diff --git a/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch b/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch new file mode 100644 index 0000000000000000000000000000000000000000..4a96fc5ce1372f0e2f59ab9019cf8d72e0ee7bee --- /dev/null +++ b/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch @@ -0,0 +1,50 @@ +From 3bdd21c4b7d80cacc6b5f1b26ab52ef3a0aceb06 Mon Sep 17 00:00:00 2001 +From: Peter Xu +Date: Wed, 16 Oct 2019 10:29:32 +0800 +Subject: [PATCH 7/8] apic: Use 32bit APIC ID for migration instance ID + +Migration is silently broken now with x2apic config like this: + + -smp 200,maxcpus=288,sockets=2,cores=72,threads=2 \ + -device intel-iommu,intremap=on,eim=on + +After migration, the guest kernel could hang at anything, due to +x2apic bit not migrated correctly in IA32_APIC_BASE on some vcpus, so +any operations related to x2apic could be broken then (e.g., RDMSR on +x2apic MSRs could fail because KVM would think that the vcpu hasn't +enabled x2apic at all). + +The issue is that the x2apic bit was never applied correctly for vcpus +whose ID > 255 when migrate completes, and that's because when we +migrate APIC we use the APICCommonState.id as instance ID of the +migration stream, while that's too short for x2apic. + +Let's use the newly introduced initial_apic_id for that. + +Signed-off-by: Peter Xu +Reviewed-by: Juan Quintela +Reviewed-by: Eduardo Habkost +Signed-off-by: Juan Quintela +--- + hw/intc/apic_common.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c +index 07adba0..2c0cb1e 100644 +--- a/hw/intc/apic_common.c ++++ b/hw/intc/apic_common.c +@@ -313,7 +313,10 @@ static void apic_common_realize(DeviceState *dev, Error **errp) + APICCommonState *s = APIC_COMMON(dev); + APICCommonClass *info; + static DeviceState *vapic; +- uint32_t instance_id = s->id; ++ uint32_t instance_id = s->initial_apic_id; ++ ++ /* Normally initial APIC ID should be no more than hundreds */ ++ assert(instance_id != VMSTATE_INSTANCE_ID_ANY); + + info = APIC_COMMON_GET_CLASS(s); + info->realize(dev, errp); +-- +1.8.3.1 + diff --git a/audio-fix-integer-overflow.patch b/audio-fix-integer-overflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..91f5280f1854634460e43b48ae98a4f5eb57b26c --- /dev/null +++ b/audio-fix-integer-overflow.patch @@ -0,0 +1,37 @@ +From d0c4e8cc25dc3bfed1659c35fb59b2f0418ba1d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Volker=20R=C3=BCmelin?= +Date: Thu, 19 Dec 2019 21:34:05 +0100 +Subject: [PATCH 2/8] audio: fix integer overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Tell the compiler to do a 32bit * 32bit -> 64bit multiplication +because period_ticks is a 64bit variable. The overflow occurs +for audio timer periods larger than 4294967us. + +Fixes: be1092afa0 "audio: fix audio timer rate conversion bug" + +Signed-off-by: Volker Rümelin +Message-id: 8893a235-66a8-8fbe-7d95-862e29da90b1@t-online.de +Signed-off-by: Gerd Hoffmann +--- + audio/audio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/audio/audio.c b/audio/audio.c +index 05adf7f..efcb5d4 100644 +--- a/audio/audio.c ++++ b/audio/audio.c +@@ -1473,7 +1473,7 @@ static int audio_init(Audiodev *dev) + if (dev->timer_period <= 0) { + s->period_ticks = 1; + } else { +- s->period_ticks = dev->timer_period * SCALE_US; ++ s->period_ticks = dev->timer_period * (int64_t)SCALE_US; + } + + e = qemu_add_vm_change_state_handler (audio_vm_change_state_handler, s); +-- +1.8.3.1 + diff --git a/display-bochs-display-fix-memory-leak.patch