wait on pseudo ops, because it may in turn wait on
|
||||
+ /*
|
||||
+ * Do not wait on pseudo ops, because it may in turn wait on
|
||||
* some other operation to start, which may in fact be the
|
||||
* caller of this function. Since there is only one pseudo op
|
||||
* at any given time, we will always find some real operation
|
||||
- * to wait on. */
|
||||
- if (!op->is_pseudo_op && op->is_in_flight &&
|
||||
- op->is_active_write == active)
|
||||
- {
|
||||
+ * to wait on.
|
||||
+ * Also, do not wait on active operations, because they do not
|
||||
+ * use up in-flight slots.
|
||||
+ */
|
||||
+ if (!op->is_pseudo_op && op->is_in_flight && !op->is_active_write) {
|
||||
qemu_co_queue_wait(&op->waiting_requests, NULL);
|
||||
return;
|
||||
}
|
||||
@@ -324,13 +326,6 @@ mirror_wait_for_any_operation(MirrorBlockJob *s, bool active)
|
||||
abort();
|
||||
}
|
||||
|
||||
-static inline void coroutine_fn
|
||||
-mirror_wait_for_free_in_flight_slot(MirrorBlockJob *s)
|
||||
-{
|
||||
- /* Only non-active operations use up in-flight slots */
|
||||
- mirror_wait_for_any_operation(s, false);
|
||||
-}
|
||||
-
|
||||
/* Perform a mirror copy operation.
|
||||
*
|
||||
* *op->bytes_handled is set to the number of bytes copied after and
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
From b1f5aa5a342a25dc558ee9d435fed0643fe5155f Mon Sep 17 00:00:00 2001
|
||||
From: Hanna Reitz <hreitz@redhat.com>
|
||||
Date: Wed, 9 Nov 2022 17:54:50 +0100
|
||||
Subject: [PATCH 03/11] block/mirror: Fix NULL s->job in active writes
|
||||
|
||||
RH-Author: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-MergeRequest: 246: block/mirror: Make active mirror progress even under full load
|
||||
RH-Bugzilla: 2125119
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [3/3] 49d7ebd15667151a6e14228a8260cfdd0aa27a78
|
||||
|
||||
There is a small gap in mirror_start_job() before putting the mirror
|
||||
filter node into the block graph (bdrv_append() call) and the actual job
|
||||
being created. Before the job is created, MirrorBDSOpaque.job is NULL.
|
||||
|
||||
It is possible that requests come in when bdrv_drained_end() is called,
|
||||
and those requests would see MirrorBDSOpaque.job == NULL. Have our
|
||||
filter node handle that case gracefully.
|
||||
|
||||
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
||||
Message-Id: <20221109165452.67927-4-hreitz@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit da93d5c84e56e6b4e84aa8e98b6b984c9b6bb528)
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
---
|
||||
block/mirror.c | 20 ++++++++++++--------
|
||||
1 file changed, 12 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/block/mirror.c b/block/mirror.c
|
||||
index 6b02555ad7..50289fca49 100644
|
||||
--- a/block/mirror.c
|
||||
+++ b/block/mirror.c
|
||||
@@ -1438,11 +1438,13 @@ static int coroutine_fn bdrv_mirror_top_do_write(BlockDriverState *bs,
|
||||
MirrorOp *op = NULL;
|
||||
MirrorBDSOpaque *s = bs->opaque;
|
||||
int ret = 0;
|
||||
- bool copy_to_target;
|
||||
+ bool copy_to_target = false;
|
||||
|
||||
- copy_to_target = s->job->ret >= 0 &&
|
||||
- !job_is_cancelled(&s->job->common.job) &&
|
||||
- s->job->copy_mode == MIRROR_COPY_MODE_WRITE_BLOCKING;
|
||||
+ if (s->job) {
|
||||
+ copy_to_target = s->job->ret >= 0 &&
|
||||
+ !job_is_cancelled(&s->job->common.job) &&
|
||||
+ s->job->copy_mode == MIRROR_COPY_MODE_WRITE_BLOCKING;
|
||||
+ }
|
||||
|
||||
if (copy_to_target) {
|
||||
op = active_write_prepare(s->job, offset, bytes);
|
||||
@@ -1487,11 +1489,13 @@ static int coroutine_fn bdrv_mirror_top_pwritev(BlockDriverState *bs,
|
||||
QEMUIOVector bounce_qiov;
|
||||
void *bounce_buf;
|
||||
int ret = 0;
|
||||
- bool copy_to_target;
|
||||
+ bool copy_to_target = false;
|
||||
|
||||
- copy_to_target = s->job->ret >= 0 &&
|
||||
- !job_is_cancelled(&s->job->common.job) &&
|
||||
- s->job->copy_mode == MIRROR_COPY_MODE_WRITE_BLOCKING;
|
||||
+ if (s->job) {
|
||||
+ copy_to_target = s->job->ret >= 0 &&
|
||||
+ !job_is_cancelled(&s->job->common.job) &&
|
||||
+ s->job->copy_mode == MIRROR_COPY_MODE_WRITE_BLOCKING;
|
||||
+ }
|
||||
|
||||
if (copy_to_target) {
|
||||
/* The guest might concurrently modify the data to write; but
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From 866a3b56f6a2d43f3cf7b3313fb41808bc5e6e1f Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 03/15] checkpatch: add qemu_bh_new/aio_bh_new checks
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [3/12] 620b480b0878c18223f3cc103450bc16aa6d7e21 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit ef56ffbdd6b0605dc1e305611287b948c970e236
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:08 2023 -0400
|
||||
|
||||
checkpatch: add qemu_bh_new/aio_bh_new checks
|
||||
|
||||
Advise authors to use the _guarded versions of the APIs, instead.
|
||||
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Message-Id: <20230427211013.2994127-4-alxndr@bu.edu>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
scripts/checkpatch.pl | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
|
||||
index cb8eff233e..b2428e80cc 100755
|
||||
--- a/scripts/checkpatch.pl
|
||||
+++ b/scripts/checkpatch.pl
|
||||
@@ -2858,6 +2858,14 @@ sub process {
|
||||
if ($line =~ /\bsignal\s*\(/ && !($line =~ /SIG_(?:IGN|DFL)/)) {
|
||||
ERROR("use sigaction to establish signal handlers; signal is not portable\n" . $herecurr);
|
||||
}
|
||||
+# recommend qemu_bh_new_guarded instead of qemu_bh_new
|
||||
+ if ($realfile =~ /.*\/hw\/.*/ && $line =~ /\bqemu_bh_new\s*\(/) {
|
||||
+ ERROR("use qemu_bh_new_guarded() instead of qemu_bh_new() to avoid reentrancy problems\n" . $herecurr);
|
||||
+ }
|
||||
+# recommend aio_bh_new_guarded instead of aio_bh_new
|
||||
+ if ($realfile =~ /.*\/hw\/.*/ && $line =~ /\baio_bh_new\s*\(/) {
|
||||
+ ERROR("use aio_bh_new_guarded() instead of aio_bh_new() to avoid reentrancy problems\n" . $herecurr);
|
||||
+ }
|
||||
# check for module_init(), use category-specific init macros explicitly please
|
||||
if ($line =~ /^module_init\s*\(/) {
|
||||
ERROR("please use block_init(), type_init() etc. instead of module_init()\n" . $herecurr);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
From 103608465b8bd2edf7f9aaef5c3c93309ccf9ec2 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 16:22:17 -0500
|
||||
Subject: [PATCH 12/13] dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel()
|
||||
race
|
||||
|
||||
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-MergeRequest: 264: scsi: protect req->aiocb with AioContext lock
|
||||
RH-Bugzilla: 2090990
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [2/3] 14f5835093ba8c5111f3ada2fe87730371aca733
|
||||
|
||||
dma_blk_cb() only takes the AioContext lock around ->io_func(). That
|
||||
means the rest of dma_blk_cb() is not protected. In particular, the
|
||||
DMAAIOCB field accesses happen outside the lock.
|
||||
|
||||
There is a race when the main loop thread holds the AioContext lock and
|
||||
invokes scsi_device_purge_requests() -> bdrv_aio_cancel() ->
|
||||
dma_aio_cancel() while an IOThread executes dma_blk_cb(). The dbs->acb
|
||||
field determines how cancellation proceeds. If dma_aio_cancel() sees
|
||||
dbs->acb == NULL while dma_blk_cb() is still running, the request can be
|
||||
completed twice (-ECANCELED and the actual return value).
|
||||
|
||||
The following assertion can occur with virtio-scsi when an IOThread is
|
||||
used:
|
||||
|
||||
../hw/scsi/scsi-disk.c:368: scsi_dma_complete: Assertion `r->req.aiocb != NULL' failed.
|
||||
|
||||
Fix the race by holding the AioContext across dma_blk_cb(). Now
|
||||
dma_aio_cancel() under the AioContext lock will not see
|
||||
inconsistent/intermediate states.
|
||||
|
||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20230221212218.1378734-3-stefanha@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit abfcd2760b3e70727bbc0792221b8b98a733dc32)
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
---
|
||||
hw/scsi/scsi-disk.c | 4 +---
|
||||
softmmu/dma-helpers.c | 12 +++++++-----
|
||||
2 files changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
|
||||
index 179ce22c4a..c8109a673e 100644
|
||||
--- a/hw/scsi/scsi-disk.c
|
||||
+++ b/hw/scsi/scsi-disk.c
|
||||
@@ -351,13 +351,12 @@ done:
|
||||
scsi_req_unref(&r->req);
|
||||
}
|
||||
|
||||
+/* Called with AioContext lock held */
|
||||
static void scsi_dma_complete(void *opaque, int ret)
|
||||
{
|
||||
SCSIDiskReq *r = (SCSIDiskReq *)opaque;
|
||||
SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
|
||||
|
||||
- aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
|
||||
-
|
||||
assert(r->req.aiocb != NULL);
|
||||
r->req.aiocb = NULL;
|
||||
|
||||
@@ -367,7 +366,6 @@ static void scsi_dma_complete(void *opaque, int ret)
|
||||
block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
|
||||
}
|
||||
scsi_dma_complete_noio(r, ret);
|
||||
- aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
|
||||
}
|
||||
|
||||
static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
|
||||
diff --git a/softmmu/dma-helpers.c b/softmmu/dma-helpers.c
|
||||
index 7d766a5e89..42af18719a 100644
|
||||
--- a/softmmu/dma-helpers.c
|
||||
+++ b/softmmu/dma-helpers.c
|
||||
@@ -127,17 +127,19 @@ static void dma_complete(DMAAIOCB *dbs, int ret)
|
||||
static void dma_blk_cb(void *opaque, int ret)
|
||||
{
|
||||
DMAAIOCB *dbs = (DMAAIOCB *)opaque;
|
||||
+ AioContext *ctx = dbs->ctx;
|
||||
dma_addr_t cur_addr, cur_len;
|
||||
void *mem;
|
||||
|
||||
trace_dma_blk_cb(dbs, ret);
|
||||
|
||||
+ aio_context_acquire(ctx);
|
||||
dbs->acb = NULL;
|
||||
dbs->offset += dbs->iov.size;
|
||||
|
||||
if (dbs->sg_cur_index == dbs->sg->nsg || ret < 0) {
|
||||
dma_complete(dbs, ret);
|
||||
- return;
|
||||
+ goto out;
|
||||
}
|
||||
dma_blk_unmap(dbs);
|
||||
|
||||
@@ -177,9 +179,9 @@ static void dma_blk_cb(void *opaque, int ret)
|
||||
|
||||
if (dbs->iov.size == 0) {
|
||||
trace_dma_map_wait(dbs);
|
||||
- dbs->bh = aio_bh_new(dbs->ctx, reschedule_dma, dbs);
|
||||
+ dbs->bh = aio_bh_new(ctx, reschedule_dma, dbs);
|
||||
cpu_register_map_client(dbs->bh);
|
||||
- return;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
if (!QEMU_IS_ALIGNED(dbs->iov.size, dbs->align)) {
|
||||
@@ -187,11 +189,11 @@ static void dma_blk_cb(void *opaque, int ret)
|
||||
QEMU_ALIGN_DOWN(dbs->iov.size, dbs->align));
|
||||
}
|
||||
|
||||
- aio_context_acquire(dbs->ctx);
|
||||
dbs->acb = dbs->io_func(dbs->offset, &dbs->iov,
|
||||
dma_blk_cb, dbs, dbs->io_func_opaque);
|
||||
- aio_context_release(dbs->ctx);
|
||||
assert(dbs->acb);
|
||||
+out:
|
||||
+ aio_context_release(ctx);
|
||||
}
|
||||
|
||||
static void dma_aio_cancel(BlockAIOCB *acb)
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From 407e23d7f0c9020404247afe7d4df98505222bbb Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon, 14 Nov 2022 14:25:02 +0100
|
||||
Subject: [PATCH 1/3] docs/system/s390x: Document the "loadparm" machine
|
||||
property
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 233: s390x: Document the "loadparm" machine property
|
||||
RH-Bugzilla: 2128225
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [1/2] e9589ea32d2a8f82971476b644e1063fa14cf822
|
||||
|
||||
The "loadparm" machine property is useful for selecting alternative
|
||||
kernels on the disk of the guest, but so far we do not tell the users
|
||||
yet how to use it. Add some documentation to fill this gap.
|
||||
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2128235
|
||||
Message-Id: <20221114132502.110213-1-thuth@redhat.com>
|
||||
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
(cherry picked from commit be5df2edb5d69ff3107c5616aa035a9ba8d0422e)
|
||||
---
|
||||
docs/system/s390x/bootdevices.rst | 26 ++++++++++++++++++++++++++
|
||||
1 file changed, 26 insertions(+)
|
||||
|
||||
diff --git a/docs/system/s390x/bootdevices.rst b/docs/system/s390x/bootdevices.rst
|
||||
index 9e591cb9dc..d4bf3b9f0b 100644
|
||||
--- a/docs/system/s390x/bootdevices.rst
|
||||
+++ b/docs/system/s390x/bootdevices.rst
|
||||
@@ -53,6 +53,32 @@ recommended to specify a CD-ROM device via ``-device scsi-cd`` (as mentioned
|
||||
above) instead.
|
||||
|
||||
|
||||
+Selecting kernels with the ``loadparm`` property
|
||||
+------------------------------------------------
|
||||
+
|
||||
+The ``s390-ccw-virtio`` machine supports the so-called ``loadparm`` parameter
|
||||
+which can be used to select the kernel on the disk of the guest that the
|
||||
+s390-ccw bios should boot. When starting QEMU, it can be specified like this::
|
||||
+
|
||||
+ qemu-system-s390x -machine s390-ccw-virtio,loadparm=<string>
|
||||
+
|
||||
+The first way to use this parameter is to use the word ``PROMPT`` as the
|
||||
+``<string>`` here. In that case the s390-ccw bios will show a list of
|
||||
+installed kernels on the disk of the guest and ask the user to enter a number
|
||||
+to chose which kernel should be booted -- similar to what can be achieved by
|
||||
+specifying the ``-boot menu=on`` option when starting QEMU. Note that the menu
|
||||
+list will only show the names of the installed kernels when using a DASD-like
|
||||
+disk image with 4k byte sectors. On normal SCSI-style disks with 512-byte
|
||||
+sectors, there is not enough space for the zipl loader on the disk to store
|
||||
+the kernel names, so you only get a list without names here.
|
||||
+
|
||||
+The second way to use this parameter is to use a number in the range from 0
|
||||
+to 31. The numbers that can be used here correspond to the numbers that are
|
||||
+shown when using the ``PROMPT`` option, and the s390-ccw bios will then try
|
||||
+to automatically boot the kernel that is associated with the given number.
|
||||
+Note that ``0`` can be used to boot the default entry.
|
||||
+
|
||||
+
|
||||
Booting from a network device
|
||||
-----------------------------
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
From 837e09b1a8a38b53488f59aad090fbe6bb94e257 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Fri, 17 Nov 2023 11:32:37 +0100
|
||||
Subject: [PATCH 2/3] dump: Add arch cleanup function
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 323: Fix problem that secure execution guest might remain in "paused" state after failed dump
|
||||
RH-Jira: RHEL-16696
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
||||
RH-Commit: [2/3] b70f406dec88ffd4877f3d5d580fc8f821bdb252
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-16696
|
||||
|
||||
commit e72629e5149aba6f44122ea6d2a803ef136a0c6b
|
||||
Author: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu Nov 9 12:04:42 2023 +0000
|
||||
|
||||
dump: Add arch cleanup function
|
||||
|
||||
Some architectures (s390x) need to cleanup after a failed dump to be
|
||||
able to continue to run the vm. Add a cleanup function pointer and
|
||||
call it if it's set.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-ID: <20231109120443.185979-3-frankja@linux.ibm.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
dump/dump.c | 4 ++++
|
||||
include/sysemu/dump-arch.h | 1 +
|
||||
2 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 5dee060b73..93edb89547 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -100,6 +100,10 @@ uint64_t cpu_to_dump64(DumpState *s, uint64_t val)
|
||||
|
||||
static int dump_cleanup(DumpState *s)
|
||||
{
|
||||
+ if (s->dump_info.arch_cleanup_fn) {
|
||||
+ s->dump_info.arch_cleanup_fn(s);
|
||||
+ }
|
||||
+
|
||||
guest_phys_blocks_free(&s->guest_phys_blocks);
|
||||
memory_mapping_list_free(&s->list);
|
||||
close(s->fd);
|
||||
diff --git a/include/sysemu/dump-arch.h b/include/sysemu/dump-arch.h
|
||||
index 59bbc9be38..743916e46c 100644
|
||||
--- a/include/sysemu/dump-arch.h
|
||||
+++ b/include/sysemu/dump-arch.h
|
||||
@@ -24,6 +24,7 @@ typedef struct ArchDumpInfo {
|
||||
void (*arch_sections_add_fn)(DumpState *s);
|
||||
uint64_t (*arch_sections_write_hdr_fn)(DumpState *s, uint8_t *buff);
|
||||
int (*arch_sections_write_fn)(DumpState *s, uint8_t *buff);
|
||||
+ void (*arch_cleanup_fn)(DumpState *s);
|
||||
} ArchDumpInfo;
|
||||
|
||||
struct GuestPhysBlockList; /* memory_mapping.h */
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,356 @@
|
|||
From f2f3efff83dddd38a97699cd2701f46f61a732e3 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Mon, 17 Oct 2022 11:32:10 +0000
|
||||
Subject: [PATCH 36/42] dump: Add architecture section and section string table
|
||||
support
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [36/41] 83b98ff185e93e62703f686b65546d60c783d783
|
||||
|
||||
Add hooks which architectures can use to add arbitrary data to custom
|
||||
sections.
|
||||
|
||||
Also add a section name string table in order to identify section
|
||||
contents
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20221017113210.41674-1-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 9b72224f44612ddd5b434a1bccf79346946d11da)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 186 +++++++++++++++++++++++++++++++------
|
||||
include/sysemu/dump-arch.h | 3 +
|
||||
include/sysemu/dump.h | 3 +
|
||||
3 files changed, 166 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 7a42401790..4aa8fb64d2 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -104,6 +104,7 @@ static int dump_cleanup(DumpState *s)
|
||||
memory_mapping_list_free(&s->list);
|
||||
close(s->fd);
|
||||
g_free(s->guest_note);
|
||||
+ g_array_unref(s->string_table_buf);
|
||||
s->guest_note = NULL;
|
||||
if (s->resume) {
|
||||
if (s->detached) {
|
||||
@@ -153,11 +154,10 @@ static void prepare_elf64_header(DumpState *s, Elf64_Ehdr *elf_header)
|
||||
elf_header->e_phoff = cpu_to_dump64(s, s->phdr_offset);
|
||||
elf_header->e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
|
||||
elf_header->e_phnum = cpu_to_dump16(s, phnum);
|
||||
- if (s->shdr_num) {
|
||||
- elf_header->e_shoff = cpu_to_dump64(s, s->shdr_offset);
|
||||
- elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
- elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
- }
|
||||
+ elf_header->e_shoff = cpu_to_dump64(s, s->shdr_offset);
|
||||
+ elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
+ elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
+ elf_header->e_shstrndx = cpu_to_dump16(s, s->shdr_num - 1);
|
||||
}
|
||||
|
||||
static void prepare_elf32_header(DumpState *s, Elf32_Ehdr *elf_header)
|
||||
@@ -181,11 +181,10 @@ static void prepare_elf32_header(DumpState *s, Elf32_Ehdr *elf_header)
|
||||
elf_header->e_phoff = cpu_to_dump32(s, s->phdr_offset);
|
||||
elf_header->e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
|
||||
elf_header->e_phnum = cpu_to_dump16(s, phnum);
|
||||
- if (s->shdr_num) {
|
||||
- elf_header->e_shoff = cpu_to_dump32(s, s->shdr_offset);
|
||||
- elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
- elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
- }
|
||||
+ elf_header->e_shoff = cpu_to_dump32(s, s->shdr_offset);
|
||||
+ elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
+ elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
+ elf_header->e_shstrndx = cpu_to_dump16(s, s->shdr_num - 1);
|
||||
}
|
||||
|
||||
static void write_elf_header(DumpState *s, Error **errp)
|
||||
@@ -196,6 +195,8 @@ static void write_elf_header(DumpState *s, Error **errp)
|
||||
void *header_ptr;
|
||||
int ret;
|
||||
|
||||
+ /* The NULL header and the shstrtab are always defined */
|
||||
+ assert(s->shdr_num >= 2);
|
||||
if (dump_is_64bit(s)) {
|
||||
prepare_elf64_header(s, &elf64_header);
|
||||
header_size = sizeof(elf64_header);
|
||||
@@ -394,17 +395,49 @@ static void prepare_elf_section_hdr_zero(DumpState *s)
|
||||
}
|
||||
}
|
||||
|
||||
-static void prepare_elf_section_hdrs(DumpState *s)
|
||||
+static void prepare_elf_section_hdr_string(DumpState *s, void *buff)
|
||||
+{
|
||||
+ uint64_t index = s->string_table_buf->len;
|
||||
+ const char strtab[] = ".shstrtab";
|
||||
+ Elf32_Shdr shdr32 = {};
|
||||
+ Elf64_Shdr shdr64 = {};
|
||||
+ int shdr_size;
|
||||
+ void *shdr;
|
||||
+
|
||||
+ g_array_append_vals(s->string_table_buf, strtab, sizeof(strtab));
|
||||
+ if (dump_is_64bit(s)) {
|
||||
+ shdr_size = sizeof(Elf64_Shdr);
|
||||
+ shdr64.sh_type = SHT_STRTAB;
|
||||
+ shdr64.sh_offset = s->section_offset + s->elf_section_data_size;
|
||||
+ shdr64.sh_name = index;
|
||||
+ shdr64.sh_size = s->string_table_buf->len;
|
||||
+ shdr = &shdr64;
|
||||
+ } else {
|
||||
+ shdr_size = sizeof(Elf32_Shdr);
|
||||
+ shdr32.sh_type = SHT_STRTAB;
|
||||
+ shdr32.sh_offset = s->section_offset + s->elf_section_data_size;
|
||||
+ shdr32.sh_name = index;
|
||||
+ shdr32.sh_size = s->string_table_buf->len;
|
||||
+ shdr = &shdr32;
|
||||
+ }
|
||||
+ memcpy(buff, shdr, shdr_size);
|
||||
+}
|
||||
+
|
||||
+static bool prepare_elf_section_hdrs(DumpState *s, Error **errp)
|
||||
{
|
||||
size_t len, sizeof_shdr;
|
||||
+ void *buff_hdr;
|
||||
|
||||
/*
|
||||
* Section ordering:
|
||||
* - HDR zero
|
||||
+ * - Arch section hdrs
|
||||
+ * - String table hdr
|
||||
*/
|
||||
sizeof_shdr = dump_is_64bit(s) ? sizeof(Elf64_Shdr) : sizeof(Elf32_Shdr);
|
||||
len = sizeof_shdr * s->shdr_num;
|
||||
s->elf_section_hdrs = g_malloc0(len);
|
||||
+ buff_hdr = s->elf_section_hdrs;
|
||||
|
||||
/*
|
||||
* The first section header is ALWAYS a special initial section
|
||||
@@ -420,6 +453,26 @@ static void prepare_elf_section_hdrs(DumpState *s)
|
||||
if (s->phdr_num >= PN_XNUM) {
|
||||
prepare_elf_section_hdr_zero(s);
|
||||
}
|
||||
+ buff_hdr += sizeof_shdr;
|
||||
+
|
||||
+ /* Add architecture defined section headers */
|
||||
+ if (s->dump_info.arch_sections_write_hdr_fn
|
||||
+ && s->shdr_num > 2) {
|
||||
+ buff_hdr += s->dump_info.arch_sections_write_hdr_fn(s, buff_hdr);
|
||||
+
|
||||
+ if (s->shdr_num >= SHN_LORESERVE) {
|
||||
+ error_setg_errno(errp, EINVAL,
|
||||
+ "dump: too many architecture defined sections");
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * String table is the last section since strings are added via
|
||||
+ * arch_sections_write_hdr().
|
||||
+ */
|
||||
+ prepare_elf_section_hdr_string(s, buff_hdr);
|
||||
+ return true;
|
||||
}
|
||||
|
||||
static void write_elf_section_headers(DumpState *s, Error **errp)
|
||||
@@ -427,7 +480,9 @@ static void write_elf_section_headers(DumpState *s, Error **errp)
|
||||
size_t sizeof_shdr = dump_is_64bit(s) ? sizeof(Elf64_Shdr) : sizeof(Elf32_Shdr);
|
||||
int ret;
|
||||
|
||||
- prepare_elf_section_hdrs(s);
|
||||
+ if (!prepare_elf_section_hdrs(s, errp)) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
ret = fd_write_vmcore(s->elf_section_hdrs, s->shdr_num * sizeof_shdr, s);
|
||||
if (ret < 0) {
|
||||
@@ -437,6 +492,29 @@ static void write_elf_section_headers(DumpState *s, Error **errp)
|
||||
g_free(s->elf_section_hdrs);
|
||||
}
|
||||
|
||||
+static void write_elf_sections(DumpState *s, Error **errp)
|
||||
+{
|
||||
+ int ret;
|
||||
+
|
||||
+ if (s->elf_section_data_size) {
|
||||
+ /* Write architecture section data */
|
||||
+ ret = fd_write_vmcore(s->elf_section_data,
|
||||
+ s->elf_section_data_size, s);
|
||||
+ if (ret < 0) {
|
||||
+ error_setg_errno(errp, -ret,
|
||||
+ "dump: failed to write architecture section data");
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* Write string table */
|
||||
+ ret = fd_write_vmcore(s->string_table_buf->data,
|
||||
+ s->string_table_buf->len, s);
|
||||
+ if (ret < 0) {
|
||||
+ error_setg_errno(errp, -ret, "dump: failed to write string table data");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void write_data(DumpState *s, void *buf, int length, Error **errp)
|
||||
{
|
||||
int ret;
|
||||
@@ -693,6 +771,31 @@ static void dump_iterate(DumpState *s, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
+static void dump_end(DumpState *s, Error **errp)
|
||||
+{
|
||||
+ int rc;
|
||||
+ ERRP_GUARD();
|
||||
+
|
||||
+ if (s->elf_section_data_size) {
|
||||
+ s->elf_section_data = g_malloc0(s->elf_section_data_size);
|
||||
+ }
|
||||
+
|
||||
+ /* Adds the architecture defined section data to s->elf_section_data */
|
||||
+ if (s->dump_info.arch_sections_write_fn &&
|
||||
+ s->elf_section_data_size) {
|
||||
+ rc = s->dump_info.arch_sections_write_fn(s, s->elf_section_data);
|
||||
+ if (rc) {
|
||||
+ error_setg_errno(errp, rc,
|
||||
+ "dump: failed to get arch section data");
|
||||
+ g_free(s->elf_section_data);
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* write sections to vmcore */
|
||||
+ write_elf_sections(s, errp);
|
||||
+}
|
||||
+
|
||||
static void create_vmcore(DumpState *s, Error **errp)
|
||||
{
|
||||
ERRP_GUARD();
|
||||
@@ -702,7 +805,14 @@ static void create_vmcore(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
+ /* Iterate over memory and dump it to file */
|
||||
dump_iterate(s, errp);
|
||||
+ if (*errp) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* Write the section data */
|
||||
+ dump_end(s, errp);
|
||||
}
|
||||
|
||||
static int write_start_flat_header(int fd)
|
||||
@@ -1720,6 +1830,14 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
s->filter_area_begin = begin;
|
||||
s->filter_area_length = length;
|
||||
|
||||
+ /* First index is 0, it's the special null name */
|
||||
+ s->string_table_buf = g_array_new(FALSE, TRUE, 1);
|
||||
+ /*
|
||||
+ * Allocate the null name, due to the clearing option set to true
|
||||
+ * it will be 0.
|
||||
+ */
|
||||
+ g_array_set_size(s->string_table_buf, 1);
|
||||
+
|
||||
memory_mapping_list_init(&s->list);
|
||||
|
||||
guest_phys_blocks_init(&s->guest_phys_blocks);
|
||||
@@ -1856,26 +1974,42 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
|
||||
/*
|
||||
- * calculate phdr_num
|
||||
+ * The first section header is always a special one in which most
|
||||
+ * fields are 0. The section header string table is also always
|
||||
+ * set.
|
||||
+ */
|
||||
+ s->shdr_num = 2;
|
||||
+
|
||||
+ /*
|
||||
+ * Adds the number of architecture sections to shdr_num and sets
|
||||
+ * elf_section_data_size so we know the offsets and sizes of all
|
||||
+ * parts.
|
||||
+ */
|
||||
+ if (s->dump_info.arch_sections_add_fn) {
|
||||
+ s->dump_info.arch_sections_add_fn(s);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * calculate shdr_num so we know the offsets and sizes of all
|
||||
+ * parts.
|
||||
+ * Calculate phdr_num
|
||||
*
|
||||
- * the type of ehdr->e_phnum is uint16_t, so we should avoid overflow
|
||||
+ * The absolute maximum amount of phdrs is UINT32_MAX - 1 as
|
||||
+ * sh_info is 32 bit. There's special handling once we go over
|
||||
+ * UINT16_MAX - 1 but that is handled in the ehdr and section
|
||||
+ * code.
|
||||
*/
|
||||
- s->phdr_num = 1; /* PT_NOTE */
|
||||
- if (s->list.num < UINT16_MAX - 2) {
|
||||
- s->shdr_num = 0;
|
||||
+ s->phdr_num = 1; /* Reserve PT_NOTE */
|
||||
+ if (s->list.num <= UINT32_MAX - 1) {
|
||||
s->phdr_num += s->list.num;
|
||||
} else {
|
||||
- /* sh_info of section 0 holds the real number of phdrs */
|
||||
- s->shdr_num = 1;
|
||||
-
|
||||
- /* the type of shdr->sh_info is uint32_t, so we should avoid overflow */
|
||||
- if (s->list.num <= UINT32_MAX - 1) {
|
||||
- s->phdr_num += s->list.num;
|
||||
- } else {
|
||||
- s->phdr_num = UINT32_MAX;
|
||||
- }
|
||||
+ s->phdr_num = UINT32_MAX;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Now that the number of section and program headers is known we
|
||||
+ * can calculate the offsets of the headers and data.
|
||||
+ */
|
||||
if (dump_is_64bit(s)) {
|
||||
s->shdr_offset = sizeof(Elf64_Ehdr);
|
||||
s->phdr_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
|
||||
diff --git a/include/sysemu/dump-arch.h b/include/sysemu/dump-arch.h
|
||||
index e25b02e990..59bbc9be38 100644
|
||||
--- a/include/sysemu/dump-arch.h
|
||||
+++ b/include/sysemu/dump-arch.h
|
||||
@@ -21,6 +21,9 @@ typedef struct ArchDumpInfo {
|
||||
uint32_t page_size; /* The target's page size. If it's variable and
|
||||
* unknown, then this should be the maximum. */
|
||||
uint64_t phys_base; /* The target's physmem base. */
|
||||
+ void (*arch_sections_add_fn)(DumpState *s);
|
||||
+ uint64_t (*arch_sections_write_hdr_fn)(DumpState *s, uint8_t *buff);
|
||||
+ int (*arch_sections_write_fn)(DumpState *s, uint8_t *buff);
|
||||
} ArchDumpInfo;
|
||||
|
||||
struct GuestPhysBlockList; /* memory_mapping.h */
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index 9ed811b313..38ccac7190 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -180,6 +180,9 @@ typedef struct DumpState {
|
||||
hwaddr note_offset;
|
||||
|
||||
void *elf_section_hdrs; /* Pointer to section header buffer */
|
||||
+ void *elf_section_data; /* Pointer to section data buffer */
|
||||
+ uint64_t elf_section_data_size; /* Size of section data */
|
||||
+ GArray *string_table_buf; /* String table data buffer */
|
||||
|
||||
uint8_t *note_buf; /* buffer for notes */
|
||||
size_t note_buf_offset; /* the writing place in note_buf */
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,138 @@
|
|||
From bee31226b87d0b05faae84e88cce3af1b8dabbfd Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:35:59 +0000
|
||||
Subject: [PATCH 17/42] dump: Add more offset variables
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [17/41] fbe629e1476e8a0e039f989af6e1f4707075ba01
|
||||
|
||||
Offset calculations are easy enough to get wrong. Let's add a few
|
||||
variables to make moving around elf headers and data sections easier.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Message-Id: <20220330123603.107120-6-frankja@linux.ibm.com>
|
||||
(cherry picked from commit e71d353360bb09a8e784e35d78370c691f6ea185)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 35 +++++++++++++++--------------------
|
||||
include/sysemu/dump.h | 4 ++++
|
||||
2 files changed, 19 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 5cc2322325..85a402b38c 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -142,13 +142,11 @@ static void write_elf64_header(DumpState *s, Error **errp)
|
||||
elf_header.e_machine = cpu_to_dump16(s, s->dump_info.d_machine);
|
||||
elf_header.e_version = cpu_to_dump32(s, EV_CURRENT);
|
||||
elf_header.e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
- elf_header.e_phoff = cpu_to_dump64(s, sizeof(Elf64_Ehdr));
|
||||
+ elf_header.e_phoff = cpu_to_dump64(s, s->phdr_offset);
|
||||
elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
|
||||
elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
if (s->shdr_num) {
|
||||
- uint64_t shoff = sizeof(Elf64_Ehdr) + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
-
|
||||
- elf_header.e_shoff = cpu_to_dump64(s, shoff);
|
||||
+ elf_header.e_shoff = cpu_to_dump64(s, s->shdr_offset);
|
||||
elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
elf_header.e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
}
|
||||
@@ -179,13 +177,11 @@ static void write_elf32_header(DumpState *s, Error **errp)
|
||||
elf_header.e_machine = cpu_to_dump16(s, s->dump_info.d_machine);
|
||||
elf_header.e_version = cpu_to_dump32(s, EV_CURRENT);
|
||||
elf_header.e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
- elf_header.e_phoff = cpu_to_dump32(s, sizeof(Elf32_Ehdr));
|
||||
+ elf_header.e_phoff = cpu_to_dump32(s, s->phdr_offset);
|
||||
elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
|
||||
elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
if (s->shdr_num) {
|
||||
- uint32_t shoff = sizeof(Elf32_Ehdr) + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
-
|
||||
- elf_header.e_shoff = cpu_to_dump32(s, shoff);
|
||||
+ elf_header.e_shoff = cpu_to_dump32(s, s->shdr_offset);
|
||||
elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
elf_header.e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
}
|
||||
@@ -248,12 +244,11 @@ static void write_elf32_load(DumpState *s, MemoryMapping *memory_mapping,
|
||||
static void write_elf64_note(DumpState *s, Error **errp)
|
||||
{
|
||||
Elf64_Phdr phdr;
|
||||
- hwaddr begin = s->memory_offset - s->note_size;
|
||||
int ret;
|
||||
|
||||
memset(&phdr, 0, sizeof(Elf64_Phdr));
|
||||
phdr.p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
- phdr.p_offset = cpu_to_dump64(s, begin);
|
||||
+ phdr.p_offset = cpu_to_dump64(s, s->note_offset);
|
||||
phdr.p_paddr = 0;
|
||||
phdr.p_filesz = cpu_to_dump64(s, s->note_size);
|
||||
phdr.p_memsz = cpu_to_dump64(s, s->note_size);
|
||||
@@ -313,13 +308,12 @@ static void write_elf64_notes(WriteCoreDumpFunction f, DumpState *s,
|
||||
|
||||
static void write_elf32_note(DumpState *s, Error **errp)
|
||||
{
|
||||
- hwaddr begin = s->memory_offset - s->note_size;
|
||||
Elf32_Phdr phdr;
|
||||
int ret;
|
||||
|
||||
memset(&phdr, 0, sizeof(Elf32_Phdr));
|
||||
phdr.p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
- phdr.p_offset = cpu_to_dump32(s, begin);
|
||||
+ phdr.p_offset = cpu_to_dump32(s, s->note_offset);
|
||||
phdr.p_paddr = 0;
|
||||
phdr.p_filesz = cpu_to_dump32(s, s->note_size);
|
||||
phdr.p_memsz = cpu_to_dump32(s, s->note_size);
|
||||
@@ -1826,15 +1820,16 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
- s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
- sizeof(Elf64_Phdr) * s->phdr_num +
|
||||
- sizeof(Elf64_Shdr) * s->shdr_num +
|
||||
- s->note_size;
|
||||
+ s->phdr_offset = sizeof(Elf64_Ehdr);
|
||||
+ s->shdr_offset = s->phdr_offset + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
+ s->note_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
|
||||
+ s->memory_offset = s->note_offset + s->note_size;
|
||||
} else {
|
||||
- s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
- sizeof(Elf32_Phdr) * s->phdr_num +
|
||||
- sizeof(Elf32_Shdr) * s->shdr_num +
|
||||
- s->note_size;
|
||||
+
|
||||
+ s->phdr_offset = sizeof(Elf32_Ehdr);
|
||||
+ s->shdr_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
+ s->note_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
|
||||
+ s->memory_offset = s->note_offset + s->note_size;
|
||||
}
|
||||
|
||||
return;
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index 19458bffbd..ffc2ea1072 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -159,6 +159,10 @@ typedef struct DumpState {
|
||||
bool resume;
|
||||
bool detached;
|
||||
ssize_t note_size;
|
||||
+ hwaddr shdr_offset;
|
||||
+ hwaddr phdr_offset;
|
||||
+ hwaddr section_offset;
|
||||
+ hwaddr note_offset;
|
||||
hwaddr memory_offset;
|
||||
int fd;
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,94 @@
|
|||
From cbb653d73e32513ccd46b293a52384eed6a5f84f Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:36:02 +0000
|
||||
Subject: [PATCH 20/42] dump: Cleanup dump_begin write functions
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [20/41] 18ea1457a3e54fd368e556d96c3be50c6ad0a6bd
|
||||
|
||||
There's no need to have a gigantic if in there let's move the elf
|
||||
32/64 bit logic into the section, segment or note code.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-9-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 5ff2e5a3e1e67930e523486e39549a33fcf97227)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 42 +++++++++++-------------------------------
|
||||
1 file changed, 11 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 823ca32883..88abde355a 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -565,46 +565,26 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- if (dump_is_64bit(s)) {
|
||||
- /* write all PT_LOAD to vmcore */
|
||||
- write_elf_loads(s, errp);
|
||||
+ /* write all PT_LOAD to vmcore */
|
||||
+ write_elf_loads(s, errp);
|
||||
+ if (*errp) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* write section to vmcore */
|
||||
+ if (s->shdr_num) {
|
||||
+ write_elf_section(s, 1, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
+ }
|
||||
|
||||
- /* write section to vmcore */
|
||||
- if (s->shdr_num) {
|
||||
- write_elf_section(s, 1, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
+ if (dump_is_64bit(s)) {
|
||||
/* write notes to vmcore */
|
||||
write_elf64_notes(fd_write_vmcore, s, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
} else {
|
||||
- /* write all PT_LOAD to vmcore */
|
||||
- write_elf_loads(s, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- /* write section to vmcore */
|
||||
- if (s->shdr_num) {
|
||||
- write_elf_section(s, 0, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
/* write notes to vmcore */
|
||||
write_elf32_notes(fd_write_vmcore, s, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
From 0547599cf507930f91943f22d5f917ebacf69484 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:36:03 +0000
|
||||
Subject: [PATCH 21/42] dump: Consolidate elf note function
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [21/41] 52298c098c116aea75ad15894731ff412c2c4e73
|
||||
|
||||
Just like with the other write functions let's move the 32/64 bit elf
|
||||
handling to a function to improve readability.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-10-frankja@linux.ibm.com>
|
||||
(cherry picked from commit c68124738bc29017e4254c898bc40be7be477af7)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 18 +++++++++++-------
|
||||
1 file changed, 11 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 88abde355a..a451abc590 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -520,6 +520,15 @@ static void write_elf_loads(DumpState *s, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
+static void write_elf_notes(DumpState *s, Error **errp)
|
||||
+{
|
||||
+ if (dump_is_64bit(s)) {
|
||||
+ write_elf64_notes(fd_write_vmcore, s, errp);
|
||||
+ } else {
|
||||
+ write_elf32_notes(fd_write_vmcore, s, errp);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* write elf header, PT_NOTE and elf note to vmcore. */
|
||||
static void dump_begin(DumpState *s, Error **errp)
|
||||
{
|
||||
@@ -579,13 +588,8 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
- if (dump_is_64bit(s)) {
|
||||
- /* write notes to vmcore */
|
||||
- write_elf64_notes(fd_write_vmcore, s, errp);
|
||||
- } else {
|
||||
- /* write notes to vmcore */
|
||||
- write_elf32_notes(fd_write_vmcore, s, errp);
|
||||
- }
|
||||
+ /* write notes to vmcore */
|
||||
+ write_elf_notes(s, errp);
|
||||
}
|
||||
|
||||
static int get_next_block(DumpState *s, GuestPhysBlock *block)
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,169 @@
|
|||
From f87abe1ef14e80731249ebe9fe1bea569a68e9b4 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:36:01 +0000
|
||||
Subject: [PATCH 19/42] dump: Consolidate phdr note writes
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [19/41] 180c4c0ab4941a0bf366dc7f32ee035e03daa6c0
|
||||
|
||||
There's no need to have two write functions. Let's rather have two
|
||||
functions that set the data for elf 32/64 and then write it in a
|
||||
common function.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-8-frankja@linux.ibm.com>
|
||||
(cherry picked from commit bc7d558017e6700f9a05c61b0b638a8994945f0d)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 94 +++++++++++++++++++++++++++--------------------------
|
||||
1 file changed, 48 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 6394e94023..823ca32883 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -246,24 +246,15 @@ static void write_elf32_load(DumpState *s, MemoryMapping *memory_mapping,
|
||||
}
|
||||
}
|
||||
|
||||
-static void write_elf64_note(DumpState *s, Error **errp)
|
||||
+static void write_elf64_phdr_note(DumpState *s, Elf64_Phdr *phdr)
|
||||
{
|
||||
- Elf64_Phdr phdr;
|
||||
- int ret;
|
||||
-
|
||||
- memset(&phdr, 0, sizeof(Elf64_Phdr));
|
||||
- phdr.p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
- phdr.p_offset = cpu_to_dump64(s, s->note_offset);
|
||||
- phdr.p_paddr = 0;
|
||||
- phdr.p_filesz = cpu_to_dump64(s, s->note_size);
|
||||
- phdr.p_memsz = cpu_to_dump64(s, s->note_size);
|
||||
- phdr.p_vaddr = 0;
|
||||
-
|
||||
- ret = fd_write_vmcore(&phdr, sizeof(Elf64_Phdr), s);
|
||||
- if (ret < 0) {
|
||||
- error_setg_errno(errp, -ret,
|
||||
- "dump: failed to write program header table");
|
||||
- }
|
||||
+ memset(phdr, 0, sizeof(*phdr));
|
||||
+ phdr->p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
+ phdr->p_offset = cpu_to_dump64(s, s->note_offset);
|
||||
+ phdr->p_paddr = 0;
|
||||
+ phdr->p_filesz = cpu_to_dump64(s, s->note_size);
|
||||
+ phdr->p_memsz = cpu_to_dump64(s, s->note_size);
|
||||
+ phdr->p_vaddr = 0;
|
||||
}
|
||||
|
||||
static inline int cpu_index(CPUState *cpu)
|
||||
@@ -311,24 +302,15 @@ static void write_elf64_notes(WriteCoreDumpFunction f, DumpState *s,
|
||||
write_guest_note(f, s, errp);
|
||||
}
|
||||
|
||||
-static void write_elf32_note(DumpState *s, Error **errp)
|
||||
+static void write_elf32_phdr_note(DumpState *s, Elf32_Phdr *phdr)
|
||||
{
|
||||
- Elf32_Phdr phdr;
|
||||
- int ret;
|
||||
-
|
||||
- memset(&phdr, 0, sizeof(Elf32_Phdr));
|
||||
- phdr.p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
- phdr.p_offset = cpu_to_dump32(s, s->note_offset);
|
||||
- phdr.p_paddr = 0;
|
||||
- phdr.p_filesz = cpu_to_dump32(s, s->note_size);
|
||||
- phdr.p_memsz = cpu_to_dump32(s, s->note_size);
|
||||
- phdr.p_vaddr = 0;
|
||||
-
|
||||
- ret = fd_write_vmcore(&phdr, sizeof(Elf32_Phdr), s);
|
||||
- if (ret < 0) {
|
||||
- error_setg_errno(errp, -ret,
|
||||
- "dump: failed to write program header table");
|
||||
- }
|
||||
+ memset(phdr, 0, sizeof(*phdr));
|
||||
+ phdr->p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
+ phdr->p_offset = cpu_to_dump32(s, s->note_offset);
|
||||
+ phdr->p_paddr = 0;
|
||||
+ phdr->p_filesz = cpu_to_dump32(s, s->note_size);
|
||||
+ phdr->p_memsz = cpu_to_dump32(s, s->note_size);
|
||||
+ phdr->p_vaddr = 0;
|
||||
}
|
||||
|
||||
static void write_elf32_notes(WriteCoreDumpFunction f, DumpState *s,
|
||||
@@ -358,6 +340,32 @@ static void write_elf32_notes(WriteCoreDumpFunction f, DumpState *s,
|
||||
write_guest_note(f, s, errp);
|
||||
}
|
||||
|
||||
+static void write_elf_phdr_note(DumpState *s, Error **errp)
|
||||
+{
|
||||
+ ERRP_GUARD();
|
||||
+ Elf32_Phdr phdr32;
|
||||
+ Elf64_Phdr phdr64;
|
||||
+ void *phdr;
|
||||
+ size_t size;
|
||||
+ int ret;
|
||||
+
|
||||
+ if (dump_is_64bit(s)) {
|
||||
+ write_elf64_phdr_note(s, &phdr64);
|
||||
+ size = sizeof(phdr64);
|
||||
+ phdr = &phdr64;
|
||||
+ } else {
|
||||
+ write_elf32_phdr_note(s, &phdr32);
|
||||
+ size = sizeof(phdr32);
|
||||
+ phdr = &phdr32;
|
||||
+ }
|
||||
+
|
||||
+ ret = fd_write_vmcore(phdr, size, s);
|
||||
+ if (ret < 0) {
|
||||
+ error_setg_errno(errp, -ret,
|
||||
+ "dump: failed to write program header table");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void write_elf_section(DumpState *s, int type, Error **errp)
|
||||
{
|
||||
Elf32_Shdr shdr32;
|
||||
@@ -551,13 +559,13 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- if (dump_is_64bit(s)) {
|
||||
- /* write PT_NOTE to vmcore */
|
||||
- write_elf64_note(s, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
+ /* write PT_NOTE to vmcore */
|
||||
+ write_elf_phdr_note(s, errp);
|
||||
+ if (*errp) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
+ if (dump_is_64bit(s)) {
|
||||
/* write all PT_LOAD to vmcore */
|
||||
write_elf_loads(s, errp);
|
||||
if (*errp) {
|
||||
@@ -578,12 +586,6 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
- /* write PT_NOTE to vmcore */
|
||||
- write_elf32_note(s, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
/* write all PT_LOAD to vmcore */
|
||||
write_elf_loads(s, errp);
|
||||
if (*errp) {
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,118 @@
|
|||
From c851676d202b5b76962529f3b6d433936becbd8a Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:36:00 +0000
|
||||
Subject: [PATCH 18/42] dump: Introduce dump_is_64bit() helper function
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [18/41] a0fd2d1985c61b8e50d4a7ca26bc0ee6fcaa6196
|
||||
|
||||
Checking d_class in dump_info leads to lengthy conditionals so let's
|
||||
shorten things a bit by introducing a helper function.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-7-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 05bbaa5040ccb3419e8b93af8040485430e2db42)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 25 +++++++++++++++----------
|
||||
1 file changed, 15 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 85a402b38c..6394e94023 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -55,6 +55,11 @@ static Error *dump_migration_blocker;
|
||||
DIV_ROUND_UP((name_size), 4) + \
|
||||
DIV_ROUND_UP((desc_size), 4)) * 4)
|
||||
|
||||
+static inline bool dump_is_64bit(DumpState *s)
|
||||
+{
|
||||
+ return s->dump_info.d_class == ELFCLASS64;
|
||||
+}
|
||||
+
|
||||
uint16_t cpu_to_dump16(DumpState *s, uint16_t val)
|
||||
{
|
||||
if (s->dump_info.d_endian == ELFDATA2LSB) {
|
||||
@@ -489,7 +494,7 @@ static void write_elf_loads(DumpState *s, Error **errp)
|
||||
get_offset_range(memory_mapping->phys_addr,
|
||||
memory_mapping->length,
|
||||
s, &offset, &filesz);
|
||||
- if (s->dump_info.d_class == ELFCLASS64) {
|
||||
+ if (dump_is_64bit(s)) {
|
||||
write_elf64_load(s, memory_mapping, phdr_index++, offset,
|
||||
filesz, errp);
|
||||
} else {
|
||||
@@ -537,7 +542,7 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
*/
|
||||
|
||||
/* write elf header to vmcore */
|
||||
- if (s->dump_info.d_class == ELFCLASS64) {
|
||||
+ if (dump_is_64bit(s)) {
|
||||
write_elf64_header(s, errp);
|
||||
} else {
|
||||
write_elf32_header(s, errp);
|
||||
@@ -546,7 +551,7 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- if (s->dump_info.d_class == ELFCLASS64) {
|
||||
+ if (dump_is_64bit(s)) {
|
||||
/* write PT_NOTE to vmcore */
|
||||
write_elf64_note(s, errp);
|
||||
if (*errp) {
|
||||
@@ -757,7 +762,7 @@ static void get_note_sizes(DumpState *s, const void *note,
|
||||
uint64_t name_sz;
|
||||
uint64_t desc_sz;
|
||||
|
||||
- if (s->dump_info.d_class == ELFCLASS64) {
|
||||
+ if (dump_is_64bit(s)) {
|
||||
const Elf64_Nhdr *hdr = note;
|
||||
note_head_sz = sizeof(Elf64_Nhdr);
|
||||
name_sz = tswap64(hdr->n_namesz);
|
||||
@@ -1017,10 +1022,10 @@ out:
|
||||
|
||||
static void write_dump_header(DumpState *s, Error **errp)
|
||||
{
|
||||
- if (s->dump_info.d_class == ELFCLASS32) {
|
||||
- create_header32(s, errp);
|
||||
- } else {
|
||||
+ if (dump_is_64bit(s)) {
|
||||
create_header64(s, errp);
|
||||
+ } else {
|
||||
+ create_header32(s, errp);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1715,8 +1720,8 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
uint32_t size;
|
||||
uint16_t format;
|
||||
|
||||
- note_head_size = s->dump_info.d_class == ELFCLASS32 ?
|
||||
- sizeof(Elf32_Nhdr) : sizeof(Elf64_Nhdr);
|
||||
+ note_head_size = dump_is_64bit(s) ?
|
||||
+ sizeof(Elf64_Nhdr) : sizeof(Elf32_Nhdr);
|
||||
|
||||
format = le16_to_cpu(vmci->vmcoreinfo.guest_format);
|
||||
size = le32_to_cpu(vmci->vmcoreinfo.size);
|
||||
@@ -1819,7 +1824,7 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
}
|
||||
|
||||
- if (s->dump_info.d_class == ELFCLASS64) {
|
||||
+ if (dump_is_64bit(s)) {
|
||||
s->phdr_offset = sizeof(Elf64_Ehdr);
|
||||
s->shdr_offset = s->phdr_offset + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
s->note_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,136 @@
|
|||
From 255722667a4fa4d522bb0b7e0825cbbe635abb8d Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:35:57 +0000
|
||||
Subject: [PATCH 15/42] dump: Introduce shdr_num to decrease complexity
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [15/41] b0215ea5d381ef7f6abfe3f3bafea51ce933da56
|
||||
|
||||
Let's move from a boolean to a int variable which will later enable us
|
||||
to store the number of sections that are in the dump file.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-4-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 862a395858e5a302ed5921487777acdc95a3a31b)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 24 ++++++++++++------------
|
||||
include/sysemu/dump.h | 2 +-
|
||||
2 files changed, 13 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 7236b167cc..972e28b089 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -145,12 +145,12 @@ static void write_elf64_header(DumpState *s, Error **errp)
|
||||
elf_header.e_phoff = cpu_to_dump64(s, sizeof(Elf64_Ehdr));
|
||||
elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
|
||||
elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
- if (s->have_section) {
|
||||
+ if (s->shdr_num) {
|
||||
uint64_t shoff = sizeof(Elf64_Ehdr) + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
|
||||
elf_header.e_shoff = cpu_to_dump64(s, shoff);
|
||||
elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
- elf_header.e_shnum = cpu_to_dump16(s, 1);
|
||||
+ elf_header.e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
}
|
||||
|
||||
ret = fd_write_vmcore(&elf_header, sizeof(elf_header), s);
|
||||
@@ -182,12 +182,12 @@ static void write_elf32_header(DumpState *s, Error **errp)
|
||||
elf_header.e_phoff = cpu_to_dump32(s, sizeof(Elf32_Ehdr));
|
||||
elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
|
||||
elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
- if (s->have_section) {
|
||||
+ if (s->shdr_num) {
|
||||
uint32_t shoff = sizeof(Elf32_Ehdr) + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
|
||||
elf_header.e_shoff = cpu_to_dump32(s, shoff);
|
||||
elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
- elf_header.e_shnum = cpu_to_dump16(s, 1);
|
||||
+ elf_header.e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
}
|
||||
|
||||
ret = fd_write_vmcore(&elf_header, sizeof(elf_header), s);
|
||||
@@ -566,7 +566,7 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
}
|
||||
|
||||
/* write section to vmcore */
|
||||
- if (s->have_section) {
|
||||
+ if (s->shdr_num) {
|
||||
write_elf_section(s, 1, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
@@ -592,7 +592,7 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
}
|
||||
|
||||
/* write section to vmcore */
|
||||
- if (s->have_section) {
|
||||
+ if (s->shdr_num) {
|
||||
write_elf_section(s, 0, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
@@ -1811,11 +1811,11 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
*/
|
||||
s->phdr_num = 1; /* PT_NOTE */
|
||||
if (s->list.num < UINT16_MAX - 2) {
|
||||
+ s->shdr_num = 0;
|
||||
s->phdr_num += s->list.num;
|
||||
- s->have_section = false;
|
||||
} else {
|
||||
/* sh_info of section 0 holds the real number of phdrs */
|
||||
- s->have_section = true;
|
||||
+ s->shdr_num = 1;
|
||||
|
||||
/* the type of shdr->sh_info is uint32_t, so we should avoid overflow */
|
||||
if (s->list.num <= UINT32_MAX - 1) {
|
||||
@@ -1826,19 +1826,19 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
- if (s->have_section) {
|
||||
+ if (s->shdr_num) {
|
||||
s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
sizeof(Elf64_Phdr) * s->phdr_num +
|
||||
- sizeof(Elf64_Shdr) + s->note_size;
|
||||
+ sizeof(Elf64_Shdr) * s->shdr_num + s->note_size;
|
||||
} else {
|
||||
s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
sizeof(Elf64_Phdr) * s->phdr_num + s->note_size;
|
||||
}
|
||||
} else {
|
||||
- if (s->have_section) {
|
||||
+ if (s->shdr_num) {
|
||||
s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
sizeof(Elf32_Phdr) * s->phdr_num +
|
||||
- sizeof(Elf32_Shdr) + s->note_size;
|
||||
+ sizeof(Elf32_Shdr) * s->shdr_num + s->note_size;
|
||||
} else {
|
||||
s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
sizeof(Elf32_Phdr) * s->phdr_num + s->note_size;
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index b463fc9c02..19458bffbd 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -155,7 +155,7 @@ typedef struct DumpState {
|
||||
ArchDumpInfo dump_info;
|
||||
MemoryMappingList list;
|
||||
uint32_t phdr_num;
|
||||
- bool have_section;
|
||||
+ uint32_t shdr_num;
|
||||
bool resume;
|
||||
bool detached;
|
||||
ssize_t note_size;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,142 @@
|
|||
From a18ba2fbaf132724e81be92da42b36d8f365e66c Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:10:56 +0000
|
||||
Subject: [PATCH 24/42] dump: Refactor dump_iterate and introduce
|
||||
dump_filter_memblock_*()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [24/41] 74ef470f24d9d98093c4d63730a99474587033fd
|
||||
|
||||
The iteration over the memblocks in dump_iterate() is hard to
|
||||
understand so it's about time to clean it up. Instead of manually
|
||||
grabbing the next memblock we can use QTAILQ_FOREACH to iterate over
|
||||
all memblocks.
