Compare commits
No commits in common. "5bdf1bebba9cda239f6c9223c921c8b6f2b46a69" and "db293008eeaf65057481eb15d73602232efd9df0" have entirely different histories.
5bdf1bebba
...
db293008ee
45
debian/changelog
vendored
45
debian/changelog
vendored
@ -1,48 +1,3 @@
|
|||||||
pve-qemu-kvm (9.0.0-4) bookworm; urgency=medium
|
|
||||||
|
|
||||||
* fix crash after saving a snapshot without including VM state when a VirtIO
|
|
||||||
block device with iothread is configured.
|
|
||||||
|
|
||||||
* fix edge case in error handling when opening a block device from PBS fails
|
|
||||||
|
|
||||||
* minor code cleanup in backup code
|
|
||||||
|
|
||||||
-- Proxmox Support Team <support@proxmox.com> Mon, 01 Jul 2024 11:26:11 +0200
|
|
||||||
|
|
||||||
pve-qemu-kvm (9.0.0-3) bookworm; urgency=medium
|
|
||||||
|
|
||||||
* fix crash when doing resize after hotplugging a disk using io_uring
|
|
||||||
|
|
||||||
* fix some minor issues in software CPU emulation (i.e. non-KVM) for ARM and
|
|
||||||
x86(_64)
|
|
||||||
|
|
||||||
-- Proxmox Support Team <support@proxmox.com> Wed, 29 May 2024 15:55:44 +0200
|
|
||||||
|
|
||||||
pve-qemu-kvm (9.0.0-2) bookworm; urgency=medium
|
|
||||||
|
|
||||||
* fix #5409: backup: fix copy-before-write timeout
|
|
||||||
|
|
||||||
* backup: improve error when copy-before-write fails for fleecing
|
|
||||||
|
|
||||||
* fix forwards and backwards migration with VirtIO-GPU display
|
|
||||||
|
|
||||||
* fix a regression in pflash device introduced in 8.2
|
|
||||||
|
|
||||||
* revert a commit for VirtIO PCI devices that turned out to cause more
|
|
||||||
potential security issues than what it fixed
|
|
||||||
|
|
||||||
* move compatibility flags for a new VirtIO-net feature to the correct
|
|
||||||
machine type. The feature was introduced in QEMU 8.2, but the
|
|
||||||
compatibility flags got added to machine version 8.0 instead of 8.1. This
|
|
||||||
breaks backwards migration with machine version 8.1 from a 8.2/9.0 binary
|
|
||||||
to an 8.1 binary, in cases where the guest kernel enables the feature
|
|
||||||
(e.g. Ubuntu 23.10).
|
|
||||||
While that breaks migration with machine version 8.1 from an unpatched to
|
|
||||||
a patched binary, Proxmox VE only ever had 8.2 on the test repository and
|
|
||||||
9.0 not yet in any public repository.
|
|
||||||
|
|
||||||
-- Proxmox Support Team <support@proxmox.com> Fri, 17 May 2024 17:04:52 +0200
|
|
||||||
|
|
||||||
pve-qemu-kvm (9.0.0-1) bookworm; urgency=medium
|
pve-qemu-kvm (9.0.0-1) bookworm; urgency=medium
|
||||||
|
|
||||||
* update submodule and patches to QEMU 9.0.0
|
* update submodule and patches to QEMU 9.0.0
|
||||||
|
@ -1,98 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
||||||
Date: Thu, 16 May 2024 12:40:22 +0400
|
|
||||||
Subject: [PATCH] virtio-gpu: fix v2 migration
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Commit dfcf74fa ("virtio-gpu: fix scanout migration post-load") broke
|
|
||||||
forward/backward version migration. Versioning of nested VMSD structures
|
|
||||||
is not straightforward, as the wire format doesn't have nested
|
|
||||||
structures versions. Introduce x-scanout-vmstate-version and a field
|
|
||||||
test to save/load appropriately according to the machine version.
|
|
||||||
|
|
||||||
Fixes: dfcf74fa ("virtio-gpu: fix scanout migration post-load")
|
|
||||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
||||||
Signed-off-by: Peter Xu <peterx@redhat.com>
|
|
||||||
---
|
|
||||||
hw/core/machine.c | 1 +
|
|
||||||
hw/display/virtio-gpu.c | 24 ++++++++++++++++--------
|
|
||||||
include/hw/virtio/virtio-gpu.h | 1 +
|
|
||||||
3 files changed, 18 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/core/machine.c b/hw/core/machine.c
|
|
||||||
index 37ede0e7d4..d33a37a6f6 100644
|
|
||||||
--- a/hw/core/machine.c
|
|
||||||
+++ b/hw/core/machine.c
|
|
||||||
@@ -37,6 +37,7 @@ GlobalProperty hw_compat_8_2[] = {
|
|
||||||
{ "migration", "zero-page-detection", "legacy"},
|
|
||||||
{ TYPE_VIRTIO_IOMMU_PCI, "granule", "4k" },
|
|
||||||
{ TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" },
|
|
||||||
+ { "virtio-gpu-device", "x-scanout-vmstate-version", "1" },
|
|
||||||
};
|
|
||||||
const size_t hw_compat_8_2_len = G_N_ELEMENTS(hw_compat_8_2);
|
|
||||||
|
|
||||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
|
||||||
index ae831b6b3e..85323daf99 100644
|
|
||||||
--- a/hw/display/virtio-gpu.c
|
|
||||||
+++ b/hw/display/virtio-gpu.c
|
|
||||||
@@ -1166,10 +1166,17 @@ static void virtio_gpu_cursor_bh(void *opaque)
|
|
||||||
virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static bool scanout_vmstate_after_v2(void *opaque, int version)
|
|
||||||
+{
|
|
||||||
+ struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout);
|
|
||||||
+ struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj);
|
|
||||||
+
|
|
||||||
+ return gpu->scanout_vmstate_version >= 2;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static const VMStateDescription vmstate_virtio_gpu_scanout = {
|
|
||||||
.name = "virtio-gpu-one-scanout",
|
|
||||||
- .version_id = 2,
|
|
||||||
- .minimum_version_id = 1,
|
|
||||||
+ .version_id = 1,
|
|
||||||
.fields = (const VMStateField[]) {
|
|
||||||
VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
|
|
||||||
VMSTATE_UINT32(width, struct virtio_gpu_scanout),
|
|
||||||
@@ -1181,12 +1188,12 @@ static const VMStateDescription vmstate_virtio_gpu_scanout = {
|
|
||||||
VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
|
|
||||||
VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
|
|
||||||
VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
|
|
||||||
- VMSTATE_UINT32_V(fb.format, struct virtio_gpu_scanout, 2),
|
|
||||||
- VMSTATE_UINT32_V(fb.bytes_pp, struct virtio_gpu_scanout, 2),
|
|
||||||
- VMSTATE_UINT32_V(fb.width, struct virtio_gpu_scanout, 2),
|
|
||||||
- VMSTATE_UINT32_V(fb.height, struct virtio_gpu_scanout, 2),
|
|
||||||
- VMSTATE_UINT32_V(fb.stride, struct virtio_gpu_scanout, 2),
|
|
||||||
- VMSTATE_UINT32_V(fb.offset, struct virtio_gpu_scanout, 2),
|
|
||||||
+ VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
|
|
||||||
+ VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
|
|
||||||
+ VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
|
|
||||||
+ VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
|
|
||||||
+ VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
|
|
||||||
+ VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
|
|
||||||
VMSTATE_END_OF_LIST()
|
|
||||||
},
|
|
||||||
};
|
|
||||||
@@ -1659,6 +1666,7 @@ static Property virtio_gpu_properties[] = {
|
|
||||||
DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
|
|
||||||
VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
|
|
||||||
DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0),
|
|
||||||
+ DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2),
|
|
||||||
DEFINE_PROP_END_OF_LIST(),
|
|
||||||
};
|
|
||||||
|
|
||||||
diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
|
|
||||||
index ed44cdad6b..842315d51d 100644
|
|
||||||
--- a/include/hw/virtio/virtio-gpu.h
|
|
||||||
+++ b/include/hw/virtio/virtio-gpu.h
|
|
||||||
@@ -177,6 +177,7 @@ typedef struct VGPUDMABuf {
|
|
||||||
struct VirtIOGPU {
|
|
||||||
VirtIOGPUBase parent_obj;
|
|
||||||
|
|
||||||
+ uint8_t scanout_vmstate_version;
|
|
||||||
uint64_t conf_max_hostmem;
|
|
||||||
|
|
||||||
VirtQueue *ctrl_vq;
|
|
@ -1,59 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Date: Thu, 16 May 2024 10:46:34 +0200
|
|
||||||
Subject: [PATCH] hw/pflash: fix block write start
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Move the pflash_blk_write_start() call. We need the offset of the
|
|
||||||
first data write, not the offset for the setup (number-of-bytes)
|
|
||||||
write. Without this fix u-boot can do block writes to the first
|
|
||||||
flash block only.