b/display-bochs-display-fix-memory-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..4dd3aa61c2b2b1026e0065c708ead4aeb79b3c21 --- /dev/null +++ b/display-bochs-display-fix-memory-leak.patch @@ -0,0 +1,35 @@ +From 7edca67dc630e31043644e87ede2e05e504f845b Mon Sep 17 00:00:00 2001 +From: Cameron Esfahani +Date: Tue, 10 Dec 2019 13:27:54 -0800 +Subject: [PATCH 1/8] display/bochs-display: fix memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix memory leak in bochs_display_update(). Leaks 304 bytes per frame. + +Fixes: 33ebad54056 +Signed-off-by: Cameron Esfahani +Message-Id: +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Gerd Hoffmann +--- + hw/display/bochs-display.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c +index 8e83b51..b601b2f 100644 +--- a/hw/display/bochs-display.c ++++ b/hw/display/bochs-display.c +@@ -251,6 +251,8 @@ static void bochs_display_update(void *opaque) + dpy_gfx_update(s->con, 0, ys, + mode.width, y - ys); + } ++ ++ g_free(snap); + } + } + +-- +1.8.3.1 + diff --git a/hw-usb-core-fix-buffer-overflow.patch b/hw-usb-core-fix-buffer-overflow.patch index 494955788a2506fd2d28521ff234118025fbe674..74d8aa3c76042a7a150a2ae688e12684f7e1cd34 100644 --- a/hw-usb-core-fix-buffer-overflow.patch +++ b/hw-usb-core-fix-buffer-overflow.patch @@ -1,5 +1,3 @@ -hw-usb-core-fix-buffer-overflow - From 18ad0451f113ffc3a2ff59c059d189cca1e42842 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Aug 2020 17:04:04 +0800 diff --git a/migration-Change-SaveStateEntry.instance_id-into-uin.patch b/migration-Change-SaveStateEntry.instance_id-into-uin.patch new file mode 100644 index 0000000000000000000000000000000000000000..3eb83b3996ccd7b934d7ca5c65800ead9c0ae3bd --- /dev/null +++ b/migration-Change-SaveStateEntry.instance_id-into-uin.patch @@ -0,0 +1,158 @@ +From 2eadc5c611ca8cc916f74c0f393f1fd942903ef7 Mon Sep 17 00:00:00 2001 +From: Peter Xu +Date: Wed, 16 Oct 2019 10:29:31 +0800 +Subject: [PATCH 6/8] migration: Change SaveStateEntry.instance_id into + uint32_t + +It was always used as 32bit, so define it as used to be clear. +Instead of using -1 as the auto-gen magic value, we switch to +UINT32_MAX. We also make sure that we don't auto-gen this value to +avoid overflowed instance IDs without being noticed. + +Suggested-by: Juan Quintela +Signed-off-by: Peter Xu +Reviewed-by: Juan Quintela +Signed-off-by: Juan Quintela +--- + hw/intc/apic_common.c | 2 +- + include/migration/register.h | 2 +- + include/migration/vmstate.h | 2 +- + migration/savevm.c | 18 ++++++++++-------- + stubs/vmstate.c | 2 +- + 5 files changed, 14 insertions(+), 12 deletions(-) + +diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c +index faea1af..07adba0 100644 +--- a/hw/intc/apic_common.c ++++ b/hw/intc/apic_common.c +@@ -313,7 +313,7 @@ static void apic_common_realize(DeviceState *dev, Error **errp) + APICCommonState *s = APIC_COMMON(dev); + APICCommonClass *info; + static DeviceState *vapic; +- int instance_id = s->id; ++ uint32_t instance_id = s->id; + + info = APIC_COMMON_GET_CLASS(s); + info->realize(dev, errp); +diff --git a/include/migration/register.h b/include/migration/register.h +index 3d0b983..8b2bc5b 100644 +--- a/include/migration/register.h ++++ b/include/migration/register.h +@@ -70,7 +70,7 @@ typedef struct SaveVMHandlers { + + int register_savevm_live(DeviceState *dev, + const char *idstr, +- int instance_id, ++ uint32_t instance_id, + int version_id, + const SaveVMHandlers *ops, + void *opaque); +diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h +index 92f531a..8abd2e3 100644 +--- a/include/migration/vmstate.h ++++ b/include/migration/vmstate.h +@@ -1117,7 +1117,7 @@ bool vmstate_save_needed(const VMStateDescription *vmsd, void *opaque); + #define VMSTATE_INSTANCE_ID_ANY -1 + + /* Returns: 0 on success, -1 on failure */ +-int vmstate_register_with_alias_id(DeviceState *dev, int instance_id, ++int vmstate_register_with_alias_id(DeviceState *dev, uint32_t instance_id, + const VMStateDescription *vmsd, + void *base, int alias_id, + int required_for_version, +diff --git a/migration/savevm.c b/migration/savevm.c +index 62552ab..7d89c57 100644 +--- a/migration/savevm.c ++++ b/migration/savevm.c +@@ -229,7 +229,7 @@ typedef struct CompatEntry { + typedef struct SaveStateEntry { + QTAILQ_ENTRY(SaveStateEntry) entry; + char idstr[256]; +- int instance_id; ++ uint32_t instance_id; + int alias_id; + int version_id; + /* version id read from the stream */ +@@ -616,10 +616,10 @@ void dump_vmstate_json_to_file(FILE *out_file) + fclose(out_file); + } + +-static int calculate_new_instance_id(const char *idstr) ++static uint32_t calculate_new_instance_id(const char *idstr) + { + SaveStateEntry *se; +- int instance_id = 0; ++ uint32_t instance_id = 0; + + QTAILQ_FOREACH(se, &savevm_state.handlers, entry) { + if (strcmp(idstr, se->idstr) == 0 +@@ -627,6 +627,8 @@ static int calculate_new_instance_id(const char *idstr) + instance_id = se->instance_id + 1; + } + } ++ /* Make sure we never loop over without being noticed */ ++ assert(instance_id != VMSTATE_INSTANCE_ID_ANY); + return instance_id; + } + +@@ -682,7 +684,7 @@ static void savevm_state_handler_insert(SaveStateEntry *nse) + distinguishing id for all instances of your device class. */ + int register_savevm_live(DeviceState *dev, + const char *idstr, +- int instance_id, ++ uint32_t instance_id, + int version_id, + const SaveVMHandlers *ops, + void *opaque) +@@ -756,7 +758,7 @@ void unregister_savevm(DeviceState *dev, const char *idstr, void *opaque) + } + } + +-int vmstate_register_with_alias_id(DeviceState *dev, int instance_id, ++int vmstate_register_with_alias_id(DeviceState *dev, uint32_t instance_id, + const VMStateDescription *vmsd, + void *opaque, int alias_id, + int required_for_version, +@@ -1507,7 +1509,7 @@ int qemu_save_device_state(QEMUFile *f) + return qemu_file_get_error(f); + } + +-static SaveStateEntry *find_se(const char *idstr, int instance_id) ++static SaveStateEntry *find_se(const char *idstr, uint32_t instance_id) + { + SaveStateEntry *se; + +@@ -2187,7 +2189,7 @@ qemu_loadvm_section_start_full(QEMUFile *f, MigrationIncomingState *mis) + /* Find savevm section */ + se = find_se(idstr, instance_id); + if (se == NULL) { +- error_report("Unknown savevm section or instance '%s' %d. " ++ error_report("Unknown savevm section or instance '%s' %"PRIu32". " + "Make sure that your current VM setup matches your " + "saved VM setup, including any hotplugged devices", + idstr, instance_id); +@@ -2211,7 +2213,7 @@ qemu_loadvm_section_start_full(QEMUFile *f, MigrationIncomingState *mis) + + ret = vmstate_load(f, se); + if (ret < 0) { +- error_report("error while loading state for instance 0x%x of" ++ error_report("error while loading state for instance 0x%"PRIx32" of" + " device '%s'", instance_id, idstr); + return ret; + } +diff --git a/stubs/vmstate.c b/stubs/vmstate.c +index e1e89b8..4ed5cc6 100644 +--- a/stubs/vmstate.c ++++ b/stubs/vmstate.c +@@ -4,7 +4,7 @@ + const VMStateDescription vmstate_dummy = {}; + + int