qemu-4.0.0-0.7.rc3.fc31

Don't block migration with nested VMX (bz #1697997) Update to qemu-4.0.0-rc3
2019-04-16 21:48:03 -04:00 · 2019-04-16 21:48:03 -04:00 · e14a8ce4ef
commit e14a8ce4ef
parent 09f7c02959
6 changed files with 56 additions and 267 deletions
--- a/0001-Remove-problematic-evdev-86-key-from-en-us-keymap.patch
+++ b/0001-Remove-problematic-evdev-86-key-from-en-us-keymap.patch
@ -1,32 +0,0 @@
 From 2c25ad161d7714f15b1951c69c50844ea81f4186 Mon Sep 17 00:00:00 2001
 From: Adam Williamson <awilliam@redhat.com>
 Date: Wed, 20 Dec 2017 15:43:07 -0800
 Subject: [PATCH] Remove problematic 'evdev 86' key from en-us keymap
 This causes LP#1738283. Gerd will have to come up with a better
 fix, but just hacking out the problematic key definition should
 work for now.
 ---
 pc-bios/keymaps/en-us | 6 ------
 1 file changed, 6 deletions(-)
 diff --git a/pc-bios/keymaps/en-us b/pc-bios/keymaps/en-us
 index a70e03adc0..e518a9dc35 100644
 --- a/pc-bios/keymaps/en-us
 +++ b/pc-bios/keymaps/en-us
@@ -343,12 +343,6 @@ KP_Decimal 0x53 numlock
 # evdev 85 (0x55): no evdev -> QKeyCode mapping (xkb keysym NoSymbol)
 -# evdev 86 (0x56), QKeyCode "less", number 0x56
 -less 0x56
 -greater 0x56 shift
 -bar 0x56 altgr
 -brokenbar 0x56 shift altgr
 -
 # evdev 87 (0x57), QKeyCode "f11", number 0x57
 F11 0x57
 -- 
 2.15.1
--- a/0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
+++ b/0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
@ -0,0 +1,46 @@
 From: Cole Robinson <crobinso@redhat.com>
 Date: Tue, 16 Apr 2019 20:14:12 -0400
 Subject: [PATCH] Revert "target/i386: kvm: add VMX migration blocker"
 This reverts commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8.
 As is, it rejects libvirt managedsave and virt-manager snapshots
 for default installed VMs on intel hosts. Upstream Paolo says that
 the missing kernel bits are already queued up, and until then it's
 fine to revert this.
 https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg02326.html
 ---
 target/i386/kvm.c | 12 ------------
 1 file changed, 12 deletions(-)
 diff --git a/target/i386/kvm.c b/target/i386/kvm.c
 index 3b29ce5c0d..6ad450d9f1 100644
 --- a/target/i386/kvm.c
 +++ b/target/i386/kvm.c
@@ -906,7 +906,6 @@ static int hyperv_init_vcpu(X86CPU *cpu)
 }
 static Error *invtsc_mig_blocker;
 -static Error *vmx_mig_blocker;
 #define KVM_MAX_CPUID_ENTRIES  100
@@ -1270,17 +1269,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
                                   !!(c->ecx & CPUID_EXT_SMX);
     }
 -    if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
 -        error_setg(&vmx_mig_blocker,
 -                   "Nested VMX virtualization does not support live migration yet");
 -        r = migrate_add_blocker(vmx_mig_blocker, &local_err);
 -        if (local_err) {
 -            error_report_err(local_err);
 -            error_free(vmx_mig_blocker);
 -            return r;
 -        }
 -    }
 -
     if (env->mcg_cap & MCG_LMCE_P) {
         has_msr_mcg_ext_ctl = has_msr_feature_control = true;
     }
--- a/0001-qemu-seccomp-dont-kill-process-for-resource-contro.patch
+++ b/0001-qemu-seccomp-dont-kill-process-for-resource-contro.patch
@ -1,103 +0,0 @@
 From: Daniel P. Berrangé <berrange@redhat.com>
 Date: Wed, 13 Mar 2019 09:49:03 +0000
 Subject: [PATCH RFC] seccomp: don't kill process for resource control syscalls
 The Mesa library tries to set process affinity on some of its threads in
 order to optimize its performance. Currently this results in QEMU being
 immediately terminated when seccomp is enabled.
 Mesa doesn't consider failure of the process affinity settings to be
 fatal to its operation, but our seccomp policy gives it no choice in
 gracefully handling this denial.
 It is reasonable to consider that malicious code using the resource
 control syscalls to be a less serious attack than if they were trying
 to spawn processes or change UIDs and other such things. Generally
 speaking changing the resource control setting will "merely" affect
 quality of service of processes on the host. With this in mind, rather
 than kill the process, we can relax the policy for these syscalls to
 return the EPERM errno value. This allows callers to detect that QEMU
 does not want them to change resource allocations, and apply some
 reasonable fallback logic.
