From 8c1f6715cf8fb26810b4d2e829d449a0066d038f Mon Sep 17 00:00:00 2001
From: jiangdongxu <jiangdongxu1@huawei.com>
Date: Sat, 12 Feb 2022 14:43:36 +0800
Subject: [PATCH] backport seabios bugfix patches

seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch:
be16_to_cpu(scsi_lun->lun[i]) is 16 bits and left shifting by more than 16
will have undefined behaviour. convert it to u64 before shifting.

seabios-do-not-give-back-high-ram.patch:
fix bug of Oracle 6 and 7 series virtual machines using the high ram returned by
sebios.

seabios-drop-yield-in-smp_setup.patch:
Fix SeaBIOS stuck problem becuase SeaBIOS open hardware interrupt
by invoking yield(). That's dangerous and unnecessary. Let's drop
it, and make the processing of setup smp more security in SeaBIOS.

seabios-fix-memory-leak-when-pci-check.patch:
fix code memory leak when pci check failed
free busses memory when pci_bios_check_devices function returns error in pci_setup()

seabios-increase-the-seabios-high-mem-zone-size.patch:
In terms of version and specification, under the maximum configuration
specification of the number of vcpus, virtio blocks and other features,
there exists bottleneck in seabios high_mem_zone, which results in the
memory application failure and causes the vm to fail to start.
Increase BUILD_MAX_HIGHTABLE to 512k.

seabios-increase-the-seabios-minibiostable.patch:
Increase the BUILD_MIN_BIOSTABLE to 4096;
support 25 virtio-blk(data) + 1 virtio-scsi(sys) + 1 virtio-net
Increase the BUILD_MIN_BIOSTABLE to 5120;
support 18 virtio-scsi while vm starts with IDE boot disk

Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
---
 qemu.spec                                     | 16 ++++++-
 ...value-of-be16_to_cpu-to-u64-before-s.patch | 31 +++++++++++++
 seabios-do-not-give-back-high-ram.patch       | 43 +++++++++++++++++++
 seabios-drop-yield-in-smp_setup.patch         | 39 +++++++++++++++++
 seabios-fix-memory-leak-when-pci-check.patch  | 34 +++++++++++++++
 ...rease-the-seabios-high-mem-zone-size.patch | 34 +++++++++++++++
 ...s-increase-the-seabios-minibiostable.patch | 33 ++++++++++++++
 7 files changed, 229 insertions(+), 1 deletion(-)
 create mode 100644 seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch
 create mode 100644 seabios-do-not-give-back-high-ram.patch
 create mode 100644 seabios-drop-yield-in-smp_setup.patch
 create mode 100644 seabios-fix-memory-leak-when-pci-check.patch
 create mode 100644 seabios-increase-the-seabios-high-mem-zone-size.patch
 create mode 100644 seabios-increase-the-seabios-minibiostable.patch

diff --git a/qemu.spec b/qemu.spec
index b52cf7b..c5e8a20 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 6.2.0
-Release: 9
+Release: 10
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@@ -78,6 +78,12 @@ Patch0065: freeclock-set-rtc_date_diff-for-X86.patch
 Patch0066: hw-usb-reduce-the-vpcu-cost-of-UHCI-when-VNC-disconn.patch
 Patch0067: hw-net-rocker-fix-security-vulnerability.patch
 Patch0068: tests-Disable-filemonitor-testcase.patch
+Patch0069: seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch
+Patch0070: seabios-do-not-give-back-high-ram.patch
+Patch0071: seabios-drop-yield-in-smp_setup.patch
+Patch0072: seabios-fix-memory-leak-when-pci-check.patch
+Patch0073: seabios-increase-the-seabios-high-mem-zone-size.patch
+Patch0074: seabios-increase-the-seabios-minibiostable.patch
 