vmstate_register_with_alias_id(DeviceState *dev, +- int instance_id, ++ uint32_t instance_id, + const VMStateDescription *vmsd, + void *base, int alias_id, + int required_for_version, +-- +1.8.3.1 + diff --git a/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch b/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch new file mode 100644 index 0000000000000000000000000000000000000000..cd32b04997c14345aa7f488cd1a960a106d9aa15 --- /dev/null +++ b/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch @@ -0,0 +1,237 @@ +From 21e049e2941b108df45c9089cbf7539caae538e6 Mon Sep 17 00:00:00 2001 +From: Peter Xu +Date: Wed, 16 Oct 2019 10:29:30 +0800 +Subject: [PATCH 5/8] migration: Define VMSTATE_INSTANCE_ID_ANY + +Define the new macro VMSTATE_INSTANCE_ID_ANY for callers who wants to +auto-generate the vmstate instance ID. Previously it was hard coded +as -1 instead of this macro. It helps to change this default value in +the follow up patches. No functional change. + +Signed-off-by: Peter Xu +Reviewed-by: Juan Quintela +Signed-off-by: Juan Quintela +--- + hw/arm/stellaris.c | 2 +- + hw/core/qdev.c | 4 +++- + hw/display/ads7846.c | 2 +- + hw/i2c/core.c | 2 +- + hw/input/stellaris_input.c | 3 ++- + hw/intc/apic_common.c | 2 +- + hw/misc/max111x.c | 3 ++- + hw/net/eepro100.c | 3 ++- + hw/pci/pci.c | 2 +- + hw/ppc/spapr.c | 2 +- + hw/timer/arm_timer.c | 2 +- + hw/tpm/tpm_emulator.c | 3 ++- + include/migration/vmstate.h | 2 ++ + migration/savevm.c | 8 ++++---- + 14 files changed, 24 insertions(+), 16 deletions(-) + +diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c +index 499035f..3432033 100644 +--- a/hw/arm/stellaris.c ++++ b/hw/arm/stellaris.c +@@ -705,7 +705,7 @@ static int stellaris_sys_init(uint32_t base, qemu_irq irq, + memory_region_init_io(&s->iomem, NULL, &ssys_ops, s, "ssys", 0x00001000); + memory_region_add_subregion(get_system_memory(), base, &s->iomem); + ssys_reset(s); +- vmstate_register(NULL, -1, &vmstate_stellaris_sys, s); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_stellaris_sys, s); + return 0; + } + +diff --git a/hw/core/qdev.c b/hw/core/qdev.c +index 94ebc0a..4b32f2f 100644 +--- a/hw/core/qdev.c ++++ b/hw/core/qdev.c +@@ -848,7 +848,9 @@ static void device_set_realized(Object *obj, bool value, Error **errp) + dev->canonical_path = object_get_canonical_path(OBJECT(dev)); + + if (qdev_get_vmsd(dev)) { +- if (vmstate_register_with_alias_id(dev, -1, qdev_get_vmsd(dev), dev, ++ if (vmstate_register_with_alias_id(dev, ++ VMSTATE_INSTANCE_ID_ANY, ++ qdev_get_vmsd(dev), dev, + dev->instance_id_alias, + dev->alias_required_for_version, + &local_err) < 0) { +diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c +index 1a97e97..be1802e 100644 +--- a/hw/display/ads7846.c ++++ b/hw/display/ads7846.c +@@ -152,7 +152,7 @@ static void ads7846_realize(SSISlave *d, Error **errp) + + ads7846_int_update(s); + +- vmstate_register(NULL, -1, &vmstate_ads7846, s); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_ads7846, s); + } + + static void ads7846_class_init(ObjectClass *klass, void *data) +diff --git a/hw/i2c/core.c b/hw/i2c/core.c +index 20f36f1..186702b 100644 +--- a/hw/i2c/core.c ++++ b/hw/i2c/core.c +@@ -59,7 +59,7 @@ I2CBus *i2c_init_bus(DeviceState *parent, const char *name) + + bus = I2C_BUS(qbus_create(TYPE_I2C_BUS, parent, name)); + QLIST_INIT(&bus->current_devs); +- vmstate_register(NULL, -1, &vmstate_i2c_bus, bus); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_i2c_bus, bus); + return