Hello community, here is the log from the commit of package qemu for openSUSE:Leap:15.2 checked in at 2020-02-10 16:41:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/qemu (Old) and /work/SRC/openSUSE:Leap:15.2/.qemu.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu" Mon Feb 10 16:41:36 2020 rev:99 rq:768537 version:4.2.0 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/qemu/qemu.changes 2020-01-19 15:49:50.177786222 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.qemu.new.26092/qemu.changes 2020-02-10 16:41:52.419721104 +0100 @@ -1,0 +2,40 @@ +Tue Jan 28 16:24:31 UTC 2020 - Bruce Rogers <brog...@suse.com> + +- Stop using system membarriers (ie switch from --enable-membarrier + to --disable-membarrier). This is a blocker for using qemu in the + context of containers (boo#1130134 jsc#SLE-11089) +- Drop this recently added patch - in consultation with upstream it + was decided it needed to be solved a different way (bsc#1159755) + hw-i386-disable-smbus-migration-for-xenf.patch +- Include upstream patches targeted for the next stable release + (bug fixes only) + block-backup-fix-memory-leak-in-bdrv_bac.patch + iscsi-Cap-block-count-from-GET-LBA-STATU.patch + s390x-adapter-routes-error-handling.patch + target-i386-kvm-initialize-feature-MSRs-.patch + +------------------------------------------------------------------- +Fri Jan 24 19:50:50 UTC 2020 - Bruce Rogers <brog...@suse.com> + +- Include upstream patches targeted for the next stable release + (bug fixes only) + hw-i386-pc-fix-regression-in-parsing-vga.patch + m68k-Fix-regression-causing-Single-Step-.patch + migration-Rate-limit-inside-host-pages.patch + migration-test-ppc64-fix-FORTH-test-prog.patch + Revert-vnc-allow-fall-back-to-RAW-encodi.patch + runstate-ignore-finishmigrate-prelaunch-.patch + target-arm-Return-correct-IL-bit-in-merg.patch + target-arm-Set-ISSIs16Bit-in-make_issinf.patch + vnc-prioritize-ZRLE-compression-over-ZLI.patch + +------------------------------------------------------------------- +Fri Jan 24 14:59:33 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org> + +- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. +- Use systemd_ordering in place of systemd_requires: systemd is + never a strict requirement for qemu; but when installing qemu on + a systemd-managed system, we want system to be present first. + +------------------------------------------------------------------- Old: ---- hw-i386-disable-smbus-migration-for-xenf.patch New: ---- Revert-vnc-allow-fall-back-to-RAW-encodi.patch block-backup-fix-memory-leak-in-bdrv_bac.patch hw-i386-pc-fix-regression-in-parsing-vga.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch m68k-Fix-regression-causing-Single-Step-.patch migration-Rate-limit-inside-host-pages.patch migration-test-ppc64-fix-FORTH-test-prog.patch runstate-ignore-finishmigrate-prelaunch-.patch s390x-adapter-routes-error-handling.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch target-i386-kvm-initialize-feature-MSRs-.patch vnc-prioritize-ZRLE-compression-over-ZLI.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qemu.spec ++++++ --- /var/tmp/diff_new_pack.018gpe/_old 2020-02-10 16:41:54.315722441 +0100 +++ /var/tmp/diff_new_pack.018gpe/_new 2020-02-10 16:41:54.319722444 +0100 @@ -87,7 +87,7 @@ %define summary_string Machine emulator and virtualizer %endif -%bcond_without system_membarrier +%bcond_with system_membarrier %define qemuver 4.2.0 %define srcver 4.2.0 @@ -165,48 +165,60 @@ Patch00035: intel_iommu-a-fix-to-vtd_find_as_from_bu.patch Patch00036: target-i386-Add-new-bit-definitions-of-M.patch Patch00037: target-i386-Add-missed-features-to-Coope.patch -Patch00038: XXX-dont-dump-core-on-sigabort.patch -Patch00039: qemu-binfmt-conf-Modify-default-path.patch -Patch00040: qemu-cvs-gettimeofday.patch -Patch00041: qemu-cvs-ioctl_debug.patch -Patch00042: qemu-cvs-ioctl_nodirection.patch -Patch00043: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00044: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00045: linux-user-binfmt-support-host-binaries.patch -Patch00046: linux-user-Fake-proc-cpuinfo.patch -Patch00047: linux-user-use-target_ulong.patch -Patch00048: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00049: linux-user-lseek-explicitly-cast-non-set.patch -Patch00050: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00051: xen_disk-Add-suse-specific-flush-disable.patch -Patch00052: qemu-bridge-helper-reduce-security-profi.patch -Patch00053: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00054: linux-user-properly-test-for-infinite-ti.patch -Patch00055: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00056: Raise-soft-address-space-limit-to-hard-l.patch -Patch00057: increase-x86_64-physical-bits-to-42.patch -Patch00058: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch -Patch00059: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00060: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00061: Switch-order-of-libraries-for-mpath-supp.patch -Patch00062: Make-installed-scripts-explicitly-python.patch -Patch00063: hw-smbios-handle-both-file-formats-regar.patch -Patch00064: xen-add-block-resize-support-for-xen-dis.patch -Patch00065: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00066: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00067: xen-ignore-live-parameter-from-xen-save-.patch -Patch00068: Conditionalize-ui-bitmap-installation-be.patch -Patch00069: tests-change-error-message-in-test-162.patch -Patch00070: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch -Patch00071: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch -Patch00072: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00073: configure-only-populate-roms-if-softmmu.patch -Patch00074: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00075: roms-change-cross-compiler-naming-to-be-.patch -Patch00076: tests-Disable-some-block-tests-for-now.patch -Patch00077: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00078: roms-Makefile-enable-cross-compile-for-b.patch -Patch00079: hw-i386-disable-smbus-migration-for-xenf.patch +Patch00038: hw-i386-pc-fix-regression-in-parsing-vga.patch +Patch00039: migration-test-ppc64-fix-FORTH-test-prog.patch +Patch00040: target-arm-Return-correct-IL-bit-in-merg.patch +Patch00041: target-arm-Set-ISSIs16Bit-in-make_issinf.patch +Patch00042: runstate-ignore-finishmigrate-prelaunch-.patch +Patch00043: migration-Rate-limit-inside-host-pages.patch +Patch00044: m68k-Fix-regression-causing-Single-Step-.patch +Patch00045: Revert-vnc-allow-fall-back-to-RAW-encodi.patch +Patch00046: vnc-prioritize-ZRLE-compression-over-ZLI.patch +Patch00047: target-i386-kvm-initialize-feature-MSRs-.patch +Patch00048: s390x-adapter-routes-error-handling.patch +Patch00049: XXX-dont-dump-core-on-sigabort.patch +Patch00050: qemu-binfmt-conf-Modify-default-path.patch +Patch00051: qemu-cvs-gettimeofday.patch +Patch00052: qemu-cvs-ioctl_debug.patch +Patch00053: qemu-cvs-ioctl_nodirection.patch +Patch00054: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00055: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00056: linux-user-binfmt-support-host-binaries.patch +Patch00057: linux-user-Fake-proc-cpuinfo.patch +Patch00058: linux-user-use-target_ulong.patch +Patch00059: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00060: linux-user-lseek-explicitly-cast-non-set.patch +Patch00061: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00062: xen_disk-Add-suse-specific-flush-disable.patch +Patch00063: qemu-bridge-helper-reduce-security-profi.patch +Patch00064: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00065: linux-user-properly-test-for-infinite-ti.patch +Patch00066: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00067: Raise-soft-address-space-limit-to-hard-l.patch +Patch00068: increase-x86_64-physical-bits-to-42.patch +Patch00069: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch +Patch00070: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00071: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00072: Switch-order-of-libraries-for-mpath-supp.patch +Patch00073: Make-installed-scripts-explicitly-python.patch +Patch00074: hw-smbios-handle-both-file-formats-regar.patch +Patch00075: xen-add-block-resize-support-for-xen-dis.patch +Patch00076: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00077: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00078: xen-ignore-live-parameter-from-xen-save-.patch +Patch00079: Conditionalize-ui-bitmap-installation-be.patch +Patch00080: tests-change-error-message-in-test-162.patch +Patch00081: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch +Patch00082: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch +Patch00083: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00084: configure-only-populate-roms-if-softmmu.patch +Patch00085: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00086: roms-change-cross-compiler-naming-to-be-.patch +Patch00087: tests-Disable-some-block-tests-for-now.patch +Patch00088: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00089: roms-Makefile-enable-cross-compile-for-b.patch +Patch00090: iscsi-Cap-block-count-from-GET-LBA-STATU.patch +Patch00091: block-backup-fix-memory-leak-in-bdrv_bac.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -360,8 +372,8 @@ BuildRequires: rdma-core-devel BuildRequires: snappy-devel BuildRequires: spice-protocol-devel >= 0.12.3 -BuildRequires: systemd -%{?systemd_requires} +BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} %if %{kvm_available} BuildRequires: pkgconfig(udev) %endif @@ -810,7 +822,7 @@ Supplements: modalias(acpi*:QEMU0002%3A*) Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*) -%{?systemd_requires} +%{?systemd_ordering} %description guest-agent This package contains the QEMU guest agent. It is installed in the linux guest @@ -993,6 +1005,18 @@ %patch00077 -p1 %patch00078 -p1 %patch00079 -p1 +%patch00080 -p1 +%patch00081 -p1 +%patch00082 -p1 +%patch00083 -p1 +%patch00084 -p1 +%patch00085 -p1 +%patch00086 -p1 +%patch00087 -p1 +%patch00088 -p1 +%patch00089 -p1 +%patch00090 -p1 +%patch00091 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 ++++++ Raise-soft-address-space-limit-to-hard-l.patch ++++++ --- /var/tmp/diff_new_pack.018gpe/_old 2020-02-10 16:41:54.439722528 +0100 +++ /var/tmp/diff_new_pack.018gpe/_new 2020-02-10 16:41:54.443722531 +0100 @@ -16,7 +16,7 @@ 1 file changed, 12 insertions(+) diff --git a/vl.c b/vl.c -index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644 +index bf0a6345d2394ad25adfe53c4006..68de8184f91c6ef3903859c70526 100644 --- a/vl.c +++ b/vl.c @@ -33,6 +33,7 @@ @@ -27,7 +27,7 @@ #include "sysemu/seccomp.h" #include "sysemu/tcg.h" -@@ -2861,6 +2862,7 @@ int main(int argc, char **argv, char **envp) +@@ -2863,6 +2864,7 @@ int main(int argc, char **argv, char **envp) char *dir, **dirs; BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue); QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list); @@ -35,7 +35,7 @@ os_set_line_buffering(); -@@ -2872,6 +2874,16 @@ int main(int argc, char **argv, char **envp) +@@ -2874,6 +2876,16 @@ int main(int argc, char **argv, char **envp) qemu_mutex_lock_iothread(); ++++++ Revert-vnc-allow-fall-back-to-RAW-encodi.patch ++++++ From: Gerd Hoffmann <kra...