|
||||
|
||||
Additionally we move the calculation of the offset and length out by
|
||||
introducing and using the dump_filter_memblock_*() functions. These
|
||||
functions will later be used to cleanup other parts of dump.c.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220811121111.9878-4-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 1e8113032f5b1efc5da66382470ce4809c76f8f2)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 74 ++++++++++++++++++++++++++++++-----------------------
|
||||
1 file changed, 42 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index fa787f379f..d981e843dd 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -592,31 +592,43 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
write_elf_notes(s, errp);
|
||||
}
|
||||
|
||||
-static int get_next_block(DumpState *s, GuestPhysBlock *block)
|
||||
+static int64_t dump_filtered_memblock_size(GuestPhysBlock *block,
|
||||
+ int64_t filter_area_start,
|
||||
+ int64_t filter_area_length)
|
||||
{
|
||||
- while (1) {
|
||||
- block = QTAILQ_NEXT(block, next);
|
||||
- if (!block) {
|
||||
- /* no more block */
|
||||
- return 1;
|
||||
- }
|
||||
+ int64_t size, left, right;
|
||||
|
||||
- s->start = 0;
|
||||
- s->next_block = block;
|
||||
- if (s->has_filter) {
|
||||
- if (block->target_start >= s->begin + s->length ||
|
||||
- block->target_end <= s->begin) {
|
||||
- /* This block is out of the range */
|
||||
- continue;
|
||||
- }
|
||||
+ /* No filter, return full size */
|
||||
+ if (!filter_area_length) {
|
||||
+ return block->target_end - block->target_start;
|
||||
+ }
|
||||
|
||||
- if (s->begin > block->target_start) {
|
||||
- s->start = s->begin - block->target_start;
|
||||
- }
|
||||
+ /* calculate the overlapped region. */
|
||||
+ left = MAX(filter_area_start, block->target_start);
|
||||
+ right = MIN(filter_area_start + filter_area_length, block->target_end);
|
||||
+ size = right - left;
|
||||
+ size = size > 0 ? size : 0;
|
||||
+
|
||||
+ return size;
|
||||
+}
|
||||
+
|
||||
+static int64_t dump_filtered_memblock_start(GuestPhysBlock *block,
|
||||
+ int64_t filter_area_start,
|
||||
+ int64_t filter_area_length)
|
||||
+{
|
||||
+ if (filter_area_length) {
|
||||
+ /* return -1 if the block is not within filter area */
|
||||
+ if (block->target_start >= filter_area_start + filter_area_length ||
|
||||
+ block->target_end <= filter_area_start) {
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
- return 0;
|
||||
+ if (filter_area_start > block->target_start) {
|
||||
+ return filter_area_start - block->target_start;
|
||||
+ }
|
||||
}
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/* write all memory to vmcore */
|
||||
@@ -624,24 +636,22 @@ static void dump_iterate(DumpState *s, Error **errp)
|
||||
{
|
||||
ERRP_GUARD();
|
||||
GuestPhysBlock *block;
|
||||
- int64_t size;
|
||||
-
|
||||
- do {
|
||||
- block = s->next_block;
|
||||
+ int64_t memblock_size, memblock_start;
|
||||
|
||||
- size = block->target_end - block->target_start;
|
||||
- if (s->has_filter) {
|
||||
- size -= s->start;
|
||||
- if (s->begin + s->length < block->target_end) {
|
||||
- size -= block->target_end - (s->begin + s->length);
|
||||
- }
|
||||
+ QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
+ memblock_start = dump_filtered_memblock_start(block, s->begin, s->length);
|
||||
+ if (memblock_start == -1) {
|
||||
+ continue;
|
||||
}
|
||||
- write_memory(s, block, s->start, size, errp);
|
||||
+
|
||||
+ memblock_size = dump_filtered_memblock_size(block, s->begin, s->length);
|
||||
+
|
||||
+ /* Write the memory to file */
|
||||
+ write_memory(s, block, memblock_start, memblock_size, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
-
|
||||
- } while (!get_next_block(s, block));
|
||||
+ }
|
||||
}
|
||||
|
||||
static void create_vmcore(DumpState *s, Error **errp)
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
From 6932fe3afbec443bbf6acff5b707536254e1bc37 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Mon, 17 Oct 2022 08:38:16 +0000
|
||||
Subject: [PATCH 35/42] dump: Reintroduce memory_offset and section_offset
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [35/41] e60c0d066aeeedb42e724712bc3aa7b7591c6c79
|
||||
|
||||
section_offset will later be used to store the offset to the section
|
||||
data which will be stored last. For now memory_offset is only needed
|
||||
to make section_offset look nicer.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20221017083822.43118-5-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 13fd417ddc81a1685c6a8f4e1c80bbfe7150f164)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index d17537d4e9..7a42401790 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -1885,6 +1885,8 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
s->phdr_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
|
||||
s->note_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
}
|
||||
+ s->memory_offset = s->note_offset + s->note_size;
|
||||
+ s->section_offset = s->memory_offset + s->total_size;
|
||||
|
||||
return;
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From a8eeab6936a2bd27b33b63aed7e2ef96034f7772 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:35:58 +0000
|
||||
Subject: [PATCH 16/42] dump: Remove the section if when calculating the memory
|
||||
offset
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [16/41] ff214d2c23b9cb16fd49d22d976829267df43133
|
||||
|
||||
When s->shdr_num is 0 we'll add 0 bytes of section headers which is
|
||||
equivalent to not adding section headers but with the multiplication
|
||||
we can remove a if/else.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-5-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 344107e07bd81546474a54ab83800158ca953059)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 24 ++++++++----------------
|
||||
1 file changed, 8 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 972e28b089..5cc2322325 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -1826,23 +1826,15 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
- if (s->shdr_num) {
|
||||
- s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
- sizeof(Elf64_Phdr) * s->phdr_num +
|
||||
- sizeof(Elf64_Shdr) * s->shdr_num + s->note_size;
|
||||
- } else {
|
||||
- s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
- sizeof(Elf64_Phdr) * s->phdr_num + s->note_size;
|
||||
- }
|
||||
+ s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
+ sizeof(Elf64_Phdr) * s->phdr_num +
|
||||
+ sizeof(Elf64_Shdr) * s->shdr_num +
|
||||
+ s->note_size;
|
||||
} else {
|
||||
- if (s->shdr_num) {
|
||||
- s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
- sizeof(Elf32_Phdr) * s->phdr_num +
|
||||
- sizeof(Elf32_Shdr) * s->shdr_num + s->note_size;
|
||||
- } else {
|
||||
- s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
- sizeof(Elf32_Phdr) * s->phdr_num + s->note_size;
|
||||
- }
|
||||
+ s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
+ sizeof(Elf32_Phdr) * s->phdr_num +
|
||||
+ sizeof(Elf32_Shdr) * s->shdr_num +
|
||||
+ s->note_size;
|
||||
}
|
||||
|
||||
return;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,176 @@
|
|||
From eb763bec53d6b9aea7a6b60b0cf8c5d8b5f1b35c Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 7 Apr 2022 09:48:24 +0000
|
||||
Subject: [PATCH 14/42] dump: Remove the sh_info variable
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [14/41] 24af12b78c8f5a02cf85df2f6b1d64249f9499c9
|
||||
|
||||
There's no need to have phdr_num and sh_info at the same time. We can
|
||||
make phdr_num 32 bit and set PN_XNUM when we write the header if
|
||||
phdr_num >= PN_XNUM.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220407094824.5074-1-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 046bc4160bc780eaacc2d702a2589f1a7a01188d)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 44 +++++++++++++++++++++++--------------------
|
||||
include/sysemu/dump.h | 3 +--
|
||||
2 files changed, 25 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 9876123f2e..7236b167cc 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -124,6 +124,12 @@ static int fd_write_vmcore(const void *buf, size_t size, void *opaque)
|
||||
|
||||
static void write_elf64_header(DumpState *s, Error **errp)
|
||||
{
|
||||
+ /*
|
||||
+ * phnum in the elf header is 16 bit, if we have more segments we
|
||||
+ * set phnum to PN_XNUM and write the real number of segments to a
|
||||
+ * special section.
|
||||
+ */
|
||||
+ uint16_t phnum = MIN(s->phdr_num, PN_XNUM);
|
||||
Elf64_Ehdr elf_header;
|
||||
int ret;
|
||||
|
||||
@@ -138,9 +144,9 @@ static void write_elf64_header(DumpState *s, Error **errp)
|
||||
elf_header.e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
elf_header.e_phoff = cpu_to_dump64(s, sizeof(Elf64_Ehdr));
|
||||
elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
|
||||
- elf_header.e_phnum = cpu_to_dump16(s, s->phdr_num);
|
||||
+ elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
if (s->have_section) {
|
||||
- uint64_t shoff = sizeof(Elf64_Ehdr) + sizeof(Elf64_Phdr) * s->sh_info;
|
||||
+ uint64_t shoff = sizeof(Elf64_Ehdr) + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
|
||||
elf_header.e_shoff = cpu_to_dump64(s, shoff);
|
||||
elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
@@ -155,6 +161,12 @@ static void write_elf64_header(DumpState *s, Error **errp)
|
||||
|
||||
static void write_elf32_header(DumpState *s, Error **errp)
|
||||
{
|
||||
+ /*
|
||||
+ * phnum in the elf header is 16 bit, if we have more segments we
|
||||
+ * set phnum to PN_XNUM and write the real number of segments to a
|
||||
+ * special section.
|
||||
+ */
|
||||
+ uint16_t phnum = MIN(s->phdr_num, PN_XNUM);
|
||||
Elf32_Ehdr elf_header;
|
||||
int ret;
|
||||
|
||||
@@ -169,9 +181,9 @@ static void write_elf32_header(DumpState *s, Error **errp)
|
||||
elf_header.e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
elf_header.e_phoff = cpu_to_dump32(s, sizeof(Elf32_Ehdr));
|
||||
elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
|
||||
- elf_header.e_phnum = cpu_to_dump16(s, s->phdr_num);
|
||||
+ elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
if (s->have_section) {
|
||||
- uint32_t shoff = sizeof(Elf32_Ehdr) + sizeof(Elf32_Phdr) * s->sh_info;
|
||||
+ uint32_t shoff = sizeof(Elf32_Ehdr) + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
|
||||
elf_header.e_shoff = cpu_to_dump32(s, shoff);
|
||||
elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
@@ -358,12 +370,12 @@ static void write_elf_section(DumpState *s, int type, Error **errp)
|
||||
if (type == 0) {
|
||||
shdr_size = sizeof(Elf32_Shdr);
|
||||
memset(&shdr32, 0, shdr_size);
|
||||
- shdr32.sh_info = cpu_to_dump32(s, s->sh_info);
|
||||
+ shdr32.sh_info = cpu_to_dump32(s, s->phdr_num);
|
||||
shdr = &shdr32;
|
||||
} else {
|
||||
shdr_size = sizeof(Elf64_Shdr);
|
||||
memset(&shdr64, 0, shdr_size);
|
||||
- shdr64.sh_info = cpu_to_dump32(s, s->sh_info);
|
||||
+ shdr64.sh_info = cpu_to_dump32(s, s->phdr_num);
|
||||
shdr = &shdr64;
|
||||
}
|
||||
|
||||
@@ -478,13 +490,6 @@ static void write_elf_loads(DumpState *s, Error **errp)
|
||||
hwaddr offset, filesz;
|
||||
MemoryMapping *memory_mapping;
|
||||
uint32_t phdr_index = 1;
|
||||
- uint32_t max_index;
|
||||
-
|
||||
- if (s->have_section) {
|
||||
- max_index = s->sh_info;
|
||||
- } else {
|
||||
- max_index = s->phdr_num;
|
||||
- }
|
||||
|
||||
QTAILQ_FOREACH(memory_mapping, &s->list.head, next) {
|
||||
get_offset_range(memory_mapping->phys_addr,
|
||||
@@ -502,7 +507,7 @@ static void write_elf_loads(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- if (phdr_index >= max_index) {
|
||||
+ if (phdr_index >= s->phdr_num) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -1809,22 +1814,21 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
s->phdr_num += s->list.num;
|
||||
s->have_section = false;
|
||||
} else {
|
||||
+ /* sh_info of section 0 holds the real number of phdrs */
|
||||
s->have_section = true;
|
||||
- s->phdr_num = PN_XNUM;
|
||||
- s->sh_info = 1; /* PT_NOTE */
|
||||
|
||||
/* the type of shdr->sh_info is uint32_t, so we should avoid overflow */
|
||||
if (s->list.num <= UINT32_MAX - 1) {
|
||||
- s->sh_info += s->list.num;
|
||||
+ s->phdr_num += s->list.num;
|
||||
} else {
|
||||
- s->sh_info = UINT32_MAX;
|
||||
+ s->phdr_num = UINT32_MAX;
|
||||
}
|
||||
}
|
||||
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
if (s->have_section) {
|
||||
s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
- sizeof(Elf64_Phdr) * s->sh_info +
|
||||
+ sizeof(Elf64_Phdr) * s->phdr_num +
|
||||
sizeof(Elf64_Shdr) + s->note_size;
|
||||
} else {
|
||||
s->memory_offset = sizeof(Elf64_Ehdr) +
|
||||
@@ -1833,7 +1837,7 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
} else {
|
||||
if (s->have_section) {
|
||||
s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
- sizeof(Elf32_Phdr) * s->sh_info +
|
||||
+ sizeof(Elf32_Phdr) * s->phdr_num +
|
||||
sizeof(Elf32_Shdr) + s->note_size;
|
||||
} else {
|
||||
s->memory_offset = sizeof(Elf32_Ehdr) +
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index 250143cb5a..b463fc9c02 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -154,8 +154,7 @@ typedef struct DumpState {
|
||||
GuestPhysBlockList guest_phys_blocks;
|
||||
ArchDumpInfo dump_info;
|
||||
MemoryMappingList list;
|
||||
- uint16_t phdr_num;
|
||||
- uint32_t sh_info;
|
||||
+ uint32_t phdr_num;
|
||||
bool have_section;
|
||||
bool resume;
|
||||
bool detached;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
From 18fef7f02801d51207d67b8f8ec5f0d828889c78 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:11:01 +0000
|
||||
Subject: [PATCH 29/42] dump: Rename write_elf*_phdr_note to
|
||||
prepare_elf*_phdr_note
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [29/41] 876cea6f6e51be8df2763f56d0daef99d11fdd49
|
||||
|
||||
The functions in question do not actually write to the file descriptor
|
||||
they set up a buffer which is later written to the fd.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220811121111.9878-9-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 2341a94d3a0a8a93a5a977e642da1807b8edaab8)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 8d5226f861..c2c1341ad7 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -261,7 +261,7 @@ static void write_elf32_load(DumpState *s, MemoryMapping *memory_mapping,
|
||||
}
|
||||
}
|
||||
|
||||
-static void write_elf64_phdr_note(DumpState *s, Elf64_Phdr *phdr)
|
||||
+static void prepare_elf64_phdr_note(DumpState *s, Elf64_Phdr *phdr)
|
||||
{
|
||||
memset(phdr, 0, sizeof(*phdr));
|
||||
phdr->p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
@@ -317,7 +317,7 @@ static void write_elf64_notes(WriteCoreDumpFunction f, DumpState *s,
|
||||
write_guest_note(f, s, errp);
|
||||
}
|
||||
|
||||
-static void write_elf32_phdr_note(DumpState *s, Elf32_Phdr *phdr)
|
||||
+static void prepare_elf32_phdr_note(DumpState *s, Elf32_Phdr *phdr)
|
||||
{
|
||||
memset(phdr, 0, sizeof(*phdr));
|
||||
phdr->p_type = cpu_to_dump32(s, PT_NOTE);
|
||||
@@ -365,11 +365,11 @@ static void write_elf_phdr_note(DumpState *s, Error **errp)
|
||||
int ret;
|
||||
|
||||
if (dump_is_64bit(s)) {
|
||||
- write_elf64_phdr_note(s, &phdr64);
|
||||
+ prepare_elf64_phdr_note(s, &phdr64);
|
||||
size = sizeof(phdr64);
|
||||
phdr = &phdr64;
|
||||
} else {
|
||||
- write_elf32_phdr_note(s, &phdr32);
|
||||
+ prepare_elf32_phdr_note(s, &phdr32);
|
||||
size = sizeof(phdr32);
|
||||
phdr = &phdr32;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
From 04d4947a22fe3192384ff486d0a979d799ded98e Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:10:55 +0000
|
||||
Subject: [PATCH 23/42] dump: Rename write_elf_loads to write_elf_phdr_loads
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [23/41] 18e3ef70b97c525b7c43cf12143204bdb1060e4f
|
||||
|
||||
Let's make it a bit clearer that we write the program headers of the
|
||||
PT_LOAD type.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Reviewed-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
|
||||
Reviewed-by: Steffen Eiden <seiden@ibm.linux.com>
|
||||
Message-Id: <20220811121111.9878-3-frankja@linux.ibm.com>
|
||||
(cherry picked from commit afae6056ea79e2d89fd90867de3a01732eae724f)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index a451abc590..fa787f379f 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -491,7 +491,7 @@ static void get_offset_range(hwaddr phys_addr,
|
||||
}
|
||||
}
|
||||
|
||||
-static void write_elf_loads(DumpState *s, Error **errp)
|
||||
+static void write_elf_phdr_loads(DumpState *s, Error **errp)
|
||||
{
|
||||
ERRP_GUARD();
|
||||
hwaddr offset, filesz;
|
||||
@@ -574,8 +574,8 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- /* write all PT_LOAD to vmcore */
|
||||
- write_elf_loads(s, errp);
|
||||
+ /* write all PT_LOADs to vmcore */
|
||||
+ write_elf_phdr_loads(s, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
From 7e8d6290099b33f88621b45e62652a97704c9573 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Mon, 17 Oct 2022 08:38:15 +0000
|
||||
Subject: [PATCH 34/42] dump: Reorder struct DumpState
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [34/41] 8d44e5e8c86ea5b33644eba141046cd657d0071e
|
||||
|
||||
Let's move ELF related members into one block and guest memory related
|
||||
ones into another to improve readability.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20221017083822.43118-4-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 8384b73c46fd474847d7e74d121318e344edc3c4)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
include/sysemu/dump.h | 16 +++++++++-------
|
||||
1 file changed, 9 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index 9995f65dc8..9ed811b313 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -154,15 +154,8 @@ typedef struct DumpState {
|
||||
GuestPhysBlockList guest_phys_blocks;
|
||||
ArchDumpInfo dump_info;
|
||||
MemoryMappingList list;
|
||||
- uint32_t phdr_num;
|
||||
- uint32_t shdr_num;
|
||||
bool resume;
|
||||
bool detached;
|
||||
- ssize_t note_size;
|
||||
- hwaddr shdr_offset;
|
||||
- hwaddr phdr_offset;
|
||||
- hwaddr section_offset;
|
||||
- hwaddr note_offset;
|
||||
hwaddr memory_offset;
|
||||
int fd;
|
||||
|
||||
@@ -177,6 +170,15 @@ typedef struct DumpState {
|
||||
int64_t filter_area_begin; /* Start address of partial guest memory area */
|
||||
int64_t filter_area_length; /* Length of partial guest memory area */
|
||||
|
||||
+ /* Elf dump related data */
|
||||
+ uint32_t phdr_num;
|
||||
+ uint32_t shdr_num;
|
||||
+ ssize_t note_size;
|
||||
+ hwaddr shdr_offset;
|
||||
+ hwaddr phdr_offset;
|
||||
+ hwaddr section_offset;
|
||||
+ hwaddr note_offset;
|
||||
+
|
||||
void *elf_section_hdrs; /* Pointer to section header buffer */
|
||||
|
||||
uint8_t *note_buf; /* buffer for notes */
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,467 @@
|
|||
From 8f674e0e12e4b88fc035948612a0b0949e0ad892 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:10:54 +0000
|
||||
Subject: [PATCH 22/42] dump: Replace opaque DumpState pointer with a typed one
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [22/41] 5f071d7ef441ae6f5da70eb56018c4657deee3d7
|
||||
|
||||
It's always better to convey the type of a pointer if at all
|
||||
possible. So let's add the DumpState typedef to typedefs.h and move
|
||||
the dump note functions from the opaque pointers to DumpState
|
||||
pointers.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
CC: Peter Maydell <peter.maydell@linaro.org>
|
||||
CC: Cédric Le Goater <clg@kaod.org>
|
||||
CC: Daniel Henrique Barboza <danielhb413@gmail.com>
|
||||
CC: David Gibson <david@gibson.dropbear.id.au>
|
||||
CC: Greg Kurz <groug@kaod.org>
|
||||
CC: Palmer Dabbelt <palmer@dabbelt.com>
|
||||
CC: Alistair Francis <alistair.francis@wdc.com>
|
||||
CC: Bin Meng <bin.meng@windriver.com>
|
||||
CC: Cornelia Huck <cohuck@redhat.com>
|
||||
CC: Thomas Huth <thuth@redhat.com>
|
||||
CC: Richard Henderson <richard.henderson@linaro.org>
|
||||
CC: David Hildenbrand <david@redhat.com>
|
||||
Acked-by: Daniel Henrique Barboza <danielhb413@gmail.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220811121111.9878-2-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 1af0006ab959864dfa2f59e9136c5fb93000b61f)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
include/hw/core/sysemu-cpu-ops.h | 8 ++++----
|
||||
include/qemu/typedefs.h | 1 +
|
||||
target/arm/arch_dump.c | 6 ++----
|
||||
target/arm/cpu.h | 4 ++--
|
||||
target/i386/arch_dump.c | 30 +++++++++++++++---------------
|
||||
target/i386/cpu.h | 8 ++++----
|
||||
target/ppc/arch_dump.c | 18 +++++++++---------
|
||||
target/ppc/cpu.h | 4 ++--
|
||||
target/riscv/arch_dump.c | 6 ++----
|
||||
target/riscv/cpu.h | 4 ++--
|
||||
target/s390x/arch_dump.c | 10 +++++-----
|
||||
target/s390x/s390x-internal.h | 2 +-
|
||||
12 files changed, 49 insertions(+), 52 deletions(-)
|
||||
|
||||
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
|
||||
index a9ba39e5f2..ee169b872c 100644
|
||||
--- a/include/hw/core/sysemu-cpu-ops.h
|
||||
+++ b/include/hw/core/sysemu-cpu-ops.h
|
||||
@@ -53,25 +53,25 @@ typedef struct SysemuCPUOps {
|
||||
* 32-bit VM coredump.
|
||||
*/
|
||||
int (*write_elf32_note)(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
/**
|
||||
* @write_elf64_note: Callback for writing a CPU-specific ELF note to a
|
||||
* 64-bit VM coredump.
|
||||
*/
|
||||
int (*write_elf64_note)(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
/**
|
||||
* @write_elf32_qemunote: Callback for writing a CPU- and QEMU-specific ELF
|
||||
* note to a 32-bit VM coredump.
|
||||
*/
|
||||
int (*write_elf32_qemunote)(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- void *opaque);
|
||||
+ DumpState *s);
|
||||
/**
|
||||
* @write_elf64_qemunote: Callback for writing a CPU- and QEMU-specific ELF
|
||||
* note to a 64-bit VM coredump.
|
||||
*/
|
||||
int (*write_elf64_qemunote)(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- void *opaque);
|
||||
+ DumpState *s);
|
||||
/**
|
||||
* @virtio_is_big_endian: Callback to return %true if a CPU which supports
|
||||
* runtime configurable endianness is currently big-endian.
|
||||
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
|
||||
index ee60eb3de4..ac9d031be6 100644
|
||||
--- a/include/qemu/typedefs.h
|
||||
+++ b/include/qemu/typedefs.h
|
||||
@@ -125,6 +125,7 @@ typedef struct VirtIODevice VirtIODevice;
|
||||
typedef struct Visitor Visitor;
|
||||
typedef struct VMChangeStateEntry VMChangeStateEntry;
|
||||
typedef struct VMStateDescription VMStateDescription;
|
||||
+typedef struct DumpState DumpState;
|
||||
|
||||
/*
|
||||
* Pointer types
|
||||
diff --git a/target/arm/arch_dump.c b/target/arm/arch_dump.c
|
||||
index 0184845310..3a824e0aa6 100644
|
||||
--- a/target/arm/arch_dump.c
|
||||
+++ b/target/arm/arch_dump.c
|
||||
@@ -232,12 +232,11 @@ static int aarch64_write_elf64_sve(WriteCoreDumpFunction f,
|
||||
#endif
|
||||
|
||||
int arm_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
struct aarch64_note note;
|
||||
ARMCPU *cpu = ARM_CPU(cs);
|
||||
CPUARMState *env = &cpu->env;
|
||||
- DumpState *s = opaque;
|
||||
uint64_t pstate, sp;
|
||||
int ret, i;
|
||||
|
||||
@@ -360,12 +359,11 @@ static int arm_write_elf32_vfp(WriteCoreDumpFunction f, CPUARMState *env,
|
||||
}
|
||||
|
||||
int arm_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
struct arm_note note;
|
||||
ARMCPU *cpu = ARM_CPU(cs);
|
||||
CPUARMState *env = &cpu->env;
|
||||
- DumpState *s = opaque;
|
||||
int ret, i;
|
||||
bool fpvalid = cpu_isar_feature(aa32_vfp_simd, cpu);
|
||||
|
||||
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
|
||||
index e33f37b70a..8d2f496ef9 100644
|
||||
--- a/target/arm/cpu.h
|
||||
+++ b/target/arm/cpu.h
|
||||
@@ -1065,9 +1065,9 @@ int arm_gen_dynamic_svereg_xml(CPUState *cpu, int base_reg);
|
||||
const char *arm_gdb_get_dynamic_xml(CPUState *cpu, const char *xmlname);
|
||||
|
||||
int arm_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
int arm_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
|
||||
#ifdef TARGET_AARCH64
|
||||
int aarch64_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
|
||||
diff --git a/target/i386/arch_dump.c b/target/i386/arch_dump.c
|
||||
index 004141fc04..c290910a04 100644
|
||||
--- a/target/i386/arch_dump.c
|
||||
+++ b/target/i386/arch_dump.c
|
||||
@@ -42,7 +42,7 @@ typedef struct {
|
||||
|
||||
static int x86_64_write_elf64_note(WriteCoreDumpFunction f,
|
||||
CPUX86State *env, int id,
|
||||
- void *opaque)
|
||||
+ DumpState *s)
|
||||
{
|
||||
x86_64_user_regs_struct regs;
|
||||
Elf64_Nhdr *note;
|
||||
@@ -94,7 +94,7 @@ static int x86_64_write_elf64_note(WriteCoreDumpFunction f,
|
||||
buf += descsz - sizeof(x86_64_user_regs_struct)-sizeof(target_ulong);
|
||||
memcpy(buf, ®s, sizeof(x86_64_user_regs_struct));
|
||||
|
||||
- ret = f(note, note_size, opaque);
|
||||
+ ret = f(note, note_size, s);
|
||||
g_free(note);
|
||||
if (ret < 0) {
|
||||
return -1;
|
||||
@@ -148,7 +148,7 @@ static void x86_fill_elf_prstatus(x86_elf_prstatus *prstatus, CPUX86State *env,
|
||||
}
|
||||
|
||||
static int x86_write_elf64_note(WriteCoreDumpFunction f, CPUX86State *env,
|
||||
- int id, void *opaque)
|
||||
+ int id, DumpState *s)
|
||||
{
|
||||
x86_elf_prstatus prstatus;
|
||||
Elf64_Nhdr *note;
|
||||
@@ -170,7 +170,7 @@ static int x86_write_elf64_note(WriteCoreDumpFunction f, CPUX86State *env,
|
||||
buf += ROUND_UP(name_size, 4);
|
||||
memcpy(buf, &prstatus, sizeof(prstatus));
|
||||
|
||||
- ret = f(note, note_size, opaque);
|
||||
+ ret = f(note, note_size, s);
|
||||
g_free(note);
|
||||
if (ret < 0) {
|
||||
return -1;
|
||||
@@ -180,7 +180,7 @@ static int x86_write_elf64_note(WriteCoreDumpFunction f, CPUX86State *env,
|
||||
}
|
||||
|
||||
int x86_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
X86CPU *cpu = X86_CPU(cs);
|
||||
int ret;
|
||||
@@ -189,10 +189,10 @@ int x86_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
bool lma = !!(first_x86_cpu->env.hflags & HF_LMA_MASK);
|
||||
|
||||
if (lma) {
|
||||
- ret = x86_64_write_elf64_note(f, &cpu->env, cpuid, opaque);
|
||||
+ ret = x86_64_write_elf64_note(f, &cpu->env, cpuid, s);
|
||||
} else {
|
||||
#endif
|
||||
- ret = x86_write_elf64_note(f, &cpu->env, cpuid, opaque);
|
||||
+ ret = x86_write_elf64_note(f, &cpu->env, cpuid, s);
|
||||
#ifdef TARGET_X86_64
|
||||
}
|
||||
#endif
|
||||
@@ -201,7 +201,7 @@ int x86_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
}
|
||||
|
||||
int x86_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
X86CPU *cpu = X86_CPU(cs);
|
||||
x86_elf_prstatus prstatus;
|
||||
@@ -224,7 +224,7 @@ int x86_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
buf += ROUND_UP(name_size, 4);
|
||||
memcpy(buf, &prstatus, sizeof(prstatus));
|
||||
|
||||
- ret = f(note, note_size, opaque);
|
||||
+ ret = f(note, note_size, s);
|
||||
g_free(note);
|
||||
if (ret < 0) {
|
||||
return -1;
|
||||
@@ -329,7 +329,7 @@ static void qemu_get_cpustate(QEMUCPUState *s, CPUX86State *env)
|
||||
|
||||
static inline int cpu_write_qemu_note(WriteCoreDumpFunction f,
|
||||
CPUX86State *env,
|
||||
- void *opaque,
|
||||
+ DumpState *s,
|
||||
int type)
|
||||
{
|
||||
QEMUCPUState state;
|
||||
@@ -369,7 +369,7 @@ static inline int cpu_write_qemu_note(WriteCoreDumpFunction f,
|
||||
buf += ROUND_UP(name_size, 4);
|
||||
memcpy(buf, &state, sizeof(state));
|
||||
|
||||
- ret = f(note, note_size, opaque);
|
||||
+ ret = f(note, note_size, s);
|
||||
g_free(note);
|
||||
if (ret < 0) {
|
||||
return -1;
|
||||
@@ -379,19 +379,19 @@ static inline int cpu_write_qemu_note(WriteCoreDumpFunction f,
|
||||
}
|
||||
|
||||
int x86_cpu_write_elf64_qemunote(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- void *opaque)
|
||||
+ DumpState *s)
|
||||
{
|
||||
X86CPU *cpu = X86_CPU(cs);
|
||||
|
||||
- return cpu_write_qemu_note(f, &cpu->env, opaque, 1);
|
||||
+ return cpu_write_qemu_note(f, &cpu->env, s, 1);
|
||||
}
|
||||
|
||||
int x86_cpu_write_elf32_qemunote(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- void *opaque)
|
||||
+ DumpState *s)
|
||||
{
|
||||
X86CPU *cpu = X86_CPU(cs);
|
||||
|
||||
- return cpu_write_qemu_note(f, &cpu->env, opaque, 0);
|
||||
+ return cpu_write_qemu_note(f, &cpu->env, s, 0);
|
||||
}
|
||||
|
||||
int cpu_get_dump_info(ArchDumpInfo *info,
|
||||
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
|
||||
index 006b735fe4..5d2ddd81b9 100644
|
||||
--- a/target/i386/cpu.h
|
||||
+++ b/target/i386/cpu.h
|
||||
@@ -1887,13 +1887,13 @@ extern const VMStateDescription vmstate_x86_cpu;
|
||||
int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request);
|
||||
|
||||
int x86_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
int x86_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
int x86_cpu_write_elf64_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- void *opaque);
|
||||
+ DumpState *s);
|
||||
int x86_cpu_write_elf32_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
|
||||
- void *opaque);
|
||||
+ DumpState *s);
|
||||
|
||||
void x86_cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
|
||||
Error **errp);
|
||||
diff --git a/target/ppc/arch_dump.c b/target/ppc/arch_dump.c
|
||||
index bb392f6d88..e9f512bcd4 100644
|
||||
--- a/target/ppc/arch_dump.c
|
||||
+++ b/target/ppc/arch_dump.c
|
||||
@@ -270,23 +270,23 @@ ssize_t cpu_get_note_size(int class, int machine, int nr_cpus)
|
||||
static int ppc_write_all_elf_notes(const char *note_name,
|
||||
WriteCoreDumpFunction f,
|
||||
PowerPCCPU *cpu, int id,
|
||||
- void *opaque)
|
||||
+ DumpState *s)
|
||||
{
|
||||
- NoteFuncArg arg = { .state = opaque };
|
||||
+ NoteFuncArg arg = { .state = s };
|
||||
int ret = -1;
|
||||
int note_size;
|
||||
const NoteFuncDesc *nf;
|
||||
|
||||
for (nf = note_func; nf->note_contents_func; nf++) {
|
||||
- arg.note.hdr.n_namesz = cpu_to_dump32(opaque, sizeof(arg.note.name));
|
||||
- arg.note.hdr.n_descsz = cpu_to_dump32(opaque, nf->contents_size);
|
||||
+ arg.note.hdr.n_namesz = cpu_to_dump32(s, sizeof(arg.note.name));
|
||||
+ arg.note.hdr.n_descsz = cpu_to_dump32(s, nf->contents_size);
|
||||
strncpy(arg.note.name, note_name, sizeof(arg.note.name));
|
||||
|
||||
(*nf->note_contents_func)(&arg, cpu);
|
||||
|
||||
note_size =
|
||||
sizeof(arg.note) - sizeof(arg.note.contents) + nf->contents_size;
|
||||
- ret = f(&arg.note, note_size, opaque);
|
||||
+ ret = f(&arg.note, note_size, s);
|
||||
if (ret < 0) {
|
||||
return -1;
|
||||
}
|
||||
@@ -295,15 +295,15 @@ static int ppc_write_all_elf_notes(const char *note_name,
|
||||
}
|
||||
|
||||
int ppc64_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
PowerPCCPU *cpu = POWERPC_CPU(cs);
|
||||
- return ppc_write_all_elf_notes("CORE", f, cpu, cpuid, opaque);
|
||||
+ return ppc_write_all_elf_notes("CORE", f, cpu, cpuid, s);
|
||||
}
|
||||
|
||||
int ppc32_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
PowerPCCPU *cpu = POWERPC_CPU(cs);
|
||||
- return ppc_write_all_elf_notes("CORE", f, cpu, cpuid, opaque);
|
||||
+ return ppc_write_all_elf_notes("CORE", f, cpu, cpuid, s);
|
||||
}
|
||||
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
|
||||
index 23e8b76c85..f5fb284706 100644
|
||||
--- a/target/ppc/cpu.h
|
||||
+++ b/target/ppc/cpu.h
|
||||
@@ -1289,9 +1289,9 @@ void ppc_gdb_gen_spr_xml(PowerPCCPU *cpu);
|
||||
const char *ppc_gdb_get_dynamic_xml(CPUState *cs, const char *xml_name);
|
||||
#endif
|
||||
int ppc64_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
int ppc32_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
#ifndef CONFIG_USER_ONLY
|
||||
void ppc_cpu_do_interrupt(CPUState *cpu);
|
||||
bool ppc_cpu_exec_interrupt(CPUState *cpu, int int_req);
|
||||
diff --git a/target/riscv/arch_dump.c b/target/riscv/arch_dump.c
|
||||
index 709f621d82..736a232956 100644
|
||||
--- a/target/riscv/arch_dump.c
|
||||
+++ b/target/riscv/arch_dump.c
|
||||
@@ -64,12 +64,11 @@ static void riscv64_note_init(struct riscv64_note *note, DumpState *s,
|
||||
}
|
||||
|
||||
int riscv_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
struct riscv64_note note;
|
||||
RISCVCPU *cpu = RISCV_CPU(cs);
|
||||
CPURISCVState *env = &cpu->env;
|
||||
- DumpState *s = opaque;
|
||||
int ret, i = 0;
|
||||
const char name[] = "CORE";
|
||||
|
||||
@@ -134,12 +133,11 @@ static void riscv32_note_init(struct riscv32_note *note, DumpState *s,
|
||||
}
|
||||
|
||||
int riscv_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
struct riscv32_note note;
|
||||
RISCVCPU *cpu = RISCV_CPU(cs);
|
||||
CPURISCVState *env = &cpu->env;
|
||||
- DumpState *s = opaque;
|
||||
int ret, i;
|
||||
const char name[] = "CORE";
|
||||
|
||||
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
|
||||
index 0760c0af93..4cce524b2c 100644
|
||||
--- a/target/riscv/cpu.h
|
||||
+++ b/target/riscv/cpu.h
|
||||
@@ -344,9 +344,9 @@ extern const char * const riscv_fpr_regnames[];
|
||||
const char *riscv_cpu_get_trap_name(target_ulong cause, bool async);
|
||||
void riscv_cpu_do_interrupt(CPUState *cpu);
|
||||
int riscv_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
int riscv_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
int riscv_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
|
||||
int riscv_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
|
||||
bool riscv_cpu_fp_enabled(CPURISCVState *env);
|
||||
diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c
|
||||
index 08daf93ae1..f60a14920d 100644
|
||||
--- a/target/s390x/arch_dump.c
|
||||
+++ b/target/s390x/arch_dump.c
|
||||
@@ -204,7 +204,7 @@ static const NoteFuncDesc note_linux[] = {
|
||||
static int s390x_write_elf64_notes(const char *note_name,
|
||||
WriteCoreDumpFunction f,
|
||||
S390CPU *cpu, int id,
|
||||
- void *opaque,
|
||||
+ DumpState *s,
|
||||
const NoteFuncDesc *funcs)
|
||||
{
|
||||
Note note;
|
||||
@@ -222,7 +222,7 @@ static int s390x_write_elf64_notes(const char *note_name,
|
||||
(*nf->note_contents_func)(¬e, cpu, id);
|
||||
|
||||
note_size = sizeof(note) - sizeof(note.contents) + nf->contents_size;
|
||||
- ret = f(¬e, note_size, opaque);
|
||||
+ ret = f(¬e, note_size, s);
|
||||
|
||||
if (ret < 0) {
|
||||
return -1;
|
||||
@@ -235,16 +235,16 @@ static int s390x_write_elf64_notes(const char *note_name,
|
||||
|
||||
|
||||
int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque)
|
||||
+ int cpuid, DumpState *s)
|
||||
{
|
||||
S390CPU *cpu = S390_CPU(cs);
|
||||
int r;
|
||||
|
||||
- r = s390x_write_elf64_notes("CORE", f, cpu, cpuid, opaque, note_core);
|
||||
+ r = s390x_write_elf64_notes("CORE", f, cpu, cpuid, s, note_core);
|
||||
if (r) {
|
||||
return r;
|
||||
}
|
||||
- return s390x_write_elf64_notes("LINUX", f, cpu, cpuid, opaque, note_linux);
|
||||
+ return s390x_write_elf64_notes("LINUX", f, cpu, cpuid, s, note_linux);
|
||||
}
|
||||
|
||||
int cpu_get_dump_info(ArchDumpInfo *info,
|
||||
diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
|
||||
index 1a178aed41..02cf6c3f43 100644
|
||||
--- a/target/s390x/s390x-internal.h
|
||||
+++ b/target/s390x/s390x-internal.h
|
||||
@@ -228,7 +228,7 @@ static inline hwaddr decode_basedisp_s(CPUS390XState *env, uint32_t ipb,
|
||||
|
||||
/* arch_dump.c */
|
||||
int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
|
||||
- int cpuid, void *opaque);
|
||||
+ int cpuid, DumpState *s);
|
||||
|
||||
|
||||
/* cc_helper.c */
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
From 1f7cb73592a1922b3a981eb3232098281e07679f Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:10:59 +0000
|
||||
Subject: [PATCH 27/42] dump: Rework dump_calculate_size function
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [27/41] eaa05c39109b57a119752ad3df66f4c2ace2cbe4
|
||||
|
||||
dump_calculate_size() sums up all the sizes of the guest memory
|
||||
blocks. Since we already have a function that calculates the size of a
|
||||
single memory block (dump_get_memblock_size()) we can simply iterate
|
||||
over the blocks and use the function instead of calculating the size
|
||||
ourselves.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Reviewed-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
|
||||
Message-Id: <20220811121111.9878-7-frankja@linux.ibm.com>
|
||||
(cherry picked from commit c370d5300f9ac1f90f8158082d22262b904fe30e)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 22 ++++++++--------------
|
||||
1 file changed, 8 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index f6fe13e258..902a85ef8e 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -1557,25 +1557,19 @@ bool dump_in_progress(void)
|
||||
return (qatomic_read(&state->status) == DUMP_STATUS_ACTIVE);
|
||||
}
|
||||
|
||||
-/* calculate total size of memory to be dumped (taking filter into
|
||||
- * acoount.) */
|
||||
+/*
|
||||
+ * calculate total size of memory to be dumped (taking filter into
|
||||
+ * account.)
|
||||
+ */
|
||||
static int64_t dump_calculate_size(DumpState *s)
|
||||
{
|
||||
GuestPhysBlock *block;
|
||||
- int64_t size = 0, total = 0, left = 0, right = 0;
|
||||
+ int64_t total = 0;
|
||||
|
||||
QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
- if (dump_has_filter(s)) {
|
||||
- /* calculate the overlapped region. */
|
||||
- left = MAX(s->filter_area_begin, block->target_start);
|
||||
- right = MIN(s->filter_area_begin + s->filter_area_length, block->target_end);
|
||||
- size = right - left;
|
||||
- size = size > 0 ? size : 0;
|
||||
- } else {
|
||||
- /* count the whole region in */
|
||||
- size = (block->target_end - block->target_start);
|
||||
- }
|
||||
- total += size;
|
||||
+ total += dump_filtered_memblock_size(block,
|
||||
+ s->filter_area_begin,
|
||||
+ s->filter_area_length);
|
||||
}
|
||||
|
||||
return total;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,187 @@
|
|||
From 411f5354b809f6b783946e58d7655135814fb809 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:10:58 +0000
|
||||
Subject: [PATCH 26/42] dump: Rework filter area variables
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [26/41] f10a5523dfd2724f7a8637fca3ed68ba6df659a5
|
||||
|
||||
While the DumpState begin and length variables directly mirror the API
|
||||
variable names they are not very descriptive. So let's add a
|
||||
"filter_area_" prefix and make has_filter a function checking length > 0.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220811121111.9878-6-frankja@linux.ibm.com>
|
||||
(cherry picked from commit dddf725f70bfe7f5adb41fa31dbd06e767271bda)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 53 +++++++++++++++++++++++++------------------
|
||||
include/sysemu/dump.h | 13 ++++++++---
|
||||
2 files changed, 41 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index e6aa037f59..f6fe13e258 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -60,6 +60,11 @@ static inline bool dump_is_64bit(DumpState *s)
|
||||
return s->dump_info.d_class == ELFCLASS64;
|
||||
}
|
||||
|
||||
+static inline bool dump_has_filter(DumpState *s)
|
||||
+{
|
||||
+ return s->filter_area_length > 0;
|
||||
+}
|
||||
+
|
||||
uint16_t cpu_to_dump16(DumpState *s, uint16_t val)
|
||||
{
|
||||
if (s->dump_info.d_endian == ELFDATA2LSB) {
|
||||
@@ -444,29 +449,30 @@ static void get_offset_range(hwaddr phys_addr,
|
||||
*p_offset = -1;
|
||||
*p_filesz = 0;
|
||||
|
||||
- if (s->has_filter) {
|
||||
- if (phys_addr < s->begin || phys_addr >= s->begin + s->length) {
|
||||
+ if (dump_has_filter(s)) {
|
||||
+ if (phys_addr < s->filter_area_begin ||
|
||||
+ phys_addr >= s->filter_area_begin + s->filter_area_length) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
- if (s->has_filter) {
|
||||
- if (block->target_start >= s->begin + s->length ||
|
||||
- block->target_end <= s->begin) {
|
||||
+ if (dump_has_filter(s)) {
|
||||
+ if (block->target_start >= s->filter_area_begin + s->filter_area_length ||
|
||||
+ block->target_end <= s->filter_area_begin) {
|
||||
/* This block is out of the range */
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (s->begin <= block->target_start) {
|
||||
+ if (s->filter_area_begin <= block->target_start) {
|
||||
start = block->target_start;
|
||||
} else {
|
||||
- start = s->begin;
|
||||
+ start = s->filter_area_begin;
|
||||
}
|
||||
|
||||
size_in_block = block->target_end - start;
|
||||
- if (s->begin + s->length < block->target_end) {
|
||||
- size_in_block -= block->target_end - (s->begin + s->length);
|
||||
+ if (s->filter_area_begin + s->filter_area_length < block->target_end) {
|
||||
+ size_in_block -= block->target_end - (s->filter_area_begin + s->filter_area_length);
|
||||
}
|
||||
} else {
|
||||
start = block->target_start;
|
||||
@@ -639,12 +645,12 @@ static void dump_iterate(DumpState *s, Error **errp)
|
||||
int64_t memblock_size, memblock_start;
|
||||
|
||||
QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
- memblock_start = dump_filtered_memblock_start(block, s->begin, s->length);
|
||||
+ memblock_start = dump_filtered_memblock_start(block, s->filter_area_begin, s->filter_area_length);
|
||||
if (memblock_start == -1) {
|
||||
continue;
|
||||
}
|
||||
|
||||
- memblock_size = dump_filtered_memblock_size(block, s->begin, s->length);
|
||||
+ memblock_size = dump_filtered_memblock_size(block, s->filter_area_begin, s->filter_area_length);
|
||||
|
||||
/* Write the memory to file */
|
||||
write_memory(s, block, memblock_start, memblock_size, errp);
|
||||
@@ -1513,14 +1519,14 @@ static int validate_start_block(DumpState *s)
|
||||
{
|
||||
GuestPhysBlock *block;
|
||||
|
||||
- if (!s->has_filter) {
|
||||
+ if (!dump_has_filter(s)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
/* This block is out of the range */
|
||||
- if (block->target_start >= s->begin + s->length ||
|
||||
- block->target_end <= s->begin) {
|
||||
+ if (block->target_start >= s->filter_area_begin + s->filter_area_length ||
|
||||
+ block->target_end <= s->filter_area_begin) {
|
||||
continue;
|
||||
}
|
||||
return 0;
|
||||
@@ -1559,10 +1565,10 @@ static int64_t dump_calculate_size(DumpState *s)
|
||||
int64_t size = 0, total = 0, left = 0, right = 0;
|
||||
|
||||
QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
- if (s->has_filter) {
|
||||
+ if (dump_has_filter(s)) {
|
||||
/* calculate the overlapped region. */
|
||||
- left = MAX(s->begin, block->target_start);
|
||||
- right = MIN(s->begin + s->length, block->target_end);
|
||||
+ left = MAX(s->filter_area_begin, block->target_start);
|
||||
+ right = MIN(s->filter_area_begin + s->filter_area_length, block->target_end);
|
||||
size = right - left;
|
||||
size = size > 0 ? size : 0;
|
||||
} else {
|
||||
@@ -1652,9 +1658,12 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
|
||||
s->fd = fd;
|
||||
- s->has_filter = has_filter;
|
||||
- s->begin = begin;
|
||||
- s->length = length;
|
||||
+ if (has_filter && !length) {
|
||||
+ error_setg(errp, QERR_INVALID_PARAMETER, "length");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ s->filter_area_begin = begin;
|
||||
+ s->filter_area_length = length;
|
||||
|
||||
memory_mapping_list_init(&s->list);
|
||||
|
||||
@@ -1787,8 +1796,8 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
return;
|
||||
}
|
||||
|
||||
- if (s->has_filter) {
|
||||
- memory_mapping_filter(&s->list, s->begin, s->length);
|
||||
+ if (dump_has_filter(s)) {
|
||||
+ memory_mapping_filter(&s->list, s->filter_area_begin, s->filter_area_length);
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index 7fce1d4af6..b62513d87d 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -166,9 +166,16 @@ typedef struct DumpState {
|
||||
hwaddr memory_offset;
|
||||
int fd;
|
||||
|
||||
- bool has_filter;
|
||||
- int64_t begin;
|
||||
- int64_t length;
|
||||
+ /*
|
||||
+ * Dump filter area variables
|
||||
+ *
|
||||
+ * A filtered dump only contains the guest memory designated by
|
||||
+ * the start address and length variables defined below.
|
||||
+ *
|
||||
+ * If length is 0, no filtering is applied.
|
||||
+ */
|
||||
+ int64_t filter_area_begin; /* Start address of partial guest memory area */
|
||||
+ int64_t filter_area_length; /* Length of partial guest memory area */
|
||||
|
||||
uint8_t *note_buf; /* buffer for notes */
|
||||
size_t note_buf_offset; /* the writing place in note_buf */
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,102 @@
|
|||
From b56c362132baef40cc25d910c1e0d217d83cfe44 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:10:57 +0000
|
||||
Subject: [PATCH 25/42] dump: Rework get_start_block
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [25/41] c93842a1aaeadcc11e91c194452fcd05d163b3ca
|
||||
|
||||
get_start_block() returns the start address of the first memory block
|
||||
or -1.
|
||||
|
||||
With the GuestPhysBlock iterator conversion we don't need to set the
|
||||
start address and can therefore remove that code and the "start"
|
||||
DumpState struct member. The only functionality left is the validation
|
||||
of the start block so it only makes sense to re-name the function to
|
||||
validate_start_block()
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Reviewed-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
|
||||
Message-Id: <20220811121111.9878-5-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 0c2994ac9009577b967529ce18e269da5b280351)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 20 ++++++--------------
|
||||
include/sysemu/dump.h | 2 --
|
||||
2 files changed, 6 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index d981e843dd..e6aa037f59 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -1509,30 +1509,22 @@ static void create_kdump_vmcore(DumpState *s, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
-static ram_addr_t get_start_block(DumpState *s)
|
||||
+static int validate_start_block(DumpState *s)
|
||||
{
|
||||
GuestPhysBlock *block;
|
||||
|
||||
if (!s->has_filter) {
|
||||
- s->next_block = QTAILQ_FIRST(&s->guest_phys_blocks.head);
|
||||
return 0;
|
||||
}
|
||||
|
||||
QTAILQ_FOREACH(block, &s->guest_phys_blocks.head, next) {
|
||||
+ /* This block is out of the range */
|
||||
if (block->target_start >= s->begin + s->length ||
|
||||
block->target_end <= s->begin) {
|
||||
- /* This block is out of the range */
|
||||
continue;
|
||||
}
|
||||
-
|
||||
- s->next_block = block;
|
||||
- if (s->begin > block->target_start) {
|
||||
- s->start = s->begin - block->target_start;
|
||||
- } else {
|
||||
- s->start = 0;
|
||||
- }
|
||||
- return s->start;
|
||||
- }
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
return -1;
|
||||
}
|
||||
@@ -1679,8 +1671,8 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- s->start = get_start_block(s);
|
||||
- if (s->start == -1) {
|
||||
+ /* Is the filter filtering everything? */
|
||||
+ if (validate_start_block(s) == -1) {
|
||||
error_setg(errp, QERR_INVALID_PARAMETER, "begin");
|
||||
goto cleanup;
|
||||
}
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index ffc2ea1072..7fce1d4af6 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -166,8 +166,6 @@ typedef struct DumpState {
|
||||
hwaddr memory_offset;
|
||||
int fd;
|
||||
|
||||
- GuestPhysBlock *next_block;
|
||||
- ram_addr_t start;
|
||||
bool has_filter;
|
||||
int64_t begin;
|
||||
int64_t length;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,173 @@
|
|||
From d1e147a3133d4d31d4b0c02c05916366fadd9c30 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Thu, 11 Aug 2022 12:11:00 +0000
|
||||
Subject: [PATCH 28/42] dump: Split elf header functions into prepare and write
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [28/41] f70a13ad443835e7f46b7c5e176e372d370ac797
|
||||
|
||||
Let's split the write from the modification of the elf header so we
|
||||
can consolidate the write of the data in one function.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220811121111.9878-8-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 670e76998a61ca171200fcded3865b294a2d1243)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 100 ++++++++++++++++++++++++++++------------------------
|
||||
1 file changed, 53 insertions(+), 47 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 902a85ef8e..8d5226f861 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -132,7 +132,7 @@ static int fd_write_vmcore(const void *buf, size_t size, void *opaque)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void write_elf64_header(DumpState *s, Error **errp)
|
||||
+static void prepare_elf64_header(DumpState *s, Elf64_Ehdr *elf_header)
|
||||
{
|
||||
/*
|
||||
* phnum in the elf header is 16 bit, if we have more segments we
|
||||
@@ -140,34 +140,27 @@ static void write_elf64_header(DumpState *s, Error **errp)
|
||||
* special section.
