From 2c829127391eb030934f03fe51ad379cd4774755 Mon Sep 17 00:00:00 2001 From: Jiabo Feng Date: Fri, 22 Dec 2023 09:29:00 +0800 Subject: [PATCH] QEMU update to version 6.2.0-87(master) - vdpa: suspend function return 0 when the vdpa device is stopped - vdpa: don't suspend/resume device when vdpa device not started - vdpa: support vdpa device suspend/resume - vdpa: correct param passed in when unregister save - vdpa: set vring enable only if the vring address has already been set - shadow_dev: introduce shadow dev for virtio-net device - revert "tcg/loongarch64: Fix tcg_out_mov() Aborted" - migration: Set downtime_start even for postcopy - gdb-xml: fix duplicate register in arm-neon.xml - iotests: fix default machine type detection - migration: fix RAMBlock add NULL check - s390x: Fix spelling errors - ppc: spelling fixes - hw/scsi/vhost-scsi: don't double close vhostfd on error - virtio/vhost-vsock: don't double close vhostfd, remove redundant cleanup - hw/scsi/vhost-scsi: don't leak vqs on error - hw/i386/pc: Add missing property descriptions - pcie_aer: Don't trigger a LSI if none are defined - pci: Export the pci_intx() function - hw/qdev: Cosmetic around documentation - tests/unit: fix a -Wformat-truncation warning - tests/avocado: mark ReplayKernelNormal.test_mips64el_malta as flaky - i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit - ui/vnc-clipboard: fix inflate_buffer - hw/usb/hcd-xhci.c: spelling: tranfer Signed-off-by: Jiabo Feng (cherry picked from commit 68fee7dc06a6beb5f69d951e22a7f16091f269ff) --- ...x-duplicate-register-in-arm-neon.xml.patch | 36 +++ ...pc-Add-missing-property-descriptions.patch | 53 ++++ hw-qdev-Cosmetic-around-documentation.patch | 117 ++++++++ ...si-don-t-double-close-vhostfd-on-err.patch | 49 ++++ ...i-vhost-scsi-don-t-leak-vqs-on-error.patch | 55 ++++ hw-usb-hcd-xhci.c-spelling-tranfer.patch | 38 +++ ...EV-ES-crash-due-to-missing-MSR_EFER_.patch | 73 +++++ ...s-fix-default-machine-type-detection.patch | 40 +++ ...Set-downtime_start-even-for-postcopy.patch | 57 ++++ migration-fix-RAMBlock-add-NULL-check.patch | 41 +++ pci-Export-the-pci_intx-function.patch | 59 ++++ ...-t-trigger-a-LSI-if-none-are-defined.patch | 42 +++ ppc-spelling-fixes.patch | 271 ++++++++++++++++++ qemu.spec | 54 +++- ...-loongarch64-Fix-tcg_out_mov-Aborted.patch | 30 ++ s390x-Fix-spelling-errors.patch | 246 ++++++++++++++++ ...duce-shadow-dev-for-virtio-net-devic.patch | 195 +++++++++++++ ...rk-ReplayKernelNormal.test_mips64el_.patch | 48 ++++ ...nit-fix-a-Wformat-truncation-warning.patch | 53 ++++ ui-vnc-clipboard-fix-inflate_buffer.patch | 47 +++ ...param-passed-in-when-unregister-save.patch | 30 ++ ...nd-resume-device-when-vdpa-device-no.patch | 67 +++++ ...nable-only-if-the-vring-address-has-.patch | 44 +++ vdpa-support-vdpa-device-suspend-resume.patch | 119 ++++++++ ...ction-return-0-when-the-vdpa-device-.patch | 45 +++ ...ck-don-t-double-close-vhostfd-remove.patch | 57 ++++ 26 files changed, 1965 insertions(+), 1 deletion(-) create mode 100644 gdb-xml-fix-duplicate-register-in-arm-neon.xml.patch create mode 100644 hw-i386-pc-Add-missing-property-descriptions.patch create mode 100644 hw-qdev-Cosmetic-around-documentation.patch create mode 100644 hw-scsi-vhost-scsi-don-t-double-close-vhostfd-on-err.patch create mode 100644 hw-scsi-vhost-scsi-don-t-leak-vqs-on-error.patch create mode 100644 hw-usb-hcd-xhci.c-spelling-tranfer.patch create mode 100644 i386-sev-Avoid-SEV-ES-crash-due-to-missing-MSR_EFER_.patch create mode 100644 iotests-fix-default-machine-type-detection.patch create mode 100644 migration-Set-downtime_start-even-for-postcopy.patch create mode 100644 migration-fix-RAMBlock-add-NULL-check.patch create mode 100644 pci-Export-the-pci_intx-function.patch create mode 100644 pcie_aer-Don-t-trigger-a-LSI-if-none-are-defined.patch create mode 100644 ppc-spelling-fixes.patch create mode 100644 revert-tcg-loongarch64-Fix-tcg_out_mov-Aborted.patch create mode 100644 s390x-Fix-spelling-errors.patch create mode 100644 shadow_dev-introduce-shadow-dev-for-virtio-net-devic.patch create mode 100644 tests-avocado-mark-ReplayKernelNormal.test_mips64el_.patch create mode 100644 tests-unit-fix-a-Wformat-truncation-warning.patch create mode 100644 ui-vnc-clipboard-fix-inflate_buffer.patch create mode 100644 vdpa-correct-param-passed-in-when-unregister-save.patch create mode 100644 vdpa-don-t-suspend-resume-device-when-vdpa-device-no.patch create mode 100644 vdpa-set-vring-enable-only-if-the-vring-address-has-.patch create mode 100644 vdpa-support-vdpa-device-suspend-resume.patch create mode 100644 vdpa-suspend-function-return-0-when-the-vdpa-device-.patch create mode 100644 virtio-vhost-vsock-don-t-double-close-vhostfd-remove.patch diff --git a/gdb-xml-fix-duplicate-register-in-arm-neon.xml.patch b/gdb-xml-fix-duplicate-register-in-arm-neon.xml.patch new file mode 100644 index 00000000..792af946 --- /dev/null +++ b/gdb-xml-fix-duplicate-register-in-arm-neon.xml.patch @@ -0,0 +1,36 @@ +From 7010b0dd1b6f27b14a0c02c81944513fbd60deab Mon Sep 17 00:00:00 2001 +From: jipengfei_yewu +Date: Mon, 18 Dec 2023 09:58:38 +0000 +Subject: [PATCH] gdb-xml: fix duplicate register in arm-neon.xml +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from 940bb5fa9ca9f71fcc0d06e9de9ac3ab7415d0f2 + +Signed-off-by: jipengfei_yewu +Reviewed-by: Richard Henderson +Fixes: 56aebc8916 ("Add GDB XML register description support") +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Alex Bennée +Message-Id: <20231106185112.2755262-3-alex.bennee@linaro.org> +--- + gdb-xml/arm-neon.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdb-xml/arm-neon.xml b/gdb-xml/arm-neon.xml +index 9dce0a996f..d61f6b8549 100644 +--- a/gdb-xml/arm-neon.xml ++++ b/gdb-xml/arm-neon.xml +@@ -76,7 +76,7 @@ + + + +- ++ + + + +-- +2.27.0 + diff --git a/hw-i386-pc-Add-missing-property-descriptions.patch b/hw-i386-pc-Add-missing-property-descriptions.patch new file mode 100644 index 00000000..d5e699cb --- /dev/null +++ b/hw-i386-pc-Add-missing-property-descriptions.patch @@ -0,0 +1,53 @@ +From 5ce3662809ab7a594fcbe024eb81416e8556f5ea Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Thu, 7 Dec 2023 19:13:02 +0800 +Subject: [PATCH] hw/i386/pc: Add missing property descriptions + +cherry picked from 44bff3767ced18845adb2612a2cf9691d8769d41 + +When running "qemu-system-x86_64 -M pc,help" I noticed that some +properties were still missing their description. Add them now so +that users get at least a slightly better idea what they are all +about. + +Signed-off-by: Thomas Huth +Message-Id: <20211206134255.94784-1-thuth@redhat.com> +Reviewed-by: Igor Mammedov +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: boringandboring +--- + hw/i386/pc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/i386/pc.c b/hw/i386/pc.c +index c5f430f83d..7003ea1a05 100644 +--- a/hw/i386/pc.c ++++ b/hw/i386/pc.c +@@ -1726,15 +1726,23 @@ static void pc_machine_class_init(ObjectClass *oc, void *data) + + object_class_property_add_bool(oc, PC_MACHINE_SMBUS, + pc_machine_get_smbus, pc_machine_set_smbus); ++ object_class_property_set_description(oc, PC_MACHINE_SMBUS, ++ "Enable/disable system management bus"); + + object_class_property_add_bool(oc, PC_MACHINE_SATA, + pc_machine_get_sata, pc_machine_set_sata); ++ object_class_property_set_description(oc, PC_MACHINE_SATA, ++ "Enable/disable Serial ATA bus"); + + object_class_property_add_bool(oc, PC_MACHINE_PIT, + pc_machine_get_pit, pc_machine_set_pit); ++ object_class_property_set_description(oc, PC_MACHINE_PIT, ++ "Enable/disable Intel 8254 programmable interval timer emulation"); + + object_class_property_add_bool(oc, "hpet", + pc_machine_get_hpet, pc_machine_set_hpet); ++ object_class_property_set_description(oc, "hpet", ++ "Enable/disable high precision event timer emulation"); + + object_class_property_add_bool(oc, "default-bus-bypass-iommu", + pc_machine_get_default_bus_bypass_iommu, +-- +2.27.0 + diff --git a/hw-qdev-Cosmetic-around-documentation.patch b/hw-qdev-Cosmetic-around-documentation.patch new file mode 100644 index 00000000..cacee6c6 --- /dev/null +++ b/hw-qdev-Cosmetic-around-documentation.patch @@ -0,0 +1,117 @@ +From 14c2249a3caa3afc6252ac61fb700378c4d32a40 Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Thu, 7 Dec 2023 11:13:33 +0800 +Subject: [PATCH] hw/qdev: Cosmetic around documentation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from 694804ed7b26e66e114a2330887187d697a0d92b + +Add empty lines to have a clearer distinction between different +functions declarations. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Yanan Wang +Message-Id: <20211218130437.1516929-2-f4bug@amsat.org> +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: boringandboring +--- + include/hw/qdev-core.