packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QEMU update to version 6.2.0-82(master)

Browse Source 
- thread-pool: optimize scheduling of completion bottom half
- migration/rdma: zore out head.repeat to make the error more clear
- vhost-user-fs: Back up vqs before cleaning up vhost_dev
- hw/vfio/pci-quirks: Sanitize capability pointer
- hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques
- replay: fix event queue flush for qemu shutdown
- hw/net: Fix read of uninitialized memory in ftgmac100
- target/ppc: Fix tlbie
- target/i386: fix INVD vmexit
- qtest/npcm7xx_pwm-test: Fix memory leak in mft_qom_set
- aio-posix: zero out io_uring sqe user_data

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
This commit is contained in:
Jiabo Feng 2023-10-30 16:13:24 +08:00
parent c98850e210
commit 0b0e518312
12 changed files with 564 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
aio-posix-zero-out-io_uring-sqe-user_data.patch Normal file
View File

@ -0,0 +1,44 @@
From c670a3038a0b7dffda79672a63c84609459218c6 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Tue, 12 Sep 2023 10:22:09 +0800
Subject: [PATCH] aio-posix: zero out io_uring sqe user_data
cheery-pick from 87ec6f55af38e29be5b2b65a8acf84da73e06d06
liburing does not clear sqe->user_data. We must do it ourselves to avoid
undefined behavior in process_cqe() when user_data is used.
Note that fdmon-io_uring is currently disabled, so this is a latent bug
that does not affect users. Let's merge this fix now to make it easier
to enable fdmon-io_uring in the future (and I'm working on that).
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230426212639.82310-1-stefanha@redhat.com>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
util/fdmon-io_uring.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c
index ab43052dd7..35165bcb46 100644
--- a/util/fdmon-io_uring.c
+++ b/util/fdmon-io_uring.c
@@ -184,6 +184,7 @@ static void add_poll_remove_sqe(AioContext *ctx, AioHandler *node)
#else
io_uring_prep_poll_remove(sqe, node);
#endif
+ io_uring_sqe_set_data(sqe, NULL);
}
/* Add a timeout that self-cancels when another cqe becomes ready */
@@ -197,6 +198,7 @@ static void add_timeout_sqe(AioContext *ctx, int64_t ns)
sqe = get_sqe(ctx);
io_uring_prep_timeout(sqe, &ts, 1, 0);
+ io_uring_sqe_set_data(sqe, NULL);
}
/* Add sqes from ctx->submit_list for submission */
--
2.41.0.windows.1

49
hw-net-Fix-read-of-uninitialized-memory-in-ftgmac100.patch Normal file
View File

@ -0,0 +1,49 @@
From 967c8f6e799756baf95c025ba8107206c3afd398 Mon Sep 17 00:00:00 2001
From: dinglimin_yewu <dinglimin_yewu@cmss.chinamobile.com>
Date: Thu, 28 Sep 2023 16:25:23 +0800
Subject: [PATCH] hw/net: Fix read of uninitialized memory in ftgmac100
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cheery-pick from 036e98e5c2b4e25c8d6ccbddb85c7ab05a753f6a
With the `size += 4` before the call to `crc32`, the CRC calculation
would overrun the buffer. Size is used in the while loop starting on
line 1009 to determine how much data to write back, with the last
four bytes coming from `crc_ptr`, so do need to increase it, but should
do this after the computation.
I'm unsure why this use of uninitialized memory in the CRC doesn't
result in CRC errors, but it seems clear to me that it should not be
included in the calculation.
Signed-off-by: Stephen Longfield <slongfield@google.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-Id: <20221220221437.3303721-1-slongfield@google.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: dinglimin_yewu <dinglimin_yewu@cmss.chinamobile.com>
---
hw/net/ftgmac100.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index 83ef0a783e..d3bf14be53 100644
--- a/hw/net/ftgmac100.c
+++ b/hw/net/ftgmac100.c
@@ -980,9 +980,9 @@ static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf,
return size;
}
- /* 4 bytes for the CRC. */
- size += 4;
crc = cpu_to_be32(crc32(~0, buf, size));
+ /* Increase size by 4, loop below reads the last 4 bytes from crc_ptr. */
+ size += 4;
crc_ptr = (uint8_t *) &crc;
/* Huge frames are truncated. */
--
2.41.0.windows.1