|
||||
*/
|
||||
uint16_t phnum = MIN(s->phdr_num, PN_XNUM);
|
||||
- Elf64_Ehdr elf_header;
|
||||
- int ret;
|
||||
|
||||
- memset(&elf_header, 0, sizeof(Elf64_Ehdr));
|
||||
- memcpy(&elf_header, ELFMAG, SELFMAG);
|
||||
- elf_header.e_ident[EI_CLASS] = ELFCLASS64;
|
||||
- elf_header.e_ident[EI_DATA] = s->dump_info.d_endian;
|
||||
- elf_header.e_ident[EI_VERSION] = EV_CURRENT;
|
||||
- elf_header.e_type = cpu_to_dump16(s, ET_CORE);
|
||||
- elf_header.e_machine = cpu_to_dump16(s, s->dump_info.d_machine);
|
||||
- elf_header.e_version = cpu_to_dump32(s, EV_CURRENT);
|
||||
- elf_header.e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
- elf_header.e_phoff = cpu_to_dump64(s, s->phdr_offset);
|
||||
- elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
|
||||
- elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
+ memset(elf_header, 0, sizeof(Elf64_Ehdr));
|
||||
+ memcpy(elf_header, ELFMAG, SELFMAG);
|
||||
+ elf_header->e_ident[EI_CLASS] = ELFCLASS64;
|
||||
+ elf_header->e_ident[EI_DATA] = s->dump_info.d_endian;
|
||||
+ elf_header->e_ident[EI_VERSION] = EV_CURRENT;
|
||||
+ elf_header->e_type = cpu_to_dump16(s, ET_CORE);
|
||||
+ elf_header->e_machine = cpu_to_dump16(s, s->dump_info.d_machine);
|
||||
+ elf_header->e_version = cpu_to_dump32(s, EV_CURRENT);
|
||||
+ elf_header->e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
+ elf_header->e_phoff = cpu_to_dump64(s, s->phdr_offset);
|
||||
+ elf_header->e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
|
||||
+ elf_header->e_phnum = cpu_to_dump16(s, phnum);
|
||||
if (s->shdr_num) {
|
||||
- elf_header.e_shoff = cpu_to_dump64(s, s->shdr_offset);
|
||||
- elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
- elf_header.e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
- }
|
||||
-
|
||||
- ret = fd_write_vmcore(&elf_header, sizeof(elf_header), s);
|
||||
- if (ret < 0) {
|
||||
- error_setg_errno(errp, -ret, "dump: failed to write elf header");
|
||||
+ elf_header->e_shoff = cpu_to_dump64(s, s->shdr_offset);
|
||||
+ elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
|
||||
+ elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
}
|
||||
}
|
||||
|
||||
-static void write_elf32_header(DumpState *s, Error **errp)
|
||||
+static void prepare_elf32_header(DumpState *s, Elf32_Ehdr *elf_header)
|
||||
{
|
||||
/*
|
||||
* phnum in the elf header is 16 bit, if we have more segments we
|
||||
@@ -175,28 +168,45 @@ static void write_elf32_header(DumpState *s, Error **errp)
|
||||
* special section.
|
||||
*/
|
||||
uint16_t phnum = MIN(s->phdr_num, PN_XNUM);
|
||||
- Elf32_Ehdr elf_header;
|
||||
- int ret;
|
||||
|
||||
- memset(&elf_header, 0, sizeof(Elf32_Ehdr));
|
||||
- memcpy(&elf_header, ELFMAG, SELFMAG);
|
||||
- elf_header.e_ident[EI_CLASS] = ELFCLASS32;
|
||||
- elf_header.e_ident[EI_DATA] = s->dump_info.d_endian;
|
||||
- elf_header.e_ident[EI_VERSION] = EV_CURRENT;
|
||||
- elf_header.e_type = cpu_to_dump16(s, ET_CORE);
|
||||
- elf_header.e_machine = cpu_to_dump16(s, s->dump_info.d_machine);
|
||||
- elf_header.e_version = cpu_to_dump32(s, EV_CURRENT);
|
||||
- elf_header.e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
- elf_header.e_phoff = cpu_to_dump32(s, s->phdr_offset);
|
||||
- elf_header.e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
|
||||
- elf_header.e_phnum = cpu_to_dump16(s, phnum);
|
||||
+ memset(elf_header, 0, sizeof(Elf32_Ehdr));
|
||||
+ memcpy(elf_header, ELFMAG, SELFMAG);
|
||||
+ elf_header->e_ident[EI_CLASS] = ELFCLASS32;
|
||||
+ elf_header->e_ident[EI_DATA] = s->dump_info.d_endian;
|
||||
+ elf_header->e_ident[EI_VERSION] = EV_CURRENT;
|
||||
+ elf_header->e_type = cpu_to_dump16(s, ET_CORE);
|
||||
+ elf_header->e_machine = cpu_to_dump16(s, s->dump_info.d_machine);
|
||||
+ elf_header->e_version = cpu_to_dump32(s, EV_CURRENT);
|
||||
+ elf_header->e_ehsize = cpu_to_dump16(s, sizeof(elf_header));
|
||||
+ elf_header->e_phoff = cpu_to_dump32(s, s->phdr_offset);
|
||||
+ elf_header->e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
|
||||
+ elf_header->e_phnum = cpu_to_dump16(s, phnum);
|
||||
if (s->shdr_num) {
|
||||
- elf_header.e_shoff = cpu_to_dump32(s, s->shdr_offset);
|
||||
- elf_header.e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
- elf_header.e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
+ elf_header->e_shoff = cpu_to_dump32(s, s->shdr_offset);
|
||||
+ elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
|
||||
+ elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
|
||||
}
|
||||
+}
|
||||
|
||||
- ret = fd_write_vmcore(&elf_header, sizeof(elf_header), s);
|
||||
+static void write_elf_header(DumpState *s, Error **errp)
|
||||
+{
|
||||
+ Elf32_Ehdr elf32_header;
|
||||
+ Elf64_Ehdr elf64_header;
|
||||
+ size_t header_size;
|
||||
+ void *header_ptr;
|
||||
+ int ret;
|
||||
+
|
||||
+ if (dump_is_64bit(s)) {
|
||||
+ prepare_elf64_header(s, &elf64_header);
|
||||
+ header_size = sizeof(elf64_header);
|
||||
+ header_ptr = &elf64_header;
|
||||
+ } else {
|
||||
+ prepare_elf32_header(s, &elf32_header);
|
||||
+ header_size = sizeof(elf32_header);
|
||||
+ header_ptr = &elf32_header;
|
||||
+ }
|
||||
+
|
||||
+ ret = fd_write_vmcore(header_ptr, header_size, s);
|
||||
if (ret < 0) {
|
||||
error_setg_errno(errp, -ret, "dump: failed to write elf header");
|
||||
}
|
||||
@@ -565,11 +575,7 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
*/
|
||||
|
||||
/* write elf header to vmcore */
|
||||
- if (dump_is_64bit(s)) {
|
||||
- write_elf64_header(s, errp);
|
||||
- } else {
|
||||
- write_elf32_header(s, errp);
|
||||
- }
|
||||
+ write_elf_header(s, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,420 @@
|
|||
From 4ca61efe246d62d420eb332655c0c8ead4cc762b Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Wed, 30 Mar 2022 12:35:55 +0000
|
||||
Subject: [PATCH 13/42] dump: Use ERRP_GUARD()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [13/41] f735cd1dab0230000cfadd878765fdf4647b239c
|
||||
|
||||
Let's move to the new way of handling errors before changing the dump
|
||||
code. This patch has mostly been generated by the coccinelle script
|
||||
scripts/coccinelle/errp-guard.cocci.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20220330123603.107120-2-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 86a518bba4f4d7c9016fc5b104fe1e58b00ad756)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 144 ++++++++++++++++++++++------------------------------
|
||||
1 file changed, 61 insertions(+), 83 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 662d0a62cd..9876123f2e 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -390,23 +390,21 @@ static void write_data(DumpState *s, void *buf, int length, Error **errp)
|
||||
static void write_memory(DumpState *s, GuestPhysBlock *block, ram_addr_t start,
|
||||
int64_t size, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
int64_t i;
|
||||
- Error *local_err = NULL;
|
||||
|
||||
for (i = 0; i < size / s->dump_info.page_size; i++) {
|
||||
write_data(s, block->host_addr + start + i * s->dump_info.page_size,
|
||||
- s->dump_info.page_size, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ s->dump_info.page_size, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ((size % s->dump_info.page_size) != 0) {
|
||||
write_data(s, block->host_addr + start + i * s->dump_info.page_size,
|
||||
- size % s->dump_info.page_size, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ size % s->dump_info.page_size, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
@@ -476,11 +474,11 @@ static void get_offset_range(hwaddr phys_addr,
|
||||
|
||||
static void write_elf_loads(DumpState *s, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
hwaddr offset, filesz;
|
||||
MemoryMapping *memory_mapping;
|
||||
uint32_t phdr_index = 1;
|
||||
uint32_t max_index;
|
||||
- Error *local_err = NULL;
|
||||
|
||||
if (s->have_section) {
|
||||
max_index = s->sh_info;
|
||||
@@ -494,14 +492,13 @@ static void write_elf_loads(DumpState *s, Error **errp)
|
||||
s, &offset, &filesz);
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
write_elf64_load(s, memory_mapping, phdr_index++, offset,
|
||||
- filesz, &local_err);
|
||||
+ filesz, errp);
|
||||
} else {
|
||||
write_elf32_load(s, memory_mapping, phdr_index++, offset,
|
||||
- filesz, &local_err);
|
||||
+ filesz, errp);
|
||||
}
|
||||
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -514,7 +511,7 @@ static void write_elf_loads(DumpState *s, Error **errp)
|
||||
/* write elf header, PT_NOTE and elf note to vmcore. */
|
||||
static void dump_begin(DumpState *s, Error **errp)
|
||||
{
|
||||
- Error *local_err = NULL;
|
||||
+ ERRP_GUARD();
|
||||
|
||||
/*
|
||||
* the vmcore's format is:
|
||||
@@ -542,73 +539,64 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
|
||||
/* write elf header to vmcore */
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
- write_elf64_header(s, &local_err);
|
||||
+ write_elf64_header(s, errp);
|
||||
} else {
|
||||
- write_elf32_header(s, &local_err);
|
||||
+ write_elf32_header(s, errp);
|
||||
}
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (s->dump_info.d_class == ELFCLASS64) {
|
||||
/* write PT_NOTE to vmcore */
|
||||
- write_elf64_note(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf64_note(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* write all PT_LOAD to vmcore */
|
||||
- write_elf_loads(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf_loads(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* write section to vmcore */
|
||||
if (s->have_section) {
|
||||
- write_elf_section(s, 1, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf_section(s, 1, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* write notes to vmcore */
|
||||
- write_elf64_notes(fd_write_vmcore, s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf64_notes(fd_write_vmcore, s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
/* write PT_NOTE to vmcore */
|
||||
- write_elf32_note(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf32_note(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* write all PT_LOAD to vmcore */
|
||||
- write_elf_loads(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf_loads(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* write section to vmcore */
|
||||
if (s->have_section) {
|
||||
- write_elf_section(s, 0, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf_section(s, 0, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* write notes to vmcore */
|
||||
- write_elf32_notes(fd_write_vmcore, s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf32_notes(fd_write_vmcore, s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
@@ -644,9 +632,9 @@ static int get_next_block(DumpState *s, GuestPhysBlock *block)
|
||||
/* write all memory to vmcore */
|
||||
static void dump_iterate(DumpState *s, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
GuestPhysBlock *block;
|
||||
int64_t size;
|
||||
- Error *local_err = NULL;
|
||||
|
||||
do {
|
||||
block = s->next_block;
|
||||
@@ -658,9 +646,8 @@ static void dump_iterate(DumpState *s, Error **errp)
|
||||
size -= block->target_end - (s->begin + s->length);
|
||||
}
|
||||
}
|
||||
- write_memory(s, block, s->start, size, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_memory(s, block, s->start, size, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -669,11 +656,10 @@ static void dump_iterate(DumpState *s, Error **errp)
|
||||
|
||||
static void create_vmcore(DumpState *s, Error **errp)
|
||||
{
|
||||
- Error *local_err = NULL;
|
||||
+ ERRP_GUARD();
|
||||
|
||||
- dump_begin(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ dump_begin(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -810,6 +796,7 @@ static bool note_name_equal(DumpState *s,
|
||||
/* write common header, sub header and elf note to vmcore */
|
||||
static void create_header32(DumpState *s, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
DiskDumpHeader32 *dh = NULL;
|
||||
KdumpSubHeader32 *kh = NULL;
|
||||
size_t size;
|
||||
@@ -818,7 +805,6 @@ static void create_header32(DumpState *s, Error **errp)
|
||||
uint32_t bitmap_blocks;
|
||||
uint32_t status = 0;
|
||||
uint64_t offset_note;
|
||||
- Error *local_err = NULL;
|
||||
|
||||
/* write common header, the version of kdump-compressed format is 6th */
|
||||
size = sizeof(DiskDumpHeader32);
|
||||
@@ -894,9 +880,8 @@ static void create_header32(DumpState *s, Error **errp)
|
||||
s->note_buf_offset = 0;
|
||||
|
||||
/* use s->note_buf to store notes temporarily */
|
||||
- write_elf32_notes(buf_write_note, s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf32_notes(buf_write_note, s, errp);
|
||||
+ if (*errp) {
|
||||
goto out;
|
||||
}
|
||||
if (write_buffer(s->fd, offset_note, s->note_buf,
|
||||
@@ -922,6 +907,7 @@ out:
|
||||
/* write common header, sub header and elf note to vmcore */
|
||||
static void create_header64(DumpState *s, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
DiskDumpHeader64 *dh = NULL;
|
||||
KdumpSubHeader64 *kh = NULL;
|
||||
size_t size;
|
||||
@@ -930,7 +916,6 @@ static void create_header64(DumpState *s, Error **errp)
|
||||
uint32_t bitmap_blocks;
|
||||
uint32_t status = 0;
|
||||
uint64_t offset_note;
|
||||
- Error *local_err = NULL;
|
||||
|
||||
/* write common header, the version of kdump-compressed format is 6th */
|
||||
size = sizeof(DiskDumpHeader64);
|
||||
@@ -1006,9 +991,8 @@ static void create_header64(DumpState *s, Error **errp)
|
||||
s->note_buf_offset = 0;
|
||||
|
||||
/* use s->note_buf to store notes temporarily */
|
||||
- write_elf64_notes(buf_write_note, s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_elf64_notes(buf_write_note, s, errp);
|
||||
+ if (*errp) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
@@ -1472,8 +1456,8 @@ out:
|
||||
|
||||
static void create_kdump_vmcore(DumpState *s, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
int ret;
|
||||
- Error *local_err = NULL;
|
||||
|
||||
/*
|
||||
* the kdump-compressed format is:
|
||||
@@ -1503,21 +1487,18 @@ static void create_kdump_vmcore(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- write_dump_header(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_dump_header(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
- write_dump_bitmap(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_dump_bitmap(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
- write_dump_pages(s, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ write_dump_pages(s, errp);
|
||||
+ if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1647,10 +1628,10 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
DumpGuestMemoryFormat format, bool paging, bool has_filter,
|
||||
int64_t begin, int64_t length, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
VMCoreInfoState *vmci = vmcoreinfo_find();
|
||||
CPUState *cpu;
|
||||
int nr_cpus;
|
||||
- Error *err = NULL;
|
||||
int ret;
|
||||
|
||||
s->has_format = has_format;
|
||||
@@ -1769,9 +1750,8 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
|
||||
/* get memory mapping */
|
||||
if (paging) {
|
||||
- qemu_get_guest_memory_mapping(&s->list, &s->guest_phys_blocks, &err);
|
||||
- if (err != NULL) {
|
||||
- error_propagate(errp, err);
|
||||
+ qemu_get_guest_memory_mapping(&s->list, &s->guest_phys_blocks, errp);
|
||||
+ if (*errp) {
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
@@ -1870,33 +1850,32 @@ cleanup:
|
||||
/* this operation might be time consuming. */
|
||||
static void dump_process(DumpState *s, Error **errp)
|
||||
{
|
||||
- Error *local_err = NULL;
|
||||
+ ERRP_GUARD();
|
||||
DumpQueryResult *result = NULL;
|
||||
|
||||
if (s->has_format && s->format == DUMP_GUEST_MEMORY_FORMAT_WIN_DMP) {
|
||||
#ifdef TARGET_X86_64
|
||||
- create_win_dump(s, &local_err);
|
||||
+ create_win_dump(s, errp);
|
||||
#endif
|
||||
} else if (s->has_format && s->format != DUMP_GUEST_MEMORY_FORMAT_ELF) {
|
||||
- create_kdump_vmcore(s, &local_err);
|
||||
+ create_kdump_vmcore(s, errp);
|
||||
} else {
|
||||
- create_vmcore(s, &local_err);
|
||||
+ create_vmcore(s, errp);
|
||||
}
|
||||
|
||||
/* make sure status is written after written_size updates */
|
||||
smp_wmb();
|
||||
qatomic_set(&s->status,
|
||||
- (local_err ? DUMP_STATUS_FAILED : DUMP_STATUS_COMPLETED));
|
||||
+ (*errp ? DUMP_STATUS_FAILED : DUMP_STATUS_COMPLETED));
|
||||
|
||||
/* send DUMP_COMPLETED message (unconditionally) */
|
||||
result = qmp_query_dump(NULL);
|
||||
/* should never fail */
|
||||
assert(result);
|
||||
- qapi_event_send_dump_completed(result, !!local_err, (local_err ?
|
||||
- error_get_pretty(local_err) : NULL));
|
||||
+ qapi_event_send_dump_completed(result, !!*errp, (*errp ?
|
||||
+ error_get_pretty(*errp) : NULL));
|
||||
qapi_free_DumpQueryResult(result);
|
||||
|
||||
- error_propagate(errp, local_err);
|
||||
dump_cleanup(s);
|
||||
}
|
||||
|
||||
@@ -1925,10 +1904,10 @@ void qmp_dump_guest_memory(bool paging, const char *file,
|
||||
int64_t length, bool has_format,
|
||||
DumpGuestMemoryFormat format, Error **errp)
|
||||
{
|
||||
+ ERRP_GUARD();
|
||||
const char *p;
|
||||
int fd = -1;
|
||||
DumpState *s;
|
||||
- Error *local_err = NULL;
|
||||
bool detach_p = false;
|
||||
|
||||
if (runstate_check(RUN_STATE_INMIGRATE)) {
|
||||
@@ -2028,9 +2007,8 @@ void qmp_dump_guest_memory(bool paging, const char *file,
|
||||
dump_state_prepare(s);
|
||||
|
||||
dump_init(s, fd, has_format, format, paging, has_begin,
|
||||
- begin, length, &local_err);
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ begin, length, errp);
|
||||
+ if (*errp) {
|
||||
qatomic_set(&s->status, DUMP_STATUS_FAILED);
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,150 @@
|
|||
From a918c7305ec7c68e8bc37b449f71e75d84124cd0 Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Mon, 17 Oct 2022 08:38:13 +0000
|
||||
Subject: [PATCH 32/42] dump: Use a buffer for ELF section data and headers
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [32/41] e1a03e202e67764581e486f37e13e479200e5846
|
||||
|
||||
Currently we're writing the NULL section header if we overflow the
|
||||
physical header number in the ELF header. But in the future we'll add
|
||||
custom section headers AND section data.
|
||||
|
||||
To facilitate this we need to rearange section handling a bit. As with
|
||||
the other ELF headers we split the code into a prepare and a write
|
||||
step.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20221017083822.43118-2-frankja@linux.ibm.com>
|
||||
(cherry picked from commit e41ed29bcee5cb16715317bcf290f6b5c196eb0a)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 75 +++++++++++++++++++++++++++++--------------
|
||||
include/sysemu/dump.h | 2 ++
|
||||
2 files changed, 53 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 88177fa886..4142b4cc0c 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -381,31 +381,60 @@ static void write_elf_phdr_note(DumpState *s, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
-static void write_elf_section(DumpState *s, int type, Error **errp)
|
||||
+static void prepare_elf_section_hdr_zero(DumpState *s)
|
||||
{
|
||||
- Elf32_Shdr shdr32;
|
||||
- Elf64_Shdr shdr64;
|
||||
- int shdr_size;
|
||||
- void *shdr;
|
||||
- int ret;
|
||||
+ if (dump_is_64bit(s)) {
|
||||
+ Elf64_Shdr *shdr64 = s->elf_section_hdrs;
|
||||
|
||||
- if (type == 0) {
|
||||
- shdr_size = sizeof(Elf32_Shdr);
|
||||
- memset(&shdr32, 0, shdr_size);
|
||||
- shdr32.sh_info = cpu_to_dump32(s, s->phdr_num);
|
||||
- shdr = &shdr32;
|
||||
+ shdr64->sh_info = cpu_to_dump32(s, s->phdr_num);
|
||||
} else {
|
||||
- shdr_size = sizeof(Elf64_Shdr);
|
||||
- memset(&shdr64, 0, shdr_size);
|
||||
- shdr64.sh_info = cpu_to_dump32(s, s->phdr_num);
|
||||
- shdr = &shdr64;
|
||||
+ Elf32_Shdr *shdr32 = s->elf_section_hdrs;
|
||||
+
|
||||
+ shdr32->sh_info = cpu_to_dump32(s, s->phdr_num);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void prepare_elf_section_hdrs(DumpState *s)
|
||||
+{
|
||||
+ size_t len, sizeof_shdr;
|
||||
+
|
||||
+ /*
|
||||
+ * Section ordering:
|
||||
+ * - HDR zero
|
||||
+ */
|
||||
+ sizeof_shdr = dump_is_64bit(s) ? sizeof(Elf64_Shdr) : sizeof(Elf32_Shdr);
|
||||
+ len = sizeof_shdr * s->shdr_num;
|
||||
+ s->elf_section_hdrs = g_malloc0(len);
|
||||
+
|
||||
+ /*
|
||||
+ * The first section header is ALWAYS a special initial section
|
||||
+ * header.
|
||||
+ *
|
||||
+ * The header should be 0 with one exception being that if
|
||||
+ * phdr_num is PN_XNUM then the sh_info field contains the real
|
||||
+ * number of segment entries.
|
||||
+ *
|
||||
+ * As we zero allocate the buffer we will only need to modify
|
||||
+ * sh_info for the PN_XNUM case.
|
||||
+ */
|
||||
+ if (s->phdr_num >= PN_XNUM) {
|
||||
+ prepare_elf_section_hdr_zero(s);
|
||||
}
|
||||
+}
|
||||
|
||||
- ret = fd_write_vmcore(shdr, shdr_size, s);
|
||||
+static void write_elf_section_headers(DumpState *s, Error **errp)
|
||||
+{
|
||||
+ size_t sizeof_shdr = dump_is_64bit(s) ? sizeof(Elf64_Shdr) : sizeof(Elf32_Shdr);
|
||||
+ int ret;
|
||||
+
|
||||
+ prepare_elf_section_hdrs(s);
|
||||
+
|
||||
+ ret = fd_write_vmcore(s->elf_section_hdrs, s->shdr_num * sizeof_shdr, s);
|
||||
if (ret < 0) {
|
||||
- error_setg_errno(errp, -ret,
|
||||
- "dump: failed to write section header table");
|
||||
+ error_setg_errno(errp, -ret, "dump: failed to write section headers");
|
||||
}
|
||||
+
|
||||
+ g_free(s->elf_section_hdrs);
|
||||
}
|
||||
|
||||
static void write_data(DumpState *s, void *buf, int length, Error **errp)
|
||||
@@ -592,12 +621,10 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- /* write section to vmcore */
|
||||
- if (s->shdr_num) {
|
||||
- write_elf_section(s, 1, errp);
|
||||
- if (*errp) {
|
||||
- return;
|
||||
- }
|
||||
+ /* write section headers to vmcore */
|
||||
+ write_elf_section_headers(s, errp);
|
||||
+ if (*errp) {
|
||||
+ return;
|
||||
}
|
||||
|
||||
/* write notes to vmcore */
|
||||
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
|
||||
index b62513d87d..9995f65dc8 100644
|
||||
--- a/include/sysemu/dump.h
|
||||
+++ b/include/sysemu/dump.h
|
||||
@@ -177,6 +177,8 @@ typedef struct DumpState {
|
||||
int64_t filter_area_begin; /* Start address of partial guest memory area */
|
||||
int64_t filter_area_length; /* Length of partial guest memory area */
|
||||
|
||||
+ void *elf_section_hdrs; /* Pointer to section header buffer */
|
||||
+
|
||||
uint8_t *note_buf; /* buffer for notes */
|
||||
size_t note_buf_offset; /* the writing place in note_buf */
|
||||
uint32_t nr_cpus; /* number of guest's cpu */
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,104 @@
|
|||
From 987ede93fa4e3d058acddc19874e467faa116ede Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Mon, 17 Oct 2022 08:38:14 +0000
|
||||
Subject: [PATCH 33/42] dump: Write ELF section headers right after ELF header
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [33/41] e956040753533ac376e9763145192de1e216027d
|
||||
|
||||
Let's start bundling the writes of the headers and of the data so we
|
||||
have a clear ordering between them. Since the ELF header uses offsets
|
||||
to the headers we can freely order them.
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-Id: <20221017083822.43118-3-frankja@linux.ibm.com>
|
||||
(cherry picked from commit cb415fd61e48d52f81dcf38956e3f913651cff1c)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 31 ++++++++++++++-----------------
|
||||
1 file changed, 14 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 4142b4cc0c..d17537d4e9 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -584,6 +584,8 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
* --------------
|
||||
* | elf header |
|
||||
* --------------
|
||||
+ * | sctn_hdr |
|
||||
+ * --------------
|
||||
* | PT_NOTE |
|
||||
* --------------
|
||||
* | PT_LOAD |
|
||||
@@ -592,8 +594,6 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
* --------------
|
||||
* | PT_LOAD |
|
||||
* --------------
|
||||
- * | sec_hdr |
|
||||
- * --------------
|
||||
* | elf note |
|
||||
* --------------
|
||||
* | memory |
|
||||
@@ -609,20 +609,20 @@ static void dump_begin(DumpState *s, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- /* write PT_NOTE to vmcore */
|
||||
- write_elf_phdr_note(s, errp);
|
||||
+ /* write section headers to vmcore */
|
||||
+ write_elf_section_headers(s, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
- /* write all PT_LOADs to vmcore */
|
||||
- write_elf_phdr_loads(s, errp);
|
||||
+ /* write PT_NOTE to vmcore */
|
||||
+ write_elf_phdr_note(s, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
|
||||
- /* write section headers to vmcore */
|
||||
- write_elf_section_headers(s, errp);
|
||||
+ /* write all PT_LOADs to vmcore */
|
||||
+ write_elf_phdr_loads(s, errp);
|
||||
if (*errp) {
|
||||
return;
|
||||
}
|
||||
@@ -1877,16 +1877,13 @@ static void dump_init(DumpState *s, int fd, bool has_format,
|
||||
}
|
||||
|
||||
if (dump_is_64bit(s)) {
|
||||
- s->phdr_offset = sizeof(Elf64_Ehdr);
|
||||
- s->shdr_offset = s->phdr_offset + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
- s->note_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
|
||||
- s->memory_offset = s->note_offset + s->note_size;
|
||||
+ s->shdr_offset = sizeof(Elf64_Ehdr);
|
||||
+ s->phdr_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
|
||||
+ s->note_offset = s->phdr_offset + sizeof(Elf64_Phdr) * s->phdr_num;
|
||||
} else {
|
||||
-
|
||||
- s->phdr_offset = sizeof(Elf32_Ehdr);
|
||||
- s->shdr_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
- s->note_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
|
||||
- s->memory_offset = s->note_offset + s->note_size;
|
||||
+ s->shdr_offset = sizeof(Elf32_Ehdr);
|
||||
+ s->phdr_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
|
||||
+ s->note_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
|
||||
}
|
||||
|
||||
return;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,173 @@
|
|||
From deaf4e0f5e90d227b7b9f3e5d1dff7fd0bc0206a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Mon, 5 Sep 2022 16:06:21 +0400
|
||||
Subject: [PATCH 31/42] dump: fix kdump to work over non-aligned blocks
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [31/41] b307bdce4a4791fc30160fa2a1678bd238f2432e
|
||||
|
||||
Rewrite get_next_page() to work over non-aligned blocks. When it
|
||||
encounters non aligned addresses, it will try to fill a page provided by
|
||||
the caller.
|
||||
|
||||
This solves a kdump crash with "tpm-crb-cmd" RAM memory region,
|
||||
qemu-kvm: ../dump/dump.c:1162: _Bool get_next_page(GuestPhysBlock **,
|
||||
uint64_t *, uint8_t **, DumpState *): Assertion `(block->target_start &
|
||||
~target_page_mask) == 0' failed.
|
||||
|
||||
because:
|
||||
guest_phys_block_add_section: target_start=00000000fed40080 target_end=00000000fed41000: added (count: 4)
|
||||
|
||||
Fixes:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2120480
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Acked-by: David Hildenbrand <david@redhat.com>
|
||||
(cherry picked from commit 94d788408d2d5a6474c99b2c9cf06913b9db7c58)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 79 +++++++++++++++++++++++++++++++++++++----------------
|
||||
1 file changed, 56 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index 1c49232390..88177fa886 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -1117,50 +1117,81 @@ static uint64_t dump_pfn_to_paddr(DumpState *s, uint64_t pfn)
|
||||
}
|
||||
|
||||
/*
|
||||
- * exam every page and return the page frame number and the address of the page.
|
||||
- * bufptr can be NULL. note: the blocks here is supposed to reflect guest-phys
|
||||
- * blocks, so block->target_start and block->target_end should be interal
|
||||
- * multiples of the target page size.
|
||||
+ * Return the page frame number and the page content in *bufptr. bufptr can be
|
||||
+ * NULL. If not NULL, *bufptr must contains a target page size of pre-allocated
|
||||
+ * memory. This is not necessarily the memory returned.
|
||||
*/
|
||||
static bool get_next_page(GuestPhysBlock **blockptr, uint64_t *pfnptr,
|
||||
uint8_t **bufptr, DumpState *s)
|
||||
{
|
||||
GuestPhysBlock *block = *blockptr;
|
||||
- hwaddr addr, target_page_mask = ~((hwaddr)s->dump_info.page_size - 1);
|
||||
- uint8_t *buf;
|
||||
+ uint32_t page_size = s->dump_info.page_size;
|
||||
+ uint8_t *buf = NULL, *hbuf;
|
||||
+ hwaddr addr;
|
||||
|
||||
/* block == NULL means the start of the iteration */
|
||||
if (!block) {
|
||||
block = QTAILQ_FIRST(&s->guest_phys_blocks.head);
|
||||
*blockptr = block;
|
||||
addr = block->target_start;
|
||||
+ *pfnptr = dump_paddr_to_pfn(s, addr);
|
||||
} else {
|
||||
- addr = dump_pfn_to_paddr(s, *pfnptr + 1);
|
||||
+ *pfnptr += 1;
|
||||
+ addr = dump_pfn_to_paddr(s, *pfnptr);
|
||||
}
|
||||
assert(block != NULL);
|
||||
|
||||
- if ((addr >= block->target_start) &&
|
||||
- (addr + s->dump_info.page_size <= block->target_end)) {
|
||||
- buf = block->host_addr + (addr - block->target_start);
|
||||
- } else {
|
||||
- /* the next page is in the next block */
|
||||
- block = QTAILQ_NEXT(block, next);
|
||||
- *blockptr = block;
|
||||
- if (!block) {
|
||||
- return false;
|
||||
+ while (1) {
|
||||
+ if (addr >= block->target_start && addr < block->target_end) {
|
||||
+ size_t n = MIN(block->target_end - addr, page_size - addr % page_size);
|
||||
+ hbuf = block->host_addr + (addr - block->target_start);
|
||||
+ if (!buf) {
|
||||
+ if (n == page_size) {
|
||||
+ /* this is a whole target page, go for it */
|
||||
+ assert(addr % page_size == 0);
|
||||
+ buf = hbuf;
|
||||
+ break;
|
||||
+ } else if (bufptr) {
|
||||
+ assert(*bufptr);
|
||||
+ buf = *bufptr;
|
||||
+ memset(buf, 0, page_size);
|
||||
+ } else {
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ memcpy(buf + addr % page_size, hbuf, n);
|
||||
+ addr += n;
|
||||
+ if (addr % page_size == 0) {
|
||||
+ /* we filled up the page */
|
||||
+ break;
|
||||
+ }
|
||||
+ } else {
|
||||
+ /* the next page is in the next block */
|
||||
+ *blockptr = block = QTAILQ_NEXT(block, next);
|
||||
+ if (!block) {
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ addr = block->target_start;
|
||||
+ /* are we still in the same page? */
|
||||
+ if (dump_paddr_to_pfn(s, addr) != *pfnptr) {
|
||||
+ if (buf) {
|
||||
+ /* no, but we already filled something earlier, return it */
|
||||
+ break;
|
||||
+ } else {
|
||||
+ /* else continue from there */
|
||||
+ *pfnptr = dump_paddr_to_pfn(s, addr);
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
- addr = block->target_start;
|
||||
- buf = block->host_addr;
|
||||
}
|
||||
|
||||
- assert((block->target_start & ~target_page_mask) == 0);
|
||||
- assert((block->target_end & ~target_page_mask) == 0);
|
||||
- *pfnptr = dump_paddr_to_pfn(s, addr);
|
||||
if (bufptr) {
|
||||
*bufptr = buf;
|
||||
}
|
||||
|
||||
- return true;
|
||||
+ return buf != NULL;
|
||||
}
|
||||
|
||||
static void write_dump_bitmap(DumpState *s, Error **errp)
|
||||
@@ -1306,6 +1337,7 @@ static void write_dump_pages(DumpState *s, Error **errp)
|
||||
uint8_t *buf;
|
||||
GuestPhysBlock *block_iter = NULL;
|
||||
uint64_t pfn_iter;
|
||||
+ g_autofree uint8_t *page = NULL;
|
||||
|
||||
/* get offset of page_desc and page_data in dump file */
|
||||
offset_desc = s->offset_page;
|
||||
@@ -1341,12 +1373,13 @@ static void write_dump_pages(DumpState *s, Error **errp)
|
||||
}
|
||||
|
||||
offset_data += s->dump_info.page_size;
|
||||
+ page = g_malloc(s->dump_info.page_size);
|
||||
|
||||
/*
|
||||
* dump memory to vmcore page by page. zero page will all be resided in the
|
||||
* first page of page section
|
||||
*/
|
||||
- while (get_next_page(&block_iter, &pfn_iter, &buf, s)) {
|
||||
+ for (buf = page; get_next_page(&block_iter, &pfn_iter, &buf, s); buf = page) {
|
||||
/* check zero page */
|
||||
if (is_zero_page(buf, s->dump_info.page_size)) {
|
||||
ret = write_cache(&page_desc, &pd_zero, sizeof(PageDescriptor),
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
From bb55fde4d8ca587e2ef52ce58a0c22e4d66a08dc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Thu, 25 Aug 2022 12:40:12 +0400
|
||||
Subject: [PATCH 30/42] dump: simplify a bit kdump get_next_page()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [30/41] 417ac19fa96036e0242f40121ac6e87a9f3f70ba
|
||||
|
||||
This should be functionally equivalent, but slightly easier to read,
|
||||
with simplified paths and checks at the end of the function.
|
||||
|
||||
The following patch is a major rewrite to get rid of the assert().
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
(cherry picked from commit 08df343874fcddd260021a04ce3c5a34f2c48164)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
dump/dump.c | 21 ++++++++-------------
|
||||
1 file changed, 8 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/dump/dump.c b/dump/dump.c
|
||||
index c2c1341ad7..1c49232390 100644
|
||||
--- a/dump/dump.c
|
||||
+++ b/dump/dump.c
|
||||
@@ -1133,17 +1133,11 @@ static bool get_next_page(GuestPhysBlock **blockptr, uint64_t *pfnptr,
|
||||
if (!block) {
|
||||
block = QTAILQ_FIRST(&s->guest_phys_blocks.head);
|
||||
*blockptr = block;
|
||||
- assert((block->target_start & ~target_page_mask) == 0);
|
||||
- assert((block->target_end & ~target_page_mask) == 0);
|
||||
- *pfnptr = dump_paddr_to_pfn(s, block->target_start);
|
||||
- if (bufptr) {
|
||||
- *bufptr = block->host_addr;
|
||||
- }
|
||||
- return true;
|
||||
+ addr = block->target_start;
|
||||
+ } else {
|
||||
+ addr = dump_pfn_to_paddr(s, *pfnptr + 1);
|
||||
}
|
||||
-
|
||||
- *pfnptr = *pfnptr + 1;
|
||||
- addr = dump_pfn_to_paddr(s, *pfnptr);
|
||||
+ assert(block != NULL);
|
||||
|
||||
if ((addr >= block->target_start) &&
|
||||
(addr + s->dump_info.page_size <= block->target_end)) {
|
||||
@@ -1155,12 +1149,13 @@ static bool get_next_page(GuestPhysBlock **blockptr, uint64_t *pfnptr,
|
||||
if (!block) {
|
||||
return false;
|
||||
}
|
||||
- assert((block->target_start & ~target_page_mask) == 0);
|
||||
- assert((block->target_end & ~target_page_mask) == 0);
|
||||
- *pfnptr = dump_paddr_to_pfn(s, block->target_start);
|
||||
+ addr = block->target_start;
|
||||
buf = block->host_addr;
|
||||
}
|
||||
|
||||
+ assert((block->target_start & ~target_page_mask) == 0);
|
||||
+ assert((block->target_end & ~target_page_mask) == 0);
|
||||
+ *pfnptr = dump_paddr_to_pfn(s, addr);
|
||||
if (bufptr) {
|
||||
*bufptr = buf;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
From 7693449b235bbab6d32a1b87fa1d0e101c786f3b Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:11:14 -0500
|
||||
Subject: [PATCH 05/13] edu: add smp_mb__after_rmw()
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [5/10] 300901290e08b253b1278eedc39cd07c1e202b96
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit 2482aeea4195ad84cf3d4e5b15b28ec5b420ed5a
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Thu Mar 2 11:16:13 2023 +0100
|
||||
|
||||
edu: add smp_mb__after_rmw()
|
||||
|
||||
Ensure ordering between clearing the COMPUTING flag and checking
|
||||
IRQFACT, and between setting the IRQFACT flag and checking
|
||||
COMPUTING. This ensures that no wakeups are lost.
|
||||
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
hw/misc/edu.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/hw/misc/edu.c b/hw/misc/edu.c
|
||||
index e935c418d4..a1f8bc77e7 100644
|
||||
--- a/hw/misc/edu.c
|
||||
+++ b/hw/misc/edu.c
|
||||
@@ -267,6 +267,8 @@ static void edu_mmio_write(void *opaque, hwaddr addr, uint64_t val,
|
||||
case 0x20:
|
||||
if (val & EDU_STATUS_IRQFACT) {
|
||||
qatomic_or(&edu->status, EDU_STATUS_IRQFACT);
|
||||
+ /* Order check of the COMPUTING flag after setting IRQFACT. */
|
||||
+ smp_mb__after_rmw();
|
||||
} else {
|
||||
qatomic_and(&edu->status, ~EDU_STATUS_IRQFACT);
|
||||
}
|
||||
@@ -349,6 +351,9 @@ static void *edu_fact_thread(void *opaque)
|
||||
qemu_mutex_unlock(&edu->thr_mutex);
|
||||
qatomic_and(&edu->status, ~EDU_STATUS_COMPUTING);
|
||||
|
||||
+ /* Clear COMPUTING flag before checking IRQFACT. */
|
||||
+ smp_mb__after_rmw();
|
||||
+
|
||||
if (qatomic_read(&edu->status) & EDU_STATUS_IRQFACT) {
|
||||
qemu_mutex_lock_iothread();
|
||||
edu_raise_irq(edu, FACT_IRQ);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,105 @@
|
|||
From 939c75ab92ac608893cad0e46f55527950518a57 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 5 Mar 2024 11:36:15 -0500
|
||||
Subject: [PATCH 1/3] glib-compat: Introduce g_memdup2() wrapper
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 353: ui/clipboard: mark type as not available when there is no data
|
||||
RH-Jira: RHEL-19628
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [1/2] f401c63303ef558bfcbb36e4c8fcc8bf2b1c3eb4 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-19628
|
||||
CVE: CVE-2023-6683
|
||||
Upstream: Merged
|
||||
|
||||
commit 2c674fada72079583a3f2cc1790b16a0259c4fa0
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Fri Sep 3 19:44:44 2021 +0200
|
||||
|
||||
glib-compat: Introduce g_memdup2() wrapper
|
||||
When experimenting raising GLIB_VERSION_MIN_REQUIRED to 2.68
|
||||
(Fedora 34 provides GLib 2.68.1) we get:
|
||||
|
||||
hw/virtio/virtio-crypto.c:245:24: error: 'g_memdup' is deprecated: Use 'g_memdup2' instead [-Werror,-Wdeprecated-declarations]
|
||||
...
|
||||
|
||||
g_memdup() has been updated by g_memdup2() to fix eventual security
|
||||
issues (size argument is 32-bit and could be truncated / wrapping).
|
||||
GLib recommends to copy their static inline version of g_memdup2():
|
||||
https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
|
||||
|
||||
Our glib-compat.h provides a comment explaining how to deal with
|
||||
these deprecated declarations (see commit e71e8cc0355
|
||||
"glib: enforce the minimum required version and warn about old APIs").
|
||||
|
||||
Following this comment suggestion, implement the g_memdup2_qemu()
|
||||
wrapper to g_memdup2(), and use the safer equivalent inlined when
|
||||
we are using pre-2.68 GLib.
|
||||
|
||||
Reported-by: Eric Blake <eblake@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Message-Id: <20210903174510.751630-3-philmd@redhat.com>
|
||||
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
include/glib-compat.h | 37 +++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 37 insertions(+)
|
||||
|
||||
diff --git a/include/glib-compat.h b/include/glib-compat.h
|
||||
index 9e95c888f5..8d01a8c01f 100644
|
||||
--- a/include/glib-compat.h
|
||||
+++ b/include/glib-compat.h
|
||||
@@ -68,6 +68,43 @@
|
||||
* without generating warnings.
|
||||
*/
|
||||
|
||||
+/*
|
||||
+ * g_memdup2_qemu:
|
||||
+ * @mem: (nullable): the memory to copy.
|
||||
+ * @byte_size: the number of bytes to copy.
|
||||
+ *
|
||||
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
|
||||
+ * from @mem. If @mem is %NULL it returns %NULL.
|
||||
+ *
|
||||
+ * This replaces g_memdup(), which was prone to integer overflows when
|
||||
+ * converting the argument from a #gsize to a #guint.
|
||||
+ *
|
||||
+ * This static inline version is a backport of the new public API from
|
||||
+ * GLib 2.68, kept internal to GLib for backport to older stable releases.
|
||||
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
|
||||
+ *
|
||||
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
|
||||
+ * or %NULL if @mem is %NULL.
|
||||
+ */
|
||||
+static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
|
||||
+{
|
||||
+#if GLIB_CHECK_VERSION(2, 68, 0)
|
||||
+ return g_memdup2(mem, byte_size);
|
||||
+#else
|
||||
+ gpointer new_mem;
|
||||
+
|
||||
+ if (mem && byte_size != 0) {
|
||||
+ new_mem = g_malloc(byte_size);
|
||||
+ memcpy(new_mem, mem, byte_size);
|
||||
+ } else {
|
||||
+ new_mem = NULL;
|
||||
+ }
|
||||
+
|
||||
+ return new_mem;
|
||||
+#endif
|
||||
+}
|
||||
+#define g_memdup2(m, s) g_memdup2_qemu(m, s)
|
||||
+
|
||||
#if defined(G_OS_UNIX)
|
||||
/*
|
||||
* Note: The fallback implementation is not MT-safe, and it returns a copy of
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,81 @@
|
|||
From edead46187b1e55ad5e238332780aef19f1bc214 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Wed, 9 Nov 2022 18:41:18 -0500
|
||||
Subject: [PATCH 1/2] hw/acpi: Add ospm_status hook implementation for acpi-ged
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 228: qemu-kvm: backport some aarch64 fixes
|
||||
RH-Bugzilla: 2132609
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Gavin Shan <gshan@redhat.com>
|
||||
RH-Commit: [1/2] 99730b1a27666ca745dc28d90751c938d43f1682 (jmaloy/qemu-kvm)
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2132609
|
||||
Upstream: Merged
|
||||
|
||||
commit d4424bebceaa8ffbc23060ce45e52a9bb817e3c9
|
||||
Author: Keqian Zhu <zhukeqian1@huawei.com>
|
||||
Date: Tue Aug 16 17:49:57 2022 +0800
|
||||
|
||||
hw/acpi: Add ospm_status hook implementation for acpi-ged
|
||||
|
||||
Setup an ARM virtual machine of machine virt and execute qmp "query-acpi-ospm-status"
|
||||
causes segmentation fault with following dumpstack:
|
||||
#1 0x0000aaaaab64235c in qmp_query_acpi_ospm_status (errp=errp@entry=0xfffffffff030) at ../monitor/qmp-cmds.c:312
|
||||
#2 0x0000aaaaabfc4e20 in qmp_marshal_query_acpi_ospm_status (args=<optimized out>, ret=0xffffea4ffe90, errp=0xffffea4ffe88) at qapi/qapi-commands-acpi.c:63
|
||||
#3 0x0000aaaaabff8ba0 in do_qmp_dispatch_bh (opaque=0xffffea4ffe98) at ../qapi/qmp-dispatch.c:128
|
||||
#4 0x0000aaaaac02e594 in aio_bh_call (bh=0xffffe0004d80) at ../util/async.c:150
|
||||
#5 aio_bh_poll (ctx=ctx@entry=0xaaaaad0f6040) at ../util/async.c:178
|
||||
#6 0x0000aaaaac00bd40 in aio_dispatch (ctx=ctx@entry=0xaaaaad0f6040) at ../util/aio-posix.c:421
|
||||
#7 0x0000aaaaac02e010 in aio_ctx_dispatch (source=0xaaaaad0f6040, callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:320
|
||||
#8 0x0000fffff76f6884 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
|
||||
#9 0x0000aaaaac0452d4 in glib_pollfds_poll () at ../util/main-loop.c:297
|
||||
#10 os_host_main_loop_wait (timeout=0) at ../util/main-loop.c:320
|
||||
#11 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:596
|
||||
#12 0x0000aaaaab5c9e50 in qemu_main_loop () at ../softmmu/runstate.c:734
|
||||
#13 0x0000aaaaab185370 in qemu_main (argc=argc@entry=47, argv=argv@entry=0xfffffffff518, envp=envp@entry=0x0) at ../softmmu/main.c:38
|
||||
#14 0x0000aaaaab16f99c in main (argc=47, argv=0xfffffffff518) at ../softmmu/main.c:47
|
||||
|
||||
Fixes: ebb62075021a ("hw/acpi: Add ACPI Generic Event Device Support")
|
||||
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
|
||||
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
|
||||
Message-id: 20220816094957.31700-1-zhukeqian1@huawei.com
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
|
||||
(cherry picked from commit d4424bebceaa8ffbc23060ce45e52a9bb817e3c9)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/acpi/generic_event_device.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/hw/acpi/generic_event_device.c b/hw/acpi/generic_event_device.c
|
||||
index e28457a7d1..a3d31631fe 100644
|
||||
--- a/hw/acpi/generic_event_device.c
|
||||
+++ b/hw/acpi/generic_event_device.c
|
||||
@@ -267,6 +267,13 @@ static void acpi_ged_unplug_cb(HotplugHandler *hotplug_dev,
|
||||
}
|
||||
}
|
||||
|
||||
+static void acpi_ged_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
|
||||
+{
|
||||
+ AcpiGedState *s = ACPI_GED(adev);
|
||||
+
|
||||
+ acpi_memory_ospm_status(&s->memhp_state, list);
|
||||
+}
|
||||
+
|
||||
static void acpi_ged_send_event(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
|
||||
{
|
||||
AcpiGedState *s = ACPI_GED(adev);
|
||||
@@ -409,6 +416,7 @@ static void acpi_ged_class_init(ObjectClass *class, void *data)
|
||||
hc->unplug_request = acpi_ged_unplug_request_cb;
|
||||
hc->unplug = acpi_ged_unplug_cb;
|
||||
|
||||
+ adevc->ospm_status = acpi_ged_ospm_status;
|
||||
adevc->send_event = acpi_ged_send_event;
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,119 @@
|
|||
From 4f6f881de10e31cac4636d5fde4b7ed4c8affadb Mon Sep 17 00:00:00 2001
|
||||
From: Eric Auger <eric.auger@redhat.com>
|
||||
Date: Thu, 4 Jan 2024 12:02:31 +0100
|
||||
Subject: [PATCH 3/3] hw/arm/virt: Do not load efi-virtio.rom for all
|
||||
virtio-net-pci variants
|
||||
|
||||
RH-Author: Eric Auger <eric.auger@redhat.com>
|
||||
RH-MergeRequest: 344: hw/arm/virt: Do not load efi-virtio.rom for any virtio-net-pci variants
|
||||
RH-Jira: RHEL-14870
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Sebastian Ott <None>
|
||||
RH-Commit: [1/1] ffeaa78ad0a1cff5b49009dfb32d25e5cadc0e05
|
||||
|
||||
Upstream: RHEL-only
|
||||
Brew: http://brewweb.engineering.redhat.com/brew/taskinfo?taskID=5785640
|
||||
|
||||
Currently arm_rhel_compat just sets the romfile to "" for
|
||||
virtio-net-pci and not for transitional and non transitional
|
||||
variants. However, on aarch64 RHEL, efi-virtio.rom is not
|
||||
shipped so transitional and non-transitional variants cannot
|
||||
be used and the following error is obeserved:
|
||||
|
||||
"Could not open option rom 'efi-virtio.rom': No such file or directory"
|
||||
|
||||
In practice, we do not need any rom file for those virtio-net-pci
|
||||
variants either because edk2 already brings the full functionality.
|
||||
|
||||
So let's change the applied compat to cover all the variants. While
|
||||
at it also change the way arm_rhel_compat is applied. Instead of
|
||||
applying it from the latest _virt_options(), which is error prone
|
||||
when upgrading the machine type, let's apply it before calling
|
||||
*virt_options in the non abstract machine class. That way the setting
|
||||
will apply to any machine type without any need to add it in any
|
||||
future machine types.
|
||||
|
||||
We don't really care keeping non void romfiles for transitional and
|
||||
non transitional devices on previous machine types because this
|
||||
was not working anyway.
|
||||
|
||||
Signed-off-by: Eric Auger <eric.auger@redhat.com>
|
||||
---
|
||||
hw/arm/virt.c | 42 ++++++++++++++++++++++++++++--------------
|
||||
1 file changed, 28 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
|
||||
index dbf0a6d62f..46c72a9611 100644
|
||||
--- a/hw/arm/virt.c
|
||||
+++ b/hw/arm/virt.c
|
||||
@@ -108,11 +108,39 @@
|
||||
DEFINE_VIRT_MACHINE_LATEST(major, minor, false)
|
||||
#endif /* disabled for RHEL */
|
||||
|
||||
+/*
|
||||
+ * This variable is for changes to properties that are RHEL specific,
|
||||
+ * different to the current upstream and to be applied to the latest
|
||||
+ * machine type. They may be overriden by older machine compats.
|
||||
+ *
|
||||
+ * virtio-net-pci variant romfiles are not needed because edk2 does
|
||||
+ * fully support the pxe boot. Besides virtio romfiles are not shipped
|
||||
+ * on rhel/aarch64.
|
||||
+ */
|
||||
+GlobalProperty arm_rhel_compat[] = {
|
||||
+ {"virtio-net-pci", "romfile", "" },
|
||||
+ {"virtio-net-pci-transitional", "romfile", "" },
|
||||
+ {"virtio-net-pci-non-transitional", "romfile", "" },
|
||||
+};
|
||||
+const size_t arm_rhel_compat_len = G_N_ELEMENTS(arm_rhel_compat);
|
||||
+
|
||||
+/*
|
||||
+ * This cannot be called from the rhel_virt_class_init() because
|
||||
+ * TYPE_RHEL_MACHINE is abstract and mc->compat_props g_ptr_array_new()
|
||||
+ * only is called on virt-rhelm.n.s non abstract class init.
|
||||
+ */
|
||||
+static void arm_rhel_compat_set(MachineClass *mc)
|
||||
+{
|
||||
+ compat_props_add(mc->compat_props, arm_rhel_compat,
|
||||
+ arm_rhel_compat_len);
|
||||
+}
|
||||
+
|
||||
#define DEFINE_RHEL_MACHINE_LATEST(m, n, s, latest) \
|
||||
static void rhel##m##n##s##_virt_class_init(ObjectClass *oc, \
|
||||
void *data) \
|
||||
{ \
|
||||
MachineClass *mc = MACHINE_CLASS(oc); \
|
||||
+ arm_rhel_compat_set(mc); \
|
||||
rhel##m##n##s##_virt_options(mc); \
|
||||
mc->desc = "RHEL " # m "." # n "." # s " ARM Virtual Machine"; \
|
||||
if (latest) { \
|
||||
@@ -136,19 +164,6 @@
|
||||
#define DEFINE_RHEL_MACHINE(major, minor, subminor) \
|
||||
DEFINE_RHEL_MACHINE_LATEST(major, minor, subminor, false)
|
||||
|
||||
-/* This variable is for changes to properties that are RHEL specific,
|
||||
- * different to the current upstream and to be applied to the latest
|
||||
- * machine type.
|
||||
- */
|
||||
-GlobalProperty arm_rhel_compat[] = {
|
||||
- {
|
||||
- .driver = "virtio-net-pci",
|
||||
- .property = "romfile",
|
||||
- .value = "",
|
||||
- },
|
||||
-};
|
||||
-const size_t arm_rhel_compat_len = G_N_ELEMENTS(arm_rhel_compat);
|
||||
-
|
||||
/* Number of external interrupt lines to configure the GIC with */
|
||||
#define NUM_IRQS 256
|
||||
|
||||
@@ -3240,7 +3255,6 @@ type_init(rhel_machine_init);
|
||||
|
||||
static void rhel860_virt_options(MachineClass *mc)
|
||||
{
|
||||
- compat_props_add(mc->compat_props, arm_rhel_compat, arm_rhel_compat_len);
|
||||
}
|
||||
DEFINE_RHEL_MACHINE_AS_LATEST(8, 6, 0)
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,52 @@
|
|||
From 100f33ff8a1d55986e43b99ba8726abc29ee8d26 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 5 Dec 2022 15:32:55 -0500
|
||||
Subject: [PATCH 5/5] hw/display/qxl: Assert memory slot fits in preallocated
|
||||
MemoryRegion
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 240: hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler
|
||||
RH-Bugzilla: 2148545
|
||||
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Commit: [5/5] f809ce48e7989dd6547b7c8bf1a5efc3fdcacbac (jmaloy/jons-qemu-kvm)
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2148545
|
||||
CVE: CVE-2022-4144
|
||||
Upstream: Merged
|
||||
|
||||
commit 86fdb0582c653a9824183679403a85f588260d62
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Mon Nov 28 21:27:41 2022 +0100
|
||||
|
||||
hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion
|
||||
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20221128202741.4945-6-philmd@linaro.org>
|
||||
|
||||
(cherry picked from commit 86fdb0582c653a9824183679403a85f588260d62)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/display/qxl.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
|
||||
index 2a4b2d4158..bcd9e8716a 100644
|
||||
--- a/hw/display/qxl.c
|
||||
+++ b/hw/display/qxl.c
|
||||
@@ -1372,6 +1372,7 @@ static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta,
|
||||
qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
|
||||
return 1;
|
||||
}
|
||||
+ assert(guest_end - pci_start <= memory_region_size(mr));
|
||||
|
||||
virt_start = (intptr_t)memory_region_get_ram_ptr(mr);
|
||||
memslot.slot_id = slot_id;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,130 @@
|
|||
From 4e1bfbe3a0a113fe3cf39336a9d7da4e8c2a21ea Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 5 Dec 2022 15:32:55 -0500
|
||||
Subject: [PATCH 4/5] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt
|
||||
(CVE-2022-4144)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 240: hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler
|
||||
RH-Bugzilla: 2148545
|
||||
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Commit: [4/5] afe53f8d9b31c6fd8211fe172173151f3255e67c (jmaloy/jons-qemu-kvm)
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2148545
|
||||
CVE: CVE-2022-4144
|
||||
Upstream: Merged
|
||||
|
||||
commit 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Mon Nov 28 21:27:40 2022 +0100
|
||||
|
||||
hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)
|
||||
|
||||
Have qxl_get_check_slot_offset() return false if the requested
|
||||
buffer size does not fit within the slot memory region.
|
||||
|
||||
Similarly qxl_phys2virt() now returns NULL in such case, and
|
||||
qxl_dirty_one_surface() aborts.
|
||||
|
||||
This avoids buffer overrun in the host pointer returned by
|
||||
memory_region_get_ram_ptr().