|
|
||||||
|
|
||||||
While being at it drop a leftover FIXME.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2343
|
|
||||||
Fixes: fcc79f2e0955 ("hw/pflash: implement update buffer for block writes")
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
|
||||||
(picked up from https://lists.nongnu.org/archive/html/qemu-stable/2024-05/msg00091.html)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
hw/block/pflash_cfi01.c | 8 +++-----
|
|
||||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
|
|
||||||
index 1bda8424b9..c8f1cf5a87 100644
|
|
||||||
--- a/hw/block/pflash_cfi01.c
|
|
||||||
+++ b/hw/block/pflash_cfi01.c
|
|
||||||
@@ -518,10 +518,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
|
|
||||||
break;
|
|
||||||
case 0xe8: /* Write to buffer */
|
|
||||||
trace_pflash_write(pfl->name, "write to buffer");
|
|
||||||
- /* FIXME should save @offset, @width for case 1+ */
|
|
||||||
- qemu_log_mask(LOG_UNIMP,
|
|
||||||
- "%s: Write to buffer emulation is flawed\n",
|
|
||||||
- __func__);
|
|
||||||
pfl->status |= 0x80; /* Ready! */
|
|
||||||
break;
|
|
||||||
case 0xf0: /* Probe for AMD flash */
|
|
||||||
@@ -574,7 +570,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
|
|
||||||
}
|
|
||||||
pfl->counter = value;
|
|
||||||
pfl->wcycle++;
|
|
||||||
- pflash_blk_write_start(pfl, offset);
|
|
||||||
break;
|
|
||||||
case 0x60:
|
|
||||||
if (cmd == 0xd0) {
|
|
||||||
@@ -605,6 +600,9 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
|
|
||||||
switch (pfl->cmd) {
|
|
||||||
case 0xe8: /* Block write */
|
|
||||||
/* FIXME check @offset, @width */
|
|
||||||
+ if (pfl->blk_offset == -1 && pfl->counter) {
|
|
||||||
+ pflash_blk_write_start(pfl, offset);
|
|
||||||
+ }
|
|
||||||
if (!pfl->ro && (pfl->blk_offset != -1)) {
|
|
||||||
pflash_data_write(pfl, offset, value, width, be);
|
|
||||||
} else {
|
|
@ -1,51 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Date: Thu, 9 May 2024 12:38:10 +0200
|
|
||||||
Subject: [PATCH] target/i386: fix operand size for DATA16 REX.W POPCNT
|
|
||||||
|
|
||||||
According to the manual, 32-bit vs 64-bit is governed by REX.W
|
|
||||||
and REX ignores the 0x66 prefix. This can be confirmed with this
|
|
||||||
program:
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
int main()
|
|
||||||
{
|
|
||||||
int x = 0x12340000;
|
|
||||||
int y;
|
|
||||||
asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y);
|
|
||||||
asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); printf("%x\n", y);
|
|
||||||
asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); printf("%x\n", y);
|
|
||||||
}
|
|
||||||
|
|
||||||
which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000
|
|
||||||
on QEMU.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
|
|
||||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b)
|
|
||||||
[FE: keep mo_64_32 helper which still has other users in 9.0.0]
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/tcg/translate.c | 7 +------
|
|
||||||
1 file changed, 1 insertion(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
|
|
||||||
index 76a42c679c..b60f3bd642 100644
|
|
||||||
--- a/target/i386/tcg/translate.c
|
|
||||||
+++ b/target/i386/tcg/translate.c
|
|
||||||
@@ -6799,12 +6799,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
|
|
||||||
modrm = x86_ldub_code(env, s);
|
|
||||||
reg = ((modrm >> 3) & 7) | REX_R(s);
|
|
||||||
|
|
||||||
- if (s->prefix & PREFIX_DATA) {
|
|
||||||
- ot = MO_16;
|
|
||||||
- } else {
|
|
||||||
- ot = mo_64_32(dflag);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
+ ot = dflag;
|
|
||||||
gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
|
|
||||||
gen_extu(ot, s->T0);
|
|
||||||
tcg_gen_mov_tl(cpu_cc_src, s->T0);
|
|
@ -1,40 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Date: Thu, 9 May 2024 15:55:47 +0200
|
|
||||||
Subject: [PATCH] target/i386: rdpkru/wrpkru are no-prefix instructions
|
|
||||||
|
|
||||||
Reject 0x66/0xf3/0xf2 in front of them.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 40a3ec7b5ffde500789d016660a171057d6b467c)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/tcg/translate.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
|
|
||||||
index b60f3bd642..3e949fe964 100644
|
|
||||||
--- a/target/i386/tcg/translate.c
|
|
||||||
+++ b/target/i386/tcg/translate.c
|
|
||||||
@@ -6083,7 +6083,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
|
|
||||||
gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
|
|
||||||
break;
|
|
||||||
case 0xee: /* rdpkru */
|
|
||||||
- if (prefixes & PREFIX_LOCK) {
|
|
||||||
+ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
|
|
||||||
+ | PREFIX_REPZ | PREFIX_REPNZ)) {
|
|
||||||
goto illegal_op;
|
|
||||||
}
|
|
||||||
tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
|
|
||||||
@@ -6091,7 +6092,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
|
|
||||||
tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
|
|
||||||
break;
|
|
||||||
case 0xef: /* wrpkru */
|
|
||||||
- if (prefixes & PREFIX_LOCK) {
|
|
||||||
+ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
|
|
||||||
+ | PREFIX_REPZ | PREFIX_REPNZ)) {
|
|
||||||
goto illegal_op;
|
|
||||||
}
|
|
||||||
tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
|
|
@ -1,33 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Date: Wed, 8 May 2024 11:10:54 +0200
|
|
||||||
Subject: [PATCH] target/i386: fix feature dependency for WAITPKG
|
|
||||||
|
|
||||||
The VMX feature bit depends on general availability of WAITPKG,
|
|
||||||
not the other way round.
|
|
||||||
|
|
||||||
Fixes: 33cc88261c3 ("target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE", 2023-08-28)
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit fe01af5d47d4cf7fdf90c54d43f784e5068c8d72)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/cpu.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
|
||||||
index 33760a2ee1..e693f8ca9a 100644
|
|
||||||
--- a/target/i386/cpu.c
|
|
||||||
+++ b/target/i386/cpu.c
|
|
||||||
@@ -1550,8 +1550,8 @@ static FeatureDep feature_dependencies[] = {
|
|
||||||
.to = { FEAT_SVM, ~0ull },
|
|
||||||
},
|
|
||||||
{
|
|
||||||
- .from = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE },
|
|
||||||
- .to = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG },
|
|
||||||
+ .from = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG },
|
|
||||||
+ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE },
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
@ -1,87 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
Date: Thu, 16 May 2024 12:59:52 +0200
|
|
||||||
Subject: [PATCH] Revert "virtio-pci: fix use of a released vector"
|
|
||||||
|
|
||||||
This reverts commit 2ce6cff94df2650c460f809e5ad263f1d22507c0.
|
|
||||||
|
|
||||||
The fix causes some issues:
|
|
||||||
https://gitlab.com/qemu-project/qemu/-/issues/2321
|
|
||||||
https://gitlab.com/qemu-project/qemu/-/issues/2334
|
|
||||||
|
|
||||||
The CVE fixed by commit 2ce6cff94d ("virtio-pci: fix use of a released
|
|
||||||
vector") is CVE-2024-4693 [0] and allows a malicious guest that
|
|
||||||
controls the boot process in the guest to crash its QEMU process.
|
|
||||||
|
|
||||||
The issues sound worse than the CVE, so revert until there is a proper
|
|
||||||
fix.