bus; + } + +diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c +index 3a666d6..6c5b6d8 100644 +--- a/hw/input/stellaris_input.c ++++ b/hw/input/stellaris_input.c +@@ -86,5 +86,6 @@ void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode) + } + s->num_buttons = n; + qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s); +- vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, ++ &vmstate_stellaris_gamepad, s); + } +diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c +index e764a2b..faea1af 100644 +--- a/hw/intc/apic_common.c ++++ b/hw/intc/apic_common.c +@@ -329,7 +329,7 @@ static void apic_common_realize(DeviceState *dev, Error **errp) + } + + if (s->legacy_instance_id) { +- instance_id = -1; ++ instance_id = VMSTATE_INSTANCE_ID_ANY; + } + vmstate_register_with_alias_id(NULL, instance_id, &vmstate_apic_common, + s, -1, 0, NULL); +diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c +index d373ece..364cb01 100644 +--- a/hw/misc/max111x.c ++++ b/hw/misc/max111x.c +@@ -144,7 +144,8 @@ static int max111x_init(SSISlave *d, int inputs) + s->input[7] = 0x80; + s->com = 0; + +- vmstate_register(dev, -1, &vmstate_max111x, s); ++ vmstate_register(dev, VMSTATE_INSTANCE_ID_ANY, ++ &vmstate_max111x, s); + return 0; + } + +diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c +index 6607c91..03edd25 100644 +--- a/hw/net/eepro100.c ++++ b/hw/net/eepro100.c +@@ -1872,7 +1872,8 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error **errp) + + s->vmstate = g_memdup(&vmstate_eepro100, sizeof(vmstate_eepro100)); + s->vmstate->name = qemu_get_queue(s->nic)->model; +- vmstate_register(&pci_dev->qdev, -1, s->vmstate, s); ++ vmstate_register(&pci_dev->qdev, VMSTATE_INSTANCE_ID_ANY, ++ s->vmstate, s); + } + + static void eepro100_instance_init(Object *obj) +diff --git a/hw/pci/pci.c b/hw/pci/pci.c +index 8076a80..e74143c 100644 +--- a/hw/pci/pci.c ++++ b/hw/pci/pci.c +@@ -118,7 +118,7 @@ static void pci_bus_realize(BusState *qbus, Error **errp) + bus->machine_done.notify = pcibus_machine_done; + qemu_add_machine_init_done_notifier(&bus->machine_done); + +- vmstate_register(NULL, -1, &vmstate_pcibus, bus); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_pcibus, bus); + } + + static void pcie_bus_realize(BusState *qbus, Error **errp) +diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c +index 12ed4b0..b0f37c3 100644 +--- a/hw/ppc/spapr.c ++++ b/hw/ppc/spapr.c +@@ -3069,7 +3069,7 @@ static void spapr_machine_init(MachineState *machine) + * interface, this is a legacy from the sPAPREnvironment structure + * which predated MachineState but had a similar function */ + vmstate_register(NULL, 0, &vmstate_spapr, spapr); +- register_savevm_live(NULL, "spapr/htab", -1, 1, ++ register_savevm_live(NULL, "spapr/htab", VMSTATE_INSTANCE_ID_ANY, 1, + &savevm_htab_handlers, spapr); + + qbus_set_hotplug_handler(sysbus_get_default(), OBJECT(machine), +diff --git a/hw/timer/arm_timer.c b/hw/timer/arm_timer.c +index f0a7534..1ce4e01 100644 +--- a/hw/timer/arm_timer.c ++++ b/hw/timer/arm_timer.c +@@ -172,7 +172,7 @@ static arm_timer_state *arm_timer_init(uint32_t freq) + + bh = qemu_bh_new(arm_timer_tick, s); + s->timer = ptimer_init(bh, PTIMER_POLICY_DEFAULT); +- vmstate_register(NULL, -1, &vmstate_arm_timer, s); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_arm_timer, s); + return s; + } + +diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c +index 38bf5fd..836c489 100644 +--- a/hw/tpm/tpm_emulator.c ++++ b/hw/tpm/tpm_emulator.c +@@ -914,7 +914,8 @@ static void tpm_emulator_inst_init(Object *obj) + tpm_emu->cur_locty_number = ~0; + qemu_mutex_init(&tpm_emu->mutex); + +- vmstate_register(NULL, -1, &vmstate_tpm_emulator, obj); ++ vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, ++ &vmstate_tpm_emulator, obj); + } + + /* +diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h +index c2bfa7a..92f531a 100644 +--- a/include/migration/vmstate.h ++++ b/include/migration/vmstate.h +@@ -1114,6 +1114,8 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd, + + bool vmstate_save_needed(const VMStateDescription *vmsd, void *opaque); + ++#define VMSTATE_INSTANCE_ID_ANY -1 ++ + /* Returns: 0 on success, -1 on failure */ + int vmstate_register_with_alias_id(DeviceState *dev, int instance_id, + const VMStateDescription *vmsd, +diff --git a/migration/savevm.c b/migration/savevm.c +index 480c511..62552ab 100644 +--- a/migration/savevm.c ++++ b/migration/savevm.c +@@ -722,7 +722,7 @@ int register_savevm_live(DeviceState *dev, + } + pstrcat(se->idstr, sizeof(se->idstr), idstr); + +- if (instance_id == -1) { ++ if (instance_id == VMSTATE_INSTANCE_ID_ANY) { + se->instance_id = calculate_new_instance_id(se->idstr); + } else { + se->instance_id = instance_id; +@@ -789,14 +789,14 @@ int vmstate_register_with_alias_id(DeviceState *dev, int instance_id, + + se->compat = g_new0(CompatEntry, 1); + pstrcpy(se->compat->idstr, sizeof(se->compat->idstr), vmsd->name); +- se->compat->instance_id = instance_id == -1 ? ++ se->compat->instance_id = instance_id == VMSTATE_INSTANCE_ID_ANY ? + calculate_compat_instance_id(vmsd->name) : instance_id; +- instance_id = -1; ++ instance_id = VMSTATE_INSTANCE_ID_ANY; + } + } + pstrcat(se->idstr, sizeof(se->idstr), vmsd->name); + +- if (instance_id == -1) { ++ if (instance_id == VMSTATE_INSTANCE_ID_ANY) { + se->instance_id = calculate_new_instance_id(se->idstr); + } else { + se->instance_id = instance_id; +-- +1.8.3.1 + diff --git a/migration-multifd-clean-pages-after-filling-packet.patch b/migration-multifd-clean-pages-after-filling-packet.patch new file mode 100644 index 0000000000000000000000000000000000000000..596c5244691dc0a60a486598a74e23466a62645b --- /dev/null +++ b/migration-multifd-clean-pages-after-filling-packet.patch @@ -0,0 +1,51 @@ +From 0f7e704a4faa661583ea6d82659f206e561f23d4 Mon Sep 17 00:00:00 2001 +From: Wei Yang +Date: Sat, 26 Oct 2019 07:19:59 +0800 +Subject: [PATCH 3/8] migration/multifd: clean pages after filling packet + +This is a preparation for the next patch: + + not use multifd during postcopy. + +Without enabling postcopy, everything looks good. While after enabling +postcopy, migration may fail even not use multifd during postcopy. The +reason is the pages is not properly cleared and *old* target page will +continue to be transferred. + +After clean pages, migration succeeds. + +Signed-off-by: Wei Yang +Reviewed-by: Juan Quintela +Signed-off-by: Juan Quintela +--- + migration/ram.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/migration/ram.c b/migration/ram.c +index 840e354..c2eb1ed 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -947,10 +947,10 @@ static int multifd_send_pages(RAMState *rs) + } + qemu_mutex_unlock(&p->mutex); + } +- p->pages->used = 0; ++ assert(!p->pages->used); ++ assert(!p->pages->block); + + p->packet_num = multifd_send_state->packet_num++; +- p->pages->block = NULL; + multifd_send_state->pages = p->pages; + p->pages = pages; + transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE + p->packet_len; +@@ -1137,6 +1137,7 @@ static void *multifd_send_thread(void *opaque) + p->num_packets++; + p->num_pages += used; + p->pages->used = 0; ++ p->pages->block = NULL; + qemu_mutex_unlock(&p->mutex); + + trace_multifd_send(p->id, packet_num, used, flags, +-- +1.8.3.1 + diff --git a/migration-multifd-not-use-multifd-during-postcopy.patch b/migration-multifd-not-use-multifd-during-postcopy.patch new file mode 100644 index 0000000000000000000000000000000000000000..6df61bfdd8d637854acea0e13e787db04dbdeca2 --- /dev/null +++ b/migration-multifd-not-use-multifd-during-postcopy.patch @@ -0,0 +1,41 @@ +From 7331554bd6ab230404b20d612aed20a95c20eba6 Mon Sep 17 00:00:00 2001 +From: Wei Yang +Date: Sat, 26 Oct 2019 07:20:00 +0800 +Subject: [PATCH 4/8] migration/multifd: not use multifd during postcopy + +We don't support multifd during postcopy, but user still could enable +both multifd and postcopy. This leads to migration failure. + +Skip multifd during postcopy. + +Signed-off-by: Wei Yang +Reviewed-by: Juan Quintela +Signed-off-by: Juan Quintela +--- + migration/ram.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/migration/ram.c b/migration/ram.c +index c2eb1ed..aace3a5 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -2571,10 +2571,13 @@ static int ram_save_target_page(RAMState *rs, PageSearchStatus *pss, + } + + /* +- * do not use multifd for compression as the first page in the new +- * block should be posted out before sending the compressed page ++ * Do not use multifd for: ++ * 1. Compression as the first page in the new block should be posted out ++ * before sending the compressed page ++ * 2. In postcopy as one whole host page should be placed + */ +- if (!save_page_use_compression(rs) && migrate_use_multifd()) { ++ if (!save_page_use_compression(rs) && migrate_use_multifd() ++ && !migration_in_postcopy()) { + return ram_save_multifd_page(rs, block, offset); + } + +-- +1.8.3.1 + diff --git a/qemu.spec b/qemu.spec index 577e230e86a812a9eed4883f723dccafaa0ed2b9..5fc44c400bf61469f788b70c2812ef0defdf1f6a 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 4.1.0 -Release: 25 +Release: 26 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY @@ -272,6 +272,13 @@ Patch0259: virtio-blk-delete-vqs-on-the-error-path-in-realize.patch Patch0260: fix-vhost_user_blk_watch-crash.patch Patch0261: vhost-user-blk-delay-vhost_user_blk_disconnect.patch Patch0262: usbredir-fix-buffer-overflow-on-vmload.patch +Patch0263: display-bochs-display-fix-memory-leak.patch +Patch0264: audio-fix-integer-overflow.patch +Patch0265: migration-multifd-clean-pages-after-filling-packet.patch +Patch0266: migration-multifd-not-use-multifd-during-postcopy.patch +Patch0267: migration-Define-VMSTATE_INSTANCE_ID_ANY.patch +Patch0268: migration-Change-SaveStateEntry.instance_id-into-uin.patch +Patch0269: apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch BuildRequires: flex BuildRequires: bison @@ -618,6 +625,15 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Thu sep 10 2020 Huawei Technologies Co., Ltd +- apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch +- audio-fix-integer-overflow.patch +- display-bochs-display-fix-memory-leak.patch +- migration-Change-SaveStateEntry.instance_id-into-uin.patch +- migration-Define-VMSTATE_INSTANCE_ID_ANY.patch +- migration-multifd-clean-pages-after-filling-packet.patch +- migration-multifd-not-use-multifd-during-postcopy.patch + * Wed Sep 09 2020 Huawei Technologies Co., Ltd - usbredir-fix-buffer-overflow-on-vmload.patch