|
||||
|
||||
Fixes: CVE-2022-4144 (out-of-bounds read)
|
||||
Reported-by: Wenxu Yin (@awxylitol)
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20221128202741.4945-5-philmd@linaro.org>
|
||||
|
||||
(cherry picked from commit 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/display/qxl.c | 27 +++++++++++++++++++++++----
|
||||
hw/display/qxl.h | 2 +-
|
||||
2 files changed, 24 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
|
||||
index aa9065183e..2a4b2d4158 100644
|
||||
--- a/hw/display/qxl.c
|
||||
+++ b/hw/display/qxl.c
|
||||
@@ -1412,11 +1412,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d)
|
||||
|
||||
/* can be also called from spice server thread context */
|
||||
static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
|
||||
- uint32_t *s, uint64_t *o)
|
||||
+ uint32_t *s, uint64_t *o,
|
||||
+ size_t size_requested)
|
||||
{
|
||||
uint64_t phys = le64_to_cpu(pqxl);
|
||||
uint32_t slot = (phys >> (64 - 8)) & 0xff;
|
||||
uint64_t offset = phys & 0xffffffffffff;
|
||||
+ uint64_t size_available;
|
||||
|
||||
if (slot >= NUM_MEMSLOTS) {
|
||||
qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
|
||||
@@ -1440,6 +1442,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
|
||||
slot, offset, qxl->guest_slots[slot].size);
|
||||
return false;
|
||||
}
|
||||
+ size_available = memory_region_size(qxl->guest_slots[slot].mr);
|
||||
+ if (qxl->guest_slots[slot].offset + offset >= size_available) {
|
||||
+ qxl_set_guest_bug(qxl,
|
||||
+ "slot %d offset %"PRIu64" > region size %"PRIu64"\n",
|
||||
+ slot, qxl->guest_slots[slot].offset + offset,
|
||||
+ size_available);
|
||||
+ return false;
|
||||
+ }
|
||||
+ size_available -= qxl->guest_slots[slot].offset + offset;
|
||||
+ if (size_requested > size_available) {
|
||||
+ qxl_set_guest_bug(qxl,
|
||||
+ "slot %d offset %"PRIu64" size %zu: "
|
||||
+ "overrun by %"PRIu64" bytes\n",
|
||||
+ slot, offset, size_requested,
|
||||
+ size_requested - size_available);
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
*s = slot;
|
||||
*o = offset;
|
||||
@@ -1459,7 +1478,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
|
||||
offset = le64_to_cpu(pqxl) & 0xffffffffffff;
|
||||
return (void *)(intptr_t)offset;
|
||||
case MEMSLOT_GROUP_GUEST:
|
||||
- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
|
||||
+ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
|
||||
return NULL;
|
||||
}
|
||||
ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
|
||||
@@ -1925,9 +1944,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
|
||||
uint32_t slot;
|
||||
bool rc;
|
||||
|
||||
- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
|
||||
- assert(rc == true);
|
||||
size = (uint64_t)height * abs(stride);
|
||||
+ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size);
|
||||
+ assert(rc == true);
|
||||
trace_qxl_surfaces_dirty(qxl->id, offset, size);
|
||||
qxl_set_dirty(qxl->guest_slots[slot].mr,
|
||||
qxl->guest_slots[slot].offset + offset,
|
||||
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
|
||||
index c784315daa..89ca832cf9 100644
|
||||
--- a/hw/display/qxl.h
|
||||
+++ b/hw/display/qxl.h
|
||||
@@ -157,7 +157,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
|
||||
*
|
||||
* Returns a host pointer to a buffer placed at offset @phys within the
|
||||
* active slot @group_id of the PCI VGA RAM memory region associated with
|
||||
- * the @qxl device. If the slot is inactive, or the offset is out
|
||||
+ * the @qxl device. If the slot is inactive, or the offset + size are out
|
||||
* of the memory region, returns NULL.
|
||||
*
|
||||
* Use with care; by the time this function returns, the returned pointer is
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From 068c531fb968ec04509b85f524d0745e6acf5449 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 5 Dec 2022 15:32:55 -0500
|
||||
Subject: [PATCH 2/5] hw/display/qxl: Document qxl_phys2virt()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 240: hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler
|
||||
RH-Bugzilla: 2148545
|
||||
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Commit: [2/5] f84c0b379022c527fc2508a242443d86454944c0 (jmaloy/jons-qemu-kvm)
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2148545
|
||||
CVE: CVE-2022-4144
|
||||
Upstream: Merged
|
||||
|
||||
commit b1901de83a9456cde26fc755f71ca2b7b3ef50fc
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Mon Nov 28 21:27:38 2022 +0100
|
||||
|
||||
hw/display/qxl: Document qxl_phys2virt()
|
||||
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20221128202741.4945-3-philmd@linaro.org>
|
||||
|
||||
(cherry picked from commit b1901de83a9456cde26fc755f71ca2b7b3ef50fc)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/display/qxl.h | 19 +++++++++++++++++++
|
||||
1 file changed, 19 insertions(+)
|
||||
|
||||
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
|
||||
index 30d21f4d0b..c938f88a2f 100644
|
||||
--- a/hw/display/qxl.h
|
||||
+++ b/hw/display/qxl.h
|
||||
@@ -147,6 +147,25 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
|
||||
#define QXL_DEFAULT_REVISION (QXL_REVISION_STABLE_V12 + 1)
|
||||
|
||||
/* qxl.c */
|
||||
+/**
|
||||
+ * qxl_phys2virt: Get a pointer within a PCI VRAM memory region.
|
||||
+ *
|
||||
+ * @qxl: QXL device
|
||||
+ * @phys: physical offset of buffer within the VRAM
|
||||
+ * @group_id: memory slot group
|
||||
+ *
|
||||
+ * Returns a host pointer to a buffer placed at offset @phys within the
|
||||
+ * active slot @group_id of the PCI VGA RAM memory region associated with
|
||||
+ * the @qxl device. If the slot is inactive, or the offset is out
|
||||
+ * of the memory region, returns NULL.
|
||||
+ *
|
||||
+ * Use with care; by the time this function returns, the returned pointer is
|
||||
+ * not protected by RCU anymore. If the caller is not within an RCU critical
|
||||
+ * section and does not hold the iothread lock, it must have other means of
|
||||
+ * protecting the pointer, such as a reference to the region that includes
|
||||
+ * the incoming ram_addr_t.
|
||||
+ *
|
||||
+ */
|
||||
void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
|
||||
void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
|
||||
GCC_FMT_ATTR(2, 3);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,74 @@
|
|||
From 5ec8d909d40fa04ef2c3572e01509a1866786070 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 5 Dec 2022 15:32:55 -0500
|
||||
Subject: [PATCH 1/5] hw/display/qxl: Have qxl_log_command Return early if no
|
||||
log_cmd handler
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 240: hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler
|
||||
RH-Bugzilla: 2148545
|
||||
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Commit: [1/5] 33d94f40c46cccbc32d108d1035365917bf90356 (jmaloy/jons-qemu-kvm)
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2148545
|
||||
CVE: CVE-2022-4144
|
||||
Upstream: Merged
|
||||
|
||||
commit 61c34fc194b776ecadc39fb26b061331107e5599
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Mon Nov 28 21:27:37 2022 +0100
|
||||
|
||||
hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler
|
||||
|
||||
Only 3 command types are logged: no need to call qxl_phys2virt()
|
||||
for the other types. Using different cases will help to pass
|
||||
different structure sizes to qxl_phys2virt() in a pair of commits.
|
||||
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20221128202741.4945-2-philmd@linaro.org>
|
||||
|
||||
(cherry picked from commit 61c34fc194b776ecadc39fb26b061331107e5599)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/display/qxl-logger.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
|
||||
index 68bfa47568..1bcf803db6 100644
|
||||
--- a/hw/display/qxl-logger.c
|
||||
+++ b/hw/display/qxl-logger.c
|
||||
@@ -247,6 +247,16 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
|
||||
qxl_name(qxl_type, ext->cmd.type),
|
||||
compat ? "(compat)" : "");
|
||||
|
||||
+ switch (ext->cmd.type) {
|
||||
+ case QXL_CMD_DRAW:
|
||||
+ break;
|
||||
+ case QXL_CMD_SURFACE:
|
||||
+ break;
|
||||
+ case QXL_CMD_CURSOR:
|
||||
+ break;
|
||||
+ default:
|
||||
+ goto out;
|
||||
+ }
|
||||
data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
|
||||
if (!data) {
|
||||
return 1;
|
||||
@@ -269,6 +279,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
|
||||
qxl_log_cmd_cursor(qxl, data, ext->group_id);
|
||||
break;
|
||||
}
|
||||
+out:
|
||||
fprintf(stderr, "\n");
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,234 @@
|
|||
From 0e6bd3911c4971f575aac7e9cd726467b52fe544 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 5 Dec 2022 15:32:55 -0500
|
||||
Subject: [PATCH 3/5] hw/display/qxl: Pass requested buffer size to
|
||||
qxl_phys2virt()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 240: hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler
|
||||
RH-Bugzilla: 2148545
|
||||
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
RH-Commit: [3/5] 8e362d67fe7fef9eb457cfb15d75b298fed725c3 (jmaloy/jons-qemu-kvm)
|
||||
|
||||
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2148545
|
||||
CVE: CVE-2022-4144
|
||||
Upstream: Merged
|
||||
|
||||
commit 8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Mon Nov 28 21:27:39 2022 +0100
|
||||
|
||||
hw/display/qxl: Pass requested buffer size to qxl_phys2virt()
|
||||
|
||||
Currently qxl_phys2virt() doesn't check for buffer overrun.
|
||||
In order to do so in the next commit, pass the buffer size
|
||||
as argument.
|
||||
|
||||
For QXLCursor in qxl_render_cursor() -> qxl_cursor() we
|
||||
verify the size of the chunked data ahead, checking we can
|
||||
access 'sizeof(QXLCursor) + chunk->data_size' bytes.
|
||||
Since in the SPICE_CURSOR_TYPE_MONO case the cursor is
|
||||
assumed to fit in one chunk, no change are required.
|
||||
In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in
|
||||
qxl_unpack_chunks().
|
||||
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-Id: <20221128202741.4945-4-philmd@linaro.org>
|
||||
|
||||
(cherry picked from commit 8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/display/qxl-logger.c | 11 ++++++++---
|
||||
hw/display/qxl-render.c | 20 ++++++++++++++++----
|
||||
hw/display/qxl.c | 14 +++++++++-----
|
||||
hw/display/qxl.h | 4 +++-
|
||||
4 files changed, 36 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
|
||||
index 1bcf803db6..35c38f6252 100644
|
||||
--- a/hw/display/qxl-logger.c
|
||||
+++ b/hw/display/qxl-logger.c
|
||||
@@ -106,7 +106,7 @@ static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id)
|
||||
QXLImage *image;
|
||||
QXLImageDescriptor *desc;
|
||||
|
||||
- image = qxl_phys2virt(qxl, addr, group_id);
|
||||
+ image = qxl_phys2virt(qxl, addr, group_id, sizeof(QXLImage));
|
||||
if (!image) {
|
||||
return 1;
|
||||
}
|
||||
@@ -214,7 +214,8 @@ int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id)
|
||||
cmd->u.set.position.y,
|
||||
cmd->u.set.visible ? "yes" : "no",
|
||||
cmd->u.set.shape);
|
||||
- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id);
|
||||
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id,
|
||||
+ sizeof(QXLCursor));
|
||||
if (!cursor) {
|
||||
return 1;
|
||||
}
|
||||
@@ -236,6 +237,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
|
||||
{
|
||||
bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT;
|
||||
void *data;
|
||||
+ size_t datasz;
|
||||
int ret;
|
||||
|
||||
if (!qxl->cmdlog) {
|
||||
@@ -249,15 +251,18 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
|
||||
|
||||
switch (ext->cmd.type) {
|
||||
case QXL_CMD_DRAW:
|
||||
+ datasz = compat ? sizeof(QXLCompatDrawable) : sizeof(QXLDrawable);
|
||||
break;
|
||||
case QXL_CMD_SURFACE:
|
||||
+ datasz = sizeof(QXLSurfaceCmd);
|
||||
break;
|
||||
case QXL_CMD_CURSOR:
|
||||
+ datasz = sizeof(QXLCursorCmd);
|
||||
break;
|
||||
default:
|
||||
goto out;
|
||||
}
|
||||
- data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
|
||||
+ data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, datasz);
|
||||
if (!data) {
|
||||
return 1;
|
||||
}
|
||||
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
|
||||
index ca217004bf..fcfd40c3ac 100644
|
||||
--- a/hw/display/qxl-render.c
|
||||
+++ b/hw/display/qxl-render.c
|
||||
@@ -107,7 +107,9 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
|
||||
qxl->guest_primary.resized = 0;
|
||||
qxl->guest_primary.data = qxl_phys2virt(qxl,
|
||||
qxl->guest_primary.surface.mem,
|
||||
- MEMSLOT_GROUP_GUEST);
|
||||
+ MEMSLOT_GROUP_GUEST,
|
||||
+ qxl->guest_primary.abs_stride
|
||||
+ * height);
|
||||
if (!qxl->guest_primary.data) {
|
||||
goto end;
|
||||
}
|
||||
@@ -228,7 +230,8 @@ static void qxl_unpack_chunks(void *dest, size_t size, PCIQXLDevice *qxl,
|
||||
if (offset == size) {
|
||||
return;
|
||||
}
|
||||
- chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id);
|
||||
+ chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id,
|
||||
+ sizeof(QXLDataChunk) + chunk->data_size);
|
||||
if (!chunk) {
|
||||
return;
|
||||
}
|
||||
@@ -295,7 +298,8 @@ fail:
|
||||
/* called from spice server thread context only */
|
||||
int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
|
||||
{
|
||||
- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
|
||||
+ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
|
||||
+ sizeof(QXLCursorCmd));
|
||||
QXLCursor *cursor;
|
||||
QEMUCursor *c;
|
||||
|
||||
@@ -314,7 +318,15 @@ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
|
||||
}
|
||||
switch (cmd->type) {
|
||||
case QXL_CURSOR_SET:
|
||||
- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
|
||||
+ /* First read the QXLCursor to get QXLDataChunk::data_size ... */
|
||||
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id,
|
||||
+ sizeof(QXLCursor));
|
||||
+ if (!cursor) {
|
||||
+ return 1;
|
||||
+ }
|
||||
+ /* Then read including the chunked data following QXLCursor. */
|
||||
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id,
|
||||
+ sizeof(QXLCursor) + cursor->chunk.data_size);
|
||||
if (!cursor) {
|
||||
return 1;
|
||||
}
|
||||
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
|
||||
index 29c80b4289..aa9065183e 100644
|
||||
--- a/hw/display/qxl.c
|
||||
+++ b/hw/display/qxl.c
|
||||
@@ -274,7 +274,8 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
|
||||
QXL_IO_MONITORS_CONFIG_ASYNC));
|
||||
}
|
||||
|
||||
- cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST);
|
||||
+ cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST,
|
||||
+ sizeof(QXLMonitorsConfig));
|
||||
if (cfg != NULL && cfg->count == 1) {
|
||||
qxl->guest_primary.resized = 1;
|
||||
qxl->guest_head0_width = cfg->heads[0].width;
|
||||
@@ -459,7 +460,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
|
||||
switch (le32_to_cpu(ext->cmd.type)) {
|
||||
case QXL_CMD_SURFACE:
|
||||
{
|
||||
- QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
|
||||
+ QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
|
||||
+ sizeof(QXLSurfaceCmd));
|
||||
|
||||
if (!cmd) {
|
||||
return 1;
|
||||
@@ -494,7 +496,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
|
||||
}
|
||||
case QXL_CMD_CURSOR:
|
||||
{
|
||||
- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
|
||||
+ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
|
||||
+ sizeof(QXLCursorCmd));
|
||||
|
||||
if (!cmd) {
|
||||
return 1;
|
||||
@@ -1444,7 +1447,8 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
|
||||
}
|
||||
|
||||
/* can be also called from spice server thread context */
|
||||
-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
|
||||
+void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
|
||||
+ size_t size)
|
||||
{
|
||||
uint64_t offset;
|
||||
uint32_t slot;
|
||||
@@ -1952,7 +1956,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
|
||||
}
|
||||
|
||||
cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
|
||||
- MEMSLOT_GROUP_GUEST);
|
||||
+ MEMSLOT_GROUP_GUEST, sizeof(QXLSurfaceCmd));
|
||||
assert(cmd);
|
||||
assert(cmd->type == QXL_SURFACE_CMD_CREATE);
|
||||
qxl_dirty_one_surface(qxl, cmd->u.surface_create.data,
|
||||
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
|
||||
index c938f88a2f..c784315daa 100644
|
||||
--- a/hw/display/qxl.h
|
||||
+++ b/hw/display/qxl.h
|
||||
@@ -153,6 +153,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
|
||||
* @qxl: QXL device
|
||||
* @phys: physical offset of buffer within the VRAM
|
||||
* @group_id: memory slot group
|
||||
+ * @size: size of the buffer
|
||||
*
|
||||
* Returns a host pointer to a buffer placed at offset @phys within the
|
||||
* active slot @group_id of the PCI VGA RAM memory region associated with
|
||||
@@ -166,7 +167,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
|
||||
* the incoming ram_addr_t.
|
||||
*
|
||||
*/
|
||||
-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
|
||||
+void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id,
|
||||
+ size_t size);
|
||||
void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
|
||||
GCC_FMT_ATTR(2, 3);
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
From 2308abf0c5da2fe35a0721318c31d22e077663c2 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 24 Nov 2023 12:17:11 -0500
|
||||
Subject: [PATCH 1/2] hw/ide: reset: cancel async DMA operation before
|
||||
resetting state
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 335: hw/ide: reset: cancel async DMA operation before resetting state
|
||||
RH-Jira: RHEL-15437
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Commit: [1/2] b0f5f7f888559a210f1c6b3c545e337dbbc9cf22 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-15437
|
||||
CVE: CVE-2023-5088
|
||||
Upstream: Merged
|
||||
|
||||
commit 7d7512019fc40c577e2bdd61f114f31a9eb84a8e
|
||||
Author: Fiona Ebner <f.ebner@proxmox.com>
|
||||
Date: Wed Sep 6 15:09:21 2023 +0200
|
||||
|
||||
hw/ide: reset: cancel async DMA operation before resetting state
|
||||
|
||||
If there is a pending DMA operation during ide_bus_reset(), the fact
|
||||
that the IDEState is already reset before the operation is canceled
|
||||
can be problematic. In particular, ide_dma_cb() might be called and
|
||||
then use the reset IDEState which contains the signature after the
|
||||
reset. When used to construct the IO operation this leads to
|
||||
ide_get_sector() returning 0 and nsector being 1. This is particularly
|
||||
bad, because a write command will thus destroy the first sector which
|
||||
often contains a partition table or similar.
|
||||
|
||||
Traces showing the unsolicited write happening with IDEState
|
||||
0x5595af6949d0 being used after reset:
|
||||
|
||||
> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 0x00000300
|
||||
> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
|
||||
> ide_reset IDEstate 0x5595af6949d0
|
||||
> ide_reset IDEstate 0x5595af694da8
|
||||
> ide_bus_reset_aio aio_cancel
|
||||
> dma_aio_cancel dbs=0x7f64600089a0
|
||||
> dma_blk_cb dbs=0x7f64600089a0 ret=0
|
||||
> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
|
||||
> ahci_populate_sglist ahci(0x5595af6923f0)[0]
|
||||
> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 prepared=512
|
||||
> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
|
||||
> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
|
||||
> dma_blk_cb dbs=0x7f6420802010 ret=0
|
||||
|
||||
> (gdb) p *qiov
|
||||
> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 0x0,
|
||||
> iov_len = 512}}, {__pad = "\001\000\000\000\000\000\000\000\000\000\000",
|
||||
> size = 512}}}
|
||||
> (gdb) bt
|
||||
> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, flags=0,
|
||||
> cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
|
||||
> at ../block/block-backend.c:1682
|
||||
> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized out>)
|
||||
> at ../softmmu/dma-helpers.c:179
|
||||
> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
|
||||
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
|
||||
> io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
|
||||
> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
|
||||
> cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
|
||||
> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
|
||||
> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
|
||||
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
|
||||
> cb=cb@entry=0x5595acd40b30 <ide_dma_cb>, opaque=opaque@entry=0x5595af6949d0)
|
||||
> at ../softmmu/dma-helpers.c:280
|
||||
> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized out>)
|
||||
> at ../hw/ide/core.c:953
|
||||
> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
|
||||
> at ../softmmu/dma-helpers.c:107
|
||||
> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
|
||||
> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
|
||||
> at ../block/block-backend.c:1527
|
||||
> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
|
||||
> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at ../block/block-backend.c:1594
|
||||
> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
|
||||
> i1=<optimized out>) at ../util/coroutine-ucontext.c:177
|
||||
|
||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Tested-by: simon.rowe@nutanix.com
|
||||
Message-ID: <20230906130922.142845-1-f.ebner@proxmox.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/ide/core.c | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/hw/ide/core.c b/hw/ide/core.c
|
||||
index 05a32d0a99..fd50c123e8 100644
|
||||
--- a/hw/ide/core.c
|
||||
+++ b/hw/ide/core.c
|
||||
@@ -2456,19 +2456,19 @@ static void ide_dummy_transfer_stop(IDEState *s)
|
||||
|
||||
void ide_bus_reset(IDEBus *bus)
|
||||
{
|
||||
- bus->unit = 0;
|
||||
- bus->cmd = 0;
|
||||
- ide_reset(&bus->ifs[0]);
|
||||
- ide_reset(&bus->ifs[1]);
|
||||
- ide_clear_hob(bus);
|
||||
-
|
||||
- /* pending async DMA */
|
||||
+ /* pending async DMA - needs the IDEState before it is reset */
|
||||
if (bus->dma->aiocb) {
|
||||
trace_ide_bus_reset_aio();
|
||||
blk_aio_cancel(bus->dma->aiocb);
|
||||
bus->dma->aiocb = NULL;
|
||||
}
|
||||
|
||||
+ bus->unit = 0;
|
||||
+ bus->cmd = 0;
|
||||
+ ide_reset(&bus->ifs[0]);
|
||||
+ ide_reset(&bus->ifs[1]);
|
||||
+ ide_clear_hob(bus);
|
||||
+
|
||||
/* reset dma provider too */
|
||||
if (bus->dma->ops->reset) {
|
||||
bus->dma->ops->reset(bus->dma);
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,449 @@
|
|||
From 146cfb23b76b898f08690ffc14aab16d22a41404 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 04/15] hw: replace most qemu_bh_new calls with
|
||||
qemu_bh_new_guarded
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [4/12] 00c51d30246b3aa529f6043e35ee471660aa1fce (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
Conflicts: In hw/nvme/ctrl.c there are no calls to qemu_bh_new() at the two locations
|
||||
the replacement is done in the upstream commit. Instead, timer_new_ns() is
|
||||
used. We leave these functions unaltered.
|
||||
|
||||
commit f63192b0544af5d3e4d5edfd85ab520fcf671377
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:09 2023 -0400
|
||||
|
||||
hw: replace most qemu_bh_new calls with qemu_bh_new_guarded
|
||||
|
||||
This protects devices from bh->mmio reentrancy issues.
|
||||
|
||||
Thanks: Thomas Huth <thuth@redhat.com> for diagnosing OS X test failure.
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Paul Durrant <paul@xen.org>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Message-Id: <20230427211013.2994127-5-alxndr@bu.edu>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/9pfs/xen-9p-backend.c | 5 ++++-
|
||||
hw/block/dataplane/virtio-blk.c | 3 ++-
|
||||
hw/block/dataplane/xen-block.c | 5 +++--
|
||||
hw/char/virtio-serial-bus.c | 3 ++-
|
||||
hw/display/qxl.c | 9 ++++++---
|
||||
hw/display/virtio-gpu.c | 6 ++++--
|
||||
hw/ide/ahci.c | 3 ++-
|
||||
hw/ide/ahci_internal.h | 1 +
|
||||
hw/ide/core.c | 4 +++-
|
||||
hw/misc/imx_rngc.c | 6 ++++--
|
||||
hw/misc/macio/mac_dbdma.c | 2 +-
|
||||
hw/net/virtio-net.c | 3 ++-
|
||||
hw/scsi/mptsas.c | 3 ++-
|
||||
hw/scsi/scsi-bus.c | 3 ++-
|
||||
hw/scsi/vmw_pvscsi.c | 3 ++-
|
||||
hw/usb/dev-uas.c | 3 ++-
|
||||
hw/usb/hcd-dwc2.c | 3 ++-
|
||||
hw/usb/hcd-ehci.c | 3 ++-
|
||||
hw/usb/hcd-uhci.c | 2 +-
|
||||
hw/usb/host-libusb.c | 6 ++++--
|
||||
hw/usb/redirect.c | 6 ++++--
|
||||
hw/usb/xen-usb.c | 3 ++-
|
||||
hw/virtio/virtio-balloon.c | 5 +++--
|
||||
hw/virtio/virtio-crypto.c | 3 ++-
|
||||
24 files changed, 62 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
|
||||
index 65c4979c3c..09f7c13588 100644
|
||||
--- a/hw/9pfs/xen-9p-backend.c
|
||||
+++ b/hw/9pfs/xen-9p-backend.c
|
||||
@@ -60,6 +60,7 @@ typedef struct Xen9pfsDev {
|
||||
|
||||
int num_rings;
|
||||
Xen9pfsRing *rings;
|
||||
+ MemReentrancyGuard mem_reentrancy_guard;
|
||||
} Xen9pfsDev;
|
||||
|
||||
static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev);
|
||||
@@ -441,7 +442,9 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev)
|
||||
xen_9pdev->rings[i].ring.out = xen_9pdev->rings[i].data +
|
||||
XEN_FLEX_RING_SIZE(ring_order);
|
||||
|
||||
- xen_9pdev->rings[i].bh = qemu_bh_new(xen_9pfs_bh, &xen_9pdev->rings[i]);
|
||||
+ xen_9pdev->rings[i].bh = qemu_bh_new_guarded(xen_9pfs_bh,
|
||||
+ &xen_9pdev->rings[i],
|
||||
+ &xen_9pdev->mem_reentrancy_guard);
|
||||
xen_9pdev->rings[i].out_cons = 0;
|
||||
xen_9pdev->rings[i].out_size = 0;
|
||||
xen_9pdev->rings[i].inprogress = false;
|
||||
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
|
||||
index ee5a5352dc..5f0de7da1e 100644
|
||||
--- a/hw/block/dataplane/virtio-blk.c
|
||||
+++ b/hw/block/dataplane/virtio-blk.c
|
||||
@@ -127,7 +127,8 @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
|
||||
} else {
|
||||
s->ctx = qemu_get_aio_context();
|
||||
}
|
||||
- s->bh = aio_bh_new(s->ctx, notify_guest_bh, s);
|
||||
+ s->bh = aio_bh_new_guarded(s->ctx, notify_guest_bh, s,
|
||||
+ &DEVICE(vdev)->mem_reentrancy_guard);
|
||||
s->batch_notify_vqs = bitmap_new(conf->num_queues);
|
||||
|
||||
*dataplane = s;
|
||||
diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c
|
||||
index 860787580a..07855feea6 100644
|
||||
--- a/hw/block/dataplane/xen-block.c
|
||||
+++ b/hw/block/dataplane/xen-block.c
|
||||
@@ -631,8 +631,9 @@ XenBlockDataPlane *xen_block_dataplane_create(XenDevice *xendev,
|
||||
} else {
|
||||
dataplane->ctx = qemu_get_aio_context();
|
||||
}
|
||||
- dataplane->bh = aio_bh_new(dataplane->ctx, xen_block_dataplane_bh,
|
||||
- dataplane);
|
||||
+ dataplane->bh = aio_bh_new_guarded(dataplane->ctx, xen_block_dataplane_bh,
|
||||
+ dataplane,
|
||||
+ &DEVICE(xendev)->mem_reentrancy_guard);
|
||||
|
||||
return dataplane;
|
||||
}
|
||||
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
|
||||
index f01ec2137c..f18124b155 100644
|
||||
--- a/hw/char/virtio-serial-bus.c
|
||||
+++ b/hw/char/virtio-serial-bus.c
|
||||
@@ -985,7 +985,8 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
|
||||
return;
|
||||
}
|
||||
|
||||
- port->bh = qemu_bh_new(flush_queued_data_bh, port);
|
||||
+ port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port,
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
port->elem = NULL;
|
||||
}
|
||||
|
||||
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
|
||||
index bcd9e8716a..0f663b9912 100644
|
||||
--- a/hw/display/qxl.c
|
||||
+++ b/hw/display/qxl.c
|
||||
@@ -2206,11 +2206,14 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp)
|
||||
|
||||
qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl);
|
||||
|
||||
- qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl);
|
||||
+ qxl->update_irq = qemu_bh_new_guarded(qxl_update_irq_bh, qxl,
|
||||
+ &DEVICE(qxl)->mem_reentrancy_guard);
|
||||
qxl_reset_state(qxl);
|
||||
|
||||
- qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl);
|
||||
- qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd);
|
||||
+ qxl->update_area_bh = qemu_bh_new_guarded(qxl_render_update_area_bh, qxl,
|
||||
+ &DEVICE(qxl)->mem_reentrancy_guard);
|
||||
+ qxl->ssd.cursor_bh = qemu_bh_new_guarded(qemu_spice_cursor_refresh_bh, &qxl->ssd,
|
||||
+ &DEVICE(qxl)->mem_reentrancy_guard);
|
||||
}
|
||||
|
||||
static void qxl_realize_primary(PCIDevice *dev, Error **errp)
|
||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
||||
index d78b9700c7..ecf9079145 100644
|
||||
--- a/hw/display/virtio-gpu.c
|
||||
+++ b/hw/display/virtio-gpu.c
|
||||
@@ -1332,8 +1332,10 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
|
||||
|
||||
g->ctrl_vq = virtio_get_queue(vdev, 0);
|
||||
g->cursor_vq = virtio_get_queue(vdev, 1);
|
||||
- g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g);
|
||||
- g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g);
|
||||
+ g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g,
|
||||
+ &qdev->mem_reentrancy_guard);
|
||||
+ g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g,
|
||||
+ &qdev->mem_reentrancy_guard);
|
||||
QTAILQ_INIT(&g->reslist);
|
||||
QTAILQ_INIT(&g->cmdq);
|
||||
QTAILQ_INIT(&g->fenceq);
|
||||
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
|
||||
index a94c6e26fb..7488b28065 100644
|
||||
--- a/hw/ide/ahci.c
|
||||
+++ b/hw/ide/ahci.c
|
||||
@@ -1504,7 +1504,8 @@ static void ahci_cmd_done(const IDEDMA *dma)
|
||||
ahci_write_fis_d2h(ad);
|
||||
|
||||
if (ad->port_regs.cmd_issue && !ad->check_bh) {
|
||||
- ad->check_bh = qemu_bh_new(ahci_check_cmd_bh, ad);
|
||||
+ ad->check_bh = qemu_bh_new_guarded(ahci_check_cmd_bh, ad,
|
||||
+ &ad->mem_reentrancy_guard);
|
||||
qemu_bh_schedule(ad->check_bh);
|
||||
}
|
||||
}
|
||||
diff --git a/hw/ide/ahci_internal.h b/hw/ide/ahci_internal.h
|
||||
index 109de9e2d1..a7768dd69e 100644
|
||||
--- a/hw/ide/ahci_internal.h
|
||||
+++ b/hw/ide/ahci_internal.h
|
||||
@@ -321,6 +321,7 @@ struct AHCIDevice {
|
||||
bool init_d2h_sent;
|
||||
AHCICmdHdr *cur_cmd;
|
||||
NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
|
||||
+ MemReentrancyGuard mem_reentrancy_guard;
|
||||
};
|
||||
|
||||
struct AHCIPCIState {
|
||||
diff --git a/hw/ide/core.c b/hw/ide/core.c
|
||||
index 15138225be..05a32d0a99 100644
|
||||
--- a/hw/ide/core.c
|
||||
+++ b/hw/ide/core.c
|
||||
@@ -510,6 +510,7 @@ BlockAIOCB *ide_issue_trim(
|
||||
BlockCompletionFunc *cb, void *cb_opaque, void *opaque)
|
||||
{
|
||||
IDEState *s = opaque;
|
||||
+ IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
|
||||
TrimAIOCB *iocb;
|
||||
|
||||
/* Paired with a decrement in ide_trim_bh_cb() */
|
||||
@@ -517,7 +518,8 @@ BlockAIOCB *ide_issue_trim(
|
||||
|
||||
iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque);
|
||||
iocb->s = s;
|
||||
- iocb->bh = qemu_bh_new(ide_trim_bh_cb, iocb);
|
||||
+ iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb,
|
||||
+ &DEVICE(dev)->mem_reentrancy_guard);
|
||||
iocb->ret = 0;
|
||||
iocb->qiov = qiov;
|
||||
iocb->i = -1;
|
||||
diff --git a/hw/misc/imx_rngc.c b/hw/misc/imx_rngc.c
|
||||
index 632c03779c..082c6980ad 100644
|
||||
--- a/hw/misc/imx_rngc.c
|
||||
+++ b/hw/misc/imx_rngc.c
|
||||
@@ -228,8 +228,10 @@ static void imx_rngc_realize(DeviceState *dev, Error **errp)
|
||||
sysbus_init_mmio(sbd, &s->iomem);
|
||||
|
||||
sysbus_init_irq(sbd, &s->irq);
|
||||
- s->self_test_bh = qemu_bh_new(imx_rngc_self_test, s);
|
||||
- s->seed_bh = qemu_bh_new(imx_rngc_seed, s);
|
||||
+ s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s,
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
+ s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s,
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
}
|
||||
|
||||
static void imx_rngc_reset(DeviceState *dev)
|
||||
diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
|
||||
index e220f1a927..f6a9e76fe7 100644
|
||||
--- a/hw/misc/macio/mac_dbdma.c
|
||||
+++ b/hw/misc/macio/mac_dbdma.c
|
||||
@@ -912,7 +912,7 @@ static void mac_dbdma_realize(DeviceState *dev, Error **errp)
|
||||
{
|
||||
DBDMAState *s = MAC_DBDMA(dev);
|
||||
|
||||
- s->bh = qemu_bh_new(DBDMA_run_bh, s);
|
||||
+ s->bh = qemu_bh_new_guarded(DBDMA_run_bh, s, &dev->mem_reentrancy_guard);
|
||||
}
|
||||
|
||||
static void mac_dbdma_class_init(ObjectClass *oc, void *data)
|
||||
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
|
||||
index 7e172ef829..ddaa8fa122 100644
|
||||
--- a/hw/net/virtio-net.c
|
||||
+++ b/hw/net/virtio-net.c
|
||||
@@ -2753,7 +2753,8 @@ static void virtio_net_add_queue(VirtIONet *n, int index)
|
||||
n->vqs[index].tx_vq =
|
||||
virtio_add_queue(vdev, n->net_conf.tx_queue_size,
|
||||
virtio_net_handle_tx_bh);
|
||||
- n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]);
|
||||
+ n->vqs[index].tx_bh = qemu_bh_new_guarded(virtio_net_tx_bh, &n->vqs[index],
|
||||
+ &DEVICE(vdev)->mem_reentrancy_guard);
|
||||
}
|
||||
|
||||
n->vqs[index].tx_waiting = 0;
|
||||
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
|
||||
index f6c7765544..ab8aaca85d 100644
|
||||
--- a/hw/scsi/mptsas.c
|
||||
+++ b/hw/scsi/mptsas.c
|
||||
@@ -1313,7 +1313,8 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp)
|
||||
}
|
||||
s->max_devices = MPTSAS_NUM_PORTS;
|
||||
|
||||
- s->request_bh = qemu_bh_new(mptsas_fetch_requests, s);
|
||||
+ s->request_bh = qemu_bh_new_guarded(mptsas_fetch_requests, s,
|
||||
+ &DEVICE(dev)->mem_reentrancy_guard);
|
||||
|
||||
scsi_bus_init(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info);
|
||||
}
|
||||
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
|
||||
index 77325d8cc7..b506ab7d04 100644
|
||||
--- a/hw/scsi/scsi-bus.c
|
||||
+++ b/hw/scsi/scsi-bus.c
|
||||
@@ -192,7 +192,8 @@ static void scsi_dma_restart_cb(void *opaque, bool running, RunState state)
|
||||
AioContext *ctx = blk_get_aio_context(s->conf.blk);
|
||||
/* The reference is dropped in scsi_dma_restart_bh.*/
|
||||
object_ref(OBJECT(s));
|
||||
- s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s);
|
||||
+ s->bh = aio_bh_new_guarded(ctx, scsi_dma_restart_bh, s,
|
||||
+ &DEVICE(s)->mem_reentrancy_guard);
|
||||
qemu_bh_schedule(s->bh);
|
||||
}
|
||||
}
|
||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||
index cd76bd67ab..4c36febbc0 100644
|
||||
--- a/hw/scsi/vmw_pvscsi.c
|
||||
+++ b/hw/scsi/vmw_pvscsi.c
|
||||
@@ -1178,7 +1178,8 @@ pvscsi_realizefn(PCIDevice *pci_dev, Error **errp)
|
||||
pcie_endpoint_cap_init(pci_dev, PVSCSI_EXP_EP_OFFSET);
|
||||
}
|
||||
|
||||
- s->completion_worker = qemu_bh_new(pvscsi_process_completion_queue, s);
|
||||
+ s->completion_worker = qemu_bh_new_guarded(pvscsi_process_completion_queue, s,
|
||||
+ &DEVICE(pci_dev)->mem_reentrancy_guard);
|
||||
|
||||
scsi_bus_init(&s->bus, sizeof(s->bus), DEVICE(pci_dev), &pvscsi_scsi_info);
|
||||
/* override default SCSI bus hotplug-handler, with pvscsi's one */
|
||||
diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c
|
||||
index 599d6b52a0..a36a7c3013 100644
|
||||
--- a/hw/usb/dev-uas.c
|
||||
+++ b/hw/usb/dev-uas.c
|
||||
@@ -935,7 +935,8 @@ static void usb_uas_realize(USBDevice *dev, Error **errp)
|
||||
|
||||
QTAILQ_INIT(&uas->results);
|
||||
QTAILQ_INIT(&uas->requests);
|
||||
- uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas);
|
||||
+ uas->status_bh = qemu_bh_new_guarded(usb_uas_send_status_bh, uas,
|
||||
+ &d->mem_reentrancy_guard);
|
||||
|
||||
dev->flags |= (1 << USB_DEV_FLAG_IS_SCSI_STORAGE);
|
||||
scsi_bus_init(&uas->bus, sizeof(uas->bus), DEVICE(dev), &usb_uas_scsi_info);
|
||||
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c
|
||||
index e1d96acf7e..0e238f8422 100644
|
||||
--- a/hw/usb/hcd-dwc2.c
|
||||
+++ b/hw/usb/hcd-dwc2.c
|
||||
@@ -1364,7 +1364,8 @@ static void dwc2_realize(DeviceState *dev, Error **errp)
|
||||
s->fi = USB_FRMINTVL - 1;
|
||||
s->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_frame_boundary, s);
|
||||
s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_work_timer, s);
|
||||
- s->async_bh = qemu_bh_new(dwc2_work_bh, s);
|
||||
+ s->async_bh = qemu_bh_new_guarded(dwc2_work_bh, s,
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
|
||||
sysbus_init_irq(sbd, &s->irq);
|
||||
}
|
||||
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
|
||||
index 6caa7ac6c2..df4ff6f2c1 100644
|
||||
--- a/hw/usb/hcd-ehci.c
|
||||
+++ b/hw/usb/hcd-ehci.c
|
||||
@@ -2528,7 +2528,8 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
|
||||
}
|
||||
|
||||
s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s);
|
||||
- s->async_bh = qemu_bh_new(ehci_work_bh, s);
|
||||
+ s->async_bh = qemu_bh_new_guarded(ehci_work_bh, s,
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
s->device = dev;
|
||||
|
||||
s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
|
||||
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
|
||||
index 7930b868fa..469c5e57e9 100644
|
||||
--- a/hw/usb/hcd-uhci.c
|
||||
+++ b/hw/usb/hcd-uhci.c
|
||||
@@ -1195,7 +1195,7 @@ void usb_uhci_common_realize(PCIDevice *dev, Error **errp)
|
||||
USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
|
||||
}
|
||||
}
|
||||
- s->bh = qemu_bh_new(uhci_bh, s);
|
||||
+ s->bh = qemu_bh_new_guarded(uhci_bh, s, &DEVICE(dev)->mem_reentrancy_guard);
|
||||
s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, uhci_frame_timer, s);
|
||||
s->num_ports_vmstate = NB_PORTS;
|
||||
QTAILQ_INIT(&s->queues);
|
||||
diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c
|
||||
index d0d46dd0a4..09b961116b 100644
|
||||
--- a/hw/usb/host-libusb.c
|
||||
+++ b/hw/usb/host-libusb.c
|
||||
@@ -1141,7 +1141,8 @@ static void usb_host_nodev_bh(void *opaque)
|
||||
static void usb_host_nodev(USBHostDevice *s)
|
||||
{
|
||||
if (!s->bh_nodev) {
|
||||
- s->bh_nodev = qemu_bh_new(usb_host_nodev_bh, s);
|
||||
+ s->bh_nodev = qemu_bh_new_guarded(usb_host_nodev_bh, s,
|
||||
+ &DEVICE(s)->mem_reentrancy_guard);
|
||||
}
|
||||
qemu_bh_schedule(s->bh_nodev);
|
||||
}
|
||||
@@ -1739,7 +1740,8 @@ static int usb_host_post_load(void *opaque, int version_id)
|
||||
USBHostDevice *dev = opaque;
|
||||
|
||||
if (!dev->bh_postld) {
|
||||
- dev->bh_postld = qemu_bh_new(usb_host_post_load_bh, dev);
|
||||
+ dev->bh_postld = qemu_bh_new_guarded(usb_host_post_load_bh, dev,
|
||||
+ &DEVICE(dev)->mem_reentrancy_guard);
|
||||
}
|
||||
qemu_bh_schedule(dev->bh_postld);
|
||||
dev->bh_postld_pending = true;
|
||||
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
|
||||
index 5f0ef9cb3b..59cd3cd7c4 100644
|
||||
--- a/hw/usb/redirect.c
|
||||
+++ b/hw/usb/redirect.c
|
||||
@@ -1437,8 +1437,10 @@ static void usbredir_realize(USBDevice *udev, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
- dev->chardev_close_bh = qemu_bh_new(usbredir_chardev_close_bh, dev);
|
||||
- dev->device_reject_bh = qemu_bh_new(usbredir_device_reject_bh, dev);
|
||||
+ dev->chardev_close_bh = qemu_bh_new_guarded(usbredir_chardev_close_bh, dev,
|
||||
+ &DEVICE(dev)->mem_reentrancy_guard);
|
||||
+ dev->device_reject_bh = qemu_bh_new_guarded(usbredir_device_reject_bh, dev,
|
||||
+ &DEVICE(dev)->mem_reentrancy_guard);
|
||||
dev->attach_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, usbredir_do_attach, dev);
|
||||
|
||||
packet_id_queue_init(&dev->cancelled, dev, "cancelled");
|
||||
diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c
|
||||
index 0f7369e7ed..dec91294ad 100644
|
||||
--- a/hw/usb/xen-usb.c
|
||||
+++ b/hw/usb/xen-usb.c
|
||||
@@ -1021,7 +1021,8 @@ static void usbback_alloc(struct XenLegacyDevice *xendev)
|
||||
|
||||
QTAILQ_INIT(&usbif->req_free_q);
|
||||
QSIMPLEQ_INIT(&usbif->hotplug_q);
|
||||
- usbif->bh = qemu_bh_new(usbback_bh, usbif);
|
||||
+ usbif->bh = qemu_bh_new_guarded(usbback_bh, usbif,
|
||||
+ &DEVICE(xendev)->mem_reentrancy_guard);
|
||||
}
|
||||
|
||||
static int usbback_free(struct XenLegacyDevice *xendev)
|
||||
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
|
||||
index 9a4f491b54..f503572e27 100644
|
||||
--- a/hw/virtio/virtio-balloon.c
|
||||
+++ b/hw/virtio/virtio-balloon.c
|
||||
@@ -917,8 +917,9 @@ static void virtio_balloon_device_realize(DeviceState *dev, Error **errp)
|
||||
precopy_add_notifier(&s->free_page_hint_notify);
|
||||
|
||||
object_ref(OBJECT(s->iothread));
|
||||
- s->free_page_bh = aio_bh_new(iothread_get_aio_context(s->iothread),
|
||||
- virtio_ballloon_get_free_page_hints, s);
|
||||
+ s->free_page_bh = aio_bh_new_guarded(iothread_get_aio_context(s->iothread),
|
||||
+ virtio_ballloon_get_free_page_hints, s,
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
}
|
||||
|
||||
if (virtio_has_feature(s->host_features, VIRTIO_BALLOON_F_REPORTING)) {
|
||||
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
|
||||
index 54f9bbb789..1be7bb543c 100644
|
||||
--- a/hw/virtio/virtio-crypto.c
|
||||
+++ b/hw/virtio/virtio-crypto.c
|
||||
@@ -817,7 +817,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
|
||||
vcrypto->vqs[i].dataq =
|
||||
virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
|
||||
vcrypto->vqs[i].dataq_bh =
|
||||
- qemu_bh_new(virtio_crypto_dataq_bh, &vcrypto->vqs[i]);
|
||||
+ qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i],
|
||||
+ &dev->mem_reentrancy_guard);
|
||||
vcrypto->vqs[i].vcrypto = vcrypto;
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,283 @@
|
|||
From 59f02a421ecdba6e856597367020926fc0cb5177 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon, 15 Jan 2024 18:52:30 +0100
|
||||
Subject: [PATCH 4/5] hw/s390x: Move KVM specific PV from hw/ to
|
||||
target/s390x/kvm/
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails
|
||||
RH-Jira: RHEL-18214
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
||||
RH-Commit: [4/5] f6095bfdb89268007a0741665284955db4752d46
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-18214
|
||||
|
||||
commit f5f9c6ea11bc807664fdeb9354915c2c9cdcbd89
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Sat Jun 24 22:06:44 2023 +0200
|
||||
|
||||
hw/s390x: Move KVM specific PV from hw/ to target/s390x/kvm/
|
||||
|
||||
Protected Virtualization (PV) is not a real hardware device:
|
||||
it is a feature of the firmware on s390x that is exposed to
|
||||
userspace via the KVM interface.
|
||||
|
||||
Move the pv.c/pv.h files to target/s390x/kvm/ to make this clearer.
|
||||
|
||||
Suggested-by: Thomas Huth <thuth@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Message-Id: <20230624200644.23931-1-philmd@linaro.org>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
hw/s390x/ipl.c
|
||||
hw/s390x/s390-virtio-ccw.c
|
||||
target/s390x/diag.c
|
||||
(simple contextual conflict due to differce with #include statements)
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
MAINTAINERS | 2 --
|
||||
hw/s390x/ipl.c | 2 +-
|
||||
hw/s390x/meson.build | 1 -
|
||||
hw/s390x/s390-pci-kvm.c | 2 +-
|
||||
hw/s390x/s390-virtio-ccw.c | 2 +-
|
||||
hw/s390x/tod-kvm.c | 2 +-
|
||||
target/s390x/arch_dump.c | 2 +-
|
||||
target/s390x/cpu-sysemu.c | 2 +-
|
||||
target/s390x/cpu_features.c | 2 +-
|
||||
target/s390x/cpu_models.c | 2 +-
|
||||
target/s390x/diag.c | 2 +-
|
||||
target/s390x/helper.c | 2 +-
|
||||
target/s390x/ioinst.c | 2 +-
|
||||
target/s390x/kvm/kvm.c | 2 +-
|
||||
target/s390x/kvm/meson.build | 1 +
|
||||
{hw/s390x => target/s390x/kvm}/pv.c | 2 +-
|
||||
{include/hw/s390x => target/s390x/kvm}/pv.h | 0
|
||||
17 files changed, 14 insertions(+), 16 deletions(-)
|
||||
rename {hw/s390x => target/s390x/kvm}/pv.c (99%)
|
||||
rename {include/hw/s390x => target/s390x/kvm}/pv.h (100%)
|
||||
|
||||
diff --git a/MAINTAINERS b/MAINTAINERS
|
||||
index b893206fc3..d74ca51154 100644
|
||||
--- a/MAINTAINERS
|
||||
+++ b/MAINTAINERS
|
||||
@@ -397,8 +397,6 @@ S: Supported
|
||||
F: target/s390x/kvm/
|
||||
F: target/s390x/machine.c
|
||||
F: target/s390x/sigp.c
|
||||
-F: hw/s390x/pv.c
|
||||
-F: include/hw/s390x/pv.h
|
||||
F: gdb-xml/s390*.xml
|
||||
T: git https://github.com/borntraeger/qemu.git s390-next
|
||||
L: qemu-s390x@nongnu.org
|
||||
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
|
||||
index 9051d8652d..c25e247426 100644
|
||||
--- a/hw/s390x/ipl.c
|
||||
+++ b/hw/s390x/ipl.c
|
||||
@@ -27,7 +27,7 @@
|
||||
#include "hw/s390x/vfio-ccw.h"
|
||||
#include "hw/s390x/css.h"
|
||||
#include "hw/s390x/ebcdic.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#include "ipl.h"
|
||||
#include "qemu/error-report.h"
|
||||
#include "qemu/config-file.h"
|
||||
diff --git a/hw/s390x/meson.build b/hw/s390x/meson.build
|
||||
index 6e6e47fcda..bb3b42f613 100644
|
||||
--- a/hw/s390x/meson.build
|
||||
+++ b/hw/s390x/meson.build
|
||||
@@ -22,7 +22,6 @@ s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
|
||||
'tod-kvm.c',
|
||||
's390-skeys-kvm.c',
|
||||
's390-stattrib-kvm.c',
|
||||
- 'pv.c',
|
||||
's390-pci-kvm.c',
|
||||
))
|
||||
s390x_ss.add(when: 'CONFIG_TCG', if_true: files(
|
||||
diff --git a/hw/s390x/s390-pci-kvm.c b/hw/s390x/s390-pci-kvm.c
|
||||
index 9134fe185f..ff41e4106d 100644
|
||||
--- a/hw/s390x/s390-pci-kvm.c
|
||||
+++ b/hw/s390x/s390-pci-kvm.c
|
||||
@@ -14,7 +14,7 @@
|
||||
#include <linux/kvm.h>
|
||||
|
||||
#include "kvm/kvm_s390x.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#include "hw/s390x/s390-pci-bus.h"
|
||||
#include "hw/s390x/s390-pci-kvm.h"
|
||||
#include "hw/s390x/s390-pci-inst.h"
|
||||
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
|
||||
index 17146469ee..7bfa5b4e8f 100644
|
||||
--- a/hw/s390x/s390-virtio-ccw.c
|
||||
+++ b/hw/s390x/s390-virtio-ccw.c
|
||||
@@ -40,7 +40,7 @@
|
||||
#include "hw/qdev-properties.h"
|
||||
#include "hw/s390x/tod.h"
|
||||
#include "sysemu/sysemu.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#include "migration/blocker.h"
|
||||
#include "qapi/visitor.h"
|
||||
|
||||
diff --git a/hw/s390x/tod-kvm.c b/hw/s390x/tod-kvm.c
|
||||
index c804c979b5..9776cda50a 100644
|
||||
--- a/hw/s390x/tod-kvm.c
|
||||
+++ b/hw/s390x/tod-kvm.c
|
||||
@@ -13,7 +13,7 @@
|
||||
#include "qemu/module.h"
|
||||
#include "sysemu/runstate.h"
|
||||
#include "hw/s390x/tod.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#include "kvm/kvm_s390x.h"
|
||||
|
||||
static void kvm_s390_get_tod_raw(S390TOD *tod, Error **errp)
|
||||
diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c
|
||||
index 3b1f178dc3..2554238c16 100644
|
||||
--- a/target/s390x/arch_dump.c
|
||||
+++ b/target/s390x/arch_dump.c
|
||||
@@ -17,8 +17,8 @@
|
||||
#include "s390x-internal.h"
|
||||
#include "elf.h"
|
||||
#include "sysemu/dump.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
#include "kvm/kvm_s390x.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
|
||||
struct S390xUserRegsStruct {
|
||||
uint64_t psw[2];
|
||||
diff --git a/target/s390x/cpu-sysemu.c b/target/s390x/cpu-sysemu.c
|
||||
index 5471e01ee8..547287a949 100644
|
||||
--- a/target/s390x/cpu-sysemu.c
|
||||
+++ b/target/s390x/cpu-sysemu.c
|
||||
@@ -32,7 +32,7 @@
|
||||
#include "qapi/qapi-visit-run-state.h"
|
||||
#include "sysemu/hw_accel.h"
|
||||
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#include "hw/boards.h"
|
||||
#include "sysemu/sysemu.h"
|
||||
#include "sysemu/tcg.h"
|
||||
diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c
|
||||
index 2e4e11d264..ebb155ce1c 100644
|
||||
--- a/target/s390x/cpu_features.c
|
||||
+++ b/target/s390x/cpu_features.c
|
||||
@@ -15,7 +15,7 @@
|
||||
#include "qemu/module.h"
|
||||
#include "cpu_features.h"
|
||||
#ifndef CONFIG_USER_ONLY
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#endif
|
||||
|
||||
#define DEF_FEAT(_FEAT, _NAME, _TYPE, _BIT, _DESC) \
|
||||
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
|
||||
index e7c586c76e..100c5e7b3a 100644
|
||||
--- a/target/s390x/cpu_models.c
|
||||
+++ b/target/s390x/cpu_models.c
|
||||
@@ -22,7 +22,7 @@
|
||||
#include "qemu/qemu-print.h"
|
||||
#ifndef CONFIG_USER_ONLY
|
||||
#include "sysemu/sysemu.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#endif
|
||||
|
||||
#define CPUDEF_INIT(_type, _gen, _ec_ga, _mha_pow, _hmfai, _name, _desc) \
|
||||
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
|
||||
index 76b01dcd68..7c8714cc27 100644
|
||||
--- a/target/s390x/diag.c
|
||||
+++ b/target/s390x/diag.c
|
||||
@@ -19,9 +19,9 @@
|
||||
#include "sysemu/cpus.h"
|
||||
#include "hw/s390x/ipl.h"
|
||||
#include "hw/s390x/s390-virtio-ccw.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
#include "sysemu/kvm.h"
|
||||
#include "kvm/kvm_s390x.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
|
||||
int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
|
||||
{
|
||||
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
|
||||
index 6e35473c7f..860977126a 100644
|
||||
--- a/target/s390x/helper.c
|
||||
+++ b/target/s390x/helper.c
|
||||
@@ -24,7 +24,7 @@
|
||||
#include "exec/gdbstub.h"
|
||||
#include "qemu/timer.h"
|
||||
#include "hw/s390x/ioinst.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
#include "sysemu/hw_accel.h"
|
||||
#include "sysemu/runstate.h"
|
||||
#include "sysemu/tcg.h"
|
||||
diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c
|
||||
index bdae5090bc..409f3e3e63 100644
|
||||
--- a/target/s390x/ioinst.c
|
||||
+++ b/target/s390x/ioinst.c
|
||||
@@ -16,7 +16,7 @@
|
||||
#include "hw/s390x/ioinst.h"
|
||||
#include "trace.h"
|
||||
#include "hw/s390x/s390-pci-bus.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
|
||||
/* All I/O instructions but chsc use the s format */
|
||||
static uint64_t get_address_from_regs(CPUS390XState *env, uint32_t ipb,
|
||||
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
|
||||
index a963866ef4..6d1a6324b9 100644
|
||||
--- a/target/s390x/kvm/kvm.c
|
||||
+++ b/target/s390x/kvm/kvm.c
|
||||
@@ -51,7 +51,7 @@
|
||||
#include "exec/memattrs.h"
|
||||
#include "hw/s390x/s390-virtio-ccw.h"
|
||||
#include "hw/s390x/s390-virtio-hcall.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
|
||||
#ifndef DEBUG_KVM
|
||||
#define DEBUG_KVM 0
|
||||
diff --git a/target/s390x/kvm/meson.build b/target/s390x/kvm/meson.build
|
||||
index aef52b6686..739d5b9f54 100644
|
||||
--- a/target/s390x/kvm/meson.build
|
||||
+++ b/target/s390x/kvm/meson.build
|
||||
@@ -1,5 +1,6 @@
|
||||
|
||||
s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
|
||||
+ 'pv.c',
|
||||
'kvm.c'
|
||||
), if_false: files(
|
||||
'stubs.c'
|
||||
diff --git a/hw/s390x/pv.c b/target/s390x/kvm/pv.c
|
||||
similarity index 99%
|
||||
rename from hw/s390x/pv.c
|
||||
rename to target/s390x/kvm/pv.c
|
||||
index 8a1c71436b..e14db4f41a 100644
|
||||
--- a/hw/s390x/pv.c
|
||||
+++ b/target/s390x/kvm/pv.c
|
||||
@@ -19,9 +19,9 @@
|
||||
#include "qom/object_interfaces.h"
|
||||
#include "exec/confidential-guest-support.h"
|
||||
#include "hw/s390x/ipl.h"
|
||||
-#include "hw/s390x/pv.h"
|
||||
#include "hw/s390x/sclp.h"
|
||||
#include "target/s390x/kvm/kvm_s390x.h"
|
||||
+#include "target/s390x/kvm/pv.h"
|
||||
|
||||
static bool info_valid;
|
||||
static struct kvm_s390_pv_info_vm info_vm;
|
||||
diff --git a/include/hw/s390x/pv.h b/target/s390x/kvm/pv.h
|
||||
similarity index 100%
|
||||
rename from include/hw/s390x/pv.h
|
||||
rename to target/s390x/kvm/pv.h
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,100 @@
|
|||
From 053faafcf523b0ea4d841c0af8e7e26a2cddd5e8 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon, 15 Jan 2024 14:00:04 +0100
|
||||
Subject: [PATCH 3/5] hw/s390x/pv: Restrict Protected Virtualization to sysemu
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Thomas Huth <thuth@redhat.com>
|
||||
RH-MergeRequest: 348: s390x: Provide some more useful information if decryption of a PV image fails
|
||||
RH-Jira: RHEL-18214
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
||||
RH-Commit: [3/5] 17b11f9fd2b53c7d33c09a62f28cfca19b18e798
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-18214
|
||||
|
||||
commit 3ea7e312671686e616efa1b8caa5f5ce2d06543a
|
||||
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Date: Sat Dec 17 16:24:52 2022 +0100
|
||||
|
||||
hw/s390x/pv: Restrict Protected Virtualization to sysemu
|
||||
|
||||
Protected Virtualization is irrelevant in user emulation.