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h +index 20d3066595..59a822ffce 100644 +--- a/include/hw/qdev-core.h ++++ b/include/hw/qdev-core.h +@@ -321,6 +321,7 @@ compat_props_add(GPtrArray *arr, + * The returned object has a reference count of 1. + */ + DeviceState *qdev_new(const char *name); ++ + /** + * qdev_try_new: Try to create a device on the heap + * @name: device type to create +@@ -329,6 +330,7 @@ DeviceState *qdev_new(const char *name); + * does not exist, rather than asserting. + */ + DeviceState *qdev_try_new(const char *name); ++ + /** + * qdev_realize: Realize @dev. + * @dev: device to realize +@@ -347,6 +349,7 @@ DeviceState *qdev_try_new(const char *name); + * qdev_realize_and_unref() instead. + */ + bool qdev_realize(DeviceState *dev, BusState *bus, Error **errp); ++ + /** + * qdev_realize_and_unref: Realize @dev and drop a reference + * @dev: device to realize +@@ -372,6 +375,7 @@ bool qdev_realize(DeviceState *dev, BusState *bus, Error **errp); + * would be incorrect. For that use case you want qdev_realize(). + */ + bool qdev_realize_and_unref(DeviceState *dev, BusState *bus, Error **errp); ++ + /** + * qdev_unrealize: Unrealize a device + * @dev: device to unrealize +@@ -450,6 +454,7 @@ typedef enum { + * For named input GPIO lines, use qdev_get_gpio_in_named(). + */ + qemu_irq qdev_get_gpio_in(DeviceState *dev, int n); ++ + /** + * qdev_get_gpio_in_named: Get one of a device's named input GPIO lines + * @dev: Device whose GPIO we want +@@ -497,6 +502,7 @@ qemu_irq qdev_get_gpio_in_named(DeviceState *dev, const char *name, int n); + * For named output GPIO lines, use qdev_connect_gpio_out_named(). + */ + void qdev_connect_gpio_out(DeviceState *dev, int n, qemu_irq pin); ++ + /** + * qdev_connect_gpio_out: Connect one of a device's anonymous output GPIO lines + * @dev: Device whose GPIO to connect +@@ -524,6 +530,7 @@ void qdev_connect_gpio_out(DeviceState *dev, int n, qemu_irq pin); + */ + void qdev_connect_gpio_out_named(DeviceState *dev, const char *name, int n, + qemu_irq pin); ++ + /** + * qdev_get_gpio_out_connector: Get the qemu_irq connected to an output GPIO + * @dev: Device whose output GPIO we are interested in +@@ -541,6 +548,7 @@ void qdev_connect_gpio_out_named(DeviceState *dev, const char *name, int n, + * by the platform-bus subsystem. + */ + qemu_irq qdev_get_gpio_out_connector(DeviceState *dev, const char *name, int n); ++ + /** + * qdev_intercept_gpio_out: Intercept an existing GPIO connection + * @dev: Device to intercept the outbound GPIO line from +@@ -582,6 +590,7 @@ BusState *qdev_get_child_bus(DeviceState *dev, const char *name); + * hold of an input GPIO line to manipulate it. + */ + void qdev_init_gpio_in(DeviceState *dev, qemu_irq_handler handler, int n); ++ + /** + * qdev_init_gpio_out: create an array of anonymous output GPIO lines + * @dev: Device to create output GPIOs for +@@ -610,6 +619,7 @@ void qdev_init_gpio_in(DeviceState *dev, qemu_irq_handler handler, int n); + * handler. + */ + void qdev_init_gpio_out(DeviceState *dev, qemu_irq *pins, int n); ++ + /** + * qdev_init_gpio_out: create an array of named output GPIO lines + * @dev: Device to create output GPIOs for +@@ -623,6 +633,7 @@ void qdev_init_gpio_out(DeviceState *dev, qemu_irq *pins, int n); + */ + void qdev_init_gpio_out_named(DeviceState *dev, qemu_irq *pins, + const char *name, int n); ++ + /** + * qdev_init_gpio_in_named_with_opaque: create an array of input GPIO lines + * for the specified device +-- +2.27.0 + diff --git a/hw-scsi-vhost-scsi-don-t-double-close-vhostfd-on-err.patch b/hw-scsi-vhost-scsi-don-t-double-close-vhostfd-on-err.patch new file mode 100644 index 00000000..84db1805 --- /dev/null +++ b/hw-scsi-vhost-scsi-don-t-double-close-vhostfd-on-err.patch @@ -0,0 +1,49 @@ +From 69f5f16cee63b0d07ee612b59a0d125780c13bdb Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Fri, 8 Dec 2023 09:13:42 +0800 +Subject: [PATCH] hw/scsi/vhost-scsi: don't double close vhostfd on error + +cherry picked from 539ba1acacb11a0f27a7e7ff7e2a7c1294e0a1ea + +vhost_dev_init calls vhost_dev_cleanup on error, which closes vhostfd, +don't double close it. + +Signed-off-by: Daniil Tatianin +Message-Id: <20211129132358.1110372-2-d-tatianin@yandex-team.ru> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: boringandboring +--- + hw/scsi/vhost-scsi.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c +index b0a9c45e43..5536cc8a88 100644 +--- a/hw/scsi/vhost-scsi.c ++++ b/hw/scsi/vhost-scsi.c +@@ -220,6 +220,11 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) + ret = vhost_dev_init(&vsc->dev, (void *)(uintptr_t)vhostfd, + VHOST_BACKEND_TYPE_KERNEL, 0, errp); + if (ret < 0) { ++ /* ++ * vhost_dev_init calls vhost_dev_cleanup on error, which closes ++ * vhostfd, don't double close it. ++ */ ++ vhostfd = -1; + goto free_vqs; + } + +@@ -240,7 +245,9 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) + error_free(vsc->migration_blocker); + virtio_scsi_common_unrealize(dev); + close_fd: +- close(vhostfd); ++ if (vhostfd >= 0) { ++ close(vhostfd); ++ } + return; + } + +-- +2.27.0 + diff --git a/hw-scsi-vhost-scsi-don-t-leak-vqs-on-error.patch b/hw-scsi-vhost-scsi-don-t-leak-vqs-on-error.patch new file mode 100644 index 00000000..5d898ce5 --- /dev/null +++ b/hw-scsi-vhost-scsi-don-t-leak-vqs-on-error.patch @@ -0,0 +1,55 @@ +From ad55425ad09197b443c150828ac16dbf4242141f Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Thu, 7 Dec 2023 19:45:33 +0800 +Subject: [PATCH] hw/scsi/vhost-scsi: don't leak vqs on error + +cherry picked from b259772afc29ef6af4e911d8e695dd7e2ed31066 + +vhost_dev_init calls vhost_dev_cleanup in case of an error during +initialization, which zeroes out the entire vsc->dev as well as the +vsc->dev.vqs pointer. This prevents us from properly freeing it in free_vqs. +Keep a local copy of the pointer so we can free it later. + +Signed-off-by: Daniil Tatianin +Message-Id: <20211129132358.1110372-1-d-tatianin@yandex-team.ru> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: boringandboring +--- + hw/scsi/vhost-scsi.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c +index b0a9c45e43..2fbc7f039d 100644 +--- a/hw/scsi/vhost-scsi.c ++++ b/hw/scsi/vhost-scsi.c +@@ -170,6 +170,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) + Error *err = NULL; + int vhostfd = -1; + int ret; ++ struct vhost_virtqueue *vqs = NULL; + + if (!vs->conf.wwpn) { + error_setg(errp, "vhost-scsi: missing wwpn"); +@@ -213,7 +214,8 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) + } + + vsc->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues; +- vsc->dev.vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs); ++ vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs); ++ vsc->dev.vqs = vqs; + vsc->dev.vq_index = 0; + vsc->dev.backend_features = 0; + +@@ -232,7 +234,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) + return; + + free_vqs: +- g_free(vsc->dev.vqs); ++ g_free(vqs); + if (!vsc->migratable) { + migrate_del_blocker(vsc->migration_blocker); + } +-- +2.27.0 + diff --git a/hw-usb-hcd-xhci.c-spelling-tranfer.patch b/hw-usb-hcd-xhci.c-spelling-tranfer.patch new file mode 100644 index 00000000..c5a5189d --- /dev/null +++ b/hw-usb-hcd-xhci.c-spelling-tranfer.patch @@ -0,0 +1,38 @@ +From 755899cd2cb3d808717da99fa1447c3c81cc0dce Mon Sep 17 00:00:00 2001 +From: zhujun2 +Date: Thu, 7 Dec 2023 18:03:12 -0800 +Subject: [PATCH] hw/usb/hcd-xhci.c: spelling: tranfer + +mainline inclusion +commit d68640f515320bf38617b68c970b569997cf0444 +category: bugfix + +--------------------------------------------------------------- + +Fixes: effaf5a240e03020f4ae953e10b764622c3e87cc +Signed-off-by: Michael Tokarev +Reviewed-by: Thomas Huth +Reviewed-by: Stefan Weil +Message-Id: <20221105114851.306206-1-mjt@msgid.tls.msk.ru> +Signed-off-by: Gerd Hoffmann +Signed-off-by: zhujun2 +--- + hw/usb/hcd-xhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c +index ac02548dcf..40300e1bcd 100644 +--- a/hw/usb/hcd-xhci.c ++++ b/hw/usb/hcd-xhci.c +@@ -775,7 +775,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + */ + } while (length < TRB_LINK_LIMIT * 65536 / TRB_SIZE); + +- qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum tranfer ring size!\n", ++ qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum transfer ring size!\n", + __func__); + + return -1; +-- +2.27.0 + diff --git a/i386-sev-Avoid-SEV-ES-crash-due-to-missing-MSR_EFER_.patch b/i386-sev-Avoid-SEV-ES-crash-due-to-missing-MSR_EFER_.patch new file mode 100644 index 00000000..50fd9c46 --- /dev/null +++ b/i386-sev-Avoid-SEV-ES-crash-due-to-missing-MSR_EFER_.patch @@ -0,0 +1,73 @@ +From 92b95a2982e192b90b45a988afe81e253862690f Mon Sep 17 00:00:00 2001 +From: tangzhongrui +Date: Thu, 7 Dec 2023 20:06:08 +0800 +Subject: [PATCH] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA + bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + Commit 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") + added error checking for KVM_SET_SREGS/KVM_SET_SREGS2. In doing so, it + exposed a long-running bug in current KVM support for SEV-ES where the + kernel assumes that MSR_EFER_LMA will be set explicitly by the guest + kernel, in which case EFER write traps would result in KVM eventually + seeing MSR_EFER_LMA get set and recording it in such a way that it would + be subsequently visible when accessing it via KVM_GET_SREGS/etc. + + However, guest kernels currently rely on MSR_EFER_LMA getting set + automatically when MSR_EFER_LME is set and paging is enabled via + CR0_PG_MASK. As a result, the EFER write traps don't actually expose the + MSR_EFER_LMA bit, even though it is set internally, and when QEMU + subsequently tries to pass this EFER value back to KVM via + KVM_SET_SREGS* it will fail various sanity checks and return -EINVAL, + which is now considered fatal due to the aforementioned QEMU commit. + + This can be addressed by inferring the MSR_EFER_LMA bit being set when + paging is enabled and MSR_EFER_LME is set, and synthesizing it to ensure + the expected bits are all present in subsequent handling on the host + side. + + Ultimately, this handling will be implemented in the host kernel, but to + avoid breaking QEMU's SEV-ES support when using older host kernels, the + same handling can be done in QEMU just after fetching the register + values via KVM_GET_SREGS*. Implement that here. + + Cc: Paolo Bonzini + Cc: Marcelo Tosatti + Cc: Tom Lendacky + Cc: Akihiko Odaki + Cc: Philippe Mathieu-Daudé + Cc: Lara Lazier + Cc: Vitaly Kuznetsov + Cc: Maxim Levitsky + Cc: + Fixes: 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") + Signed-off-by: Michael Roth + Acked-by: Paolo Bonzini + Signed-off-by: Stefan Hajnoczi + Message-ID: <20231206155821.1194551-1-michael.roth@amd.com> + + Signed-off-by: Zhongrui Tang +--- + target/i386/kvm/kvm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 55ee75e844..54e48530ad 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -3420,6 +3420,10 @@ static