60
hw-vfio-pci-quirks-Sanitize-capability-pointer.patch Normal file
View File

@ -0,0 +1,60 @@
From 193240c79f5c95aaf86b2998975189f1873ebcec Mon Sep 17 00:00:00 2001
From: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
Date: Fri, 18 Aug 2023 14:41:45 +0800
Subject: [PATCH] hw/vfio/pci-quirks: Sanitize capability pointer Coverity
reports a tained scalar when traversing the capabilities chain (CID 1516589).
In practice I've never seen a device with a chain so broken as to cause an
issue, but it's also pretty easy to sanitize.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes: f6b30c1 ("hw/vfio/pci-quirks: Support alternate offset for
GPUDirect Cliques")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Zhongrui Tang <tangzhongrui_yewu@cmss.chinamobile.com>
---
hw/vfio/pci-quirks.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index 7a8e6efcdc..a911e04a79 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -1717,6 +1717,12 @@ const PropertyInfo qdev_prop_nv_gpudirect_clique = {
.set = set_nv_gpudirect_clique_id,
};
+static bool is_valid_std_cap_offset(uint8_t pos)
+{
+ return (pos >= PCI_STD_HEADER_SIZEOF &&
+ pos <= (PCI_CFG_SPACE_SIZE - PCI_CAP_SIZEOF));
+}
+
static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
{
PCIDevice *pdev = &vdev->pdev;
@@ -1750,7 +1756,7 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
*/
ret = pread(vdev->vbasedev.fd, &tmp, 1,
vdev->config_offset + PCI_CAPABILITY_LIST);
- if (ret != 1 || !tmp) {
+ if (ret != 1 || !is_valid_std_cap_offset(tmp)) {
error_setg(errp, "NVIDIA GPUDirect Clique ID: error getting cap list");
return -EINVAL;
}
@@ -1762,7 +1768,7 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
d4_conflict = true;
}
tmp = pdev->config[tmp + PCI_CAP_LIST_NEXT];
- } while (tmp);
+ } while (is_valid_std_cap_offset(tmp));
if (!c8_conflict) {
pos = 0xC8;
--
2.41.0.windows.1

95
hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch Normal file
View File

@ -0,0 +1,95 @@
From d672e2f137933b26bd9b3488a873830435eadba5 Mon Sep 17 00:00:00 2001
From: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
Date: Thu, 3 Aug 2023 15:10:16 +0800
Subject: [PATCH] hw/vfio/pci-quirks: Support alternate offset for GPUDirect
Cliques
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
NVIDIA Turing and newer GPUs implement the MSI-X capability at the offset
previously reserved for use by hypervisors to implement the GPUDirect
Cliques capability. A revised specification provides an alternate
location. Add a config space walk to the quirk to check for conflicts,
allowing us to fall back to the new location or generate an error at the
quirk setup rather than when the real conflicting capability is added
should there be no available location.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Zhongrui Tang <tangzhongrui_yewu@cmss.chinamobile.com>
---
hw/vfio/pci-quirks.c | 41 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index 1222ccff0b..7a8e6efcdc 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -1677,6 +1677,9 @@ void vfio_setup_resetfn_quirk(VFIOPCIDevice *vdev)
* +---------------------------------+---------------------------------+
*
* https://lists.gnu.org/archive/html/qemu-devel/2017-08/pdfUda5iEpgOS.pdf
+ *
+ * Specification for Turning and later GPU architectures:
+ * https://lists.gnu.org/archive/html/qemu-devel/2023-06/pdf142OR4O4c2.pdf
*/
static void get_nv_gpudirect_clique_id(Object *obj, Visitor *v,
const char *name, void *opaque,
@@ -1717,7 +1720,9 @@ const PropertyInfo qdev_prop_nv_gpudirect_clique = {
static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
{
PCIDevice *pdev = &vdev->pdev;
- int ret, pos = 0xC8;
+ int ret, pos;
+ bool c8_conflict = false, d4_conflict = false;
+ uint8_t tmp;
if (vdev->nv_gpudirect_clique == 0xFF) {
return 0;
@@ -1734,6 +1739,40 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
return -EINVAL;
}
+ /*
+ * Per the updated specification above, it's recommended to use offset
+ * D4h for Turing and later GPU architectures due to a conflict of the
+ * MSI-X capability at C8h. We don't know how to determine the GPU
+ * architecture, instead we walk the capability chain to mark conflicts
+ * and choose one or error based on the result.
+ *
+ * NB. Cap list head in pdev->config is already cleared, read from device.
+ */
+ ret = pread(vdev->vbasedev.fd, &tmp, 1,
+ vdev->config_offset + PCI_CAPABILITY_LIST);
+ if (ret != 1 || !tmp) {
+ error_setg(errp, "NVIDIA GPUDirect Clique ID: error getting cap list");
+ return -EINVAL;
+ }
+
+ do {
+ if (tmp == 0xC8) {
+ c8_conflict = true;
+ } else if (tmp == 0xD4) {
+ d4_conflict = true;
+ }
+ tmp = pdev->config[tmp + PCI_CAP_LIST_NEXT];
+ } while (tmp);
+
+ if (!c8_conflict) {
+ pos = 0xC8;
+ } else if (!d4_conflict) {
+ pos = 0xD4;
+ } else {
+ error_setg(errp, "NVIDIA GPUDirect Clique ID: invalid config space");
+ return -EINVAL;
+ }
+
ret = pci_add_capability(pdev, PCI_CAP_ID_VNDR, pos, 8, errp);
if (ret < 0) {
error_prepend(errp, "Failed to add NVIDIA GPUDirect cap: ");
--
2.41.0.windows.1

