rpms/qemu
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add kill() to seccomp whitelist, fix AC97 with -sandbox on (bz #1043521)

Browse Source 
Changing streaming mode default to off for spice (bz #1038336)
Fix guest scsi verify command (bz #1001617)
Fix performance regression after save/restore (bz #917723)
This commit is contained in:
Cole Robinson 2013-12-18 12:14:24 -05:00
parent 4b57421a2c
commit 3fa1863e91
6 changed files with 298 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
0108-seccomp-add-kill-to-the-syscall-whitelist.patch Normal file
View File

@ -0,0 +1,42 @@
From fc585c217f4f999d01695385b9f5bf194a117600 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Thu, 21 Nov 2013 10:40:15 -0500
Subject: [PATCH] seccomp: add kill() to the syscall whitelist
The kill() syscall is triggered with the following command:
# qemu -sandbox on -monitor stdio \
-device intel-hda -device hda-duplex -vnc :0
The resulting syslog/audit message:
# ausearch -m SECCOMP
----
time->Wed Nov 20 09:52:08 2013
type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087
comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0
# scmp_sys_resolver 62
kill
Reported-by: CongLi <coli@redhat.com>
Tested-by: CongLi <coli@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
(cherry picked from commit e9eecb5bf82a71564bf018fcbbfc6cda19cab6c2)
---
qemu-seccomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 69cee44..cf07869 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(write), 244 },
{ SCMP_SYS(fcntl), 243 },
{ SCMP_SYS(tgkill), 242 },
+ { SCMP_SYS(kill), 242 },
{ SCMP_SYS(rt_sigaction), 242 },
{ SCMP_SYS(pipe2), 242 },
{ SCMP_SYS(munmap), 242 },

33
0109-spice-flip-streaming-video-mode-to-off-by-default.patch Normal file
View File

@ -0,0 +1,33 @@
From f7944b361fe5220d19680234db250abaad7ce909 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 2 Dec 2013 11:17:04 +0100
Subject: [PATCH] spice: flip streaming video mode to off by default
Video streaming detection heuristics in spice-server have problems
keeping modern desktop animations (as done by gnome shell) and real
video playback apart. This leads to jpeg compression artefacts on
your desktop, due to spice using mjpeg to send what it thinks is
a video stream.
Turn off video detection by default to avoid these artifacts.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
(cherry picked from commit f1d3e586f069e17f83b669842bc02d60d509daca)
---
ui/spice-core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ui/spice-core.c b/ui/spice-core.c
index bd7a248..3960fa0 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -778,6 +778,8 @@ void qemu_spice_init(void)
if (str) {
int streaming_video = parse_stream_video(str);
spice_server_set_streaming_video(spice_server, streaming_video);
+ } else {
+ spice_server_set_streaming_video(spice_server, SPICE_STREAM_VIDEO_OFF);
}
spice_server_set_agent_mouse

59
0110-scsi-bus-fix-transfer-length-and-direction-for-VERIF.patch Normal file
View File

@ -0,0 +1,59 @@
From f89c33c8092d7cc96d9937ea826c2ac8374779c8 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 28 Nov 2013 11:01:13 +0100
Subject: [PATCH] scsi-bus: fix transfer length and direction for VERIFY
command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The amount of bytes to transfer depends on the BYTCHK field.
If any data is transferred, it is sent to the device.
Cc: qemu-stable@nongnu.org
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d12ad44cc4cc9142179e64295608611f118b8ad8)
---
hw/scsi/scsi-bus.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index ad26c25..c62bfae 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -885,7 +885,6 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
case RELEASE:
case ERASE:
case ALLOW_MEDIUM_REMOVAL:
- case VERIFY_10:
case SEEK_10:
case SYNCHRONIZE_CACHE:
case SYNCHRONIZE_CACHE_16:
@@ -902,6 +901,16 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
case ALLOW_OVERWRITE:
cmd->xfer = 0;
break;
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
+ if ((buf[1] & 2) == 0) {
+ cmd->xfer = 0;
+ } else if ((buf[1] & 4) == 1) {
+ cmd->xfer = 1;
+ }
+ cmd->xfer *= dev->blocksize;
+ break;
case MODE_SENSE:
break;
case WRITE_SAME_10:
@@ -1099,6 +1108,9 @@ static void scsi_cmd_xfer_mode(SCSICommand *cmd)
case WRITE_VERIFY_12:
case WRITE_16:
case WRITE_VERIFY_16:
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
case COPY:
case COPY_VERIFY:
case COMPARE:

90
0111-scsi-disk-fix-VERIFY-emulation.patch Normal file
View File

@ -0,0 +1,90 @@
From 1de35d38fb04166c0b7f6b87f7e38ae8c73651bb Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 28 Nov 2013 11:18:56 +0100
Subject: [PATCH] scsi-disk: fix VERIFY emulation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
VERIFY emulation was completely botched (and remained botched through
all the refactorings). The command must be emulated both in check-medium
mode (BYTCHK=00, which we implement by doing nothing) and in check-bytes
mode (which we do not implement yet). Unlike WRITE AND VERIFY (which we
treat simply as WRITE with FUA bit set), VERIFY cannot be handled like
READ. In fact the device is _receiving_ data for VERIFY, not _sending_
it like READ.
Cc: qemu-stable@nongnu.org
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d97e7730816094a71cd1f19a56d7a73f77cdbf96)
Conflicts:
hw/scsi/scsi-disk.c
---
hw/scsi/scsi-disk.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 74e6a14..1fd1c26 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1597,6 +1597,14 @@ static void scsi_disk_emulate_write_data(SCSIRequest *req)
scsi_disk_emulate_unmap(r, r->iov.iov_base);
break;
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
+ if (r->req.status == -1) {
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ }
+ break;
+
default:
abort();
}
@@ -1837,6 +1845,14 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
case UNMAP:
DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
break;
+ case VERIFY_10:
+ case VERIFY_12:
+ case VERIFY_16:
+ DPRINTF("Verify (bytchk %lu)\n", (r->req.buf[1] >> 1) & 3);
+ if (req->cmd.buf[1] & 6) {
+ goto illegal_request;
+ }
+ break;
case WRITE_SAME_10:
case WRITE_SAME_16:
nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
@@ -1936,10 +1952,6 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
return 0;
}
- /* fallthrough */
- case VERIFY_10:
- case VERIFY_12:
- case VERIFY_16:
DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
(command & 0xe) == 0xe ? "And Verify " : "",
r->req.cmd.lba, len);
@@ -2207,14 +2219,14 @@ static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
[UNMAP] = &scsi_disk_emulate_reqops,
[WRITE_SAME_10] = &scsi_disk_emulate_reqops,
[WRITE_SAME_16] = &scsi_disk_emulate_reqops,
+ [VERIFY_10] = &scsi_disk_emulate_reqops,
+ [VERIFY_12] = &scsi_disk_emulate_reqops,
+ [VERIFY_16] = &scsi_disk_emulate_reqops,
[READ_6] = &scsi_disk_dma_reqops,
[READ_10] = &scsi_disk_dma_reqops,
[READ_12] = &scsi_disk_dma_reqops,
[READ_16] = &scsi_disk_dma_reqops,
- [VERIFY_10] = &scsi_disk_dma_reqops,
- [VERIFY_12] = &scsi_disk_dma_reqops,
- [VERIFY_16] = &scsi_disk_dma_reqops,
[WRITE_6] = &scsi_disk_dma_reqops,
[WRITE_10] = &scsi_disk_dma_reqops,
[WRITE_12] = &scsi_disk_dma_reqops,

47
0112-migration-drop-MADVISE_DONT_NEED-for-incoming-zero-p.patch Normal file
View File