int kvm_get_sregs(X86CPU *cpu) + env->cr[4] = sregs.cr4; + + env->efer = sregs.efer; ++ if (sev_es_enabled() && env->efer & MSR_EFER_LME && ++ env->cr[0] & CR0_PG_MASK) { ++ env->efer |= MSR_EFER_LMA; ++ } + + /* changes to apic base and cr8/tpr are read back via kvm_arch_post_run */ + x86_update_hflags(env); +-- +2.27.0 + diff --git a/iotests-fix-default-machine-type-detection.patch b/iotests-fix-default-machine-type-detection.patch new file mode 100644 index 00000000..47910b76 --- /dev/null +++ b/iotests-fix-default-machine-type-detection.patch @@ -0,0 +1,40 @@ +From 1c60628eef43847595723a65ff9fd57f38cc70de Mon Sep 17 00:00:00 2001 +From: jipengfei_yewu +Date: Mon, 18 Dec 2023 09:57:38 +0000 +Subject: [PATCH] iotests: fix default machine type detection + +The machine type is being detected based on "-M help" output, and we're +searching for the line ending with " (default)". However, in downstream +one of the machine types s marked as deprecated might become the +default, in which case this logic breaks as the line would now end with +" (default) (deprecated)". To fix potential issues here, let's relax +that requirement and detect the mere presence of " (default)" line +instead. + +cheery-pick from 3b7094fe8329c5c7bb0d685e1876aa30f59bece6 + +Signed-off-by: jipengfei_yewu +Signed-off-by: Andrey Drobyshev +Message-ID: <20231122121538.32903-1-andrey.drobyshev@virtuozzo.com> +Reviewed-by: Kevin Wolf +Signed-off-by: Kevin Wolf +--- + tests/qemu-iotests/testenv.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py +index 26ae6945cc..993e9c56be 100644 +--- a/tests/qemu-iotests/testenv.py ++++ b/tests/qemu-iotests/testenv.py +@@ -40,7 +40,7 @@ def get_default_machine(qemu_prog: str) -> str: + + machines = outp.split('\n') + try: +- default_machine = next(m for m in machines if m.endswith(' (default)')) ++ default_machine = next(m for m in machines if ' (default)' in m) + except StopIteration: + return '' + default_machine = default_machine.split(' ', 1)[0] +-- +2.27.0 + diff --git a/migration-Set-downtime_start-even-for-postcopy.patch b/migration-Set-downtime_start-even-for-postcopy.patch new file mode 100644 index 00000000..8aa72cb4 --- /dev/null +++ b/migration-Set-downtime_start-even-for-postcopy.patch @@ -0,0 +1,57 @@ +From 9708192479d7f6507392a338f8f43b3be4c8188d Mon Sep 17 00:00:00 2001 +From: qihao +Date: Mon, 18 Dec 2023 15:19:48 +0800 +Subject: [PATCH] migration: Set downtime_start even for postcopy + +cheery-pick from 62f5da7dd10a594fb30cebb5569dc738456f7131 + +Postcopy calculates its downtime separately. It always sets +MigrationState.downtime properly, but not MigrationState.downtime_start. + +Make postcopy do the same as other modes on properly recording the +timestamp when the VM is going to be stopped. Drop the temporary variable +in postcopy_start() along the way. + +Signed-off-by: Peter Xu +Reviewed-by: Fabiano Rosas +Reviewed-by: Juan Quintela +Signed-off-by: Juan Quintela +Message-ID: <20231030163346.765724-2-peterx@redhat.com> +Signed-off-by: qihao_yewu +--- + migration/migration.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/migration/migration.c b/migration/migration.c +index 6b5445853a..7ca5b58839 100644 +--- a/migration/migration.c ++++ b/migration/migration.c +@@ -2989,7 +2989,6 @@ static int postcopy_start(MigrationState *ms) + int ret; + QIOChannelBuffer *bioc; + QEMUFile *fb; +- int64_t time_at_stop = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); + int64_t bandwidth = migrate_max_postcopy_bandwidth(); + bool restart_block = false; + int cur_state = MIGRATION_STATUS_ACTIVE; +@@ -3002,6 +3001,8 @@ static int postcopy_start(MigrationState *ms) + qemu_mutex_lock_iothread(); + trace_postcopy_start_set_run(); + ++ ms->downtime_start = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); ++ + qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER, NULL); + global_state_store(); + ret = vm_stop_force_state(RUN_STATE_FINISH_MIGRATE); +@@ -3112,7 +3113,7 @@ static int postcopy_start(MigrationState *ms) + ms->postcopy_after_devices = true; + notifier_list_notify(&migration_state_notifiers, ms); + +- ms->downtime = qemu_clock_get_ms(QEMU_CLOCK_REALTIME) - time_at_stop; ++ ms->downtime = qemu_clock_get_ms(QEMU_CLOCK_REALTIME) - ms->downtime_start; + + qemu_mutex_unlock_iothread(); + +-- +2.27.0 + diff --git a/migration-fix-RAMBlock-add-NULL-check.patch b/migration-fix-RAMBlock-add-NULL-check.patch new file mode 100644 index 00000000..88cd6302 --- /dev/null +++ b/migration-fix-RAMBlock-add-NULL-check.patch @@ -0,0 +1,41 @@ +From 03569a14e7ae428bad59a4e11637c900ff436816 Mon Sep 17 00:00:00 2001 +From: jipengfei +Date: Mon, 18 Dec 2023 16:56:15 +0800 +Subject: [PATCH] migration: fix RAMBlock add NULL check + +qemu_ram_block_from_host() may return NULL, which will be dereferenced w/o +check. Usualy return value is checked for this function. +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +cheery-pick from f75ed59f40bed3ce94adad4b3ebbb7bfacfdf4ab + +Signed-off-by: jipengfei_yewu +Signed-off-by: Dmitry Frolov +Reviewed-by: Fabiano Rosas +Reviewed-by: Peter Xu +Reviewed-by: Juan Quintela +Signed-off-by: Juan Quintela +Message-ID: <20231010104851.802947-1-frolov@swemel.ru> +--- + migration/ram.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/migration/ram.c b/migration/ram.c +index 862955f5b2..c245b04cf2 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -4679,6 +4679,11 @@ static void ram_mig_ram_block_resized(RAMBlockNotifier *n, void *host, + RAMBlock *rb = qemu_ram_block_from_host(host, false, &offset); + Error *err = NULL; + ++ if (!rb) { ++ error_report("RAM block not found"); ++ return; ++ } ++ + if (ramblock_is_ignored(rb)) { + return; + } +-- +2.27.0 + diff --git a/pci-Export-the-pci_intx-function.patch b/pci-Export-the-pci_intx-function.patch new file mode 100644 index 00000000..732b6717 --- /dev/null +++ b/pci-Export-the-pci_intx-function.patch @@ -0,0 +1,59 @@ +From 0d74ea5e0426c6ebf8666e8b88469b838d03ea01 Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Thu, 7 Dec 2023 16:55:35 +0800 +Subject: [PATCH] pci: Export the pci_intx() function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from 2fedf46e34d2377760b2d26cf85487b772bca6fa + +Move the pci_intx() definition to the PCI header file, so that it can +be called from other PCI files. It is used by the next patch. + +Signed-off-by: Frederic Barrat +Message-Id: <20211116170133.724751-3-fbarrat@linux.ibm.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Cédric Le Goater +Signed-off-by: boringandboring +--- + hw/pci/pci.c | 5 ----- + include/hw/pci/pci.h | 5 +++++ + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/hw/pci/pci.c b/hw/pci/pci.c +index 7a62f0e1fc..9ea67dba31 100644 +--- a/hw/pci/pci.c ++++ b/hw/pci/pci.c +@@ -1504,11 +1504,6 @@ static void pci_irq_handler(void *opaque, int irq_num, int level) + pci_change_irq_level(pci_dev, irq_num, change); + } + +-static inline int pci_intx(PCIDevice *pci_dev) +-{ +- return pci_get_byte(pci_dev->config + PCI_INTERRUPT_PIN) - 1; +-} +- + qemu_irq pci_allocate_irq(PCIDevice *pci_dev) + { + int intx = pci_intx(pci_dev); +diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h +index 5b36334a28..483d5c7c72 100644 +--- a/include/hw/pci/pci.h ++++ b/include/hw/pci/pci.h +@@ -735,6 +735,11 @@ void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev); + qemu_irq pci_allocate_irq(PCIDevice *pci_dev); + void pci_set_irq(PCIDevice *pci_dev, int level); + ++static inline int pci_intx(PCIDevice *pci_dev) ++{ ++ return pci_get_byte(pci_dev->config + PCI_INTERRUPT_PIN) - 1; ++} ++ + static inline void pci_irq_assert(PCIDevice *pci_dev) + { + pci_set_irq(pci_dev, 1); +-- +2.27.0 + diff --git a/pcie_aer-Don-t-trigger-a-LSI-if-none-are-defined.patch b/pcie_aer-Don-t-trigger-a-LSI-if-none-are-defined.patch new file mode 100644 index 00000000..c4462b72 --- /dev/null +++ b/pcie_aer-Don-t-trigger-a-LSI-if-none-are-defined.patch @@ -0,0 +1,42 @@ +From 77633ce67c1cff764fe4951a6837462f51ace8aa Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Thu, 7 Dec 2023 17:00:28 +0800 +Subject: [PATCH] pcie_aer: Don't trigger a LSI if none are defined +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from 20766514d602c50b870ae943aaa8e5b9e2e8a161 + +Skip triggering an LSI when the AER root error status is updated if no +LSI is defined for the device. We can have a root bridge with no LSI, +MSI and MSI-X defined, for example on POWER systems. + +Signed-off-by: Frederic Barrat +Message-Id: <20211116170133.724751-4-fbarrat@linux.ibm.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Cédric Le Goater +Signed-off-by: boringandboring +--- + hw/pci/pcie_aer.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c +index 27f9cc56af..e1a8a88c8c 100644 +--- a/hw/pci/pcie_aer.c ++++ b/hw/pci/pcie_aer.c +@@ -774,7 +774,9 @@ void pcie_aer_root_write_config(PCIDevice *dev, + uint32_t root_cmd = pci_get_long(aer_cap + PCI_ERR_ROOT_COMMAND); + /* 6.2.4.1.2 Interrupt Generation */ + if (!msix_enabled(dev) && !msi_enabled(dev)) { +- pci_set_irq(dev, !!(root_cmd & enabled_cmd)); ++ if (pci_intx(dev) != -1) { ++ pci_set_irq(dev, !!