diff --git a/aio-posix-zero-out-io_uring-sqe-user_data.patch b/aio-posix-zero-out-io_uring-sqe-user_data.patch new file mode 100644 index 0000000..5c03844 --- /dev/null +++ b/aio-posix-zero-out-io_uring-sqe-user_data.patch @@ -0,0 +1,44 @@ +From c670a3038a0b7dffda79672a63c84609459218c6 Mon Sep 17 00:00:00 2001 +From: qihao +Date: Tue, 12 Sep 2023 10:22:09 +0800 +Subject: [PATCH] aio-posix: zero out io_uring sqe user_data + +cheery-pick from 87ec6f55af38e29be5b2b65a8acf84da73e06d06 + +liburing does not clear sqe->user_data. We must do it ourselves to avoid +undefined behavior in process_cqe() when user_data is used. + +Note that fdmon-io_uring is currently disabled, so this is a latent bug +that does not affect users. Let's merge this fix now to make it easier +to enable fdmon-io_uring in the future (and I'm working on that). + +Signed-off-by: Stefan Hajnoczi +Message-ID: <20230426212639.82310-1-stefanha@redhat.com> +Signed-off-by: qihao_yewu +--- + util/fdmon-io_uring.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c +index ab43052dd7..35165bcb46 100644 +--- a/util/fdmon-io_uring.c ++++ b/util/fdmon-io_uring.c +@@ -184,6 +184,7 @@ static void add_poll_remove_sqe(AioContext *ctx, AioHandler *node) + #else + io_uring_prep_poll_remove(sqe, node); + #endif ++ io_uring_sqe_set_data(sqe, NULL); + } + + /* Add a timeout that self-cancels when another cqe becomes ready */ +@@ -197,6 +198,7 @@ static void add_timeout_sqe(AioContext *ctx, int64_t ns) + + sqe = get_sqe(ctx); + io_uring_prep_timeout(sqe, &ts, 1, 0); ++ io_uring_sqe_set_data(sqe, NULL); + } + + /* Add sqes from ctx->submit_list for submission */ +-- +2.41.0.windows.1 + diff --git a/hw-net-Fix-read-of-uninitialized-memory-in-ftgmac100.patch b/hw-net-Fix-read-of-uninitialized-memory-in-ftgmac100.patch new file mode 100644 index 0000000..55ad629 --- /dev/null +++ b/hw-net-Fix-read-of-uninitialized-memory-in-ftgmac100.patch @@ -0,0 +1,49 @@ +From 967c8f6e799756baf95c025ba8107206c3afd398 Mon Sep 17 00:00:00 2001 +From: dinglimin_yewu +Date: Thu, 28 Sep 2023 16:25:23 +0800 +Subject: [PATCH] hw/net: Fix read of uninitialized memory in ftgmac100 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from 036e98e5c2b4e25c8d6ccbddb85c7ab05a753f6a + +With the `size += 4` before the call to `crc32`, the CRC calculation +would overrun the buffer. Size is used in the while loop starting on +line 1009 to determine how much data to write back, with the last +four bytes coming from `crc_ptr`, so do need to increase it, but should +do this after the computation. + +I'm unsure why this use of uninitialized memory in the CRC doesn't +result in CRC errors, but it seems clear to me that it should not be +included in the calculation. + +Signed-off-by: Stephen Longfield +Reviewed-by: Hao Wu +Reviewed-by: Joel Stanley +Message-Id: <20221220221437.3303721-1-slongfield@google.com> +Signed-off-by: Cédric Le Goater +Signed-off-by: dinglimin_yewu +--- + hw/net/ftgmac100.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c +index 83ef0a783e..d3bf14be53 100644 +--- a/hw/net/ftgmac100.c ++++ b/hw/net/ftgmac100.c +@@ -980,9 +980,9 @@ static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf, + return size; + } + +- /* 4 bytes for the CRC. */ +- size += 4; + crc = cpu_to_be32(crc32(~0, buf, size)); ++ /* Increase size by 4, loop below reads the last 4 bytes from crc_ptr. */ ++ size += 4; + crc_ptr = (uint8_t *) &crc; + + /* Huge frames are truncated. */ +-- +2.41.0.windows.1 + diff --git a/hw-vfio-pci-quirks-Sanitize-capability-pointer.patch b/hw-vfio-pci-quirks-Sanitize-capability-pointer.patch new file mode 100644 index 0000000..c6c4808 --- /dev/null +++ b/hw-vfio-pci-quirks-Sanitize-capability-pointer.patch @@ -0,0 +1,60 @@ +From 193240c79f5c95aaf86b2998975189f1873ebcec Mon Sep 17 00:00:00 2001 +From: tangzhongrui +Date: Fri, 18 Aug 2023 14:41:45 +0800 +Subject: [PATCH] hw/vfio/pci-quirks: Sanitize capability pointer Coverity + reports a tained scalar when traversing the capabilities chain (CID 1516589). + In practice I've never seen a device with a chain so broken as to cause an + issue, but it's also pretty easy to sanitize. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: f6b30c1 ("hw/vfio/pci-quirks: Support alternate offset for +GPUDirect Cliques") +Signed-off-by: Alex Williamson +Reviewed-by: Cédric Le Goater +Signed-off-by: Cédric Le Goater + +Signed-off-by: Zhongrui Tang +--- + hw/vfio/pci-quirks.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c +index 7a8e6efcdc..a911e04a79 100644 +--- a/hw/vfio/pci-quirks.c ++++ b/hw/vfio/pci-quirks.c +@@ -1717,6 +1717,12 @@ const PropertyInfo qdev_prop_nv_gpudirect_clique = { + .set = set_nv_gpudirect_clique_id, + }; + ++static bool is_valid_std_cap_offset(uint8_t pos) ++{ ++ return (pos >= PCI_STD_HEADER_SIZEOF && ++ pos <= (PCI_CFG_SPACE_SIZE - PCI_CAP_SIZEOF)); ++} ++ + static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp) + { + PCIDevice *pdev = &vdev->pdev; +@@ -1750,7 +1756,7 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp) + */ + ret = pread(vdev->vbasedev.fd, &tmp, 1, + vdev->config_offset + PCI_CAPABILITY_LIST); +- if (ret != 1 || !tmp) { ++ if (ret != 1 || !is_valid_std_cap_offset(tmp)) { + error_setg(errp, "NVIDIA GPUDirect Clique ID: error getting cap list"); + return -EINVAL; + } +@@ -1762,7 +1768,7 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp) + d4_conflict = true; + } + tmp = pdev->config[tmp + PCI_CAP_LIST_NEXT]; +- } while (tmp); ++ } while (is_valid_std_cap_offset(tmp)); + + if (!c8_conflict) { + pos = 0xC8; +-- +2.41.0.windows.1 + diff --git a/hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch b/hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch new file mode 100644 index 0000000..7232ad3 --- /dev/null +++ b/hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch @@ -0,0 +1,95 @@ +From d672e2f137933b26bd9b3488a873830435eadba5 Mon Sep 17 00:00:00 2001 +From: tangzhongrui +Date: Thu, 3 Aug 2023 15:10:16 +0800 +Subject: [PATCH] hw/vfio/pci-quirks: Support alternate offset for GPUDirect + Cliques +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +NVIDIA Turing and newer GPUs implement the MSI-X capability at the offset +previously reserved for use by hypervisors to implement the GPUDirect +Cliques capability. A revised specification provides an alternate +location. Add a config space walk to the quirk to check for conflicts, +allowing us to fall back to the new location or generate an error at the +quirk setup rather than when the real conflicting capability is added +should there be no available location. + +Signed-off-by: Alex Williamson +Reviewed-by: Cédric Le Goater +Signed-off-by: Cédric Le Goater + +Signed-off-by: Zhongrui Tang +--- + hw/vfio/pci-quirks.c | 41 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 40 insertions(+), 1 deletion(-) + +diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c +index 1222ccff0b..7a8e6efcdc 100644 +--- a/hw/vfio/pci-quirks.c ++++ b/hw/vfio/pci-quirks.c +@@ -1677,6 +1677,9 @@ void vfio_setup_resetfn_quirk(VFIOPCIDevice *vdev) + * +---------------------------------+---------------------------------+ + * + * https://lists.gnu.org/archive/html/qemu-devel/2017-08/pdfUda5iEpgOS.pdf ++ * ++ * Specification for Turning and later GPU architectures: ++ * https://lists.gnu.org/archive/html/qemu-devel/2023-06/pdf142OR4O4c2.pdf + */ + static void