packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!807 QEMU update to version 6.2.0-78(master)

Browse Source 
From: @JiaboFeng 
Reviewed-by: @aven6 
Signed-off-by: @aven6
This commit is contained in:
openeuler-ci-bot 2023-08-21 01:27:52 +00:00 committed by Gitee
commit 1b8f3dbd95
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
24 changed files with 7397 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
BinDir.tar.gz
View File

Binary file not shown.

49
Check-and-report-for-incomplete-global-option-format.patch Normal file
View File

@ -0,0 +1,49 @@
From c24b649580f7eeb656124fabe255760829d01408 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Wed, 26 Jul 2023 13:37:41 +0000
Subject: [PATCH] Check and report for incomplete 'global' option format
mainline inclusion commit 818e1636080768749dc826acd4825e71828ec7e6 category:
bugfix
---------------------------------------------------------------
Qemu might crash when provided incomplete '-global' option.
For example:
qemu-system-x86_64 -global driver=isa-fdc
qemu-system-x86_64: ../../devel/qemu/qapi/string-input-visitor.c:394:
string_input_visitor_new: Assertion `str' failed.
Aborted (core dumped)
Fixes: 3751d7c43f795b ("vl: allow full-blown QemuOpts syntax for -global")
Signed-off-by: Rohit Kumar <rohit.kumar3@nutanix.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/604
Message-Id: <20220216071508.412974-1-rohit.kumar3@nutanix.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
softmmu/qdev-monitor.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
index 4ca4e92ce2..14efb37014 100644
--- a/softmmu/qdev-monitor.c
+++ b/softmmu/qdev-monitor.c
@@ -1041,6 +1041,13 @@ int qemu_global_option(const char *str)
if (!opts) {
return -1;
}
+ if (!qemu_opt_get(opts, "driver")
+ || !qemu_opt_get(opts, "property")
+ || !qemu_opt_get(opts, "value")) {
+ error_report("options 'driver', 'property', and 'value'"
+ " are required");
+ return -1;
+ }
return 0;
}
--
2.41.0.windows.1

110
QGA-VSS-Add-wrapper-to-send-log-to-debugger-and-stde.patch Normal file
View File

@ -0,0 +1,110 @@
From a7d32227e6a7b3eff114135f68f980ac686f6b80 Mon Sep 17 00:00:00 2001
From: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
Date: Sun, 30 Jul 2023 23:14:18 -0700
Subject: [PATCH] QGA VSS: Add wrapper to send log to debugger and stderr
mainline inclusion commit 925d05d38a2bc76b5a49359370650a820bc891da category:
bugfix
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
qga/vss-win32/meson.build | 2 +-
qga/vss-win32/vss-debug.cpp | 39 +++++++++++++++++++++++++++++++++++++
qga/vss-win32/vss-debug.h | 25 ++++++++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 qga/vss-win32/vss-debug.cpp
create mode 100644 qga/vss-win32/vss-debug.h
diff --git a/qga/vss-win32/meson.build b/qga/vss-win32/meson.build
index 90825edef3..290796556c 100644
--- a/qga/vss-win32/meson.build
+++ b/qga/vss-win32/meson.build
@@ -3,7 +3,7 @@ if add_languages('cpp', required: false)
link_args = cc.get_supported_link_arguments(['-fstack-protector-all', '-fstack-protector-strong',
'-Wl,--add-stdcall-alias', '-Wl,--enable-stdcall-fixup'])
- qga_vss = shared_module('qga-vss', ['requester.cpp', 'provider.cpp', 'install.cpp'],
+ qga_vss = shared_module('qga-vss', ['requester.cpp', 'provider.cpp', 'install.cpp', 'vss-debug.cpp'],
name_prefix: '',
cpp_args: ['-Wno-unknown-pragmas', '-Wno-delete-non-virtual-dtor', '-Wno-non-virtual-dtor'],
link_args: link_args,
diff --git a/qga/vss-win32/vss-debug.cpp b/qga/vss-win32/vss-debug.cpp
new file mode 100644
index 0000000000..820b1c6667
--- /dev/null
+++ b/qga/vss-win32/vss-debug.cpp
@@ -0,0 +1,39 @@
+/*
+ * QEMU Guest Agent VSS debug declarations
+ *
+ * Copyright (C) 2023 Red Hat Inc
+ *
+ * Authors:
+ * Konstantin Kostiuk <kkostiuk@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "vss-debug.h"
+#include "vss-common.h"
+
+void qga_debug_internal(const char *funcname, const char *fmt, ...)
+{
+ char user_string[512] = {0};
+ char full_string[640] = {0};
+
+ va_list args;
+ va_start(args, fmt);
+ if (vsnprintf(user_string, _countof(user_string), fmt, args) <= 0) {
+ va_end(args);
+ return;
+ }
+
+ va_end(args);
+
+ if (snprintf(full_string, _countof(full_string),
+ QGA_PROVIDER_NAME "[%lu]: %s %s\n",
+ GetCurrentThreadId(), funcname, user_string) <= 0) {
+ return;
+ }
+
+ OutputDebugString(full_string);
+ fputs(full_string, stderr);
+}
diff --git a/qga/vss-win32/vss-debug.h b/qga/vss-win32/vss-debug.h
new file mode 100644
index 0000000000..7800457392
--- /dev/null
+++ b/qga/vss-win32/vss-debug.h
@@ -0,0 +1,25 @@
+/*
+ * QEMU Guest Agent VSS debug declarations
+ *
+ * Copyright (C) 2023 Red Hat Inc
+ *
+ * Authors:
+ * Konstantin Kostiuk <kkostiuk@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include <vss-handles.h>
+
+#ifndef VSS_DEBUG_H
+#define VSS_DEBUG_H
+
+void qga_debug_internal(const char *funcname, const char *fmt, ...) G_GNUC_PRINTF(2, 3);
+
+#define qga_debug(fmt, ...) qga_debug_internal(__func__, fmt, ## __VA_ARGS__)
+#define qga_debug_begin qga_debug("begin")
+#define qga_debug_end qga_debug("end")
+
+#endif
--
2.41.0.windows.1