|
||||
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Message-Id: <20221217152454.96388-4-philmd@linaro.org>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
---
|
||||
target/s390x/cpu_features.c | 4 ++++
|
||||
target/s390x/cpu_models.c | 4 +++-
|
||||
2 files changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c
|
||||
index 5528acd082..2e4e11d264 100644
|
||||
--- a/target/s390x/cpu_features.c
|
||||
+++ b/target/s390x/cpu_features.c
|
||||
@@ -14,7 +14,9 @@
|
||||
#include "qemu/osdep.h"
|
||||
#include "qemu/module.h"
|
||||
#include "cpu_features.h"
|
||||
+#ifndef CONFIG_USER_ONLY
|
||||
#include "hw/s390x/pv.h"
|
||||
+#endif
|
||||
|
||||
#define DEF_FEAT(_FEAT, _NAME, _TYPE, _BIT, _DESC) \
|
||||
[S390_FEAT_##_FEAT] = { \
|
||||
@@ -107,6 +109,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
|
||||
feat = find_next_bit(features, S390_FEAT_MAX, feat + 1);
|
||||
}
|
||||
|
||||
+#ifndef CONFIG_USER_ONLY
|
||||
if (!s390_is_pv()) {
|
||||
return;
|
||||
}
|
||||
@@ -147,6 +150,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
|
||||
default:
|
||||
return;
|
||||
}
|
||||
+#endif
|
||||
}
|
||||
|
||||
void s390_add_from_feat_block(S390FeatBitmap features, S390FeatType type,
|
||||
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
|
||||
index 454485e706..e7c586c76e 100644
|
||||
--- a/target/s390x/cpu_models.c
|
||||
+++ b/target/s390x/cpu_models.c
|
||||
@@ -22,8 +22,8 @@
|
||||
#include "qemu/qemu-print.h"
|
||||
#ifndef CONFIG_USER_ONLY
|
||||
#include "sysemu/sysemu.h"
|
||||
-#endif
|
||||
#include "hw/s390x/pv.h"
|
||||
+#endif
|
||||
|
||||
#define CPUDEF_INIT(_type, _gen, _ec_ga, _mha_pow, _hmfai, _name, _desc) \
|
||||
{ \
|
||||
@@ -236,6 +236,7 @@ bool s390_has_feat(S390Feat feat)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifndef CONFIG_USER_ONLY
|
||||
if (s390_is_pv()) {
|
||||
switch (feat) {
|
||||
case S390_FEAT_DIAG_318:
|
||||
@@ -259,6 +260,7 @@ bool s390_has_feat(S390Feat feat)
|
||||
break;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
return test_bit(feat, cpu->model->features);
|
||||
}
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,260 @@
|
|||
From 57a26ba1c4053cdc426653f921e66f7a8efd3ce7 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon, 22 May 2023 11:10:11 +0200
|
||||
Subject: [PATCH 12/15] hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI
|
||||
controller (CVE-2023-0330)
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [12/12] 28f5e04344109d8514869c50468bef481437201d (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit b987718bbb1d0eabf95499b976212dd5f0120d75
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Mon May 22 11:10:11 2023 +0200
|
||||
|
||||
hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
|
||||
|
||||
We cannot use the generic reentrancy guard in the LSI code, so
|
||||
we have to manually prevent endless reentrancy here. The problematic
|
||||
lsi_execute_script() function has already a way to detect whether
|
||||
too many instructions have been executed - we just have to slightly
|
||||
change the logic here that it also takes into account if the function
|
||||
has been called too often in a reentrant way.
|
||||
|
||||
The code in fuzz-lsi53c895a-test.c has been taken from an earlier
|
||||
patch by Mauro Matteo Cascella.
|
||||
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
|
||||
Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/scsi/lsi53c895a.c | 23 +++--
|
||||
tests/qtest/fuzz-lsi53c895a-test.c | 161 +++++++++++++++++++++++++++++
|
||||
2 files changed, 178 insertions(+), 6 deletions(-)
|
||||
create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c
|
||||
|
||||
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
|
||||
index 2b9cb2ac5d..b60786fd56 100644
|
||||
--- a/hw/scsi/lsi53c895a.c
|
||||
+++ b/hw/scsi/lsi53c895a.c
|
||||
@@ -1133,15 +1133,24 @@ static void lsi_execute_script(LSIState *s)
|
||||
uint32_t addr, addr_high;
|
||||
int opcode;
|
||||
int insn_processed = 0;
|
||||
+ static int reentrancy_level;
|
||||
+
|
||||
+ reentrancy_level++;
|
||||
|
||||
s->istat1 |= LSI_ISTAT1_SRUN;
|
||||
again:
|
||||
- if (++insn_processed > LSI_MAX_INSN) {
|
||||
- /* Some windows drivers make the device spin waiting for a memory
|
||||
- location to change. If we have been executed a lot of code then
|
||||
- assume this is the case and force an unexpected device disconnect.
|
||||
- This is apparently sufficient to beat the drivers into submission.
|
||||
- */
|
||||
+ /*
|
||||
+ * Some windows drivers make the device spin waiting for a memory location
|
||||
+ * to change. If we have executed more than LSI_MAX_INSN instructions then
|
||||
+ * assume this is the case and force an unexpected device disconnect. This
|
||||
+ * is apparently sufficient to beat the drivers into submission.
|
||||
+ *
|
||||
+ * Another issue (CVE-2023-0330) can occur if the script is programmed to
|
||||
+ * trigger itself again and again. Avoid this problem by stopping after
|
||||
+ * being called multiple times in a reentrant way (8 is an arbitrary value
|
||||
+ * which should be enough for all valid use cases).
|
||||
+ */
|
||||
+ if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) {
|
||||
if (!(s->sien0 & LSI_SIST0_UDC)) {
|
||||
qemu_log_mask(LOG_GUEST_ERROR,
|
||||
"lsi_scsi: inf. loop with UDC masked");
|
||||
@@ -1595,6 +1604,8 @@ again:
|
||||
}
|
||||
}
|
||||
trace_lsi_execute_script_stop();
|
||||
+
|
||||
+ reentrancy_level--;
|
||||
}
|
||||
|
||||
static uint8_t lsi_reg_readb(LSIState *s, int offset)
|
||||
diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c
|
||||
new file mode 100644
|
||||
index 0000000000..1b55928b9f
|
||||
--- /dev/null
|
||||
+++ b/tests/qtest/fuzz-lsi53c895a-test.c
|
||||
@@ -0,0 +1,161 @@
|
||||
+/* SPDX-License-Identifier: GPL-2.0-or-later */
|
||||
+/*
|
||||
+ * QTest fuzzer-generated testcase for LSI53C895A device
|
||||
+ *
|
||||
+ * Copyright (c) Red Hat
|
||||
+ */
|
||||
+
|
||||
+#include "qemu/osdep.h"
|
||||
+#include "libqtest.h"
|
||||
+
|
||||
+/*
|
||||
+ * This used to trigger a DMA reentrancy issue
|
||||
+ * leading to memory corruption bugs like stack
|
||||
+ * overflow or use-after-free
|
||||
+ * https://gitlab.com/qemu-project/qemu/-/issues/1563
|
||||
+ */
|
||||
+static void test_lsi_dma_reentrancy(void)
|
||||
+{
|
||||
+ QTestState *s;
|
||||
+
|
||||
+ s = qtest_init("-M q35 -m 512M -nodefaults "
|
||||
+ "-blockdev driver=null-co,node-name=null0 "
|
||||
+ "-device lsi53c810 -device scsi-cd,drive=null0");
|
||||
+
|
||||
+ qtest_outl(s, 0xcf8, 0x80000804); /* PCI Command Register */
|
||||
+ qtest_outw(s, 0xcfc, 0x7); /* Enables accesses */
|
||||
+ qtest_outl(s, 0xcf8, 0x80000814); /* Memory Bar 1 */
|
||||
+ qtest_outl(s, 0xcfc, 0xff100000); /* Set MMIO Address*/
|
||||
+ qtest_outl(s, 0xcf8, 0x80000818); /* Memory Bar 2 */
|
||||
+ qtest_outl(s, 0xcfc, 0xff000000); /* Set RAM Address*/
|
||||
+ qtest_writel(s, 0xff000000, 0xc0000024);
|
||||
+ qtest_writel(s, 0xff000114, 0x00000080);
|
||||
+ qtest_writel(s, 0xff00012c, 0xff000000);
|
||||
+ qtest_writel(s, 0xff000004, 0xff000114);
|
||||
+ qtest_writel(s, 0xff000008, 0xff100014);
|
||||
+ qtest_writel(s, 0xff10002f, 0x000000ff);
|
||||
+
|
||||
+ qtest_quit(s);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * This used to trigger a UAF in lsi_do_msgout()
|
||||
+ * https://gitlab.com/qemu-project/qemu/-/issues/972
|
||||
+ */
|
||||
+static void test_lsi_do_msgout_cancel_req(void)
|
||||
+{
|
||||
+ QTestState *s;
|
||||
+
|
||||
+ if (sizeof(void *) == 4) {
|
||||
+ g_test_skip("memory size too big for 32-bit build");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ s = qtest_init("-M q35 -m 2G -nodefaults "
|
||||
+ "-device lsi53c895a,id=scsi "
|
||||
+ "-device scsi-hd,drive=disk0 "
|
||||
+ "-drive file=null-co://,id=disk0,if=none,format=raw");
|
||||
+
|
||||
+ qtest_outl(s, 0xcf8, 0x80000810);
|
||||
+ qtest_outl(s, 0xcf8, 0xc000);
|
||||
+ qtest_outl(s, 0xcf8, 0x80000810);
|
||||
+ qtest_outw(s, 0xcfc, 0x7);
|
||||
+ qtest_outl(s, 0xcf8, 0x80000810);
|
||||
+ qtest_outl(s, 0xcfc, 0xc000);
|
||||
+ qtest_outl(s, 0xcf8, 0x80000804);
|
||||
+ qtest_outw(s, 0xcfc, 0x05);
|
||||
+ qtest_writeb(s, 0x69736c10, 0x08);
|
||||
+ qtest_writeb(s, 0x69736c13, 0x58);
|
||||
+ qtest_writeb(s, 0x69736c1a, 0x01);
|
||||
+ qtest_writeb(s, 0x69736c1b, 0x06);
|
||||
+ qtest_writeb(s, 0x69736c22, 0x01);
|
||||
+ qtest_writeb(s, 0x69736c23, 0x07);
|
||||
+ qtest_writeb(s, 0x69736c2b, 0x02);
|
||||
+ qtest_writeb(s, 0x69736c48, 0x08);
|
||||
+ qtest_writeb(s, 0x69736c4b, 0x58);
|
||||
+ qtest_writeb(s, 0x69736c52, 0x04);
|
||||
+ qtest_writeb(s, 0x69736c53, 0x06);
|
||||
+ qtest_writeb(s, 0x69736c5b, 0x02);
|
||||
+ qtest_outl(s, 0xc02d, 0x697300);
|
||||
+ qtest_writeb(s, 0x5a554662, 0x01);
|
||||
+ qtest_writeb(s, 0x5a554663, 0x07);
|
||||
+ qtest_writeb(s, 0x5a55466a, 0x10);
|
||||
+ qtest_writeb(s, 0x5a55466b, 0x22);
|
||||
+ qtest_writeb(s, 0x5a55466c, 0x5a);
|
||||
+ qtest_writeb(s, 0x5a55466d, 0x5a);
|
||||
+ qtest_writeb(s, 0x5a55466e, 0x34);
|
||||
+ qtest_writeb(s, 0x5a55466f, 0x5a);
|
||||
+ qtest_writeb(s, 0x5a345a5a, 0x77);
|
||||
+ qtest_writeb(s, 0x5a345a5b, 0x55);
|
||||
+ qtest_writeb(s, 0x5a345a5c, 0x51);
|
||||
+ qtest_writeb(s, 0x5a345a5d, 0x27);
|
||||
+ qtest_writeb(s, 0x27515577, 0x41);
|
||||
+ qtest_outl(s, 0xc02d, 0x5a5500);
|
||||
+ qtest_writeb(s, 0x364001d0, 0x08);
|
||||
+ qtest_writeb(s, 0x364001d3, 0x58);
|
||||
+ qtest_writeb(s, 0x364001da, 0x01);
|
||||
+ qtest_writeb(s, 0x364001db, 0x26);
|
||||
+ qtest_writeb(s, 0x364001dc, 0x0d);
|
||||
+ qtest_writeb(s, 0x364001dd, 0xae);
|
||||
+ qtest_writeb(s, 0x364001de, 0x41);
|
||||
+ qtest_writeb(s, 0x364001df, 0x5a);
|
||||
+ qtest_writeb(s, 0x5a41ae0d, 0xf8);
|
||||
+ qtest_writeb(s, 0x5a41ae0e, 0x36);
|
||||
+ qtest_writeb(s, 0x5a41ae0f, 0xd7);
|
||||
+ qtest_writeb(s, 0x5a41ae10, 0x36);
|
||||
+ qtest_writeb(s, 0x36d736f8, 0x0c);
|
||||
+ qtest_writeb(s, 0x36d736f9, 0x80);
|
||||
+ qtest_writeb(s, 0x36d736fa, 0x0d);
|
||||
+ qtest_outl(s, 0xc02d, 0x364000);
|
||||
+
|
||||
+ qtest_quit(s);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * This used to trigger the assert in lsi_do_dma()
|
||||
+ * https://bugs.launchpad.net/qemu/+bug/697510
|
||||
+ * https://bugs.launchpad.net/qemu/+bug/1905521
|
||||
+ * https://bugs.launchpad.net/qemu/+bug/1908515
|
||||
+ */
|
||||
+static void test_lsi_do_dma_empty_queue(void)
|
||||
+{
|
||||
+ QTestState *s;
|
||||
+
|
||||
+ s = qtest_init("-M q35 -nographic -monitor none -serial none "
|
||||
+ "-drive if=none,id=drive0,"
|
||||
+ "file=null-co://,file.read-zeroes=on,format=raw "
|
||||
+ "-device lsi53c895a,id=scsi0 "
|
||||
+ "-device scsi-hd,drive=drive0,"
|
||||
+ "bus=scsi0.0,channel=0,scsi-id=0,lun=0");
|
||||
+ qtest_outl(s, 0xcf8, 0x80001814);
|
||||
+ qtest_outl(s, 0xcfc, 0xe1068000);
|
||||
+ qtest_outl(s, 0xcf8, 0x80001818);
|
||||
+ qtest_outl(s, 0xcf8, 0x80001804);
|
||||
+ qtest_outw(s, 0xcfc, 0x7);
|
||||
+ qtest_outl(s, 0xcf8, 0x80002010);
|
||||
+
|
||||
+ qtest_writeb(s, 0xe106802e, 0xff); /* Fill DSP bits 16-23 */
|
||||
+ qtest_writeb(s, 0xe106802f, 0xff); /* Fill DSP bits 24-31: trigger SCRIPT */
|
||||
+
|
||||
+ qtest_quit(s);
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char **argv)
|
||||
+{
|
||||
+ g_test_init(&argc, &argv, NULL);
|
||||
+
|
||||
+ if (!qtest_has_device("lsi53c895a")) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ qtest_add_func("fuzz/lsi53c895a/lsi_do_dma_empty_queue",
|
||||
+ test_lsi_do_dma_empty_queue);
|
||||
+
|
||||
+ qtest_add_func("fuzz/lsi53c895a/lsi_do_msgout_cancel_req",
|
||||
+ test_lsi_do_msgout_cancel_req);
|
||||
+
|
||||
+ qtest_add_func("fuzz/lsi53c895a/lsi_dma_reentrancy",
|
||||
+ test_lsi_dma_reentrancy);
|
||||
+
|
||||
+ return g_test_run();
|
||||
+}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
From 18ac13c7d64266238bd44b2188e0d044af3c3377 Mon Sep 17 00:00:00 2001
|
||||
From: Bandan Das <bsd@redhat.com>
|
||||
Date: Thu, 3 Aug 2023 15:14:14 -0400
|
||||
Subject: [PATCH 4/5] i386/cpu: Update how the EBX register of CPUID 0x8000001F
|
||||
is set
|
||||
|
||||
RH-Author: Bandan Das <None>
|
||||
RH-MergeRequest: 296: Updates to SEV reduced-phys-bits parameter
|
||||
RH-Bugzilla: 2214840
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Commit: [4/4] 8b236fd9bc4c177bfacf6220a429e711b5bf062e
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214840
|
||||
|
||||
commit fb6bbafc0f19385fb257ee073ed13dcaf613f2f8
|
||||
Author: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Date: Fri Sep 30 10:14:30 2022 -0500
|
||||
|
||||
i386/cpu: Update how the EBX register of CPUID 0x8000001F is set
|
||||
|
||||
Update the setting of CPUID 0x8000001F EBX to clearly document the ranges
|
||||
associated with fields being set.
|
||||
|
||||
Fixes: 6cb8f2a663 ("cpu/i386: populate CPUID 0x8000_001F when SEV is active")
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Message-Id: <5822fd7d02b575121380e1f493a8f6d9eba2b11a.1664550870.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Bandan Das <bsd@redhat.com>
|
||||
---
|
||||
target/i386/cpu.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
||||
index 9d3dcdcc0d..265f0aadfc 100644
|
||||
--- a/target/i386/cpu.c
|
||||
+++ b/target/i386/cpu.c
|
||||
@@ -5836,8 +5836,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
|
||||
if (sev_enabled()) {
|
||||
*eax = 0x2;
|
||||
*eax |= sev_es_enabled() ? 0x8 : 0;
|
||||
- *ebx = sev_get_cbit_position();
|
||||
- *ebx |= sev_get_reduced_phys_bits() << 6;
|
||||
+ *ebx = sev_get_cbit_position() & 0x3f; /* EBX[5:0] */
|
||||
+ *ebx |= (sev_get_reduced_phys_bits() & 0x3f) << 6; /* EBX[11:6] */
|
||||
}
|
||||
break;
|
||||
default:
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -1,16 +1,15 @@
|
|||
From 1bd939d374ec2e994ff47c84e16fa3bc1323a0fd Mon Sep 17 00:00:00 2001
|
||||
From f96220d64a31a4a52b2d132a503048579946f982 Mon Sep 17 00:00:00 2001
|
||||
From: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Date: Thu, 18 Aug 2022 17:01:13 +0200
|
||||
Subject: [PATCH 2/2] i386: do kvm_put_msr_feature_control() first thing when
|
||||
Subject: [PATCH 3/3] i386: do kvm_put_msr_feature_control() first thing when
|
||||
vCPU is reset
|
||||
|
||||
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-MergeRequest: 216: i386: fix 'system_reset' when the VM is in VMX root operation
|
||||
RH-Bugzilla: 2116743
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Commit: [2/2] f838a57f74487eb394794de00006d5d2b9e84344
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 219: Synchronize qemu-6.2.0-20.el8.1 build from RHEL 8.7 to RHEL 8.8
|
||||
RH-Bugzilla: 2125271
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [2/2] 08e1e67db96801e4a35aa6b60a93b2c2f1641220
|
||||
|
||||
kvm_put_sregs2() fails to reset 'locked' CR4/CR0 bits upon vCPU reset when
|
||||
it is in VMX root operation. Do kvm_put_msr_feature_control() before
|
||||
|
@ -64,5 +63,5 @@ index 81d729dc40..a06221d3e5 100644
|
|||
|
||||
if (level == KVM_PUT_FULL_STATE) {
|
||||
--
|
||||
2.31.1
|
||||
2.35.3
|
||||
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
From 4ad00e318f8afbee0e455cfbb6bc693c808d87f3 Mon Sep 17 00:00:00 2001
|
||||
From 46e54544c3480658111d6f111d6c265dcea2e19b Mon Sep 17 00:00:00 2001
|
||||
From: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Date: Thu, 18 Aug 2022 17:01:12 +0200
|
||||
Subject: [PATCH 1/2] i386: reset KVM nested state upon CPU reset
|
||||
Subject: [PATCH 2/3] i386: reset KVM nested state upon CPU reset
|
||||
|
||||
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-MergeRequest: 216: i386: fix 'system_reset' when the VM is in VMX root operation
|
||||
RH-Bugzilla: 2116743
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Commit: [1/2] 20d2dabeda74b8cd5135228980a2414e66dc64f3
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 219: Synchronize qemu-6.2.0-20.el8.1 build from RHEL 8.7 to RHEL 8.8
|
||||
RH-Bugzilla: 2125271
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [1/2] de4db7bceb6baaf69aec8b0ae9aa8887aa869e15
|
||||
|
||||
Make sure env->nested_state is cleaned up when a vCPU is reset, it may
|
||||
be stale after an incoming migration, kvm_arch_put_registers() may
|
||||
|
@ -91,5 +90,5 @@ index bd439e56ad..81d729dc40 100644
|
|||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
2.35.3
|
||||
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
From 19504ea76b6341c11213316402bb5194487e1f01 Mon Sep 17 00:00:00 2001
|
||||
From: Bandan Das <bsd@redhat.com>
|
||||
Date: Thu, 3 Aug 2023 15:13:19 -0400
|
||||
Subject: [PATCH 3/5] i386/sev: Update checks and information related to
|
||||
reduced-phys-bits
|
||||
|
||||
RH-Author: Bandan Das <None>
|
||||
RH-MergeRequest: 296: Updates to SEV reduced-phys-bits parameter
|
||||
RH-Bugzilla: 2214840
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Commit: [3/4] b617173d2b15fa39cdc02b5c1ac4d52e9b0dfede
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214840
|
||||
|
||||
commit 8168fed9f84e3128f7628969ae78af49433d5ce7
|
||||
Author: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Date: Fri Sep 30 10:14:29 2022 -0500
|
||||
|
||||
i386/sev: Update checks and information related to reduced-phys-bits
|
||||
|
||||
The value of the reduced-phys-bits parameter is propogated to the CPUID
|
||||
information exposed to the guest. Update the current validation check to
|
||||
account for the size of the CPUID field (6-bits), ensuring the value is
|
||||
in the range of 1 to 63.
|
||||
|
||||
Maintain backward compatibility, to an extent, by allowing a value greater
|
||||
than 1 (so that the previously documented value of 5 still works), but not
|
||||
allowing anything over 63.
|
||||
|
||||
Fixes: d8575c6c02 ("sev/i386: add command to initialize the memory encryption context")
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Message-Id: <cca5341a95ac73f904e6300f10b04f9c62e4e8ff.1664550870.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Bandan Das <bsd@redhat.com>
|
||||
---
|
||||
target/i386/sev.c | 17 ++++++++++++++---
|
||||
1 file changed, 14 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
||||
index 025ff7a6f8..ba6a65e90c 100644
|
||||
--- a/target/i386/sev.c
|
||||
+++ b/target/i386/sev.c
|
||||
@@ -892,15 +892,26 @@ int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
|
||||
host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL);
|
||||
host_cbitpos = ebx & 0x3f;
|
||||
|
||||
+ /*
|
||||
+ * The cbitpos value will be placed in bit positions 5:0 of the EBX
|
||||
+ * register of CPUID 0x8000001F. No need to verify the range as the
|
||||
+ * comparison against the host value accomplishes that.
|
||||
+ */
|
||||
if (host_cbitpos != sev->cbitpos) {
|
||||
error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'",
|
||||
__func__, host_cbitpos, sev->cbitpos);
|
||||
goto err;
|
||||
}
|
||||
|
||||
- if (sev->reduced_phys_bits < 1) {
|
||||
- error_setg(errp, "%s: reduced_phys_bits check failed, it should be >=1,"
|
||||
- " requested '%d'", __func__, sev->reduced_phys_bits);
|
||||
+ /*
|
||||
+ * The reduced-phys-bits value will be placed in bit positions 11:6 of
|
||||
+ * the EBX register of CPUID 0x8000001F, so verify the supplied value
|
||||
+ * is in the range of 1 to 63.
|
||||
+ */
|
||||
+ if (sev->reduced_phys_bits < 1 || sev->reduced_phys_bits > 63) {
|
||||
+ error_setg(errp, "%s: reduced_phys_bits check failed,"
|
||||
+ " it should be in the range of 1 to 63, requested '%d'",
|
||||
+ __func__, sev->reduced_phys_bits);
|
||||
goto err;
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
From 3fceb3b60a60c5008eecf99e45e269b757042b5a Mon Sep 17 00:00:00 2001
|
||||
From: Janosch Frank <frankja@linux.ibm.com>
|
||||
Date: Mon, 17 Oct 2022 08:38:20 +0000
|
||||
Subject: [PATCH 39/42] include/elf.h: add s390x note types
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 226: s390: Enhanced Interpretation for PCI Functions and Secure Execution guest dump
|
||||
RH-Bugzilla: 1664378 2043909
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [39/41] ebf0873744905abbe9cfc423a56c6d1b4f2ae936
|
||||
|
||||
Adding two s390x note types
|
||||
|
||||
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Message-Id: <20221017083822.43118-9-frankja@linux.ibm.com>
|
||||
(cherry picked from commit 5433669c7a1884cc0394c360148965edf7519884)
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
include/elf.h | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/include/elf.h b/include/elf.h
|
||||
index 811bf4a1cb..4edab8e5a2 100644
|
||||
--- a/include/elf.h
|
||||
+++ b/include/elf.h
|
||||
@@ -1647,6 +1647,8 @@ typedef struct elf64_shdr {
|
||||
#define NT_TASKSTRUCT 4
|
||||
#define NT_AUXV 6
|
||||
#define NT_PRXFPREG 0x46e62b7f /* copied from gdb5.1/include/elf/common.h */
|
||||
+#define NT_S390_PV_CPU_DATA 0x30e /* s390 protvirt cpu dump data */
|
||||
+#define NT_S390_RI_CB 0x30d /* s390 runtime instrumentation */
|
||||
#define NT_S390_GS_CB 0x30b /* s390 guarded storage registers */
|
||||
#define NT_S390_VXRS_HIGH 0x30a /* s390 vector registers 16-31 */
|
||||
#define NT_S390_VXRS_LOW 0x309 /* s390 vector registers 0-15 (lower half) */
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,367 @@
|
|||
From 88b5e059462a72ca758d84c0d4d0895a03baac50 Mon Sep 17 00:00:00 2001
|
||||
From: "manish.mishra" <manish.mishra@nutanix.com>
|
||||
Date: Tue, 20 Dec 2022 18:44:17 +0000
|
||||
Subject: [PATCH 1/3] io: Add support for MSG_PEEK for socket channel
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Peter Xu <peterx@redhat.com>
|
||||
RH-MergeRequest: 258: migration: Fix multifd crash due to channel disorder
|
||||
RH-Bugzilla: 2137740
|
||||
RH-Acked-by: quintela1 <quintela@redhat.com>
|
||||
RH-Acked-by: Leonardo Brás <leobras@redhat.com>
|
||||
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
RH-Commit: [1/2] 04fc6fae358599b8509f5355469d2e8720f01903
|
||||
|
||||
Conflicts:
|
||||
io/channel-null.c
|
||||
migration/channel-block.c
|
||||
|
||||
Because these two files do not exist in rhel8.8 tree, dropping the
|
||||
changes.
|
||||
|
||||
MSG_PEEK peeks at the channel, The data is treated as unread and
|
||||
the next read shall still return this data. This support is
|
||||
currently added only for socket class. Extra parameter 'flags'
|
||||
is added to io_readv calls to pass extra read flags like MSG_PEEK.
|
||||
|
||||
Reviewed-by: Peter Xu <peterx@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Suggested-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
Signed-off-by: manish.mishra <manish.mishra@nutanix.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 84615a19ddf2bfb38d7b3a0d487d2397ee55e4f3)
|
||||
Signed-off-by: Peter Xu <peterx@redhat.com>
|
||||
---
|
||||
chardev/char-socket.c | 4 ++--
|
||||
include/io/channel.h | 6 ++++++
|
||||
io/channel-buffer.c | 1 +
|
||||
io/channel-command.c | 1 +
|
||||
io/channel-file.c | 1 +
|
||||
io/channel-socket.c | 19 ++++++++++++++++++-
|
||||
io/channel-tls.c | 1 +
|
||||
io/channel-websock.c | 1 +
|
||||
io/channel.c | 16 ++++++++++++----
|
||||
migration/rdma.c | 1 +
|
||||
scsi/qemu-pr-helper.c | 2 +-
|
||||
tests/qtest/tpm-emu.c | 2 +-
|
||||
tests/unit/test-io-channel-socket.c | 1 +
|
||||
util/vhost-user-server.c | 2 +-
|
||||
14 files changed, 48 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
|
||||
index 836cfa0bc2..4cdf79e0c2 100644
|
||||
--- a/chardev/char-socket.c
|
||||
+++ b/chardev/char-socket.c
|
||||
@@ -339,11 +339,11 @@ static ssize_t tcp_chr_recv(Chardev *chr, char *buf, size_t len)
|
||||
if (qio_channel_has_feature(s->ioc, QIO_CHANNEL_FEATURE_FD_PASS)) {
|
||||
ret = qio_channel_readv_full(s->ioc, &iov, 1,
|
||||
&msgfds, &msgfds_num,
|
||||
- NULL);
|
||||
+ 0, NULL);
|
||||
} else {
|
||||
ret = qio_channel_readv_full(s->ioc, &iov, 1,
|
||||
NULL, NULL,
|
||||
- NULL);
|
||||
+ 0, NULL);
|
||||
}
|
||||
|
||||
if (ret == QIO_CHANNEL_ERR_BLOCK) {
|
||||
diff --git a/include/io/channel.h b/include/io/channel.h
|
||||
index c680ee7480..716235d496 100644
|
||||
--- a/include/io/channel.h
|
||||
+++ b/include/io/channel.h
|
||||
@@ -34,6 +34,8 @@ OBJECT_DECLARE_TYPE(QIOChannel, QIOChannelClass,
|
||||
|
||||
#define QIO_CHANNEL_WRITE_FLAG_ZERO_COPY 0x1
|
||||
|
||||
+#define QIO_CHANNEL_READ_FLAG_MSG_PEEK 0x1
|
||||
+
|
||||
typedef enum QIOChannelFeature QIOChannelFeature;
|
||||
|
||||
enum QIOChannelFeature {
|
||||
@@ -41,6 +43,7 @@ enum QIOChannelFeature {
|
||||
QIO_CHANNEL_FEATURE_SHUTDOWN,
|
||||
QIO_CHANNEL_FEATURE_LISTEN,
|
||||
QIO_CHANNEL_FEATURE_WRITE_ZERO_COPY,
|
||||
+ QIO_CHANNEL_FEATURE_READ_MSG_PEEK,
|
||||
};
|
||||
|
||||
|
||||
@@ -114,6 +117,7 @@ struct QIOChannelClass {
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp);
|
||||
int (*io_close)(QIOChannel *ioc,
|
||||
Error **errp);
|
||||
@@ -188,6 +192,7 @@ void qio_channel_set_name(QIOChannel *ioc,
|
||||
* @niov: the length of the @iov array
|
||||
* @fds: pointer to an array that will received file handles
|
||||
* @nfds: pointer filled with number of elements in @fds on return
|
||||
+ * @flags: read flags (QIO_CHANNEL_READ_FLAG_*)
|
||||
* @errp: pointer to a NULL-initialized error object
|
||||
*
|
||||
* Read data from the IO channel, storing it in the
|
||||
@@ -224,6 +229,7 @@ ssize_t qio_channel_readv_full(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp);
|
||||
|
||||
|
||||
diff --git a/io/channel-buffer.c b/io/channel-buffer.c
|
||||
index bf52011be2..8096180f85 100644
|
||||
--- a/io/channel-buffer.c
|
||||
+++ b/io/channel-buffer.c
|
||||
@@ -54,6 +54,7 @@ static ssize_t qio_channel_buffer_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc);
|
||||
diff --git a/io/channel-command.c b/io/channel-command.c
|
||||
index 5ff1691bad..2834413b3a 100644
|
||||
--- a/io/channel-command.c
|
||||
+++ b/io/channel-command.c
|
||||
@@ -230,6 +230,7 @@ static ssize_t qio_channel_command_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelCommand *cioc = QIO_CHANNEL_COMMAND(ioc);
|
||||
diff --git a/io/channel-file.c b/io/channel-file.c
|
||||
index 348a48545e..490f0e5d84 100644
|
||||
--- a/io/channel-file.c
|
||||
+++ b/io/channel-file.c
|
||||
@@ -86,6 +86,7 @@ static ssize_t qio_channel_file_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelFile *fioc = QIO_CHANNEL_FILE(ioc);
|
||||
diff --git a/io/channel-socket.c b/io/channel-socket.c
|
||||
index 6010ad7017..ca8b180b69 100644
|
||||
--- a/io/channel-socket.c
|
||||
+++ b/io/channel-socket.c
|
||||
@@ -174,6 +174,9 @@ int qio_channel_socket_connect_sync(QIOChannelSocket *ioc,
|
||||
}
|
||||
#endif
|
||||
|
||||
+ qio_channel_set_feature(QIO_CHANNEL(ioc),
|
||||
+ QIO_CHANNEL_FEATURE_READ_MSG_PEEK);
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -407,6 +410,9 @@ qio_channel_socket_accept(QIOChannelSocket *ioc,
|
||||
}
|
||||
#endif /* WIN32 */
|
||||
|
||||
+ qio_channel_set_feature(QIO_CHANNEL(cioc),
|
||||
+ QIO_CHANNEL_FEATURE_READ_MSG_PEEK);
|
||||
+
|
||||
trace_qio_channel_socket_accept_complete(ioc, cioc, cioc->fd);
|
||||
return cioc;
|
||||
|
||||
@@ -497,6 +503,7 @@ static ssize_t qio_channel_socket_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
|
||||
@@ -518,6 +525,10 @@ static ssize_t qio_channel_socket_readv(QIOChannel *ioc,
|
||||
|
||||
}
|
||||
|
||||
+ if (flags & QIO_CHANNEL_READ_FLAG_MSG_PEEK) {
|
||||
+ sflags |= MSG_PEEK;
|
||||
+ }
|
||||
+
|
||||
retry:
|
||||
ret = recvmsg(sioc->fd, &msg, sflags);
|
||||
if (ret < 0) {
|
||||
@@ -625,11 +636,17 @@ static ssize_t qio_channel_socket_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
|
||||
ssize_t done = 0;
|
||||
ssize_t i;
|
||||
+ int sflags = 0;
|
||||
+
|
||||
+ if (flags & QIO_CHANNEL_READ_FLAG_MSG_PEEK) {
|
||||
+ sflags |= MSG_PEEK;
|
||||
+ }
|
||||
|
||||
for (i = 0; i < niov; i++) {
|
||||
ssize_t ret;
|
||||
@@ -637,7 +654,7 @@ static ssize_t qio_channel_socket_readv(QIOChannel *ioc,
|
||||
ret = recv(sioc->fd,
|
||||
iov[i].iov_base,
|
||||
iov[i].iov_len,
|
||||
- 0);
|
||||
+ sflags);
|
||||
if (ret < 0) {
|
||||
if (errno == EAGAIN) {
|
||||
if (done) {
|
||||
diff --git a/io/channel-tls.c b/io/channel-tls.c
|
||||
index 4ce890a538..c730cb8ec5 100644
|
||||
--- a/io/channel-tls.c
|
||||
+++ b/io/channel-tls.c
|
||||
@@ -260,6 +260,7 @@ static ssize_t qio_channel_tls_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
|
||||
diff --git a/io/channel-websock.c b/io/channel-websock.c
|
||||
index 035dd6075b..13c94f2afe 100644
|
||||
--- a/io/channel-websock.c
|
||||
+++ b/io/channel-websock.c
|
||||
@@ -1081,6 +1081,7 @@ static ssize_t qio_channel_websock_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(ioc);
|
||||
diff --git a/io/channel.c b/io/channel.c
|
||||
index 0640941ac5..a8c7f11649 100644
|
||||
--- a/io/channel.c
|
||||
+++ b/io/channel.c
|
||||
@@ -52,6 +52,7 @@ ssize_t qio_channel_readv_full(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc);
|
||||
@@ -63,7 +64,14 @@ ssize_t qio_channel_readv_full(QIOChannel *ioc,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- return klass->io_readv(ioc, iov, niov, fds, nfds, errp);
|
||||
+ if ((flags & QIO_CHANNEL_READ_FLAG_MSG_PEEK) &&
|
||||
+ !qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_READ_MSG_PEEK)) {
|
||||
+ error_setg_errno(errp, EINVAL,
|
||||
+ "Channel does not support peek read");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return klass->io_readv(ioc, iov, niov, fds, nfds, flags, errp);
|
||||
}
|
||||
|
||||
|
||||
@@ -146,7 +154,7 @@ int qio_channel_readv_full_all_eof(QIOChannel *ioc,
|
||||
while ((nlocal_iov > 0) || local_fds) {
|
||||
ssize_t len;
|
||||
len = qio_channel_readv_full(ioc, local_iov, nlocal_iov, local_fds,
|
||||
- local_nfds, errp);
|
||||
+ local_nfds, 0, errp);
|
||||
if (len == QIO_CHANNEL_ERR_BLOCK) {
|
||||
if (qemu_in_coroutine()) {
|
||||
qio_channel_yield(ioc, G_IO_IN);
|
||||
@@ -284,7 +292,7 @@ ssize_t qio_channel_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
Error **errp)
|
||||
{
|
||||
- return qio_channel_readv_full(ioc, iov, niov, NULL, NULL, errp);
|
||||
+ return qio_channel_readv_full(ioc, iov, niov, NULL, NULL, 0, errp);
|
||||
}
|
||||
|
||||
|
||||
@@ -303,7 +311,7 @@ ssize_t qio_channel_read(QIOChannel *ioc,
|
||||
Error **errp)
|
||||
{
|
||||
struct iovec iov = { .iov_base = buf, .iov_len = buflen };
|
||||
- return qio_channel_readv_full(ioc, &iov, 1, NULL, NULL, errp);
|
||||
+ return qio_channel_readv_full(ioc, &iov, 1, NULL, NULL, 0, errp);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/migration/rdma.c b/migration/rdma.c
|
||||
index 54acd2000e..dcf98bd7f8 100644
|
||||
--- a/migration/rdma.c
|
||||
+++ b/migration/rdma.c
|
||||
@@ -2917,6 +2917,7 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
|
||||
size_t niov,
|
||||
int **fds,
|
||||
size_t *nfds,
|
||||
+ int flags,
|
||||
Error **errp)
|
||||
{
|
||||
QIOChannelRDMA *rioc = QIO_CHANNEL_RDMA(ioc);
|
||||
diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
|
||||
index f281daeced..12ec8e9368 100644
|
||||
--- a/scsi/qemu-pr-helper.c
|
||||
+++ b/scsi/qemu-pr-helper.c
|
||||
@@ -612,7 +612,7 @@ static int coroutine_fn prh_read(PRHelperClient *client, void *buf, int sz,
|
||||
iov.iov_base = buf;
|
||||
iov.iov_len = sz;
|
||||
n_read = qio_channel_readv_full(QIO_CHANNEL(client->ioc), &iov, 1,
|
||||
- &fds, &nfds, errp);
|
||||
+ &fds, &nfds, 0, errp);
|
||||
|
||||
if (n_read == QIO_CHANNEL_ERR_BLOCK) {
|
||||
qio_channel_yield(QIO_CHANNEL(client->ioc), G_IO_IN);
|
||||
diff --git a/tests/qtest/tpm-emu.c b/tests/qtest/tpm-emu.c
|
||||
index 2994d1cf42..3cf1acaf7d 100644
|
||||
--- a/tests/qtest/tpm-emu.c
|
||||
+++ b/tests/qtest/tpm-emu.c
|
||||
@@ -106,7 +106,7 @@ void *tpm_emu_ctrl_thread(void *data)
|
||||
int *pfd = NULL;
|
||||
size_t nfd = 0;
|
||||
|
||||
- qio_channel_readv_full(ioc, &iov, 1, &pfd, &nfd, &error_abort);
|
||||
+ qio_channel_readv_full(ioc, &iov, 1, &pfd, &nfd, 0, &error_abort);
|
||||
cmd = be32_to_cpu(cmd);
|
||||
g_assert_cmpint(cmd, ==, CMD_SET_DATAFD);
|
||||
g_assert_cmpint(nfd, ==, 1);
|
||||
diff --git a/tests/unit/test-io-channel-socket.c b/tests/unit/test-io-channel-socket.c
|
||||
index 6713886d02..de2930f203 100644
|
||||
--- a/tests/unit/test-io-channel-socket.c
|
||||
+++ b/tests/unit/test-io-channel-socket.c
|
||||
@@ -452,6 +452,7 @@ static void test_io_channel_unix_fd_pass(void)
|
||||
G_N_ELEMENTS(iorecv),
|
||||
&fdrecv,
|
||||
&nfdrecv,
|
||||
+ 0,
|
||||
&error_abort);
|
||||
|
||||
g_assert(nfdrecv == G_N_ELEMENTS(fdsend));
|
||||
diff --git a/util/vhost-user-server.c b/util/vhost-user-server.c
|
||||
index 783d847a6d..e6a9ef72b7 100644
|
||||
--- a/util/vhost-user-server.c
|
||||
+++ b/util/vhost-user-server.c
|
||||
@@ -102,7 +102,7 @@ vu_message_read(VuDev *vu_dev, int conn_fd, VhostUserMsg *vmsg)
|
||||
* qio_channel_readv_full may have short reads, keeping calling it
|
||||
* until getting VHOST_USER_HDR_SIZE or 0 bytes in total
|
||||
*/
|
||||
- rc = qio_channel_readv_full(ioc, &iov, 1, &fds, &nfds, &local_err);
|
||||
+ rc = qio_channel_readv_full(ioc, &iov, 1, &fds, &nfds, 0, &local_err);
|
||||
if (rc < 0) {
|
||||
if (rc == QIO_CHANNEL_ERR_BLOCK) {
|
||||
assert(local_err == NULL);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
From 9b5e69ce5f4ba9541e55d801af16ece4969379e9 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Wolf <kwolf@redhat.com>
|
||||
Date: Fri, 9 Feb 2024 18:31:03 +0100
|
||||
Subject: [PATCH 4/4] iotests: Make 144 deterministic again
|
||||
|
||||
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-MergeRequest: 352: monitor: only run coroutine commands in qemu_aio_context
|
||||
RH-Jira: RHEL-7353
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Commit: [4/4] 4974a32174abefb509b7c46671a364b4b991449e
|
||||
|
||||
Since commit effd60c8 changed how QMP commands are processed, the order
|
||||
of the block-commit return value and job events in iotests 144 wasn't
|
||||
fixed and more and caused the test to fail intermittently.
|
||||
|
||||
Change the test to cache events first and then print them in a
|
||||
predefined order.
|
||||
|
||||
Waiting three times for JOB_STATUS_CHANGE is a bit uglier than just
|
||||
waiting for the JOB_STATUS_CHANGE that has "status": "ready", but the
|
||||
tooling we have doesn't seem to allow the latter easily.
|
||||
|
||||
Fixes: effd60c878176bcaf97fa7ce2b12d04bb8ead6f7
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2126
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-id: 20240209173103.239994-1-kwolf@redhat.com
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
(cherry picked from commit cc29c12ec629ba68a4a6cb7d165c94cc8502815a)
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
---
|
||||
tests/qemu-iotests/144 | 12 +++++++++++-
|
||||
tests/qemu-iotests/144.out | 2 +-
|
||||
2 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/qemu-iotests/144 b/tests/qemu-iotests/144
|
||||
index 60e9ddd75f..8c50d6487e 100755
|
||||
--- a/tests/qemu-iotests/144
|
||||
+++ b/tests/qemu-iotests/144
|
||||
@@ -83,12 +83,22 @@ echo
|
||||
echo === Performing block-commit on active layer ===
|
||||
echo
|
||||
|
||||
+capture_events="BLOCK_JOB_READY JOB_STATUS_CHANGE"
|
||||
+
|
||||
# Block commit on active layer, push the new overlay into base
|
||||
_send_qemu_cmd $h "{ 'execute': 'block-commit',
|
||||
'arguments': {
|
||||
'device': 'virtio0'
|
||||
}
|
||||
- }" "READY"
|
||||
+ }" "return"
|
||||
+
|
||||
+_wait_event $h "JOB_STATUS_CHANGE"
|
||||
+_wait_event $h "JOB_STATUS_CHANGE"
|
||||
+_wait_event $h "JOB_STATUS_CHANGE"
|
||||
+
|
||||
+_wait_event $h "BLOCK_JOB_READY"
|
||||
+
|
||||
+capture_events=
|
||||
|
||||
_send_qemu_cmd $h "{ 'execute': 'block-job-complete',
|
||||
'arguments': {
|
||||
diff --git a/tests/qemu-iotests/144.out b/tests/qemu-iotests/144.out
|
||||
index b3b4812015..2245ddfa10 100644
|
||||
--- a/tests/qemu-iotests/144.out
|
||||
+++ b/tests/qemu-iotests/144.out
|
||||
@@ -25,9 +25,9 @@ Formatting 'TEST_DIR/tmp.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off co
|
||||
'device': 'virtio0'
|
||||
}
|
||||
}
|
||||
+{"return": {}}
|
||||
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "virtio0"}}
|
||||
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "virtio0"}}
|
||||
-{"return": {}}
|
||||
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "virtio0"}}
|
||||
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "virtio0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
|
||||
{ 'execute': 'block-job-complete',
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
From f164083416a9d09712b8cb8c654dd3b8988e6c5c Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Date: Thu, 18 Jan 2024 09:48:21 -0500
|
||||
Subject: [PATCH 1/4] iotests: add filter_qmp_generated_node_ids()
|
||||
|
||||
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-MergeRequest: 352: monitor: only run coroutine commands in qemu_aio_context
|
||||
RH-Jira: RHEL-7353
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Commit: [1/4] cc276c8ef9e140203afc19fcd8b5b8e20577054d
|
||||
|
||||
Add a filter function for QMP responses that contain QEMU's
|
||||
automatically generated node ids. The ids change between runs and must
|
||||
be masked in the reference output.
|
||||
|
||||
The next commit will use this new function.
|
||||
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-ID: <20240118144823.1497953-2-stefanha@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit da62b507a20510d819bcfbe8f5e573409b954006)
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
---
|
||||
tests/qemu-iotests/iotests.py | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
|
||||
index 2ef493755c..fd41f93421 100644
|
||||
--- a/tests/qemu-iotests/iotests.py
|
||||
+++ b/tests/qemu-iotests/iotests.py
|
||||
@@ -521,6 +521,13 @@ def _filter(_key, value):
|
||||
def filter_generated_node_ids(msg):
|
||||
return re.sub("#block[0-9]+", "NODE_NAME", msg)
|
||||
|
||||
+def filter_qmp_generated_node_ids(qmsg):
|
||||
+ def _filter(_key, value):
|
||||
+ if is_str(value):
|
||||
+ return filter_generated_node_ids(value)
|
||||
+ return value
|
||||
+ return filter_qmp(qmsg, _filter)
|
||||
+
|
||||
def filter_img_info(output, filename):
|
||||
lines = []
|
||||
for line in output.split('\n'):
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,187 @@
|
|||
From 084e211448f40c3e9d9b1907f6c98dca9f998bc3 Mon Sep 17 00:00:00 2001
|
||||
From: Hanna Czenczek <hreitz@redhat.com>
|
||||
Date: Tue, 11 Apr 2023 19:34:18 +0200
|
||||
Subject: [PATCH 4/5] iotests/iov-padding: New test
|
||||
|
||||
RH-Author: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-MergeRequest: 291: block: Split padded I/O vectors exceeding IOV_MAX
|
||||
RH-Bugzilla: 2141964
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Commit: [4/5] a80be9c26ebd5503745989cd6823cb4814264258
|
||||
|
||||
Test that even vectored IO requests with 1024 vector elements that are
|
||||
not aligned to the device's request alignment will succeed.
|
||||
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Message-Id: <20230411173418.19549-5-hreitz@redhat.com>
|
||||
(cherry picked from commit d7e1905e3f54ff9512db4c7a946a8603b62b108d)
|
||||
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
---
|
||||
tests/qemu-iotests/tests/iov-padding | 85 ++++++++++++++++++++++++
|
||||
tests/qemu-iotests/tests/iov-padding.out | 59 ++++++++++++++++
|
||||
2 files changed, 144 insertions(+)
|
||||
create mode 100755 tests/qemu-iotests/tests/iov-padding
|
||||
create mode 100644 tests/qemu-iotests/tests/iov-padding.out
|
||||
|
||||
diff --git a/tests/qemu-iotests/tests/iov-padding b/tests/qemu-iotests/tests/iov-padding
|
||||
new file mode 100755
|
||||
index 0000000000..b9604900c7
|
||||
--- /dev/null
|
||||
+++ b/tests/qemu-iotests/tests/iov-padding
|
||||
@@ -0,0 +1,85 @@
|
||||
+#!/usr/bin/env bash
|
||||
+# group: rw quick
|
||||
+#
|
||||
+# Check the interaction of request padding (to fit alignment restrictions) with
|
||||
+# vectored I/O from the guest
|
||||
+#
|
||||
+# Copyright Red Hat
|
||||
+#
|
||||
+# This program is free software; you can redistribute it and/or modify
|
||||
+# it under the terms of the GNU General Public License as published by
|
||||
+# the Free Software Foundation; either version 2 of the License, or
|
||||
+# (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
+#
|
||||
+
|
||||
+seq=$(basename $0)
|
||||
+echo "QA output created by $seq"
|
||||
+
|
||||
+status=1 # failure is the default!
|
||||
+
|
||||
+_cleanup()
|
||||
+{
|
||||
+ _cleanup_test_img
|
||||
+}
|
||||
+trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
+
|
||||
+# get standard environment, filters and checks
|
||||
+cd ..
|
||||
+. ./common.rc
|
||||
+. ./common.filter
|
||||
+
|
||||
+_supported_fmt raw
|
||||
+_supported_proto file
|
||||
+
|
||||
+_make_test_img 1M
|
||||
+
|
||||
+IMGSPEC="driver=blkdebug,align=4096,image.driver=file,image.filename=$TEST_IMG"
|
||||
+
|
||||
+# Four combinations:
|
||||
+# - Offset 4096, length 1023 * 512 + 512: Fully aligned to 4k
|
||||
+# - Offset 4096, length 1023 * 512 + 4096: Head is aligned, tail is not
|
||||
+# - Offset 512, length 1023 * 512 + 512: Neither head nor tail are aligned
|
||||
+# - Offset 512, length 1023 * 512 + 4096: Tail is aligned, head is not
|
||||
+for start_offset in 4096 512; do
|
||||
+ for last_element_length in 512 4096; do
|
||||
+ length=$((1023 * 512 + $last_element_length))
|
||||
+
|
||||
+ echo
|
||||
+ echo "== performing 1024-element vectored requests to image (offset: $start_offset; length: $length) =="
|
||||
+
|
||||
+ # Fill with data for testing
|
||||
+ $QEMU_IO -c 'write -P 1 0 1M' "$TEST_IMG" | _filter_qemu_io
|
||||
+
|
||||
+ # 1023 512-byte buffers, and then one with length $last_element_length
|
||||
+ cmd_params="-P 2 $start_offset $(yes 512 | head -n 1023 | tr '\n' ' ') $last_element_length"
|
||||
+ QEMU_IO_OPTIONS="$QEMU_IO_OPTIONS_NO_FMT" $QEMU_IO \
|
||||
+ -c "writev $cmd_params" \
|
||||
+ --image-opts \
|
||||
+ "$IMGSPEC" \
|
||||
+ | _filter_qemu_io
|
||||
+
|
||||
+ # Read all patterns -- read the part we just wrote with writev twice,
|
||||
+ # once "normally", and once with a readv, so we see that that works, too
|
||||
+ QEMU_IO_OPTIONS="$QEMU_IO_OPTIONS_NO_FMT" $QEMU_IO \
|
||||
+ -c "read -P 1 0 $start_offset" \
|
||||
+ -c "read -P 2 $start_offset $length" \
|
||||
+ -c "readv $cmd_params" \
|
||||
+ -c "read -P 1 $((start_offset + length)) $((1024 * 1024 - length - start_offset))" \
|
||||
+ --image-opts \
|
||||
+ "$IMGSPEC" \
|
||||
+ | _filter_qemu_io
|
||||
+ done
|
||||
+done
|
||||
+
|
||||
+# success, all done
|
||||
+echo "*** done"
|
||||
+rm -f $seq.full
|
||||
+status=0
|
||||
diff --git a/tests/qemu-iotests/tests/iov-padding.out b/tests/qemu-iotests/tests/iov-padding.out
|
||||
new file mode 100644
|
||||
index 0000000000..e07a91fac7
|
||||
--- /dev/null
|
||||
+++ b/tests/qemu-iotests/tests/iov-padding.out
|
||||
@@ -0,0 +1,59 @@
|
||||
+QA output created by iov-padding
|
||||
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
|
||||
+
|
||||
+== performing 1024-element vectored requests to image (offset: 4096; length: 524288) ==
|
||||
+wrote 1048576/1048576 bytes at offset 0
|
||||
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+wrote 524288/524288 bytes at offset 4096
|
||||
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 4096/4096 bytes at offset 0
|
||||
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 524288/524288 bytes at offset 4096
|
||||
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 524288/524288 bytes at offset 4096
|
||||
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 520192/520192 bytes at offset 528384
|
||||
+508 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+
|
||||
+== performing 1024-element vectored requests to image (offset: 4096; length: 527872) ==
|
||||
+wrote 1048576/1048576 bytes at offset 0
|
||||
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+wrote 527872/527872 bytes at offset 4096
|
||||
+515.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 4096/4096 bytes at offset 0
|
||||
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 527872/527872 bytes at offset 4096
|
||||
+515.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 527872/527872 bytes at offset 4096
|
||||
+515.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 516608/516608 bytes at offset 531968
|
||||
+504.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+
|
||||
+== performing 1024-element vectored requests to image (offset: 512; length: 524288) ==
|
||||
+wrote 1048576/1048576 bytes at offset 0
|
||||
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+wrote 524288/524288 bytes at offset 512
|
||||
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 512/512 bytes at offset 0
|
||||
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 524288/524288 bytes at offset 512
|
||||
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 524288/524288 bytes at offset 512
|
||||
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 523776/523776 bytes at offset 524800
|
||||
+511.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+
|
||||
+== performing 1024-element vectored requests to image (offset: 512; length: 527872) ==
|
||||
+wrote 1048576/1048576 bytes at offset 0
|
||||
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+wrote 527872/527872 bytes at offset 512
|
||||
+515.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 512/512 bytes at offset 0
|
||||
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 527872/527872 bytes at offset 512
|
||||
+515.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 527872/527872 bytes at offset 512
|
||||
+515.500 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+read 520192/520192 bytes at offset 528384
|
||||
+508 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+*** done
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,601 @@
|
|||
From 968c8ff7ea7d43bf29d8e5f6e9e17f84168c22c4 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Date: Thu, 18 Jan 2024 09:48:22 -0500
|
||||
Subject: [PATCH 2/4] iotests: port 141 to Python for reliable QMP testing
|
||||
|
||||
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-MergeRequest: 352: monitor: only run coroutine commands in qemu_aio_context
|
||||
RH-Jira: RHEL-7353
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Commit: [2/4] ff0899262544b1b61b4c7de2eb798b664fe5202e
|
||||
|
||||
The common.qemu bash functions allow tests to interact with the QMP
|
||||
monitor of a QEMU process. I spent two days trying to update 141 when
|
||||
the order of the test output changed, but found it would still fail
|
||||
occassionally because printf() and QMP events race with synchronous QMP
|
||||
communication.