get_nv_gpudirect_clique_id(Object *obj, Visitor *v, + const char *name, void *opaque, +@@ -1717,7 +1720,9 @@ const PropertyInfo qdev_prop_nv_gpudirect_clique = { + static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp) + { + PCIDevice *pdev = &vdev->pdev; +- int ret, pos = 0xC8; ++ int ret, pos; ++ bool c8_conflict = false, d4_conflict = false; ++ uint8_t tmp; + + if (vdev->nv_gpudirect_clique == 0xFF) { + return 0; +@@ -1734,6 +1739,40 @@ static int vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp) + return -EINVAL; + } + ++ /* ++ * Per the updated specification above, it's recommended to use offset ++ * D4h for Turing and later GPU architectures due to a conflict of the ++ * MSI-X capability at C8h. We don't know how to determine the GPU ++ * architecture, instead we walk the capability chain to mark conflicts ++ * and choose one or error based on the result. ++ * ++ * NB. Cap list head in pdev->config is already cleared, read from device. ++ */ ++ ret = pread(vdev->vbasedev.fd, &tmp, 1, ++ vdev->config_offset + PCI_CAPABILITY_LIST); ++ if (ret != 1 || !tmp) { ++ error_setg(errp, "NVIDIA GPUDirect Clique ID: error getting cap list"); ++ return -EINVAL; ++ } ++ ++ do { ++ if (tmp == 0xC8) { ++ c8_conflict = true; ++ } else if (tmp == 0xD4) { ++ d4_conflict = true; ++ } ++ tmp = pdev->config[tmp + PCI_CAP_LIST_NEXT]; ++ } while (tmp); ++ ++ if (!c8_conflict) { ++ pos = 0xC8; ++ } else if (!d4_conflict) { ++ pos = 0xD4; ++ } else { ++ error_setg(errp, "NVIDIA GPUDirect Clique ID: invalid config space"); ++ return -EINVAL; ++ } ++ + ret = pci_add_capability(pdev, PCI_CAP_ID_VNDR, pos, 8, errp); + if (ret < 0) { + error_prepend(errp, "Failed to add NVIDIA GPUDirect cap: "); +-- +2.41.0.windows.1 + diff --git a/migration-rdma-zore-out-head.repeat-to-make-the-erro.patch b/migration-rdma-zore-out-head.repeat-to-make-the-erro.patch new file mode 100644 index 0000000..b6a630a --- /dev/null +++ b/migration-rdma-zore-out-head.repeat-to-make-the-erro.patch @@ -0,0 +1,43 @@ +From e65dfad1fd7832fc206f3a22479169fcb4527317 Mon Sep 17 00:00:00 2001 +From: qihao +Date: Mon, 9 Oct 2023 18:11:54 +0800 +Subject: [PATCH] migration/rdma: zore out head.repeat to make the error more + clear + +cheery-pick from 2ada4b63f1764d13a2b9ca9cbeb5feda46ab6851 + +Previously, we got a confusion error that complains +the RDMAControlHeader.repeat: +qemu-system-x86_64: rdma: Too many requests in this message (3638950032).Bailing. + +Actually, it's caused by an unexpected RDMAControlHeader.type. +After this patch, error will become: +qemu-system-x86_64: Unknown control message QEMU FILE + +Reviewed-by: Fabiano Rosas +Reviewed-by: Peter Xu +Reviewed-by: Juan Quintela +Signed-off-by: Li Zhijian +Signed-off-by: Juan Quintela +Message-ID: <20230926100103.201564-2-lizhijian@fujitsu.com> +Signed-off-by: qihao_yewu +--- + migration/rdma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/migration/rdma.c b/migration/rdma.c +index f5d3bbe7e9..60c856dd2f 100644 +--- a/migration/rdma.c ++++ b/migration/rdma.c +@@ -2866,7 +2866,7 @@ static ssize_t qio_channel_rdma_writev(QIOChannel *ioc, + size_t remaining = iov[i].iov_len; + uint8_t * data = (void *)iov[i].iov_base; + while (remaining) { +- RDMAControlHeader head; ++ RDMAControlHeader head = {}; + + len = MIN(remaining, RDMA_SEND_INCREMENT); + remaining -= len; +-- +2.41.0.windows.1 + diff --git a/qemu.spec b/qemu.spec index 4d5d797..cfe6913 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 6.2.0 -Release: 81 +Release: 82 Epoch: 10 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -572,6 +572,17 @@ Patch0557: tests-qtest-pflash-Clean-up-local-variable-shadowing.patch Patch0558: ui-fix-crash-when-there-are-no-active_console.patch Patch0559: ppc-vof-Fix-missed-fields-in-VOF-cleanup.patch Patch0560: hw-nvme-Avoid-dynamic-stack-allocation.patch +Patch0561: aio-posix-zero-out-io_uring-sqe-user_data.patch +Patch0562: qtest-npcm7xx_pwm-test-Fix-memory-leak-in-mft_qom_se.patch +Patch0563: target-i386-fix-INVD-vmexit.patch +Patch0564: target-ppc-Fix-tlbie.patch +Patch0565: hw-net-Fix-read-of-uninitialized-memory-in-ftgmac100.patch +Patch0566: replay-fix-event-queue-flush-for-qemu-shutdown.patch +Patch0567: hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch +Patch0568: hw-vfio-pci-quirks-Sanitize-capability-pointer.patch +Patch0569: vhost-user-fs-Back-up-vqs-before-cleaning-up-vhost_d.patch +Patch0570: migration-rdma-zore-out-head.repeat-to-make-the-erro.patch +Patch0571: thread-pool-optimize-scheduling-of-completion-bottom.patch BuildRequires: flex BuildRequires: gcc @@ -1145,6 +1156,19 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Mon Oct 30 2023 - 10:6.2.0-82 +- thread-pool: optimize scheduling of completion bottom half +- migration/rdma: zore out head.repeat to make the error more clear +- vhost-user-fs: Back up vqs before cleaning up vhost_dev +- hw/vfio/pci-quirks: Sanitize capability pointer +- hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques +- replay: fix event queue flush for qemu shutdown +- hw/net: Fix read of uninitialized memory in ftgmac100 +- target/ppc: Fix tlbie +- target/i386: fix INVD vmexit +- qtest/npcm7xx_pwm-test: Fix memory leak in mft_qom_set +- aio-posix: zero out io_uring sqe user_data + * Mon Oct 30 2023 - 10:6.2.0-81 - hw/nvme: Avoid dynamic stack allocation - ppc/vof: Fix missed fields in VOF cleanup diff --git a/qtest-npcm7xx_pwm-test-Fix-memory-leak-in-mft_qom_se.patch b/qtest-npcm7xx_pwm-test-Fix-memory-leak-in-mft_qom_se.patch new file mode 100644 index 0000000..3da09c8 --- /dev/null +++ b/qtest-npcm7xx_pwm-test-Fix-memory-leak-in-mft_qom_se.patch @@ -0,0 +1,39 @@ +From b76d4a1a4d7d0635044cd8542564803318ac5412 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Tue, 26 Sep 2023 07:49:12 +0000 +Subject: [PATCH] qtest/npcm7xx_pwm-test: Fix memory leak in mft_qom_set + mainline inclusion commit d412597ec5a8406b2af6aa5fb7740e77c1bd3f8c category: + bugfix + +--------------------------------------------------------------- + +g_strdup_printf() allocated memory for path, we should free it with +g_free() when no longer needed. + +Signed-off-by: Miaoqian Lin +Reviewed-by: Hao Wu +Message-Id: <20220531080921.4704-1-linmq006@gmail.com> +Signed-off-by: Thomas Huth + +Signed-off-by: tangbinzy +--- + tests/qtest/npcm7xx_pwm-test.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/qtest/npcm7xx_pwm-test.c b/tests/qtest/npcm7xx_pwm-test.c +index a54fd70d27..ddfc120df0 100644 +--- a/tests/qtest/npcm7xx_pwm-test.c ++++ b/tests/qtest/npcm7xx_pwm-test.c +@@ -268,6 +268,9 @@ static void mft_qom_set(QTestState *qts, int index, const char *name, + path, name, value); + /* The qom set message returns successfully. */ + g_assert_true(qdict_haskey(response, "return")); ++ ++ qobject_unref(response); ++ g_free(path); + } + + static uint32_t get_pll(uint32_t con) +-- +2.41.0.windows.1 + diff --git a/replay-fix-event-queue-flush-for-qemu-shutdown.patch b/replay-fix-event-queue-flush-for-qemu-shutdown.patch new file mode 100644 index 0000000..0c129ee --- /dev/null +++ b/replay-fix-event-queue-flush-for-qemu-shutdown.patch @@ -0,0 +1,40 @@ +From d15694ef4ae7f7ebdbdac250a8a793ab66254655 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Tue, 26 Sep 2023 08:16:21 +0000 +Subject: [PATCH] replay: fix event queue flush for qemu shutdown mainline + inclusion commit c4b8ffcbb8531206e12cf3ad92fa90f7c80ed464 category: bugfix + +--------------------------------------------------------------- + +This patch fixes event queue flush in the case of emulator +shutdown. replay_finish_events should be called when replay_mode +is not cleared. + +Signed-off-by: Pavel Dovgalyuk +Reviewed-by: Richard Henderson +Message-Id: <165364836758.688121.7959245442743676491.stgit@pasha-ThinkPad-X280> +Signed-off-by: Paolo Bonzini + +Signed-off-by: tangbinzy +--- + replay/replay.