|
|
||||||
|
|
||||||
[0]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4693
|
|
||||||
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
hw/virtio/virtio-pci.c | 37 ++-----------------------------------
|
|
||||||
1 file changed, 2 insertions(+), 35 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
|
|
||||||
index cb159fd078..cb6940fc0e 100644
|
|
||||||
--- a/hw/virtio/virtio-pci.c
|
|
||||||
+++ b/hw/virtio/virtio-pci.c
|
|
||||||
@@ -1424,38 +1424,6 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
|
|
||||||
return offset;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void virtio_pci_set_vector(VirtIODevice *vdev,
|
|
||||||
- VirtIOPCIProxy *proxy,
|
|
||||||
- int queue_no, uint16_t old_vector,
|
|
||||||
- uint16_t new_vector)
|
|
||||||
-{
|
|
||||||
- bool kvm_irqfd = (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
|
|
||||||
- msix_enabled(&proxy->pci_dev) && kvm_msi_via_irqfd_enabled();
|
|
||||||
-
|
|
||||||
- if (new_vector == old_vector) {
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * If the device uses irqfd and the vector changes after DRIVER_OK is
|
|
||||||
- * set, we need to release the old vector and set up the new one.
|
|
||||||
- * Otherwise just need to set the new vector on the device.
|
|
||||||
- */
|
|
||||||
- if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR) {
|
|
||||||
- kvm_virtio_pci_vector_release_one(proxy, queue_no);
|
|
||||||
- }
|
|
||||||
- /* Set the new vector on the device. */
|
|
||||||
- if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
|
|
||||||
- vdev->config_vector = new_vector;
|
|
||||||
- } else {
|
|
||||||
- virtio_queue_set_vector(vdev, queue_no, new_vector);
|
|
||||||
- }
|
|
||||||
- /* If the new vector changed need to set it up. */
|
|
||||||
- if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR) {
|
|
||||||
- kvm_virtio_pci_vector_use_one(proxy, queue_no);
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy,
|
|
||||||
uint8_t bar, uint64_t offset, uint64_t length,
|
|
||||||
uint8_t id)
|
|
||||||
@@ -1602,8 +1570,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
|
|
||||||
} else {
|
|
||||||
val = VIRTIO_NO_VECTOR;
|
|
||||||
}
|
|
||||||
- virtio_pci_set_vector(vdev, proxy, VIRTIO_CONFIG_IRQ_IDX,
|
|
||||||
- vdev->config_vector, val);
|
|
||||||
+ vdev->config_vector = val;
|
|
||||||
break;
|
|
||||||
case VIRTIO_PCI_COMMON_STATUS:
|
|
||||||
if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
|
|
||||||
@@ -1643,7 +1610,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
|
|
||||||
} else {
|
|
||||||
val = VIRTIO_NO_VECTOR;
|
|
||||||
}
|
|
||||||
- virtio_pci_set_vector(vdev, proxy, vdev->queue_sel, vector, val);
|
|
||||||
+ virtio_queue_set_vector(vdev, vdev->queue_sel, val);
|
|
||||||
break;
|
|
||||||
case VIRTIO_PCI_COMMON_Q_ENABLE:
|
|
||||||
if (val == 1) {
|
|
@ -1,57 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
Date: Thu, 16 May 2024 15:21:07 +0200
|
|
||||||
Subject: [PATCH] hw/core/machine: move compatibility flags for VirtIO-net USO
|
|
||||||
to machine 8.1
|
|
||||||
|
|
||||||
Migration from an 8.2 or 9.0 binary to an 8.1 binary with machine
|
|
||||||
version 8.1 can fail with:
|
|
||||||
|
|
||||||
> kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7
|
|
||||||
> kvm: Failed to load virtio-net:virtio
|
|
||||||
> kvm: error while loading state for instance 0x0 of device '0000:00:12.0/virtio-net'
|
|
||||||
> kvm: load of migration failed: Operation not permitted
|
|
||||||
|
|
||||||
The series
|
|
||||||
|
|
||||||
53da8b5a99 virtio-net: Add support for USO features
|
|
||||||
9da1684954 virtio-net: Add USO flags to vhost support.
|
|
||||||
f03e0cf63b tap: Add check for USO features
|
|
||||||
2ab0ec3121 tap: Add USO support to tap device.
|
|
||||||
|
|
||||||
only landed in QEMU 8.2, so the compatibility flags should be part of
|
|
||||||
machine version 8.1.
|
|
||||||
|
|
||||||
Moving the flags unfortunately breaks forward migration with machine
|
|
||||||
version 8.1 from a binary without this patch to a binary with this
|
|
||||||
patch when the feature is enabled by the guest.
|
|
||||||
|
|
||||||
Fixes: 53da8b5a99 ("virtio-net: Add support for USO features")
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
hw/core/machine.c | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/core/machine.c b/hw/core/machine.c
|
|
||||||
index d33a37a6f6..4273de16a0 100644
|
|
||||||
--- a/hw/core/machine.c
|
|
||||||
+++ b/hw/core/machine.c
|
|
||||||
@@ -46,15 +46,15 @@ GlobalProperty hw_compat_8_1[] = {
|
|
||||||
{ "ramfb", "x-migrate", "off" },
|
|
||||||
{ "vfio-pci-nohotplug", "x-ramfb-migrate", "off" },
|
|
||||||
{ "igb", "x-pcie-flr-init", "off" },
|
|
||||||
+ { TYPE_VIRTIO_NET, "host_uso", "off"},
|
|
||||||
+ { TYPE_VIRTIO_NET, "guest_uso4", "off"},
|
|
||||||
+ { TYPE_VIRTIO_NET, "guest_uso6", "off"},
|
|
||||||
};
|
|
||||||
const size_t hw_compat_8_1_len = G_N_ELEMENTS(hw_compat_8_1);
|
|
||||||
|
|
||||||
GlobalProperty hw_compat_8_0[] = {
|
|
||||||
{ "migration", "multifd-flush-after-each-section", "on"},
|
|
||||||
{ TYPE_PCI_DEVICE, "x-pcie-ari-nextfn-1", "on" },
|
|
||||||
- { TYPE_VIRTIO_NET, "host_uso", "off"},
|
|
||||||
- { TYPE_VIRTIO_NET, "guest_uso4", "off"},
|
|
||||||
- { TYPE_VIRTIO_NET, "guest_uso6", "off"},
|
|
||||||
};
|
|
||||||
const size_t hw_compat_8_0_len = G_N_ELEMENTS(hw_compat_8_0);
|
|
||||||
|
|
@ -1,53 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
|
||||||
Date: Mon, 6 May 2024 15:06:21 -0400
|
|
||||||
Subject: [PATCH] Revert "monitor: use aio_co_reschedule_self()"
|
|
||||||
|
|
||||||
Commit 1f25c172f837 ("monitor: use aio_co_reschedule_self()") was a code
|
|
||||||
cleanup that uses aio_co_reschedule_self() instead of open coding
|
|
||||||
coroutine rescheduling.
|
|
||||||
|
|
||||||
Bug RHEL-34618 was reported and Kevin Wolf <kwolf@redhat.com> identified
|
|
||||||
the root cause. I missed that aio_co_reschedule_self() ->
|
|
||||||
qemu_get_current_aio_context() only knows about
|
|
||||||
qemu_aio_context/IOThread AioContexts and not about iohandler_ctx. It
|
|
||||||
does not function correctly when going back from the iohandler_ctx to
|
|
||||||
qemu_aio_context.
|
|
||||||
|
|
||||||
Go back to open coding the AioContext transitions to avoid this bug.
|
|
||||||
|
|
||||||
This reverts commit 1f25c172f83704e350c0829438d832384084a74d.
|
|
||||||
|
|
||||||
Buglink: https://issues.redhat.com/browse/RHEL-34618
|
|
||||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
||||||
(picked from: https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg01090.html)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
qapi/qmp-dispatch.c | 7 +++++--
|
|
||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
|
|
||||||
index 2624eb3470..790bb7d1da 100644
|
|
||||||
--- a/qapi/qmp-dispatch.c
|
|
||||||
+++ b/qapi/qmp-dispatch.c
|
|
||||||
@@ -224,7 +224,8 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
|
|
||||||
* executing the command handler so that it can make progress if it
|
|
||||||
* involves an AIO_WAIT_WHILE().
|
|
||||||
*/
|
|
||||||
- aio_co_reschedule_self(qemu_get_aio_context());
|
|
||||||
+ aio_co_schedule(qemu_get_aio_context(), qemu_coroutine_self());
|
|
||||||
+ qemu_coroutine_yield();
|
|
||||||
}
|
|
||||||
|
|
||||||
monitor_set_cur(qemu_coroutine_self(), cur_mon);
|
|
||||||
@@ -238,7 +239,9 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
|
|
||||||
* Move back to iohandler_ctx so that nested event loops for
|
|
||||||
* qemu_aio_context don't start new monitor commands.