 The main downside to this is for code which uses these syscalls but does
 not check the return value, blindly assuming they will always
 succeeed. Returning an errno could result in sub-optimal behaviour.
 Arguably though such code is already broken & needs fixing regardless.
 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 ---
 qemu-seccomp.c | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)
 diff --git a/qemu-seccomp.c b/qemu-seccomp.c
 index 36d5829831..9776c9ef40 100644
 --- a/qemu-seccomp.c
 +++ b/qemu-seccomp.c
@@ -121,20 +121,37 @@ qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
 #endif
 }
 -static uint32_t qemu_seccomp_get_kill_action(void)
 +static uint32_t qemu_seccomp_get_kill_action(int set)
 {
 +    switch (set) {
 +    case QEMU_SECCOMP_SET_DEFAULT:
 +    case QEMU_SECCOMP_SET_OBSOLETE:
 +    case QEMU_SECCOMP_SET_PRIVILEGED:
 +    case QEMU_SECCOMP_SET_SPAWN: {
 #if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
     defined(SECCOMP_RET_KILL_PROCESS)
 -    {
 -        uint32_t action = SECCOMP_RET_KILL_PROCESS;
 +        static int kill_process = -1;
 +        if (kill_process == -1) {
 +            uint32_t action = SECCOMP_RET_KILL_PROCESS;
 -        if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
 +            if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
 +                kill_process = 1;
 +            }
 +            kill_process = 0;
 +        }
 +        if (kill_process == 1) {
             return SCMP_ACT_KILL_PROCESS;
         }
 -    }
 #endif
 +        return SCMP_ACT_TRAP;
 +    }
 +
 +    case QEMU_SECCOMP_SET_RESOURCECTL:
 +        return SCMP_ACT_ERRNO(EPERM);
 -    return SCMP_ACT_TRAP;
 +    default:
 +        g_assert_not_reached();
 +    }
 }
@@ -143,7 +160,6 @@ static int seccomp_start(uint32_t seccomp_opts)
     int rc = 0;
     unsigned int i = 0;
     scmp_filter_ctx ctx;
 -    uint32_t action = qemu_seccomp_get_kill_action();
     ctx = seccomp_init(SCMP_ACT_ALLOW);
     if (ctx == NULL) {
@@ -157,10 +173,12 @@ static int seccomp_start(uint32_t seccomp_opts)
     }
     for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
 +        uint32_t action;
         if (!(seccomp_opts & blacklist[i].set)) {
             continue;
         }
 +        action = qemu_seccomp_get_kill_action(blacklist[i].set);
         rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
                                     blacklist[i].narg, blacklist[i].arg_cmp);
         if (rc < 0) {
 -- 
 2.20.1
--- a/0002-linux-user-assume-__NR_gettid-always-exists.patch
+++ b/0002-linux-user-assume-__NR_gettid-always-exists.patch
@ -1,40 +0,0 @@
 From 9abb23f799804ed7b30aecac2217f870b229f873 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
 Date: Wed, 20 Mar 2019 15:32:30 +0000
 Subject: [PATCH 1/2] linux-user: assume __NR_gettid always exists
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The gettid syscall was introduced in Linux 2.4.11. This is old enough
 that we can assume it always exists and thus not bother with the
 conditional backcompat logic.
 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 ---
 linux-user/syscall.c | 8 --------
 1 file changed, 8 deletions(-)
 diff --git a/linux-user/syscall.c b/linux-user/syscall.c
 index 208fd1813d..11729f382c 100644
 --- a/linux-user/syscall.c
 +++ b/linux-user/syscall.c
@@ -249,15 +249,7 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
 #define TARGET_NR__llseek TARGET_NR_llseek
 #endif
 -#ifdef __NR_gettid
 _syscall0(int, gettid)
 -#else
 -/* This is a replacement for the host gettid() and must return a host
 -   errno. */
 -static int gettid(void) {
 -    return -ENOSYS;
 -}
 -#endif
 /* For the 64-bit guest on 32-bit host case we must emulate
  * getdents using getdents64, because otherwise the host
 -- 
 2.20.1
--- a/0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
+++ b/0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
@ -1,87 +0,0 @@
 From 7bfee99b5dc6dd971d4e0dec49af7578ea1b405c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
 Date: Tue, 19 Mar 2019 17:04:05 +0000
 Subject: [PATCH 2/2] linux-user: rename gettid() to sys_gettid() to avoid
 clash with glibc
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The glibc-2.29.9000-6.fc31.x86_64 package finally includes the gettid()
 function as part of unistd.h when __USE_GNU is defined. This clashes
 with linux-user code which unconditionally defines this function name
 itself.