@ -0,0 +1,47 @@
From b96534d01807de76afa262568e156156c0a6fdd6 Mon Sep 17 00:00:00 2001
From: Peter Lieven <pl@kamp.de>
Date: Thu, 24 Oct 2013 09:21:29 +0200
Subject: [PATCH] migration: drop MADVISE_DONT_NEED for incoming zero pages
The madvise for zeroed out pages was introduced when every transferred
zero page was memset to zero and thus allocated. Since commit
211ea740 we check for zeroness of a target page before we memset
it to zero. Additionally we memmap target memory so it is essentially
zero initialized (except for e.g. option roms and bios which are loaded
into target memory although they shouldn't).
It was reported recently that this madvise causes a performance degradation
in some situations. As the madvise should only be called rarely and if it's called
it is likely on a busy page (it was non-zero and changed to zero during migration)
drop it completely.
Reported-By: Zhang Haoyu <haoyu.zhang@huawei.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit fc1c4a5d32e15a4c40c47945da85ef9c1e0c1b54)
Conflicts:
arch_init.c
---
arch_init.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/arch_init.c b/arch_init.c
index 68a7ab7..23151b3 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -845,13 +845,6 @@ void ram_handle_compressed(void *host, uint8_t ch, uint64_t size)
{
if (ch != 0 || !is_zero_page(host)) {
memset(host, ch, size);
-#ifndef _WIN32
- if (ch == 0 &&
- (!kvm_enabled() || kvm_has_sync_mmu()) &&
- getpagesize() <= TARGET_PAGE_SIZE) {
- qemu_madvise(host, TARGET_PAGE_SIZE, QEMU_MADV_DONTNEED);
- }
-#endif
}
}

28
qemu.spec
View File

@ -139,7 +139,7 @@
Summary: QEMU is a FAST! processor emulator
Name: qemu
Version: 1.6.1
Release: 2%{?dist}
Release: 3%{?dist}
Epoch: 2
License: GPLv2+ and LGPLv2+ and BSD
Group: Development/Tools
@ -221,6 +221,16 @@ Patch0105: 0105-audio-honor-QEMU_AUDIO_TIMER_PERIOD-instead-of-wakin.patch
Patch0106: 0106-qmp-access-the-local-QemuOptsLists-for-drive-option.patch
# Fix process exit with -sandbox on (bz #1027421)
Patch0107: 0107-seccomp-fine-tuning-whitelist-by-adding-times.patch
# Add kill() to seccomp whitelist, fix AC97 with -sandbox on (bz
# #1043521)
Patch0108: 0108-seccomp-add-kill-to-the-syscall-whitelist.patch
# Changing streaming mode default to off for spice (bz #1038336)
Patch0109: 0109-spice-flip-streaming-video-mode-to-off-by-default.patch
# Fix guest scsi verify command (bz #1001617)
Patch0110: 0110-scsi-bus-fix-transfer-length-and-direction-for-VERIF.patch
Patch0111: 0111-scsi-disk-fix-VERIFY-emulation.patch
# Fix performance regression after save/restore (bz #917723)
Patch0112: 0112-migration-drop-MADVISE_DONT_NEED-for-incoming-zero-p.patch
BuildRequires: SDL-devel
BuildRequires: zlib-devel
@ -774,6 +784,16 @@ CAC emulation development files.
%patch0106 -p1
# Fix process exit with -sandbox on (bz #1027421)
%patch0107 -p1
# Add kill() to seccomp whitelist, fix AC97 with -sandbox on (bz
# #1043521)
%patch0108 -p1
# Changing streaming mode default to off for spice (bz #1038336)
%patch0109 -p1
# Fix guest scsi verify command (bz #1001617)
%patch0110 -p1
%patch0111 -p1
# Fix performance regression after save/restore (bz #917723)
%patch0112 -p1
%build
@ -1481,6 +1501,12 @@ getent passwd qemu >/dev/null || \
%endif
%changelog
* Wed Dec 18 2013 Cole Robinson <crobinso@redhat.com> - 2:1.6.1-3
- Add kill() to seccomp whitelist, fix AC97 with -sandbox on (bz #1043521)
- Changing streaming mode default to off for spice (bz #1038336)
- Fix guest scsi verify command (bz #1001617)
- Fix performance regression after save/restore (bz #917723)
* Sun Nov 17 2013 Cole Robinson <crobinso@redhat.com> - 2:1.6.1-2
- Fix drive discard options via libvirt (bz #1029953)
- Fix process exit with -sandbox on (bz #1027421)