46
block-Fix-misleading-hexadecimal-format.patch Normal file
View File

@ -0,0 +1,46 @@
From 23ba08631691242000e60f85a9d0a67a42dcca3b Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 4 Aug 2023 08:26:16 +0000
Subject: [PATCH] block: Fix misleading hexadecimal format mainline inclusion
commit 3f1db95917bf0b4accaf8f56d43f795fed1fb733 category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
"0x%u" format is very misleading, replace by "0x%x".
Found running:
$ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' block/
Inspired-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 20220323114718.58714-2-philippe.mathieu.daude@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
block/parallels-ext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/parallels-ext.c b/block/parallels-ext.c
index e0dd0975c6..b0e1c1aa47 100644
--- a/block/parallels-ext.c
+++ b/block/parallels-ext.c
@@ -260,7 +260,7 @@ static int parallels_parse_format_extension(BlockDriverState *bs,
break;
default:
- error_setg(errp, "Unknown feature: 0x%" PRIu64, fh.magic);
+ error_setg(errp, "Unknown feature: 0x%" PRIx64, fh.magic);
goto fail;
}
--
2.41.0.windows.1

100
block-nbd.c-Fixed-IO-request-coroutine-not-being-wak.patch Normal file
View File

@ -0,0 +1,100 @@
From 09f03d6bd8842b58e6a1e50cf9c44a788b8d2693 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 4 Aug 2023 07:40:46 +0000
Subject: [PATCH] block/nbd.c: Fixed IO request coroutine not being wakeup
when kill NBD server mainline inclusion commit
6690302b848e5b55e3e3da34f0ee7fd9f8602e23 category: bugfix
---------------------------------------------------------------
During the IO stress test, the IO request coroutine has a probability that is
can't be awakened when the NBD server is killed.
The GDB stack is as follows:
(gdb) bt
0 0x00007f2ff990cbf6 in __ppoll (fds=0x55575de85000, nfds=1, timeout=<optimized out>, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:44
1 0x000055575c302e7c in qemu_poll_ns (fds=0x55575de85000, nfds=1, timeout=599999603140) at ../util/qemu-timer.c:348
2 0x000055575c2d3c34 in fdmon_poll_wait (ctx=0x55575dc480f0, ready_list=0x7ffd9dd1dae0, timeout=599999603140) at ../util/fdmon-poll.c:80
3 0x000055575c2d350d in aio_poll (ctx=0x55575dc480f0, blocking=true) at ../util/aio-posix.c:655
4 0x000055575c16eabd in bdrv_do_drained_begin(bs=0x55575dee7fe0, recursive=false, parent=0x0, ignore_bds_parents=false, poll=true)at ../block/io.c:474
5 0x000055575c16eba6 in bdrv_drained_begin (bs=0x55575dee7fe0) at ../block/io.c:480
6 0x000055575c1aff33 in quorum_del_child (bs=0x55575dee7fe0, child=0x55575dcea690, errp=0x7ffd9dd1dd08) at ../block/quorum.c:1130
7 0x000055575c14239b in bdrv_del_child (parent_bs=0x55575dee7fe0, child=0x55575dcea690, errp=0x7ffd9dd1dd08) at ../block.c:7705
8 0x000055575c12da28 in qmp_x_blockdev_change(parent=0x55575df404c0 "colo-disk0", has_child=true, child=0x55575de867f0 "children.1", has_node=false, no de=0x0, errp=0x7ffd9dd1dd08) at ../blockdev.c:3676
9 0x000055575c258435 in qmp_marshal_x_blockdev_change (args=0x7f2fec008190, ret=0x7f2ff7b0bd98, errp=0x7f2ff7b0bd90) at qapi/qapi-commands-block-core.c :1675
10 0x000055575c2c6201 in do_qmp_dispatch_bh (opaque=0x7f2ff7b0be30) at ../qapi/qmp-dispatch.c:129
11 0x000055575c2ebb1c in aio_bh_call (bh=0x55575dc429c0) at ../util/async.c:141
12 0x000055575c2ebc2a in aio_bh_poll (ctx=0x55575dc480f0) at ../util/async.c:169
13 0x000055575c2d2d96 in aio_dispatch (ctx=0x55575dc480f0) at ../util/aio-posix.c:415
14 0x000055575c2ec07f in aio_ctx_dispatch (source=0x55575dc480f0, callback=0x0, user_data=0x0) at ../util/async.c:311
15 0x00007f2ff9e7cfbd in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
16 0x000055575c2fd581 in glib_pollfds_poll () at ../util/main-loop.c:232
17 0x000055575c2fd5ff in os_host_main_loop_wait (timeout=0) at ../util/main-loop.c:255
18 0x000055575c2fd710 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531
19 0x000055575bfa7588 in qemu_main_loop () at ../softmmu/runstate.c:726
20 0x000055575bbee57a in main (argc=60, argv=0x7ffd9dd1e0e8, envp=0x7ffd9dd1e2d0) at ../softmmu/main.c:50
(gdb) qemu coroutine 0x55575e16aac0
0 0x000055575c2ee7dc in qemu_coroutine_switch (from_=0x55575e16aac0, to_=0x7f2ff830fba0, action=COROUTINE_YIELD) at ../util/coroutine-ucontext.c:302
1 0x000055575c2fe2a9 in qemu_coroutine_yield () at ../util/qemu-coroutine.c:195
2 0x000055575c2fe93c in qemu_co_queue_wait_impl (queue=0x55575dc46170, lock=0x7f2b32ad9850) at ../util/qemu-coroutine-lock.c:56
3 0x000055575c17ddfb in nbd_co_send_request (bs=0x55575ebfaf20, request=0x7f2b32ad9920, qiov=0x55575dfc15d8) at ../block/nbd.c:478
4 0x000055575c17f931 in nbd_co_request (bs=0x55575ebfaf20, request=0x7f2b32ad9920, write_qiov=0x55575dfc15d8) at ../block/nbd.c:1182
5 0x000055575c17fe14 in nbd_client_co_pwritev (bs=0x55575ebfaf20, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, flags=0) at ../block/nbd.c:1284
6 0x000055575c170d25 in bdrv_driver_pwritev (bs=0x55575ebfaf20, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, qiov_offset=0, flags=0)
at ../block/io.c:1264
7 0x000055575c1733b4 in bdrv_aligned_pwritev
(child=0x55575dff6890, req=0x7f2b32ad9ad0, offset=403487858688, bytes=4538368, align=1, qiov=0x55575dfc15d8, qiov_offset=0, flags=0) at ../block/io.c:2126
8 0x000055575c173c67 in bdrv_co_pwritev_part (child=0x55575dff6890, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, qiov_offset=0, flags=0)
at ../block/io.c:2314
9 0x000055575c17391b in bdrv_co_pwritev (child=0x55575dff6890, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, flags=0) at ../block/io.c:2233
10 0x000055575c1ee506 in replication_co_writev (bs=0x55575e9824f0, sector_num=788062224, remaining_sectors=8864, qiov=0x55575dfc15d8, flags=0)
at ../block/replication.c:270
11 0x000055575c170eed in bdrv_driver_pwritev (bs=0x55575e9824f0, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, qiov_offset=0, flags=0)
at ../block/io.c:1297
12 0x000055575c1733b4 in bdrv_aligned_pwritev
(child=0x55575dcea690, req=0x7f2b32ad9e00, offset=403487858688, bytes=4538368, align=512, qiov=0x55575dfc15d8, qiov_offset=0, flags=0)
at ../block/io.c:2126
13 0x000055575c173c67 in bdrv_co_pwritev_part (child=0x55575dcea690, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, qiov_offset=0, flags=0)
at ../block/io.c:2314
14 0x000055575c17391b in bdrv_co_pwritev (child=0x55575dcea690, offset=403487858688, bytes=4538368, qiov=0x55575dfc15d8, flags=0) at ../block/io.c:2233
15 0x000055575c1aeffa in write_quorum_entry (opaque=0x7f2fddaf8c50) at ../block/quorum.c:699
16 0x000055575c2ee4db in coroutine_trampoline (i0=1578543808, i1=21847) at ../util/coroutine-ucontext.c:173
17 0x00007f2ff9855660 in __start_context () at ../sysdeps/unix/sysv/linux/x86_64/__start_context.S:91
When we do failover in COLO mode, QEMU will hang while it is waiting for
the in-flight IO. From the call trace, we can see the IO request coroutine
has yielded in nbd_co_send_request(). When we kill the NBD server, it will never
be wake up. Actually, when we do IO stress test, it will have a lot of
requests in free_sema queue. When the NBD server is killed, current
MAX_NBD_REQUESTS finishes with errors but they wake up at most
MAX_NBD_REQEUSTS from the queue. So, let's move qemu_co_queue_next out
to fix this issue.
Signed-off-by: Lei Rao <lei.rao@intel.com>
Message-Id: <20220309074844.275450-1-lei.rao@intel.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
block/nbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/nbd.c b/block/nbd.c
index 5853d85d60..33adfddc41 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -529,8 +529,8 @@ err:
if (i != -1) {
s->requests[i].coroutine = NULL;
s->in_flight--;
- qemu_co_queue_next(&s->free_sema);
}
+ qemu_co_queue_next(&s->free_sema);
}
qemu_co_mutex_unlock(&s->send_mutex);
return rc;
--
2.41.0.windows.1