|
|
||||||
*/
|
|
||||||
- aio_co_reschedule_self(iohandler_get_aio_context());
|
|
||||||
+ aio_co_schedule(iohandler_get_aio_context(),
|
|
||||||
+ qemu_coroutine_self());
|
|
||||||
+ qemu_coroutine_yield();
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
/*
|
|
@ -1,51 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Date: Mon, 22 Apr 2024 10:07:22 -0700
|
|
||||||
Subject: [PATCH] target/arm: Restrict translation disabled alignment check to
|
|
||||||
VMSA
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
For cpus using PMSA, when the MPU is disabled, the default memory
|
|
||||||
type is Normal, Non-cachable. This means that it should not
|
|
||||||
have alignment restrictions enforced.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Fixes: 59754f85ed3 ("target/arm: Do memory type alignment check when translation disabled")
|
|
||||||
Reported-by: Clément Chigot <chigot@adacore.com>
|
|
||||||
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
|
||||||
Tested-by: Clément Chigot <chigot@adacore.com>
|
|
||||||
Message-id: 20240422170722.117409-1-richard.henderson@linaro.org
|
|
||||||
[PMM: trivial comment, commit message tweaks]
|
|
||||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
||||||
(cherry picked from commit 7b19a3554d2df22d29c75319a1dac17615d1b20e)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/arm/tcg/hflags.c | 12 ++++++++++--
|
|
||||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c
|
|
||||||
index 5da1b0fc1d..f03977b4b0 100644
|
|
||||||
--- a/target/arm/tcg/hflags.c
|
|
||||||
+++ b/target/arm/tcg/hflags.c
|
|
||||||
@@ -38,8 +38,16 @@ static bool aprofile_require_alignment(CPUARMState *env, int el, uint64_t sctlr)
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * If translation is disabled, then the default memory type is
|
|
||||||
- * Device(-nGnRnE) instead of Normal, which requires that alignment
|
|
||||||
+ * With PMSA, when the MPU is disabled, all memory types in the
|
|
||||||
+ * default map are Normal, so don't need aligment enforcing.
|
|
||||||
+ */
|
|
||||||
+ if (arm_feature(env, ARM_FEATURE_PMSA)) {
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * With VMSA, if translation is disabled, then the default memory type
|
|
||||||
+ * is Device(-nGnRnE) instead of Normal, which requires that alignment
|
|
||||||
* be enforced. Since this affects all ram, it is most efficient
|
|
||||||
* to handle this during translation.
|
|
||||||
*/
|
|
@ -1,80 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ruihan Li <lrh2000@pku.edu.cn>
|
|
||||||
Date: Mon, 15 Apr 2024 14:45:21 +0800
|
|
||||||
Subject: [PATCH] target/i386: Give IRQs a chance when resetting
|
|
||||||
HF_INHIBIT_IRQ_MASK
|
|
||||||
|
|
||||||
When emulated with QEMU, interrupts will never come in the following
|
|
||||||
loop. However, if the NOP instruction is uncommented, interrupts will
|
|
||||||
fire as normal.
|
|
||||||
|
|
||||||
loop:
|
|
||||||
cli
|
|
||||||
call do_sti
|
|
||||||
jmp loop
|
|
||||||
|
|
||||||
do_sti:
|
|
||||||
sti
|
|
||||||
# nop
|
|
||||||
ret
|
|
||||||
|
|
||||||
This behavior is different from that of a real processor. For example,
|
|
||||||
if KVM is enabled, interrupts will always fire regardless of whether the
|
|
||||||
NOP instruction is commented or not. Also, the Intel Software Developer
|
|
||||||
Manual states that after the STI instruction is executed, the interrupt
|
|
||||||
inhibit should end as soon as the next instruction (e.g., the RET
|
|
||||||
instruction if the NOP instruction is commented) is executed.
|
|
||||||
|
|
||||||
This problem is caused because the previous code may choose not to end
|
|
||||||
the TB even if the HF_INHIBIT_IRQ_MASK has just been reset (e.g., in the
|
|
||||||
case where the STI instruction is immediately followed by the RET
|
|
||||||
instruction), so that IRQs may not have a change to trigger. This commit
|
|
||||||
fixes the problem by always terminating the current TB to give IRQs a
|
|
||||||
chance to trigger when HF_INHIBIT_IRQ_MASK is reset.
|
|
||||||
|
|
||||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
|
|
||||||
Message-ID: <20240415064518.4951-4-lrh2000@pku.edu.cn>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 6a5a63f74ba5c5355b7a8468d3d814bfffe928fb)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/tcg/translate.c | 14 ++++++++++----
|
|
||||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
|
|
||||||
index 3e949fe964..b5ebff2c89 100644
|
|
||||||
--- a/target/i386/tcg/translate.c
|
|
||||||
+++ b/target/i386/tcg/translate.c
|
|
||||||
@@ -2798,13 +2798,17 @@ static void gen_bnd_jmp(DisasContext *s)
|
|
||||||
static void
|
|
||||||
do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
|
|
||||||
{
|
|
||||||
+ bool inhibit_reset;
|
|
||||||
+
|
|
||||||
gen_update_cc_op(s);
|
|
||||||
|
|
||||||
/* If several instructions disable interrupts, only the first does it. */
|
|
||||||
- if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
|
|
||||||
- gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
|
|
||||||
- } else {
|
|
||||||
+ inhibit_reset = false;
|
|
||||||
+ if (s->flags & HF_INHIBIT_IRQ_MASK) {
|
|
||||||
gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
|
|
||||||
+ inhibit_reset = true;
|
|
||||||
+ } else if (inhibit) {
|
|
||||||
+ gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (s->base.tb->flags & HF_RF_MASK) {
|
|
||||||
@@ -2815,7 +2819,9 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
|
|
||||||
tcg_gen_exit_tb(NULL, 0);
|
|
||||||
} else if (s->flags & HF_TF_MASK) {
|
|
||||||
gen_helper_single_step(tcg_env);
|
|
||||||
- } else if (jr) {
|
|
||||||
+ } else if (jr &&
|
|
||||||
+ /* give irqs a chance to happen */
|
|
||||||
+ !inhibit_reset) {
|
|
||||||
tcg_gen_lookup_and_goto_ptr();
|
|
||||||
} else {
|
|
||||||
tcg_gen_exit_tb(NULL, 0);
|
|
@ -1,60 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: donsheng <dongsheng.x.zhang@intel.com>
|
|
||||||
Date: Wed, 22 May 2024 04:01:14 +0800
|
|
||||||
Subject: [PATCH] target-i386: hyper-v: Correct kvm_hv_handle_exit return value
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
This bug fix addresses the incorrect return value of kvm_hv_handle_exit for
|
|
||||||
KVM_EXIT_HYPERV_SYNIC, which should be EXCP_INTERRUPT.
|
|
||||||
|
|
||||||
Handling of KVM_EXIT_HYPERV_SYNIC in QEMU needs to be synchronous.
|
|
||||||
This means that async_synic_update should run in the current QEMU vCPU
|
|
||||||
thread before returning to KVM, returning EXCP_INTERRUPT to guarantee this.
|
|
||||||
Returning 0 can cause async_synic_update to run asynchronously.
|
|
||||||
|
|
||||||
One problem (kvm-unit-tests's hyperv_synic test fails with timeout error)
|
|
||||||
caused by this bug:
|
|
||||||
|
|
||||||
When a guest VM writes to the HV_X64_MSR_SCONTROL MSR to enable Hyper-V SynIC,
|
|
||||||
a VM exit is triggered and processed by the kvm_hv_handle_exit function of the
|
|
||||||
QEMU vCPU. This function then calls the async_synic_update function to set
|
|
||||||
synic->sctl_enabled to true. A true value of synic->sctl_enabled is required
|
|
||||||
before creating SINT routes using the hyperv_sint_route_new() function.
|
|
||||||
|
|
||||||
If kvm_hv_handle_exit returns 0 for KVM_EXIT_HYPERV_SYNIC, the current QEMU
|
|
||||||
vCPU thread may return to KVM and enter the guest VM before running
|
|
||||||
async_synic_update. In such case, the hyperv_synic test’s subsequent call to
|
|
||||||
synic_ctl(HV_TEST_DEV_SINT_ROUTE_CREATE, ...) immediately after writing to
|
|
||||||
HV_X64_MSR_SCONTROL can cause QEMU’s hyperv_sint_route_new() function to return
|
|
||||||
prematurely (because synic->sctl_enabled is false).
|
|
||||||
|
|
||||||
If the SINT route is not created successfully, the SINT interrupt will not be
|
|
||||||
fired, resulting in a timeout error in the hyperv_synic test.