(root_cmd & enabled_cmd)); ++ } + return; + } + +-- +2.27.0 + diff --git a/ppc-spelling-fixes.patch b/ppc-spelling-fixes.patch new file mode 100644 index 00000000..127101b5 --- /dev/null +++ b/ppc-spelling-fixes.patch @@ -0,0 +1,271 @@ +From 0adb55804594e60380450c7644a05f9cfc4ebb8a Mon Sep 17 00:00:00 2001 +From: zhujun2 +Date: Sun, 26 Nov 2023 18:34:45 -0800 +Subject: [PATCH] ppc: spelling fixes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +mainline inclusion +commit e6a19a6477407e57b4deb61aaa497a14d7db9626 +category: bugfix + +Signed-off-by: Michael Tokarev +Reviewed-by: Cédric Le Goater +Signed-off-by: zhujun2 +--- + hw/ppc/ppc.c | 2 +- + hw/ppc/prep_systemio.c | 2 +- + hw/ppc/spapr.c | 8 ++++---- + hw/ppc/spapr_hcall.c | 2 +- + hw/ppc/spapr_nvdimm.c | 2 +- + hw/ppc/spapr_pci_vfio.c | 2 +- + include/hw/ppc/openpic.h | 2 +- + include/hw/ppc/spapr.h | 2 +- + target/ppc/cpu-models.h | 4 ++-- + target/ppc/cpu.h | 2 +- + target/ppc/cpu_init.c | 2 +- + target/ppc/excp_helper.c | 2 +- + target/ppc/power8-pmu-regs.c.inc | 4 ++-- + target/ppc/translate/vmx-impl.c.inc | 4 ++-- + 14 files changed, 20 insertions(+), 20 deletions(-) + +diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c +index cf90ab7805..6396bbe523 100644 +--- a/hw/ppc/ppc.c ++++ b/hw/ppc/ppc.c +@@ -745,7 +745,7 @@ target_ulong cpu_ppc_load_decr(CPUPPCState *env) + decr = _cpu_ppc_load_decr(env, tb_env->decr_next); + + /* +- * If large decrementer is enabled then the decrementer is signed extened ++ * If large decrementer is enabled then the decrementer is signed extended + * to 64 bits, otherwise it is a 32 bit value. + */ + if (env->spr[SPR_LPCR] & LPCR_LD) { +diff --git a/hw/ppc/prep_systemio.c b/hw/ppc/prep_systemio.c +index b2bd783248..e51da91de5 100644 +--- a/hw/ppc/prep_systemio.c ++++ b/hw/ppc/prep_systemio.c +@@ -39,7 +39,7 @@ + #define TYPE_PREP_SYSTEMIO "prep-systemio" + OBJECT_DECLARE_SIMPLE_TYPE(PrepSystemIoState, PREP_SYSTEMIO) + +-/* Bit as defined in PowerPC Reference Plaform v1.1, sect. 6.1.5, p. 132 */ ++/* Bit as defined in PowerPC Reference Platform v1.1, sect. 6.1.5, p. 132 */ + #define PREP_BIT(n) (1 << (7 - (n))) + + struct PrepSystemIoState { +diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c +index 3b5fd749be..7f352ceaaa 100644 +--- a/hw/ppc/spapr.c ++++ b/hw/ppc/spapr.c +@@ -2488,7 +2488,7 @@ static void spapr_set_vsmt_mode(SpaprMachineState *spapr, Error **errp) + return; + } + +- /* Detemine the VSMT mode to use: */ ++ /* Determine the VSMT mode to use: */ + if (vsmt_user) { + if (spapr->vsmt < smp_threads) { + error_setg(errp, "Cannot support VSMT mode %d" +@@ -3016,7 +3016,7 @@ static int spapr_kvm_type(MachineState *machine, const char *vm_type) + { + /* + * The use of g_ascii_strcasecmp() for 'hv' and 'pr' is to +- * accomodate the 'HV' and 'PV' formats that exists in the ++ * accommodate the 'HV' and 'PV' formats that exists in the + * wild. The 'auto' mode is being introduced already as + * lower-case, thus we don't need to bother checking for + * "AUTO". +@@ -4250,7 +4250,7 @@ spapr_cpu_index_to_props(MachineState *machine, unsigned cpu_index) + CPUArchId *core_slot; + MachineClass *mc = MACHINE_GET_CLASS(machine); + +- /* make sure possible_cpu are intialized */ ++ /* make sure possible_cpu are initialized */ + mc->possible_cpu_arch_ids(machine); + /* get CPU core slot containing thread that matches cpu_index */ + core_slot = spapr_find_cpu_slot(machine, cpu_index, NULL); +@@ -4870,7 +4870,7 @@ static void spapr_machine_2_12_class_options(MachineClass *mc) + + /* We depend on kvm_enabled() to choose a default value for the + * hpt-max-page-size capability. Of course we can't do it here +- * because this is too early and the HW accelerator isn't initialzed ++ * because this is too early and the HW accelerator isn't initialized + * yet. Postpone this to machine init (see default_caps_with_cpu()). + */ + smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 0; +diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c +index 222c1b6bbd..5364bbcffa 100644 +--- a/hw/ppc/spapr_hcall.c ++++ b/hw/ppc/spapr_hcall.c +@@ -1532,7 +1532,7 @@ static void hypercall_register_types(void) + spapr_register_hypercall(H_GET_CPU_CHARACTERISTICS, + h_get_cpu_characteristics); + +- /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate ++ /* "debugger" hcalls (also used by SLOF). Note: We do -not- differentiate + * here between the "CI" and the "CACHE" variants, they will use whatever + * mapping attributes qemu is using. When using KVM, the kernel will + * enforce the attributes more strongly +diff --git a/hw/ppc/spapr_nvdimm.c b/hw/ppc/spapr_nvdimm.c +index 91de1052f2..b111380a45 100644 +--- a/hw/ppc/spapr_nvdimm.c ++++ b/hw/ppc/spapr_nvdimm.c +@@ -336,7 +336,7 @@ static target_ulong h_scm_bind_mem(PowerPCCPU *cpu, SpaprMachineState *spapr, + + /* + * Currently continue token should be zero qemu has already bound +- * everything and this hcall doesnt return H_BUSY. ++ * everything and this hcall doesn't return H_BUSY. + */ + if (continue_token > 0) { + return H_P5; +diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c +index 2a76b4e0b5..6326948143 100644 +--- a/hw/ppc/spapr_pci_vfio.c ++++ b/hw/ppc/spapr_pci_vfio.c +@@ -77,7 +77,7 @@ int spapr_phb_vfio_eeh_set_option(SpaprPhbState *sphb, + * call. Now we just need to check the validity of the PCI + * pass-through devices (vfio-pci) under this sphb bus. + * We have already validated that all the devices under this sphb +- * are from same iommu group (within same PE) before comming here. ++ * are from same iommu group (within same PE) before coming here. + * + * Prior to linux commit 98ba956f6a389 ("powerpc/pseries/eeh: + * Rework device EEH PE determination") kernel would call +diff --git a/include/hw/ppc/openpic.h b/include/hw/ppc/openpic.h +index ebdaf8a493..44976e6b07 100644 +--- a/include/hw/ppc/openpic.h ++++ b/include/hw/ppc/openpic.h +@@ -14,7 +14,7 @@ enum { + OPENPIC_OUTPUT_INT = 0, /* IRQ */ + OPENPIC_OUTPUT_CINT, /* critical IRQ */ + OPENPIC_OUTPUT_MCK, /* Machine check event */ +- OPENPIC_OUTPUT_DEBUG, /* Inconditional debug event */ ++ OPENPIC_OUTPUT_DEBUG, /* Unconditional debug event */ + OPENPIC_OUTPUT_RESET, /* Core reset event */ + OPENPIC_OUTPUT_NB, + }; +diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h +index ee7504b976..316b80318e 100644 +--- a/include/hw/ppc/spapr.h ++++ b/include/hw/ppc/spapr.h +@@ -179,7 +179,7 @@ struct SpaprMachineState { + SpaprResizeHpt resize_hpt; + void *htab; + uint32_t htab_shift; +- uint64_t patb_entry; /* Process tbl registed in H_REGISTER_PROC_TBL */ ++ uint64_t patb_entry; /* Process tbl registered in H_REGISTER_PROC_TBL */ + SpaprPendingHpt *pending_hpt; /* in-progress resize */ + + hwaddr rma_size; +diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h +index 0952592759..75ea085bd5 100644 +--- a/target/ppc/cpu-models.h ++++ b/target/ppc/cpu-models.h +@@ -63,7 +63,7 @@ enum { + /* PowerPC 405 cores */ + CPU_POWERPC_405D2 = 0x20010000, + CPU_POWERPC_405D4 = 0x41810000, +- /* PowerPC 405 microcontrolers */ ++ /* PowerPC 405 microcontrollers */ + /* XXX: missing 0x200108a0 */ + CPU_POWERPC_405CRa = 0x40110041, + CPU_POWERPC_405CRb = 0x401100C5, +@@ -93,7 +93,7 @@ enum { + #define CPU_POWERPC_440 CPU_POWERPC_440GXf + /* PowerPC 440 cores */ + CPU_POWERPC_440_XILINX = 0x7ff21910, +- /* PowerPC 440 microcontrolers */ ++ /* PowerPC 440 microcontrollers */ + CPU_POWERPC_440EPa = 0x42221850, + CPU_POWERPC_440EPb = 0x422218D3, + CPU_POWERPC_440GPb = 0x40120440, +diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h +index e946da5f3a..26312f9d5f 100644 +--- a/target/ppc/cpu.h ++++ b/target/ppc/cpu.h +@@ -345,7 +345,7 @@ typedef struct ppc_v3_pate_t { + + /* PMU bits */ + #define MMCR0_FC PPC_BIT(32) /* Freeze Counters */ +-#define MMCR0_PMAO PPC_BIT(56) /* Perf Monitor Alert Ocurred */ ++#define MMCR0_PMAO PPC_BIT(56) /* Perf Monitor Alert Occurred */ + #define MMCR0_PMAE PPC_BIT(37) /* Perf Monitor Alert Enable */ + #define MMCR0_EBE PPC_BIT(43) /* Perf Monitor EBB Enable */ + #define MMCR0_FCECE PPC_BIT(38) /* FC on Enabled Cond or Event */ +diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c +index 6695985e9b..986d16a24d 100644 +--- a/target/ppc/cpu_init.c ++++ b/target/ppc/cpu_init.c +@@ -7023,7 +7023,7 @@ static void register_970_lpar_sprs(CPUPPCState *env) + static void register_power5p_lpar_sprs(CPUPPCState *env) + { + #if !defined(CONFIG_USER_ONLY) +- /* Logical partitionning */ ++ /* Logical partitioning */ + spr_register_kvm_hv(env, SPR_LPCR, "LPCR", + SPR_NOACCESS, SPR_NOACCESS, + SPR_NOACCESS, SPR_NOACCESS, +diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c +index 17607adbe4..f66063d55c 100644 +--- a/target/ppc/excp_helper.c ++++ b/target/ppc/excp_helper.c +@@ -312,7 +312,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp) + + /* + * new interrupt handler msr preserves existing HV and ME unless +- * explicitly overriden ++ * explicitly overridden + */ + new_msr = env->msr & (((target_ulong)1 << MSR_ME) | MSR_HVB); + +diff --git a/target/ppc/power8-pmu-regs.c.inc b/target/ppc/power8-pmu-regs.c.inc +index 7391851238..c58874752b 100644 +--- a/target/ppc/power8-pmu-regs.c.inc ++++ b/target/ppc/power8-pmu-regs.c.inc +@@ -16,7 +16,7 @@ + * Checks whether the Group A SPR (MMCR0, MMCR2, MMCRA, and the + * PMCs) has problem state read access. + * +- * Read acccess is granted for all PMCC values but 0b01, where a ++ * Read access is granted for all PMCC values but 0b01, where a + * Facility Unavailable Interrupt will occur. + */ + static bool spr_groupA_read_allowed(DisasContext *ctx) +@@ -33,7 +33,7 @@ static bool spr_groupA_read_allowed(DisasContext *ctx) + * Checks whether the Group A SPR (MMCR0, MMCR2, MMCRA, and the + * PMCs) has problem state write access. + * +- * Write acccess is granted for PMCC values 0b10 and 0b11. Userspace ++ * Write access is granted for PMCC values 0b10 and 0b11. Userspace + * writing with PMCC 0b00 will generate a Hypervisor Emulation + * Assistance Interrupt. Userspace writing with PMCC 0b01 will + * generate a Facility Unavailable Interrupt. +diff --git a/target/ppc/translate/vmx-impl.c.inc b/target/ppc/translate/vmx-impl.c.inc +index 8eb8d3a067..f56f061d18 100644 +--- a/target/ppc/translate/vmx-impl.c.inc ++++ b/target/ppc/translate/vmx-impl.c.inc +@@ -127,7 +127,7 @@ static void gen_stve##name(DisasContext *ctx) \ + } + + GEN_VR_LDX(lvx, 0x07, 0x03); +-/* As we don't emulate the cache, lvxl is stricly equivalent to lvx */ ++/* As we don't emulate the cache, lvxl is strictly equivalent to lvx */ + GEN_VR_LDX(lvxl, 0x07, 0x0B); + + GEN_VR_LVE(bx, 0x07, 