58
block-nfs-Fix-32-bit-Windows-build.patch Normal file
View File

@ -0,0 +1,58 @@
From 5969f357385914e29a847c030d195cb8476f38c4 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Thu, 3 Aug 2023 19:19:26 +0800
Subject: [PATCH] block/nfs: Fix 32-bit Windows build
cheery-pick from 588fec8a4c3fe9e0d1cb3f7ea6fdd46221e42814
libnfs.h declares nfs_fstat() as the following for win32:
int nfs_fstat(struct nfs_context *nfs, struct nfsfh *nfsfh,
struct __stat64 *st);
The 'st' parameter should be of type 'struct __stat64'. The
codes happen to build successfully for 64-bit Windows, but it
does not build for 32-bit Windows.
Fixes: 6542aa9c75bc ("block: add native support for NFS")
Fixes: 18a8056e0bc7 ("block/nfs: cache allocated filesize for read-only files")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20220908132817.1831008-6-bmeng.cn@gmail.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
block/nfs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/block/nfs.c b/block/nfs.c
index 577aea1d22..56b25829cf 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -418,7 +418,11 @@ static int64_t nfs_client_open(NFSClient *client, BlockdevOptionsNfs *opts,
int flags, int open_flags, Error **errp)
{
int64_t ret = -EINVAL;
+#ifdef _WIN32
+ struct __stat64 st;
+#else
struct stat st;
+#endif
char *file = NULL, *strp = NULL;
qemu_mutex_init(&client->mutex);
@@ -781,7 +785,11 @@ static int nfs_reopen_prepare(BDRVReopenState *state,
BlockReopenQueue *queue, Error **errp)
{
NFSClient *client = state->bs->opaque;
+#ifdef _WIN32
+ struct __stat64 st;
+#else
struct stat st;
+#endif
int ret = 0;
if (state->flags & BDRV_O_RDWR && bdrv_is_read_only(state->bs)) {
--
2.41.0.windows.1

76
block-rbd-fix-write-zeroes-with-growing-images.patch Normal file
View File

@ -0,0 +1,76 @@
From c0caaf3367912df00107e6cd49809a48ccc566fb Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 4 Aug 2023 08:03:35 +0000
Subject: [PATCH] block/rbd: fix write zeroes with growing images mainline
inclusion commit cc5387a544325c26dcf124ac7d3999389c24e5c6 category: bugfix
---------------------------------------------------------------
Commit d24f80234b ("block/rbd: increase dynamically the image size")
added a workaround to support growing images (eg. qcow2), resizing
the image before write operations that exceed the current size.
We recently added support for write zeroes and without the
workaround we can have problems with qcow2.
So let's move the resize into qemu_rbd_start_co() and do it when
the command is RBD_AIO_WRITE or RBD_AIO_WRITE_ZEROES.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2020993
Fixes: c56ac27d2a ("block/rbd: add write zeroes support")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20220317162638.41192-1-sgarzare@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
block/rbd.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index 92dfb6083b..ccb14efd55 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1107,6 +1107,20 @@ static int coroutine_fn qemu_rbd_start_co(BlockDriverState *bs,
assert(!qiov || qiov->size == bytes);
+ if (cmd == RBD_AIO_WRITE || cmd == RBD_AIO_WRITE_ZEROES) {
+ /*
+ * RBD APIs don't allow us to write more than actual size, so in order
+ * to support growing images, we resize the image before write
+ * operations that exceed the current size.
+ */
+ if (offset + bytes > s->image_size) {
+ int r = qemu_rbd_resize(bs, offset + bytes);
+ if (r < 0) {
+ return r;
+ }
+ }
+ }
+
r = rbd_aio_create_completion(&task,
(rbd_callback_t) qemu_rbd_completion_cb, &c);
if (r < 0) {
@@ -1182,18 +1196,6 @@ coroutine_fn qemu_rbd_co_pwritev(BlockDriverState *bs, int64_t offset,
int64_t bytes, QEMUIOVector *qiov,
BdrvRequestFlags flags)
{
- BDRVRBDState *s = bs->opaque;
- /*
- * RBD APIs don't allow us to write more than actual size, so in order
- * to support growing images, we resize the image before write
- * operations that exceed the current size.
- */
- if (offset + bytes > s->image_size) {
- int r = qemu_rbd_resize(bs, offset + bytes);
- if (r < 0) {
- return r;
- }
- }
return qemu_rbd_start_co(bs, offset, bytes, qiov, flags, RBD_AIO_WRITE);
}
--
2.41.0.windows.1

