From 4a9e59da2030d633ce1d5ab3bbb299c15b1acda7 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Fri, 10 Jan 2020 17:17:09 +0800 Subject: [PATCH 1/6] vl: Don't mismatch g_strsplit()/g_free() It's a mismatch between g_strsplit and g_free, it will cause a memory leak as follow: [root@localhost]# ./aarch64-softmmu/qemu-system-aarch64 -accel help Accelerators supported in QEMU binary: tcg kvm ================================================================= ==1207900==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 2 object(s) allocated from: #0 0xfffd700231cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) #1 0xfffd6ec57163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) #2 0xfffd6ec724d7 in g_strndup (/lib64/libglib-2.0.so.0+0x724d7) #3 0xfffd6ec73d3f in g_strsplit (/lib64/libglib-2.0.so.0+0x73d3f) #4 0xaaab66be5077 in main /mnt/sdc/qemu-master/qemu-4.2.0-rc0/vl.c:3517 #5 0xfffd6e140b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) #6 0xaaab66bf0f53 (./build/aarch64-softmmu/qemu-system-aarch64+0x8a0f53) Direct leak of 2 byte(s) in 2 object(s) allocated from: #0 0xfffd700231cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) #1 0xfffd6ec57163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) #2 0xfffd6ec7243b in g_strdup (/lib64/libglib-2.0.so.0+0x7243b) #3 0xfffd6ec73e6f in g_strsplit (/lib64/libglib-2.0.so.0+0x73e6f) #4 0xaaab66be5077 in main /mnt/sdc/qemu-master/qemu-4.2.0-rc0/vl.c:3517 #5 0xfffd6e140b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) #6 0xaaab66bf0f53 (./build/aarch64-softmmu/qemu-system-aarch64+0x8a0f53) Reported-by: Euler Robot Signed-off-by: Pan Nengyuan Message-Id: <20200110091710.53424-2-pannengyuan@huawei.com> Signed-off-by: Paolo Bonzini --- vl-Don-t-mismatch-g_strsplit-g_free.patch | 56 +++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 vl-Don-t-mismatch-g_strsplit-g_free.patch diff --git a/vl-Don-t-mismatch-g_strsplit-g_free.patch b/vl-Don-t-mismatch-g_strsplit-g_free.patch new file mode 100644 index 0000000..dc1f4cc --- /dev/null +++ b/vl-Don-t-mismatch-g_strsplit-g_free.patch @@ -0,0 +1,56 @@ +From cad4a99e8cab2fe581fb2c6c1421f5547b451e96 Mon Sep 17 00:00:00 2001 +From: Pan Nengyuan +Date: Fri, 10 Jan 2020 17:17:09 +0800 +Subject: [PATCH] vl: Don't mismatch g_strsplit()/g_free() + +It's a mismatch between g_strsplit and g_free, it will cause a memory leak as follow: + +[root@localhost]# ./aarch64-softmmu/qemu-system-aarch64 -accel help +Accelerators supported in QEMU binary: +tcg +kvm +================================================================= +==1207900==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 8 byte(s) in 2 object(s) allocated from: + #0 0xfffd700231cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) + #1 0xfffd6ec57163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) + #2 0xfffd6ec724d7 in g_strndup (/lib64/libglib-2.0.so.0+0x724d7) + #3 0xfffd6ec73d3f in g_strsplit (/lib64/libglib-2.0.so.0+0x73d3f) + #4 0xaaab66be5077 in main /mnt/sdc/qemu-master/qemu-4.2.0-rc0/vl.c:3517 + #5 0xfffd6e140b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) + #6 0xaaab66bf0f53 (./build/aarch64-softmmu/qemu-system-aarch64+0x8a0f53) + +Direct leak of 2 byte(s) in 2 object(s) allocated from: + #0 0xfffd700231cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) + #1 0xfffd6ec57163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) + #2 0xfffd6ec7243b in g_strdup (/lib64/libglib-2.0.so.0+0x7243b) + #3 0xfffd6ec73e6f in g_strsplit (/lib64/libglib-2.0.so.0+0x73e6f) + #4 0xaaab66be5077 in main /mnt/sdc/qemu-master/qemu-4.2.0-rc0/vl.c:3517 + #5 0xfffd6e140b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f) + #6 0xaaab66bf0f53 (./build/aarch64-softmmu/qemu-system-aarch64+0x8a0f53) + +Reported-by: Euler Robot +Signed-off-by: Pan Nengyuan +Message-Id: <20200110091710.53424-2-pannengyuan@huawei.com> +Signed-off-by: Paolo Bonzini +--- + vl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/vl.c b/vl.c +index b426b32134..cec0bfdb44 100644 +--- a/vl.c ++++ b/vl.c +@@ -3532,7 +3532,7 @@ int main(int argc, char **argv, char **envp) + gchar **optname = g_strsplit(typename, + ACCEL_CLASS_SUFFIX, 0); + printf("%s\n", optname[0]); +- g_free(optname); ++ g_strfreev(optname); + } + g_free(typename); + } +-- +2.27.0 + -- Gitee From e00e657c1e95bc11883e0f2e103a6bb419a4f6eb Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Wed, 29 Jan 2020 15:49:48 +0100 Subject: [PATCH 2/6] seqlock: fix seqlock_write_unlock_impl function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The seqlock write unlock function was incorrectly calling seqlock_write_begin() instead of seqlock_write_end(), and was releasing the lock before incrementing the sequence. This could lead to a race condition and a corrupted sequence number becoming odd even though the lock is not held. Signed-off-by: Luc Michel Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200129144948.2161551-1-luc.michel@greensocs.com> Fixes: 988fcafc73 ("seqlock: add QemuLockable support", 2018-08-23) Signed-off-by: Paolo Bonzini --- ...x-seqlock_write_unlock_impl-function.patch | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 seqlock-fix-seqlock_write_unlock_impl-function.patch diff --git a/seqlock-fix-seqlock_write_unlock_impl-function.patch b/seqlock-fix-seqlock_write_unlock_impl-function.patch new file mode 100644 index 0000000..f7f8c7c --- /dev/null +++ b/seqlock-fix-seqlock_write_unlock_impl-function.patch @@ -0,0 +1,44 @@ +From 96e00e040cd8ae23cebf183cf3a8dc9cf1f6149d Mon Sep 17 00:00:00 2001 +From: Luc Michel +Date: Wed, 29 Jan 2020 15:49:48 +0100 +Subject: [PATCH] seqlock: fix seqlock_write_unlock_impl function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The seqlock write unlock function was incorrectly calling +seqlock_write_begin() instead of seqlock_write_end(), and was releasing +the lock before incrementing the sequence. This could lead to a race +condition and a corrupted sequence number becoming odd even though the +lock is not held. + +Signed-off-by: Luc Michel +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20200129144948.2161551-1-luc.michel@greensocs.com> +Fixes: 988fcafc73 ("seqlock: add QemuLockable support", 2018-08-23) +Signed-off-by: Paolo Bonzini +--- + include/qemu/seqlock.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/qemu/seqlock.h b/include/qemu/seqlock.h +index fd408b7ec5..8b6b4ee4bb 100644 +--- a/include/qemu/seqlock.h ++++ b/include/qemu/seqlock.h +@@ -55,11 +55,11 @@ static inline void seqlock_write_lock_impl(QemuSeqLock *sl, QemuLockable *lock) + #define seqlock_write_lock(sl, lock) \ + seqlock_write_lock_impl(sl, QEMU_MAKE_LOCKABLE(lock)) + +-/* Lock out other writers and update the count. */ ++/* Update the count and release the lock. */ + static inline void seqlock_write_unlock_impl(QemuSeqLock *sl, QemuLockable *lock) + { ++ seqlock_write_end(sl); + qemu_lockable_unlock(lock); +- seqlock_write_begin(sl); + } + #define seqlock_write_unlock(sl, lock) \ + seqlock_write_unlock_impl(sl, QEMU_MAKE_LOCKABLE(lock)) +-- +2.27.0 + -- Gitee From 9ea7723f303a12c6402344e4a02114eae6129105 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Mon, 20 Jan 2020 19:21:44 +0100 Subject: [PATCH 3/6] target/i386: kvm: initialize microcode revision from KVM KVM can return the host microcode revision as a feature MSR. Use it as the default value for -cpu host. Signed-off-by: Paolo Bonzini Message-Id: <1579544504-3616-4-git-send-email-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini --- ...initialize-microcode-revision-from-K.patch | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 target-i386-kvm-initialize-microcode-revision-from-K.patch diff --git a/target-i386-kvm-initialize-microcode-revision-from-K.patch b/target-i386-kvm-initialize-microcode-revision-from-K.patch new file mode 100644 index 0000000..5c15a47 --- /dev/null +++ b/target-i386-kvm-initialize-microcode-revision-from-K.patch @@ -0,0 +1,50 @@ +From 8664cd20e4cdb8594076a26dacef592a4b4816b2 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 20 Jan 2020 19:21:44 +0100 +Subject: [PATCH] target/i386: kvm: initialize microcode revision from KVM + +KVM can return the host microcode revision as a feature MSR. +Use it as the default value for -cpu host. + +Signed-off-by: Paolo Bonzini +Message-Id: <1579544504-3616-4-git-send-email-pbonzini@redhat.com> +Signed-off-by: Paolo Bonzini +--- + target/i386/cpu.c | 4 ++++ + target/i386/kvm.c | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index ec8bc9957e..1962f00c77 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -6330,6 +6330,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) + &cpu->mwait.ecx, &cpu->mwait.edx); + env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR; + } ++ if (kvm_enabled() && cpu->ucode_rev == 0) { ++ cpu->ucode_rev = kvm_arch_get_supported_msr_feature(kvm_state, ++ MSR_IA32_UCODE_REV); ++ } + } + + if (cpu->ucode_rev == 0) { +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index 60060087fd..7437f86130 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -2628,6 +2628,11 @@ static void kvm_init_msrs(X86CPU *cpu) + env->features[FEAT_CORE_CAPABILITY]); + } + ++ if (kvm_arch_get_supported_msr_feature(kvm_state, ++ MSR_IA32_UCODE_REV)) { ++ kvm_msr_entry_add(cpu, MSR_IA32_UCODE_REV, cpu->ucode_rev); ++ } ++ + /* + * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but + * all kernels with MSR features should have them. +-- +2.27.0 + -- Gitee From b2d0fd64d308d6ec29df834920f6383ece0b6466 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Tue, 11 Feb 2020 18:55:16 +0100 Subject: [PATCH 4/6] target/i386: check for availability of MSR_IA32_UCODE_REV as an emulated MSR Even though MSR_IA32_UCODE_REV has been available long before Linux 5.6, which added it to the emulated MSR list, a bug caused the microcode version to revert to 0x100000000 on INIT. As a result, processors other than the bootstrap processor would not see the host microcode revision; some Windows version complain loudly about this and crash with a fairly explicit MICROCODE REVISION MISMATCH error. [If running 5.6 prereleases, the kernel fix "KVM: x86: do not reset microcode version on INIT or RESET" should also be applied.] Reported-by: Alex Williamson Message-id: <20200211175516.10716-1-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini --- ...k-for-availability-of-MSR_IA32_UCODE.patch | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 target-i386-check-for-availability-of-MSR_IA32_UCODE.patch diff --git a/target-i386-check-for-availability-of-MSR_IA32_UCODE.patch b/target-i386-check-for-availability-of-MSR_IA32_UCODE.patch new file mode 100644 index 0000000..377226a --- /dev/null +++ b/target-i386-check-for-availability-of-MSR_IA32_UCODE.patch @@ -0,0 +1,58 @@ +From 0633e7684b4f4da858a3739d68cb57a1d49bdf01 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 11 Feb 2020 18:55:16 +0100 +Subject: [PATCH] target/i386: check for availability of MSR_IA32_UCODE_REV as + an emulated MSR + +Even though MSR_IA32_UCODE_REV has been available long before Linux 5.6, +which added it to the emulated MSR list, a bug caused the microcode +version to revert to 0x100000000 on INIT. As a result, processors other +than the bootstrap processor would not see the host microcode revision; +some Windows version complain loudly about this and crash with a +fairly explicit MICROCODE REVISION MISMATCH error. + +[If running 5.6 prereleases, the kernel fix "KVM: x86: do not reset + microcode version on INIT or RESET" should also be applied.] + +Reported-by: Alex Williamson +Message-id: <20200211175516.10716-1-pbonzini@redhat.com> +Signed-off-by: Paolo Bonzini +--- + target/i386/kvm.