0x00, 1); +@@ -135,7 +135,7 @@ GEN_VR_LVE(hx, 0x07, 0x01, 2); + GEN_VR_LVE(wx, 0x07, 0x02, 4); + + GEN_VR_STX(svx, 0x07, 0x07); +-/* As we don't emulate the cache, stvxl is stricly equivalent to stvx */ ++/* As we don't emulate the cache, stvxl is strictly equivalent to stvx */ + GEN_VR_STX(svxl, 0x07, 0x0F); + + GEN_VR_STVE(bx, 0x07, 0x04, 1); +-- +2.27.0 + diff --git a/qemu.spec b/qemu.spec index bc9d629c..d773e3a6 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 6.2.0 -Release: 86 +Release: 87 Epoch: 10 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -832,6 +832,31 @@ Patch0817: vhost-implement-migration-state-notifier-for-vdpa-de.patch Patch0818: vhost-implement-post-resume-bh.patch Patch0819: vdpa-implement-vdpa-device-migration.patch Patch0820: vdpa-move-memory-listener-to-the-realize-stage.patch +Patch0821: hw-usb-hcd-xhci.c-spelling-tranfer.patch +Patch0822: ui-vnc-clipboard-fix-inflate_buffer.patch +Patch0823: i386-sev-Avoid-SEV-ES-crash-due-to-missing-MSR_EFER_.patch +Patch0824: tests-avocado-mark-ReplayKernelNormal.test_mips64el_.patch +Patch0825: tests-unit-fix-a-Wformat-truncation-warning.patch +Patch0826: hw-qdev-Cosmetic-around-documentation.patch +Patch0827: pci-Export-the-pci_intx-function.patch +Patch0828: pcie_aer-Don-t-trigger-a-LSI-if-none-are-defined.patch +Patch0829: hw-i386-pc-Add-missing-property-descriptions.patch +Patch0830: hw-scsi-vhost-scsi-don-t-leak-vqs-on-error.patch +Patch0831: virtio-vhost-vsock-don-t-double-close-vhostfd-remove.patch +Patch0832: hw-scsi-vhost-scsi-don-t-double-close-vhostfd-on-err.patch +Patch0833: ppc-spelling-fixes.patch +Patch0834: s390x-Fix-spelling-errors.patch +Patch0835: migration-fix-RAMBlock-add-NULL-check.patch +Patch0836: iotests-fix-default-machine-type-detection.patch +Patch0837: gdb-xml-fix-duplicate-register-in-arm-neon.xml.patch +Patch0838: migration-Set-downtime_start-even-for-postcopy.patch +Patch0839: revert-tcg-loongarch64-Fix-tcg_out_mov-Aborted.patch +Patch0840: shadow_dev-introduce-shadow-dev-for-virtio-net-devic.patch +Patch0841: vdpa-set-vring-enable-only-if-the-vring-address-has-.patch +Patch0842: vdpa-correct-param-passed-in-when-unregister-save.patch +Patch0843: vdpa-support-vdpa-device-suspend-resume.patch +Patch0844: vdpa-don-t-suspend-resume-device-when-vdpa-device-no.patch +Patch0845: vdpa-suspend-function-return-0-when-the-vdpa-device-.patch BuildRequires: flex @@ -1431,6 +1456,33 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Fri Dec 22 2023 - 10:6.2.0-87 +- vdpa: suspend function return 0 when the vdpa device is stopped +- vdpa: don't suspend/resume device when vdpa device not started +- vdpa: support vdpa device suspend/resume +- vdpa: correct param passed in when unregister save +- vdpa: set vring enable only if the vring address has already been set +- shadow_dev: introduce shadow dev for virtio-net device +- revert "tcg/loongarch64: Fix tcg_out_mov() Aborted" +- migration: Set downtime_start even for postcopy +- gdb-xml: fix duplicate register in arm-neon.xml +- iotests: fix default machine type detection +- migration: fix RAMBlock add NULL check +- s390x: Fix spelling errors +- ppc: spelling fixes +- hw/scsi/vhost-scsi: don't double close vhostfd on error +- virtio/vhost-vsock: don't double close vhostfd, remove redundant cleanup +- hw/scsi/vhost-scsi: don't leak vqs on error +- hw/i386/pc: Add missing property descriptions +- pcie_aer: Don't trigger a LSI if none are defined +- pci: Export the pci_intx() function +- hw/qdev: Cosmetic around documentation +- tests/unit: fix a -Wformat-truncation warning +- tests/avocado: mark ReplayKernelNormal.test_mips64el_malta as flaky +- i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit +- ui/vnc-clipboard: fix inflate_buffer +- hw/usb/hcd-xhci.c: spelling: tranfer + * Tue Dec 5 2023 - 10:6.2.0-86 - vdpa: move memory listener to the realize stage - vdpa: implement vdpa device migration diff --git a/revert-tcg-loongarch64-Fix-tcg_out_mov-Aborted.patch b/revert-tcg-loongarch64-Fix-tcg_out_mov-Aborted.patch new file mode 100644 index 00000000..cf0869e4 --- /dev/null +++ b/revert-tcg-loongarch64-Fix-tcg_out_mov-Aborted.patch @@ -0,0 +1,30 @@ +From 7eff40be327d0c591e4b842cd954ec5dabb75848 Mon Sep 17 00:00:00 2001 +From: xianglai li +Date: Tue, 19 Dec 2023 02:34:39 -0500 +Subject: [PATCH] revert "tcg/loongarch64: Fix tcg_out_mov() Aborted" + +openEuler loongarch64 does not support qemu tcg, +so no TCG-related patch is required for synchronization. + +Signed-off-by: xianglai li +--- + tcg/loongarch64/tcg-target.c.inc | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc +index ee7d4d728d..0b28b30002 100644 +--- a/tcg/loongarch64/tcg-target.c.inc ++++ b/tcg/loongarch64/tcg-target.c.inc +@@ -255,9 +255,6 @@ static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg) + */ + tcg_out_opc_or(s, ret, arg, TCG_REG_ZERO); + break; +- case TCG_TYPE_V128: +- tcg_out_opc_vori_b(s, ret, arg, 0); +- break; + default: + g_assert_not_reached(); + } +-- +2.27.0 + diff --git a/s390x-Fix-spelling-errors.patch b/s390x-Fix-spelling-errors.patch new file mode 100644 index 00000000..19265710 --- /dev/null +++ b/s390x-Fix-spelling-errors.patch @@ -0,0 +1,246 @@ +From 8f9bdcfe073479ba0170d3b01023d9a00f3b1e31 Mon Sep 17 00:00:00 2001 +From: zhujun2 +Date: Thu, 7 Dec 2023 17:47:34 -0800 +Subject: [PATCH] s390x: Fix spelling errors + +mainline inclusion +commit 44ee69ea16bd0390082ed88d4e82d6cea3a18b46 +category: bugfix + +--------------------------------------------------------------- + +Fix typos (discovered with the 'codespell' utility). +Note: Though "migrateable" still seems to be a valid spelling, we change +it to "migratable" since this is the way more common spelling here. + +Message-Id: <20221111182828.282251-1-thuth@redhat.com> +Reviewed-by: Stefan Weil +Reviewed-by: Ilya Leoshkevich +Signed-off-by: Thomas Huth +Signed-off-by: zhujun2 +--- + hw/s390x/ipl.h | 2 +- + hw/s390x/s390-virtio-ccw.c | 6 +++--- + pc-bios/s390-ccw/cio.h | 2 +- + pc-bios/s390-ccw/iplb.h | 2 +- + pc-bios/s390-ccw/start.S | 2 +- + target/s390x/cpu_models.h | 4 ++-- + target/s390x/ioinst.c | 2 +- + target/s390x/tcg/excp_helper.c | 2 +- + target/s390x/tcg/fpu_helper.c | 2 +- + target/s390x/tcg/misc_helper.c | 2 +- + target/s390x/tcg/translate.c | 4 ++-- + target/s390x/tcg/translate_vx.c.inc | 6 +++--- + 12 files changed, 18 insertions(+), 18 deletions(-) + +diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h +index dfc6dfd89c..7fc86e7905 100644 +--- a/hw/s390x/ipl.h ++++ b/hw/s390x/ipl.h +@@ -140,7 +140,7 @@ void s390_ipl_clear_reset_request(void); + * have an offset of 4 + n * 8 bytes within the struct in order + * to keep it double-word aligned. + * The total size of the struct must never exceed 28 bytes. +- * This definition must be kept in sync with the defininition ++ * This definition must be kept in sync with the definition + * in pc-bios/s390-ccw/iplb.h. + */ + struct QemuIplParameters { +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 653587ea62..c84b89ba43 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -345,7 +345,7 @@ static int s390_machine_protect(S390CcwMachineState *ms) + } + + error_setg(&pv_mig_blocker, +- "protected VMs are currently not migrateable."); ++ "protected VMs are currently not migratable."); + rc = migrate_add_blocker(pv_mig_blocker, &local_err); + if (rc) { + ram_block_discard_disable(false); +@@ -434,7 +434,7 @@ static void s390_machine_reset(MachineState *machine) + break; + case S390_RESET_MODIFIED_CLEAR: + /* +- * Susbsystem reset needs to be done before we unshare memory ++ * Subsystem reset needs to be done before we unshare memory + * and lose access to VIRTIO structures in guest memory. + */ + subsystem_reset(); +@@ -447,7 +447,7 @@ static void s390_machine_reset(MachineState *machine) + break; + case S390_RESET_LOAD_NORMAL: + /* +- * Susbsystem reset needs to be done before we unshare memory ++ * Subsystem reset needs to be done before we unshare memory + * and lose access to VIRTIO structures in guest memory. + */ + subsystem_reset(); +diff --git a/pc-bios/s390-ccw/cio.h b/pc-bios/s390-ccw/cio.h +index 1e5d4e92e1..88a88adfd2 100644 +--- a/pc-bios/s390-ccw/cio.h ++++ b/pc-bios/s390-ccw/cio.h +@@ -20,7 +20,7 @@ struct pmcw { + __u32 intparm; /* interruption parameter */ + __u32 qf:1; /* qdio facility */ + __u32 w:1; +- __u32 isc:3; /* interruption sublass */ ++ __u32 isc:3; /* interruption subclass */ + __u32 res5:3; /* reserved zeros */ + __u32 ena:1; /* enabled */ + __u32 lm:2; /* limit mode */ +diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h +index 772d5c57c9..cb6ac8a880 100644 +--- a/pc-bios/s390-ccw/iplb.h ++++ b/pc-bios/s390-ccw/iplb.h +@@ -81,7 +81,7 @@ extern IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE))); + #define QIPL_FLAG_BM_OPTS_ZIPL 0x40 + + /* +- * This definition must be kept in sync with the defininition ++ * This definition must be kept in sync with the definition + * in hw/s390x/ipl.h + */ + struct QemuIplParameters { +diff --git a/pc-bios/s390-ccw/start.S b/pc-bios/s390-ccw/start.S +index 4d5ad21653..6072906df4 100644 +--- a/pc-bios/s390-ccw/start.S ++++ b/pc-bios/s390-ccw/start.S +@@ -19,7 +19,7 @@ _start: + larl %r2, __bss_start + larl %r3, _end + slgr %r3, %r2 /* get sizeof bss */ +- ltgr %r3,%r3 /* bss emtpy? */ ++ ltgr %r3,%r3 /* bss empty? */ + jz done + aghi %r3,-1 + srlg %r4,%r3,8 /* how many 256 byte chunks? */ +diff --git a/target/s390x/cpu_models.h b/target/s390x/cpu_models.h +index 74d1f87e4f..fb1adc8b21 100644 +--- a/target/s390x/cpu_models.h ++++ b/target/s390x/cpu_models.h +@@ -24,13 +24,13 @@ struct S390CPUDef { + uint8_t gen; /* hw generation identification */ + uint16_t type; /* cpu type identification */ + uint8_t ec_ga; /* EC GA version (on which also the BC is based) */ +- uint8_t mha_pow; /* Maximum Host Adress Power, mha = 2^pow-1 */ ++ uint8_t mha_pow; /* maximum