75
chardev-char-socket-set-s-listener-NULL-in-char_sock.patch Normal file
View File

@ -0,0 +1,75 @@
From 936bf87a5acca3414625768c351fcc4e378fa30d Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Mon, 8 May 2023 00:24:18 -0700
Subject: [PATCH] chardev/char-socket: set s->listener = NULL in
char_socket_finalize
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cherry picked from commit b8a7f51f59e28d5a8e0c07ed3919cc9695560ed2
After live migration with virtio block device, qemu crash at:
#0 0x000055914f46f795 in object_dynamic_cast_assert (obj=0x559151b7b090, typename=0x55914f80fbc4 "qio-channel", file=0x55914f80fb90 "/images/testvfe/sw/qemu.gerrit/include/io/channel.h", line=30, func=0x55914f80fcb8 <__func__.17257> "QIO_CHANNEL") at ../qom/object.c:872
#1 0x000055914f480d68 in QIO_CHANNEL (obj=0x559151b7b090) at /images/testvfe/sw/qemu.gerrit/include/io/channel.h:29
#2 0x000055914f4812f8 in qio_net_listener_set_client_func_full (listener=0x559151b7a720, func=0x55914f580b97 <tcp_chr_accept>, data=0x5591519f4ea0, notify=0x0, context=0x0) at ../io/net-listener.c:166
#3 0x000055914f580059 in tcp_chr_update_read_handler (chr=0x5591519f4ea0) at ../chardev/char-socket.c:637
#4 0x000055914f583dca in qemu_chr_be_update_read_handlers (s=0x5591519f4ea0, context=0x0) at ../chardev/char.c:226
#5 0x000055914f57b7c9 in qemu_chr_fe_set_handlers_full (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false, sync_state=true) at ../chardev/char-fe.c:279
#6 0x000055914f57b86d in qemu_chr_fe_set_handlers (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false) at ../chardev/char-fe.c:304
#7 0x000055914f378caf in vhost_user_async_close (d=0x559152bf21a0, chardev=0x559152bf23a0, vhost=0x559152bf2420, cb=0x55914f2fb8c1 <vhost_user_blk_disconnect>) at ../hw/virtio/vhost-user.c:2725
#8 0x000055914f2fba40 in vhost_user_blk_event (opaque=0x559152bf21a0, event=CHR_EVENT_CLOSED) at ../hw/block/vhost-user-blk.c:395
#9 0x000055914f58388c in chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:61
#10 0x000055914f583905 in qemu_chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:81
#11 0x000055914f581275 in char_socket_finalize (obj=0x5591519f4ea0) at ../chardev/char-socket.c:1083
#12 0x000055914f46f073 in object_deinit (obj=0x5591519f4ea0, type=0x5591519055c0) at ../qom/object.c:680
#13 0x000055914f46f0e5 in object_finalize (data=0x5591519f4ea0) at ../qom/object.c:694
#14 0x000055914f46ff06 in object_unref (objptr=0x5591519f4ea0) at ../qom/object.c:1202
#15 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b76c50, name=0x559151b7b250 "char3", opaque=0x5591519f4ea0) at ../qom/object.c:1747
#16 0x000055914f46ee86 in object_property_del_all (obj=0x559151b76c50) at ../qom/object.c:632
#17 0x000055914f46f0d2 in object_finalize (data=0x559151b76c50) at ../qom/object.c:693
#18 0x000055914f46ff06 in object_unref (objptr=0x559151b76c50) at ../qom/object.c:1202
#19 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b6b560, name=0x559151b76630 "chardevs", opaque=0x559151b76c50) at ../qom/object.c:1747
#20 0x000055914f46ef67 in object_property_del_child (obj=0x559151b6b560, child=0x559151b76c50) at ../qom/object.c:654
#21 0x000055914f46f042 in object_unparent (obj=0x559151b76c50) at ../qom/object.c:673
#22 0x000055914f58632a in qemu_chr_cleanup () at ../chardev/char.c:1189
#23 0x000055914f16c66c in qemu_cleanup () at ../softmmu/runstate.c:830
#24 0x000055914eee7b9e in qemu_default_main () at ../softmmu/main.c:38
#25 0x000055914eee7bcc in main (argc=86, argv=0x7ffc97cb8d88) at ../softmmu/main.c:48
In char_socket_finalize after s->listener freed, event callback function
vhost_user_blk_event will be called to handle CHR_EVENT_CLOSED.
vhost_user_blk_event is calling qio_net_listener_set_client_func_full which
is still using s->listener.
Setting s->listener = NULL after object_unref(OBJECT(s->listener)) can
solve this issue.
Signed-off-by: Yajun Wu <yajunw@nvidia.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Message-Id: <20230214021430.3638579-1-yajunw@nvidia.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
chardev/char-socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 57ae53304a..459b9b72bd 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -1142,6 +1142,7 @@ static void char_socket_finalize(Object *obj)
qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
NULL, chr->gcontext);
object_unref(OBJECT(s->listener));
+ s->listener = NULL;
}
if (s->tls_creds) {
object_unref(OBJECT(s->tls_creds));
--
2.41.0.windows.1

37
disas-riscv-Fix-ctzw-disassemble.patch Normal file
View File

@ -0,0 +1,37 @@
From 6872e7bf919dd5f2852c07850899cdb510eccfdf Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Tue, 1 Aug 2023 23:46:43 -0700
Subject: [PATCH] disas/riscv Fix ctzw disassemble
cherry picked from commit 270629024df1f9f4e704ce8325f958858c5cbff7
Due to typo in opcode list, ctzw is disassembled as clzw instruction.
Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Fixes: 02c1b569a15b ("disas/riscv: Add Zb[abcs] instructions")
Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20230217151459.54649-1-ivan.klokov@syntacore.com>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
disas/riscv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas/riscv.c
index 793ad14c27..6768ec8188 100644
--- a/disas/riscv.c
+++ b/disas/riscv.c
@@ -1189,7 +1189,7 @@ const rv_opcode_data opcode_data[] = {
{ "max", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, 0, 0, 0 },
{ "maxu", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, 0, 0, 0 },
{ "clzw", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 },
- { "clzw", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 },
+ { "ctzw", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 },
{ "cpopw", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 },
{ "slli.uw", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, 0, 0, 0 },
{ "add.uw", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, 0, 0, 0 },
--
2.41.0.windows.1

40
docs-about-build-platforms-Refine-the-distro-support.patch Normal file
View File