43
migration-rdma-zore-out-head.repeat-to-make-the-erro.patch Normal file
View File

@ -0,0 +1,43 @@
From e65dfad1fd7832fc206f3a22479169fcb4527317 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Mon, 9 Oct 2023 18:11:54 +0800
Subject: [PATCH] migration/rdma: zore out head.repeat to make the error more
clear
cheery-pick from 2ada4b63f1764d13a2b9ca9cbeb5feda46ab6851
Previously, we got a confusion error that complains
the RDMAControlHeader.repeat:
qemu-system-x86_64: rdma: Too many requests in this message (3638950032).Bailing.
Actually, it's caused by an unexpected RDMAControlHeader.type.
After this patch, error will become:
qemu-system-x86_64: Unknown control message QEMU FILE
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230926100103.201564-2-lizhijian@fujitsu.com>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
migration/rdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/rdma.c b/migration/rdma.c
index f5d3bbe7e9..60c856dd2f 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2866,7 +2866,7 @@ static ssize_t qio_channel_rdma_writev(QIOChannel *ioc,
size_t remaining = iov[i].iov_len;
uint8_t * data = (void *)iov[i].iov_base;
while (remaining) {
- RDMAControlHeader head;
+ RDMAControlHeader head = {};
len = MIN(remaining, RDMA_SEND_INCREMENT);
remaining -= len;
--
2.41.0.windows.1

26
qemu.spec
View File

@ -3,7 +3,7 @@
Name: qemu
Version: 6.2.0
Release: 81
Release: 82
Epoch: 10
Summary: QEMU is a generic and open source machine emulator and virtualizer
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -572,6 +572,17 @@ Patch0557: tests-qtest-pflash-Clean-up-local-variable-shadowing.patch
Patch0558: ui-fix-crash-when-there-are-no-active_console.patch
Patch0559: ppc-vof-Fix-missed-fields-in-VOF-cleanup.patch
Patch0560: hw-nvme-Avoid-dynamic-stack-allocation.patch
Patch0561: aio-posix-zero-out-io_uring-sqe-user_data.patch
Patch0562: qtest-npcm7xx_pwm-test-Fix-memory-leak-in-mft_qom_se.patch
Patch0563: target-i386-fix-INVD-vmexit.patch
Patch0564: target-ppc-Fix-tlbie.patch
Patch0565: hw-net-Fix-read-of-uninitialized-memory-in-ftgmac100.patch
Patch0566: replay-fix-event-queue-flush-for-qemu-shutdown.patch
Patch0567: hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch
Patch0568: hw-vfio-pci-quirks-Sanitize-capability-pointer.patch
Patch0569: vhost-user-fs-Back-up-vqs-before-cleaning-up-vhost_d.patch
Patch0570: migration-rdma-zore-out-head.repeat-to-make-the-erro.patch
Patch0571: thread-pool-optimize-scheduling-of-completion-bottom.patch
BuildRequires: flex
BuildRequires: gcc
@ -1145,6 +1156,19 @@ getent passwd qemu >/dev/null || \
%endif
%changelog
* Mon Oct 30 2023 <fengjiabo1@huawei.com> - 10:6.2.0-82
- thread-pool: optimize scheduling of completion bottom half
- migration/rdma: zore out head.repeat to make the error more clear
- vhost-user-fs: Back up vqs before cleaning up vhost_dev
- hw/vfio/pci-quirks: Sanitize capability pointer
- hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques
- replay: fix event queue flush for qemu shutdown
- hw/net: Fix read of uninitialized memory in ftgmac100
- target/ppc: Fix tlbie
- target/i386: fix INVD vmexit
- qtest/npcm7xx_pwm-test: Fix memory leak in mft_qom_set
- aio-posix: zero out io_uring sqe user_data
* Mon Oct 30 2023 <fengjiabo1@huawei.com> - 10:6.2.0-81
- hw/nvme: Avoid dynamic stack allocation
- ppc/vof: Fix missed fields in VOF cleanup

