diff --git a/0001-Add-Acpi-support.patch b/0001-Add-Acpi-support.patch index 5b1561cd57ed2017bcae6fd6e767294a60ad070d..101c3a43b23da4af913c04656cc8ccab673739d9 100644 --- a/0001-Add-Acpi-support.patch +++ b/0001-Add-Acpi-support.patch @@ -1,7 +1,7 @@ -From 612826687e639d007e4270b01a61f34f7fc1f813 Mon Sep 17 00:00:00 2001 +From 935f85c0025bbaaed976940ed0d57c23bfc68f94 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Fri, 19 Aug 2022 23:11:23 -0400 -Subject: [PATCH 1/8] Add Acpi support. +Subject: [PATCH 01/28] Add Acpi support. Change-Id: I208228b2178cddf365e97c6faf6111ef40e795eb Signed-off-by: lixianglai @@ -17,7 +17,7 @@ Signed-off-by: lixianglai create mode 100644 include/hw/acpi/ls7a.h diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig -index 622b0b50b7..2f2fb33a7b 100644 +index 622b0b50b..2f2fb33a7 100644 --- a/hw/acpi/Kconfig +++ b/hw/acpi/Kconfig @@ -15,6 +15,14 @@ config ACPI_X86_ICH @@ -37,7 +37,7 @@ index 622b0b50b7..2f2fb33a7b 100644 diff --git a/hw/acpi/larch_7a.c b/hw/acpi/larch_7a.c new file mode 100644 -index 0000000000..35d4a75266 +index 000000000..35d4a7526 --- /dev/null +++ b/hw/acpi/larch_7a.c @@ -0,0 +1,600 @@ @@ -643,7 +643,7 @@ index 0000000000..35d4a75266 + diff --git a/hw/acpi/ls7a.c b/hw/acpi/ls7a.c new file mode 100644 -index 0000000000..2de50ccb9c +index 000000000..2de50ccb9 --- /dev/null +++ b/hw/acpi/ls7a.c @@ -0,0 +1,598 @@ @@ -1246,7 +1246,7 @@ index 0000000000..2de50ccb9c + + diff --git a/hw/acpi/meson.build b/hw/acpi/meson.build -index adf6347bc4..5fe4cfa4f1 100644 +index adf6347bc..5fe4cfa4f 100644 --- a/hw/acpi/meson.build +++ b/hw/acpi/meson.build @@ -6,6 +6,7 @@ acpi_ss.add(files( @@ -1259,7 +1259,7 @@ index adf6347bc4..5fe4cfa4f1 100644 acpi_ss.add(when: 'CONFIG_ACPI_MEMORY_HOTPLUG', if_true: files('memory_hotplug.c')) diff --git a/include/hw/acpi/ls7a.h b/include/hw/acpi/ls7a.h new file mode 100644 -index 0000000000..4401515c7b +index 000000000..4401515c7 --- /dev/null +++ b/include/hw/acpi/ls7a.h @@ -0,0 +1,80 @@ @@ -1344,5 +1344,5 @@ index 0000000000..4401515c7b +void ls7a_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev); +#endif /* HW_ACPI_LS7A_H */ -- -2.27.0 +2.43.5 diff --git a/0002-Support-rtc.patch b/0002-Support-rtc.patch index 082fcdf89a02c4329cf36aded2700431d64fba26..989778e8f185a754e2cb087bdd3c7066f6c72195 100644 --- a/0002-Support-rtc.patch +++ b/0002-Support-rtc.patch @@ -1,7 +1,7 @@ -From befa5ef7576fdbe2e729203538b066e5f87c3b8f Mon Sep 17 00:00:00 2001 +From e0a8c8cb06e866bd334501d637e7219a14ae601b Mon Sep 17 00:00:00 2001 From: lixianglai Date: Fri, 19 Aug 2022 23:15:49 -0400 -Subject: [PATCH 2/8] Support rtc. +Subject: [PATCH 02/28] Support rtc. Change-Id: Idd50274dd2a6c00b21ec0cd099f8d115ab4fa449 Signed-off-by: lixianglai @@ -13,7 +13,7 @@ Signed-off-by: lixianglai create mode 100644 hw/timer/ls7a_rtc.c diff --git a/hw/timer/Kconfig b/hw/timer/Kconfig -index 010be7ed1f..b395c72d7d 100644 +index 010be7ed1..b395c72d7 100644 --- a/hw/timer/Kconfig +++ b/hw/timer/Kconfig @@ -60,3 +60,5 @@ config STELLARIS_GPTM @@ -24,7 +24,7 @@ index 010be7ed1f..b395c72d7d 100644 + bool diff --git a/hw/timer/ls7a_rtc.c b/hw/timer/ls7a_rtc.c new file mode 100644 -index 0000000000..756f2fc9ce +index 000000000..756f2fc9c --- /dev/null +++ b/hw/timer/ls7a_rtc.c @@ -0,0 +1,325 @@ @@ -354,7 +354,7 @@ index 0000000000..756f2fc9ce + +type_init(ls7a_rtc_register_types) diff --git a/hw/timer/meson.build b/hw/timer/meson.build -index 03092e2ceb..e841a2f6ee 100644 +index 03092e2ce..e841a2f6e 100644 --- a/hw/timer/meson.build +++ b/hw/timer/meson.build @@ -16,6 +16,7 @@ softmmu_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4210_mct.c')) @@ -366,5 +366,5 @@ index 03092e2ceb..e841a2f6ee 100644 softmmu_ss.add(when: 'CONFIG_IMX', if_true: files('imx_epit.c')) softmmu_ss.add(when: 'CONFIG_IMX', if_true: files('imx_gpt.c')) -- -2.27.0 +2.43.5 diff --git a/0003-Add-loongarch-machine.patch b/0003-Add-loongarch-machine.patch index c1617ba9361aeef99f4f995c0c92a6050ed28008..9052ba77a56a3f014f4d2f1f2d1d41b70b1f15b7 100644 --- a/0003-Add-loongarch-machine.patch +++ b/0003-Add-loongarch-machine.patch @@ -1,7 +1,7 @@ -From 2562504ad867de4a0539c261983c08cd5108bfe4 Mon Sep 17 00:00:00 2001 +From 3cb18285115f8dd7f9135c65b39c93cb7eb3580c Mon Sep 17 00:00:00 2001 From: lixianglai Date: Fri, 19 Aug 2022 23:39:00 -0400 -Subject: [PATCH 3/8] Add loongarch machine. +Subject: [PATCH 03/28] Add loongarch machine. Change-Id: I7e31f874c676b740269945d5e19c6bc836de6a99 Signed-off-by: lixianglai @@ -42,7 +42,7 @@ Signed-off-by: lixianglai diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig new file mode 100644 -index 0000000000..3fe2677fda +index 000000000..3fe2677fd --- /dev/null +++ b/hw/loongarch/Kconfig @@ -0,0 +1,17 @@ @@ -65,7 +65,7 @@ index 0000000000..3fe2677fda + bool diff --git a/hw/loongarch/acpi-build.c b/hw/loongarch/acpi-build.c new file mode 100644 -index 0000000000..6ba637be53 +index 000000000..6ba637be5 --- /dev/null +++ b/hw/loongarch/acpi-build.c @@ -0,0 +1,783 @@ @@ -854,7 +854,7 @@ index 0000000000..6ba637be53 +} diff --git a/hw/loongarch/acpi-build.h b/hw/loongarch/acpi-build.h new file mode 100644 -index 0000000000..a914268bbe +index 000000000..a914268bb --- /dev/null +++ b/hw/loongarch/acpi-build.h @@ -0,0 +1,16 @@ @@ -876,7 +876,7 @@ index 0000000000..a914268bbe +#endif diff --git a/hw/loongarch/apic.c b/hw/loongarch/apic.c new file mode 100644 -index 0000000000..d6ba2a2cec +index 000000000..d6ba2a2ce --- /dev/null +++ b/hw/loongarch/apic.c @@ -0,0 +1,675 @@ @@ -1557,7 +1557,7 @@ index 0000000000..d6ba2a2cec + diff --git a/hw/loongarch/ioapic.c b/hw/loongarch/ioapic.c new file mode 100644 -index 0000000000..3de0ed88da +index 000000000..3de0ed88d --- /dev/null +++ b/hw/loongarch/ioapic.c @@ -0,0 +1,422 @@ @@ -1985,7 +1985,7 @@ index 0000000000..3de0ed88da +type_init(ls7a_apic_register_types) diff --git a/hw/loongarch/iocsr.c b/hw/loongarch/iocsr.c new file mode 100644 -index 0000000000..14521c2d5c +index 000000000..14521c2d5 --- /dev/null +++ b/hw/loongarch/iocsr.c @@ -0,0 +1,219 @@ @@ -2210,7 +2210,7 @@ index 0000000000..14521c2d5c +type_init(iocsr_register_types) diff --git a/hw/loongarch/ipi.c b/hw/loongarch/ipi.c new file mode 100644 -index 0000000000..ade182abcc +index 000000000..ade182abc --- /dev/null +++ b/hw/loongarch/ipi.c @@ -0,0 +1,267 @@ @@ -2483,7 +2483,7 @@ index 0000000000..ade182abcc +} diff --git a/hw/loongarch/larch_3a.c b/hw/loongarch/larch_3a.c new file mode 100644 -index 0000000000..3db269274f +index 000000000..3db269274 --- /dev/null +++ b/hw/loongarch/larch_3a.c @@ -0,0 +1,2026 @@ @@ -4515,7 +4515,7 @@ index 0000000000..3db269274f + ls3a5k_ls7a_machine_options); diff --git a/hw/loongarch/larch_hotplug.c b/hw/loongarch/larch_hotplug.c new file mode 100644 -index 0000000000..7bce957124 +index 000000000..7bce95712 --- /dev/null +++ b/hw/loongarch/larch_hotplug.c @@ -0,0 +1,355 @@ @@ -4876,7 +4876,7 @@ index 0000000000..7bce957124 + diff --git a/hw/loongarch/larch_int.c b/hw/loongarch/larch_int.c new file mode 100644 -index 0000000000..ca073a19cf +index 000000000..ca073a19c --- /dev/null +++ b/hw/loongarch/larch_int.c @@ -0,0 +1,91 @@ @@ -4973,7 +4973,7 @@ index 0000000000..ca073a19cf + diff --git a/hw/loongarch/ls7a_nb.c b/hw/loongarch/ls7a_nb.c new file mode 100644 -index 0000000000..5a500fbd5a +index 000000000..5a500fbd5 --- /dev/null +++ b/hw/loongarch/ls7a_nb.c @@ -0,0 +1,352 @@ @@ -5331,7 +5331,7 @@ index 0000000000..5a500fbd5a +type_init(ls7a_register_types) diff --git a/hw/loongarch/meson.build b/hw/loongarch/meson.build new file mode 100644 -index 0000000000..81ee99a028 +index 000000000..81ee99a02 --- /dev/null +++ b/hw/loongarch/meson.build @@ -0,0 +1,15 @@ @@ -5352,7 +5352,7 @@ index 0000000000..81ee99a028 + diff --git a/include/hw/loongarch/bios.h b/include/hw/loongarch/bios.h new file mode 100644 -index 0000000000..3677303bfa +index 000000000..3677303bf --- /dev/null +++ b/include/hw/loongarch/bios.h @@ -0,0 +1,5 @@ @@ -5363,7 +5363,7 @@ index 0000000000..3677303bfa +#define BIOS_FILENAME "loongarch_bios.bin" diff --git a/include/hw/loongarch/cpudevs.h b/include/hw/loongarch/cpudevs.h new file mode 100644 -index 0000000000..c05ae7a7fc +index 000000000..c05ae7a7f --- /dev/null +++ b/include/hw/loongarch/cpudevs.h @@ -0,0 +1,53 @@ @@ -5422,7 +5422,7 @@ index 0000000000..c05ae7a7fc +#endif diff --git a/include/hw/loongarch/larch.h b/include/hw/loongarch/larch.h new file mode 100644 -index 0000000000..0886ed52af +index 000000000..0886ed52a --- /dev/null +++ b/include/hw/loongarch/larch.h @@ -0,0 +1,163 @@ @@ -5591,7 +5591,7 @@ index 0000000000..0886ed52af +#endif diff --git a/include/hw/loongarch/ls7a.h b/include/hw/loongarch/ls7a.h new file mode 100644 -index 0000000000..686af763a0 +index 000000000..686af763a --- /dev/null +++ b/include/hw/loongarch/ls7a.h @@ -0,0 +1,152 @@ @@ -5748,5 +5748,5 @@ index 0000000000..686af763a0 + +#endif /* HW_LS7A_H */ -- -2.27.0 +2.43.5 diff --git