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/replay/replay.c b/replay/replay.c +index 6df2abc18c..2d3607998a 100644 +--- a/replay/replay.c ++++ b/replay/replay.c +@@ -387,9 +387,8 @@ void replay_finish(void) + g_free(replay_snapshot); + replay_snapshot = NULL; + +- replay_mode = REPLAY_MODE_NONE; +- + replay_finish_events(); ++ replay_mode = REPLAY_MODE_NONE; + } + + void replay_add_blocker(Error *reason) +-- +2.41.0.windows.1 + diff --git a/target-i386-fix-INVD-vmexit.patch b/target-i386-fix-INVD-vmexit.patch new file mode 100644 index 0000000..2e9a160 --- /dev/null +++ b/target-i386-fix-INVD-vmexit.patch @@ -0,0 +1,34 @@ +From b17eea58c7497f96cb66d31b8c59fdcdb06b6c40 Mon Sep 17 00:00:00 2001 +From: jipengfei_yewu +Date: Sun, 24 Sep 2023 19:43:41 +0800 +Subject: [PATCH] target/i386: fix INVD vmexit + +Due to a typo or perhaps a brain fart, the INVD vmexit was never generated. +Fix it (but not that fixing just the typo would break both INVD and WBINVD, +due to a case of two wrongs making a right). + +cheery-pick from 4d714d1a0bf1fca9576ee53a1a5dfa3fd5ddae99 + +Signed-off-by: jipengfei_yewu +Reviewed-by: Richard Henderson +Signed-off-by: Paolo Bonzini +--- + target/i386/tcg/translate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c +index e9e1451540..82f77b52fb 100644 +--- a/target/i386/tcg/translate.c ++++ b/target/i386/tcg/translate.c +@@ -7773,7 +7773,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) + case 0x108: /* invd */ + case 0x109: /* wbinvd */ + if (check_cpl0(s)) { +- gen_svm_check_intercept(s, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD); ++ gen_svm_check_intercept(s, (b & 1) ? SVM_EXIT_WBINVD : SVM_EXIT_INVD); + /* nothing to do */ + } + break; +-- +2.41.0.windows.1 + diff --git a/target-ppc-Fix-tlbie.patch b/target-ppc-Fix-tlbie.patch new file mode 100644 index 0000000..63d3ebb --- /dev/null +++ b/target-ppc-Fix-tlbie.patch @@ -0,0 +1,47 @@ +From aba3dd63d054cd21054e295d5a9d493cb9d7a75f Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Tue, 26 Sep 2023 06:25:04 +0000 +Subject: [PATCH] target/ppc: Fix tlbie mainline inclusion commit + 4ddc104689b186c4e4ed30be59a54463501761cf category: bugfix + +--------------------------------------------------------------- + +Commit 74c4912f097bab98 changed check_tlb_flush() to use +tlb_flush_all_cpus_synced() instead of calling tlb_flush() on each +CPU. However, as side effect of this, a CPU executing a ptesync +after a tlbie will have its TLB flushed only after exiting its +current Translation Block (TB). + +This causes memory accesses to invalid pages to succeed, if they +happen to be on the same TB as the ptesync. + +To fix this, use tlb_flush_all_cpus() instead, that immediately +flushes the TLB of the CPU executing the ptesync instruction. + +Fixes: 74c4912f097bab98 ("target/ppc: Fix synchronization of mttcg with broadcast TLB flushes") +Signed-off-by: Leandro Lupori +Reviewed-by: Fabiano Rosas +Message-Id: <20220503163904.22575-1-leandro.lupori@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza + +Signed-off-by: tangbinzy +--- + target/ppc/helper_regs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c +index 99562edd57..e97d25e9ab 100644 +--- a/target/ppc/helper_regs.c ++++ b/target/ppc/helper_regs.c +@@ -288,7 +288,7 @@ void check_tlb_flush(CPUPPCState *env, bool global) + if (global && (env->tlb_need_flush & TLB_NEED_GLOBAL_FLUSH)) { + env->tlb_need_flush &= ~TLB_NEED_GLOBAL_FLUSH; + env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH; +- tlb_flush_all_cpus_synced(cs); ++ tlb_flush_all_cpus(cs); + return; + } + +-- +2.41.0.windows.1 + diff --git a/thread-pool-optimize-scheduling-of-completion-bottom.patch b/thread-pool-optimize-scheduling-of-completion-bottom.patch new file mode 100644 index 0000000..cd24a4e --- /dev/null +++ b/thread-pool-optimize-scheduling-of-completion-bottom.patch @@ -0,0 +1,45 @@ +From c84bb01c0c56cadb70a95c874b32ed85b8177504 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Tue, 26 Sep 2023 06:41:50 +0000 +Subject: [PATCH] thread-pool: optimize scheduling of completion bottom half + mainline inclusion commit 3c7b72ddca9ce85a9d1e8a98fd0996b74597b5ae category: + bugfix + +--------------------------------------------------------------- + +The completion bottom half was scheduled within the pool->lock +critical section. That actually results in worse performance, +because the worker thread can run its own small critical section +and go to sleep before the bottom half starts running. + +Note that this simple change does not produce an improvement without +changing the thread pool QemuSemaphore to a condition variable. + +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Nicolas Saenz Julienne +Message-Id: <20220514065012.1149539-2-pbonzini@redhat.com> +Signed-off-by: Paolo Bonzini + +Signed-off-by: tangbinzy +--- + util/thread-pool.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/util/thread-pool.c b/util/thread-pool.c +index d763cea505..7e9e2c178b 100644 +--- a/util/thread-pool.c ++++ b/util/thread-pool.c +@@ -108,9 +108,8 @@ static void *worker_thread(void *opaque) + smp_wmb(); + req->state = THREAD_DONE; + +- qemu_mutex_lock(&pool->lock); +- + qemu_bh_schedule(pool->completion_bh); ++ qemu_mutex_lock(&pool->lock); + } + + pool->cur_threads--; +-- +2.41.0.windows.1 + diff --git a/vhost-user-fs-Back-up-vqs-before-cleaning-up-vhost_d.patch b/vhost-user-fs-Back-up-vqs-before-cleaning-up-vhost_d.patch new file mode 100644 index 0000000..3d9f4c5 --- /dev/null +++ b/vhost-user-fs-Back-up-vqs-before-cleaning-up-vhost_d.patch @@ -0,0 +1,43 @@ +From d48beee81ba11b6bc5151f4f882a9fe2ff9b1d2c Mon Sep 17 00:00:00 2001 +From: dinglimin_yewu +Date: Thu, 28 Sep 2023 16:07:30 +0800 +Subject: [PATCH] vhost-user-fs: Back up vqs before cleaning up vhost_dev + +cheery-pick from 331acddc87b739c64b936ba4e58518f8491f1c6b + +vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free the memory pointed by the member. + +Fixes: 98fc1ada4c ("virtio: add vhost-user-fs base device") +Signed-off-by: Akihiko Odaki +Signed-off-by: Stefan Hajnoczi +Message-Id: <20230130140225.77964-1-akihiko.odaki at daynix.com> +Signed-off-by: dinglimin_yewu +--- + hw/virtio/vhost-user-fs.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c +index c595957983..fc7dcc96ef 100644 +--- a/hw/virtio/vhost-user-fs.c ++++ b/hw/virtio/vhost-user-fs.c +@@ -258,6 +258,7 @@ static void vuf_device_unrealize(DeviceState *dev) + { + VirtIODevice *vdev = VIRTIO_DEVICE(dev); + VHostUserFS *fs = VHOST_USER_FS(dev); ++ struct vhost_virtqueue *vhost_vqs = fs->vhost_dev.vqs; + int i; + + /* This will stop vhost backend if appropriate. */ +@@ -273,8 +274,7 @@ static void vuf_device_unrealize(DeviceState *dev) + } + g_free(fs->req_vqs); + virtio_cleanup(vdev); +- g_free(fs->vhost_dev.vqs); +- fs->vhost_dev.vqs = NULL; ++ g_free(vhost_vqs); + } + + static const VMStateDescription vuf_vmstate = { +-- +2.41.0.windows.1 +