39
qtest-npcm7xx_pwm-test-Fix-memory-leak-in-mft_qom_se.patch Normal file
View File

@ -0,0 +1,39 @@
From b76d4a1a4d7d0635044cd8542564803318ac5412 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 26 Sep 2023 07:49:12 +0000
Subject: [PATCH] qtest/npcm7xx_pwm-test: Fix memory leak in mft_qom_set
mainline inclusion commit d412597ec5a8406b2af6aa5fb7740e77c1bd3f8c category:
bugfix
---------------------------------------------------------------
g_strdup_printf() allocated memory for path, we should free it with
g_free() when no longer needed.
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Message-Id: <20220531080921.4704-1-linmq006@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
tests/qtest/npcm7xx_pwm-test.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/qtest/npcm7xx_pwm-test.c b/tests/qtest/npcm7xx_pwm-test.c
index a54fd70d27..ddfc120df0 100644
--- a/tests/qtest/npcm7xx_pwm-test.c
+++ b/tests/qtest/npcm7xx_pwm-test.c
@@ -268,6 +268,9 @@ static void mft_qom_set(QTestState *qts, int index, const char *name,
path, name, value);
/* The qom set message returns successfully. */
g_assert_true(qdict_haskey(response, "return"));
+
+ qobject_unref(response);
+ g_free(path);
}
static uint32_t get_pll(uint32_t con)
--
2.41.0.windows.1

40
replay-fix-event-queue-flush-for-qemu-shutdown.patch Normal file
View File

@ -0,0 +1,40 @@
From d15694ef4ae7f7ebdbdac250a8a793ab66254655 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 26 Sep 2023 08:16:21 +0000
Subject: [PATCH] replay: fix event queue flush for qemu shutdown mainline
inclusion commit c4b8ffcbb8531206e12cf3ad92fa90f7c80ed464 category: bugfix
---------------------------------------------------------------
This patch fixes event queue flush in the case of emulator
shutdown. replay_finish_events should be called when replay_mode
is not cleared.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <165364836758.688121.7959245442743676491.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
replay/replay.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/replay/replay.c b/replay/replay.c
index 6df2abc18c..2d3607998a 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -387,9 +387,8 @@ void replay_finish(void)
g_free(replay_snapshot);
replay_snapshot = NULL;
- replay_mode = REPLAY_MODE_NONE;
-
replay_finish_events();
+ replay_mode = REPLAY_MODE_NONE;
}
void replay_add_blocker(Error *reason)
--
2.41.0.windows.1

34
target-i386-fix-INVD-vmexit.patch Normal file
View File

@ -0,0 +1,34 @@
From b17eea58c7497f96cb66d31b8c59fdcdb06b6c40 Mon Sep 17 00:00:00 2001
From: jipengfei_yewu <jipengfei_yewu@cmss.chinamobile.com>
Date: Sun, 24 Sep 2023 19:43:41 +0800
Subject: [PATCH] target/i386: fix INVD vmexit
Due to a typo or perhaps a brain fart, the INVD vmexit was never generated.
Fix it (but not that fixing just the typo would break both INVD and WBINVD,
due to a case of two wrongs making a right).
cheery-pick from 4d714d1a0bf1fca9576ee53a1a5dfa3fd5ddae99
Signed-off-by: jipengfei_yewu <jipengfei_yewu@cmss.chinamobile.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index e9e1451540..82f77b52fb 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -7773,7 +7773,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
case 0x108: /* invd */
case 0x109: /* wbinvd */
if (check_cpl0(s)) {
- gen_svm_check_intercept(s, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD);
+ gen_svm_check_intercept(s, (b & 1) ? SVM_EXIT_WBINVD : SVM_EXIT_INVD);
/* nothing to do */
}
break;
--
2.41.0.windows.1