@ -0,0 +1,40 @@
From 97db7448bb28e42fae5acb3eb556cfa03a11e0a8 Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Wed, 2 Aug 2023 00:02:08 -0700
Subject: [PATCH] docs/about/build-platforms: Refine the distro support policy
cherry picked from commit 270629024df1f9f4e704ce8325f958858c5cbff7
For long-term distributions that release a new version only very
seldom, we limit the support to five years after the initial release.
Otherwise, we might need to support distros like openSUSE 15 for
up to 7 or even more years in total due to our "two more years
after the next major release" rule, which is just way too much to
handle in a project like QEMU that only has limited human resources.
Message-Id: <20230223193257.1068205-1-thuth@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
docs/about/build-platforms.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/about/build-platforms.rst b/docs/about/build-platforms.rst
index c29a4b8fe6..d893a2be1c 100644
--- a/docs/about/build-platforms.rst
+++ b/docs/about/build-platforms.rst
@@ -67,7 +67,8 @@ Non-supported architectures may be removed in the future following the
Linux OS, macOS, FreeBSD, NetBSD, OpenBSD
-----------------------------------------
-The project aims to support the most recent major version at all times. Support
+The project aims to support the most recent major version at all times for
+up to five years after its initial release. Support
for the previous major version will be dropped 2 years after the new major
version is released or when the vendor itself drops support, whichever comes
first. In this context, third-party efforts to extend the lifetime of a distro
--
2.41.0.windows.1

45
hw-xen-xen_pt-fix-uninitialized-variable.patch Normal file
View File

@ -0,0 +1,45 @@
From 26bc780b9357bc50131242915175cf1db8c82b0e Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Tue, 1 Aug 2023 23:30:04 -0700
Subject: [PATCH] hw/xen/xen_pt: fix uninitialized variable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cherry picked from commit 3856734d80fbf46683e4080117ed961f5ab1300b
xen_pt_config_reg_init() reads only that many bytes as the size of the
register that is being initialized. It uses
xen_host_pci_get_{byte,word,long} and casts its last argument to
expected pointer type. This means for smaller registers higher bits of
'val' are not initialized. Then, the function fails if any of those
higher bits are set.
Fix this by initializing 'val' with zero.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <20230127050815.4155276-1-marmarek@invisiblethingslab.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
hw/xen/xen_pt_config_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index c5c4e943a8..e7bcbe4c4f 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -1924,7 +1924,7 @@ static void xen_pt_config_reg_init(XenPCIPassthroughState *s,
if (reg->init) {
uint32_t host_mask, size_mask;
unsigned int offset;
- uint32_t val;
+ uint32_t val = 0;
/* initialize emulate register */
rc = reg->init(s, reg_entry->reg,
--
2.41.0.windows.1

50
migration-ram-Fix-error-handling-in-ram_write_tracki.patch Normal file
View File

@ -0,0 +1,50 @@
From 93fc70a80b9734301472bb827cf3685366bfeb19 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Fri, 28 Jul 2023 10:39:55 +0800
Subject: [PATCH] migration/ram: Fix error handling in
ram_write_tracking_start()
cherry picked from commit 72ef3a370836aa07261ad7aaeea27ed5cbcee342
If something goes wrong during uffd_change_protection(), we would miss
to unregister uffd-wp and not release our reference. Fix it by
performing the uffd_change_protection(true) last.
Note that a uffd_change_protection(false) on the recovery path without a
prior uffd_change_protection(false) is fine.
Fixes: 278e2f551a09 ("migration: support UFFD write fault processing in ram_save_iterate()")
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
migration/ram.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/migration/ram.c b/migration/ram.c
index 12b8c653d8..f422fd0bc2 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2140,13 +2140,14 @@ int ram_write_tracking_start(void)
block->max_length, UFFDIO_REGISTER_MODE_WP, NULL)) {
goto fail;
}
+ block->flags |= RAM_UF_WRITEPROTECT;
+ memory_region_ref(block->mr);
+
/* Apply UFFD write protection to the block memory range */
if (uffd_change_protection(rs->uffdio_fd, block->host,
block->max_length, true, false)) {
goto fail;
}
- block->flags |= RAM_UF_WRITEPROTECT;
- memory_region_ref(block->mr);
trace_ram_write_tracking_ramblock_start(block->idstr, block->page_size,
block->host, block->max_length);
--
2.41.0.windows.1

46
migration-ram-Fix-populate_read_range.patch Normal file
View File

@ -0,0 +1,46 @@
From 069ad2e6d5ce48c96519ff55ace2ca2bcdac94d5 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Thu, 27 Jul 2023 13:26:21 +0800
Subject: [PATCH] migration/ram: Fix populate_read_range()
cheery-pick from 5f19a4491941fdc5c5b50ce4ade6ffffe0f591b4
Unfortunately, commit f7b9dcfbcf44 broke populate_read_range(): the loop
end condition is very wrong, resulting in that function not populating the
full range. Lets' fix that.
Fixes: f7b9dcfbcf44 ("migration/ram: Factor out populating pages readable in ram_block_populate_pages()")
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
migration/ram.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/migration/ram.c b/migration/ram.c
index 12b8c653d8..444b6a7aa2 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2020,13 +2020,15 @@ out:
static inline void populate_read_range(RAMBlock *block, ram_addr_t offset,
ram_addr_t size)
{
+ const ram_addr_t end = offset + size;
+
/*
* We read one byte of each page; this will preallocate page tables if
* required and populate the shared zeropage on MAP_PRIVATE anonymous memory
* where no page was populated yet. This might require adaption when
* supporting other mappings, like shmem.
*/
- for (; offset < size; offset += block->page_size) {
+ for (; offset < end; offset += block->page_size) {
char tmp = *((char *)block->host + offset);
/* Don't optimize the read out */
--
2.41.0.windows.1

77
qapi-block-Tidy-up-block-latency-histogram-set-docum.patch Normal file
View File