host address power, mha = 2^pow-1 */ + uint32_t hmfai; /* hypervisor-managed facilities */ + /* base/min features, must never be changed between QEMU versions */ + S390FeatBitmap base_feat; + /* used to init base_feat from generated data */ + S390FeatInit base_init; +- /* deafault features, QEMU version specific */ ++ /* default features, QEMU version specific */ + S390FeatBitmap default_feat; + /* used to init default_feat from generated data */ + S390FeatInit default_init; +diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c +index bdae5090bc..e6347d1801 100644 +--- a/target/s390x/ioinst.c ++++ b/target/s390x/ioinst.c +@@ -285,7 +285,7 @@ void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, + /* + * As operand exceptions have a lower priority than access exceptions, + * we check whether the memory area is writeable (injecting the +- * access execption if it is not) first. ++ * access exception if it is not) first. + */ + if (!s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib))) { + s390_program_interrupt(env, PGM_OPERAND, ra); +diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c +index 4e7648f301..6a4f7585b8 100644 +--- a/target/s390x/tcg/excp_helper.c ++++ b/target/s390x/tcg/excp_helper.c +@@ -551,7 +551,7 @@ try_deliver: + /* don't trigger a cpu_loop_exit(), use an interrupt instead */ + cpu_interrupt(CPU(cpu), CPU_INTERRUPT_HALT); + } else if (cs->halted) { +- /* unhalt if we had a WAIT PSW somehwere in our injection chain */ ++ /* unhalt if we had a WAIT PSW somewhere in our injection chain */ + s390_cpu_unhalt(cpu); + } + } +diff --git a/target/s390x/tcg/fpu_helper.c b/target/s390x/tcg/fpu_helper.c +index 4067205405..be80b2373c 100644 +--- a/target/s390x/tcg/fpu_helper.c ++++ b/target/s390x/tcg/fpu_helper.c +@@ -89,7 +89,7 @@ static void handle_exceptions(CPUS390XState *env, bool XxC, uintptr_t retaddr) + /* + * invalid/divbyzero cannot coexist with other conditions. + * overflow/underflow however can coexist with inexact, we have to +- * handle it separatly. ++ * handle it separately. + */ + if (s390_exc & ~S390_IEEE_MASK_INEXACT) { + if (s390_exc & ~S390_IEEE_MASK_INEXACT & env->fpc >> 24) { +diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c +index aab9c47747..7a975aaf94 100644 +--- a/target/s390x/tcg/misc_helper.c ++++ b/target/s390x/tcg/misc_helper.c +@@ -326,7 +326,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint64_t r0, uint64_t r1) + /* same as machine type number in STORE CPU ID, but in EBCDIC */ + snprintf(type, ARRAY_SIZE(type), "%X", cpu->model->def->type); + ebcdic_put(sysib.sysib_111.type, type, 4); +- /* model number (not stored in STORE CPU ID for z/Architecure) */ ++ /* model number (not stored in STORE CPU ID for z/Architecture) */ + ebcdic_put(sysib.sysib_111.model, "QEMU ", 16); + ebcdic_put(sysib.sysib_111.sequence, "QEMU ", 16); + ebcdic_put(sysib.sysib_111.plant, "QEMU", 4); +diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c +index dcc249a197..62fbc90d5e 100644 +--- a/target/s390x/tcg/translate.c ++++ b/target/s390x/tcg/translate.c +@@ -434,7 +434,7 @@ static void gen_program_exception(DisasContext *s, int code) + { + TCGv_i32 tmp; + +- /* Remember what pgm exeption this was. */ ++ /* Remember what pgm exception this was. */ + tmp = tcg_const_i32(code); + tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUS390XState, int_pgm_code)); + tcg_temp_free_i32(tmp); +@@ -490,7 +490,7 @@ static TCGv_i64 get_address(DisasContext *s, int x2, int b2, int d2) + + /* + * Note that d2 is limited to 20 bits, signed. If we crop negative +- * displacements early we create larger immedate addends. ++ * displacements early we create larger immediate addends. + */ + if (b2 && x2) { + tcg_gen_add_i64(tmp, regs[b2], regs[x2]); +diff --git a/target/s390x/tcg/translate_vx.c.inc b/target/s390x/tcg/translate_vx.c.inc +index 28bf5a23b6..d1fe4df1b5 100644 +--- a/target/s390x/tcg/translate_vx.c.inc ++++ b/target/s390x/tcg/translate_vx.c.inc +@@ -797,7 +797,7 @@ static DisasJumpType op_vpk(DisasContext *s, DisasOps *o) + } + break; + case 0x94: +- /* If sources and destination dont't overlap -> fast path */ ++ /* If sources and destination don't overlap -> fast path */ + if (v1 != v2 && v1 != v3) { + const uint8_t src_es = get_field(s, m4); + const uint8_t dst_es = src_es - 1; +@@ -1793,7 +1793,7 @@ static DisasJumpType op_vmsl(DisasContext *s, DisasOps *o) + l2 = tcg_temp_new_i64(); + h2 = tcg_temp_new_i64(); + +- /* Multipy both even elements from v2 and v3 */ ++ /* Multiply both even elements from v2 and v3 */ + read_vec_element_i64(l1, get_field(s, v2), 0, ES_64); + read_vec_element_i64(h1, get_field(s, v3), 0, ES_64); + tcg_gen_mulu2_i64(l1, h1, l1, h1); +@@ -1802,7 +1802,7 @@ static DisasJumpType op_vmsl(DisasContext *s, DisasOps *o) + tcg_gen_add2_i64(l1, h1, l1, h1, l1, h1); + } + +- /* Multipy both odd elements from v2 and v3 */ ++ /* Multiply both odd elements from v2 and v3 */ + read_vec_element_i64(l2, get_field(s, v2), 1, ES_64); + read_vec_element_i64(h2, get_field(s, v3), 1, ES_64); + tcg_gen_mulu2_i64(l2, h2, l2, h2); +-- +2.27.0 + diff --git a/shadow_dev-introduce-shadow-dev-for-virtio-net-devic.patch b/shadow_dev-introduce-shadow-dev-for-virtio-net-devic.patch new file mode 100644 index 00000000..ef1164d6 --- /dev/null +++ b/shadow_dev-introduce-shadow-dev-for-virtio-net-devic.patch @@ -0,0 +1,195 @@ +From 0a6c08bd3a16543b8021c8b65a45f7ebb701a9aa Mon Sep 17 00:00:00 2001 +From: Dongxu Sun +Date: Fri, 15 Dec 2023 17:44:54 +0800 +Subject: [PATCH] shadow_dev: introduce shadow dev for virtio-net device + +for virtio net devices, create the shadow device for vlpi +bypass inject supported. + +Signed-off-by: Wang Haibin +Signed-off-by: Yu Zenghui +Signed-off-by: Chen Qun +Signed-off-by: KunKun Jiang +Signed-off-by: Dongxu Sun +--- + hw/virtio/virtio-pci.c | 32 ++++++++++++++++++++++++++ + include/sysemu/kvm.h | 5 +++++ + linux-headers/linux/kvm.h | 13 +++++++++++ + target/arm/kvm.c | 47 +++++++++++++++++++++++++++++++++++++++ + 4 files changed, 97 insertions(+) + +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c +index 82706b8b32..6b45683280 100644 +--- a/hw/virtio/virtio-pci.c ++++ b/hw/virtio/virtio-pci.c +@@ -873,18 +873,44 @@ undo: + } + return ret; + } ++ ++#ifdef __aarch64__ ++int __attribute__((weak)) kvm_create_shadow_device(PCIDevice *dev) ++{ ++ return 0; ++} ++ ++int __attribute__((weak)) kvm_delete_shadow_device(PCIDevice *dev) ++{ ++ return 0; ++} ++#endif ++ + static int kvm_virtio_pci_vector_vq_use(VirtIOPCIProxy *proxy, int nvqs) + { + int queue_no; + int ret = 0; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + ++#ifdef __aarch64__ ++ if (!strcmp(vdev->name, "virtio-net")) { ++ kvm_create_shadow_device(&proxy->pci_dev); ++ } ++#endif ++ + for (queue_no = 0; queue_no < nvqs; queue_no++) { + if (!virtio_queue_get_num(vdev, queue_no)) { + return -1; + } + ret = kvm_virtio_pci_vector_use_one(proxy, queue_no); + } ++ ++#ifdef __aarch64__ ++ if (!strcmp(vdev->name, "virtio-net") && ret != 0) { ++ kvm_delete_shadow_device(&proxy->pci_dev); ++ } ++#endif ++ + return ret; + } + +@@ -927,6 +953,12 @@ static void kvm_virtio_pci_vector_vq_release(VirtIOPCIProxy *proxy, int nvqs) + } + kvm_virtio_pci_vector_release_one(proxy, queue_no); + } ++ ++#ifdef __aarch64__ ++ if (!strcmp(vdev->name, "virtio-net")) { ++ kvm_delete_shadow_device(&proxy->pci_dev); ++ } ++#endif + } + + static void kvm_virtio_pci_vector_config_release(VirtIOPCIProxy *proxy) +diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h +index 1ec9432493..9f52d08ce0 100644 +--- a/include/sysemu/kvm.h ++++ b/include/sysemu/kvm.h +@@ -553,4 +553,9 @@ bool kvm_arch_cpu_check_are_resettable(void); + bool kvm_dirty_ring_enabled(void); + + uint32_t kvm_dirty_ring_size(void); ++ ++#ifdef __aarch64__ ++int kvm_create_shadow_device(PCIDevice *dev); ++int kvm_delete_shadow_device(PCIDevice *dev); ++#endif + #endif +diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h +index 2008fbc173..cd0885f523 100644 +--- a/linux-headers/linux/kvm.h ++++ b/linux-headers/linux/kvm.h +@@ -1127,6 +1127,8 @@ struct kvm_ppc_resize_hpt { + + #define KVM_CAP_ARM_CPU_FEATURE 555 + ++#define KVM_CAP_ARM_VIRT_MSI_BYPASS 799 ++ + #ifdef KVM_CAP_IRQ_ROUTING + + struct kvm_irq_routing_irqchip { +@@ -1431,6 +1433,17 @@ struct kvm_s390_ucas_mapping { + #define KVM_XEN_HVM_CONFIG _IOW(KVMIO, 0x7a, struct kvm_xen_hvm_config) + #define KVM_SET_CLOCK _IOW(KVMIO, 0x7b, struct kvm_clock_data) + #define KVM_GET_CLOCK _IOR(KVMIO, 0x7c, struct kvm_clock_data) ++ ++#ifdef __aarch64__ ++struct kvm_master_dev_info ++{ ++ __u32 nvectors; /* number of msi vectors */ ++ struct kvm_msi msi[0]; ++}; ++#define KVM_CREATE_SHADOW_DEV _IOW(KVMIO, 0xf0, struct kvm_master_dev_info) ++#define KVM_DEL_SHADOW_DEV _IOW(KVMIO, 0xf1, __u32) ++#endif ++ + /* Available with KVM_CAP_PIT_STATE2 */ + #define KVM_GET_PIT2 _IOR(KVMIO, 0x9f, struct kvm_pit_state2) + #define KVM_SET_PIT2 _IOW(KVMIO, 0xa0, struct kvm_pit_state2) +diff --git a/target/arm/kvm.c b/target/arm/kvm.c +index 22ac5bcb97..38d80adfb7 100644 +--- a/target/arm/kvm.c ++++ b/target/arm/kvm.c +@@ -27,6 +27,8 @@ + #include "trace.h" + #include "internals.h" + #include "hw/pci/pci.h" ++#include "hw/pci/msi.h" ++#include "hw/pci/msix.h" + #include "exec/memattrs.h" + #include "exec/address-spaces.h" + #include "hw/boards.h" +@@ -1075,6 +1077,51 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route, + return 0; + } + ++int kvm_create_shadow_device(PCIDevice *dev) ++{ ++ KVMState *s = kvm_state; ++ struct kvm_master_dev_info *mdi; ++ MSIMessage msg; ++ uint32_t vector, nvectors = msix_nr_vectors_allocated(dev); ++ uint32_t request_id; ++ int ret; ++ ++ if (!kvm_vm_check_extension(s, KVM_CAP_ARM_VIRT_MSI_BYPASS) || !nvectors) { ++ return 0; ++ } ++ ++ mdi = g_malloc0(sizeof(uint32_t) + sizeof(struct kvm_msi) * nvectors); ++ mdi->nvectors = nvectors; ++ request_id = pci_requester_id(dev); ++ ++ for (vector = 0; vector < nvectors; vector++) { ++ msg = msix_get_message(dev, vector); ++ mdi->msi[vector].address_lo = extract64(msg.address, 0, 32); ++ mdi->msi[vector].address_hi = extract64(msg.address, 32, 32); ++ mdi->msi[vector].data = le32_to_cpu(msg.data); ++ mdi->msi[vector].flags = KVM_MSI_VALID_DEVID; ++ mdi->msi[vector].devid = request_id; ++ memset(mdi->msi[vector].pad, 0, sizeof(mdi->msi[vector].pad)); ++ } ++ ++ ret = kvm_vm_ioctl(s, KVM_CREATE_SHADOW_DEV, mdi); ++ g_free(mdi); ++ return ret; ++} ++ ++int kvm_delete_shadow_device(PCIDevice *dev) ++{ ++ KVMState *s = kvm_state; ++ uint32_t request_id, nvectors = msix_nr_vectors_allocated(dev); ++ ++ if (!kvm_vm_check_extension(s, KVM_CAP_ARM_VIRT_MSI_BYPASS) || !nvectors) { ++ return 0; ++ } ++ ++ request_id = pci_requester_id(dev); ++ return kvm_vm_ioctl(s, KVM_DEL_SHADOW_DEV, &request_id); ++} ++ + int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route, + int vector, PCIDevice *dev) + { +-- +2.27.0 + diff --git a/tests-avocado-mark-ReplayKernelNormal.test_mips64el_.patch b/tests-avocado-mark-ReplayKernelNormal.test_mips64el_.patch new file mode 100644 index 00000000..bc8f81ae --- /dev/null +++ b/tests-avocado-mark-ReplayKernelNormal.test_mips64el_.patch @@ -0,0 +1,48 @@ +From b4d96f201027d930ef84c8751909f3770e3d21f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alex=20Benn=C3=A9e?