|
|
||||||
|
|
||||||
Fixes: 267e071bd6d6 (“hyperv: make overlay pages for SynIC”)
|
|
||||||
Suggested-by: Chao Gao <chao.gao@intel.com>
|
|
||||||
Signed-off-by: Dongsheng Zhang <dongsheng.x.zhang@intel.com>
|
|
||||||
Message-ID: <20240521200114.11588-1-dongsheng.x.zhang@intel.com>
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 84d4b72854869821eb89813c195927fdd3078c12)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/kvm/hyperv.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c
|
|
||||||
index f2a3fe650a..b94f12acc2 100644
|
|
||||||
--- a/target/i386/kvm/hyperv.c
|
|
||||||
+++ b/target/i386/kvm/hyperv.c
|
|
||||||
@@ -81,7 +81,7 @@ int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit)
|
|
||||||
*/
|
|
||||||
async_safe_run_on_cpu(CPU(cpu), async_synic_update, RUN_ON_CPU_NULL);
|
|
||||||
|
|
||||||
- return 0;
|
|
||||||
+ return EXCP_INTERRUPT;
|
|
||||||
case KVM_EXIT_HYPERV_HCALL: {
|
|
||||||
uint16_t code = exit->u.hcall.input & 0xffff;
|
|
||||||
bool fast = exit->u.hcall.input & HV_HYPERCALL_FAST;
|
|
@ -1,31 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Date: Fri, 24 May 2024 17:17:47 +0200
|
|
||||||
Subject: [PATCH] target/i386: disable jmp_opt if EFLAGS.RF is 1
|
|
||||||
|
|
||||||
If EFLAGS.RF is 1, special processing in gen_eob_worker() is needed and
|
|
||||||
therefore goto_tb cannot be used.
|
|
||||||
|
|
||||||
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit 8225bff7c5db504f50e54ef66b079854635dba70)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/tcg/translate.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
|
|
||||||
index b5ebff2c89..c2c5e73b3f 100644
|
|
||||||
--- a/target/i386/tcg/translate.c
|
|
||||||
+++ b/target/i386/tcg/translate.c
|
|
||||||
@@ -6971,7 +6971,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
|
|
||||||
dc->cpuid_7_1_eax_features = env->features[FEAT_7_1_EAX];
|
|
||||||
dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
|
|
||||||
dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
|
|
||||||
- (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
|
|
||||||
+ (flags & (HF_RF_MASK | HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
|
|
||||||
/*
|
|
||||||
* If jmp_opt, we want to handle each string instruction individually.
|
|
||||||
* For icount also disable repz optimization so that each iteration
|
|
@ -1,30 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Date: Sat, 25 May 2024 10:03:22 +0200
|
|
||||||
Subject: [PATCH] target/i386: no single-step exception after MOV or POP SS
|
|
||||||
|
|
||||||
Intel SDM 18.3.1.4 "If an occurrence of the MOV or POP instruction
|
|
||||||
loads the SS register executes with EFLAGS.TF = 1, no single-step debug
|
|
||||||
exception occurs following the MOV or POP instruction."
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
(cherry picked from commit f0f0136abba688a6516647a79cc91e03fad6d5d7)
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
||||||
---
|
|
||||||
target/i386/tcg/translate.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
|
|
||||||
index c2c5e73b3f..a55df176c6 100644
|
|
||||||
--- a/target/i386/tcg/translate.c
|
|
||||||
+++ b/target/i386/tcg/translate.c
|
|
||||||
@@ -2817,7 +2817,7 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
|
|
||||||
if (recheck_tf) {
|
|
||||||
gen_helper_rechecking_single_step(tcg_env);
|
|
||||||
tcg_gen_exit_tb(NULL, 0);
|
|
||||||
- } else if (s->flags & HF_TF_MASK) {
|
|
||||||
+ } else if ((s->flags & HF_TF_MASK) && !inhibit) {
|
|
||||||
gen_helper_single_step(tcg_env);
|
|
||||||
} else if (jr &&
|
|
||||||
/* give irqs a chance to happen */
|
|
@ -27,8 +27,7 @@ Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
|
|||||||
[FE: further improve aborting
|
[FE: further improve aborting
|
||||||
adapt to removal of QEMUFileOps
|
adapt to removal of QEMUFileOps
|
||||||
improve condition for entering final stage
|
improve condition for entering final stage
|
||||||
adapt to QAPI and other changes for 8.2
|
adapt to QAPI and other changes for 8.2]
|
||||||
make sure to not call vm_start() from coroutine]
|
|
||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
---
|
---
|
||||||
hmp-commands-info.hx | 13 +
|
hmp-commands-info.hx | 13 +
|
||||||
@ -36,13 +35,13 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|||||||
include/migration/snapshot.h | 2 +
|
include/migration/snapshot.h | 2 +
|
||||||
include/monitor/hmp.h | 3 +
|
include/monitor/hmp.h | 3 +
|
||||||
migration/meson.build | 1 +
|
migration/meson.build | 1 +
|
||||||
migration/savevm-async.c | 538 +++++++++++++++++++++++++++++++++++
|
migration/savevm-async.c | 531 +++++++++++++++++++++++++++++++++++
|
||||||
monitor/hmp-cmds.c | 38 +++
|
monitor/hmp-cmds.c | 38 +++
|
||||||
qapi/migration.json | 34 +++
|
qapi/migration.json | 34 +++
|
||||||
qapi/misc.json | 18 ++
|
qapi/misc.json | 18 ++
|
||||||
qemu-options.hx | 12 +
|
qemu-options.hx | 12 +
|
||||||
system/vl.c | 10 +
|
system/vl.c | 10 +
|
||||||
11 files changed, 686 insertions(+)
|
11 files changed, 679 insertions(+)
|
||||||
create mode 100644 migration/savevm-async.c
|
create mode 100644 migration/savevm-async.c
|
||||||
|
|
||||||
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
|
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
|
||||||
@ -140,10 +139,10 @@ index 95d1cf2250..800f12a60d 100644
|
|||||||
'threadinfo.c',
|
'threadinfo.c',
|
||||||
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
|
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..72cf6588c2
|
index 0000000000..779e4e2a78
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/migration/savevm-async.c
|
+++ b/migration/savevm-async.c
|
||||||
@@ -0,0 +1,538 @@
|
@@ -0,0 +1,531 @@
|
||||||
+#include "qemu/osdep.h"
|
+#include "qemu/osdep.h"
|
||||||
+#include "migration/channel-savevm-async.h"
|
+#include "migration/channel-savevm-async.h"
|
||||||
+#include "migration/migration.h"
|
+#include "migration/migration.h"
|
||||||
@ -571,10 +570,29 @@ index 0000000000..72cf6588c2
|
|||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static void coroutine_fn wait_for_close_co(void *opaque)
|
+void coroutine_fn qmp_savevm_end(Error **errp)
|
||||||
+{
|
+{
|
||||||
+ int64_t timeout;
|
+ int64_t timeout;
|
||||||
+
|
+
|
||||||
|
+ if (snap_state.state == SAVE_STATE_DONE) {
|
||||||
|
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
|
||||||
|
+ "VM snapshot not started\n");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (snap_state.state == SAVE_STATE_ACTIVE) {
|
||||||
|
+ snap_state.state = SAVE_STATE_CANCELLED;
|
||||||
|
+ goto wait_for_close;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (snap_state.saved_vm_running) {
|
||||||
|
+ vm_start();
|
||||||
|
+ snap_state.saved_vm_running = false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ snap_state.state = SAVE_STATE_DONE;
|
||||||
|
+
|
||||||
|
+wait_for_close:
|
||||||
+ if (!snap_state.target) {
|
+ if (!snap_state.target) {
|
||||||
+ DPRINTF("savevm-end: no target file open\n");
|
+ DPRINTF("savevm-end: no target file open\n");
|
||||||
+ return;
|
+ return;
|
||||||
@ -602,32 +620,6 @@ index 0000000000..72cf6588c2
|
|||||||
+ DPRINTF("savevm-end: cleanup done\n");
|
+ DPRINTF("savevm-end: cleanup done\n");
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+void qmp_savevm_end(Error **errp)
|
|
||||||
+{
|
|
||||||
+ if (snap_state.state == SAVE_STATE_DONE) {
|
|
||||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
|
|
||||||
+ "VM snapshot not started\n");
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ Coroutine *wait_for_close = qemu_coroutine_create(wait_for_close_co, NULL);
|
|
||||||
+
|
|
||||||
+ if (snap_state.state == SAVE_STATE_ACTIVE) {
|
|
||||||
+ snap_state.state = SAVE_STATE_CANCELLED;
|
|
||||||
+ qemu_coroutine_enter(wait_for_close);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (snap_state.saved_vm_running) {
|
|
||||||
+ vm_start();
|
|
||||||
+ snap_state.saved_vm_running = false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ snap_state.state = SAVE_STATE_DONE;
|
|
||||||
+
|
|
||||||
+ qemu_coroutine_enter(wait_for_close);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int load_snapshot_from_blockdev(const char *filename, Error **errp)
|
+int load_snapshot_from_blockdev(const char *filename, Error **errp)
|
||||||
+{
|
+{
|
||||||
+ BlockBackend *be;
|
+ BlockBackend *be;
|
||||||
@ -781,7 +773,7 @@ index 8c65b90328..ed20d066cd 100644
|
|||||||
# @query-migrate:
|
# @query-migrate:
|
||||||
#
|
#
|
||||||
diff --git a/qapi/misc.json b/qapi/misc.json
|
diff --git a/qapi/misc.json b/qapi/misc.json
|
||||||
index ec30e5c570..3c68633f68 100644
|
index ec30e5c570..7147199a12 100644
|
||||||
--- a/qapi/misc.json
|
--- a/qapi/misc.json
|
||||||
+++ b/qapi/misc.json
|
+++ b/qapi/misc.json
|
||||||
@@ -454,6 +454,24 @@
|
@@ -454,6 +454,24 @@
|
||||||
@ -804,7 +796,7 @@ index ec30e5c570..3c68633f68 100644
|
|||||||
+# Resume VM after a snapshot.