@ -0,0 +1,77 @@
From 880364a83e4c7a7e379136056d63346cbdd7c2f0 Mon Sep 17 00:00:00 2001
From: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
Date: Sun, 30 Jul 2023 18:58:08 -0700
Subject: [PATCH] qapi/block: Tidy up block-latency-histogram-set documentation
mainline inclusion commit e893b9e3b3a6029384253f768cdc06969732e517 category:
bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
Examples come out like
Example
set new histograms for all io types with intervals [0, 10), [10,
50), [50, 100), [100, +inf):
The sentence "set new histograms ..." starts with a lower case letter.
Capitalize it. Same for the other examples.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20230720071610.1096458-3-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
qapi/block.json | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/qapi/block.json b/qapi/block.json
index 82fcf2c914..71136db777 100644
--- a/qapi/block.json
+++ b/qapi/block.json
@@ -529,7 +529,8 @@
# Since: 4.0
#
# Example:
-# set new histograms for all io types with intervals
+
+# Set new histograms for all io types with intervals
# [0, 10), [10, 50), [50, 100), [100, +inf):
#
# -> { "execute": "block-latency-histogram-set",
@@ -538,7 +539,8 @@
# <- { "return": {} }
#
# Example:
-# set new histogram only for write, other histograms will remain
+
+# Set new histogram only for write, other histograms will remain
# not changed (or not created):
#
# -> { "execute": "block-latency-histogram-set",
@@ -547,7 +549,8 @@
# <- { "return": {} }
#
# Example:
-# set new histograms with the following intervals:
+
+# Set new histograms with the following intervals:
# read, flush: [0, 10), [10, 50), [50, 100), [100, +inf)
# write: [0, 1000), [1000, 5000), [5000, +inf)
#
@@ -558,7 +561,8 @@
# <- { "return": {} }
#
# Example:
-# remove all latency histograms:
+
+# Remove all latency histograms:
#
# -> { "execute": "block-latency-histogram-set",
# "arguments": { "id": "drive0" } }
--
2.41.0.windows.1

66
qapi-qdev-Tidy-up-device_add-documentation.patch Normal file
View File

@ -0,0 +1,66 @@
From 32b601ed22d154e9423911b27541b35aa12d18bb Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Thu, 20 Jul 2023 09:16:06 +0200
Subject: [PATCH] qapi/qdev: Tidy up device_add documentation mainline
inclusion commit a9c72efd6d6d62ac84ae57ca55606747e04e8ba7 category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-------------------------------------------------------------------
The notes section comes out like this:
Notes
Additional arguments depend on the type.
1. For detailed information about this command, please refer to the
docs/qdev-device-use.txt file.
2. Its possible to list device properties by running QEMU with the
“-device DEVICE,help” command-line argument, where DEVICE is the
devices name
The first item isn't numbered. Fix that:
1. Additional arguments depend on the type.
2. For detailed information about this command, please refer to the
docs/qdev-device-use.txt file.
3. Its possible to list device properties by running QEMU with the
“-device DEVICE,help” command-line argument, where DEVICE is the
devices name
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20230720071610.1096458-4-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
qapi/qdev.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/qapi/qdev.json b/qapi/qdev.json
index 69656b14df..ca96a0c6eb 100644
--- a/qapi/qdev.json
+++ b/qapi/qdev.json
@@ -47,12 +47,12 @@
#
# Notes:
#
-# Additional arguments depend on the type.
+# 1. Additional arguments depend on the type.
#
-# 1. For detailed information about this command, please refer to the
+# 2. For detailed information about this command, please refer to the
# 'docs/qdev-device-use.txt' file.
#
-# 2. It's possible to list device properties by running QEMU with the
+# 3. It's possible to list device properties by running QEMU with the
# "-device DEVICE,help" command-line argument, where DEVICE is the
# device's name
#
--
2.41.0.windows.1

43
qapi-support-updating-expected-test-output-via-make.patch Normal file
View File

@ -0,0 +1,43 @@
From fb63e3343eaaf1d5aaf0a28e2f3ed2248a11e86a Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Mon, 7 Aug 2023 00:28:14 -0700
Subject: [PATCH] qapi: support updating expected test output via make
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cherry picked from commit 7ce54db23048bfcc3ea6821525bf333b715c7655
It is possible to pass --update to tests/qapi-schema/test-qapi.py
to make it update the output files on error. This is inconvenient
to achieve though when test-qapi.py is run indirectly by make/meson.
Instead simply allow for an env variable to be set:
$ QAPI_TEST_UPDATE= make check-qapi-schema
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230420102619.348173-2-berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
tests/qapi-schema/test-qapi.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qapi-schema/test-qapi.py b/tests/qapi-schema/test-qapi.py
index 2160cef082..d58c31f539 100755
--- a/tests/qapi-schema/test-qapi.py
+++ b/tests/qapi-schema/test-qapi.py
@@ -206,6 +206,7 @@ def main(argv):
parser.add_argument('-d', '--dir', action='store', default='',
help="directory containing tests")
parser.add_argument('-u', '--update', action='store_true',
+ default='QAPI_TEST_UPDATE' in os.environ,
help="update expected test results")
parser.add_argument('tests', nargs='*', metavar='TEST', action='store')
args = parser.parse_args()
--
2.41.0.windows.1