a/0004-Add-target-loongarch64.patch b/0004-Add-target-loongarch64.patch index f08bcfa87828c41b2088b54913ff86b906bb1c6b..bca350b4ae0f20a2cad45cb7f3ce508aacad6ecd 100644 --- a/0004-Add-target-loongarch64.patch +++ b/0004-Add-target-loongarch64.patch @@ -1,14 +1,14 @@ -From 441bbe9ec5021bf56a929134a71cd85815ec3956 Mon Sep 17 00:00:00 2001 +From 73e64c37b5d0f8a12bad7562c4d442f95ee361b8 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Fri, 19 Aug 2022 23:44:33 -0400 -Subject: [PATCH 4/8] Add target/loongarch64. +Subject: [PATCH 04/28] Add target/loongarch64. Change-Id: Idd3ed114968c4a1f1be5fe19dc279028775eb89d Signed-off-by: lixianglai --- target/Kconfig | 1 + target/loongarch64/Kconfig | 2 + - target/loongarch64/arch_dump.c | 175 ++ + target/loongarch64/arch_dump.c | 174 ++ target/loongarch64/cpu-csr.h | 869 ++++++++ target/loongarch64/cpu-param.h | 30 + target/loongarch64/cpu-qom.h | 54 + @@ -36,7 +36,7 @@ Signed-off-by: lixianglai target/loongarch64/trans.inc.c | 3472 ++++++++++++++++++++++++++++++ target/loongarch64/translate.c | 2892 +++++++++++++++++++++++++ target/meson.build | 1 + - 30 files changed, 15657 insertions(+) + 30 files changed, 15656 insertions(+) create mode 100644 target/loongarch64/Kconfig create mode 100644 target/loongarch64/arch_dump.c create mode 100644 target/loongarch64/cpu-csr.h @@ -67,7 +67,7 @@ Signed-off-by: lixianglai create mode 100644 target/loongarch64/translate.c diff --git a/target/Kconfig b/target/Kconfig -index ae7f24fc66..50b46d0487 100644 +index ae7f24fc6..50b46d048 100644 --- a/target/Kconfig +++ b/target/Kconfig @@ -4,6 +4,7 @@ source avr/Kconfig @@ -80,7 +80,7 @@ index ae7f24fc66..50b46d0487 100644 source mips/Kconfig diff --git a/target/loongarch64/Kconfig b/target/loongarch64/Kconfig new file mode 100644 -index 0000000000..46b26b1a85 +index 000000000..46b26b1a8 --- /dev/null +++ b/target/loongarch64/Kconfig @@ -0,0 +1,2 @@ @@ -88,10 +88,10 @@ index 0000000000..46b26b1a85 + bool diff --git a/target/loongarch64/arch_dump.c b/target/loongarch64/arch_dump.c new file mode 100644 -index 0000000000..9fb43b33d2 +index 000000000..7b8708fdf --- /dev/null +++ b/target/loongarch64/arch_dump.c -@@ -0,0 +1,175 @@ +@@ -0,0 +1,174 @@ +/* Support for writing ELF notes for RM architectures + * + * Copyright (C) 2015 Red Hat Inc. @@ -213,11 +213,10 @@ index 0000000000..9fb43b33d2 +} + +int loongarch_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs, -+ int cpuid, DumpState *opaque) ++ int cpuid, DumpState *s) +{ + struct loongarch_note note; + CPULOONGARCHState *env = &LOONGARCH_CPU(cs)->env; -+ DumpState *s = opaque; + int ret, i; + + loongarch_note_init(¬e, s, "CORE", 5, NT_PRSTATUS, sizeof(note.prstatus)); @@ -269,7 +268,7 @@ index 0000000000..9fb43b33d2 + diff --git a/target/loongarch64/cpu-csr.h b/target/loongarch64/cpu-csr.h new file mode 100644 -index 0000000000..e549bb46b6 +index 000000000..e549bb46b --- /dev/null +++ b/target/loongarch64/cpu-csr.h @@ -0,0 +1,869 @@ @@ -1144,7 +1143,7 @@ index 0000000000..e549bb46b6 +#endif diff --git a/target/loongarch64/cpu-param.h b/target/loongarch64/cpu-param.h new file mode 100644 -index 0000000000..24ca458af0 +index 000000000..24ca458af --- /dev/null +++ b/target/loongarch64/cpu-param.h @@ -0,0 +1,30 @@ @@ -1180,7 +1179,7 @@ index 0000000000..24ca458af0 + diff --git a/target/loongarch64/cpu-qom.h b/target/loongarch64/cpu-qom.h new file mode 100644 -index 0000000000..ee9c1de571 +index 000000000..ee9c1de57 --- /dev/null +++ b/target/loongarch64/cpu-qom.h @@ -0,0 +1,54 @@ @@ -1240,7 +1239,7 @@ index 0000000000..ee9c1de571 +#endif diff --git a/target/loongarch64/cpu.c b/target/loongarch64/cpu.c new file mode 100644 -index 0000000000..a4535d34a6 +index 000000000..a4535d34a --- /dev/null +++ b/target/loongarch64/cpu.c @@ -0,0 +1,576 @@ @@ -1822,7 +1821,7 @@ index 0000000000..a4535d34a6 +type_init(loongarch_cpu_register_types) diff --git a/target/loongarch64/cpu.h b/target/loongarch64/cpu.h new file mode 100644 -index 0000000000..10facb3b73 +index 000000000..10facb3b7 --- /dev/null +++ b/target/loongarch64/cpu.h @@ -0,0 +1,326 @@ @@ -2154,7 +2153,7 @@ index 0000000000..10facb3b73 +#endif /* LOONGARCH_CPU_H */ diff --git a/target/loongarch64/csr_helper.c b/target/loongarch64/csr_helper.c new file mode 100644 -index 0000000000..182e59e925 +index 000000000..182e59e92 --- /dev/null +++ b/target/loongarch64/csr_helper.c @@ -0,0 +1,704 @@ @@ -2864,7 +2863,7 @@ index 0000000000..182e59e925 + diff --git a/target/loongarch64/fpu.c b/target/loongarch64/fpu.c new file mode 100644 -index 0000000000..795458205b +index 000000000..795458205 --- /dev/null +++ b/target/loongarch64/fpu.c @@ -0,0 +1,28 @@ @@ -2898,7 +2897,7 @@ index 0000000000..795458205b +}; diff --git a/target/loongarch64/fpu_helper.c b/target/loongarch64/fpu_helper.c new file mode 100644 -index 0000000000..42d7f05ca2 +index 000000000..42d7f05ca --- /dev/null +++ b/target/loongarch64/fpu_helper.c @@ -0,0 +1,952 @@ @@ -3856,7 +3855,7 @@ index 0000000000..42d7f05ca2 +} diff --git a/target/loongarch64/fpu_helper.h b/target/loongarch64/fpu_helper.h new file mode 100644 -index 0000000000..b6898c2e91 +index 000000000..b6898c2e9 --- /dev/null +++ b/target/loongarch64/fpu_helper.h @@ -0,0 +1,129 @@ @@ -3991,7 +3990,7 @@ index 0000000000..b6898c2e91 +#endif diff --git a/target/loongarch64/gdbstub.c b/target/loongarch64/gdbstub.c new file mode 100644 -index 0000000000..4013178f45 +index 000000000..4013178f4 --- /dev/null +++ b/target/loongarch64/gdbstub.c @@ -0,0 +1,109 @@ @@ -4106,7 +4105,7 @@ index 0000000000..4013178f45 +#endif diff --git a/target/loongarch64/helper.c b/target/loongarch64/helper.c new file mode 100644 -index 0000000000..841240e57b +index 000000000..841240e57 --- /dev/null +++ b/target/loongarch64/helper.c @@ -0,0 +1,727 @@ @@ -4839,7 +4838,7 @@ index 0000000000..841240e57b +} diff --git a/target/loongarch64/helper.h b/target/loongarch64/helper.h new file mode 100644 -index 0000000000..ff2026ed82 +index 