|
||||
|
||||
I gave up and ported 141 to the existing Python API for QMP tests. The
|
||||
Python API is less affected by the order in which QEMU prints output
|
||||
because it does not print all QMP traffic by default.
|
||||
|
||||
The next commit changes the order in which QMP messages are received.
|
||||
Make 141 reliable first.
|
||||
|
||||
Cc: Hanna Czenczek <hreitz@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-ID: <20240118144823.1497953-3-stefanha@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit 9ee2dd4c22a3639c5462b3fc20df60c005c3de64)
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
tests/qemu-iotests/141
|
||||
tests/qemu-iotests/141.out
|
||||
|
||||
This commit replaces these files anyway, so apply our changes instead
|
||||
of dragging in more dependencies to resolve context conflicts.
|
||||
---
|
||||
tests/qemu-iotests/141 | 307 ++++++++++++++++---------------------
|
||||
tests/qemu-iotests/141.out | 204 ++++++------------------
|
||||
2 files changed, 178 insertions(+), 333 deletions(-)
|
||||
|
||||
diff --git a/tests/qemu-iotests/141 b/tests/qemu-iotests/141
|
||||
index 115cc1691e..a7d3985a02 100755
|
||||
--- a/tests/qemu-iotests/141
|
||||
+++ b/tests/qemu-iotests/141
|
||||
@@ -1,9 +1,12 @@
|
||||
-#!/usr/bin/env bash
|
||||
+#!/usr/bin/env python3
|
||||
# group: rw auto quick
|
||||
#
|
||||
# Test case for ejecting BDSs with block jobs still running on them
|
||||
#
|
||||
-# Copyright (C) 2016 Red Hat, Inc.
|
||||
+# Originally written in bash by Hanna Czenczek, ported to Python by Stefan
|
||||
+# Hajnoczi.
|
||||
+#
|
||||
+# Copyright Red Hat
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -19,177 +22,129 @@
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
-# creator
|
||||
-owner=mreitz@redhat.com
|
||||
-
|
||||
-seq="$(basename $0)"
|
||||
-echo "QA output created by $seq"
|
||||
-
|
||||
-status=1 # failure is the default!
|
||||
-
|
||||
-_cleanup()
|
||||
-{
|
||||
- _cleanup_qemu
|
||||
- _cleanup_test_img
|
||||
- for img in "$TEST_DIR"/{b,m,o}.$IMGFMT; do
|
||||
- _rm_test_img "$img"
|
||||
- done
|
||||
-}
|
||||
-trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
-
|
||||
-# get standard environment, filters and checks
|
||||
-. ./common.rc
|
||||
-. ./common.filter
|
||||
-. ./common.qemu
|
||||
-
|
||||
-# Needs backing file and backing format support
|
||||
-_supported_fmt qcow2 qed
|
||||
-_supported_proto file
|
||||
-_supported_os Linux
|
||||
-
|
||||
-
|
||||
-test_blockjob()
|
||||
-{
|
||||
- _send_qemu_cmd $QEMU_HANDLE \
|
||||
- "{'execute': 'blockdev-add',
|
||||
- 'arguments': {
|
||||
- 'node-name': 'drv0',
|
||||
- 'driver': '$IMGFMT',
|
||||
- 'file': {
|
||||
- 'driver': 'file',
|
||||
- 'filename': '$TEST_IMG'
|
||||
- }}}" \
|
||||
- 'return'
|
||||
-
|
||||
- # If "$2" is an event, we may or may not see it before the
|
||||
- # {"return": {}}. Therefore, filter the {"return": {}} out both
|
||||
- # here and in the next command. (Naturally, if we do not see it
|
||||
- # here, we will see it before the next command can be executed,
|
||||
- # so it will appear in the next _send_qemu_cmd's output.)
|
||||
- _send_qemu_cmd $QEMU_HANDLE \
|
||||
- "$1" \
|
||||
- "$2" \
|
||||
- | _filter_img_create | _filter_qmp_empty_return
|
||||
-
|
||||
- # We want this to return an error because the block job is still running
|
||||
- _send_qemu_cmd $QEMU_HANDLE \
|
||||
- "{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}" \
|
||||
- 'error' | _filter_generated_node_ids | _filter_qmp_empty_return
|
||||
-
|
||||
- _send_qemu_cmd $QEMU_HANDLE \
|
||||
- "{'execute': 'block-job-cancel',
|
||||
- 'arguments': {'device': 'job0'}}" \
|
||||
- "$3"
|
||||
-
|
||||
- _send_qemu_cmd $QEMU_HANDLE \
|
||||
- "{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}" \
|
||||
- 'return'
|
||||
-}
|
||||
-
|
||||
-
|
||||
-TEST_IMG="$TEST_DIR/b.$IMGFMT" _make_test_img 1M
|
||||
-TEST_IMG="$TEST_DIR/m.$IMGFMT" _make_test_img -b "$TEST_DIR/b.$IMGFMT" -F $IMGFMT 1M
|
||||
-_make_test_img -b "$TEST_DIR/m.$IMGFMT" 1M -F $IMGFMT
|
||||
-
|
||||
-_launch_qemu -nodefaults
|
||||
-
|
||||
-_send_qemu_cmd $QEMU_HANDLE \
|
||||
- "{'execute': 'qmp_capabilities'}" \
|
||||
- 'return'
|
||||
-
|
||||
-echo
|
||||
-echo '=== Testing drive-backup ==='
|
||||
-echo
|
||||
-
|
||||
-# drive-backup will not send BLOCK_JOB_READY by itself, and cancelling the job
|
||||
-# will consequently result in BLOCK_JOB_CANCELLED being emitted.
|
||||
-
|
||||
-test_blockjob \
|
||||
- "{'execute': 'drive-backup',
|
||||
- 'arguments': {'job-id': 'job0',
|
||||
- 'device': 'drv0',
|
||||
- 'target': '$TEST_DIR/o.$IMGFMT',
|
||||
- 'format': '$IMGFMT',
|
||||
- 'sync': 'none'}}" \
|
||||
- 'return' \
|
||||
- '"status": "null"'
|
||||
-
|
||||
-echo
|
||||
-echo '=== Testing drive-mirror ==='
|
||||
-echo
|
||||
-
|
||||
-# drive-mirror will send BLOCK_JOB_READY basically immediately, and cancelling
|
||||
-# the job will consequently result in BLOCK_JOB_COMPLETED being emitted.
|
||||
-
|
||||
-test_blockjob \
|
||||
- "{'execute': 'drive-mirror',
|
||||
- 'arguments': {'job-id': 'job0',
|
||||
- 'device': 'drv0',
|
||||
- 'target': '$TEST_DIR/o.$IMGFMT',
|
||||
- 'format': '$IMGFMT',
|
||||
- 'sync': 'none'}}" \
|
||||
- 'BLOCK_JOB_READY' \
|
||||
- '"status": "null"'
|
||||
-
|
||||
-echo
|
||||
-echo '=== Testing active block-commit ==='
|
||||
-echo
|
||||
-
|
||||
-# An active block-commit will send BLOCK_JOB_READY basically immediately, and
|
||||
-# cancelling the job will consequently result in BLOCK_JOB_COMPLETED being
|
||||
-# emitted.
|
||||
-
|
||||
-test_blockjob \
|
||||
- "{'execute': 'block-commit',
|
||||
- 'arguments': {'job-id': 'job0', 'device': 'drv0'}}" \
|
||||
- 'BLOCK_JOB_READY' \
|
||||
- '"status": "null"'
|
||||
-
|
||||
-echo
|
||||
-echo '=== Testing non-active block-commit ==='
|
||||
-echo
|
||||
-
|
||||
-# Give block-commit something to work on, otherwise it would be done
|
||||
-# immediately, send a BLOCK_JOB_COMPLETED and ejecting the BDS would work just
|
||||
-# fine without the block job still running.
|
||||
-
|
||||
-$QEMU_IO -c 'write 0 1M' "$TEST_DIR/m.$IMGFMT" | _filter_qemu_io
|
||||
-
|
||||
-test_blockjob \
|
||||
- "{'execute': 'block-commit',
|
||||
- 'arguments': {'job-id': 'job0',
|
||||
- 'device': 'drv0',
|
||||
- 'top': '$TEST_DIR/m.$IMGFMT',
|
||||
- 'speed': 1}}" \
|
||||
- 'return' \
|
||||
- '"status": "null"'
|
||||
-
|
||||
-echo
|
||||
-echo '=== Testing block-stream ==='
|
||||
-echo
|
||||
-
|
||||
-# Give block-stream something to work on, otherwise it would be done
|
||||
-# immediately, send a BLOCK_JOB_COMPLETED and ejecting the BDS would work just
|
||||
-# fine without the block job still running.
|
||||
-
|
||||
-$QEMU_IO -c 'write 0 1M' "$TEST_DIR/b.$IMGFMT" | _filter_qemu_io
|
||||
-
|
||||
-# With some data to stream (and @speed set to 1), block-stream will not complete
|
||||
-# until we send the block-job-cancel command.
|
||||
-
|
||||
-test_blockjob \
|
||||
- "{'execute': 'block-stream',
|
||||
- 'arguments': {'job-id': 'job0',
|
||||
- 'device': 'drv0',
|
||||
- 'speed': 1}}" \
|
||||
- 'return' \
|
||||
- '"status": "null"'
|
||||
-
|
||||
-_cleanup_qemu
|
||||
-
|
||||
-# success, all done
|
||||
-echo "*** done"
|
||||
-rm -f $seq.full
|
||||
-status=0
|
||||
+import iotests
|
||||
+
|
||||
+# Common filters to mask values that vary in the test output
|
||||
+QMP_FILTERS = [iotests.filter_qmp_testfiles, \
|
||||
+ iotests.filter_qmp_imgfmt]
|
||||
+
|
||||
+
|
||||
+class TestCase:
|
||||
+ def __init__(self, name, vm, image_path, cancel_event):
|
||||
+ self.name = name
|
||||
+ self.vm = vm
|
||||
+ self.image_path = image_path
|
||||
+ self.cancel_event = cancel_event
|
||||
+
|
||||
+ def __enter__(self):
|
||||
+ iotests.log(f'=== Testing {self.name} ===')
|
||||
+ self.vm.qmp_log('blockdev-add', \
|
||||
+ node_name='drv0', \
|
||||
+ driver=iotests.imgfmt, \
|
||||
+ file={'driver': 'file', 'filename': self.image_path}, \
|
||||
+ filters=QMP_FILTERS)
|
||||
+
|
||||
+ def __exit__(self, *exc_details):
|
||||
+ # This is expected to fail because the job still exists
|
||||
+ self.vm.qmp_log('blockdev-del', node_name='drv0', \
|
||||
+ filters=[iotests.filter_qmp_generated_node_ids])
|
||||
+
|
||||
+ self.vm.qmp_log('block-job-cancel', device='job0')
|
||||
+ event = self.vm.event_wait(self.cancel_event)
|
||||
+ iotests.log(event, filters=[iotests.filter_qmp_event])
|
||||
+
|
||||
+ # This time it succeeds
|
||||
+ self.vm.qmp_log('blockdev-del', node_name='drv0')
|
||||
+
|
||||
+ # Separate test cases in output
|
||||
+ iotests.log('')
|
||||
+
|
||||
+
|
||||
+def main() -> None:
|
||||
+ with iotests.FilePath('bottom', 'middle', 'top', 'target') as \
|
||||
+ (bottom_path, middle_path, top_path, target_path), \
|
||||
+ iotests.VM() as vm:
|
||||
+
|
||||
+ iotests.log('Creating bottom <- middle <- top backing file chain...')
|
||||
+ IMAGE_SIZE='1M'
|
||||
+ iotests.qemu_img_create('-f', iotests.imgfmt, bottom_path, IMAGE_SIZE)
|
||||
+ iotests.qemu_img_create('-f', iotests.imgfmt, \
|
||||
+ '-F', iotests.imgfmt, \
|
||||
+ '-b', bottom_path, \
|
||||
+ middle_path, \
|
||||
+ IMAGE_SIZE)
|
||||
+ iotests.qemu_img_create('-f', iotests.imgfmt, \
|
||||
+ '-F', iotests.imgfmt, \
|
||||
+ '-b', middle_path, \
|
||||
+ top_path, \
|
||||
+ IMAGE_SIZE)
|
||||
+
|
||||
+ iotests.log('Starting VM...')
|
||||
+ vm.add_args('-nodefaults')
|
||||
+ vm.launch()
|
||||
+
|
||||
+ # drive-backup will not send BLOCK_JOB_READY by itself, and cancelling
|
||||
+ # the job will consequently result in BLOCK_JOB_CANCELLED being
|
||||
+ # emitted.
|
||||
+ with TestCase('drive-backup', vm, top_path, 'BLOCK_JOB_CANCELLED'):
|
||||
+ vm.qmp_log('drive-backup', \
|
||||
+ job_id='job0', \
|
||||
+ device='drv0', \
|
||||
+ target=target_path, \
|
||||
+ format=iotests.imgfmt, \
|
||||
+ sync='none', \
|
||||
+ filters=QMP_FILTERS)
|
||||
+
|
||||
+ # drive-mirror will send BLOCK_JOB_READY basically immediately, and
|
||||
+ # cancelling the job will consequently result in BLOCK_JOB_COMPLETED
|
||||
+ # being emitted.
|
||||
+ with TestCase('drive-mirror', vm, top_path, 'BLOCK_JOB_COMPLETED'):
|
||||
+ vm.qmp_log('drive-mirror', \
|
||||
+ job_id='job0', \
|
||||
+ device='drv0', \
|
||||
+ target=target_path, \
|
||||
+ format=iotests.imgfmt, \
|
||||
+ sync='none', \
|
||||
+ filters=QMP_FILTERS)
|
||||
+ event = vm.event_wait('BLOCK_JOB_READY')
|
||||
+ assert event is not None # silence mypy
|
||||
+ iotests.log(event, filters=[iotests.filter_qmp_event])
|
||||
+
|
||||
+ # An active block-commit will send BLOCK_JOB_READY basically
|
||||
+ # immediately, and cancelling the job will consequently result in
|
||||
+ # BLOCK_JOB_COMPLETED being emitted.
|
||||
+ with TestCase('active block-commit', vm, top_path, \
|
||||
+ 'BLOCK_JOB_COMPLETED'):
|
||||
+ vm.qmp_log('block-commit', \
|
||||
+ job_id='job0', \
|
||||
+ device='drv0')
|
||||
+ event = vm.event_wait('BLOCK_JOB_READY')
|
||||
+ assert event is not None # silence mypy
|
||||
+ iotests.log(event, filters=[iotests.filter_qmp_event])
|
||||
+
|
||||
+ # Give block-commit something to work on, otherwise it would be done
|
||||
+ # immediately, send a BLOCK_JOB_COMPLETED and ejecting the BDS would
|
||||
+ # work just fine without the block job still running.
|
||||
+ iotests.qemu_io(middle_path, '-c', f'write 0 {IMAGE_SIZE}')
|
||||
+ with TestCase('non-active block-commit', vm, top_path, \
|
||||
+ 'BLOCK_JOB_CANCELLED'):
|
||||
+ vm.qmp_log('block-commit', \
|
||||
+ job_id='job0', \
|
||||
+ device='drv0', \
|
||||
+ top=middle_path, \
|
||||
+ speed=1, \
|
||||
+ filters=[iotests.filter_qmp_testfiles])
|
||||
+
|
||||
+ # Give block-stream something to work on, otherwise it would be done
|
||||
+ # immediately, send a BLOCK_JOB_COMPLETED and ejecting the BDS would
|
||||
+ # work just fine without the block job still running.
|
||||
+ iotests.qemu_io(bottom_path, '-c', f'write 0 {IMAGE_SIZE}')
|
||||
+ with TestCase('block-stream', vm, top_path, 'BLOCK_JOB_CANCELLED'):
|
||||
+ vm.qmp_log('block-stream', \
|
||||
+ job_id='job0', \
|
||||
+ device='drv0', \
|
||||
+ speed=1)
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+ iotests.script_main(main, supported_fmts=['qcow2', 'qed'],
|
||||
+ supported_protocols=['file'])
|
||||
diff --git a/tests/qemu-iotests/141.out b/tests/qemu-iotests/141.out
|
||||
index c4c15fb275..91b7ba50af 100644
|
||||
--- a/tests/qemu-iotests/141.out
|
||||
+++ b/tests/qemu-iotests/141.out
|
||||
@@ -1,179 +1,69 @@
|
||||
-QA output created by 141
|
||||
-Formatting 'TEST_DIR/b.IMGFMT', fmt=IMGFMT size=1048576
|
||||
-Formatting 'TEST_DIR/m.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/b.IMGFMT backing_fmt=IMGFMT
|
||||
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/m.IMGFMT backing_fmt=IMGFMT
|
||||
-{'execute': 'qmp_capabilities'}
|
||||
-{"return": {}}
|
||||
-
|
||||
+Creating bottom <- middle <- top backing file chain...
|
||||
+Starting VM...
|
||||
=== Testing drive-backup ===
|
||||
-
|
||||
-{'execute': 'blockdev-add',
|
||||
- 'arguments': {
|
||||
- 'node-name': 'drv0',
|
||||
- 'driver': 'IMGFMT',
|
||||
- 'file': {
|
||||
- 'driver': 'file',
|
||||
- 'filename': 'TEST_DIR/t.IMGFMT'
|
||||
- }}}
|
||||
-{"return": {}}
|
||||
-{'execute': 'drive-backup',
|
||||
-'arguments': {'job-id': 'job0',
|
||||
-'device': 'drv0',
|
||||
-'target': 'TEST_DIR/o.IMGFMT',
|
||||
-'format': 'IMGFMT',
|
||||
-'sync': 'none'}}
|
||||
-Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "paused", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"execute": "blockdev-add", "arguments": {"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_DIR/PID-top"}, "node-name": "drv0"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "drive-backup", "arguments": {"device": "drv0", "format": "IMGFMT", "job-id": "job0", "sync": "none", "target": "TEST_DIR/PID-target"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: node is used as backing hd of 'NODE_NAME'"}}
|
||||
-{'execute': 'block-job-cancel',
|
||||
- 'arguments': {'device': 'job0'}}
|
||||
+{"execute": "block-job-cancel", "arguments": {"device": "job0"}}
|
||||
{"return": {}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_CANCELLED", "data": {"device": "job0", "len": 1048576, "offset": 0, "speed": 0, "type": "backup"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"data": {"device": "job0", "len": 1048576, "offset": 0, "speed": 0, "type": "backup"}, "event": "BLOCK_JOB_CANCELLED", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"return": {}}
|
||||
|
||||
=== Testing drive-mirror ===
|
||||
-
|
||||
-{'execute': 'blockdev-add',
|
||||
- 'arguments': {
|
||||
- 'node-name': 'drv0',
|
||||
- 'driver': 'IMGFMT',
|
||||
- 'file': {
|
||||
- 'driver': 'file',
|
||||
- 'filename': 'TEST_DIR/t.IMGFMT'
|
||||
- }}}
|
||||
-{"return": {}}
|
||||
-{'execute': 'drive-mirror',
|
||||
-'arguments': {'job-id': 'job0',
|
||||
-'device': 'drv0',
|
||||
-'target': 'TEST_DIR/o.IMGFMT',
|
||||
-'format': 'IMGFMT',
|
||||
-'sync': 'none'}}
|
||||
-Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"execute": "blockdev-add", "arguments": {"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_DIR/PID-top"}, "node-name": "drv0"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "drive-mirror", "arguments": {"device": "drv0", "format": "IMGFMT", "job-id": "job0", "sync": "none", "target": "TEST_DIR/PID-target"}}
|
||||
+{"return": {}}
|
||||
+{"data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_READY", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: block device is in use by block job: mirror"}}
|
||||
-{'execute': 'block-job-cancel',
|
||||
- 'arguments': {'device': 'job0'}}
|
||||
+{"execute": "block-job-cancel", "arguments": {"device": "job0"}}
|
||||
{"return": {}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"return": {}}
|
||||
|
||||
=== Testing active block-commit ===
|
||||
-
|
||||
-{'execute': 'blockdev-add',
|
||||
- 'arguments': {
|
||||
- 'node-name': 'drv0',
|
||||
- 'driver': 'IMGFMT',
|
||||
- 'file': {
|
||||
- 'driver': 'file',
|
||||
- 'filename': 'TEST_DIR/t.IMGFMT'
|
||||
- }}}
|
||||
-{"return": {}}
|
||||
-{'execute': 'block-commit',
|
||||
-'arguments': {'job-id': 'job0', 'device': 'drv0'}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"execute": "blockdev-add", "arguments": {"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_DIR/PID-top"}, "node-name": "drv0"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "block-commit", "arguments": {"device": "drv0", "job-id": "job0"}}
|
||||
+{"return": {}}
|
||||
+{"data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}, "event": "BLOCK_JOB_READY", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: block device is in use by block job: commit"}}
|
||||
-{'execute': 'block-job-cancel',
|
||||
- 'arguments': {'device': 'job0'}}
|
||||
+{"execute": "block-job-cancel", "arguments": {"device": "job0"}}
|
||||
{"return": {}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"return": {}}
|
||||
|
||||
=== Testing non-active block-commit ===
|
||||
-
|
||||
-wrote 1048576/1048576 bytes at offset 0
|
||||
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
-{'execute': 'blockdev-add',
|
||||
- 'arguments': {
|
||||
- 'node-name': 'drv0',
|
||||
- 'driver': 'IMGFMT',
|
||||
- 'file': {
|
||||
- 'driver': 'file',
|
||||
- 'filename': 'TEST_DIR/t.IMGFMT'
|
||||
- }}}
|
||||
-{"return": {}}
|
||||
-{'execute': 'block-commit',
|
||||
-'arguments': {'job-id': 'job0',
|
||||
-'device': 'drv0',
|
||||
-'top': 'TEST_DIR/m.IMGFMT',
|
||||
-'speed': 1}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
-{"error": {"class": "GenericError", "desc": "Node drv0 is in use"}}
|
||||
-{'execute': 'block-job-cancel',
|
||||
- 'arguments': {'device': 'job0'}}
|
||||
-{"return": {}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_CANCELLED", "data": {"device": "job0", "len": 1048576, "offset": 524288, "speed": 1, "type": "commit"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"execute": "blockdev-add", "arguments": {"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_DIR/PID-top"}, "node-name": "drv0"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "block-commit", "arguments": {"device": "drv0", "job-id": "job0", "speed": 1, "top": "TEST_DIR/PID-middle"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
+{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: block device is in use by block job: commit"}}
|
||||
+{"execute": "block-job-cancel", "arguments": {"device": "job0"}}
|
||||
+{"return": {}}
|
||||
+{"data": {"device": "job0", "len": 1048576, "offset": 524288, "speed": 1, "type": "commit"}, "event": "BLOCK_JOB_CANCELLED", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"return": {}}
|
||||
|
||||
=== Testing block-stream ===
|
||||
-
|
||||
-wrote 1048576/1048576 bytes at offset 0
|
||||
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
-{'execute': 'blockdev-add',
|
||||
- 'arguments': {
|
||||
- 'node-name': 'drv0',
|
||||
- 'driver': 'IMGFMT',
|
||||
- 'file': {
|
||||
- 'driver': 'file',
|
||||
- 'filename': 'TEST_DIR/t.IMGFMT'
|
||||
- }}}
|
||||
-{"return": {}}
|
||||
-{'execute': 'block-stream',
|
||||
-'arguments': {'job-id': 'job0',
|
||||
-'device': 'drv0',
|
||||
-'speed': 1}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"execute": "blockdev-add", "arguments": {"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_DIR/PID-top"}, "node-name": "drv0"}}
|
||||
+{"return": {}}
|
||||
+{"execute": "block-stream", "arguments": {"device": "drv0", "job-id": "job0", "speed": 1}}
|
||||
+{"return": {}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: block device is in use by block job: stream"}}
|
||||
-{'execute': 'block-job-cancel',
|
||||
- 'arguments': {'device': 'job0'}}
|
||||
+{"execute": "block-job-cancel", "arguments": {"device": "job0"}}
|
||||
{"return": {}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_CANCELLED", "data": {"device": "job0", "len": 1048576, "offset": 524288, "speed": 1, "type": "stream"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}}
|
||||
-{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}}
|
||||
-{'execute': 'blockdev-del',
|
||||
- 'arguments': {'node-name': 'drv0'}}
|
||||
+{"data": {"device": "job0", "len": 1048576, "offset": 524288, "speed": 1, "type": "stream"}, "event": "BLOCK_JOB_CANCELLED", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
|
||||
+{"execute": "blockdev-del", "arguments": {"node-name": "drv0"}}
|
||||
{"return": {}}
|
||||
-*** done
|
||||
+
|
||||
--
|
||||
2.39.3
|
||||
|
|
@ -0,0 +1,290 @@
|
|||
From 93ec857c46911b95ed8e3abc6a9d432ae847c084 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Mon, 16 Jan 2023 07:51:56 -0500
|
||||
Subject: [PATCH 06/11] kvm: Atomic memslot updates
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 247: accel: introduce accelerator blocker API
|
||||
RH-Bugzilla: 2161188
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [3/3] 520e41c0f58066a7381a5f6b32b81bc01cce51c0
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2161188
|
||||
|
||||
commit f39b7d2b96e3e73c01bb678cd096f7baf0b9ab39
|
||||
Author: David Hildenbrand <david@redhat.com>
|
||||
Date: Fri Nov 11 10:47:58 2022 -0500
|
||||
|
||||
kvm: Atomic memslot updates
|
||||
|
||||
If we update an existing memslot (e.g., resize, split), we temporarily
|
||||
remove the memslot to re-add it immediately afterwards. These updates
|
||||
are not atomic, especially not for KVM VCPU threads, such that we can
|
||||
get spurious faults.
|
||||
|
||||
Let's inhibit most KVM ioctls while performing relevant updates, such
|
||||
that we can perform the update just as if it would happen atomically
|
||||
without additional kernel support.
|
||||
|
||||
We capture the add/del changes and apply them in the notifier commit
|
||||
stage instead. There, we can check for overlaps and perform the ioctl
|
||||
inhibiting only if really required (-> overlap).
|
||||
|
||||
To keep things simple we don't perform additional checks that wouldn't
|
||||
actually result in an overlap -- such as !RAM memory regions in some
|
||||
cases (see kvm_set_phys_mem()).
|
||||
|
||||
To minimize cache-line bouncing, use a separate indicator
|
||||
(in_ioctl_lock) per CPU. Also, make sure to hold the kvm_slots_lock
|
||||
while performing both actions (removing+re-adding).
|
||||
|
||||
We have to wait until all IOCTLs were exited and block new ones from
|
||||
getting executed.
|
||||
|
||||
This approach cannot result in a deadlock as long as the inhibitor does
|
||||
not hold any locks that might hinder an IOCTL from getting finished and
|
||||
exited - something fairly unusual. The inhibitor will always hold the BQL.
|
||||
|
||||
AFAIKs, one possible candidate would be userfaultfd. If a page cannot be
|
||||
placed (e.g., during postcopy), because we're waiting for a lock, or if the
|
||||
userfaultfd thread cannot process a fault, because it is waiting for a
|
||||
lock, there could be a deadlock. However, the BQL is not applicable here,
|
||||
because any other guest memory access while holding the BQL would already
|
||||
result in a deadlock.
|
||||
|
||||
Nothing else in the kernel should block forever and wait for userspace
|
||||
intervention.
|
||||
|
||||
Note: pause_all_vcpus()/resume_all_vcpus() or
|
||||
start_exclusive()/end_exclusive() cannot be used, as they either drop
|
||||
the BQL or require to be called without the BQL - something inhibitors
|
||||
cannot handle. We need a low-level locking mechanism that is
|
||||
deadlock-free even when not releasing the BQL.
|
||||
|
||||
Signed-off-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Tested-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Message-Id: <20221111154758.1372674-4-eesposit@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
accel/kvm/kvm-all.c: include "sysemu/dirtylimit.h" is missing in
|
||||
rhel 8.8.0
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
accel/kvm/kvm-all.c | 101 ++++++++++++++++++++++++++++++++++-----
|
||||
include/sysemu/kvm_int.h | 8 ++++
|
||||
2 files changed, 98 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
|
||||
index 221aadfda7..3b7bc39823 100644
|
||||
--- a/accel/kvm/kvm-all.c
|
||||
+++ b/accel/kvm/kvm-all.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include "sysemu/kvm_int.h"
|
||||
#include "sysemu/runstate.h"
|
||||
#include "sysemu/cpus.h"
|
||||
+#include "sysemu/accel-blocker.h"
|
||||
#include "qemu/bswap.h"
|
||||
#include "exec/memory.h"
|
||||
#include "exec/ram_addr.h"
|
||||
@@ -45,6 +46,7 @@
|
||||
#include "qemu/guest-random.h"
|
||||
#include "sysemu/hw_accel.h"
|
||||
#include "kvm-cpus.h"
|
||||
+#include "qemu/range.h"
|
||||
|
||||
#include "hw/boards.h"
|
||||
|
||||
@@ -1334,6 +1336,7 @@ void kvm_set_max_memslot_size(hwaddr max_slot_size)
|
||||
kvm_max_slot_size = max_slot_size;
|
||||
}
|
||||
|
||||
+/* Called with KVMMemoryListener.slots_lock held */
|
||||
static void kvm_set_phys_mem(KVMMemoryListener *kml,
|
||||
MemoryRegionSection *section, bool add)
|
||||
{
|
||||
@@ -1368,14 +1371,12 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
|
||||
ram = memory_region_get_ram_ptr(mr) + mr_offset;
|
||||
ram_start_offset = memory_region_get_ram_addr(mr) + mr_offset;
|
||||
|
||||
- kvm_slots_lock();
|
||||
-
|
||||
if (!add) {
|
||||
do {
|
||||
slot_size = MIN(kvm_max_slot_size, size);
|
||||
mem = kvm_lookup_matching_slot(kml, start_addr, slot_size);
|
||||
if (!mem) {
|
||||
- goto out;
|
||||
+ return;
|
||||
}
|
||||
if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
|
||||
/*
|
||||
@@ -1413,7 +1414,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
|
||||
start_addr += slot_size;
|
||||
size -= slot_size;
|
||||
} while (size);
|
||||
- goto out;
|
||||
+ return;
|
||||
}
|
||||
|
||||
/* register the new slot */
|
||||
@@ -1438,9 +1439,6 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
|
||||
ram += slot_size;
|
||||
size -= slot_size;
|
||||
} while (size);
|
||||
-
|
||||
-out:
|
||||
- kvm_slots_unlock();
|
||||
}
|
||||
|
||||
static void *kvm_dirty_ring_reaper_thread(void *data)
|
||||
@@ -1492,18 +1490,95 @@ static void kvm_region_add(MemoryListener *listener,
|
||||
MemoryRegionSection *section)
|
||||
{
|
||||
KVMMemoryListener *kml = container_of(listener, KVMMemoryListener, listener);
|
||||
+ KVMMemoryUpdate *update;
|
||||
+
|
||||
+ update = g_new0(KVMMemoryUpdate, 1);
|
||||
+ update->section = *section;
|
||||
|
||||
- memory_region_ref(section->mr);
|
||||
- kvm_set_phys_mem(kml, section, true);
|
||||
+ QSIMPLEQ_INSERT_TAIL(&kml->transaction_add, update, next);
|
||||
}
|
||||
|
||||
static void kvm_region_del(MemoryListener *listener,
|
||||
MemoryRegionSection *section)
|
||||
{
|
||||
KVMMemoryListener *kml = container_of(listener, KVMMemoryListener, listener);
|
||||
+ KVMMemoryUpdate *update;
|
||||
+
|
||||
+ update = g_new0(KVMMemoryUpdate, 1);
|
||||
+ update->section = *section;
|
||||
+
|
||||
+ QSIMPLEQ_INSERT_TAIL(&kml->transaction_del, update, next);
|
||||
+}
|
||||
+
|
||||
+static void kvm_region_commit(MemoryListener *listener)
|
||||
+{
|
||||
+ KVMMemoryListener *kml = container_of(listener, KVMMemoryListener,
|
||||
+ listener);
|
||||
+ KVMMemoryUpdate *u1, *u2;
|
||||
+ bool need_inhibit = false;
|
||||
+
|
||||
+ if (QSIMPLEQ_EMPTY(&kml->transaction_add) &&
|
||||
+ QSIMPLEQ_EMPTY(&kml->transaction_del)) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * We have to be careful when regions to add overlap with ranges to remove.
|
||||
+ * We have to simulate atomic KVM memslot updates by making sure no ioctl()
|
||||
+ * is currently active.
|
||||
+ *
|
||||
+ * The lists are order by addresses, so it's easy to find overlaps.
|
||||
+ */
|
||||
+ u1 = QSIMPLEQ_FIRST(&kml->transaction_del);
|
||||
+ u2 = QSIMPLEQ_FIRST(&kml->transaction_add);
|
||||
+ while (u1 && u2) {
|
||||
+ Range r1, r2;
|
||||
+
|
||||
+ range_init_nofail(&r1, u1->section.offset_within_address_space,
|
||||
+ int128_get64(u1->section.size));
|
||||
+ range_init_nofail(&r2, u2->section.offset_within_address_space,
|
||||
+ int128_get64(u2->section.size));
|
||||
+
|
||||
+ if (range_overlaps_range(&r1, &r2)) {
|
||||
+ need_inhibit = true;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (range_lob(&r1) < range_lob(&r2)) {
|
||||
+ u1 = QSIMPLEQ_NEXT(u1, next);
|
||||
+ } else {
|
||||
+ u2 = QSIMPLEQ_NEXT(u2, next);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ kvm_slots_lock();
|
||||
+ if (need_inhibit) {
|
||||
+ accel_ioctl_inhibit_begin();
|
||||
+ }
|
||||
+
|
||||
+ /* Remove all memslots before adding the new ones. */
|
||||
+ while (!QSIMPLEQ_EMPTY(&kml->transaction_del)) {
|
||||
+ u1 = QSIMPLEQ_FIRST(&kml->transaction_del);
|
||||
+ QSIMPLEQ_REMOVE_HEAD(&kml->transaction_del, next);
|
||||
|
||||
- kvm_set_phys_mem(kml, section, false);
|
||||
- memory_region_unref(section->mr);
|
||||
+ kvm_set_phys_mem(kml, &u1->section, false);
|
||||
+ memory_region_unref(u1->section.mr);
|
||||
+
|
||||
+ g_free(u1);
|
||||
+ }
|
||||
+ while (!QSIMPLEQ_EMPTY(&kml->transaction_add)) {
|
||||
+ u1 = QSIMPLEQ_FIRST(&kml->transaction_add);
|
||||
+ QSIMPLEQ_REMOVE_HEAD(&kml->transaction_add, next);
|
||||
+
|
||||
+ memory_region_ref(u1->section.mr);
|
||||
+ kvm_set_phys_mem(kml, &u1->section, true);
|
||||
+
|
||||
+ g_free(u1);
|
||||
+ }
|
||||
+
|
||||
+ if (need_inhibit) {
|
||||
+ accel_ioctl_inhibit_end();
|
||||
+ }
|
||||
+ kvm_slots_unlock();
|
||||
}
|
||||
|
||||
static void kvm_log_sync(MemoryListener *listener,
|
||||
@@ -1647,8 +1722,12 @@ void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
|
||||
kml->slots[i].slot = i;
|
||||
}
|
||||
|
||||
+ QSIMPLEQ_INIT(&kml->transaction_add);
|
||||
+ QSIMPLEQ_INIT(&kml->transaction_del);
|
||||
+
|
||||
kml->listener.region_add = kvm_region_add;
|
||||
kml->listener.region_del = kvm_region_del;
|
||||
+ kml->listener.commit = kvm_region_commit;
|
||||
kml->listener.log_start = kvm_log_start;
|
||||
kml->listener.log_stop = kvm_log_stop;
|
||||
kml->listener.priority = 10;
|
||||
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
|
||||
index 1f5487d9b7..7e18c0a3c0 100644
|
||||
--- a/include/sysemu/kvm_int.h
|
||||
+++ b/include/sysemu/kvm_int.h
|
||||
@@ -11,6 +11,7 @@
|
||||
|
||||
#include "exec/memory.h"
|
||||
#include "qemu/accel.h"
|
||||
+#include "qemu/queue.h"
|
||||
#include "sysemu/kvm.h"
|
||||
|
||||
typedef struct KVMSlot
|
||||
@@ -30,10 +31,17 @@ typedef struct KVMSlot
|
||||
ram_addr_t ram_start_offset;
|
||||
} KVMSlot;
|
||||
|
||||
+typedef struct KVMMemoryUpdate {
|
||||
+ QSIMPLEQ_ENTRY(KVMMemoryUpdate) next;
|
||||
+ MemoryRegionSection section;
|
||||
+} KVMMemoryUpdate;
|
||||
+
|
||||
typedef struct KVMMemoryListener {
|
||||
MemoryListener listener;
|
||||
KVMSlot *slots;
|
||||
int as_id;
|
||||
+ QSIMPLEQ_HEAD(, KVMMemoryUpdate) transaction_add;
|
||||
+ QSIMPLEQ_HEAD(, KVMMemoryUpdate) transaction_del;
|
||||
} KVMMemoryListener;
|
||||
|
||||
void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
From 8f19df61a101c1e57a1bce8adddb57a4a7123a77 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Tue, 16 May 2023 11:05:56 +0200
|
||||
Subject: [PATCH 11/15] lsi53c895a: disable reentrancy detection for MMIO
|
||||
region, too
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [11/12] 8016c86f8432f5ea06c831d1181e87e6d45a6a50 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit d139fe9ad8a27bcc50b4ead77d2f97d191a0e95e
|
||||
Author: Thomas Huth <thuth@redhat.com>
|
||||
Date: Tue May 16 11:05:56 2023 +0200
|
||||
|
||||
lsi53c895a: disable reentrancy detection for MMIO region, too
|
||||
|
||||
While trying to use a SCSI disk on the LSI controller with an
|
||||
older version of Fedora (25), I'm getting:
|
||||
|
||||
qemu: warning: Blocked re-entrant IO on MemoryRegion: lsi-mmio at addr: 0x34
|
||||
|
||||
and the SCSI controller is not usable. Seems like we have to
|
||||
disable the reentrancy checker for the MMIO region, too, to
|
||||
get this working again.
|
||||
|
||||
The problem could be reproduced it like this:
|
||||
|
||||
./qemu-system-x86_64 -accel kvm -m 2G -machine q35 \
|
||||
-device lsi53c810,id=lsi1 -device scsi-hd,drive=d0 \
|
||||
-drive if=none,id=d0,file=.../somedisk.qcow2 \
|
||||
-cdrom Fedora-Everything-netinst-i386-25-1.3.iso
|
||||
|
||||
Where somedisk.qcow2 is an image that contains already some partitions
|
||||
and file systems.
|
||||
|
||||
In the boot menu of Fedora, go to
|
||||
"Troubleshooting" -> "Rescue a Fedora system" -> "3) Skip to shell"
|
||||
|
||||
Then check "dmesg | grep -i 53c" for failure messages, and try to mount
|
||||
a partition from somedisk.qcow2.
|
||||
|
||||
Message-Id: <20230516090556.553813-1-thuth@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/scsi/lsi53c895a.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
|
||||
index 1e15e13fbf..2b9cb2ac5d 100644
|
||||
--- a/hw/scsi/lsi53c895a.c
|
||||
+++ b/hw/scsi/lsi53c895a.c
|
||||
@@ -2306,6 +2306,7 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
|
||||
* re-entrancy guard.
|
||||
*/
|
||||
s->ram_io.disable_reentrancy_guard = true;
|
||||
+ s->mmio_io.disable_reentrancy_guard = true;
|
||||
|
||||
address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
|
||||
qdev_init_gpio_out(d, &s->ext_irq, 1);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,59 @@
|
|||
From 3cffdbf3224ac21016dbee69cb2382c322d4bfbb Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 05/15] lsi53c895a: disable reentrancy detection for script RAM
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [5/12] b5334c3a34b38ed1dccf0030d5704e51e00fdce3 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit bfd6e7ae6a72b84e2eb9574f56e6ec037f05182c
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:10 2023 -0400
|
||||
|
||||
lsi53c895a: disable reentrancy detection for script RAM
|
||||
|
||||
As the code is designed to use the memory APIs to access the script ram,
|
||||
disable reentrancy checks for the pseudo-RAM ram_io MemoryRegion.
|
||||
|
||||
In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.
|
||||
|
||||
Reported-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Message-Id: <20230427211013.2994127-6-alxndr@bu.edu>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/scsi/lsi53c895a.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
|
||||
index 85e907a785..1e15e13fbf 100644
|
||||
--- a/hw/scsi/lsi53c895a.c
|
||||
+++ b/hw/scsi/lsi53c895a.c
|
||||
@@ -2301,6 +2301,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
|
||||
memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
|
||||
"lsi-io", 256);
|
||||
|
||||
+ /*
|
||||
+ * Since we use the address-space API to interact with ram_io, disable the
|
||||
+ * re-entrancy guard.
|
||||
+ */
|
||||
+ s->ram_io.disable_reentrancy_guard = true;
|
||||
+
|
||||
address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
|
||||
qdev_init_gpio_out(d, &s->ext_irq, 1);
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,151 @@
|
|||
From e0c811c2d13f995fe1b095f48637316be5978b0e Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 9 May 2023 10:29:03 -0400
|
||||
Subject: [PATCH 01/15] memory: prevent dma-reentracy issues
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/12] 8fced41b4b2105343e8f0250286b771bcb43c81f (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
CVE: CVE-2023-0330
|
||||
|
||||
commit a2e1753b8054344f32cf94f31c6399a58794a380
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Thu Apr 27 17:10:06 2023 -0400
|
||||
|
||||
memory: prevent dma-reentracy issues
|
||||
|
||||
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
|
||||
This flag is set/checked prior to calling a device's MemoryRegion
|
||||
handlers, and set when device code initiates DMA. The purpose of this
|
||||
flag is to prevent two types of DMA-based reentrancy issues:
|
||||
|
||||
1.) mmio -> dma -> mmio case
|
||||
2.) bh -> dma write -> mmio case
|
||||
|
||||
These issues have led to problems such as stack-exhaustion and
|
||||
use-after-frees.
|
||||
|
||||
Summary of the problem from Peter Maydell:
|
||||
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
|
||||
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
|
||||
Resolves: CVE-2023-0330
|
||||
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
|
||||
[thuth: Replace warn_report() with warn_report_once()]
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
include/exec/memory.h | 5 +++++
|
||||
include/hw/qdev-core.h | 7 +++++++
|
||||
softmmu/memory.c | 16 ++++++++++++++++
|
||||
3 files changed, 28 insertions(+)
|
||||
|
||||
diff --git a/include/exec/memory.h b/include/exec/memory.h
|
||||
index 20f1b27377..e089f90f9b 100644
|
||||
--- a/include/exec/memory.h
|
||||
+++ b/include/exec/memory.h
|
||||
@@ -734,6 +734,8 @@ struct MemoryRegion {
|
||||
bool is_iommu;
|
||||
RAMBlock *ram_block;
|
||||
Object *owner;
|
||||
+ /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath */
|
||||
+ DeviceState *dev;
|
||||
|
||||
const MemoryRegionOps *ops;
|
||||
void *opaque;
|
||||
@@ -757,6 +759,9 @@ struct MemoryRegion {
|
||||
unsigned ioeventfd_nb;
|
||||
MemoryRegionIoeventfd *ioeventfds;
|
||||
RamDiscardManager *rdm; /* Only for RAM */
|
||||
+
|
||||
+ /* For devices designed to perform re-entrant IO into their own IO MRs */
|
||||
+ bool disable_reentrancy_guard;
|
||||
};
|
||||
|
||||
struct IOMMUMemoryRegion {
|
||||
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
|
||||
index 20d3066595..14226f860d 100644
|
||||
--- a/include/hw/qdev-core.h
|
||||
+++ b/include/hw/qdev-core.h
|
||||
@@ -162,6 +162,10 @@ struct NamedClockList {
|
||||
QLIST_ENTRY(NamedClockList) node;
|
||||
};
|
||||
|
||||
+typedef struct {
|
||||
+ bool engaged_in_io;
|
||||
+} MemReentrancyGuard;
|
||||
+
|
||||
/**
|
||||
* DeviceState:
|
||||
* @realized: Indicates whether the device has been fully constructed.
|
||||
@@ -193,6 +197,9 @@ struct DeviceState {
|
||||
int instance_id_alias;
|
||||
int alias_required_for_version;
|
||||
ResettableState reset;
|
||||
+
|
||||
+ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
|
||||
+ MemReentrancyGuard mem_reentrancy_guard;
|
||||
};
|
||||
|
||||
struct DeviceListener {
|
||||
diff --git a/softmmu/memory.c b/softmmu/memory.c
|
||||
index 7340e19ff5..102f0a4248 100644
|
||||
--- a/softmmu/memory.c
|
||||
+++ b/softmmu/memory.c
|
||||
@@ -541,6 +541,18 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
|
||||
access_size_max = 4;
|
||||
}
|
||||
|
||||
+ /* Do not allow more than one simultaneous access to a device's IO Regions */
|
||||
+ if (mr->dev && !mr->disable_reentrancy_guard &&
|
||||
+ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
|
||||
+ if (mr->dev->mem_reentrancy_guard.engaged_in_io) {
|
||||
+ warn_report_once("Blocked re-entrant IO on MemoryRegion: "
|
||||
+ "%s at addr: 0x%" HWADDR_PRIX,
|
||||
+ memory_region_name(mr), addr);
|
||||
+ return MEMTX_ACCESS_ERROR;
|
||||
+ }
|
||||
+ mr->dev->mem_reentrancy_guard.engaged_in_io = true;
|
||||
+ }
|
||||
+
|
||||
/* FIXME: support unaligned access? */
|
||||
access_size = MAX(MIN(size, access_size_max), access_size_min);
|
||||
access_mask = MAKE_64BIT_MASK(0, access_size * 8);
|
||||
@@ -555,6 +567,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
|
||||
access_mask, attrs);
|
||||
}
|
||||
}
|
||||
+ if (mr->dev) {
|
||||
+ mr->dev->mem_reentrancy_guard.engaged_in_io = false;
|
||||
+ }
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -1169,6 +1184,7 @@ static void memory_region_do_init(MemoryRegion *mr,
|
||||
}
|
||||
mr->name = g_strdup(name);
|
||||
mr->owner = owner;
|
||||
+ mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
|
||||
mr->ram_block = NULL;
|
||||
|
||||
if (name) {
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
From c24e38eb508b3fb42ce3ea62fe8de0be6a95a6a8 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Wed, 7 Jun 2023 11:45:09 -0400
|
||||
Subject: [PATCH 10/15] memory: stricter checks prior to unsetting
|
||||
engaged_in_io
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
||||
RH-Bugzilla: 1999236
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [10/12] 773b62a84b2bd4f5ee7fb8e1cfb3bb91c3a01de1 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
||||
Upstream: Merged
|
||||
CVE: CVE-2021-3750
|
||||
|
||||
commit 3884bf6468ac6bbb58c2b3feaa74e87f821b52f3
|
||||
Author: Alexander Bulekov <alxndr@bu.edu>
|
||||
Date: Tue May 16 04:40:02 2023 -0400
|
||||
|
||||
memory: stricter checks prior to unsetting engaged_in_io
|
||||
|
||||
engaged_in_io could be unset by an MR with re-entrancy checks disabled.
|
||||
Ensure that only MRs that can set the engaged_in_io flag can unset it.
|
||||
|
||||
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Message-Id: <20230516084002.3813836-1-alxndr@bu.edu>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
softmmu/memory.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/softmmu/memory.c b/softmmu/memory.c
|
||||
index 102f0a4248..6b98615357 100644
|
||||
--- a/softmmu/memory.c
|
||||
+++ b/softmmu/memory.c
|
||||
@@ -533,6 +533,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
|
||||
unsigned access_size;
|
||||
unsigned i;
|
||||
MemTxResult r = MEMTX_OK;
|
||||
+ bool reentrancy_guard_applied = false;
|
||||
|
||||
if (!access_size_min) {
|
||||
access_size_min = 1;
|
||||
@@ -551,6 +552,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
|
||||
return MEMTX_ACCESS_ERROR;
|
||||
}
|
||||
mr->dev->mem_reentrancy_guard.engaged_in_io = true;
|
||||
+ reentrancy_guard_applied = true;
|
||||
}
|
||||
|
||||
/* FIXME: support unaligned access? */
|
||||
@@ -567,7 +569,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
|
||||
access_mask, attrs);
|
||||
}
|
||||
}
|
||||
- if (mr->dev) {
|
||||
+ if (mr->dev && reentrancy_guard_applied) {
|
||||
mr->dev->mem_reentrancy_guard.engaged_in_io = false;
|
||||
}
|
||||
return r;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,111 @@
|
|||
From a1f2a51d1a789c46e806adb332236ca16d538bf9 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Tue, 2 May 2023 15:52:12 -0500
|
||||
Subject: [PATCH 3/5] migration: Attempt disk reactivation in more failure
|
||||
scenarios
|
||||
|
||||
RH-Author: Eric Blake <eblake@redhat.com>
|
||||
RH-MergeRequest: 273: migration: prevent source core dump if NFS dies mid-migration
|
||||
RH-Bugzilla: 2177957
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: quintela1 <quintela@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [3/3] e84bf1e7233c0273ca3136ecaa6b2cfc9c0efacb (ebblake/qemu-kvm)
|
||||
|
||||
Commit fe904ea824 added a fail_inactivate label, which tries to
|
||||
reactivate disks on the source after a failure while s->state ==
|
||||
MIGRATION_STATUS_ACTIVE, but didn't actually use the label if
|
||||
qemu_savevm_state_complete_precopy() failed. This failure to
|
||||
reactivate is also present in commit 6039dd5b1c (also covering the new
|
||||
s->state == MIGRATION_STATUS_DEVICE state) and 403d18ae (ensuring
|
||||
s->block_inactive is set more reliably).
|
||||
|
||||
Consolidate the two labels back into one - no matter HOW migration is
|
||||
failed, if there is any chance we can reach vm_start() after having
|
||||
attempted inactivation, it is essential that we have tried to restart
|
||||
disks before then. This also makes the cleanup more like
|
||||
migrate_fd_cancel().
|
||||
|
||||
Suggested-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
Message-Id: <20230502205212.134680-1-eblake@redhat.com>
|
||||
Acked-by: Peter Xu <peterx@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit 6dab4c93ecfae48e2e67b984d1032c1e988d3005)
|
||||
[eblake: downstream migrate_colo() => migrate_colo_enabled()]
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
---
|
||||
migration/migration.c | 24 ++++++++++++++----------
|
||||
1 file changed, 14 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/migration/migration.c b/migration/migration.c
|
||||
index 6ba8eb0fdf..817170d52d 100644
|
||||
--- a/migration/migration.c
|
||||
+++ b/migration/migration.c
|
||||
@@ -3255,6 +3255,11 @@ static void migration_completion(MigrationState *s)
|
||||
MIGRATION_STATUS_DEVICE);
|
||||
}
|
||||
if (ret >= 0) {
|
||||
+ /*
|
||||
+ * Inactivate disks except in COLO, and track that we
|
||||
+ * have done so in order to remember to reactivate
|
||||
+ * them if migration fails or is cancelled.
|
||||
+ */
|
||||
s->block_inactive = !migrate_colo_enabled();
|
||||
qemu_file_set_rate_limit(s->to_dst_file, INT64_MAX);
|
||||
ret = qemu_savevm_state_complete_precopy(s->to_dst_file, false,
|
||||
@@ -3290,13 +3295,13 @@ static void migration_completion(MigrationState *s)
|
||||
rp_error = await_return_path_close_on_source(s);
|
||||
trace_migration_return_path_end_after(rp_error);
|
||||
if (rp_error) {
|
||||
- goto fail_invalidate;
|
||||
+ goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
if (qemu_file_get_error(s->to_dst_file)) {
|
||||
trace_migration_completion_file_err();
|
||||
- goto fail_invalidate;
|
||||
+ goto fail;
|
||||
}
|
||||
|
||||
if (!migrate_colo_enabled()) {
|
||||
@@ -3306,26 +3311,25 @@ static void migration_completion(MigrationState *s)
|
||||
|
||||
return;
|
||||
|
||||
-fail_invalidate:
|
||||
- /* If not doing postcopy, vm_start() will be called: let's regain
|
||||
- * control on images.
|
||||
- */
|
||||
- if (s->state == MIGRATION_STATUS_ACTIVE ||
|
||||
- s->state == MIGRATION_STATUS_DEVICE) {
|
||||
+fail:
|
||||
+ if (s->block_inactive && (s->state == MIGRATION_STATUS_ACTIVE ||
|
||||
+ s->state == MIGRATION_STATUS_DEVICE)) {
|
||||
+ /*
|
||||
+ * If not doing postcopy, vm_start() will be called: let's
|
||||
+ * regain control on images.
|
||||
+ */
|
||||
Error *local_err = NULL;
|
||||
|
||||
qemu_mutex_lock_iothread();
|
||||
bdrv_invalidate_cache_all(&local_err);
|
||||
if (local_err) {
|
||||
error_report_err(local_err);
|
||||
- s->block_inactive = true;
|
||||
} else {
|
||||
s->block_inactive = false;
|
||||
}
|
||||
qemu_mutex_unlock_iothread();
|
||||
}
|
||||
|
||||
-fail:
|
||||
migrate_set_state(&s->state, current_active_state,
|
||||
MIGRATION_STATUS_FAILED);
|
||||
}
|
||||
--
|
||||
2.39.1
|
||||
|
|
@ -0,0 +1,59 @@
|
|||
From dd6d0eace90285c017ae40cba0ffa95ccd963ebd Mon Sep 17 00:00:00 2001
|
||||
From: Leonardo Bras <leobras@redhat.com>
|
||||
Date: Tue, 20 Jun 2023 14:51:03 -0300
|
||||
Subject: [PATCH 15/15] migration: Disable postcopy + multifd migration
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Leonardo Brás <leobras@redhat.com>
|
||||
RH-MergeRequest: 287: migration: Disable postcopy + multifd migration
|
||||
RH-Bugzilla: 2169733
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] 07d26fbac35b7586fe790304f03d316ed26a4ef2
|
||||
|
||||
Since the introduction of multifd, it's possible to perform a multifd
|
||||
migration and finish it using postcopy.