@redhat.com> Date: Tue, 21 Jan 2020 07:02:10 +0100 Subject: Revert "vnc: allow fall back to RAW encoding" Git-commit: 0780ec7be82dd4781e9fd216b5d99a125882ff5a This reverts commit de3f7de7f4e257ce44cdabb90f5f17ee99624557. Remove VNC optimization to reencode framebuffer update as raw if it's smaller than the default encoding. QEMU's implementation was naive and didn't account for the ZLIB z_stream mutating with each compression. Because of the mutation, simply resetting the output buffer's offset wasn't sufficient to "rewind" the operation. The mutated z_stream would generate future zlib blocks which referred to symbols in past blocks which weren't sent. This would lead to artifacting. Considering that ZRLE is never larger than raw and even though ZLIB can occasionally be fractionally larger than raw, the overhead of implementing this optimization correctly isn't worth it. Signed-off-by: Cameron Esfahani <di...@apple.com> Signed-off-by: Gerd Hoffmann <kra...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- ui/vnc.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index 87b8045afec2b7d52983914dbc08..f94b3a257ee3add364a0b0bd5101 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -898,8 +898,6 @@ int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) { int n = 0; - bool encode_raw = false; - size_t saved_offs = vs->output.offset; switch(vs->vnc_encoding) { case VNC_ENCODING_ZLIB: @@ -922,24 +920,10 @@ int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); break; default: - encode_raw = true; + vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); + n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); break; } - - /* If the client has the same pixel format as our internal buffer and - * a RAW encoding would need less space fall back to RAW encoding to - * save bandwidth and processing power in the client. */ - if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && - 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { - vs->output.offset = saved_offs; - encode_raw = true; - } - - if (encode_raw) { - vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); - n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); - } - return n; } ++++++ block-backup-fix-memory-leak-in-bdrv_bac.patch ++++++ From: Eiichi Tsukata <de...@etsukata.com> Date: Mon, 23 Dec 2019 18:06:32 +0900 Subject: block/backup: fix memory leak in bdrv_backup_top_append() Git-commit: fb574de81bfdd71fdb0315105a3a7761efb68395 bdrv_open_driver() allocates bs->opaque according to drv->instance_size. There is no need to allocate it and overwrite opaque in bdrv_backup_top_append(). Reproducer: $ QTEST_QEMU_BINARY=./x86_64-softmmu/qemu-system-x86_64 valgrind -q --leak-check=full tests/test-replication -p /replication/secondary/start ==29792== 24 bytes in 1 blocks are definitely lost in loss record 52 of 226 ==29792== at 0x483AB1A: calloc (vg_replace_malloc.c:762) ==29792== by 0x4B07CE0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7) ==29792== by 0x12BAB9: bdrv_open_driver (block.c:1289) ==29792== by 0x12BEA9: bdrv_new_open_driver (block.c:1359) ==29792== by 0x1D15CB: bdrv_backup_top_append (backup-top.c:190) ==29792== by 0x1CC11A: backup_job_create (backup.c:439) ==29792== by 0x1CD542: replication_start (replication.c:544) ==29792== by 0x1401B9: replication_start_all (replication.c:52) ==29792== by 0x128B50: test_secondary_start (test-replication.c:427) ... Fixes: 7df7868b9640 ("block: introduce backup-top filter driver") Signed-off-by: Eiichi Tsukata <de...@etsukata.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> Signed-off-by: Kevin Wolf <kw...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- block/backup-top.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/backup-top.c b/block/backup-top.c index 818d3f26b48da425ba061e21887f..64e9e4f576ab27889fb4c0d8aa0a 100644 --- a/block/backup-top.c +++ b/block/backup-top.c @@ -196,7 +196,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, } top->total_sectors = source->total_sectors; - top->opaque = state = g_new0(BDRVBackupTopState, 1); + state = top->opaque; bdrv_ref(target); state->target = bdrv_attach_child(top, target, "target", &child_file, errp); ++++++ bundles.tar.xz ++++++ Binary files old/b0ca999a43a22b38158a222233d3f5881648bb4f.bundle and new/b0ca999a43a22b38158a222233d3f5881648bb4f.bundle differ Binary files old/roms/ipxe/de4565cbe76ea9f7913a01f331be3ee901bb6e17.bundle and new/roms/ipxe/de4565cbe76ea9f7913a01f331be3ee901bb6e17.bundle differ ++++++ hw-i386-pc-fix-regression-in-parsing-vga.patch ++++++ From: Peter Wu <pe...@lekensteyn.nl> Date: Sat, 21 Dec 2019 17:21:24 +0100 Subject: hw/i386/pc: fix regression in parsing vga cmdline parameter Git-commit: a88c40f02ace88f09b2a85a64831b277b2ebc88c When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0 would refuse to start with a rather cryptic message: $ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet' qemu: can't parse 'vga' parameter: Invalid argument It was not clear whether this applied to the '-vga std' parameter or the '-append' one. Fix the parsing regression and clarify the error. Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()") Cc: Sergio Lopez <s...@redhat.com> Signed-off-by: Peter Wu <pe...@lekensteyn.nl> Message-Id: <20191221162124.1159291-1-pe...@lekensteyn.nl> Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- hw/i386/x86.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 394edc2f720985c0910396181eeb..121650ae511c3814dcdbb908abdc 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -508,6 +508,7 @@ void x86_load_linux(X86MachineState *x86ms, vmode = strstr(kernel_cmdline, "vga="); if (vmode) { unsigned int video_mode; + const char *end; int ret; /* skip "vga=" */ vmode += 4; @@ -518,10 +519,9 @@ void x86_load_linux(X86MachineState *x86ms, } else if (!strncmp(vmode, "ask", 3)) { video_mode = 0xfffd; } else { - ret = qemu_strtoui(vmode, NULL, 0, &video_mode); - if (ret != 0) { - fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n", - strerror(-ret)); + ret = qemu_strtoui(vmode, &end, 0, &video_mode); + if (ret != 0 || (*end && *end != ' ')) { + fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n"); exit(1); } } ++++++ iscsi-Cap-block-count-from-GET-LBA-STATU.patch ++++++ From: Felipe Franciosi <fel...