48
qemu.spec
View File

@ -3,7 +3,7 @@
Name: qemu Name: qemu
Version: 6.2.0 Version: 6.2.0
Release: 77 Release: 78
Epoch: 10 Epoch: 10
Summary: QEMU is a generic and open source machine emulator and virtualizer Summary: QEMU is a generic and open source machine emulator and virtualizer
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -531,6 +531,28 @@ Patch0516: ide-Increment-BB-in-flight-counter-for-TRIM-BH.patch
Patch0517: qga-win32-Remove-change-action-from-MSI-installer.patch Patch0517: qga-win32-Remove-change-action-from-MSI-installer.patch
Patch0518: qga-win32-Use-rundll-for-VSS-installation.patch Patch0518: qga-win32-Use-rundll-for-VSS-installation.patch
Patch0519: test-vmstate-fix-bad-GTree-usage-use-after-free.patch Patch0519: test-vmstate-fix-bad-GTree-usage-use-after-free.patch
Patch0520: Check-and-report-for-incomplete-global-option-format.patch
Patch0521: migration-ram-Fix-populate_read_range.patch
Patch0522: vfio-Fix-vfio_get_dev_region-trace-event.patch
Patch0523: disas-riscv-Fix-ctzw-disassemble.patch
Patch0524: qapi-block-Tidy-up-block-latency-histogram-set-docum.patch
Patch0525: chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
Patch0526: QGA-VSS-Add-wrapper-to-send-log-to-debugger-and-stde.patch
Patch0527: xen-block-Avoid-leaks-on-new-error-path.patch
Patch0528: docs-about-build-platforms-Refine-the-distro-support.patch
Patch0529: migration-ram-Fix-error-handling-in-ram_write_tracki.patch
Patch0530: hw-xen-xen_pt-fix-uninitialized-variable.patch
Patch0531: qapi-qdev-Tidy-up-device_add-documentation.patch
Patch0532: block-nfs-Fix-32-bit-Windows-build.patch
Patch0533: block-nbd.c-Fixed-IO-request-coroutine-not-being-wak.patch
Patch0534: block-rbd-fix-write-zeroes-with-growing-images.patch
Patch0535: block-Fix-misleading-hexadecimal-format.patch
Patch0536: qapi-support-updating-expected-test-output-via-make.patch
Patch0537: tests-vhost-user-test-release-mutex-on-protocol-viol.patch
Patch0538: qga-Fix-suspend-on-Linux-guests-without-systemd.patch
Patch0539: vhost-vdpa-do-not-cleanup-the-vdpa-vhost-net-structu.patch
Patch0540: virtio-crypto-verify-src-dst-buffer-length-for-sym-r.patch
Patch0541: sw_64-Added-sw64-architecture-related-updates.patch
BuildRequires: flex BuildRequires: flex
BuildRequires: gcc BuildRequires: gcc
@ -1104,6 +1126,30 @@ getent passwd qemu >/dev/null || \
%endif %endif
%changelog %changelog
* Tue Aug 15 2023 <fengjiabo1@huawei.com> - 10:6.2.0-78
- sw_64: Added sw64 architecture related updates
- virtio-crypto: verify src&dst buffer length for sym request
- vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
- qga: Fix suspend on Linux guests without systemd
- tests: vhost-user-test: release mutex on protocol violation
- qapi: support updating expected test output via make
- block: Fix misleading hexadecimal format
- block/rbd: fix write zeroes with growing images
- block/nbd.c: Fixed IO request coroutine not being wakeup when kill NBD server
- block/nfs: Fix 32-bit Windows build
- qapi/qdev: Tidy up device_add documentation
- hw/xen/xen_pt: fix uninitialized variable
- migration/ram: Fix error handling in ram_write_tracking_start()
- docs/about/build-platforms: Refine the distro support policy
- xen-block: Avoid leaks on new error path
- QGA VSS: Add wrapper to send log to debugger and stderr
- chardev/char-socket: set s->listener = NULL in char_socket_finalize
- qapi/block: Tidy up block-latency-histogram-set documentation
- disas/riscv Fix ctzw disassemble
- vfio: Fix vfio_get_dev_region() trace event
- migration/ram: Fix populate_read_range()
- Check and report for incomplete 'global' option format
* Mon Aug 7 2023 <fengjiabo1@huawei.com> - 10:6.2.0-77 * Mon Aug 7 2023 <fengjiabo1@huawei.com> - 10:6.2.0-77
- test-vmstate: fix bad GTree usage, use-after-free - test-vmstate: fix bad GTree usage, use-after-free

57
qga-Fix-suspend-on-Linux-guests-without-systemd.patch Normal file
View File

@ -0,0 +1,57 @@
From 9f4819201fb35b419ea21d37755c4cb62454a270 Mon Sep 17 00:00:00 2001
From: qihao <qihao_yewu@cmss.chinamobile.com>
Date: Thu, 10 Aug 2023 13:59:53 +0800
Subject: [PATCH] qga: Fix suspend on Linux guests without systemd
cheery-pick from 86dcb6ab9b603450eb6d896cdc95286de2c7d561
Allow the Linux guest agent to attempt each of the suspend methods
(systemctl, pm-* and writing to /sys) in turn.
Prior to this guests without systemd failed to suspend due to
`guest_suspend` returning early regardless of the return value of
`systemd_supports_mode`.
Signed-off-by: Mark Somerville <mark@qpok.net>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
---
qga/commands-posix.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 75dbaab68e..4e06271889 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -2104,10 +2104,10 @@ static void guest_suspend(SuspendMode mode, Error **errp)
if (systemd_supports_mode(mode, &local_err)) {
mode_supported = true;
systemd_suspend(mode, &local_err);
- }
- if (!local_err) {
- return;
+ if (!local_err) {
+ return;
+ }
}
error_free(local_err);
@@ -2116,10 +2116,10 @@ static void guest_suspend(SuspendMode mode, Error **errp)
if (pmutils_supports_mode(mode, &local_err)) {
mode_supported = true;
pmutils_suspend(mode, &local_err);
- }
- if (!local_err) {
- return;
+ if (!local_err) {
+ return;
+ }
}
error_free(local_err);
--
2.41.0.windows.1

6108
sw_64-Added-sw64-architecture-related-updates.patch Normal file
View File

File diff suppressed because it is too large Load Diff

40
tests-vhost-user-test-release-mutex-on-protocol-viol.patch Normal file
View File

@ -0,0 +1,40 @@
From b09ffbe7b85f891a8f5d425e5a98298a55c8400b Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Sun, 6 Aug 2023 23:48:47 -0700
Subject: [PATCH] tests: vhost-user-test: release mutex on protocol violation
cherry picked from commit 9260993e27cdbbd2e829d405cc63b1faefec6088
chr_read() is printing an error message and returning with s->data_mutex taken.
This can potentially cause a hang. Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
tests/qtest/vhost-user-test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/qtest/vhost-user-test.c b/tests/qtest/vhost-user-test.c
index 3d6337fb5c..d07babc06d 100644
--- a/tests/qtest/vhost-user-test.c
+++ b/tests/qtest/vhost-user-test.c
@@ -328,7 +328,7 @@ static void chr_read(void *opaque, const uint8_t *buf, int size)
if (size != msg.size) {
g_test_message("Wrong message size received %d != %d",
size, msg.size);
- return;
+ goto out;
}
}
@@ -429,6 +429,7 @@ static void chr_read(void *opaque, const uint8_t *buf, int size)
break;
}
+out:
g_mutex_unlock(&s->data_mutex);
}
--
2.41.0.windows.1

41
vfio-Fix-vfio_get_dev_region-trace-event.patch Normal file
View File

@ -0,0 +1,41 @@
From e2ceb2def76cc917d3165a804025e630c3bedad1 Mon Sep 17 00:00:00 2001
From: xiaowanghe <xiaowanghe_yewu@cmss.chinamobile.com>
Date: Wed, 2 Aug 2023 19:08:05 -0700
Subject: [PATCH] vfio: Fix vfio_get_dev_region() trace event
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cherry picked from commit 969dae5448eaa2914be5b974f9e0311b3f95ee2c
Simply transpose 'x8' to fix the typo and remove the ending '8'
Fixes: e61a424f05 ("vfio: Create device specific region info helper")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1526
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20230303074330.2609377-1-clg@kaod.org
[aw: commit log s/revert/transpose/]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Wanghe Xiao <xiaowanghe_yewu@cmss.chinamobile.com>
---
hw/vfio/trace-events | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
index 0ef1b5f4a6..f4b74a3e81 100644
--- a/hw/vfio/trace-events
+++ b/hw/vfio/trace-events
@@ -116,7 +116,7 @@ vfio_region_mmaps_set_enabled(const char *name, bool enabled) "Region %s mmaps e
vfio_region_unmap(const char *name, unsigned long offset, unsigned long end) "Region %s unmap [0x%lx - 0x%lx]"
vfio_region_sparse_mmap_header(const char *name, int index, int nr_areas) "Device %s region %d: %d sparse mmap entries"
vfio_region_sparse_mmap_entry(int i, unsigned long start, unsigned long end) "sparse entry %d [0x%lx - 0x%lx]"
-vfio_get_dev_region(const char *name, int index, uint32_t type, uint32_t subtype) "%s index %d, %08x/%0x8"
+vfio_get_dev_region(const char *name, int index, uint32_t type, uint32_t subtype) "%s index %d, %08x/%08x"
vfio_dma_unmap_overflow_workaround(void) ""
# platform.c
--
2.41.0.windows.1