 BuildRequires: flex
 BuildRequires: gcc
@@ -522,6 +528,14 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Sat Feb 12 2022 jiangdongxu <jiangdongxu1@huawei.com>
+- seabios: convert value of be16_to_cpu to u64 before shifting
+- seabios: do not give back high ram
+- seabios: fix memory leak when pci check
+- seabios: drop yield() in smp_setup()
+- seabios: increase the seabios minibiostable
+- seabios: increase the seabios high mem zone size
+
 * Fri Feb 11 2022 Chen Qun <kuhn.chenqun@huawei.com>
 - hw/net/rocker: fix security vulnerability
 - tests: Disable filemonitor testcase
diff --git a/seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch b/seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch
new file mode 100644
index 0000000..be0218f
--- /dev/null
+++ b/seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch
@@ -0,0 +1,31 @@
+From c2ec0efb903e27f83cb9a54041764f76e2e1d390 Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Fri, 11 Feb 2022 16:12:21 +0800
+Subject: [PATCH 1/6] seabios: convert value of be16_to_cpu to u64 before
+ shifting
+
+be16_to_cpu(scsi_lun->lun[i]) is 16 bits and left shifting by more than 16 will have undefined behaviour.
+convert it to u64 before shifting.
+
+Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ roms/seabios/src/hw/blockcmd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/roms/seabios/src/hw/blockcmd.c b/roms/seabios/src/hw/blockcmd.c
+index 6b6fea9707..af6d33544f 100644
+--- a/roms/seabios/src/hw/blockcmd.c
++++ b/roms/seabios/src/hw/blockcmd.c
+@@ -210,7 +210,7 @@ static u64 scsilun2u64(struct scsi_lun *scsi_lun)
+     int i;
+     u64 ret = 0;
+     for (i = 0; i < ARRAY_SIZE(scsi_lun->lun); i++)
+-        ret |= be16_to_cpu(scsi_lun->lun[i]) << (16 * i);
++        ret |= (u64)be16_to_cpu(scsi_lun->lun[i]) << (16 * i);
+     return ret;
+ }
+ 
+-- 
+2.27.0
+
diff --git a/seabios-do-not-give-back-high-ram.patch b/seabios-do-not-give-back-high-ram.patch
new file mode 100644
index 0000000..df40892
--- /dev/null
+++ b/seabios-do-not-give-back-high-ram.patch
@@ -0,0 +1,43 @@
+From 74f052de33cb14d7a1656079a53102a7cbbb6e75 Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Fri, 11 Feb 2022 16:16:05 +0800
+Subject: [PATCH 2/6] seabios: do not give back high ram
+
+Oracle 6 and 7 series virtual machines will use the high ram returned by
+sebios. Since these high ram will not be initialized before kernel used,
+this will cause a system exception. This patch removes the logic for
+returning high ram, making the virtual machine will not use this part
+of the memory, thus avoiding this kernel bug.
+
+Signed-off-by: wangxin <wangxinxin.wang@huawei.com>
+Signed-off-by: Fangyi <eric.fangyi@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ roms/seabios/src/malloc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/roms/seabios/src/malloc.c b/roms/seabios/src/malloc.c
+index 3733855caf..5827a6523a 100644
+--- a/roms/seabios/src/malloc.c
++++ b/roms/seabios/src/malloc.c
+@@ -549,6 +549,9 @@ malloc_prepboot(void)
+     dprintf(1, "Space available for UMB: %x-%x, %x-%x\n"
+             , RomEnd, base, info->range_start, info->range_end);
+ 
++    // We should not give back unused high ram, to support some special
++    // guest OS, like oracle linux series.
++#ifdef HIGH_MEM_BACK
+     // Give back unused high ram.
+     info = alloc_find_lowest(&ZoneHigh);
+     if (info) {
+@@ -556,6 +559,7 @@ malloc_prepboot(void)
+         e820_add(info->range_start, giveback, E820_RAM);
+         dprintf(1, "Returned %d bytes of ZoneHigh\n", giveback);
+     }
++#endif
+ 
+     calcRamSize();
+ }
+-- 
+2.27.0
+
diff --git a/seabios-drop-yield-in-smp_setup.patch b/seabios-drop-yield-in-smp_setup.patch
new file mode 100644
index 0000000..1c55aa0
--- /dev/null
+++ b/seabios-drop-yield-in-smp_setup.patch
@@ -0,0 +1,39 @@
+From 1a8defda890d6fe3efe2238cff1ef2ae6ca8928c Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Fri, 11 Feb 2022 16:31:25 +0800
+Subject: [PATCH 4/6] seabios: drop yield() in smp_setup()
+
+Fix SeaBIOS stuck problem becuase SeaBIOS open hardware interrupt
+by invoking yield(). That's dangerous and unnecessary. Let's drop
+it, and make the processing of setup smp more security in SeaBIOS.
+
+Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ roms/seabios/src/fw/smp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/roms/seabios/src/fw/smp.c b/roms/seabios/src/fw/smp.c
+index 46d1da1784..e5e407be0c 100644
+--- a/roms/seabios/src/fw/smp.c
++++ b/roms/seabios/src/fw/smp.c
+@@ -149,6 +149,7 @@ smp_scan(void)
+ 
+     // Wait for other CPUs to process the SIPI.
+     u16 expected_cpus_count = qemu_get_present_cpus_count();
++    dprintf(1,"expected_cpus_count=%d\n", expected_cpus_count);
+     while (expected_cpus_count != CountCPUs)
+         asm volatile(
+             // Release lock and allow other processors to use the stack.
+@@ -160,7 +161,7 @@ smp_scan(void)
+             "  jc 1b\n"
+             : "+m" (SMPLock), "+m" (SMPStack)
+             : : "cc", "memory");
+-    yield();
++    dprintf(1, "finish smp\n");
+ 
+     // Restore memory.
+     *(u64*)BUILD_AP_BOOT_ADDR = old;
+-- 
+2.27.0
+
diff --git a/seabios-fix-memory-leak-when-pci-check.patch b/seabios-fix-memory-leak-when-pci-check.patch
new file mode 100644
index 0000000..01d1ea0
--- /dev/null
+++ b/seabios-fix-memory-leak-when-pci-check.patch
@@ -0,0 +1,34 @@
+From 73cb83af0649f958bb31b5b76f46c164c6f2952c Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Fri, 11 Feb 2022 16:28:55 +0800
+Subject: [PATCH 3/6] seabios: fix memory leak when pci check
+
+fix code memory leak when pci check failed
+free busses memory when pci_bios_check_devices function returns error in pci_setup()
+
+Signed-off-by: liuxiangodng <liuxiangdong5@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ roms/seabios/src/fw/pciinit.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/roms/seabios/src/fw/pciinit.c b/roms/seabios/src/fw/pciinit.c
+index d25931bb05..9df35d05d1 100644
+--- a/roms/seabios/src/fw/pciinit.c
++++ b/roms/seabios/src/fw/pciinit.c
+@@ -1171,8 +1171,11 @@ pci_setup(void)
+         return;
+     }
+     memset(busses, 0, sizeof(*busses) * (MaxPCIBus + 1));
+-    if (pci_bios_check_devices(busses))
++    if (pci_bios_check_devices(busses)) {
++        dprintf(1, "pci_bios_check_devices(busses) failed!\n");
++        free(busses);
+         return;
++    }
+ 
+     dprintf(1, "=== PCI new allocation pass #2 ===\n");
+     pci_bios_map_devices(busses);
+-- 
+2.27.0
+
diff --git a/seabios-increase-the-seabios-high-mem-zone-size.patch b/seabios-increase-the-seabios-high-mem-zone-size.patch
new file mode 100644
index 0000000..01c16d1
--- /dev/null
+++ b/seabios-increase-the-seabios-high-mem-zone-size.patch
@@ -0,0 +1,34 @@
+From bf72a9439d06fe35e3c7246b60e1c5b7b8058459 Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Fri, 11 Feb 2022 16:34:23 +0800
+Subject: [PATCH 6/6] seabios: increase the seabios high mem zone size
+
+In terms of version and specification, under the maximum configuration
+specification of the number of vcpus, virtio blocks and other features,
+there exists bottleneck in seabios high_mem_zone, which results in the
+memory application failure and causes the vm to fail to start.
+
+Increase BUILD_MAX_HIGHTABLE to 512k.
+
+Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ roms/seabios/src/config.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/roms/seabios/src/config.h b/roms/seabios/src/config.h
+index 93c8dbc2d5..9abd43474e 100644
+--- a/roms/seabios/src/config.h
++++ b/roms/seabios/src/config.h
+@@ -17,7 +17,7 @@
+ // Maximum number of map entries in the e820 map
+ #define BUILD_MAX_E820 32
+ // Space to reserve in high-memory for tables
+-#define BUILD_MAX_HIGHTABLE (256*1024)
++#define BUILD_MAX_HIGHTABLE (512*1024)
+ // Largest supported externaly facing drive id
+ #define BUILD_MAX_EXTDRIVE 16
+ // Number of bytes the smbios may be and still live in the f-segment
+-- 
+2.27.0
+
diff --git a/seabios-increase-the-seabios-minibiostable.patch b/seabios-increase-the-seabios-minibiostable.patch
new file mode 100644
index 0000000..bd3cfa4
--- /dev/null
+++ b/seabios-increase-the-seabios-minibiostable.patch
@@ -0,0 +1,33 @@
+From 764113a4a24e1d842a45fb62fc09279c87057616 Mon Sep 17 00:00:00 2001
+From: jiangdongxu <jiangdongxu1@huawei.com>
+Date: Fri, 11 Feb 2022 16:33:04 +0800
+Subject: [PATCH 5/6] seabios: increase the seabios minibiostable
+
+Increase the BUILD_MIN_BIOSTABLE to 4096;
+support 25 virtio-blk(data) + 1 virtio-scsi(sys) + 1 virtio-net
+
+Increase the BUILD_MIN_BIOSTABLE to 5120;
+support 18 virtio-scsi while vm starts with IDE boot disk
+
+Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
+Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
+---
+ roms/seabios/scripts/layoutrom.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/roms/seabios/scripts/layoutrom.py b/roms/seabios/scripts/layoutrom.py
+index abebf0211f..e2732db8f9 100755
+--- a/roms/seabios/scripts/layoutrom.py
++++ b/roms/seabios/scripts/layoutrom.py
+@@ -66,7 +66,7 @@ def setSectionsStart(sections, endaddr, minalign=1, segoffset=0):
+ BUILD_ROM_START = 0xc0000
+ BUILD_LOWRAM_END = 0xa0000
+ # Space to reserve in f-segment for dynamic allocations
+-BUILD_MIN_BIOSTABLE = 2048
++BUILD_MIN_BIOSTABLE = 5120
+ 
+ # Layout the 16bit code.  This ensures sections with fixed offset
+ # requirements are placed in the correct location.  It also places the
+-- 
+2.27.0
+
-- 
Gitee