= +Date: Fri, 1 Dec 2023 20:10:27 +0000 +Subject: [PATCH] tests/avocado: mark ReplayKernelNormal.test_mips64el_malta as + flaky +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +I missed this when going through the recent failure logs. I can run +the test 30 times without failure locally but it seems to hang pretty +reliably on GitLab's CI infra-structure. + +Cc: Philippe Mathieu-Daudé +Signed-off-by: Alex Bennée +Reviewed-by: Philippe Mathieu-Daudé +Message-ID: <20231201201027.2689404-1-alex.bennee@linaro.org> +Signed-off-by: Philippe Mathieu-Daudé + +Signed-off-by: Zhongrui Tang +--- + tests/avocado/replay_kernel.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/avocado/replay_kernel.py b/tests/avocado/replay_kernel.py +index c68a953730..16421b3407 100644 +--- a/tests/avocado/replay_kernel.py ++++ b/tests/avocado/replay_kernel.py +@@ -113,6 +113,8 @@ def test_mips_malta(self): + + self.run_rr(kernel_path, kernel_command_line, console_pattern, shift=5) + ++ # See https://gitlab.com/qemu-project/qemu/-/issues/2013 ++ @skipUnless(os.getenv('QEMU_TEST_FLAKY_TESTS'), 'Test is unstable on GitLab') + def test_mips64el_malta(self): + """ + This test requires the ar tool to extract "data.tar.gz" from +@@ -128,6 +130,7 @@ def test_mips64el_malta(self): + + :avocado: tags=arch:mips64el + :avocado: tags=machine:malta ++ :avocado: tags=flaky + """ + deb_url = ('http://snapshot.debian.org/archive/debian/' + '20130217T032700Z/pool/main/l/linux-2.6/' +-- +2.27.0 + diff --git a/tests-unit-fix-a-Wformat-truncation-warning.patch b/tests-unit-fix-a-Wformat-truncation-warning.patch new file mode 100644 index 00000000..40fb8d09 --- /dev/null +++ b/tests-unit-fix-a-Wformat-truncation-warning.patch @@ -0,0 +1,53 @@ +From 133b578fabea9f4cc5936da233c04463bf94b6db Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Thu, 7 Dec 2023 09:20:00 +0800 +Subject: [PATCH] tests/unit: fix a -Wformat-truncation warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from 6a54ac2a9737057dc19aa584d823a3011717423b + +../tests/test-qobject-input-visitor.c: In function ‘test_visitor_in_list’: +../tests/test-qobject-input-visitor.c:454:49: warning: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 6 [-Wformat-truncation=] + 454 | snprintf(string, sizeof(string), "string%d", i); + | ^~ +../tests/test-qobject-input-visitor.c:454:42: note: directive argument in the range [0, 2147483606] + 454 | snprintf(string, sizeof(string), "string%d", i); + | ^~~~~~~~~~ +../tests/test-qobject-input-visitor.c:454:9: note: ‘snprintf’ output between 8 and 17 bytes into a destination of size 12 + 454 | snprintf(string, sizeof(string), "string%d", i); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Rather than trying to be clever, since this is called 3 times during +tests, let's simply use g_strdup_printf(). + +Signed-off-by: Marc-André Lureau +Reviewed-by: Markus Armbruster +Message-id: 20220810121513.1356081-1-marcandre.lureau@redhat.com +Reviewed-by: Peter Maydell +[PMM: fixed commit message typos] +Signed-off-by: Peter Maydell +Signed-off-by: boringandboring +--- + tests/unit/test-qobject-input-visitor.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tests/unit/test-qobject-input-visitor.c b/tests/unit/test-qobject-input-visitor.c +index 6f59a7f432..0f28d46a4a 100644 +--- a/tests/unit/test-qobject-input-visitor.c ++++ b/tests/unit/test-qobject-input-visitor.c +@@ -448,9 +448,8 @@ static void test_visitor_in_list(TestInputVisitorData *data, + g_assert(head != NULL); + + for (i = 0, item = head; item; item = item->next, i++) { +- char string[12]; ++ g_autofree char *string = g_strdup_printf("string%d", i); + +- snprintf(string, sizeof(string), "string%d", i); + g_assert_cmpstr(item->value->string, ==, string); + g_assert_cmpint(item->value->integer, ==, 42 + i); + } +-- +2.27.0 + diff --git a/ui-vnc-clipboard-fix-inflate_buffer.patch b/ui-vnc-clipboard-fix-inflate_buffer.patch new file mode 100644 index 00000000..f12ff9b4 --- /dev/null +++ b/ui-vnc-clipboard-fix-inflate_buffer.patch @@ -0,0 +1,47 @@ +From 7f19287be9b468b7065073a31d35c01b2632858d Mon Sep 17 00:00:00 2001 +From: qihao +Date: Tue, 5 Dec 2023 14:10:50 +0800 +Subject: [PATCH] ui/vnc-clipboard: fix inflate_buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from ebfbf394671163c14e2b24d98f3927a3151d1aff + +Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in +inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still +required, because it can happen that stream.avail_in becomes zero +before coming across a return value of Z_STREAM_END in the loop. + +This fixes the host->guest direction of the clipboard with noVNC and +TigerVNC as clients. + +Fixes: d921fea338 ("ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)") +Reported-by: Friedrich Weber +Signed-off-by: Fiona Ebner +Acked-by: Marc-André Lureau +Message-Id: <20231122125826.228189-1-f.ebner@proxmox.com> +Signed-off-by: qihao_yewu +--- + ui/vnc-clipboard.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c +index c84599cfdb..2bb1b07c40 100644 +--- a/ui/vnc-clipboard.c ++++ b/ui/vnc-clipboard.c +@@ -70,6 +70,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size) + } + } + ++ *size = stream.total_out; ++ inflateEnd(&stream); ++ ++ return out; ++ + err_end: + inflateEnd(&stream); + err: +-- +2.27.0 + diff --git a/vdpa-correct-param-passed-in-when-unregister-save.patch b/vdpa-correct-param-passed-in-when-unregister-save.patch new file mode 100644 index 00000000..3b7ce277 --- /dev/null +++ b/vdpa-correct-param-passed-in-when-unregister-save.patch @@ -0,0 +1,30 @@ +From 9f0b9d2d71b9fa21789981d68335ee417e18b025 Mon Sep 17 00:00:00 2001 +From: jiangdongxu +Date: Thu, 14 Dec 2023 11:22:54 +0800 +Subject: [PATCH] vdpa: correct param passed in when unregister save + +The idstr passed in the unregister_savevm function is inconsisten +with the idstr passed in when register_savevm_live registration. +Needs to be modified, otherwise migration will fail after hotunplug +all vdpa devices. + +Signed-off-by: jiangdongxu +--- + hw/virtio/vdpa-dev-mig.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/virtio/vdpa-dev-mig.c b/hw/virtio/vdpa-dev-mig.c +index ee3e27f2bb..c71e71fd64 100644 +--- a/hw/virtio/vdpa-dev-mig.c ++++ b/hw/virtio/vdpa-dev-mig.c +@@ -400,6 +400,6 @@ void vdpa_migration_register(VhostVdpaDevice *vdev) + void vdpa_migration_unregister(VhostVdpaDevice *vdev) + { + remove_migration_state_change_notifier(&vdev->migration_state); +- unregister_savevm(VMSTATE_IF(&vdev->parent_obj.parent_obj), "vdpa", DEVICE(vdev)); ++ unregister_savevm(NULL, "vdpa", DEVICE(vdev)); + qemu_del_vm_change_state_handler(vdev->vmstate); + } +-- +2.27.0 + diff --git a/vdpa-don-t-suspend-resume-device-when-vdpa-device-no.patch b/vdpa-don-t-suspend-resume-device-when-vdpa-device-no.patch new file mode 100644 index 00000000..77e69328 --- /dev/null +++ b/vdpa-don-t-suspend-resume-device-when-vdpa-device-no.patch @@ -0,0 +1,67 @@ +From daab4fa364c508d793ed28a920d50cd76efe7633 Mon Sep 17 00:00:00 2001 +From: jiangdongxu +Date: Tue, 19 Dec 2023 20:32:00 +0800 +Subject: [PATCH] vdpa: don't suspend/resume device when vdpa device not + started + +When vdpa device not started, we don't need to suspend vdpa device +and send vdpa device state information. Therefore, add the suspended +flag of vdpa device to distinguish whether the device is suspended and +use it to determine whether the device needs to resume in dest qemu. + +Signed-off-by: jiangdongxu +--- + hw/virtio/vdpa-dev-mig.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +diff --git a/hw/virtio/vdpa-dev-mig.c b/hw/virtio/vdpa-dev-mig.c +index 4a45821892..9cd80f92eb 100644 +--- a/hw/virtio/vdpa-dev-mig.c ++++ b/hw/virtio/vdpa-dev-mig.c +@@ -296,10 +296,13 @@ static int vdpa_save_complete_precopy(QEMUFile *f, void *opaque) + int ret; + + qemu_put_be64(f, VDPA_MIG_FLAG_DEV_CONFIG_STATE); +- ret = vhost_vdpa_dev_buffer_save(hdev, f); +- if (ret) { +- error_report("Save vdpa device buffer failed: %d\n", ret); +- return ret; ++ qemu_put_be16(f, (uint16_t)vdev->suspended); ++ if (vdev->suspended) { ++ ret = vhost_vdpa_dev_buffer_save(hdev, f); ++ if (ret) { ++ error_report("Save vdpa device buffer failed: %d\n", ret); ++ return ret; ++ } + } + qemu_put_be64(f, VDPA_MIG_FLAG_END_OF_STATE); + +@@ -313,6 +316,7 @@ static int vdpa_load_state(QEMUFile *f, void *opaque, int version_id) + + int ret; + uint64_t data; ++ uint16_t suspended; + + data = qemu_get_be64(f); + while (data != VDPA_MIG_FLAG_END_OF_STATE) { +@@ -325,10 +329,13 @@ static int vdpa_load_state(QEMUFile *f, void *opaque, int version_id) + return -EINVAL; + } + } else if (data == VDPA_MIG_FLAG_DEV_CONFIG_STATE) { +- ret = vhost_vdpa_dev_buffer_load(hdev, f); +- if (ret) { +- error_report("fail to restore device buffer.