@nutanix.com> Date: Thu, 23 Jan 2020 12:44:59 +0000 Subject: iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) Git-commit: 693fd2acdf14dd86c0bf852610f1c2cca80a74dc When querying an iSCSI server for the provisioning status of blocks (via GET LBA STATUS), Qemu only validates that the response descriptor zero's LBA matches the one requested. Given the SCSI spec allows servers to respond with the status of blocks beyond the end of the LUN, Qemu may have its heap corrupted by clearing/setting too many bits at the end of its allocmap for the LUN. A malicious guest in control of the iSCSI server could carefully program Qemu's heap (by selectively setting the bitmap) and then smash it. This limits the number of bits that iscsi_co_block_status() will try to update in the allocmap so it can't overflow the bitmap. Fixes: CVE-2020-1711 Cc: qemu-sta...@nongnu.org Signed-off-by: Felipe Franciosi <fel...@nutanix.com> Signed-off-by: Peter Turschmid <peter.turs...@nutanix.com> Signed-off-by: Raphael Norwitz <raphael.norw...@nutanix.com> Signed-off-by: Kevin Wolf <kw...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- block/iscsi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/iscsi.c b/block/iscsi.c index 2aea7e3f13f73662a838d2f8187f..cbd57294ab4417a33657af0fbce8 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, struct scsi_get_lba_status *lbas = NULL; struct scsi_lba_status_descriptor *lbasd = NULL; struct IscsiTask iTask; - uint64_t lba; + uint64_t lba, max_bytes; int ret; iscsi_co_init_iscsitask(iscsilun, &iTask); @@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, } lba = offset / iscsilun->block_size; + max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size; qemu_mutex_lock(&iscsilun->mutex); retry: @@ -764,7 +765,7 @@ retry: goto out_unlock; } - *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; + *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes); if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { ++++++ m68k-Fix-regression-causing-Single-Step-.patch ++++++ From: Laurent Vivier <laur...@vivier.eu> Date: Thu, 16 Jan 2020 17:54:54 +0100 Subject: m68k: Fix regression causing Single-Step via GDB/RSP to not single step Git-commit: 322f244aaa80a5208090d41481c1c09c6face66b A regression that was introduced, with the refactor to TranslatorOps, drops two lines that update the PC when single-stepping is being performed. Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps") Reported-by: Lucien Murray-Pitts <lucienmp_antis...@yahoo.com> Suggested-by: Lucien Murray-Pitts <lucienmp_antis...@yahoo.com> Suggested-by: Richard Henderson <richard.hender...@linaro.org> Reviewed-by: Richard Henderson <richard.hender...@linaro.org> Signed-off-by: Laurent Vivier <laur...@vivier.eu> Message-Id: <20200116165454.2076265-1-laur...@vivier.eu> Signed-off-by: Bruce Rogers <brog...@suse.com> --- target/m68k/translate.c | 42 ++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/target/m68k/translate.c b/target/m68k/translate.c index fcdb7bc8e4eeabc2f3b0e336c064..16fae5ac9ec3f729ef402b805e41 100644 --- a/target/m68k/translate.c +++ b/target/m68k/translate.c @@ -289,16 +289,21 @@ static void gen_jmp(DisasContext *s, TCGv dest) s->base.is_jmp = DISAS_JUMP; } -static void gen_exception(DisasContext *s, uint32_t dest, int nr) +static void gen_raise_exception(int nr) { TCGv_i32 tmp; - update_cc_op(s); - tcg_gen_movi_i32(QREG_PC, dest); - tmp = tcg_const_i32(nr); gen_helper_raise_exception(cpu_env, tmp); tcg_temp_free_i32(tmp); +} + +static void gen_exception(DisasContext *s, uint32_t dest, int nr) +{ + update_cc_op(s); + tcg_gen_movi_i32(QREG_PC, dest); + + gen_raise_exception(nr); s->base.is_jmp = DISAS_NORETURN; } @@ -6198,29 +6203,36 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *dc = container_of(dcbase, DisasContext, base); - if (dc->base.is_jmp == DISAS_NORETURN) { - return; - } - if (dc->base.singlestep_enabled) { - gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG)); - return; - } - switch (dc->base.is_jmp) { + case DISAS_NORETURN: + break; case DISAS_TOO_MANY: update_cc_op(dc); - gen_jmp_tb(dc, 0, dc->pc); + if (dc->base.singlestep_enabled) { + tcg_gen_movi_i32(QREG_PC, dc->pc); + gen_raise_exception(EXCP_DEBUG); + } else { + gen_jmp_tb(dc, 0, dc->pc); + } break; case DISAS_JUMP: /* We updated CC_OP and PC in gen_jmp/gen_jmp_im. */ - tcg_gen_lookup_and_goto_ptr(); + if (dc->base.singlestep_enabled) { + gen_raise_exception(EXCP_DEBUG); + } else { + tcg_gen_lookup_and_goto_ptr(); + } break; case DISAS_EXIT: /* * We updated CC_OP and PC in gen_exit_tb, but also modified * other state that may require returning to the main loop. */ - tcg_gen_exit_tb(NULL, 0); + if (dc->base.singlestep_enabled) { + gen_raise_exception(EXCP_DEBUG); + } else { + tcg_gen_exit_tb(NULL, 0); + } break; default: g_assert_not_reached(); ++++++ migration-Rate-limit-inside-host-pages.patch ++++++ From: "Dr. David Alan Gilbert" <dgilb...@redhat.com> Date: Thu, 5 Dec 2019 10:29:18 +0000 Subject: migration: Rate limit inside host pages Git-commit: 97e1e06780e70f6e98a0d2df881e0c0927d3aeb6 When using hugepages, rate limiting is necessary within each huge page, since a 1G huge page can take a significant time to send, so you end up with bursty behaviour. Fixes: 4c011c37ecb3 ("postcopy: Send whole huge pages") Reported-by: Lin Ma <l...