|
+# Resume VM after a snapshot.
|
||||||
+#
|
+#
|
||||||
+##
|
+##
|
||||||
+{ 'command': 'savevm-end' }
|
+{ 'command': 'savevm-end', 'coroutine': true }
|
||||||
+
|
+
|
||||||
##
|
##
|
||||||
# @CommandLineParameterType:
|
# @CommandLineParameterType:
|
||||||
|
@ -193,7 +193,7 @@ index 32fd4a34fd..36a0cd8cc8 100644
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
|
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
|
||||||
index 72cf6588c2..fb4e8ea689 100644
|
index 779e4e2a78..bf36fc06d2 100644
|
||||||
--- a/migration/savevm-async.c
|
--- a/migration/savevm-async.c
|
||||||
+++ b/migration/savevm-async.c
|
+++ b/migration/savevm-async.c
|
||||||
@@ -379,7 +379,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
|
@@ -379,7 +379,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
|
||||||
@ -205,7 +205,7 @@ index 72cf6588c2..fb4e8ea689 100644
|
|||||||
|
|
||||||
if (!snap_state.file) {
|
if (!snap_state.file) {
|
||||||
error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
|
error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
|
||||||
@@ -503,7 +503,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
|
@@ -496,7 +496,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
|
||||||
blk_op_block_all(be, blocker);
|
blk_op_block_all(be, blocker);
|
||||||
|
|
||||||
/* restore the VM state */
|
/* restore the VM state */
|
||||||
|
@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/hw/core/machine.c b/hw/core/machine.c
|
diff --git a/hw/core/machine.c b/hw/core/machine.c
|
||||||
index 4273de16a0..83f1fc0293 100644
|
index 37ede0e7d4..513e49bab1 100644
|
||||||
--- a/hw/core/machine.c
|
--- a/hw/core/machine.c
|
||||||
+++ b/hw/core/machine.c
|
+++ b/hw/core/machine.c
|
||||||
@@ -162,7 +162,8 @@ GlobalProperty hw_compat_4_0[] = {
|
@@ -161,7 +161,8 @@ GlobalProperty hw_compat_4_0[] = {
|
||||||
{ "virtio-vga", "edid", "false" },
|
{ "virtio-vga", "edid", "false" },
|
||||||
{ "virtio-gpu-device", "edid", "false" },
|
{ "virtio-gpu-device", "edid", "false" },
|
||||||
{ "virtio-device", "use-started", "false" },
|
{ "virtio-device", "use-started", "false" },
|
||||||
|
@ -94,11 +94,11 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|||||||
monitor/hmp-cmds.c | 72 +++
|
monitor/hmp-cmds.c | 72 +++
|
||||||
proxmox-backup-client.c | 146 +++++
|
proxmox-backup-client.c | 146 +++++
|
||||||
proxmox-backup-client.h | 60 ++
|
proxmox-backup-client.h | 60 ++
|
||||||
pve-backup.c | 1092 ++++++++++++++++++++++++++++++++
|
pve-backup.c | 1098 ++++++++++++++++++++++++++++++++
|
||||||
qapi/block-core.json | 233 +++++++
|
qapi/block-core.json | 233 +++++++
|
||||||
qapi/common.json | 14 +
|
qapi/common.json | 14 +
|
||||||
qapi/machine.json | 16 +-
|
qapi/machine.json | 16 +-
|
||||||
14 files changed, 1711 insertions(+), 14 deletions(-)
|
14 files changed, 1717 insertions(+), 14 deletions(-)
|
||||||
create mode 100644 proxmox-backup-client.c
|
create mode 100644 proxmox-backup-client.c
|
||||||
create mode 100644 proxmox-backup-client.h
|
create mode 100644 proxmox-backup-client.h
|
||||||
create mode 100644 pve-backup.c
|
create mode 100644 pve-backup.c
|
||||||
@ -586,10 +586,10 @@ index 0000000000..8cbf645b2c
|
|||||||
+#endif /* PROXMOX_BACKUP_CLIENT_H */
|
+#endif /* PROXMOX_BACKUP_CLIENT_H */
|
||||||
diff --git a/pve-backup.c b/pve-backup.c
|
diff --git a/pve-backup.c b/pve-backup.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..c755bf302b
|
index 0000000000..9c13a92623
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/pve-backup.c
|
+++ b/pve-backup.c
|
||||||
@@ -0,0 +1,1092 @@
|
@@ -0,0 +1,1098 @@
|
||||||
+#include "proxmox-backup-client.h"
|
+#include "proxmox-backup-client.h"
|
||||||
+#include "vma.h"
|
+#include "vma.h"
|
||||||
+
|
+
|
||||||
@ -626,6 +626,7 @@ index 0000000000..c755bf302b
|
|||||||
+ * ---end-bad-example--
|
+ * ---end-bad-example--
|
||||||
+ *
|
+ *
|
||||||
+ * ==> Always use CoMutext inside coroutines.
|
+ * ==> Always use CoMutext inside coroutines.
|
||||||
|
+ * ==> Never acquire/release AioContext withing coroutines (because that use QemuRecMutex)
|
||||||
+ *
|
+ *
|
||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
@ -678,6 +679,7 @@ index 0000000000..c755bf302b
|
|||||||
+ uint64_t block_size;
|
+ uint64_t block_size;
|
||||||
+ uint8_t dev_id;
|
+ uint8_t dev_id;
|
||||||
+ int completed_ret; // INT_MAX if not completed
|
+ int completed_ret; // INT_MAX if not completed
|
||||||
|
+ char targetfile[PATH_MAX];
|
||||||
+ BdrvDirtyBitmap *bitmap;
|
+ BdrvDirtyBitmap *bitmap;
|
||||||
+ BlockDriverState *target;
|
+ BlockDriverState *target;
|
||||||
+ BlockJob *job;
|
+ BlockJob *job;
|
||||||
@ -1076,7 +1078,8 @@ index 0000000000..c755bf302b
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
+ * backup_job_create can *not* be run from a coroutine, so this can't either.
|
+ * backup_job_create can *not* be run from a coroutine (and requires an
|
||||||
|
+ * acquired AioContext), so this can't either.
|
||||||
+ * The caller is responsible that backup_mutex is held nonetheless.
|
+ * The caller is responsible that backup_mutex is held nonetheless.