\n"); +- return ret; ++ suspended = qemu_get_be16(f); ++ if (suspended) { ++ ret = vhost_vdpa_dev_buffer_load(hdev, f); ++ if (ret) { ++ error_report("fail to restore device buffer.\n"); ++ return ret; ++ } + } + } + +-- +2.27.0 + diff --git a/vdpa-set-vring-enable-only-if-the-vring-address-has-.patch b/vdpa-set-vring-enable-only-if-the-vring-address-has-.patch new file mode 100644 index 00000000..f3bc7b5c --- /dev/null +++ b/vdpa-set-vring-enable-only-if-the-vring-address-has-.patch @@ -0,0 +1,44 @@ +From 11c0e08a95c35adec07e3b40d1bd9452d7113236 Mon Sep 17 00:00:00 2001 +From: jiangdongxu +Date: Thu, 14 Dec 2023 11:05:52 +0800 +Subject: [PATCH] vdpa: set vring enable only if the vring address has already + been set + +Currently, vhost-vdpa does not determine the status of each vring when +performing the enable operation on vring. When the vBIOS(EDK2) is running, +the driver will not enable all vrings. In this case, setting all vrings +to enable is isconsistent with the actual situation. + +Add logic when enabling vring, make a judement on the vring status. If the +vring address is not set, the vring will not enabled. + +Signed-off-by: jiangdongxu +--- + hw/virtio/vhost-vdpa.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c +index c7aaff7f20..36ed0c9a99 100644 +--- a/hw/virtio/vhost-vdpa.c ++++ b/hw/virtio/vhost-vdpa.c +@@ -714,8 +714,17 @@ static int vhost_vdpa_get_vq_index(struct vhost_dev *dev, int idx) + static int vhost_vdpa_set_vring_ready(struct vhost_dev *dev) + { + int i; ++ int idx; ++ hwaddr addr; ++ + trace_vhost_vdpa_set_vring_ready(dev); + for (i = 0; i < dev->nvqs; ++i) { ++ idx = vhost_vdpa_get_vq_index(dev, dev->vq_index + i); ++ addr = virtio_queue_get_desc_addr(dev->vdev, idx); ++ if (addr == 0) { ++ continue; ++ } ++ + struct vhost_vring_state state = { + .index = dev->vq_index + i, + .num = 1, +-- +2.27.0 + diff --git a/vdpa-support-vdpa-device-suspend-resume.patch b/vdpa-support-vdpa-device-suspend-resume.patch new file mode 100644 index 00000000..2c94e7a3 --- /dev/null +++ b/vdpa-support-vdpa-device-suspend-resume.patch @@ -0,0 +1,119 @@ +From 06bb2d68ef70813167a633aa00779acf61c784b0 Mon Sep 17 00:00:00 2001 +From: jiangdongxu +Date: Tue, 19 Dec 2023 20:18:03 +0800 +Subject: [PATCH] vdpa: support vdpa device suspend/resume + +commit a21603f7ecfa 'vhost: implement vhost_vdpa_device_suspend/resume' +only implement suspend and resume interface used for migration. The +current implementation still has bugs when suspend/resume a virtual +machine. Fix it. + +Signed-off-by: jiangdongxu +--- + hw/virtio/vdpa-dev-mig.c | 16 +++++++++++----- + hw/virtio/vdpa-dev.c | 8 +------- + include/hw/virtio/vdpa-dev.h | 1 + + 3 files changed, 13 insertions(+), 12 deletions(-) + +diff --git a/hw/virtio/vdpa-dev-mig.c b/hw/virtio/vdpa-dev-mig.c +index c71e71fd64..4a45821892 100644 +--- a/hw/virtio/vdpa-dev-mig.c ++++ b/hw/virtio/vdpa-dev-mig.c +@@ -149,6 +149,7 @@ static int vhost_vdpa_device_suspend(VhostVdpaDevice *vdpa) + } + + vdpa->started = false; ++ vdpa->suspended = true; + + ret = vhost_dev_suspend(&vdpa->dev, vdev, false); + if (ret) { +@@ -171,6 +172,7 @@ set_guest_notifiers_fail: + } + + suspend_fail: ++ vdpa->suspended = false; + vdpa->started = true; + return ret; + } +@@ -207,6 +209,7 @@ static int vhost_vdpa_device_resume(VhostVdpaDevice *vdpa) + goto err_guest_notifiers; + } + vdpa->started = true; ++ vdpa->suspended = false; + + /* + * guest_notifier_mask/pending not used yet, so just unmask +@@ -247,7 +250,7 @@ static void vdpa_dev_vmstate_change(void *opaque, bool running, RunState state) + MigrationIncomingState *mis = migration_incoming_get_current(); + + if (!running) { +- if (ms->state == RUN_STATE_PAUSED) { ++ if (ms->state == MIGRATION_STATUS_ACTIVE || state == RUN_STATE_PAUSED) { + ret = vhost_vdpa_device_suspend(vdpa); + if (ret) { + error_report("suspend vdpa device failed: %d\n", ret); +@@ -257,16 +260,19 @@ static void vdpa_dev_vmstate_change(void *opaque, bool running, RunState state) + } + } + } else { +- if (ms->state == RUN_STATE_RESTORE_VM) { ++ if (vdpa->suspended) { + ret = vhost_vdpa_device_resume(vdpa); + if (ret) { +- error_report("migration dest resume device failed, abort!\n"); +- exit(EXIT_FAILURE); ++ error_report("vhost vdpa device resume failed: %d\n", ret); + } + } + + if (mis->state == RUN_STATE_RESTORE_VM) { +- vhost_vdpa_call(hdev, VHOST_VDPA_RESUME, NULL); ++ ret = vhost_vdpa_call(hdev, VHOST_VDPA_RESUME, NULL); ++ if (ret) { ++ error_report("migration dest resume device failed: %d\n", ret); ++ exit(EXIT_FAILURE); ++ } + /* post resume */ + mis->bh = qemu_bh_new(vdpa_dev_migration_handle_incoming_bh, + hdev); +diff --git a/hw/virtio/vdpa-dev.c b/hw/virtio/vdpa-dev.c +index 143dadc88d..04d8e96a5d 100644 +--- a/hw/virtio/vdpa-dev.c ++++ b/hw/virtio/vdpa-dev.c +@@ -315,7 +315,6 @@ static void vhost_vdpa_device_stop(VirtIODevice *vdev) + static void vhost_vdpa_device_set_status(VirtIODevice *vdev, uint8_t status) + { + VhostVdpaDevice *s = VHOST_VDPA_DEVICE(vdev); +- MigrationState *ms = migrate_get_current(); + bool should_start = virtio_device_started(vdev, status); + Error *local_err = NULL; + int ret; +@@ -324,12 +323,7 @@ static void vhost_vdpa_device_set_status(VirtIODevice *vdev, uint8_t status) + should_start = false; + } + +- if (s->started == should_start) { +- return; +- } +- +- if (ms->state == RUN_STATE_PAUSED || +- ms->state == RUN_STATE_RESTORE_VM) { ++ if (s->started == should_start || s->suspended) { + return; + } + +diff --git a/include/hw/virtio/vdpa-dev.h b/include/hw/virtio/vdpa-dev.h +index 20f50c76c6..60e9c3f3fe 100644 +--- a/include/hw/virtio/vdpa-dev.h ++++ b/include/hw/virtio/vdpa-dev.h +@@ -37,6 +37,7 @@ struct VhostVdpaDevice { + int config_size; + uint16_t queue_size; + bool started; ++ bool suspended; + int (*post_init)(VhostVdpaDevice *v, Error **errp); + VMChangeStateEntry *vmstate; + Notifier migration_state; +-- +2.27.0 + diff --git a/vdpa-suspend-function-return-0-when-the-vdpa-device-.patch b/vdpa-suspend-function-return-0-when-the-vdpa-device-.patch new file mode 100644 index 00000000..2c3c44a1 --- /dev/null +++ b/vdpa-suspend-function-return-0-when-the-vdpa-device-.patch @@ -0,0 +1,45 @@ +From bd3f62a0df7be244dcd7dab0632883354c476f17 Mon Sep 17 00:00:00 2001 +From: jiangdongxu +Date: Thu, 21 Dec 2023 11:03:37 +0800 +Subject: [PATCH] vdpa: suspend function return 0 when the vdpa device is + stopped + +When vhost vdpa device is stopped(vdpa->started is false), suspend +operation do nothing and return success, instead of return failure. + +The same goes for resume function. + +Signed-off-by: jiangdongxu +--- + hw/virtio/vdpa-dev-mig.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/vdpa-dev-mig.c b/hw/virtio/vdpa-dev-mig.c +index 9cd80f92eb..679d37b182 100644 +--- a/hw/virtio/vdpa-dev-mig.c ++++ b/hw/virtio/vdpa-dev-mig.c +@@ -140,8 +140,8 @@ static int vhost_vdpa_device_suspend(VhostVdpaDevice *vdpa) + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus); + int ret; + +- if (!vdpa->started) { +- return -EFAULT; ++ if (!vdpa->started || vdpa->suspended) { ++ return 0; + } + + if (!k->set_guest_notifiers) { +@@ -184,6 +184,10 @@ static int vhost_vdpa_device_resume(VhostVdpaDevice *vdpa) + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus); + int i, ret; + ++ if (vdpa->started || !vdpa->suspended) { ++ return 0; ++ } ++ + if (!k->set_guest_notifiers) { + error_report("binding does not support guest notifiers\n"); + return -ENOSYS; +-- +2.27.0 + diff --git a/virtio-vhost-vsock-don-t-double-close-vhostfd-remove.patch b/virtio-vhost-vsock-don-t-double-close-vhostfd-remove.patch new file mode 100644 index 00000000..b554e7a1 --- /dev/null +++ b/virtio-vhost-vsock-don-t-double-close-vhostfd-remove.patch @@ -0,0 +1,57 @@ +From 1d888e71517be4a0793b5a03b4a2234c55953c8f Mon Sep 17 00:00:00 2001 +From: boringandboring +Date: Fri, 8 Dec 2023 10:02:51 +0800 +Subject: [PATCH] virtio/vhost-vsock: don't double close vhostfd, remove + redundant cleanup + +cherry picked from d731ab31196579144457c7f2fa3649338bfb21f2 + +In case of an error during initialization in vhost_dev_init, vhostfd is +closed in vhost_dev_cleanup. Remove close from err_virtio as it's both +redundant and causes a double close on vhostfd. + +Signed-off-by: Daniil Tatianin +Message-Id: <20211129125204.1108088-1-d-tatianin@yandex-team.ru> +Reviewed-by: Stefano Garzarella +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: boringandboring +--- + hw/virtio/vhost-vsock.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/hw/virtio/vhost-vsock.c b/hw/virtio/vhost-vsock.c +index 478c0c9a87..433d42d897 100644 +--- a/hw/virtio/vhost-vsock.c ++++ b/hw/virtio/vhost-vsock.c +@@ -171,6 +171,10 @@ static void vhost_vsock_device_realize(DeviceState *dev, Error **errp) + ret = vhost_dev_init(&vvc->vhost_dev, (void *)(uintptr_t)vhostfd, + VHOST_BACKEND_TYPE_KERNEL, 0, errp); + if (ret < 0) { ++ /* ++ * vhostfd is closed by vhost_dev_cleanup, which is called ++ * by vhost_dev_init on initialization error. ++ */ + goto err_virtio; + } + +@@ -183,15 +187,10 @@ static void vhost_vsock_device_realize(DeviceState *dev, Error **errp) + return; + + err_vhost_dev: +- vhost_dev_cleanup(&vvc->vhost_dev); + /* vhost_dev_cleanup() closes the vhostfd passed to vhost_dev_init() */ +- vhostfd = -1; ++ vhost_dev_cleanup(&vvc->vhost_dev); + err_virtio: + vhost_vsock_common_unrealize(vdev); +- if (vhostfd >= 0) { +- close(vhostfd); +- } +- return; + } + + static void vhost_vsock_device_unrealize(DeviceState *dev) +-- +2.27.0 + -- Gitee