@suse.com> Signed-off-by: Dr. David Alan Gilbert <dgilb...@redhat.com> Reviewed-by: Juan Quintela <quint...@redhat.com> Reviewed-by: Peter Xu <pet...@redhat.com> Signed-off-by: Juan Quintela <quint...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- migration/migration.c | 57 ++++++++++++++++++++++++------------------ migration/migration.h | 1 + migration/ram.c | 2 ++ migration/trace-events | 4 +-- 4 files changed, 37 insertions(+), 27 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index 354ad072fa5553333c5b1e0d8023..27500d09a94a8615c935245e23ed 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -3224,6 +3224,37 @@ void migration_consume_urgent_request(void) qemu_sem_wait(&migrate_get_current()->rate_limit_sem); } +/* Returns true if the rate limiting was broken by an urgent request */ +bool migration_rate_limit(void) +{ + int64_t now = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); + MigrationState *s = migrate_get_current(); + + bool urgent = false; + migration_update_counters(s, now); + if (qemu_file_rate_limit(s->to_dst_file)) { + /* + * Wait for a delay to do rate limiting OR + * something urgent to post the semaphore. + */ + int ms = s->iteration_start_time + BUFFER_DELAY - now; + trace_migration_rate_limit_pre(ms); + if (qemu_sem_timedwait(&s->rate_limit_sem, ms) == 0) { + /* + * We were woken by one or more urgent things but + * the timedwait will have consumed one of them. + * The service routine for the urgent wake will dec + * the semaphore itself for each item it consumes, + * so add this one we just eat back. + */ + qemu_sem_post(&s->rate_limit_sem); + urgent = true; + } + trace_migration_rate_limit_post(urgent); + } + return urgent; +} + /* * Master migration thread on the source VM. * It drives the migration and pumps the data down the outgoing channel. @@ -3290,8 +3321,6 @@ static void *migration_thread(void *opaque) trace_migration_thread_setup_complete(); while (migration_is_active(s)) { - int64_t current_time; - if (urgent || !qemu_file_rate_limit(s->to_dst_file)) { MigIterateState iter_state = migration_iteration_run(s); if (iter_state == MIG_ITERATE_SKIP) { @@ -3318,29 +3347,7 @@ static void *migration_thread(void *opaque) update_iteration_initial_status(s); } - current_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); - - migration_update_counters(s, current_time); - - urgent = false; - if (qemu_file_rate_limit(s->to_dst_file)) { - /* Wait for a delay to do rate limiting OR - * something urgent to post the semaphore. - */ - int ms = s->iteration_start_time + BUFFER_DELAY - current_time; - trace_migration_thread_ratelimit_pre(ms); - if (qemu_sem_timedwait(&s->rate_limit_sem, ms) == 0) { - /* We were worken by one or more urgent things but - * the timedwait will have consumed one of them. - * The service routine for the urgent wake will dec - * the semaphore itself for each item it consumes, - * so add this one we just eat back. - */ - qemu_sem_post(&s->rate_limit_sem); - urgent = true; - } - trace_migration_thread_ratelimit_post(urgent); - } + urgent = migration_rate_limit(); } trace_migration_thread_after_loop(); diff --git a/migration/migration.h b/migration/migration.h index 79b3dda146f716955f413383bf39..aa9ff6f27b19d7ee165048aa7b6d 100644 --- a/migration/migration.h +++ b/migration/migration.h @@ -341,5 +341,6 @@ int foreach_not_ignored_block(RAMBlockIterFunc func, void *opaque); void migration_make_urgent_request(void); void migration_consume_urgent_request(void); +bool migration_rate_limit(void); #endif diff --git a/migration/ram.c b/migration/ram.c index 5078f94490de7a1bc71670376078..b6de7d1d5552a0aa39b0d232c2d6 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -2616,6 +2616,8 @@ static int ram_save_host_page(RAMState *rs, PageSearchStatus *pss, pages += tmppages; pss->page++; + /* Allow rate limiting to happen in the middle of huge pages */ + migration_rate_limit(); } while ((pss->page & (pagesize_bits - 1)) && offset_in_ramblock(pss->block, pss->page << TARGET_PAGE_BITS)); diff --git a/migration/trace-events b/migration/trace-events index 6dee7b5389dc2be37b3851820919..2f9129e213d41a6350fe7e968697 100644 --- a/migration/trace-events +++ b/migration/trace-events @@ -138,12 +138,12 @@ migrate_send_rp_recv_bitmap(char *name, int64_t size) "block '%s' size 0x%"PRIi6 migration_completion_file_err(void) "" migration_completion_postcopy_end(void) "" migration_completion_postcopy_end_after_complete(void) "" +migration_rate_limit_pre(int ms) "%d ms" +migration_rate_limit_post(int urgent) "urgent: %d" migration_return_path_end_before(void) "" migration_return_path_end_after(int rp_error) "%d" migration_thread_after_loop(void) "" migration_thread_file_err(void) "" -migration_thread_ratelimit_pre(int ms) "%d ms" -migration_thread_ratelimit_post(int urgent) "urgent: %d" migration_thread_setup_complete(void) "" open_return_path_on_source(void) "" open_return_path_on_source_continue(void) "" ++++++ migration-test-ppc64-fix-FORTH-test-prog.patch ++++++ From: Laurent Vivier <lviv...@redhat.com> Date: Tue, 7 Jan 2020 17:34:37 +0100 Subject: migration-test: ppc64: fix FORTH test program Git-commit: 16c5c6928ff53bd95e6504301ef6c285501531e7 Commit e51e711b1bef has moved the initialization of start_address and end_address after the definition of the command line argument, where the nvramrc is initialized, and thus the loop is between 0 and 0 rather than 1 MiB and 100 MiB. It doesn't affect the result of the test if all the tests are run in sequence because the two first tests don't run the loop, so the values are correctly initialized when we actually need them. But it hangs when we ask to run only one test, for instance: QTEST_QEMU_BINARY=ppc64-softmmu/qemu-system-ppc64 \ tests/migration-test -m=quick -p /ppc64/migration/validate_uuid_error Fixes: e51e711b1bef ("tests/migration: Add migration-test header file") Cc: w...