 /home/berrange/src/virt/qemu/linux-user/syscall.c:253:16: error: static declaration of ‘gettid’ follows non-static declaration
  253 | _syscall0(int, gettid)
      |                ^~~~~~
 /home/berrange/src/virt/qemu/linux-user/syscall.c:184:13: note: in definition of macro ‘_syscall0’
  184 | static type name (void)   \
      |             ^~~~
 In file included from /usr/include/unistd.h:1170,
                 from /home/berrange/src/virt/qemu/include/qemu/osdep.h:107,
                 from /home/berrange/src/virt/qemu/linux-user/syscall.c:20:
 /usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here
   34 | extern __pid_t gettid (void) __THROW;
      |                ^~~~~~
  CC      aarch64-linux-user/linux-user/signal.o
 make[1]: *** [/home/berrange/src/virt/qemu/rules.mak:69: linux-user/syscall.o] Error 1
 make[1]: *** Waiting for unfinished jobs....
 make: *** [Makefile:449: subdir-aarch64-linux-user] Error 2
 While we could make our definition conditional and rely on glibc's impl,
 this patch simply renames our definition to sys_gettid() which is a
 common pattern in this file.
 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 ---
 linux-user/syscall.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
 diff --git a/linux-user/syscall.c b/linux-user/syscall.c
 index 11729f382c..96cd4bf86d 100644
 --- a/linux-user/syscall.c
 +++ b/linux-user/syscall.c
@@ -249,7 +249,8 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
 #define TARGET_NR__llseek TARGET_NR_llseek
 #endif
 -_syscall0(int, gettid)
 +#define __NR_sys_gettid __NR_gettid
 +_syscall0(int, sys_gettid)
 /* For the 64-bit guest on 32-bit host case we must emulate
  * getdents using getdents64, because otherwise the host
@@ -5434,7 +5435,7 @@ static void *clone_func(void *arg)
     cpu = ENV_GET_CPU(env);
     thread_cpu = cpu;
     ts = (TaskState *)cpu->opaque;
 -    info->tid = gettid();
 +    info->tid = sys_gettid();
     task_settid(ts);
     if (info->child_tidptr)
         put_user_u32(info->tid, info->child_tidptr);
@@ -5579,9 +5580,9 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
                mapping.  We can't repeat the spinlock hack used above because
                the child process gets its own copy of the lock.  */
             if (flags & CLONE_CHILD_SETTID)
 -                put_user_u32(gettid(), child_tidptr);
 +                put_user_u32(sys_gettid(), child_tidptr);
             if (flags & CLONE_PARENT_SETTID)
 -                put_user_u32(gettid(), parent_tidptr);
 +                put_user_u32(sys_gettid(), parent_tidptr);
             ts = (TaskState *)cpu->opaque;
             if (flags & CLONE_SETTLS)
                 cpu_set_tls (env, newtls);
@@ -10621,7 +10622,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         return TARGET_PAGE_SIZE;
 #endif
     case TARGET_NR_gettid:
 -        return get_errno(gettid());
 +        return get_errno(sys_gettid());
 #ifdef TARGET_NR_readahead
     case TARGET_NR_readahead:
 #if TARGET_ABI_BITS == 32
 -- 
 2.20.1
--- a/qemu.spec
+++ b/qemu.spec
@ -138,7 +138,7 @@
 %{obsoletes_block_rbd}
 # Release candidate version tracking
-%global rcver rc2
+%global rcver rc3
 %if 0%{?rcver:1}
 %global rcrel .%{rcver}
 %global rcstr -%{rcver}
@ -148,7 +148,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 4.0.0
-Release: 0.6%{?rcrel}%{?dist}
+Release: 0.7%{?rcrel}%{?dist}
 Epoch: 2
 License: GPLv2 and BSD and MIT and CC-BY
 URL: http://www.qemu.org/
@ -172,9 +172,10 @@ Source20: kvm-x86.modprobe.conf
 # /etc/security/limits.d/95-kvm-ppc64-memlock.conf
 Source21: 95-kvm-ppc64-memlock.conf
-# Modern glibc has a gettid function
+# Don't block migration with nested VMX (bz #1697997)
-Patch1: 0002-linux-user-assume-__NR_gettid-always-exists.patch
+# Not upstream: temporary workaround until kernel supports lands for nested
-Patch2: 0003-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch
+# VMX migration
 Patch0001: 0001-Revert-target-i386-kvm-add-VMX-migration-blocker.patch
 # documentation deps
@ -1726,6 +1727,10 @@ getent passwd qemu >/dev/null || \
 %changelog
 * Tue Apr 16 2019 Cole Robinson <crobinso@redhat.com> - 2:4.0.0-0.7.rc3
 - Don't block migration with nested VMX (bz #1697997)
 - Update to qemu-4.0.0-rc3
 * Sat Apr 06 2019 Richard W.M. Jones <rjones@redhat.com> - 2:4.0.0-0.6.rc2
 - Rebuild against xen 4.12.