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index 7437f86130..e49a2d2585 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -99,6 +99,7 @@ static bool has_msr_smi_count; + static bool has_msr_arch_capabs; + static bool has_msr_core_capabs; + static bool has_msr_vmx_vmfunc; ++static bool has_msr_ucode_rev; + static bool has_msr_vmx_procbased_ctls2; + + static uint32_t has_architectural_pmu_version; +@@ -1985,6 +1986,9 @@ static int kvm_get_supported_msrs(KVMState *s) + case MSR_IA32_VMX_VMFUNC: + has_msr_vmx_vmfunc = true; + break; ++ case MSR_IA32_UCODE_REV: ++ has_msr_ucode_rev = true; ++ break; + case MSR_IA32_VMX_PROCBASED_CTLS2: + has_msr_vmx_procbased_ctls2 = true; + break; +@@ -2628,8 +2632,7 @@ static void kvm_init_msrs(X86CPU *cpu) + env->features[FEAT_CORE_CAPABILITY]); + } + +- if (kvm_arch_get_supported_msr_feature(kvm_state, +- MSR_IA32_UCODE_REV)) { ++ if (has_msr_ucode_rev) { + kvm_msr_entry_add(cpu, MSR_IA32_UCODE_REV, cpu->ucode_rev); + } + +-- +2.27.0 + -- Gitee From 02150b62a8e52e167e9dd8df6fa56acfb1e3eeac Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Fri, 23 Jul 2021 11:28:28 +0800 Subject: [PATCH 5/6] spec: Update patch and changelog with !171 i386: backport qemu-4.1 bugfix !171 vl: Don't mismatch g_strsplit()/g_free() seqlock: fix seqlock_write_unlock_impl function target/i386: kvm: initialize microcode revision from KVM target/i386: check for availability of MSR_IA32_UCODE_REV as an emulated MSR Signed-off-by: Chen Qun --- qemu.spec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/qemu.spec b/qemu.spec index c809b46..93f1558 100644 --- a/qemu.spec +++ b/qemu.spec @@ -410,6 +410,10 @@ Patch0397: blockdev-unify-qmp_blockdev_backup-and-blockdev-back.patch Patch0398: blockdev-honor-bdrv_try_set_aio_context-context-requ.patch Patch0399: blockdev-Return-bs-to-the-proper-context-on-snapshot.patch Patch0400: block-Fix-cross-AioContext-blockdev-snapshot.patch +Patch0401: vl-Don-t-mismatch-g_strsplit-g_free.patch +Patch0402: seqlock-fix-seqlock_write_unlock_impl-function.patch +Patch0403: target-i386-kvm-initialize-microcode-revision-from-K.patch +Patch0404: target-i386-check-for-availability-of-MSR_IA32_UCODE.patch BuildRequires: flex BuildRequires: gcc @@ -804,6 +808,12 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Fri Jul 23 2021 Chen Qun +- vl: Don't mismatch g_strsplit()/g_free() +- seqlock: fix seqlock_write_unlock_impl function +- target/i386: kvm: initialize microcode revision from KVM +- target/i386: check for availability of MSR_IA32_UCODE_REV as an emulated MSR + * Thu Jul 22 2021 Chen Qun - qapi/block-core: Introduce BackupCommon - drive-backup: create do_backup_common -- Gitee From 360c933e515246a8ff1f695d2399a0e9658a1a2c Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Fri, 23 Jul 2021 11:28:28 +0800 Subject: [PATCH 6/6] spec: Update release version with !171 increase release verison by one Signed-off-by: Chen Qun --- qemu.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu.spec b/qemu.spec index 93f1558..b2ecc25 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 4.1.0 -Release: 69 +Release: 70 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 -- Gitee