|
||||||
+ */
|
+ */
|
||||||
+static void create_backup_jobs_bh(void *opaque) {
|
+static void create_backup_jobs_bh(void *opaque) {
|
||||||
@ -1570,6 +1573,9 @@ index 0000000000..c755bf302b
|
|||||||
+ bdrv_co_unref(di->target);
|
+ bdrv_co_unref(di->target);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
|
+ if (di->targetfile[0]) {
|
||||||
|
+ unlink(di->targetfile);
|
||||||
|
+ }
|
||||||
+ g_free(di);
|
+ g_free(di);
|
||||||
+ }
|
+ }
|
||||||
+ g_list_free(di_list);
|
+ g_list_free(di_list);
|
||||||
|
@ -15,11 +15,11 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
|||||||
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
||||||
---
|
---
|
||||||
block/meson.build | 2 +
|
block/meson.build | 2 +
|
||||||
block/pbs.c | 313 +++++++++++++++++++++++++++++++++++++++++++
|
block/pbs.c | 307 +++++++++++++++++++++++++++++++++++++++++++
|
||||||
meson.build | 2 +-
|
meson.build | 2 +-
|
||||||
qapi/block-core.json | 29 ++++
|
qapi/block-core.json | 29 ++++
|
||||||
qapi/pragma.json | 1 +
|
qapi/pragma.json | 1 +
|
||||||
5 files changed, 346 insertions(+), 1 deletion(-)
|
5 files changed, 340 insertions(+), 1 deletion(-)
|
||||||
create mode 100644 block/pbs.c
|
create mode 100644 block/pbs.c
|
||||||
|
|
||||||
diff --git a/block/meson.build b/block/meson.build
|
diff --git a/block/meson.build b/block/meson.build
|
||||||
@ -37,10 +37,10 @@ index 6bba803f94..1945e04eeb 100644
|
|||||||
system_ss.add(files('block-ram-registrar.c'))
|
system_ss.add(files('block-ram-registrar.c'))
|
||||||
diff --git a/block/pbs.c b/block/pbs.c
|
diff --git a/block/pbs.c b/block/pbs.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..aee66c2e93
|
index 0000000000..dd72356bd3
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/block/pbs.c
|
+++ b/block/pbs.c
|
||||||
@@ -0,0 +1,313 @@
|
@@ -0,0 +1,307 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Proxmox Backup Server read-only block driver
|
+ * Proxmox Backup Server read-only block driver
|
||||||
+ */
|
+ */
|
||||||
@ -68,7 +68,7 @@ index 0000000000..aee66c2e93
|
|||||||
+
|
+
|
||||||
+typedef struct {
|
+typedef struct {
|
||||||
+ ProxmoxRestoreHandle *conn;
|
+ ProxmoxRestoreHandle *conn;
|
||||||
+ uint8_t aid;
|
+ char aid;
|
||||||
+ int64_t length;
|
+ int64_t length;
|
||||||
+
|
+
|
||||||
+ char *repository;
|
+ char *repository;
|
||||||
@ -201,18 +201,12 @@ index 0000000000..aee66c2e93
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ /* acquire handle and length */
|
+ /* acquire handle and length */
|
||||||
+ ret = proxmox_restore_open_image(s->conn, s->archive, &pbs_error);
|
+ s->aid = proxmox_restore_open_image(s->conn, s->archive, &pbs_error);
|
||||||
+ if (ret < 0) {
|
+ if (s->aid < 0) {
|
||||||
+ if (pbs_error && errp) error_setg(errp, "PBS open_image failed: %s", pbs_error);
|
+ if (pbs_error && errp) error_setg(errp, "PBS open_image failed: %s", pbs_error);
|
||||||
+ if (pbs_error) proxmox_backup_free_error(pbs_error);
|
+ if (pbs_error) proxmox_backup_free_error(pbs_error);
|
||||||
+ return -ENODEV;
|
+ return -ENODEV;
|
||||||
+ }
|
+ }
|
||||||
+ if (ret > UINT8_MAX) {
|
|
||||||
+ error_setg(errp, "PBS open_image returned an ID larger than %u", UINT8_MAX);
|
|
||||||
+ return -ENODEV;
|
|
||||||
+ }
|
|
||||||
+ s->aid = ret;
|
|
||||||
+
|
|
||||||
+ s->length = proxmox_restore_get_image_length(s->conn, s->aid, &pbs_error);
|
+ s->length = proxmox_restore_get_image_length(s->conn, s->aid, &pbs_error);
|
||||||
+ if (s->length < 0) {
|
+ if (s->length < 0) {
|
||||||
+ if (pbs_error && errp) error_setg(errp, "PBS get_image_length failed: %s", pbs_error);
|
+ if (pbs_error && errp) error_setg(errp, "PBS get_image_length failed: %s", pbs_error);
|
||||||
|
@ -174,10 +174,10 @@ index 0000000000..887e998b9e
|
|||||||
+ NULL);
|
+ NULL);
|
||||||
+}
|
+}
|
||||||
diff --git a/pve-backup.c b/pve-backup.c
|
diff --git a/pve-backup.c b/pve-backup.c
|
||||||
index c755bf302b..5ebb6a3947 100644
|
index 9c13a92623..9d480a8eec 100644
|
||||||
--- a/pve-backup.c
|
--- a/pve-backup.c
|
||||||
+++ b/pve-backup.c
|
+++ b/pve-backup.c
|
||||||
@@ -1085,6 +1085,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
|
@@ -1091,6 +1091,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
|
||||||
ret->pbs_library_version = g_strdup(proxmox_backup_qemu_version());
|
ret->pbs_library_version = g_strdup(proxmox_backup_qemu_version());
|
||||||
ret->pbs_dirty_bitmap = true;
|
ret->pbs_dirty_bitmap = true;
|
||||||
ret->pbs_dirty_bitmap_savevm = true;
|
ret->pbs_dirty_bitmap_savevm = true;
|
||||||
|
@ -63,9 +63,9 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|||||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||||
---
|
---
|
||||||
block/monitor/block-hmp-cmds.c | 1 +
|
block/monitor/block-hmp-cmds.c | 1 +
|
||||||
pve-backup.c | 135 ++++++++++++++++++++++++++++++++-
|
pve-backup.c | 143 ++++++++++++++++++++++++++++++++-
|
||||||
qapi/block-core.json | 10 ++-
|
qapi/block-core.json | 10 ++-
|
||||||
3 files changed, 142 insertions(+), 4 deletions(-)
|
3 files changed, 150 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
|
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
|
||||||
index 5000c084c5..70b3de4c7e 100644
|
index 5000c084c5..70b3de4c7e 100644
|
||||||
@ -80,7 +80,7 @@ index 5000c084c5..70b3de4c7e 100644
|
|||||||
|
|
||||||
hmp_handle_error(mon, error);
|
hmp_handle_error(mon, error);
|
||||||
diff --git a/pve-backup.c b/pve-backup.c
|
diff --git a/pve-backup.c b/pve-backup.c
|
||||||
index 5ebb6a3947..a747d12d3d 100644
|
index 9d480a8eec..7cc1dd3724 100644
|
||||||
--- a/pve-backup.c
|
--- a/pve-backup.c
|
||||||
+++ b/pve-backup.c
|
+++ b/pve-backup.c
|
||||||
@@ -7,9 +7,11 @@
|
@@ -7,9 +7,11 @@
|
||||||
@ -95,7 +95,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
#include "qapi/qmp/qerror.h"
|
#include "qapi/qmp/qerror.h"
|
||||||
#include "qemu/cutils.h"
|
#include "qemu/cutils.h"
|
||||||
|
|
||||||
@@ -80,8 +82,15 @@ static void pvebackup_init(void)
|
@@ -81,8 +83,15 @@ static void pvebackup_init(void)
|
||||||
// initialize PVEBackupState at startup
|
// initialize PVEBackupState at startup
|
||||||
opts_init(pvebackup_init);
|
opts_init(pvebackup_init);
|
||||||
|
|
||||||
@ -111,7 +111,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
size_t size;
|
size_t size;
|
||||||
uint64_t block_size;
|
uint64_t block_size;
|
||||||
uint8_t dev_id;
|
uint8_t dev_id;
|
||||||
@@ -353,6 +362,22 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
@@ -355,6 +364,25 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
||||||
PVEBackupDevInfo *di = opaque;
|
PVEBackupDevInfo *di = opaque;
|
||||||
di->completed_ret = ret;
|
di->completed_ret = ret;
|
||||||
|
|
||||||
@ -121,6 +121,9 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
+ * - For snapshot_access, allows doing bdrv_unref() directly. Doing it via bdrv_co_unref() would
|
+ * - For snapshot_access, allows doing bdrv_unref() directly. Doing it via bdrv_co_unref() would
|
||||||
+ * just spawn a BH calling bdrv_unref().
|
+ * just spawn a BH calling bdrv_unref().
|
||||||
+ * - For cbw, draining would need to spawn a BH.
|
+ * - For cbw, draining would need to spawn a BH.
|
||||||
|
+ *
|
||||||
|
+ * Note that the AioContext lock is already acquired by our caller, i.e.
|
||||||
|
+ * job_finalize_single_locked()
|
||||||
+ */
|
+ */
|
||||||
+ if (di->fleecing.snapshot_access) {
|
+ if (di->fleecing.snapshot_access) {
|
||||||
+ bdrv_unref(di->fleecing.snapshot_access);
|
+ bdrv_unref(di->fleecing.snapshot_access);
|
||||||
@ -134,7 +137,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
/*
|
/*
|
||||||
* Needs to happen outside of coroutine, because it takes the graph write lock.
|
* Needs to happen outside of coroutine, because it takes the graph write lock.
|
||||||
*/
|
*/
|
||||||
@@ -519,9 +544,77 @@ static void create_backup_jobs_bh(void *opaque) {
|
@@ -522,9 +550,82 @@ static void create_backup_jobs_bh(void *opaque) {
|
||||||
}
|
}
|
||||||
bdrv_drained_begin(di->bs);
|
bdrv_drained_begin(di->bs);
|
||||||
|
|
||||||
@ -179,6 +182,11 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
+ qdict_put_str(snapshot_access_opts, "driver", "snapshot-access");
|
+ qdict_put_str(snapshot_access_opts, "driver", "snapshot-access");
|
||||||
+ qdict_put_str(snapshot_access_opts, "file", bdrv_get_node_name(di->fleecing.cbw));
|
+ qdict_put_str(snapshot_access_opts, "file", bdrv_get_node_name(di->fleecing.cbw));
|
||||||
+
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Holding the AioContext lock here would cause a deadlock, because bdrv_open_driver()
|
||||||
|
+ * will aquire it a second time. But it's allowed to be held exactly once when polling
|
||||||
|
+ * and that happens when the bdrv_refresh_total_sectors() call is made there.
|
||||||
|
+ */
|
||||||
+ di->fleecing.snapshot_access =
|
+ di->fleecing.snapshot_access =
|
||||||
+ bdrv_open(NULL, NULL, snapshot_access_opts, BDRV_O_RDWR | BDRV_O_UNMAP, &local_err);
|
+ bdrv_open(NULL, NULL, snapshot_access_opts, BDRV_O_RDWR | BDRV_O_UNMAP, &local_err);
|
||||||
+ if (!di->fleecing.snapshot_access) {
|
+ if (!di->fleecing.snapshot_access) {
|
||||||
@ -214,7 +222,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
BLOCKDEV_ON_ERROR_REPORT, JOB_DEFAULT, pvebackup_complete_cb, di, backup_state.txn,
|
BLOCKDEV_ON_ERROR_REPORT, JOB_DEFAULT, pvebackup_complete_cb, di, backup_state.txn,
|
||||||
&local_err);
|
&local_err);
|
||||||
|
|
||||||
@@ -577,6 +670,14 @@ static void create_backup_jobs_bh(void *opaque) {
|
@@ -580,6 +681,14 @@ static void create_backup_jobs_bh(void *opaque) {
|
||||||
aio_co_enter(data->ctx, data->co);
|
aio_co_enter(data->ctx, data->co);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -229,7 +237,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
/*
|
/*
|
||||||
* Returns a list of device infos, which needs to be freed by the caller. In
|
* Returns a list of device infos, which needs to be freed by the caller. In
|
||||||
* case of an error, errp will be set, but the returned value might still be a
|
* case of an error, errp will be set, but the returned value might still be a
|
||||||
@@ -584,6 +685,7 @@ static void create_backup_jobs_bh(void *opaque) {
|
@@ -587,6 +696,7 @@ static void create_backup_jobs_bh(void *opaque) {
|
||||||
*/
|
*/
|
||||||
static GList coroutine_fn GRAPH_RDLOCK *get_device_info(
|
static GList coroutine_fn GRAPH_RDLOCK *get_device_info(
|
||||||
const char *devlist,
|
const char *devlist,
|
||||||
@ -237,7 +245,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
Error **errp)
|
Error **errp)
|
||||||
{
|
{
|
||||||
gchar **devs = NULL;
|
gchar **devs = NULL;
|
||||||
@@ -607,6 +709,31 @@ static GList coroutine_fn GRAPH_RDLOCK *get_device_info(
|
@@ -610,6 +720,31 @@ static GList coroutine_fn GRAPH_RDLOCK *get_device_info(
|
||||||
}
|
}
|
||||||
PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1);
|
PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1);
|
||||||
di->bs = bs;
|
di->bs = bs;
|
||||||
@ -269,7 +277,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
di_list = g_list_append(di_list, di);
|
di_list = g_list_append(di_list, di);
|
||||||
d++;
|
d++;
|
||||||
}
|
}
|
||||||
@@ -656,6 +783,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
@@ -659,6 +794,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
||||||
const char *devlist,
|
const char *devlist,
|
||||||
bool has_speed, int64_t speed,
|
bool has_speed, int64_t speed,
|
||||||
bool has_max_workers, int64_t max_workers,
|
bool has_max_workers, int64_t max_workers,
|
||||||
@ -277,7 +285,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
Error **errp)
|
Error **errp)
|
||||||
{
|
{
|
||||||
assert(qemu_in_coroutine());
|
assert(qemu_in_coroutine());
|
||||||
@@ -684,7 +812,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
@@ -687,7 +823,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
||||||
format = has_format ? format : BACKUP_FORMAT_VMA;
|
format = has_format ? format : BACKUP_FORMAT_VMA;
|
||||||
|
|
||||||
bdrv_graph_co_rdlock();
|
bdrv_graph_co_rdlock();
|
||||||
@ -286,7 +294,7 @@ index 5ebb6a3947..a747d12d3d 100644
|
|||||||
bdrv_graph_co_rdunlock();
|
bdrv_graph_co_rdunlock();
|
||||||
if (local_err) {
|
if (local_err) {
|
||||||
error_propagate(errp, local_err);
|
error_propagate(errp, local_err);
|
||||||
@@ -1089,5 +1217,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
|
@@ -1095,5 +1231,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
|
||||||
ret->query_bitmap_info = true;
|
ret->query_bitmap_info = true;
|
||||||
ret->pbs_masterkey = true;
|
ret->pbs_masterkey = true;
|
||||||
ret->backup_max_workers = true;
|
ret->backup_max_workers = true;
|
||||||
|
@ -96,10 +96,10 @@ index dc6cafe7fa..a27d2d7d9f 100644
|
|||||||
|
|
||||||
#endif /* COPY_BEFORE_WRITE_H */
|
#endif /* COPY_BEFORE_WRITE_H */
|
||||||
diff --git a/pve-backup.c b/pve-backup.c
|
diff --git a/pve-backup.c b/pve-backup.c
|
||||||
index a747d12d3d..4e730aa3da 100644
|
index 7cc1dd3724..07709aa350 100644
|
||||||
--- a/pve-backup.c
|
--- a/pve-backup.c
|
||||||
+++ b/pve-backup.c
|
+++ b/pve-backup.c
|
||||||
@@ -374,6 +374,15 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
@@ -379,6 +379,15 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
||||||
di->fleecing.snapshot_access = NULL;
|
di->fleecing.snapshot_access = NULL;
|
||||||
}
|
}
|
||||||
if (di->fleecing.cbw) {
|
if (di->fleecing.cbw) {
|
||||||
|
13
debian/patches/series
vendored
13
debian/patches/series
vendored
@ -3,19 +3,6 @@ extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
|
|||||||
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
|
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
|
||||||
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
|
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
|
||||||
extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
|
extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
|
||||||
extra/0006-virtio-gpu-fix-v2-migration.patch
|
|
||||||
extra/0007-hw-pflash-fix-block-write-start.patch
|
|
||||||
extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch
|
|
||||||
extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch
|
|
||||||
extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch
|
|
||||||
extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch
|
|
||||||
extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch
|
|
||||||
extra/0013-Revert-monitor-use-aio_co_reschedule_self.patch
|
|
||||||
extra/0014-target-arm-Restrict-translation-disabled-alignment-c.patch
|
|
||||||
extra/0015-target-i386-Give-IRQs-a-chance-when-resetting-HF_INH.patch
|
|
||||||
extra/0016-target-i386-hyper-v-Correct-kvm_hv_handle_exit-retur.patch
|
|
||||||
extra/0017-target-i386-disable-jmp_opt-if-EFLAGS.RF-is-1.patch
|
|
||||||
extra/0018-target-i386-no-single-step-exception-after-MOV-or-PO.patch
|
|
||||||
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
|
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
|
||||||
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
|
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
|
||||||
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
|
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user