|
||||
|
||||
A bug introduced by yank (fixed on cfc3bcf373) was previously preventing
|
||||
a successful use of this migration scenario, and now thing should be
|
||||
working on most scenarios.
|
||||
|
||||
But since there is not enough testing/support nor any reported users for
|
||||
this scenario, we should disable this combination before it may cause any
|
||||
problems for users.
|
||||
|
||||
Suggested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Leonardo Bras <leobras@redhat.com>
|
||||
Acked-by: Peter Xu <peterx@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit b405dfff1ea3cf0530b628895b5a7a50dc8c6996)
|
||||
[leobras: moves logic from options.c -> migration.c and use cap_list
|
||||
instead of new_caps for backward compatibility]
|
||||
Signed-off-by: Leonardo Bras <leobras@redhat.com>
|
||||
---
|
||||
migration/migration.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/migration/migration.c b/migration/migration.c
|
||||
index 817170d52d..1ad82e63f0 100644
|
||||
--- a/migration/migration.c
|
||||
+++ b/migration/migration.c
|
||||
@@ -1246,6 +1246,11 @@ static bool migrate_caps_check(bool *cap_list,
|
||||
error_setg(errp, "Postcopy is not compatible with ignore-shared");
|
||||
return false;
|
||||
}
|
||||
+
|
||||
+ if (cap_list[MIGRATION_CAPABILITY_MULTIFD]) {
|
||||
+ error_setg(errp, "Postcopy is not yet compatible with multifd");
|
||||
+ return false;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (cap_list[MIGRATION_CAPABILITY_BACKGROUND_SNAPSHOT]) {
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,117 @@
|
|||
From 1b07c7663b6a5c19c9303088d63c39dba7e3bb36 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Fri, 14 Apr 2023 10:33:58 -0500
|
||||
Subject: [PATCH 1/5] migration: Handle block device inactivation failures
|
||||
better
|
||||
|
||||
RH-Author: Eric Blake <eblake@redhat.com>
|
||||
RH-MergeRequest: 273: migration: prevent source core dump if NFS dies mid-migration
|
||||
RH-Bugzilla: 2177957
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: quintela1 <quintela@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [1/3] 5892c17ca0a21d824d176e7398d12f7cf991651d (ebblake/qemu-kvm)
|
||||
|
||||
Consider what happens when performing a migration between two host
|
||||
machines connected to an NFS server serving multiple block devices to
|
||||
the guest, when the NFS server becomes unavailable. The migration
|
||||
attempts to inactivate all block devices on the source (a necessary
|
||||
step before the destination can take over); but if the NFS server is
|
||||
non-responsive, the attempt to inactivate can itself fail. When that
|
||||
happens, the destination fails to get the migrated guest (good,
|
||||
because the source wasn't able to flush everything properly):
|
||||
|
||||
(qemu) qemu-kvm: load of migration failed: Input/output error
|
||||
|
||||
at which point, our only hope for the guest is for the source to take
|
||||
back control. With the current code base, the host outputs a message, but then appears to resume:
|
||||
|
||||
(qemu) qemu-kvm: qemu_savevm_state_complete_precopy_non_iterable: bdrv_inactivate_all() failed (-1)
|
||||
|
||||
(src qemu)info status
|
||||
VM status: running
|
||||
|
||||
but a second migration attempt now asserts:
|
||||
|
||||
(src qemu) qemu-kvm: ../block.c:6738: int bdrv_inactivate_recurse(BlockDriverState *): Assertion `!(bs->open_flags & BDRV_O_INACTIVE)' failed.
|
||||
|
||||
Whether the guest is recoverable on the source after the first failure
|
||||
is debatable, but what we do not want is to have qemu itself fail due
|
||||
to an assertion. It looks like the problem is as follows:
|
||||
|
||||
In migration.c:migration_completion(), the source sets 'inactivate' to
|
||||
true (since COLO is not enabled), then tries
|
||||
savevm.c:qemu_savevm_state_complete_precopy() with a request to
|
||||
inactivate block devices. In turn, this calls
|
||||
block.c:bdrv_inactivate_all(), which fails when flushing runs up
|
||||
against the non-responsive NFS server. With savevm failing, we are
|
||||
now left in a state where some, but not all, of the block devices have
|
||||
been inactivated; but migration_completion() then jumps to 'fail'
|
||||
rather than 'fail_invalidate' and skips an attempt to reclaim those
|
||||
those disks by calling bdrv_activate_all(). Even if we do attempt to
|
||||
reclaim disks, we aren't taking note of failure there, either.
|
||||
|
||||
Thus, we have reached a state where the migration engine has forgotten
|
||||
all state about whether a block device is inactive, because we did not
|
||||
set s->block_inactive in enough places; so migration allows the source
|
||||
to reach vm_start() and resume execution, violating the block layer
|
||||
invariant that the guest CPUs should not be restarted while a device
|
||||
is inactive. Note that the code in migration.c:migrate_fd_cancel()
|
||||
will also try to reactivate all block devices if s->block_inactive was
|
||||
set, but because we failed to set that flag after the first failure,
|
||||
the source assumes it has reclaimed all devices, even though it still
|
||||
has remaining inactivated devices and does not try again. Normally,
|
||||
qmp_cont() will also try to reactivate all disks (or correctly fail if
|
||||
the disks are not reclaimable because NFS is not yet back up), but the
|
||||
auto-resumption of the source after a migration failure does not go
|
||||
through qmp_cont(). And because we have left the block layer in an
|
||||
inconsistent state with devices still inactivated, the later migration
|
||||
attempt is hitting the assertion failure.
|
||||
|
||||
Since it is important to not resume the source with inactive disks,
|
||||
this patch marks s->block_inactive before attempting inactivation,
|
||||
rather than after succeeding, in order to prevent any vm_start() until
|
||||
it has successfully reactivated all devices.
|
||||
|
||||
See also https://bugzilla.redhat.com/show_bug.cgi?id=2058982
|
||||
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Acked-by: Lukas Straub <lukasstraub2@web.de>
|
||||
Tested-by: Lukas Straub <lukasstraub2@web.de>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 403d18ae384239876764bbfa111d6cc5dcb673d1)
|
||||
---
|
||||
migration/migration.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/migration/migration.c b/migration/migration.c
|
||||
index 0885549de0..08e5e8f013 100644
|
||||
--- a/migration/migration.c
|
||||
+++ b/migration/migration.c
|
||||
@@ -3256,13 +3256,11 @@ static void migration_completion(MigrationState *s)
|
||||
MIGRATION_STATUS_DEVICE);
|
||||
}
|
||||
if (ret >= 0) {
|
||||
+ s->block_inactive = inactivate;
|
||||
qemu_file_set_rate_limit(s->to_dst_file, INT64_MAX);
|
||||
ret = qemu_savevm_state_complete_precopy(s->to_dst_file, false,
|
||||
inactivate);
|
||||
}
|
||||
- if (inactivate && ret >= 0) {
|
||||
- s->block_inactive = true;
|
||||
- }
|
||||
}
|
||||
qemu_mutex_unlock_iothread();
|
||||
|
||||
@@ -3321,6 +3319,7 @@ fail_invalidate:
|
||||
bdrv_invalidate_cache_all(&local_err);
|
||||
if (local_err) {
|
||||
error_report_err(local_err);
|
||||
+ s->block_inactive = true;
|
||||
} else {
|
||||
s->block_inactive = false;
|
||||
}
|
||||
--
|
||||
2.39.1
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
From e79d0506184e861350d2a3e62dd986aa03d30aa8 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Thu, 20 Apr 2023 09:35:51 -0500
|
||||
Subject: [PATCH 2/5] migration: Minor control flow simplification
|
||||
|
||||
RH-Author: Eric Blake <eblake@redhat.com>
|
||||
RH-MergeRequest: 273: migration: prevent source core dump if NFS dies mid-migration
|
||||
RH-Bugzilla: 2177957
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: quintela1 <quintela@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Commit: [2/3] f00b21b6ebd377af79af93ac18f103f8dc0309d6 (ebblake/qemu-kvm)
|
||||
|
||||
No need to declare a temporary variable.
|
||||
|
||||
Suggested-by: Juan Quintela <quintela@redhat.com>
|
||||
Fixes: 1df36e8c6289 ("migration: Handle block device inactivation failures better")
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 5d39f44d7ac5c63f53d4d0900ceba9521bc27e49)
|
||||
---
|
||||
migration/migration.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/migration/migration.c b/migration/migration.c
|
||||
index 08e5e8f013..6ba8eb0fdf 100644
|
||||
--- a/migration/migration.c
|
||||
+++ b/migration/migration.c
|
||||
@@ -3248,7 +3248,6 @@ static void migration_completion(MigrationState *s)
|
||||
ret = global_state_store();
|
||||
|
||||
if (!ret) {
|
||||
- bool inactivate = !migrate_colo_enabled();
|
||||
ret = vm_stop_force_state(RUN_STATE_FINISH_MIGRATE);
|
||||
trace_migration_completion_vm_stop(ret);
|
||||
if (ret >= 0) {
|
||||
@@ -3256,10 +3255,10 @@ static void migration_completion(MigrationState *s)
|
||||
MIGRATION_STATUS_DEVICE);
|
||||
}
|
||||
if (ret >= 0) {
|
||||
- s->block_inactive = inactivate;
|
||||
+ s->block_inactive = !migrate_colo_enabled();
|
||||
qemu_file_set_rate_limit(s->to_dst_file, INT64_MAX);
|
||||
ret = qemu_savevm_state_complete_precopy(s->to_dst_file, false,
|
||||
- inactivate);
|
||||
+ s->block_inactive);
|
||||
}
|
||||
}
|
||||
qemu_mutex_unlock_iothread();
|
||||
--
|
||||
2.39.1
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
From 34eae2d7ef928a7e0e10cc30fe76839c005998eb Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Date: Wed, 13 Apr 2022 12:33:29 +0100
|
||||
Subject: [PATCH 07/11] migration: Read state once
|
||||
|
||||
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
RH-MergeRequest: 249: migration: Read state once
|
||||
RH-Bugzilla: 2074205
|
||||
RH-Acked-by: Peter Xu <peterx@redhat.com>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Acked-by: quintela1 <quintela@redhat.com>
|
||||
RH-Commit: [1/1] 9aa47b492a646fce4e66ebd9b7d7a85286d16051
|
||||
|
||||
The 'status' field for the migration is updated normally using
|
||||
an atomic operation from the migration thread.
|
||||
Most readers of it aren't that careful, and in most cases it doesn't
|
||||
matter.
|
||||
|
||||
In query_migrate->fill_source_migration_info the 'state'
|
||||
is read twice; the first time to decide which state fields to fill in,
|
||||
and then secondly to copy the state to the status field; that can end up
|
||||
with a status that's inconsistent; e.g. setting up the fields
|
||||
for 'setup' and then having an 'active' status. In that case
|
||||
libvirt gets upset by the lack of ram info.
|
||||
The symptom is:
|
||||
libvirt.libvirtError: internal error: migration was active, but no RAM info was set
|
||||
|
||||
Read the state exactly once in fill_source_migration_info.
|
||||
|
||||
This is a possible fix for:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2074205
|
||||
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Message-Id: <20220413113329.103696-1-dgilbert@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Reviewed-by: Peter Xu <peterx@redhat.com>
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
(cherry picked from commit 552de79bfdd5e9e53847eb3c6d6e4cd898a4370e)
|
||||
---
|
||||
migration/migration.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/migration/migration.c b/migration/migration.c
|
||||
index 51e6726dac..d8b24a2c91 100644
|
||||
--- a/migration/migration.c
|
||||
+++ b/migration/migration.c
|
||||
@@ -1071,6 +1071,7 @@ static void populate_disk_info(MigrationInfo *info)
|
||||
static void fill_source_migration_info(MigrationInfo *info)
|
||||
{
|
||||
MigrationState *s = migrate_get_current();
|
||||
+ int state = qatomic_read(&s->state);
|
||||
GSList *cur_blocker = migration_blockers;
|
||||
|
||||
info->blocked_reasons = NULL;
|
||||
@@ -1090,7 +1091,7 @@ static void fill_source_migration_info(MigrationInfo *info)
|
||||
}
|
||||
info->has_blocked_reasons = info->blocked_reasons != NULL;
|
||||
|
||||
- switch (s->state) {
|
||||
+ switch (state) {
|
||||
case MIGRATION_STATUS_NONE:
|
||||
/* no migration has happened ever */
|
||||
/* do not overwrite destination migration status */
|
||||
@@ -1135,7 +1136,7 @@ static void fill_source_migration_info(MigrationInfo *info)
|
||||
info->has_status = true;
|
||||
break;
|
||||
}
|
||||
- info->status = s->state;
|
||||
+ info->status = state;
|
||||
}
|
||||
|
||||
typedef enum WriteTrackingSupport {
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,296 @@
|
|||
From f21a343af4b4d0c6e5181ae0abd0f6280dc8296c Mon Sep 17 00:00:00 2001
|
||||
From: "manish.mishra" <manish.mishra@nutanix.com>
|
||||
Date: Tue, 20 Dec 2022 18:44:18 +0000
|
||||
Subject: [PATCH 2/3] migration: check magic value for deciding the mapping of
|
||||
channels
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Peter Xu <peterx@redhat.com>
|
||||
RH-MergeRequest: 258: migration: Fix multifd crash due to channel disorder
|
||||
RH-Bugzilla: 2137740
|
||||
RH-Acked-by: quintela1 <quintela@redhat.com>
|
||||
RH-Acked-by: Leonardo Brás <leobras@redhat.com>
|
||||
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
RH-Commit: [2/2] f97bebef3d3e372cfd660e5ddb6cffba791840d2
|
||||
|
||||
Conflicts:
|
||||
migration/migration.c
|
||||
migration/multifd.c
|
||||
migration/postcopy-ram.c
|
||||
migration/postcopy-ram.h
|
||||
|
||||
There're a bunch of conflicts due to missing upstream patches on
|
||||
e.g. on qemufile reworks, postcopy preempt. We don't plan to have
|
||||
preempt in rhel8 at all, probably the same as the rest.
|
||||
|
||||
Current logic assumes that channel connections on the destination side are
|
||||
always established in the same order as the source and the first one will
|
||||
always be the main channel followed by the multifid or post-copy
|
||||
preemption channel. This may not be always true, as even if a channel has a
|
||||
connection established on the source side it can be in the pending state on
|
||||
the destination side and a newer connection can be established first.
|
||||
Basically causing out of order mapping of channels on the destination side.
|
||||
Currently, all channels except post-copy preempt send a magic number, this
|
||||
patch uses that magic number to decide the type of channel. This logic is
|
||||
applicable only for precopy(multifd) live migration, as mentioned, the
|
||||
post-copy preempt channel does not send any magic number. Also, tls live
|
||||
migrations already does tls handshake before creating other channels, so
|
||||
this issue is not possible with tls, hence this logic is avoided for tls
|
||||
live migrations. This patch uses read peek to check the magic number of
|
||||
channels so that current data/control stream management remains
|
||||
un-effected.
|
||||
|
||||
Reviewed-by: Peter Xu <peterx@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
Reviewed-by: Juan Quintela <quintela@redhat.com>
|
||||
Suggested-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
Signed-off-by: manish.mishra <manish.mishra@nutanix.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 6720c2b32725e6ac404f22851a0ecd0a71d0cbe2)
|
||||
Signed-off-by: Peter Xu <peterx@redhat.com>
|
||||
---
|
||||
migration/channel.c | 45 ++++++++++++++++++++++++++++++++++++++
|
||||
migration/channel.h | 5 +++++
|
||||
migration/migration.c | 51 +++++++++++++++++++++++++++++++------------
|
||||
migration/multifd.c | 19 ++++++++--------
|
||||
migration/multifd.h | 2 +-
|
||||
5 files changed, 98 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/migration/channel.c b/migration/channel.c
|
||||
index 086b5c0d8b..ee308fef23 100644
|
||||
--- a/migration/channel.c
|
||||
+++ b/migration/channel.c
|
||||
@@ -98,3 +98,48 @@ void migration_channel_connect(MigrationState *s,
|
||||
g_free(s->hostname);
|
||||
error_free(error);
|
||||
}
|
||||
+
|
||||
+
|
||||
+/**
|
||||
+ * @migration_channel_read_peek - Peek at migration channel, without
|
||||
+ * actually removing it from channel buffer.
|
||||
+ *
|
||||
+ * @ioc: the channel object
|
||||
+ * @buf: the memory region to read data into
|
||||
+ * @buflen: the number of bytes to read in @buf
|
||||
+ * @errp: pointer to a NULL-initialized error object
|
||||
+ *
|
||||
+ * Returns 0 if successful, returns -1 and sets @errp if fails.
|
||||
+ */
|
||||
+int migration_channel_read_peek(QIOChannel *ioc,
|
||||
+ const char *buf,
|
||||
+ const size_t buflen,
|
||||
+ Error **errp)
|
||||
+{
|
||||
+ ssize_t len = 0;
|
||||
+ struct iovec iov = { .iov_base = (char *)buf, .iov_len = buflen };
|
||||
+
|
||||
+ while (true) {
|
||||
+ len = qio_channel_readv_full(ioc, &iov, 1, NULL, NULL,
|
||||
+ QIO_CHANNEL_READ_FLAG_MSG_PEEK, errp);
|
||||
+
|
||||
+ if (len <= 0 && len != QIO_CHANNEL_ERR_BLOCK) {
|
||||
+ error_setg(errp,
|
||||
+ "Failed to peek at channel");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (len == buflen) {
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ /* 1ms sleep. */
|
||||
+ if (qemu_in_coroutine()) {
|
||||
+ qemu_co_sleep_ns(QEMU_CLOCK_REALTIME, 1000000);
|
||||
+ } else {
|
||||
+ g_usleep(1000);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/migration/channel.h b/migration/channel.h
|
||||
index 67a461c28a..5bdb8208a7 100644
|
||||
--- a/migration/channel.h
|
||||
+++ b/migration/channel.h
|
||||
@@ -24,4 +24,9 @@ void migration_channel_connect(MigrationState *s,
|
||||
QIOChannel *ioc,
|
||||
const char *hostname,
|
||||
Error *error_in);
|
||||
+
|
||||
+int migration_channel_read_peek(QIOChannel *ioc,
|
||||
+ const char *buf,
|
||||
+ const size_t buflen,
|
||||
+ Error **errp);
|
||||
#endif
|
||||
diff --git a/migration/migration.c b/migration/migration.c
|
||||
index d8b24a2c91..0885549de0 100644
|
||||
--- a/migration/migration.c
|
||||
+++ b/migration/migration.c
|
||||
@@ -32,6 +32,7 @@
|
||||
#include "savevm.h"
|
||||
#include "qemu-file-channel.h"
|
||||
#include "qemu-file.h"
|
||||
+#include "channel.h"
|
||||
#include "migration/vmstate.h"
|
||||
#include "block/block.h"
|
||||
#include "qapi/error.h"
|
||||
@@ -637,10 +638,6 @@ static bool migration_incoming_setup(QEMUFile *f, Error **errp)
|
||||
{
|
||||
MigrationIncomingState *mis = migration_incoming_get_current();
|
||||
|
||||
- if (multifd_load_setup(errp) != 0) {
|
||||
- return false;
|
||||
- }
|
||||
-
|
||||
if (!mis->from_src_file) {
|
||||
mis->from_src_file = f;
|
||||
}
|
||||
@@ -701,10 +698,42 @@ void migration_fd_process_incoming(QEMUFile *f, Error **errp)
|
||||
void migration_ioc_process_incoming(QIOChannel *ioc, Error **errp)
|
||||
{
|
||||
MigrationIncomingState *mis = migration_incoming_get_current();
|
||||
+ bool default_channel = true;
|
||||
+ uint32_t channel_magic = 0;
|
||||
Error *local_err = NULL;
|
||||
- bool start_migration;
|
||||
+ int ret = 0;
|
||||
|
||||
- if (!mis->from_src_file) {
|
||||
+ if (migrate_use_multifd() && !migrate_postcopy_ram() &&
|
||||
+ qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_READ_MSG_PEEK)) {
|
||||
+ /*
|
||||
+ * With multiple channels, it is possible that we receive channels
|
||||
+ * out of order on destination side, causing incorrect mapping of
|
||||
+ * source channels on destination side. Check channel MAGIC to
|
||||
+ * decide type of channel. Please note this is best effort, postcopy
|
||||
+ * preempt channel does not send any magic number so avoid it for
|
||||
+ * postcopy live migration. Also tls live migration already does
|
||||
+ * tls handshake while initializing main channel so with tls this
|
||||
+ * issue is not possible.
|
||||
+ */
|
||||
+ ret = migration_channel_read_peek(ioc, (void *)&channel_magic,
|
||||
+ sizeof(channel_magic), &local_err);
|
||||
+
|
||||
+ if (ret != 0) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ default_channel = (channel_magic == cpu_to_be32(QEMU_VM_FILE_MAGIC));
|
||||
+ } else {
|
||||
+ default_channel = !mis->from_src_file;
|
||||
+ }
|
||||
+
|
||||
+ if (multifd_load_setup(errp) != 0) {
|
||||
+ error_setg(errp, "Failed to setup multifd channels");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (default_channel) {
|
||||
/* The first connection (multifd may have multiple) */
|
||||
QEMUFile *f = qemu_fopen_channel_input(ioc);
|
||||
|
||||
@@ -716,23 +745,17 @@ void migration_ioc_process_incoming(QIOChannel *ioc, Error **errp)
|
||||
if (!migration_incoming_setup(f, errp)) {
|
||||
return;
|
||||
}
|
||||
-
|
||||
- /*
|
||||
- * Common migration only needs one channel, so we can start
|
||||
- * right now. Multifd needs more than one channel, we wait.
|
||||
- */
|
||||
- start_migration = !migrate_use_multifd();
|
||||
} else {
|
||||
/* Multiple connections */
|
||||
assert(migrate_use_multifd());
|
||||
- start_migration = multifd_recv_new_channel(ioc, &local_err);
|
||||
+ multifd_recv_new_channel(ioc, &local_err);
|
||||
if (local_err) {
|
||||
error_propagate(errp, local_err);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
- if (start_migration) {
|
||||
+ if (migration_has_all_channels()) {
|
||||
migration_incoming_process();
|
||||
}
|
||||
}
|
||||
diff --git a/migration/multifd.c b/migration/multifd.c
|
||||
index 7c16523e6b..75ac052d2f 100644
|
||||
--- a/migration/multifd.c
|
||||
+++ b/migration/multifd.c
|
||||
@@ -1183,9 +1183,14 @@ int multifd_load_setup(Error **errp)
|
||||
uint32_t page_count = MULTIFD_PACKET_SIZE / qemu_target_page_size();
|
||||
uint8_t i;
|
||||
|
||||
- if (!migrate_use_multifd()) {
|
||||
+ /*
|
||||
+ * Return successfully if multiFD recv state is already initialised
|
||||
+ * or multiFD is not enabled.
|
||||
+ */
|
||||
+ if (multifd_recv_state || !migrate_use_multifd()) {
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
if (!migrate_multifd_is_allowed()) {
|
||||
error_setg(errp, "multifd is not supported by current protocol");
|
||||
return -1;
|
||||
@@ -1244,11 +1249,9 @@ bool multifd_recv_all_channels_created(void)
|
||||
|
||||
/*
|
||||
* Try to receive all multifd channels to get ready for the migration.
|
||||
- * - Return true and do not set @errp when correctly receiving all channels;
|
||||
- * - Return false and do not set @errp when correctly receiving the current one;
|
||||
- * - Return false and set @errp when failing to receive the current channel.
|
||||
+ * Sets @errp when failing to receive the current channel.
|
||||
*/
|
||||
-bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
|
||||
+void multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
|
||||
{
|
||||
MultiFDRecvParams *p;
|
||||
Error *local_err = NULL;
|
||||
@@ -1261,7 +1264,7 @@ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
|
||||
"failed to receive packet"
|
||||
" via multifd channel %d: ",
|
||||
qatomic_read(&multifd_recv_state->count));
|
||||
- return false;
|
||||
+ return;
|
||||
}
|
||||
trace_multifd_recv_new_channel(id);
|
||||
|
||||
@@ -1271,7 +1274,7 @@ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
|
||||
id);
|
||||
multifd_recv_terminate_threads(local_err);
|
||||
error_propagate(errp, local_err);
|
||||
- return false;
|
||||
+ return;
|
||||
}
|
||||
p->c = ioc;
|
||||
object_ref(OBJECT(ioc));
|
||||
@@ -1282,6 +1285,4 @@ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
|
||||
qemu_thread_create(&p->thread, p->name, multifd_recv_thread, p,
|
||||
QEMU_THREAD_JOINABLE);
|
||||
qatomic_inc(&multifd_recv_state->count);
|
||||
- return qatomic_read(&multifd_recv_state->count) ==
|
||||
- migrate_multifd_channels();
|
||||
}
|
||||
diff --git a/migration/multifd.h b/migration/multifd.h
|
||||
index 11d5e273e6..9c0a2a0701 100644
|
||||
--- a/migration/multifd.h
|
||||
+++ b/migration/multifd.h
|
||||
@@ -20,7 +20,7 @@ void multifd_save_cleanup(void);
|
||||
int multifd_load_setup(Error **errp);
|
||||
int multifd_load_cleanup(Error **errp);
|
||||
bool multifd_recv_all_channels_created(void);
|
||||
-bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp);
|
||||
+void multifd_recv_new_channel(QIOChannel *ioc, Error **errp);
|
||||
void multifd_recv_sync_main(void);
|
||||
int multifd_send_sync_main(QEMUFile *f);
|
||||
int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset);
|
||||
--
|
||||
2.37.3
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,55 @@
|
|||
From 17c5524ada3f2ca9a9c645f540bedc5575302059 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Blake <eblake@redhat.com>
|
||||
Date: Mon, 3 Apr 2023 19:40:47 -0500
|
||||
Subject: [PATCH 5/5] nbd/server: Request TCP_NODELAY
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Eric Blake <eblake@redhat.com>
|
||||
RH-MergeRequest: 274: nbd: improve TLS performance of NBD server
|
||||
RH-Bugzilla: 2035712
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Commit: [2/2] 092145077756cda2a4f849c5911031b0fc4a2134 (ebblake/qemu-kvm)
|
||||
|
||||
Nagle's algorithm adds latency in order to reduce network packet
|
||||
overhead on small packets. But when we are already using corking to
|
||||
merge smaller packets into transactional requests, the extra delay
|
||||
from TCP defaults just gets in the way (see recent commit bd2cd4a4).
|
||||
|
||||
For reference, qemu as an NBD client already requests TCP_NODELAY (see
|
||||
nbd_connect() in nbd/client-connection.c); as does libnbd as a client
|
||||
[1], and nbdkit as a server [2]. Furthermore, the NBD spec recommends
|
||||
the use of TCP_NODELAY [3].
|
||||
|
||||
[1] https://gitlab.com/nbdkit/libnbd/-/blob/a48a1142/generator/states-connect.c#L39
|
||||
[2] https://gitlab.com/nbdkit/nbdkit/-/blob/45b72f5b/server/sockets.c#L430
|
||||
[3] https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md#protocol-phases
|
||||
|
||||
CC: Florian Westphal <fw@strlen.de>
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
Message-Id: <20230404004047.142086-1-eblake@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
(cherry picked from commit f1426881a827a6d3f31b65616c4a8db1e9e7c45e)
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
---
|
||||
nbd/server.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/nbd/server.c b/nbd/server.c
|
||||
index a5edc7f681..6db124cf53 100644
|
||||
--- a/nbd/server.c
|
||||
+++ b/nbd/server.c
|
||||
@@ -2738,6 +2738,7 @@ void nbd_client_new(QIOChannelSocket *sioc,
|
||||
}
|
||||
client->tlsauthz = g_strdup(tlsauthz);
|
||||
client->sioc = sioc;
|
||||
+ qio_channel_set_delay(QIO_CHANNEL(sioc), false);
|
||||
object_ref(OBJECT(client->sioc));
|
||||
client->ioc = QIO_CHANNEL(sioc);
|
||||
object_ref(OBJECT(client->ioc));
|
||||
--
|
||||
2.39.1
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
From 170872370c6f3c916e741eb32d80431995d7a870 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Westphal <fw@strlen.de>
|
||||
Date: Fri, 24 Mar 2023 11:47:20 +0100
|
||||
Subject: [PATCH 4/5] nbd/server: push pending frames after sending reply
|
||||
|
||||
RH-Author: Eric Blake <eblake@redhat.com>
|
||||
RH-MergeRequest: 274: nbd: improve TLS performance of NBD server
|
||||
RH-Bugzilla: 2035712
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Commit: [1/2] ab92c06c48810aa40380de0433dcac4c6e4be9a5 (ebblake/qemu-kvm)
|
||||
|
||||
qemu-nbd doesn't set TCP_NODELAY on the tcp socket.
|
||||
|
||||
Kernel waits for more data and avoids transmission of small packets.
|
||||
Without TLS this is barely noticeable, but with TLS this really shows.
|
||||
|
||||
Booting a VM via qemu-nbd on localhost (with tls) takes more than
|
||||
2 minutes on my system. tcpdump shows frequent wait periods, where no
|
||||
packets get sent for a 40ms period.
|
||||
|
||||
Add explicit (un)corking when processing (and responding to) requests.
|
||||
"TCP_CORK, &zero" after earlier "CORK, &one" will flush pending data.
|
||||
|
||||
VM Boot time:
|
||||
main: no tls: 23s, with tls: 2m45s
|
||||
patched: no tls: 14s, with tls: 15s
|
||||
|
||||
VM Boot time, qemu-nbd via network (same lan):
|
||||
main: no tls: 18s, with tls: 1m50s
|
||||
patched: no tls: 17s, with tls: 18s
|
||||
|
||||
Future optimization: if we could detect if there is another pending
|
||||
request we could defer the uncork operation because more data would be
|
||||
appended.
|
||||
|
||||
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||
Message-Id: <20230324104720.2498-1-fw@strlen.de>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit bd2cd4a441ded163b62371790876f28a9b834317)
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
---
|
||||
nbd/server.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/nbd/server.c b/nbd/server.c
|
||||
index 4630dd7322..a5edc7f681 100644
|
||||
--- a/nbd/server.c
|
||||
+++ b/nbd/server.c
|
||||
@@ -2647,6 +2647,8 @@ static coroutine_fn void nbd_trip(void *opaque)
|
||||
goto disconnect;
|
||||
}
|
||||
|
||||
+ qio_channel_set_cork(client->ioc, true);
|
||||
+
|
||||
if (ret < 0) {
|
||||
/* It wans't -EIO, so, according to nbd_co_receive_request()
|
||||
* semantics, we should return the error to the client. */
|
||||
@@ -2672,6 +2674,7 @@ static coroutine_fn void nbd_trip(void *opaque)
|
||||
goto disconnect;
|
||||
}
|
||||
|
||||
+ qio_channel_set_cork(client->ioc, false);
|
||||
done:
|
||||
nbd_request_put(req);
|
||||
nbd_client_put(client);
|
||||
--
|
||||
2.39.1
|
||||
|
|
@ -0,0 +1,611 @@
|
|||
From 2ae925a6d55a77627be8d1146f2b9ed139dbdb77 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 23 Nov 2023 11:30:46 -0500
|
||||
Subject: [PATCH 1/4] net: Provide MemReentrancyGuard * to qemu_new_nic()
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 331: net: Provide MemReentrancyGuard * to qemu_new_nic()
|
||||
RH-Jira: RHEL-7309
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Jason Wang <jasowang@redhat.com>
|
||||
RH-Commit: [1/2] bc963fb349b90288f547de97a5cbe9a74f856419 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Jira: https://issues.redhat.com/browse/RHEL-7309
|
||||
CVE: CVE-2023-3019
|
||||
Upstream: Merged
|
||||
Conflicts: hw/net/hw/net/xen_nic.c seems to have undergone significant changes upstream,
|
||||
so the change had to be manually adapted to the old code.
|
||||
|
||||
commit 7d0fefdf81f5973334c344f6b8e1896c309dff66
|
||||
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
|
||||
Date: Thu Jun 1 12:18:58 2023 +0900
|
||||
|
||||
net: Provide MemReentrancyGuard * to qemu_new_nic()
|
||||
|
||||
Recently MemReentrancyGuard was added to DeviceState to record that the
|
||||
device is engaging in I/O. The network device backend needs to update it
|
||||
when delivering a packet to a device.
|
||||
|
||||
In preparation for such a change, add MemReentrancyGuard * as a
|
||||
parameter of qemu_new_nic().
|
||||
|
||||
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
|
||||
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
hw/net/allwinner-sun8i-emac.c | 3 ++-
|
||||
hw/net/allwinner_emac.c | 3 ++-
|
||||
hw/net/cadence_gem.c | 3 ++-
|
||||
hw/net/dp8393x.c | 3 ++-
|
||||
hw/net/e1000.c | 3 ++-
|
||||
hw/net/e1000e.c | 2 +-
|
||||
hw/net/eepro100.c | 4 +++-
|
||||
hw/net/etraxfs_eth.c | 3 ++-
|
||||
hw/net/fsl_etsec/etsec.c | 3 ++-
|
||||
hw/net/ftgmac100.c | 3 ++-
|
||||
hw/net/i82596.c | 2 +-
|
||||
hw/net/imx_fec.c | 2 +-
|
||||
hw/net/lan9118.c | 3 ++-
|
||||
hw/net/mcf_fec.c | 3 ++-
|
||||
hw/net/mipsnet.c | 3 ++-
|
||||
hw/net/msf2-emac.c | 3 ++-
|
||||
hw/net/ne2000-isa.c | 3 ++-
|
||||
hw/net/ne2000-pci.c | 3 ++-
|
||||
hw/net/npcm7xx_emc.c | 3 ++-
|
||||
hw/net/opencores_eth.c | 3 ++-
|
||||
hw/net/pcnet.c | 3 ++-
|
||||
hw/net/rocker/rocker_fp.c | 4 ++--
|
||||
hw/net/rtl8139.c | 3 ++-
|
||||
hw/net/smc91c111.c | 3 ++-
|
||||
hw/net/spapr_llan.c | 3 ++-
|
||||
hw/net/stellaris_enet.c | 3 ++-
|
||||
hw/net/sungem.c | 2 +-
|
||||
hw/net/sunhme.c | 3 ++-
|
||||
hw/net/tulip.c | 3 ++-
|
||||
hw/net/virtio-net.c | 6 ++++--
|
||||
hw/net/vmxnet3.c | 2 +-
|
||||
hw/net/xen_nic.c | 3 ++-
|
||||
hw/net/xgmac.c | 3 ++-
|
||||
hw/net/xilinx_axienet.c | 3 ++-
|
||||
hw/net/xilinx_ethlite.c | 3 ++-
|
||||
hw/usb/dev-network.c | 3 ++-
|
||||
include/net/net.h | 1 +
|
||||
net/net.c | 1 +
|
||||
38 files changed, 72 insertions(+), 38 deletions(-)
|
||||
|
||||
diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c
|
||||
index ff611f18fb..9d0885ee15 100644
|
||||
--- a/hw/net/allwinner-sun8i-emac.c
|
||||
+++ b/hw/net/allwinner-sun8i-emac.c
|
||||
@@ -810,7 +810,8 @@ static void allwinner_sun8i_emac_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_allwinner_sun8i_emac_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c
|
||||
index ddddf35c45..b3d73143bf 100644
|
||||
--- a/hw/net/allwinner_emac.c
|
||||
+++ b/hw/net/allwinner_emac.c
|
||||
@@ -453,7 +453,8 @@ static void aw_emac_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_aw_emac_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
fifo8_create(&s->rx_fifo, RX_FIFO_SIZE);
|
||||
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
|
||||
index 24b3a0ff66..cb61a76417 100644
|
||||
--- a/hw/net/cadence_gem.c
|
||||
+++ b/hw/net/cadence_gem.c
|
||||
@@ -1633,7 +1633,8 @@ static void gem_realize(DeviceState *dev, Error **errp)
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
|
||||
s->nic = qemu_new_nic(&net_gem_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
|
||||
if (s->jumbo_max_len > MAX_FRAME_SIZE) {
|
||||
error_setg(errp, "jumbo-max-len is greater than %d",
|
||||
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
|
||||
index 45b954e46c..abfcc6f69f 100644
|
||||
--- a/hw/net/dp8393x.c
|
||||
+++ b/hw/net/dp8393x.c
|
||||
@@ -943,7 +943,8 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
|
||||
"dp8393x-regs", SONIC_REG_COUNT << s->it_shift);
|
||||
|
||||
s->nic = qemu_new_nic(&net_dp83932_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s);
|
||||
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
|
||||
index 282d01e374..86da1ae39e 100644
|
||||
--- a/hw/net/e1000.c
|
||||
+++ b/hw/net/e1000.c
|
||||
@@ -1733,7 +1733,8 @@ static void pci_e1000_realize(PCIDevice *pci_dev, Error **errp)
|
||||
macaddr);
|
||||
|
||||
d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
|
||||
- object_get_typename(OBJECT(d)), dev->id, d);
|
||||
+ object_get_typename(OBJECT(d)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, d);
|
||||
|
||||
qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
|
||||
|
||||
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
|
||||
index d35bc1f0b0..c6096fa848 100644
|
||||
--- a/hw/net/e1000e.c
|
||||
+++ b/hw/net/e1000e.c
|
||||
@@ -340,7 +340,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr)
|
||||
int i;
|
||||
|
||||
s->nic = qemu_new_nic(&net_e1000e_info, &s->conf,
|
||||
- object_get_typename(OBJECT(s)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(s)), dev->id, &dev->mem_reentrancy_guard, s);
|
||||
|
||||
s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0;
|
||||
|
||||
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
|
||||
index 16e95ef9cc..16ca4dda04 100644
|
||||
--- a/hw/net/eepro100.c
|
||||
+++ b/hw/net/eepro100.c
|
||||
@@ -1865,7 +1865,9 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error **errp)
|
||||
nic_reset(s);
|
||||
|
||||
s->nic = qemu_new_nic(&net_eepro100_info, &s->conf,
|
||||
- object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
|
||||
+ object_get_typename(OBJECT(pci_dev)),
|
||||
+ pci_dev->qdev.id,
|
||||
+ &pci_dev->qdev.mem_reentrancy_guard, s);
|
||||
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str));
|
||||
diff --git a/hw/net/etraxfs_eth.c b/hw/net/etraxfs_eth.c
|
||||
index 1b82aec794..ba57a978d1 100644
|
||||
--- a/hw/net/etraxfs_eth.c
|
||||
+++ b/hw/net/etraxfs_eth.c
|
||||
@@ -618,7 +618,8 @@ static void etraxfs_eth_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf,
|
||||
- object_get_typename(OBJECT(s)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(s)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
s->phy.read = tdk_read;
|
||||
diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c
|
||||
index bd9d62b559..f790613b52 100644
|
||||
--- a/hw/net/fsl_etsec/etsec.c
|
||||
+++ b/hw/net/fsl_etsec/etsec.c
|
||||
@@ -391,7 +391,8 @@ static void etsec_realize(DeviceState *dev, Error **errp)
|
||||
eTSEC *etsec = ETSEC_COMMON(dev);
|
||||
|
||||
etsec->nic = qemu_new_nic(&net_etsec_info, &etsec->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, etsec);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, etsec);
|
||||
qemu_format_nic_info_str(qemu_get_queue(etsec->nic), etsec->conf.macaddr.a);
|
||||
|
||||
etsec->ptimer = ptimer_init(etsec_timer_hit, etsec, PTIMER_POLICY_DEFAULT);
|
||||
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
|
||||
index 25685ba3a9..781e7f352e 100644
|
||||
--- a/hw/net/ftgmac100.c
|
||||
+++ b/hw/net/ftgmac100.c
|
||||
@@ -1111,7 +1111,8 @@ static void ftgmac100_realize(DeviceState *dev, Error **errp)
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
|
||||
s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/i82596.c b/hw/net/i82596.c
|
||||
index ec21e2699a..dc64246f75 100644
|
||||
--- a/hw/net/i82596.c
|
||||
+++ b/hw/net/i82596.c
|
||||
@@ -743,7 +743,7 @@ void i82596_common_init(DeviceState *dev, I82596State *s, NetClientInfo *info)
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
}
|
||||
s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)),
|
||||
- dev->id, s);
|
||||
+ dev->id, &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
if (USE_TIMER) {
|
||||
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
|
||||
index 9c7035bc94..ed19ee9350 100644
|
||||
--- a/hw/net/imx_fec.c
|
||||
+++ b/hw/net/imx_fec.c
|
||||
@@ -1310,7 +1310,7 @@ static void imx_eth_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
s->nic = qemu_new_nic(&imx_eth_net_info, &s->conf,
|
||||
object_get_typename(OBJECT(dev)),
|
||||
- dev->id, s);
|
||||
+ dev->id, &dev->mem_reentrancy_guard, s);
|
||||
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
|
||||
index 6aff424cbe..942bce9ae6 100644
|
||||
--- a/hw/net/lan9118.c
|
||||
+++ b/hw/net/lan9118.c
|
||||
@@ -1354,7 +1354,8 @@ static void lan9118_realize(DeviceState *dev, Error **errp)
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
|
||||
s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
s->eeprom[0] = 0xa5;
|
||||
for (i = 0; i < 6; i++) {
|
||||
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
|
||||
index 25e3e453ab..a6be7bf413 100644
|
||||
--- a/hw/net/mcf_fec.c
|
||||
+++ b/hw/net/mcf_fec.c
|
||||
@@ -643,7 +643,8 @@ static void mcf_fec_realize(DeviceState *dev, Error **errp)
|
||||
mcf_fec_state *s = MCF_FEC_NET(dev);
|
||||
|
||||
s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
|
||||
index 2ade72dea0..8e925de867 100644
|
||||
--- a/hw/net/mipsnet.c
|
||||
+++ b/hw/net/mipsnet.c
|
||||
@@ -255,7 +255,8 @@ static void mipsnet_realize(DeviceState *dev, Error **errp)
|
||||
sysbus_init_irq(sbd, &s->irq);
|
||||
|
||||
s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c
|
||||
index 9278fdce0b..1efa3dbf01 100644
|
||||
--- a/hw/net/msf2-emac.c
|
||||
+++ b/hw/net/msf2-emac.c
|
||||
@@ -527,7 +527,8 @@ static void msf2_emac_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_msf2_emac_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c
|
||||
index dd6f6e34d3..30bd20c293 100644
|
||||
--- a/hw/net/ne2000-isa.c
|
||||
+++ b/hw/net/ne2000-isa.c
|
||||
@@ -74,7 +74,8 @@ static void isa_ne2000_realizefn(DeviceState *dev, Error **errp)
|
||||
ne2000_reset(s);
|
||||
|
||||
s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c
|
||||
index 9e5d10859a..4f8a699081 100644
|
||||
--- a/hw/net/ne2000-pci.c
|
||||
+++ b/hw/net/ne2000-pci.c
|
||||
@@ -71,7 +71,8 @@ static void pci_ne2000_realize(PCIDevice *pci_dev, Error **errp)
|
||||
|
||||
s->nic = qemu_new_nic(&net_ne2000_info, &s->c,
|
||||
object_get_typename(OBJECT(pci_dev)),
|
||||
- pci_dev->qdev.id, s);
|
||||
+ pci_dev->qdev.id,
|
||||
+ &pci_dev->qdev.mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c
|
||||
index 7c892f820f..dd1d0ad3bc 100644
|
||||
--- a/hw/net/npcm7xx_emc.c
|
||||
+++ b/hw/net/npcm7xx_emc.c
|
||||
@@ -802,7 +802,8 @@ static void npcm7xx_emc_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&emc->conf.macaddr);
|
||||
emc->nic = qemu_new_nic(&net_npcm7xx_emc_info, &emc->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, emc);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, emc);
|
||||
qemu_format_nic_info_str(qemu_get_queue(emc->nic), emc->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c
|
||||
index 0b3dc3146e..f96d6ea2cc 100644
|
||||
--- a/hw/net/opencores_eth.c
|
||||
+++ b/hw/net/opencores_eth.c
|
||||
@@ -732,7 +732,8 @@ static void sysbus_open_eth_realize(DeviceState *dev, Error **errp)
|
||||
sysbus_init_irq(sbd, &s->irq);
|
||||
|
||||
s->nic = qemu_new_nic(&net_open_eth_info, &s->conf,
|
||||
- object_get_typename(OBJECT(s)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(s)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
}
|
||||
|
||||
static void qdev_open_eth_reset(DeviceState *dev)
|
||||
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
|
||||
index dcd3fc4948..da910a70bf 100644
|
||||
--- a/hw/net/pcnet.c
|
||||
+++ b/hw/net/pcnet.c
|
||||
@@ -1718,7 +1718,8 @@ void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
|
||||
s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s);
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
- s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)),
|
||||
+ dev->id, &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
/* Initialize the PROM */
|
||||
diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c
|
||||
index cbeed65bd5..0d21948ada 100644
|
||||
--- a/hw/net/rocker/rocker_fp.c
|
||||
+++ b/hw/net/rocker/rocker_fp.c
|
||||
@@ -241,8 +241,8 @@ FpPort *fp_port_alloc(Rocker *r, char *sw_name,
|
||||
port->conf.bootindex = -1;
|
||||
port->conf.peers = *peers;
|
||||
|
||||
- port->nic = qemu_new_nic(&fp_port_info, &port->conf,
|
||||
- sw_name, NULL, port);
|
||||
+ port->nic = qemu_new_nic(&fp_port_info, &port->conf, sw_name, NULL,
|
||||
+ &DEVICE(r)->mem_reentrancy_guard, port);
|
||||
qemu_format_nic_info_str(qemu_get_queue(port->nic),
|
||||
port->conf.macaddr.a);
|
||||
|
||||
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
|
||||
index 3ffb9dd22c..a3565c7159 100644
|
||||
--- a/hw/net/rtl8139.c
|
||||
+++ b/hw/net/rtl8139.c
|
||||
@@ -3400,7 +3400,8 @@ static void pci_rtl8139_realize(PCIDevice *dev, Error **errp)
|
||||
s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
|
||||
|
||||
s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), d->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), d->id,
|
||||
+ &d->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
s->cplus_txbuffer = NULL;
|
||||
diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
|
||||
index ad778cd8fc..4eda971ef3 100644
|
||||
--- a/hw/net/smc91c111.c
|
||||
+++ b/hw/net/smc91c111.c
|
||||
@@ -783,7 +783,8 @@ static void smc91c111_realize(DeviceState *dev, Error **errp)
|
||||
sysbus_init_irq(sbd, &s->irq);
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
/* ??? Save/restore. */
|
||||
}
|
||||
diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
|
||||
index a6876a936d..475d5f3a34 100644
|
||||
--- a/hw/net/spapr_llan.c
|
||||
+++ b/hw/net/spapr_llan.c
|
||||
@@ -325,7 +325,8 @@ static void spapr_vlan_realize(SpaprVioDevice *sdev, Error **errp)
|
||||
memcpy(&dev->perm_mac.a, &dev->nicconf.macaddr.a, sizeof(dev->perm_mac.a));
|
||||
|
||||
dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf,
|
||||
- object_get_typename(OBJECT(sdev)), sdev->qdev.id, dev);
|
||||
+ object_get_typename(OBJECT(sdev)), sdev->qdev.id,
|
||||
+ &sdev->qdev.mem_reentrancy_guard, dev);
|
||||
qemu_format_nic_info_str(qemu_get_queue(dev->nic), dev->nicconf.macaddr.a);
|
||||
|
||||
dev->rxp_timer = timer_new_us(QEMU_CLOCK_VIRTUAL, spapr_vlan_flush_rx_queue,
|
||||
diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
|
||||
index 8dd60783d8..6768a6912f 100644
|
||||
--- a/hw/net/stellaris_enet.c
|
||||
+++ b/hw/net/stellaris_enet.c
|
||||
@@ -492,7 +492,8 @@ static void stellaris_enet_realize(DeviceState *dev, Error **errp)
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
|
||||
s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/sungem.c b/hw/net/sungem.c
|
||||
index 3684a4d733..c12d44e9dc 100644
|
||||
--- a/hw/net/sungem.c
|
||||
+++ b/hw/net/sungem.c
|
||||
@@ -1361,7 +1361,7 @@ static void sungem_realize(PCIDevice *pci_dev, Error **errp)
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_sungem_info, &s->conf,
|
||||
object_get_typename(OBJECT(dev)),
|
||||
- dev->id, s);
|
||||
+ dev->id, &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic),
|
||||
s->conf.macaddr.a);
|
||||
}
|
||||
diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c
|
||||
index fc34905f87..fa98528d71 100644
|
||||
--- a/hw/net/sunhme.c
|
||||
+++ b/hw/net/sunhme.c
|
||||
@@ -892,7 +892,8 @@ static void sunhme_realize(PCIDevice *pci_dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_sunhme_info, &s->conf,
|
||||
- object_get_typename(OBJECT(d)), d->id, s);
|
||||
+ object_get_typename(OBJECT(d)), d->id,
|
||||
+ &d->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/tulip.c b/hw/net/tulip.c
|
||||
index ca69f7ea5e..985c4c14a4 100644
|
||||
--- a/hw/net/tulip.c
|
||||
+++ b/hw/net/tulip.c
|
||||
@@ -981,7 +981,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp)
|
||||
|
||||
s->nic = qemu_new_nic(&net_tulip_info, &s->c,
|
||||
object_get_typename(OBJECT(pci_dev)),
|
||||
- pci_dev->qdev.id, s);
|
||||
+ pci_dev->qdev.id,
|
||||
+ &pci_dev->qdev.mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
|
||||
index ddaa8fa122..f5f07f8e63 100644
|
||||
--- a/hw/net/virtio-net.c
|
||||
+++ b/hw/net/virtio-net.c
|
||||
@@ -3512,10 +3512,12 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp)
|
||||
* Happen when virtio_net_set_netclient_name has been called.
|
||||
*/
|
||||
n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
|
||||
- n->netclient_type, n->netclient_name, n);
|
||||
+ n->netclient_type, n->netclient_name,
|
||||
+ &dev->mem_reentrancy_guard, n);
|
||||
} else {
|
||||
n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, n);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, n);
|
||||
}
|
||||
|
||||
for (i = 0; i < n->max_queue_pairs; i++) {
|
||||
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
|
||||
index f65af4e9ef..d4df039c55 100644
|
||||
--- a/hw/net/vmxnet3.c
|
||||
+++ b/hw/net/vmxnet3.c
|
||||
@@ -2078,7 +2078,7 @@ static void vmxnet3_net_init(VMXNET3State *s)
|
||||
|
||||
s->nic = qemu_new_nic(&net_vmxnet3_info, &s->conf,
|
||||
object_get_typename(OBJECT(s)),
|
||||
- d->id, s);
|
||||
+ d->id, &d->mem_reentrancy_guard, s);
|
||||
|
||||
s->peer_has_vhdr = vmxnet3_peer_has_vnet_hdr(s);
|
||||
s->tx_sop = true;
|
||||
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
|
||||
index 5c815b4f0c..3d0b7820d3 100644
|
||||
--- a/hw/net/xen_nic.c
|
||||
+++ b/hw/net/xen_nic.c
|
||||
@@ -294,7 +294,8 @@ static int net_init(struct XenLegacyDevice *xendev)
|
||||
}
|
||||
|
||||
netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf,
|
||||
- "xen", NULL, netdev);
|
||||
+ "xen", NULL,
|
||||
+ &xendev->qdev.mem_reentrancy_guard, netdev);
|
||||
|
||||
snprintf(qemu_get_queue(netdev->nic)->info_str,
|
||||
sizeof(qemu_get_queue(netdev->nic)->info_str),
|
||||
diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
|
||||
index 0ab6ae91aa..1f4f277d84 100644
|
||||
--- a/hw/net/xgmac.c
|
||||
+++ b/hw/net/xgmac.c
|
||||
@@ -402,7 +402,8 @@ static void xgmac_enet_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) |
|
||||
diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
|
||||
index 990ff3a1c2..8a34243803 100644
|
||||
--- a/hw/net/xilinx_axienet.c
|
||||
+++ b/hw/net/xilinx_axienet.c
|
||||
@@ -968,7 +968,8 @@ static void xilinx_enet_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
|
||||
tdk_init(&s->TEMAC.phy);
|
||||
diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c
|
||||
index 6e09f7e422..80cb869e22 100644
|
||||
--- a/hw/net/xilinx_ethlite.c
|
||||
+++ b/hw/net/xilinx_ethlite.c
|
||||
@@ -235,7 +235,8 @@ static void xilinx_ethlite_realize(DeviceState *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf,
|
||||
- object_get_typename(OBJECT(dev)), dev->id, s);
|
||||
+ object_get_typename(OBJECT(dev)), dev->id,
|
||||
+ &dev->mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
}
|
||||
|
||||
diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
|
||||
index 6c49c16015..ae447a8bc3 100644
|
||||
--- a/hw/usb/dev-network.c
|
||||
+++ b/hw/usb/dev-network.c
|
||||
@@ -1362,7 +1362,8 @@ static void usb_net_realize(USBDevice *dev, Error **errp)
|
||||
|
||||
qemu_macaddr_default_if_unset(&s->conf.macaddr);
|
||||
s->nic = qemu_new_nic(&net_usbnet_info, &s->conf,
|
||||
- object_get_typename(OBJECT(s)), s->dev.qdev.id, s);
|
||||
+ object_get_typename(OBJECT(s)), s->dev.qdev.id,
|
||||
+ &s->dev.qdev.mem_reentrancy_guard, s);
|
||||
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
|
||||
snprintf(s->usbstring_mac, sizeof(s->usbstring_mac),
|
||||
"%02x%02x%02x%02x%02x%02x",
|
||||
diff --git a/include/net/net.h b/include/net/net.h
|
||||
index 523136c7ac..1457b6c014 100644
|
||||
--- a/include/net/net.h
|
||||
+++ b/include/net/net.h
|
||||
@@ -145,6 +145,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
|
||||
NICConf *conf,
|
||||
const char *model,
|
||||
const char *name,
|
||||
+ MemReentrancyGuard *reentrancy_guard,
|
||||
void *opaque);
|
||||
void qemu_del_nic(NICState *nic);
|
||||
NetClientState *qemu_get_subqueue(NICState *nic, int queue_index);
|
||||
diff --git a/net/net.c b/net/net.c
|
||||
index f0d14dbfc1..669e194c4b 100644
|
||||
--- a/net/net.c
|
||||
+++ b/net/net.c
|
||||
@@ -299,6 +299,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
|
||||
NICConf *conf,
|
||||
const char *model,
|
||||
const char *name,
|
||||
+ MemReentrancyGuard *reentrancy_guard,
|
||||
void *opaque)
|
||||
{
|
||||
NetClientState **peers = conf->peers.ncs;
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,105 @@
|
|||
From d58671091daf8c325a6f1cd87737d94b5fb51d12 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 23 Nov 2023 11:30:46 -0500
|
||||
Subject: [PATCH 2/4] net: Update MemReentrancyGuard for NIC
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 331: net: Provide MemReentrancyGuard * to qemu_new_nic()
|
||||
RH-Jira: RHEL-7309
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
||||
RH-Acked-by: Jason Wang <jasowang@redhat.com>
|
||||
RH-Commit: [2/2] b116efe725dd838c2cab9bd2240112f3c6c46d6a (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
||||
|
||||
Jira: https://issues.redhat.com/browse/RHEL-7309
|
||||
CVE: CVE-2023-3019
|
||||
Upstream: Merged
|
||||
|
||||
commit 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc
|
||||
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
|
||||
Date: Thu Jun 1 12:18:59 2023 +0900
|
||||
|
||||
net: Update MemReentrancyGuard for NIC
|
||||
|
||||
Recently MemReentrancyGuard was added to DeviceState to record that the
|
||||
device is engaging in I/O. The network device backend needs to update it
|
||||
when delivering a packet to a device.