@redhat.com Signed-off-by: Laurent Vivier <lviv...@redhat.com> Message-Id: <20200107163437.52139-1-lviv...@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com> Reviewed-by: Juan Quintela <quint...@redhat.com> Acked-by: David Gibson <da...@gibson.dropbear.id.au> Signed-off-by: Thomas Huth <th...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- tests/migration-test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/migration-test.c b/tests/migration-test.c index ebd77a581affd8872138f6f36d5e..d79980fbe39dfaa3fa89999ee64f 100644 --- a/tests/migration-test.c +++ b/tests/migration-test.c @@ -614,6 +614,8 @@ static int test_migrate_start(QTestState **from, QTestState **to, end_address = S390_TEST_MEM_END; } else if (strcmp(arch, "ppc64") == 0) { extra_opts = use_shmem ? get_shmem_opts("256M", shmem_path) : NULL; + start_address = PPC_TEST_MEM_START; + end_address = PPC_TEST_MEM_END; cmd_src = g_strdup_printf("-machine accel=%s,vsmt=8 -m 256M -nodefaults" " -name source,debug-threads=on" " -serial file:%s/src_serial" @@ -630,8 +632,6 @@ static int test_migrate_start(QTestState **from, QTestState **to, accel, tmpfs, uri, extra_opts ? extra_opts : "", opts_dst); - start_address = PPC_TEST_MEM_START; - end_address = PPC_TEST_MEM_END; } else if (strcmp(arch, "aarch64") == 0) { init_bootfile(bootpath, aarch64_kernel, sizeof(aarch64_kernel)); extra_opts = use_shmem ? get_shmem_opts("150M", shmem_path) : NULL; ++++++ qemu.spec.in ++++++ --- /var/tmp/diff_new_pack.018gpe/_old 2020-02-10 16:41:54.787722774 +0100 +++ /var/tmp/diff_new_pack.018gpe/_new 2020-02-10 16:41:54.787722774 +0100 @@ -87,7 +87,7 @@ %define summary_string Machine emulator and virtualizer %endif -%bcond_without system_membarrier +%bcond_with system_membarrier INSERT_VERSIONING %define srcname qemu @@ -259,8 +259,8 @@ BuildRequires: rdma-core-devel BuildRequires: snappy-devel BuildRequires: spice-protocol-devel >= 0.12.3 -BuildRequires: systemd -%{?systemd_requires} +BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} %if %{kvm_available} BuildRequires: pkgconfig(udev) %endif @@ -709,7 +709,7 @@ Supplements: modalias(acpi*:QEMU0002%3A*) Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*) -%{?systemd_requires} +%{?systemd_ordering} %description guest-agent This package contains the QEMU guest agent. It is installed in the linux guest ++++++ runstate-ignore-finishmigrate-prelaunch-.patch ++++++ From: Laurent Vivier <lviv...@redhat.com> Date: Fri, 29 Nov 2019 12:51:32 +0100 Subject: runstate: ignore finishmigrate -> prelaunch transition Git-commit: ddad81bd28de665475a87693a93e6cf5d6fd8bab Commit 1bd71dce4bf2 tries to prevent a finishmigrate -> prelaunch transition by exiting at the beginning of the main_loop_should_exit() function if the state is already finishmigrate. As the finishmigrate state is set in the migration thread it can happen concurrently to the function. The migration thread and the function are normally protected by the iothread mutex and thus the state should no evolve between the start of the function and its end. Unfortunately during the function life the lock is released by pause_all_vcpus() just before the point we need to be sure we are not in finishmigrate state and if the migration thread is waiting for the lock it will take the opportunity to change the state to finishmigrate. The only way to be sure we are not in the finishmigrate state when we need is to check the state after the pause_all_vcpus() function. Fixes: 1bd71dce4bf2 ("runstate: ignore exit request in finish migrate state") Signed-off-by: Laurent Vivier <lviv...@redhat.com> Signed-off-by: Juan Quintela <quint...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- vl.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/vl.c b/vl.c index 6a65a64bfd647afcf539145f9cf9..bf0a6345d2394ad25adfe53c4006 100644 --- a/vl.c +++ b/vl.c @@ -1745,9 +1745,6 @@ static bool main_loop_should_exit(void) RunState r; ShutdownCause request; - if (runstate_check(RUN_STATE_FINISH_MIGRATE)) { - return false; - } if (preconfig_exit_requested) { if (runstate_check(RUN_STATE_PRECONFIG)) { runstate_set(RUN_STATE_PRELAUNCH); @@ -1776,8 +1773,13 @@ static bool main_loop_should_exit(void) pause_all_vcpus(); qemu_system_reset(request); resume_all_vcpus(); + /* + * runstate can change in pause_all_vcpus() + * as iothread mutex is unlocked + */ if (!runstate_check(RUN_STATE_RUNNING) && - !runstate_check(RUN_STATE_INMIGRATE)) { + !runstate_check(RUN_STATE_INMIGRATE) && + !runstate_check(RUN_STATE_FINISH_MIGRATE)) { runstate_set(RUN_STATE_PRELAUNCH); } } ++++++ s390x-adapter-routes-error-handling.patch ++++++ From: Cornelia Huck <coh...@redhat.com> Date: Thu, 16 Jan 2020 13:10:35 +0100 Subject: s390x: adapter routes error handling Git-commit: 3c5fd8074335c67777d9391b84f97070c35d9c63 If the kernel irqchip has been disabled, we don't want the {add,release}_adapter_routes routines to call any kvm_irqchip_* interfaces, as they may rely on an irqchip actually having been created. Just take a quick exit in that case instead. If you are trying to use irqfd without a kernel irqchip, we will fail with an error. Also initialize routes->gsi[] with -1 in the virtio-ccw handling, to make sure we don't trip over other errors, either. (Nobody else uses the gsi array in that structure.) Fixes: d426d9fba8ea ("s390x/virtio-ccw: wire up irq routing and irqfds") Reviewed-by: Thomas Huth <th...@redhat.com> Acked-by: Christian Borntraeger <borntrae...@de.ibm.com> Message-Id: <20200117111147.5006-1-coh...@redhat.com> Signed-off-by: Cornelia Huck <coh...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- hw/intc/s390_flic_kvm.c | 8 ++++++++ hw/s390x/virtio-ccw.c | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c index c9ee80eaae02dea3a46bbaf82d4a..98cc15868374034d9d18b539dc42 100644 --- a/hw/intc/s390_flic_kvm.c +++ b/hw/intc/s390_flic_kvm.c @@ -331,6 +331,10 @@ static int kvm_s390_add_adapter_routes(S390FLICState *fs, int ret, i; uint64_t ind_offset = routes->adapter.ind_offset; + if (!kvm_gsi_routing_enabled()) { + return -ENOSYS; + } + for (i = 0; i < routes->num_routes; i++) { ret = kvm_irqchip_add_adapter_route(kvm_state, &routes->adapter); if (ret < 0) { @@ -358,6 +362,10 @@ static void kvm_s390_release_adapter_routes(S390FLICState *fs, { int i; + if (!kvm_gsi_routing_enabled()) { + return; + } + for (i = 0; i < routes->num_routes; i++) { if (routes->gsi[i] >= 0) { kvm_irqchip_release_virq(kvm_state, routes->gsi[i]); diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index 6580ce5907dd0b3c87bae8e04923..13f57e7b67f18c644dee4c292fdf 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -697,6 +697,7 @@ static void virtio_ccw_device_realize(VirtioCcwDevice *dev, Error **errp) CCWDeviceClass *ck = CCW_DEVICE_GET_CLASS(ccw_dev); SubchDev *sch; Error *err = NULL; + int i; sch = css_create_sch(ccw_dev->devno, errp); if (!sch) { @@ -717,6 +718,9 @@ static void virtio_ccw_device_realize(VirtioCcwDevice *dev, Error **errp) ccw_dev->sch = sch; dev->indicators = NULL; dev->revision = -1; + for (i = 0; i < ADAPTER_ROUTES_MAX_GSI; i++) { + dev->routes.gsi[i] = -1; + } css_sch_build_virtual_schib(sch, 0, VIRTIO_CCW_CHPID_TYPE); trace_virtio_ccw_new_device( ++++++ target-arm-Return-correct-IL-bit-in-merg.patch ++++++ From: Jeff Kubascik <jeff.kubas...@dornerworks.com> Date: Fri, 17 Jan 2020 14:09:31 +0000 Subject: target/arm: Return correct IL bit in merge_syn_data_abort Git-commit: 30d544839e278dc76017b9a42990c41e84a34377 The IL bit is set for 32-bit instructions, thus passing false with the is_16bit parameter to syn_data_abort_with_iss() makes a syn mask that always has the IL bit set. Pass is_16bit as true to make the initial syn mask have IL=0, so that the final IL value comes from or'ing template_syn. Cc: qemu-sta...@nongnu.org Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts") Signed-off-by: Jeff Kubascik <jeff.kubas...@dornerworks.com> Signed-off-by: Richard Henderson <richard.hender...@linaro.org> Message-id: 20200117004618.2742-2-richard.hender...@linaro.org [rth: Extracted this as a self-contained bug fix from a larger patch] Signed-off-by: Richard Henderson <richard.hender...@linaro.org> Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Bruce Rogers <brog...@suse.com> --- target/arm/tlb_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c index 5feb3129417a5c55bdbe6b77b540..e63f8bda29636d8b23eead31004a 100644 --- a/target/arm/tlb_helper.c +++ b/target/arm/tlb_helper.c @@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, syn = syn_data_abort_with_iss(same_el, 0, 0, 0, 0, 0, ea, 0, s1ptw, is_write, fsc, - false); + true); /* Merge the runtime syndrome with the template syndrome. */ syn |= template_syn; } ++++++ target-arm-Set-ISSIs16Bit-in-make_issinf.patch ++++++ From: Richard Henderson <richard.hender...@linaro.org> Date: Fri, 17 Jan 2020 14:09:31 +0000 Subject: target/arm: Set ISSIs16Bit in make_issinfo Git-commit: 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 During the conversion to decodetree, the setting of ISSIs16Bit got lost. This causes the guest os to incorrectly adjust trapping memory operations. Cc: qemu-sta...@nongnu.org Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)") Reported-by: Jeff Kubascik <jeff.kubas...@dornerworks.com> Signed-off-by: Richard Henderson <richard.hender...@linaro.org> Message-id: 20200117004618.2742-3-richard.hender...@linaro.org Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Bruce Rogers <brog...@suse.com> --- target/arm/translate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target/arm/translate.c b/target/arm/translate.c index 4d5d4bd8886c138196cec746f0e7..24e3d6619b202c78835dc068a2ce 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -8552,6 +8552,9 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w) /* ISS not valid if writeback */ if (p && !w) { ret = rd; + if (s->base.pc_next - s->pc_curr == 2) { + ret |= ISSIs16Bit; + } } else { ret = ISSInvalid; } ++++++ target-i386-kvm-initialize-feature-MSRs-.patch ++++++ From: Paolo Bonzini <pbonz...@redhat.com> Date: Mon, 20 Jan 2020 19:21:42 +0100 Subject: target/i386: kvm: initialize feature MSRs very early Git-commit: 420ae1fc51c99abfd03b1c590f55617edd2a2bed Some read-only MSRs affect the behavior of ioctls such as KVM_SET_NESTED_STATE. We can initialize them once and for all right after the CPU is realized, since they will never be modified by the guest. Reported-by: Qingua Cheng <qch...@redhat.com> Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> Message-Id: <1579544504-3616-2-git-send-email-pbonz...@redhat.com> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- target/i386/kvm.c | 81 +++++++++++++++++++++++++----------------- target/i386/kvm_i386.h | 1 + 2 files changed, 49 insertions(+), 33 deletions(-) diff --git a/target/i386/kvm.c b/target/i386/kvm.c index 1d10046a6c31b1f412b403c3ab20..b8ea67a644c802358826a840bdf1 100644 --- a/target/i386/kvm.c +++ b/target/i386/kvm.c @@ -67,6 +67,8 @@ * 255 kvm_msr_entry structs */ #define MSR_BUF_SIZE 4096 +static void kvm_init_msrs(X86CPU *cpu); + const KVMCapabilityInfo kvm_arch_required_capabilities[] = { KVM_CAP_INFO(SET_TSS_ADDR), KVM_CAP_INFO(EXT_CPUID), @@ -1842,6 +1844,8 @@ int kvm_arch_init_vcpu(CPUState *cs) has_msr_tsc_aux = false; } + kvm_init_msrs(cpu); + r = hyperv_init_vcpu(cpu); if (r) { goto fail; @@ -2660,11 +2664,53 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f) VMCS12_MAX_FIELD_INDEX << 1); } +static int kvm_buf_set_msrs(X86CPU *cpu) +{ + int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); + if (ret < 0) { + return ret; + } + + if (ret < cpu->kvm_msr_buf->nmsrs) { + struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; + error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, + (uint32_t)e->index, (uint64_t)e->data); + } + + assert(ret == cpu->kvm_msr_buf->nmsrs); + return 0; +} + +static void kvm_init_msrs(X86CPU *cpu) +{ + CPUX86State *env = &cpu->env; + + kvm_msr_buf_reset(cpu); + if (has_msr_arch_capabs) { + kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, + env->features[FEAT_ARCH_CAPABILITIES]); + } + + if (has_msr_core_capabs) { + kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, + env->features[FEAT_CORE_CAPABILITY]); + } + + /* + * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but + * all kernels with MSR features should have them. + */ + if (kvm_feature_msrs && cpu_has_vmx(env)) { + kvm_msr_entry_add_vmx(cpu, env->features); + } + + assert(kvm_buf_set_msrs(cpu) == 0); +} + static int kvm_put_msrs(X86CPU *cpu, int level) { CPUX86State *env = &cpu->env; int i; - int ret; kvm_msr_buf_reset(cpu); @@ -2722,17 +2768,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) } #endif - /* If host supports feature MSR, write down. */ - if (has_msr_arch_capabs) { - kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, - env->features[FEAT_ARCH_CAPABILITIES]); - } - - if (has_msr_core_capabs) { - kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, - env->features[FEAT_CORE_CAPABILITY]); - } - /* * The following MSRs have side effects on the guest or are too heavy * for normal writeback. Limit them to reset or full state updates. @@ -2910,14 +2945,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see * kvm_put_msr_feature_control. */ - - /* - * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but - * all kernels with MSR features should have them. - */ - if (kvm_feature_msrs && cpu_has_vmx(env)) { - kvm_msr_entry_add_vmx(cpu, env->features); - } } if (env->mcg_cap) { @@ -2933,19 +2960,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level) } } - ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); - if (ret < 0) { - return ret; - } - - if (ret < cpu->kvm_msr_buf->nmsrs) { - struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; - error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, - (uint32_t)e->index, (uint64_t)e->data); - } - - assert(ret == cpu->kvm_msr_buf->nmsrs); - return 0; + return kvm_buf_set_msrs(cpu); } diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h index 06fe06bdb3d6d647d8cfb0eee87b..d98c6f69d08af549fe5f31fc4264 100644 --- a/target/i386/kvm_i386.h +++ b/target/i386/kvm_i386.h @@ -66,4 +66,5 @@ bool kvm_enable_x2apic(void); bool kvm_has_x2apic_api(void); bool kvm_hv_vpindex_settable(void); + #endif ++++++ update_git.sh ++++++ --- /var/tmp/diff_new_pack.018gpe/_old 2020-02-10 16:41:54.935722878 +0100 +++ /var/tmp/diff_new_pack.018gpe/_new 2020-02-10 16:41:54.935722878 +0100 @@ -683,7 +683,11 @@ fi else SOURCE_VERSION=$MAJOR_VERSION.$MINOR_VERSION.$X - GIT_BRANCH=opensuse-$MAJOR_VERSION.$[$MINOR_VERSION+1] + if [ "$NEXT_RELEASE_IS_MAJOR" = "0" ]; then + GIT_BRANCH=opensuse-$MAJOR_VERSION.$[$MINOR_VERSION+1] + else + GIT_BRANCH=opensuse-$[MAJOR_VERSION+1].0 + fi fi WRITE_LOG=0 echo "Processing LATEST upstream changes" ++++++ vnc-prioritize-ZRLE-compression-over-ZLI.patch ++++++ From: Cameron Esfahani <di...@apple.com> Date: Mon, 20 Jan 2020 21:00:52 -0800 Subject: vnc: prioritize ZRLE compression over ZLIB Git-commit: 557ba0e57200014bd4f453f6516f02b61bdfc782 In my investigation, ZRLE always compresses better than ZLIB so prioritize ZRLE over ZLIB, even if the client hints that ZLIB is preferred. zlib buffer is always reset in zrle_compress_data(), so using offset to calculate next_out and avail_out is useless. Signed-off-by: Cameron Esfahani <di...@apple.com> Message-Id: <b5d129895d08a90d0a2a6183b95875bacfa998b8.1579582674.git.di...@apple.com> Signed-off-by: Gerd Hoffmann <kra...@redhat.com> Signed-off-by: Bruce Rogers <brog...@suse.com> --- ui/vnc-enc-zrle.c | 4 ++-- ui/vnc.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ui/vnc-enc-zrle.c b/ui/vnc-enc-zrle.c index 17fd28a2e2b078bd135496e75c6b..b4f71e32cfe8ca3dd645103f999d 100644 --- a/ui/vnc-enc-zrle.c +++ b/ui/vnc-enc-zrle.c @@ -98,8 +98,8 @@ static int zrle_compress_data(VncState *vs, int level) /* set pointers */ zstream->next_in = vs->zrle->zrle.buffer; zstream->avail_in = vs->zrle->zrle.offset; - zstream->next_out = vs->zrle->zlib.buffer + vs->zrle->zlib.offset; - zstream->avail_out = vs->zrle->zlib.capacity - vs->zrle->zlib.offset; + zstream->next_out = vs->zrle->zlib.buffer; + zstream->avail_out = vs->zrle->zlib.capacity; zstream->data_type = Z_BINARY; /* start encoding */ diff --git a/ui/vnc.c b/ui/vnc.c index f94b3a257ee3add364a0b0bd5101..70bd8bf05d163e2ef0911c3b19fd 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2077,8 +2077,15 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) break; #endif case VNC_ENCODING_ZLIB: - vs->features |= VNC_FEATURE_ZLIB_MASK; - vs->vnc_encoding = enc; + /* + * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB. + * So prioritize ZRLE, even if the client hints that it prefers + * ZLIB. + */ + if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) { + vs->features |= VNC_FEATURE_ZLIB_MASK; + vs->vnc_encoding = enc; + } break; case VNC_ENCODING_ZRLE: vs->features |= VNC_FEATURE_ZRLE_MASK;