47
target-ppc-Fix-tlbie.patch Normal file
View File

@ -0,0 +1,47 @@
From aba3dd63d054cd21054e295d5a9d493cb9d7a75f Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 26 Sep 2023 06:25:04 +0000
Subject: [PATCH] target/ppc: Fix tlbie mainline inclusion commit
4ddc104689b186c4e4ed30be59a54463501761cf category: bugfix
---------------------------------------------------------------
Commit 74c4912f097bab98 changed check_tlb_flush() to use
tlb_flush_all_cpus_synced() instead of calling tlb_flush() on each
CPU. However, as side effect of this, a CPU executing a ptesync
after a tlbie will have its TLB flushed only after exiting its
current Translation Block (TB).
This causes memory accesses to invalid pages to succeed, if they
happen to be on the same TB as the ptesync.
To fix this, use tlb_flush_all_cpus() instead, that immediately
flushes the TLB of the CPU executing the ptesync instruction.
Fixes: 74c4912f097bab98 ("target/ppc: Fix synchronization of mttcg with broadcast TLB flushes")
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220503163904.22575-1-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
target/ppc/helper_regs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 99562edd57..e97d25e9ab 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -288,7 +288,7 @@ void check_tlb_flush(CPUPPCState *env, bool global)
if (global && (env->tlb_need_flush & TLB_NEED_GLOBAL_FLUSH)) {
env->tlb_need_flush &= ~TLB_NEED_GLOBAL_FLUSH;
env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
- tlb_flush_all_cpus_synced(cs);
+ tlb_flush_all_cpus(cs);
return;
}
--
2.41.0.windows.1

45
thread-pool-optimize-scheduling-of-completion-bottom.patch Normal file
View File

@ -0,0 +1,45 @@
From c84bb01c0c56cadb70a95c874b32ed85b8177504 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 26 Sep 2023 06:41:50 +0000
Subject: [PATCH] thread-pool: optimize scheduling of completion bottom half
mainline inclusion commit 3c7b72ddca9ce85a9d1e8a98fd0996b74597b5ae category:
bugfix
---------------------------------------------------------------
The completion bottom half was scheduled within the pool->lock
critical section. That actually results in worse performance,
because the worker thread can run its own small critical section
and go to sleep before the bottom half starts running.
Note that this simple change does not produce an improvement without
changing the thread pool QemuSemaphore to a condition variable.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Nicolas Saenz Julienne <nsaenzju@redhat.com>
Message-Id: <20220514065012.1149539-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
util/thread-pool.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/util/thread-pool.c b/util/thread-pool.c
index d763cea505..7e9e2c178b 100644
--- a/util/thread-pool.c
+++ b/util/thread-pool.c
@@ -108,9 +108,8 @@ static void *worker_thread(void *opaque)
smp_wmb();
req->state = THREAD_DONE;
- qemu_mutex_lock(&pool->lock);
-
qemu_bh_schedule(pool->completion_bh);
+ qemu_mutex_lock(&pool->lock);
}
pool->cur_threads--;
--
2.41.0.windows.1

43
vhost-user-fs-Back-up-vqs-before-cleaning-up-vhost_d.patch Normal file
View File

@ -0,0 +1,43 @@
From d48beee81ba11b6bc5151f4f882a9fe2ff9b1d2c Mon Sep 17 00:00:00 2001
From: dinglimin_yewu <dinglimin_yewu@cmss.chinamobile.com>
Date: Thu, 28 Sep 2023 16:07:30 +0800
Subject: [PATCH] vhost-user-fs: Back up vqs before cleaning up vhost_dev
cheery-pick from 331acddc87b739c64b936ba4e58518f8491f1c6b
vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free the memory pointed by the member.
Fixes: 98fc1ada4c ("virtio: add vhost-user-fs base device")
Signed-off-by: Akihiko Odaki <akihiko.odaki at daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha at redhat.com>
Message-Id: <20230130140225.77964-1-akihiko.odaki at daynix.com>
Signed-off-by: dinglimin_yewu <dinglimin_yewu@cmss.chinamobile.com>
---
hw/virtio/vhost-user-fs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c
index c595957983..fc7dcc96ef 100644
--- a/hw/virtio/vhost-user-fs.c
+++ b/hw/virtio/vhost-user-fs.c
@@ -258,6 +258,7 @@ static void vuf_device_unrealize(DeviceState *dev)
{
VirtIODevice *vdev = VIRTIO_DEVICE(dev);
VHostUserFS *fs = VHOST_USER_FS(dev);
+ struct vhost_virtqueue *vhost_vqs = fs->vhost_dev.vqs;
int i;
/* This will stop vhost backend if appropriate. */
@@ -273,8 +274,7 @@ static void vuf_device_unrealize(DeviceState *dev)
}
g_free(fs->req_vqs);
virtio_cleanup(vdev);
- g_free(fs->vhost_dev.vqs);
- fs->vhost_dev.vqs = NULL;
+ g_free(vhost_vqs);
}
static const VMStateDescription vuf_vmstate = {
--
2.41.0.windows.1