|
||||
|
||||
This implementation follows what bottom half does, but it does not add
|
||||
a tracepoint for the case that the network device backend started
|
||||
delivering a packet to a device which is already engaging in I/O. This
|
||||
is because such reentrancy frequently happens for
|
||||
qemu_flush_queued_packets() and is insignificant.
|
||||
|
||||
Fixes: CVE-2023-3019
|
||||
Reported-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
|
||||
Acked-by: Alexander Bulekov <alxndr@bu.edu>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
include/net/net.h | 1 +
|
||||
net/net.c | 14 ++++++++++++++
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/include/net/net.h b/include/net/net.h
|
||||
index 1457b6c014..11d4564ea1 100644
|
||||
--- a/include/net/net.h
|
||||
+++ b/include/net/net.h
|
||||
@@ -112,6 +112,7 @@ struct NetClientState {
|
||||
typedef struct NICState {
|
||||
NetClientState *ncs;
|
||||
NICConf *conf;
|
||||
+ MemReentrancyGuard *reentrancy_guard;
|
||||
void *opaque;
|
||||
bool peer_deleted;
|
||||
} NICState;
|
||||
diff --git a/net/net.c b/net/net.c
|
||||
index 669e194c4b..b3008a52b7 100644
|
||||
--- a/net/net.c
|
||||
+++ b/net/net.c
|
||||
@@ -312,6 +312,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
|
||||
nic = g_malloc0(info->size + sizeof(NetClientState) * queues);
|
||||
nic->ncs = (void *)nic + info->size;
|
||||
nic->conf = conf;
|
||||
+ nic->reentrancy_guard = reentrancy_guard,
|
||||
nic->opaque = opaque;
|
||||
|
||||
for (i = 0; i < queues; i++) {
|
||||
@@ -767,6 +768,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
|
||||
int iovcnt,
|
||||
void *opaque)
|
||||
{
|
||||
+ MemReentrancyGuard *owned_reentrancy_guard;
|
||||
NetClientState *nc = opaque;
|
||||
int ret;
|
||||
|
||||
@@ -779,12 +781,24 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (nc->info->type != NET_CLIENT_DRIVER_NIC ||
|
||||
+ qemu_get_nic(nc)->reentrancy_guard->engaged_in_io) {
|
||||
+ owned_reentrancy_guard = NULL;
|
||||
+ } else {
|
||||
+ owned_reentrancy_guard = qemu_get_nic(nc)->reentrancy_guard;
|
||||
+ owned_reentrancy_guard->engaged_in_io = true;
|
||||
+ }
|
||||
+
|
||||
if (nc->info->receive_iov && !(flags & QEMU_NET_PACKET_FLAG_RAW)) {
|
||||
ret = nc->info->receive_iov(nc, iov, iovcnt);
|
||||
} else {
|
||||
ret = nc_sendv_compat(nc, iov, iovcnt, flags);
|
||||
}
|
||||
|
||||
+ if (owned_reentrancy_guard) {
|
||||
+ owned_reentrancy_guard->engaged_in_io = false;
|
||||
+ }
|
||||
+
|
||||
if (ret == 0) {
|
||||
nc->receive_disabled = 1;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,376 @@
|
|||
From e11cffc152d9af9194139a37f86e357cb36298e8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
|
||||
Date: Thu, 25 May 2023 12:50:19 +0200
|
||||
Subject: [PATCH 22/22] pc-bios: Add support for List-Directed IPL from ECKD
|
||||
DASD
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||||
RH-MergeRequest: 279: Backport latest s390x-related fixes from upstream QEMU for qemu-kvm in RHEL 8.9
|
||||
RH-Bugzilla: 2169308 2209605
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Commit: [21/21] cab945af05566d892459a7c8ea3f114310d6bb67
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/2209605
|
||||
|
||||
commit 8af5d141713f5d20c4bc1719eb746ef8b1746bd6
|
||||
Author: Jared Rossi <jrossi@linux.ibm.com>
|
||||
Date: Tue Feb 21 12:45:48 2023 -0500
|
||||
|
||||
pc-bios: Add support for List-Directed IPL from ECKD DASD
|
||||
|
||||
Check for a List Directed IPL Boot Record, which would supersede the CCW type
|
||||
entries. If the record is valid, proceed to use the new style pointers
|
||||
and perform LD-IPL. Each block pointer is interpreted as either an LD-IPL
|
||||
pointer or a legacy CCW pointer depending on the type of IPL initiated.
|
||||
|
||||
In either case CCW- or LD-IPL is transparent to the user and will boot the same
|
||||
image regardless of which set of pointers is used. Because the interactive boot
|
||||
menu is only written with the old style pointers, the menu will be disabled for
|
||||
List Directed IPL from ECKD DASD.
|
||||
|
||||
If the LD-IPL fails, retry the IPL using the CCW type pointers.
|
||||
|
||||
If no LD-IPL boot record is found, simply perform CCW type IPL as usual.
|
||||
|
||||
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
|
||||
Message-Id: <20230221174548.1866861-2-jrossi@linux.ibm.com>
|
||||
[thuth: Drop some superfluous parantheses]
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||||
---
|
||||
pc-bios/s390-ccw/bootmap.c | 157 ++++++++++++++++++++++++++++---------
|
||||
pc-bios/s390-ccw/bootmap.h | 30 ++++++-
|
||||
2 files changed, 148 insertions(+), 39 deletions(-)
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
|
||||
index 994e59c0b0..a2137449dc 100644
|
||||
--- a/pc-bios/s390-ccw/bootmap.c
|
||||
+++ b/pc-bios/s390-ccw/bootmap.c
|
||||
@@ -72,42 +72,74 @@ static inline void verify_boot_info(BootInfo *bip)
|
||||
"Bad block size in zIPL section of the 1st record.");
|
||||
}
|
||||
|
||||
-static block_number_t eckd_block_num(EckdCHS *chs)
|
||||
+static void eckd_format_chs(ExtEckdBlockPtr *ptr, bool ldipl,
|
||||
+ uint64_t *c,
|
||||
+ uint64_t *h,
|
||||
+ uint64_t *s)
|
||||
+{
|
||||
+ if (ldipl) {
|
||||
+ *c = ptr->ldptr.chs.cylinder;
|
||||
+ *h = ptr->ldptr.chs.head;
|
||||
+ *s = ptr->ldptr.chs.sector;
|
||||
+ } else {
|
||||
+ *c = ptr->bptr.chs.cylinder;
|
||||
+ *h = ptr->bptr.chs.head;
|
||||
+ *s = ptr->bptr.chs.sector;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static block_number_t eckd_chs_to_block(uint64_t c, uint64_t h, uint64_t s)
|
||||
{
|
||||
const uint64_t sectors = virtio_get_sectors();
|
||||
const uint64_t heads = virtio_get_heads();
|
||||
- const uint64_t cylinder = chs->cylinder
|
||||
- + ((chs->head & 0xfff0) << 12);
|
||||
- const uint64_t head = chs->head & 0x000f;
|
||||
+ const uint64_t cylinder = c + ((h & 0xfff0) << 12);
|
||||
+ const uint64_t head = h & 0x000f;
|
||||
const block_number_t block = sectors * heads * cylinder
|
||||
+ sectors * head
|
||||
- + chs->sector
|
||||
- - 1; /* block nr starts with zero */
|
||||
+ + s - 1; /* block nr starts with zero */
|
||||
return block;
|
||||
}
|
||||
|
||||
-static bool eckd_valid_address(BootMapPointer *p)
|
||||
+static block_number_t eckd_block_num(EckdCHS *chs)
|
||||
{
|
||||
- const uint64_t head = p->eckd.chs.head & 0x000f;
|
||||
+ return eckd_chs_to_block(chs->cylinder, chs->head, chs->sector);
|
||||
+}
|
||||
+
|
||||
+static block_number_t gen_eckd_block_num(ExtEckdBlockPtr *ptr, bool ldipl)
|
||||
+{
|
||||
+ uint64_t cyl, head, sec;
|
||||
+ eckd_format_chs(ptr, ldipl, &cyl, &head, &sec);
|
||||
+ return eckd_chs_to_block(cyl, head, sec);
|
||||
+}
|
||||
|
||||
+static bool eckd_valid_chs(uint64_t cyl, uint64_t head, uint64_t sector)
|
||||
+{
|
||||
if (head >= virtio_get_heads()
|
||||
- || p->eckd.chs.sector > virtio_get_sectors()
|
||||
- || p->eckd.chs.sector <= 0) {
|
||||
+ || sector > virtio_get_sectors()
|
||||
+ || sector <= 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!virtio_guessed_disk_nature() &&
|
||||
- eckd_block_num(&p->eckd.chs) >= virtio_get_blocks()) {
|
||||
+ eckd_chs_to_block(cyl, head, sector) >= virtio_get_blocks()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
-static block_number_t load_eckd_segments(block_number_t blk, uint64_t *address)
|
||||
+static bool eckd_valid_address(ExtEckdBlockPtr *ptr, bool ldipl)
|
||||
+{
|
||||
+ uint64_t cyl, head, sec;
|
||||
+ eckd_format_chs(ptr, ldipl, &cyl, &head, &sec);
|
||||
+ return eckd_valid_chs(cyl, head, sec);
|
||||
+}
|
||||
+
|
||||
+static block_number_t load_eckd_segments(block_number_t blk, bool ldipl,
|
||||
+ uint64_t *address)
|
||||
{
|
||||
block_number_t block_nr;
|
||||
- int j, rc;
|
||||
+ int j, rc, count;
|
||||
BootMapPointer *bprs = (void *)_bprs;
|
||||
bool more_data;
|
||||
|
||||
@@ -117,7 +149,7 @@ static block_number_t load_eckd_segments(block_number_t blk, uint64_t *address)
|
||||
do {
|
||||
more_data = false;
|
||||
for (j = 0;; j++) {
|
||||
- block_nr = eckd_block_num(&bprs[j].xeckd.bptr.chs);
|
||||
+ block_nr = gen_eckd_block_num(&bprs[j].xeckd, ldipl);
|
||||
if (is_null_block_number(block_nr)) { /* end of chunk */
|
||||
break;
|
||||
}
|
||||
@@ -129,11 +161,26 @@ static block_number_t load_eckd_segments(block_number_t blk, uint64_t *address)
|
||||
break;
|
||||
}
|
||||
|
||||
- IPL_assert(block_size_ok(bprs[j].xeckd.bptr.size),
|
||||
+ /* List directed pointer does not store block size */
|
||||
+ IPL_assert(ldipl || block_size_ok(bprs[j].xeckd.bptr.size),
|
||||
"bad chunk block size");
|
||||
- IPL_assert(eckd_valid_address(&bprs[j]), "bad chunk ECKD addr");
|
||||
|
||||
- if ((bprs[j].xeckd.bptr.count == 0) && unused_space(&(bprs[j+1]),
|
||||
+ if (!eckd_valid_address(&bprs[j].xeckd, ldipl)) {
|
||||
+ /*
|
||||
+ * If an invalid address is found during LD-IPL then break and
|
||||
+ * retry as CCW
|
||||
+ */
|
||||
+ IPL_assert(ldipl, "bad chunk ECKD addr");
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (ldipl) {
|
||||
+ count = bprs[j].xeckd.ldptr.count;
|
||||
+ } else {
|
||||
+ count = bprs[j].xeckd.bptr.count;
|
||||
+ }
|
||||
+
|
||||
+ if (count == 0 && unused_space(&bprs[j + 1],
|
||||
sizeof(EckdBlockPtr))) {
|
||||
/* This is a "continue" pointer.
|
||||
* This ptr should be the last one in the current
|
||||
@@ -149,11 +196,10 @@ static block_number_t load_eckd_segments(block_number_t blk, uint64_t *address)
|
||||
/* Load (count+1) blocks of code at (block_nr)
|
||||
* to memory (address).
|
||||
*/
|
||||
- rc = virtio_read_many(block_nr, (void *)(*address),
|
||||
- bprs[j].xeckd.bptr.count+1);
|
||||
+ rc = virtio_read_many(block_nr, (void *)(*address), count + 1);
|
||||
IPL_assert(rc == 0, "code chunk read failed");
|
||||
|
||||
- *address += (bprs[j].xeckd.bptr.count+1) * virtio_get_block_size();
|
||||
+ *address += (count + 1) * virtio_get_block_size();
|
||||
}
|
||||
} while (more_data);
|
||||
return block_nr;
|
||||
@@ -237,8 +283,10 @@ static void run_eckd_boot_script(block_number_t bmt_block_nr,
|
||||
uint64_t address;
|
||||
BootMapTable *bmt = (void *)sec;
|
||||
BootMapScript *bms = (void *)sec;
|
||||
+ /* The S1B block number is NULL_BLOCK_NR if and only if it's an LD-IPL */
|
||||
+ bool ldipl = (s1b_block_nr == NULL_BLOCK_NR);
|
||||
|
||||
- if (menu_is_enabled_zipl()) {
|
||||
+ if (menu_is_enabled_zipl() && !ldipl) {
|
||||
loadparm = eckd_get_boot_menu_index(s1b_block_nr);
|
||||
}
|
||||
|
||||
@@ -249,7 +297,7 @@ static void run_eckd_boot_script(block_number_t bmt_block_nr,
|
||||
memset(sec, FREE_SPACE_FILLER, sizeof(sec));
|
||||
read_block(bmt_block_nr, sec, "Cannot read Boot Map Table");
|
||||
|
||||
- block_nr = eckd_block_num(&bmt->entry[loadparm].xeckd.bptr.chs);
|
||||
+ block_nr = gen_eckd_block_num(&bmt->entry[loadparm].xeckd, ldipl);
|
||||
IPL_assert(block_nr != -1, "Cannot find Boot Map Table Entry");
|
||||
|
||||
memset(sec, FREE_SPACE_FILLER, sizeof(sec));
|
||||
@@ -264,13 +312,18 @@ static void run_eckd_boot_script(block_number_t bmt_block_nr,
|
||||
}
|
||||
|
||||
address = bms->entry[i].address.load_address;
|
||||
- block_nr = eckd_block_num(&bms->entry[i].blkptr.xeckd.bptr.chs);
|
||||
+ block_nr = gen_eckd_block_num(&bms->entry[i].blkptr.xeckd, ldipl);
|
||||
|
||||
do {
|
||||
- block_nr = load_eckd_segments(block_nr, &address);
|
||||
+ block_nr = load_eckd_segments(block_nr, ldipl, &address);
|
||||
} while (block_nr != -1);
|
||||
}
|
||||
|
||||
+ if (ldipl && bms->entry[i].type != BOOT_SCRIPT_EXEC) {
|
||||
+ /* Abort LD-IPL and retry as CCW-IPL */
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
IPL_assert(bms->entry[i].type == BOOT_SCRIPT_EXEC,
|
||||
"Unknown script entry type");
|
||||
write_reset_psw(bms->entry[i].address.load_address); /* no return */
|
||||
@@ -380,6 +433,23 @@ static void ipl_eckd_ldl(ECKD_IPL_mode_t mode)
|
||||
/* no return */
|
||||
}
|
||||
|
||||
+static block_number_t eckd_find_bmt(ExtEckdBlockPtr *ptr)
|
||||
+{
|
||||
+ block_number_t blockno;
|
||||
+ uint8_t tmp_sec[MAX_SECTOR_SIZE];
|
||||
+ BootRecord *br;
|
||||
+
|
||||
+ blockno = gen_eckd_block_num(ptr, 0);
|
||||
+ read_block(blockno, tmp_sec, "Cannot read boot record");
|
||||
+ br = (BootRecord *)tmp_sec;
|
||||
+ if (!magic_match(br->magic, ZIPL_MAGIC)) {
|
||||
+ /* If the boot record is invalid, return and try CCW-IPL instead */
|
||||
+ return NULL_BLOCK_NR;
|
||||
+ }
|
||||
+
|
||||
+ return gen_eckd_block_num(&br->pgt.xeckd, 1);
|
||||
+}
|
||||
+
|
||||
static void print_eckd_msg(void)
|
||||
{
|
||||
char msg[] = "Using ECKD scheme (block size *****), ";
|
||||
@@ -401,28 +471,43 @@ static void print_eckd_msg(void)
|
||||
|
||||
static void ipl_eckd(void)
|
||||
{
|
||||
- XEckdMbr *mbr = (void *)sec;
|
||||
- LDL_VTOC *vlbl = (void *)sec;
|
||||
+ IplVolumeLabel *vlbl = (void *)sec;
|
||||
+ LDL_VTOC *vtoc = (void *)sec;
|
||||
+ block_number_t ldipl_bmt; /* Boot Map Table for List-Directed IPL */
|
||||
|
||||
print_eckd_msg();
|
||||
|
||||
- /* Grab the MBR again */
|
||||
+ /* Block 2 can contain either the CDL VOL1 label or the LDL VTOC */
|
||||
memset(sec, FREE_SPACE_FILLER, sizeof(sec));
|
||||
- read_block(0, mbr, "Cannot read block 0 on DASD");
|
||||
+ read_block(2, vlbl, "Cannot read block 2");
|
||||
|
||||
- if (magic_match(mbr->magic, IPL1_MAGIC)) {
|
||||
- ipl_eckd_cdl(); /* only returns in case of error */
|
||||
- return;
|
||||
+ /*
|
||||
+ * First check for a list-directed-format pointer which would
|
||||
+ * supersede the CCW pointer.
|
||||
+ */
|
||||
+ if (eckd_valid_address((ExtEckdBlockPtr *)&vlbl->f.br, 0)) {
|
||||
+ ldipl_bmt = eckd_find_bmt((ExtEckdBlockPtr *)&vlbl->f.br);
|
||||
+ if (ldipl_bmt) {
|
||||
+ sclp_print("List-Directed\n");
|
||||
+ /* LD-IPL does not use the S1B bock, just make it NULL */
|
||||
+ run_eckd_boot_script(ldipl_bmt, NULL_BLOCK_NR);
|
||||
+ /* Only return in error, retry as CCW-IPL */
|
||||
+ sclp_print("Retrying IPL ");
|
||||
+ print_eckd_msg();
|
||||
+ }
|
||||
+ memset(sec, FREE_SPACE_FILLER, sizeof(sec));
|
||||
+ read_block(2, vtoc, "Cannot read block 2");
|
||||
}
|
||||
|
||||
- /* LDL/CMS? */
|
||||
- memset(sec, FREE_SPACE_FILLER, sizeof(sec));
|
||||
- read_block(2, vlbl, "Cannot read block 2");
|
||||
+ /* Not list-directed */
|
||||
+ if (magic_match(vtoc->magic, VOL1_MAGIC)) {
|
||||
+ ipl_eckd_cdl(); /* may return in error */
|
||||
+ }
|
||||
|
||||
- if (magic_match(vlbl->magic, CMS1_MAGIC)) {
|
||||
+ if (magic_match(vtoc->magic, CMS1_MAGIC)) {
|
||||
ipl_eckd_ldl(ECKD_CMS); /* no return */
|
||||
}
|
||||
- if (magic_match(vlbl->magic, LNX1_MAGIC)) {
|
||||
+ if (magic_match(vtoc->magic, LNX1_MAGIC)) {
|
||||
ipl_eckd_ldl(ECKD_LDL); /* no return */
|
||||
}
|
||||
|
||||
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
|
||||
index 3946aa3f8d..d4690a88c2 100644
|
||||
--- a/pc-bios/s390-ccw/bootmap.h
|
||||
+++ b/pc-bios/s390-ccw/bootmap.h
|
||||
@@ -45,9 +45,23 @@ typedef struct EckdBlockPtr {
|
||||
* it's 0 for TablePtr, ScriptPtr, and SectionPtr */
|
||||
} __attribute__ ((packed)) EckdBlockPtr;
|
||||
|
||||
-typedef struct ExtEckdBlockPtr {
|
||||
+typedef struct LdEckdCHS {
|
||||
+ uint32_t cylinder;
|
||||
+ uint8_t head;
|
||||
+ uint8_t sector;
|
||||
+} __attribute__ ((packed)) LdEckdCHS;
|
||||
+
|
||||
+typedef struct LdEckdBlockPtr {
|
||||
+ LdEckdCHS chs; /* cylinder/head/sector is an address of the block */
|
||||
+ uint8_t reserved[4];
|
||||
+ uint16_t count;
|
||||
+ uint32_t pad;
|
||||
+} __attribute__ ((packed)) LdEckdBlockPtr;
|
||||
+
|
||||
+/* bptr is used for CCW type IPL, while ldptr is for list-directed IPL */
|
||||
+typedef union ExtEckdBlockPtr {
|
||||
EckdBlockPtr bptr;
|
||||
- uint8_t reserved[8];
|
||||
+ LdEckdBlockPtr ldptr;
|
||||
} __attribute__ ((packed)) ExtEckdBlockPtr;
|
||||
|
||||
typedef union BootMapPointer {
|
||||
@@ -57,6 +71,15 @@ typedef union BootMapPointer {
|
||||
ExtEckdBlockPtr xeckd;
|
||||
} __attribute__ ((packed)) BootMapPointer;
|
||||
|
||||
+typedef struct BootRecord {
|
||||
+ uint8_t magic[4];
|
||||
+ uint32_t version;
|
||||
+ uint64_t res1;
|
||||
+ BootMapPointer pgt;
|
||||
+ uint8_t reserved[510 - 32];
|
||||
+ uint16_t os_id;
|
||||
+} __attribute__ ((packed)) BootRecord;
|
||||
+
|
||||
/* aka Program Table */
|
||||
typedef struct BootMapTable {
|
||||
uint8_t magic[4];
|
||||
@@ -292,7 +315,8 @@ typedef struct IplVolumeLabel {
|
||||
struct {
|
||||
unsigned char key[4]; /* == "VOL1" */
|
||||
unsigned char volser[6];
|
||||
- unsigned char reserved[6];
|
||||
+ unsigned char reserved[64];
|
||||
+ EckdCHS br; /* Location of Boot Record for list-directed IPL */
|
||||
} f;
|
||||
};
|
||||
} __attribute__((packed)) IplVolumeLabel;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
From 01c09f31978154f0d2fd699621ae958a8c3ea2a5 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:15:24 -0500
|
||||
Subject: [PATCH 08/13] physmem: add missing memory barrier
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [8/10] f6a9659f7cf40b78de6e85e4a7c06842273aa770
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit 33828ca11da08436e1b32f3e79dabce3061a0427
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Fri Mar 3 14:36:32 2023 +0100
|
||||
|
||||
physmem: add missing memory barrier
|
||||
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
softmmu/physmem.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
|
||||
index 4d0ef5f92f..2b96fad302 100644
|
||||
--- a/softmmu/physmem.c
|
||||
+++ b/softmmu/physmem.c
|
||||
@@ -3087,6 +3087,8 @@ void cpu_register_map_client(QEMUBH *bh)
|
||||
qemu_mutex_lock(&map_client_list_lock);
|
||||
client->bh = bh;
|
||||
QLIST_INSERT_HEAD(&map_client_list, client, link);
|
||||
+ /* Write map_client_list before reading in_use. */
|
||||
+ smp_mb();
|
||||
if (!qatomic_read(&bounce.in_use)) {
|
||||
cpu_notify_map_clients_locked();
|
||||
}
|
||||
@@ -3279,6 +3281,7 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
|
||||
qemu_vfree(bounce.buffer);
|
||||
bounce.buffer = NULL;
|
||||
memory_region_unref(bounce.mr);
|
||||
+ /* Clear in_use before reading map_client_list. */
|
||||
qatomic_mb_set(&bounce.in_use, false);
|
||||
cpu_notify_map_clients();
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
From 57ee29fbb08f7b89ee1b7c75b749392c08af3b03 Mon Sep 17 00:00:00 2001
|
||||
From: Bandan Das <bsd@redhat.com>
|
||||
Date: Thu, 3 Aug 2023 15:23:54 -0400
|
||||
Subject: [PATCH 1/5] qapi, i386/sev: Change the reduced-phys-bits value from 5
|
||||
to 1
|
||||
|
||||
RH-Author: Bandan Das <None>
|
||||
RH-MergeRequest: 296: Updates to SEV reduced-phys-bits parameter
|
||||
RH-Bugzilla: 2214840
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Commit: [1/4] 4137cb3b57cbb175078bc908fb2301ea2b97fd17
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214840
|
||||
|
||||
commit 798a818f50a9bfc01e8b5943090de458863b897b
|
||||
Author: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Date: Fri Sep 30 10:14:27 2022 -0500
|
||||
|
||||
qapi, i386/sev: Change the reduced-phys-bits value from 5 to 1
|
||||
|
||||
A guest only ever experiences, at most, 1 bit of reduced physical
|
||||
addressing. Change the query-sev-capabilities json comment to use 1.
|
||||
|
||||
Fixes: 31dd67f684 ("sev/i386: qmp: add query-sev-capabilities command")
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Message-Id: <cb96d8e09154533af4b4e6988469bc0b32390b65.1664550870.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
RHEL Notes:
|
||||
Conflicts: Context differences, since commit 811b4ec7f8eb<qapi, target/i386/sev: Add cpu0-id to query-sev-capabilities>
|
||||
is missing
|
||||
|
||||
Signed-off-by: Bandan Das <bsd@redhat.com>
|
||||
---
|
||||
qapi/misc-target.json | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
|
||||
index 4bc45d2474..ede9052440 100644
|
||||
--- a/qapi/misc-target.json
|
||||
+++ b/qapi/misc-target.json
|
||||
@@ -205,7 +205,7 @@
|
||||
#
|
||||
# -> { "execute": "query-sev-capabilities" }
|
||||
# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
|
||||
-# "cbitpos": 47, "reduced-phys-bits": 5}}
|
||||
+# "cbitpos": 47, "reduced-phys-bits": 1}}
|
||||
#
|
||||
##
|
||||
{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,177 @@
|
|||
From e7d0e29d1962092af58d0445439671a6e1d91f71 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:10:33 -0500
|
||||
Subject: [PATCH 02/13] qatomic: add smp_mb__before/after_rmw()
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [2/10] 1f87eb3157abcf23f020881cedce42f76497f348
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit ff00bed1897c3d27adc5b0cec6f6eeb5a7d13176
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Thu Mar 2 11:10:56 2023 +0100
|
||||
|
||||
qatomic: add smp_mb__before/after_rmw()
|
||||
|
||||
On ARM, seqcst loads and stores (which QEMU does not use) are compiled
|
||||
respectively as LDAR and STLR instructions. Even though LDAR is
|
||||
also used for load-acquire operations, it also waits for all STLRs to
|
||||
leave the store buffer. Thus, LDAR and STLR alone are load-acquire
|
||||
and store-release operations, but LDAR also provides store-against-load
|
||||
ordering as long as the previous store is a STLR.
|
||||
|
||||
Compare this to ARMv7, where store-release is DMB+STR and load-acquire
|
||||
is LDR+DMB, but an additional DMB is needed between store-seqcst and
|
||||
load-seqcst (e.g. DMB+STR+DMB+LDR+DMB); or with x86, where MOV provides
|
||||
load-acquire and store-release semantics and the two can be reordered.
|
||||
|
||||
Likewise, on ARM sequentially consistent read-modify-write operations only
|
||||
need to use LDAXR and STLXR respectively for the load and the store, while
|
||||
on x86 they need to use the stronger LOCK prefix.
|
||||
|
||||
In a strange twist of events, however, the _stronger_ semantics
|
||||
of the ARM instructions can end up causing bugs on ARM, not on x86.
|
||||
The problems occur when seqcst atomics are mixed with relaxed atomics.
|
||||
|
||||
QEMU's atomics try to bridge the Linux API (that most of the developers
|
||||
are familiar with) and the C11 API, and the two have a substantial
|
||||
difference:
|
||||
|
||||
- in Linux, strongly-ordered atomics such as atomic_add_return() affect
|
||||
the global ordering of _all_ memory operations, including for example
|
||||
READ_ONCE()/WRITE_ONCE()
|
||||
|
||||
- in C11, sequentially consistent atomics (except for seq-cst fences)
|
||||
only affect the ordering of sequentially consistent operations.
|
||||
In particular, since relaxed loads are done with LDR on ARM, they are
|
||||
not ordered against seqcst stores (which are done with STLR).
|
||||
|
||||
QEMU implements high-level synchronization primitives with the idea that
|
||||
the primitives contain the necessary memory barriers, and the callers can
|
||||
use relaxed atomics (qatomic_read/qatomic_set) or even regular accesses.
|
||||
This is very much incompatible with the C11 view that seqcst accesses
|
||||
are only ordered against other seqcst accesses, and requires using seqcst
|
||||
fences as in the following example:
|
||||
|
||||
qatomic_set(&y, 1); qatomic_set(&x, 1);
|
||||
smp_mb(); smp_mb();
|
||||
... qatomic_read(&x) ... ... qatomic_read(&y) ...
|
||||
|
||||
When a qatomic_*() read-modify write operation is used instead of one
|
||||
or both stores, developers that are more familiar with the Linux API may
|
||||
be tempted to omit the smp_mb(), which will work on x86 but not on ARM.
|
||||
|
||||
This nasty difference between Linux and C11 read-modify-write operations
|
||||
has already caused issues in util/async.c and more are being found.
|
||||
Provide something similar to Linux smp_mb__before/after_atomic(); this
|
||||
has the double function of documenting clearly why there is a memory
|
||||
barrier, and avoiding a double barrier on x86 and s390x systems.
|
||||
|
||||
The new macro can already be put to use in qatomic_mb_set().
|
||||
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
docs/devel/atomics.rst | 26 +++++++++++++++++++++-----
|
||||
include/qemu/atomic.h | 17 ++++++++++++++++-
|
||||
2 files changed, 37 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/docs/devel/atomics.rst b/docs/devel/atomics.rst
|
||||
index 52baa0736d..10fbfc58bb 100644
|
||||
--- a/docs/devel/atomics.rst
|
||||
+++ b/docs/devel/atomics.rst
|
||||
@@ -25,7 +25,8 @@ provides macros that fall in three camps:
|
||||
|
||||
- weak atomic access and manual memory barriers: ``qatomic_read()``,
|
||||
``qatomic_set()``, ``smp_rmb()``, ``smp_wmb()``, ``smp_mb()``,
|
||||
- ``smp_mb_acquire()``, ``smp_mb_release()``, ``smp_read_barrier_depends()``;
|
||||
+ ``smp_mb_acquire()``, ``smp_mb_release()``, ``smp_read_barrier_depends()``,
|
||||
+ ``smp_mb__before_rmw()``, ``smp_mb__after_rmw()``;
|
||||
|
||||
- sequentially consistent atomic access: everything else.
|
||||
|
||||
@@ -470,7 +471,7 @@ and memory barriers, and the equivalents in QEMU:
|
||||
sequential consistency.
|
||||
|
||||
- in QEMU, ``qatomic_read()`` and ``qatomic_set()`` do not participate in
|
||||
- the total ordering enforced by sequentially-consistent operations.
|
||||
+ the ordering enforced by read-modify-write operations.
|
||||
This is because QEMU uses the C11 memory model. The following example
|
||||
is correct in Linux but not in QEMU:
|
||||
|
||||
@@ -486,9 +487,24 @@ and memory barriers, and the equivalents in QEMU:
|
||||
because the read of ``y`` can be moved (by either the processor or the
|
||||
compiler) before the write of ``x``.
|
||||
|
||||
- Fixing this requires an ``smp_mb()`` memory barrier between the write
|
||||
- of ``x`` and the read of ``y``. In the common case where only one thread
|
||||
- writes ``x``, it is also possible to write it like this:
|
||||
+ Fixing this requires a full memory barrier between the write of ``x`` and
|
||||
+ the read of ``y``. QEMU provides ``smp_mb__before_rmw()`` and
|
||||
+ ``smp_mb__after_rmw()``; they act both as an optimization,
|
||||
+ avoiding the memory barrier on processors where it is unnecessary,
|
||||
+ and as a clarification of this corner case of the C11 memory model:
|
||||
+
|
||||
+ +--------------------------------+
|
||||
+ | QEMU (correct) |
|
||||
+ +================================+
|
||||
+ | :: |
|
||||
+ | |
|
||||
+ | a = qatomic_fetch_add(&x, 2);|
|
||||
+ | smp_mb__after_rmw(); |
|
||||
+ | b = qatomic_read(&y); |
|
||||
+ +--------------------------------+
|
||||
+
|
||||
+ In the common case where only one thread writes ``x``, it is also possible
|
||||
+ to write it like this:
|
||||
|
||||
+--------------------------------+
|
||||
| QEMU (correct) |
|
||||
diff --git a/include/qemu/atomic.h b/include/qemu/atomic.h
|
||||
index 112a29910b..7855443cab 100644
|
||||
--- a/include/qemu/atomic.h
|
||||
+++ b/include/qemu/atomic.h
|
||||
@@ -243,6 +243,20 @@
|
||||
#define smp_wmb() smp_mb_release()
|
||||
#define smp_rmb() smp_mb_acquire()
|
||||
|
||||
+/*
|
||||
+ * SEQ_CST is weaker than the older __sync_* builtins and Linux
|
||||
+ * kernel read-modify-write atomics. Provide a macro to obtain
|
||||
+ * the same semantics.
|
||||
+ */
|
||||
+#if !defined(QEMU_SANITIZE_THREAD) && \
|
||||
+ (defined(__i386__) || defined(__x86_64__) || defined(__s390x__))
|
||||
+# define smp_mb__before_rmw() signal_barrier()
|
||||
+# define smp_mb__after_rmw() signal_barrier()
|
||||
+#else
|
||||
+# define smp_mb__before_rmw() smp_mb()
|
||||
+# define smp_mb__after_rmw() smp_mb()
|
||||
+#endif
|
||||
+
|
||||
/* qatomic_mb_read/set semantics map Java volatile variables. They are
|
||||
* less expensive on some platforms (notably POWER) than fully
|
||||
* sequentially consistent operations.
|
||||
@@ -257,7 +271,8 @@
|
||||
#if !defined(__SANITIZE_THREAD__) && \
|
||||
(defined(__i386__) || defined(__x86_64__) || defined(__s390x__))
|
||||
/* This is more efficient than a store plus a fence. */
|
||||
-# define qatomic_mb_set(ptr, i) ((void)qatomic_xchg(ptr, i))
|
||||
+# define qatomic_mb_set(ptr, i) \
|
||||
+ ({ (void)qatomic_xchg(ptr, i); smp_mb__after_rmw(); })
|
||||
#else
|
||||
# define qatomic_mb_set(ptr, i) \
|
||||
({ qatomic_store_release(ptr, i); smp_mb(); })
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
From 06c73c4b57dd1f47f819d719a63eb39fbe799304 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Wolf <kwolf@redhat.com>
|
||||
Date: Thu, 12 Jan 2023 20:14:51 +0100
|
||||
Subject: [PATCH 1/4] qcow2: Fix theoretical corruption in store_bitmap() error
|
||||
path
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-MergeRequest: 251: qemu-img: Fix exit code for errors closing the image
|
||||
RH-Bugzilla: 2147617
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Commit: [1/4] d0a26bed7b16db41e7baee1f8f2b3ae54e52dd52
|
||||
|
||||
In order to write the bitmap table to the image file, it is converted to
|
||||
big endian. If the write fails, it is passed to clear_bitmap_table() to
|
||||
free all of the clusters it had allocated before. However, if we don't
|
||||
convert it back to native endianness first, we'll free things at a wrong
|
||||
offset.
|
||||
|
||||
In practical terms, the offsets will be so high that we won't actually
|
||||
free any allocated clusters, but just run into an error, but in theory
|
||||
this can cause image corruption.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Message-Id: <20230112191454.169353-2-kwolf@redhat.com>
|
||||
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit b03dd9613bcf8fe948581b2b3585510cb525c382)
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
---
|
||||
block/qcow2-bitmap.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
|
||||
index 8fb4731551..869069415c 100644
|
||||
--- a/block/qcow2-bitmap.c
|
||||
+++ b/block/qcow2-bitmap.c
|
||||
@@ -115,7 +115,7 @@ static int update_header_sync(BlockDriverState *bs)
|
||||
return bdrv_flush(bs->file->bs);
|
||||
}
|
||||
|
||||
-static inline void bitmap_table_to_be(uint64_t *bitmap_table, size_t size)
|
||||
+static inline void bitmap_table_bswap_be(uint64_t *bitmap_table, size_t size)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
@@ -1401,9 +1401,10 @@ static int store_bitmap(BlockDriverState *bs, Qcow2Bitmap *bm, Error **errp)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- bitmap_table_to_be(tb, tb_size);
|
||||
+ bitmap_table_bswap_be(tb, tb_size);
|
||||
ret = bdrv_pwrite(bs->file, tb_offset, tb, tb_size * sizeof(tb[0]));
|
||||
if (ret < 0) {
|
||||
+ bitmap_table_bswap_be(tb, tb_size);
|
||||
error_setg_errno(errp, -ret, "Failed to write bitmap '%s' to file",
|
||||
bm_name);
|
||||
goto fail;
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
From 2f03293910f3ac559f37d45c95325ae29638003a Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 9 Mar 2023 08:15:14 -0500
|
||||
Subject: [PATCH 07/13] qemu-coroutine-lock: add smp_mb__after_rmw()
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 263: qatomic: add smp_mb__before/after_rmw()
|
||||
RH-Bugzilla: 2168472
|
||||
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
|
||||
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||||
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
RH-Acked-by: David Hildenbrand <david@redhat.com>
|
||||
RH-Commit: [7/10] 9cf1b6d3b0dd154489e75ad54a3000ea58983960
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168472
|
||||
|
||||
commit e3a3b6ec8169eab2feb241b4982585001512cd55
|
||||
Author: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Fri Mar 3 10:52:59 2023 +0100
|
||||
|
||||
qemu-coroutine-lock: add smp_mb__after_rmw()
|
||||
|
||||
mutex->from_push and mutex->handoff in qemu-coroutine-lock implement
|
||||
the familiar pattern:
|
||||
|
||||
write a write b
|
||||
smp_mb() smp_mb()
|
||||
read b read a
|
||||
|
||||
The memory barrier is required by the C memory model even after a
|
||||
SEQ_CST read-modify-write operation such as QSLIST_INSERT_HEAD_ATOMIC.
|
||||
Add it and avoid the unclear qatomic_mb_read() operation.
|
||||
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: David Hildenbrand <david@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
util/qemu-coroutine-lock.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
|
||||
index 2669403839..a03ed0e664 100644
|
||||
--- a/util/qemu-coroutine-lock.c
|
||||
+++ b/util/qemu-coroutine-lock.c
|
||||
@@ -206,10 +206,16 @@ static void coroutine_fn qemu_co_mutex_lock_slowpath(AioContext *ctx,
|
||||
trace_qemu_co_mutex_lock_entry(mutex, self);
|
||||
push_waiter(mutex, &w);
|
||||
|
||||
+ /*
|
||||
+ * Add waiter before reading mutex->handoff. Pairs with qatomic_mb_set
|
||||
+ * in qemu_co_mutex_unlock.
|
||||
+ */
|
||||
+ smp_mb__after_rmw();
|
||||
+
|
||||
/* This is the "Responsibility Hand-Off" protocol; a lock() picks from
|
||||
* a concurrent unlock() the responsibility of waking somebody up.
|
||||
*/
|
||||
- old_handoff = qatomic_mb_read(&mutex->handoff);
|
||||
+ old_handoff = qatomic_read(&mutex->handoff);
|
||||
if (old_handoff &&
|
||||
has_waiters(mutex) &&
|
||||
qatomic_cmpxchg(&mutex->handoff, old_handoff, 0) == old_handoff) {
|
||||
@@ -308,6 +314,7 @@ void coroutine_fn qemu_co_mutex_unlock(CoMutex *mutex)
|
||||
}
|
||||
|
||||
our_handoff = mutex->sequence;
|
||||
+ /* Set handoff before checking for waiters. */
|
||||
qatomic_mb_set(&mutex->handoff, our_handoff);
|
||||
if (!has_waiters(mutex)) {
|
||||
/* The concurrent lock has not added itself yet, so it
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From 648193b48d8aeaded90fd657e3610d8040f505fc Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Wolf <kwolf@redhat.com>
|
||||
Date: Thu, 12 Jan 2023 20:14:53 +0100
|
||||
Subject: [PATCH 3/4] qemu-img bitmap: Report errors while closing the image
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-MergeRequest: 251: qemu-img: Fix exit code for errors closing the image
|
||||
RH-Bugzilla: 2147617
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Commit: [3/4] 8e13e09564718a0badd03af84f036246a46a0eba
|
||||
|
||||
blk_unref() can't report any errors that happen while closing the image.
|
||||
For example, if qcow2 hits an -ENOSPC error while writing out dirty
|
||||
bitmaps when it's closed, it prints error messages to stderr, but
|
||||
'qemu-img bitmap' won't see any error return value and will therefore
|
||||
look successful with exit code 0.
|
||||
|
||||
In order to fix this, manually inactivate the image first before calling
|
||||
blk_unref(). This already performs the operations that would be most
|
||||
likely to fail while closing the image, but it can still return errors.
|
||||
|
||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1330
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Message-Id: <20230112191454.169353-4-kwolf@redhat.com>
|
||||
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit c5e477110dcb8ef4642dce399777c3dee68fa96c)
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
---
|
||||
qemu-img.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/qemu-img.c b/qemu-img.c
|
||||
index 18833f7d69..7d035c0c7f 100644
|
||||
--- a/qemu-img.c
|
||||
+++ b/qemu-img.c
|
||||
@@ -4622,6 +4622,7 @@ static int img_bitmap(int argc, char **argv)
|
||||
QSIMPLEQ_HEAD(, ImgBitmapAction) actions;
|
||||
ImgBitmapAction *act, *act_next;
|
||||
const char *op;
|
||||
+ int inactivate_ret;
|
||||
|
||||
QSIMPLEQ_INIT(&actions);
|
||||
|
||||
@@ -4806,6 +4807,16 @@ static int img_bitmap(int argc, char **argv)
|
||||
ret = 0;
|
||||
|
||||
out:
|
||||
+ /*
|
||||
+ * Manually inactivate the images first because this way we can know whether
|
||||
+ * an error occurred. blk_unref() doesn't tell us about failures.
|
||||
+ */
|
||||
+ inactivate_ret = bdrv_inactivate_all();
|
||||
+ if (inactivate_ret < 0) {
|
||||
+ error_report("Error while closing the image: %s", strerror(-inactivate_ret));
|
||||
+ ret = 1;
|
||||
+ }
|
||||
+
|
||||
blk_unref(src);
|
||||
blk_unref(blk);
|
||||
qemu_opts_del(opts);
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
From 2396df7fe527567e8e78761ef24ea1057ef6fa48 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Wolf <kwolf@redhat.com>
|
||||
Date: Thu, 12 Jan 2023 20:14:52 +0100
|
||||
Subject: [PATCH 2/4] qemu-img commit: Report errors while closing the image
|
||||
|
||||
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-MergeRequest: 251: qemu-img: Fix exit code for errors closing the image
|
||||
RH-Bugzilla: 2147617
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Commit: [2/4] 28f95bf76d1d63e2b0bed0c2ba5206bd3e5ea4f8
|
||||
|
||||
blk_unref() can't report any errors that happen while closing the image.
|
||||
For example, if qcow2 hits an -ENOSPC error while writing out dirty
|
||||
bitmaps when it's closed, it prints error messages to stderr, but
|
||||
'qemu-img commit' won't see any error return value and will therefore
|
||||
look successful with exit code 0.
|
||||
|
||||
In order to fix this, manually inactivate the image first before calling
|
||||
blk_unref(). This already performs the operations that would be most
|
||||
likely to fail while closing the image, but it can still return errors.
|
||||
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Message-Id: <20230112191454.169353-3-kwolf@redhat.com>
|
||||
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit 44efba2d713aca076c411594d0c1a2b99155eeb3)
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
---
|
||||
qemu-img.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/qemu-img.c b/qemu-img.c
|
||||
index f036a1d428..18833f7d69 100644
|
||||
--- a/qemu-img.c
|
||||
+++ b/qemu-img.c
|
||||
@@ -443,6 +443,11 @@ static BlockBackend *img_open(bool image_opts,
|
||||
blk = img_open_file(filename, NULL, fmt, flags, writethrough, quiet,
|
||||
force_share);
|
||||
}
|
||||
+
|
||||
+ if (blk) {
|
||||
+ blk_set_force_allow_inactivate(blk);
|
||||
+ }
|
||||
+
|
||||
return blk;
|
||||
}
|
||||
|
||||
@@ -1110,6 +1115,14 @@ unref_backing:
|
||||
done:
|
||||
qemu_progress_end();
|
||||
|
||||
+ /*
|
||||
+ * Manually inactivate the image first because this way we can know whether
|
||||
+ * an error occurred. blk_unref() doesn't tell us about failures.
|
||||
+ */
|
||||
+ ret = bdrv_inactivate_all();
|
||||
+ if (ret < 0 && !local_err) {
|
||||
+ error_setg_errno(&local_err, -ret, "Error while closing the image");
|
||||
+ }
|
||||
blk_unref(blk);
|
||||
|
||||
if (local_err) {
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,166 @@
|
|||
From 7c6faae20638f58681df223e0ca44e0a6cb60d2d Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Wolf <kwolf@redhat.com>
|
||||
Date: Thu, 12 Jan 2023 20:14:54 +0100
|
||||
Subject: [PATCH 4/4] qemu-iotests: Test qemu-img bitmap/commit exit code on
|
||||
error
|
||||
|
||||
RH-Author: Kevin Wolf <kwolf@redhat.com>
|
||||
RH-MergeRequest: 251: qemu-img: Fix exit code for errors closing the image
|
||||
RH-Bugzilla: 2147617
|
||||
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Commit: [4/4] fb2f9de98ddd2ee1d745119e4f15272ef44e0aae
|
||||
|
||||
This tests that when an error happens while writing back bitmaps to the
|
||||
image file in qcow2_inactivate(), 'qemu-img bitmap/commit' actually
|
||||
return an error value in their exit code instead of making the operation
|
||||
look successful to scripts.
|
||||
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Message-Id: <20230112191454.169353-5-kwolf@redhat.com>
|
||||
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit 07a4e1f8e5418f36424cd57d5d061b090a238c65)
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
---
|
||||
.../qemu-iotests/tests/qemu-img-close-errors | 96 +++++++++++++++++++
|
||||
.../tests/qemu-img-close-errors.out | 23 +++++
|
||||
2 files changed, 119 insertions(+)
|
||||
create mode 100755 tests/qemu-iotests/tests/qemu-img-close-errors
|
||||
create mode 100644 tests/qemu-iotests/tests/qemu-img-close-errors.out
|
||||
|
||||
diff --git a/tests/qemu-iotests/tests/qemu-img-close-errors b/tests/qemu-iotests/tests/qemu-img-close-errors
|
||||
new file mode 100755
|
||||
index 0000000000..50bfb6cfa2
|
||||
--- /dev/null
|
||||
+++ b/tests/qemu-iotests/tests/qemu-img-close-errors
|
||||
@@ -0,0 +1,96 @@
|
||||
+#!/usr/bin/env bash
|
||||
+# group: rw auto quick
|
||||
+#
|
||||
+# Check that errors while closing the image, in particular writing back dirty
|
||||
+# bitmaps, is correctly reported with a failing qemu-img exit code.
|
||||
+#
|
||||
+# Copyright (C) 2023 Red Hat, Inc.
|
||||
+#
|
||||
+# This program is free software; you can redistribute it and/or modify
|
||||
+# it under the terms of the GNU General Public License as published by
|
||||
+# the Free Software Foundation; either version 2 of the License, or
|
||||
+# (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
+#
|
||||
+
|
||||
+# creator
|
||||
+owner=kwolf@redhat.com
|
||||
+
|
||||
+seq="$(basename $0)"
|
||||
+echo "QA output created by $seq"
|
||||
+
|
||||
+status=1 # failure is the default!
|
||||
+
|
||||
+_cleanup()
|
||||
+{
|
||||
+ _cleanup_test_img
|
||||
+}
|
||||
+trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
+
|
||||
+# get standard environment, filters and checks
|
||||
+cd ..
|
||||
+. ./common.rc
|
||||
+. ./common.filter
|
||||
+
|
||||
+_supported_fmt qcow2
|
||||
+_supported_proto file
|
||||
+_supported_os Linux
|
||||
+
|
||||
+size=1G
|
||||
+
|
||||
+# The error we are going to use is ENOSPC. Depending on how many bitmaps we
|
||||
+# create in the backing file (and therefore increase the used up space), we get
|
||||
+# failures in different places. With a low number, only merging the bitmap
|
||||
+# fails, whereas with a higher number, already 'qemu-img commit' fails.
|
||||
+for max_bitmap in 6 7; do
|
||||
+ echo
|
||||
+ echo "=== Test with $max_bitmap bitmaps ==="
|
||||
+
|
||||
+ TEST_IMG="$TEST_IMG.base" _make_test_img -q $size
|
||||
+ for i in $(seq 1 $max_bitmap); do
|
||||
+ $QEMU_IMG bitmap --add "$TEST_IMG.base" "stale-bitmap-$i"
|
||||
+ done
|
||||
+
|
||||
+ # Simulate a block device of 128 MB by resizing the image file accordingly
|
||||
+ # and then enforcing the size with the raw driver
|
||||
+ $QEMU_IO -f raw -c "truncate 128M" "$TEST_IMG.base"
|
||||
+ BASE_JSON='json:{
|
||||
+ "driver": "qcow2",
|
||||
+ "file": {
|
||||
+ "driver": "raw",
|
||||
+ "size": 134217728,
|
||||
+ "file": {
|
||||
+ "driver": "file",
|
||||
+ "filename":"'"$TEST_IMG.base"'"
|
||||
+ }
|
||||
+ }
|
||||
+ }'
|
||||
+
|
||||
+ _make_test_img -q -b "$BASE_JSON" -F $IMGFMT
|
||||
+ $QEMU_IMG bitmap --add "$TEST_IMG" "good-bitmap"
|
||||
+
|
||||
+ $QEMU_IO -c 'write 0 126m' "$TEST_IMG" | _filter_qemu_io
|
||||
+
|
||||
+ $QEMU_IMG commit -d "$TEST_IMG" 2>&1 | _filter_generated_node_ids
|
||||
+ echo "qemu-img commit exit code: ${PIPESTATUS[0]}"
|
||||
+
|
||||
+ $QEMU_IMG bitmap --add "$BASE_JSON" "good-bitmap"
|
||||
+ echo "qemu-img bitmap --add exit code: $?"
|
||||
+
|
||||
+ $QEMU_IMG bitmap --merge "good-bitmap" -b "$TEST_IMG" "$BASE_JSON" \
|
||||
+ "good-bitmap" 2>&1 | _filter_generated_node_ids
|
||||
+ echo "qemu-img bitmap --merge exit code: ${PIPESTATUS[0]}"
|
||||
+done
|
||||
+
|
||||
+# success, all done
|
||||
+echo "*** done"
|
||||
+rm -f $seq.full
|
||||
+status=0
|
||||
+
|
||||
diff --git a/tests/qemu-iotests/tests/qemu-img-close-errors.out b/tests/qemu-iotests/tests/qemu-img-close-errors.out
|
||||
new file mode 100644
|
||||
index 0000000000..1bfe88f176
|
||||
--- /dev/null
|
||||
+++ b/tests/qemu-iotests/tests/qemu-img-close-errors.out
|
||||
@@ -0,0 +1,23 @@
|
||||
+QA output created by qemu-img-close-errors
|
||||
+
|
||||
+=== Test with 6 bitmaps ===
|
||||
+wrote 132120576/132120576 bytes at offset 0
|
||||
+126 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+Image committed.
|
||||
+qemu-img commit exit code: 0
|
||||
+qemu-img bitmap --add exit code: 0
|
||||
+qemu-img: Lost persistent bitmaps during inactivation of node 'NODE_NAME': Failed to write bitmap 'good-bitmap' to file: No space left on device
|
||||
+qemu-img: Error while closing the image: Invalid argument
|
||||
+qemu-img: Lost persistent bitmaps during inactivation of node 'NODE_NAME': Failed to write bitmap 'good-bitmap' to file: No space left on device
|
||||
+qemu-img bitmap --merge exit code: 1
|
||||
+
|
||||
+=== Test with 7 bitmaps ===
|
||||
+wrote 132120576/132120576 bytes at offset 0
|
||||
+126 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
+qemu-img: Lost persistent bitmaps during inactivation of node 'NODE_NAME': Failed to write bitmap 'stale-bitmap-7' to file: No space left on device
|
||||
+qemu-img: Lost persistent bitmaps during inactivation of node 'NODE_NAME': Failed to write bitmap 'stale-bitmap-7' to file: No space left on device
|
||||
+qemu-img: Error while closing the image: Invalid argument
|
||||
+qemu-img commit exit code: 1
|
||||
+qemu-img bitmap --add exit code: 0
|
||||
+qemu-img bitmap --merge exit code: 0
|
||||
+*** done
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
From 095811c08557b0a2ad1a433d28699ead1e5ef664 Mon Sep 17 00:00:00 2001
|
||||
From: Bandan Das <bsd@redhat.com>
|
||||
Date: Thu, 3 Aug 2023 15:12:15 -0400
|
||||
Subject: [PATCH 2/5] qemu-options.hx: Update the reduced-phys-bits
|
||||
documentation
|
||||
|
||||
RH-Author: Bandan Das <None>
|
||||
RH-MergeRequest: 296: Updates to SEV reduced-phys-bits parameter
|
||||
RH-Bugzilla: 2214840
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Commit: [2/4] f8e8f5aeff449a34ce90c6e55e2a51873a6e6a87
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214840
|
||||
|
||||
commit 326e3015c4c6f3197157ea0bb00826ae740e2fad
|
||||
Author: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Date: Fri Sep 30 10:14:28 2022 -0500
|
||||
|
||||
qemu-options.hx: Update the reduced-phys-bits documentation
|
||||
|
||||
A guest only ever experiences, at most, 1 bit of reduced physical
|
||||
addressing. Update the documentation to reflect this as well as change
|
||||
the example value on the reduced-phys-bits option.
|
||||
|
||||
Fixes: a9b4942f48 ("target/i386: add Secure Encrypted Virtualization (SEV) object")
|
||||
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Message-Id: <13a62ced1808546c1d398e2025cf85f4c94ae123.1664550870.git.thomas.lendacky@amd.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
|
||||
Signed-off-by: Bandan Das <bsd@redhat.com>
|
||||
---
|
||||
qemu-options.hx | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/qemu-options.hx b/qemu-options.hx
|
||||
index 4b7798088b..981248e283 100644
|
||||
--- a/qemu-options.hx
|
||||
+++ b/qemu-options.hx
|
||||
@@ -5204,7 +5204,7 @@ SRST
|
||||
physical address space. The ``reduced-phys-bits`` is used to
|
||||
provide the number of bits we loose in physical address space.
|
||||
Similar to C-bit, the value is Host family dependent. On EPYC,
|
||||
- the value should be 5.
|
||||
+ a guest will lose a maximum of 1 bit, so the value should be 1.
|
||||
|
||||
The ``sev-device`` provides the device file to use for
|
||||
communicating with the SEV firmware running inside AMD Secure
|
||||
@@ -5239,7 +5239,7 @@ SRST
|
||||
|
||||
# |qemu_system_x86| \\
|
||||
...... \\
|
||||
- -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \\
|
||||
+ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \\
|
||||
-machine ...,memory-encryption=sev0 \\
|
||||
.....
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue