From f5dd3371d31cf32ae3f96a1b17353a6d1c8d180d Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Tue, 1 Mar 2022 20:12:12 +0800 Subject: [PATCH 1/5] scsi-bus: fix unmatched object_unref() Fix commit 391dd8f1("scsi-bus: Refactor the code that retries requests"), which split scsi_dma_restart_bh(), but the object_unref() belongs to scsi_dma_restart_bh(). So, we should mv object_unref() from scsi_retry_requests() to scsi_dma_restart_bh(). Signed-off-by: Yan Wang --- scsi-bus-fix-unmatched-object_unref.patch | 42 +++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 scsi-bus-fix-unmatched-object_unref.patch diff --git a/scsi-bus-fix-unmatched-object_unref.patch b/scsi-bus-fix-unmatched-object_unref.patch new file mode 100644 index 0000000..0cb39a0 --- /dev/null +++ b/scsi-bus-fix-unmatched-object_unref.patch @@ -0,0 +1,42 @@ +From 239ffdcf42e0795b5f025f87fa19ce01642811f2 Mon Sep 17 00:00:00 2001 +From: Yan Wang +Date: Tue, 1 Mar 2022 20:12:12 +0800 +Subject: [PATCH] scsi-bus: fix unmatched object_unref() + +Fix commit 391dd8f1("scsi-bus: Refactor the code that retries requests"), +which split scsi_dma_restart_bh(), but the object_unref() belongs to +scsi_dma_restart_bh(). +So, we should mv object_unref() from scsi_retry_requests() to +scsi_dma_restart_bh(). + +Signed-off-by: Yan Wang +--- + hw/scsi/scsi-bus.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c +index 5e6f891b9d..9d37f490ce 100644 +--- a/hw/scsi/scsi-bus.c ++++ b/hw/scsi/scsi-bus.c +@@ -166,8 +166,6 @@ void scsi_retry_requests(SCSIDevice *s) + scsi_req_unref(req); + } + aio_context_release(blk_get_aio_context(s->conf.blk)); +- /* Drop the reference that was acquired in scsi_dma_restart_cb */ +- object_unref(OBJECT(s)); + } + + static void scsi_dma_restart_bh(void *opaque) +@@ -178,6 +176,9 @@ static void scsi_dma_restart_bh(void *opaque) + s->bh = NULL; + + scsi_retry_requests(s); ++ ++ /* Drop the reference that was acquired in scsi_dma_restart_cb */ ++ object_unref(OBJECT(s)); + } + + void scsi_req_retry(SCSIRequest *req) +-- +2.27.0 + -- Gitee From 1746f59d294b36eb03315e6f24cb2773851b2cca Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Thu, 3 Mar 2022 14:25:36 +0800 Subject: [PATCH 2/5] =?UTF-8?q?spec:=20Update=20patch=20and=20changelog=20?= =?UTF-8?q?with=20!263=20=E3=80=906.2.0=E3=80=91=E4=BF=AE=E6=94=B9object?= =?UTF-8?q?=5Funref=E5=AF=BC=E8=87=B4=E7=9A=84abort=E9=97=AE=E9=A2=98=20?= =?UTF-8?q?=20!263?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit scsi-bus: fix unmatched object_unref() Signed-off-by: Chen Qun --- qemu.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/qemu.spec b/qemu.spec index dc47aff..25ade9a 100644 --- a/qemu.spec +++ b/qemu.spec @@ -232,6 +232,7 @@ Patch0218: qcow2-fix-memory-leak-in-qcow2_read_extensions.patch Patch0219: scsi-disk-define-props-in-scsi_block_disk-to-avoid-m.patch Patch0220: pcie-Add-pcie-root-port-fast-plug-unplug-feature.patch Patch0221: pcie-Compat-with-devices-which-do-not-support-Link-W.patch +Patch0222: scsi-bus-fix-unmatched-object_unref.patch BuildRequires: flex BuildRequires: gcc @@ -679,6 +680,9 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Thu Mar 03 2022 Chen Qun +- scsi-bus: fix unmatched object_unref() + * Sat Feb 26 2022 Yan Wang - pl011-reset-read-FIFO-when-UARTTIMSC-0-UARTICR-0xfff.patch - qcow2-fix-memory-leak-in-qcow2_read_extensions.patch -- Gitee From 5adc56532cff5dabb2f46846ec2af38eb7acabc9 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Wed, 9 Feb 2022 12:14:56 +0100 Subject: [PATCH 3/5] tools/virtiofsd: Add rseq syscall to the seccomp allowlist The virtiofsd currently crashes when used with glibc 2.35. That is due to the rseq system call being added to every thread creation [1][2]. [1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/ [2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html This happens not at daemon start, but when a guest connects /usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \ -o source=/var/guests/j-virtiofs --socket-group=kvm virtio_session_mount: Waiting for vhost-user socket connection... # start ok, now guest will connect virtio_session_mount: Received vhost-user socket connection virtio_loop: Entry fv_queue_set_started: qidx=0 started=1 fv_queue_set_started: qidx=1 started=1 Bad system call (core dumped) We have to put rseq on the seccomp allowlist to avoid that the daemon is crashing in this case. Reported-by: Michael Hudson-Doyle Signed-off-by: Christian Ehrhardt Reviewed-by: Dr. David Alan Gilbert Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com [Moved rseq to its alphabetically ordered position in the seccomp allowlist. --Stefan] Signed-off-by: Stefan Hajnoczi Signed-off-by: qinyu --- ...Add-rseq-syscall-to-the-seccomp-allo.patch | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 tools-virtiofsd-Add-rseq-syscall-to-the-seccomp-allo.patch diff --git a/tools-virtiofsd-Add-rseq-syscall-to-the-seccomp-allo.patch b/tools-virtiofsd-Add-rseq-syscall-to-the-seccomp-allo.patch new file mode 100644 index 0000000..b59ef0f --- /dev/null +++ b/tools-virtiofsd-Add-rseq-syscall-to-the-seccomp-allo.patch @@ -0,0 +1,58 @@ +From 5ca1beec7030b5d9fea36eb4f037d4e0e6c260bd Mon Sep 17 00:00:00 2001 +From: Christian Ehrhardt +Date: Wed, 9 Feb 2022 12:14:56 +0100 +Subject: [PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist + +The virtiofsd currently crashes when used with glibc 2.35. +That is due to the rseq system call being added to every thread +creation [1][2]. + +[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/ +[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html + +This happens not at daemon start, but when a guest connects + + /usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \ + -o source=/var/guests/j-virtiofs --socket-group=kvm + virtio_session_mount: Waiting for vhost-user socket connection... + # start ok, now guest will connect + virtio_session_mount: Received vhost-user socket connection + virtio_loop: Entry + fv_queue_set_started: qidx=0 started=1 + fv_queue_set_started: qidx=1 started=1 + Bad system call (core dumped) + +We have to put rseq on the seccomp allowlist to avoid that the daemon +is crashing in this case. + +Reported-by: Michael Hudson-Doyle +Signed-off-by: Christian Ehrhardt +Reviewed-by: Dr. David Alan Gilbert +Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com + +[Moved rseq to its alphabetically ordered position in the seccomp +allowlist. +--Stefan] +Signed-off-by: Stefan Hajnoczi +Signed-off-by: qinyu +--- + tools/virtiofsd/passthrough_seccomp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c +index a3ce9f898d..2bc0127b69 100644 +--- a/tools/virtiofsd/passthrough_seccomp.c ++++ b/tools/virtiofsd/passthrough_seccomp.c +@@ -91,6 +91,9 @@ static const int syscall_allowlist[] = { + SCMP_SYS(renameat2), + SCMP_SYS(removexattr), + SCMP_SYS(restart_syscall), ++#ifdef __NR_rseq ++ SCMP_SYS(rseq), /* required since glibc 2.35 */ ++#endif + SCMP_SYS(rt_sigaction), + SCMP_SYS(rt_sigprocmask), + SCMP_SYS(rt_sigreturn), +-- +2.27.0 + -- Gitee From 61984a8b0ea8053aa9f77abd5cd7181554934ac1 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Thu, 3 Mar 2022 14:25:39 +0800 Subject: [PATCH 4/5] spec: Update patch and changelog with !264 tools/virtiofsd: Add rseq syscall to the seccomp allowlist !264 tools/virtiofsd: Add rseq syscall to the seccomp allowlist Signed-off-by: Chen Qun --- qemu.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/qemu.spec b/qemu.spec index 25ade9a..61bc32a 100644 --- a/qemu.spec +++ b/qemu.spec @@ -233,6 +233,7 @@ Patch0219: scsi-disk-define-props-in-scsi_block_disk-to-avoid-m.patch Patch0220: pcie-Add-pcie-root-port-fast-plug-unplug-feature.patch Patch0221: pcie-Compat-with-devices-which-do-not-support-Link-W.patch Patch0222: scsi-bus-fix-unmatched-object_unref.patch +Patch0223: tools-virtiofsd-Add-rseq-syscall-to-the-seccomp-allo.patch BuildRequires: flex BuildRequires: gcc @@ -680,6 +681,9 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Thu Mar 03 2022 Chen Qun +- tools/virtiofsd: Add rseq syscall to the seccomp allowlist + * Thu Mar 03 2022 Chen Qun - scsi-bus: fix unmatched object_unref() -- Gitee From 938a64b72971f70d6030dc16c4cf645feeef6992 Mon Sep 17 00:00:00 2001 From: Chen Qun Date: Thu, 3 Mar 2022 14:25:45 +0800 Subject: [PATCH 5/5] spec: Update release version with !263 !264 increase release verison by one Signed-off-by: Chen Qun --- qemu.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu.spec b/qemu.spec index 61bc32a..b476bf2 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 6.2.0 -Release: 22 +Release: 23 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 -- Gitee