59
vhost-vdpa-do-not-cleanup-the-vdpa-vhost-net-structu.patch Normal file
View File

@ -0,0 +1,59 @@
From b6e32ca6cb92d6b1c5414206a262fd72cedd56bc Mon Sep 17 00:00:00 2001
From: Ani Sinha <anisinha@redhat.com>
Date: Mon, 19 Jun 2023 12:22:09 +0530
Subject: [PATCH] vhost-vdpa: do not cleanup the vdpa/vhost-net structures if
peer nic is present
When a peer nic is still attached to the vdpa backend, it is too early to free
up the vhost-net and vdpa structures. If these structures are freed here, then
QEMU crashes when the guest is being shut down. The following call chain
would result in an assertion failure since the pointer returned from
vhost_vdpa_get_vhost_net() would be NULL:
do_vm_stop() -> vm_state_notify() -> virtio_set_status() ->
virtio_net_vhost_status() -> get_vhost_net().
Therefore, we defer freeing up the structures until at guest shutdown
time when qemu_cleanup() calls net_cleanup() which then calls
qemu_del_net_client() which would eventually call vhost_vdpa_cleanup()
again to free up the structures. This time, the loop in net_cleanup()
ensures that vhost_vdpa_cleanup() will be called one last time when
all the peer nics are detached and freed.
All unit tests pass with this change.
CC: imammedo@redhat.com
CC: jusual@redhat.com
CC: mst@redhat.com
Fixes: CVE-2023-3301
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619065209.442185-1-anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
net/vhost-vdpa.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 25dd6dd975..60b715aef1 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -128,6 +128,14 @@ static void vhost_vdpa_cleanup(NetClientState *nc)
{
VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
+ /*
+ * If a peer NIC is attached, do not cleanup anything.
+ * Cleanup will happen as a part of qemu_cleanup() -> net_cleanup()
+ * when the guest is shutting down.
+ */
+ if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_NIC) {
+ return;
+ }
if (s->vhost_net) {
vhost_net_cleanup(s->vhost_net);
g_free(s->vhost_net);
--
2.41.0.windows.1

47
virtio-crypto-verify-src-dst-buffer-length-for-sym-r.patch Normal file
View File

@ -0,0 +1,47 @@
From 017c7af0d5b928c6af60f8262c62d4c570b2e55e Mon Sep 17 00:00:00 2001
From: zhenwei pi <pizhenwei@bytedance.com>
Date: Thu, 3 Aug 2023 10:43:13 +0800
Subject: [PATCH] virtio-crypto: verify src&dst buffer length for sym request
For symmetric algorithms, the length of ciphertext must be as same
as the plaintext.
The missing verification of the src_len and the dst_len in
virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
This patch is originally written by Yiming Tao for QEMU-SECURITY,
resend it(a few changes of error message) in qemu-devel.
Fixes: CVE-2023-3180
Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler")
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Cc: Yiming Tao <taoym@zju.edu.cn>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20230803024314.29962-2-pizhenwei@bytedance.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9d38a8434721a6479fe03fb5afb150ca793d3980)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---
hw/virtio/virtio-crypto.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index 54f9bbb789..274c7b4dea 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -461,6 +461,11 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
return NULL;
}
+ if (unlikely(src_len != dst_len)) {
+ virtio_error(vdev, "sym request src len is different from dst len");
+ return NULL;
+ }
+
max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
if (unlikely(max_len > vcrypto->conf.max_size)) {
virtio_error(vdev, "virtio-crypto too big length");
--
2.41.0.windows.1

80
xen-block-Avoid-leaks-on-new-error-path.patch Normal file
View File

@ -0,0 +1,80 @@
From 67577f8a8310b1233bddfdaa1099bf6371b79d51 Mon Sep 17 00:00:00 2001
From: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
Date: Thu, 3 Aug 2023 11:01:42 +0800
Subject: [PATCH] xen-block: Avoid leaks on new error path
Commit 189829399070 ("xen-block: Use specific blockdev driver")
introduced a new error path, without taking care of allocated
resources.
So only allocate the qdicts after the error check, and free both
`filename` and `driver` when we are about to return and thus taking
care of both success and error path.
Coverity only spotted the leak of qdicts (*_layer variables).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: Coverity CID 1508722, 1398649
Fixes: 189829399070 ("xen-block: Use specific blockdev driver")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230704171819.42564-1-anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Zhongrui Tang <tangzhongrui_yewu@cmss.chinamobile.com>
---
hw/block/xen-block.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 674953f1ad..6d90621e02 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -760,14 +760,15 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
drive = g_new0(XenBlockDrive, 1);
drive->id = g_strdup(id);
- file_layer = qdict_new();
- driver_layer = qdict_new();
-
rc = stat(filename, &st);
if (rc) {
error_setg_errno(errp, errno, "Could not stat file '%s'", filename);
goto done;
}
+
+ file_layer = qdict_new();
+ driver_layer = qdict_new();
+
if (S_ISBLK(st.st_mode)) {
qdict_put_str(file_layer, "driver", "host_device");
} else {
@@ -775,7 +776,6 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
}
qdict_put_str(file_layer, "filename", filename);
- g_free(filename);
if (mode && *mode != 'w') {
qdict_put_bool(file_layer, "read-only", true);
@@ -810,7 +810,6 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
qdict_put_str(file_layer, "locking", "off");
qdict_put_str(driver_layer, "driver", driver);
- g_free(driver);
qdict_put(driver_layer, "file", file_layer);
@@ -821,6 +820,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
qobject_unref(driver_layer);
done:
+ g_free(filename);
+ g_free(driver);
if (*errp) {
xen_block_drive_destroy(drive, NULL);
return NULL;
--
2.41.0.windows.1