000000000..ff2026ed8 --- /dev/null +++ b/target/loongarch64/helper.h @@ -0,0 +1,168 @@ @@ -5013,7 +5012,7 @@ index 0000000000..ff2026ed82 +DEF_HELPER_2(memtrace_val, void, env, tl) diff --git a/target/loongarch64/insn.decode b/target/loongarch64/insn.decode new file mode 100644 -index 0000000000..f194f70116 +index 000000000..f194f7011 --- /dev/null +++ b/target/loongarch64/insn.decode @@ -0,0 +1,514 @@ @@ -5533,7 +5532,7 @@ index 0000000000..f194f70116 +bgeu 0110 11 ................ ..... ..... @fmt_rjrdoffs16 diff --git a/target/loongarch64/instmap.h b/target/loongarch64/instmap.h new file mode 100644 -index 0000000000..6e85847f8a +index 000000000..6e85847f8 --- /dev/null +++ b/target/loongarch64/instmap.h @@ -0,0 +1,216 @@ @@ -5755,7 +5754,7 @@ index 0000000000..6e85847f8a +#endif diff --git a/target/loongarch64/internal.h b/target/loongarch64/internal.h new file mode 100644 -index 0000000000..79a70e9d26 +index 000000000..43594c5ac --- /dev/null +++ b/target/loongarch64/internal.h @@ -0,0 +1,184 @@ @@ -5922,7 +5921,7 @@ index 0000000000..79a70e9d26 +uint64_t cpu_loongarch_get_stable_timer_ticks(CPULOONGARCHState *env); +void cpu_loongarch_store_stable_timer_config(CPULOONGARCHState *env, uint64_t value); +int loongarch_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cpu, -+ int cpuid, DumpState *opaque); ++ int cpuid, DumpState *s); + +void loongarch_cpu_dump_state(CPUState *cpu, FILE *f, int flags); + @@ -5945,7 +5944,7 @@ index 0000000000..79a70e9d26 +#endif diff --git a/target/loongarch64/kvm.c b/target/loongarch64/kvm.c new file mode 100644 -index 0000000000..404a605eb6 +index 000000000..404a605eb --- /dev/null +++ b/target/loongarch64/kvm.c @@ -0,0 +1,1622 @@ @@ -7573,7 +7572,7 @@ index 0000000000..404a605eb6 +} diff --git a/target/loongarch64/kvm_larch.h b/target/loongarch64/kvm_larch.h new file mode 100644 -index 0000000000..a56026d10c +index 000000000..a56026d10 --- /dev/null +++ b/target/loongarch64/kvm_larch.h @@ -0,0 +1,41 @@ @@ -7620,7 +7619,7 @@ index 0000000000..a56026d10c +#endif /* KVM_LOONGARCH_H */ diff --git a/target/loongarch64/larch-defs.h b/target/loongarch64/larch-defs.h new file mode 100644 -index 0000000000..d3a61cf255 +index 000000000..d3a61cf25 --- /dev/null +++ b/target/loongarch64/larch-defs.h @@ -0,0 +1,27 @@ @@ -7653,7 +7652,7 @@ index 0000000000..d3a61cf255 +#endif /* QEMU_LOONGARCH_DEFS_H */ diff --git a/target/loongarch64/machine.c b/target/loongarch64/machine.c new file mode 100644 -index 0000000000..b69bca6a9b +index 000000000..b69bca6a9 --- /dev/null +++ b/target/loongarch64/machine.c @@ -0,0 +1,416 @@ @@ -8075,7 +8074,7 @@ index 0000000000..b69bca6a9b +}; diff --git a/target/loongarch64/meson.build b/target/loongarch64/meson.build new file mode 100644 -index 0000000000..6badf4484e +index 000000000..6badf4484 --- /dev/null +++ b/target/loongarch64/meson.build @@ -0,0 +1,35 @@ @@ -8116,7 +8115,7 @@ index 0000000000..6badf4484e +target_user_arch += {'loongarch64': loongarch_user_ss} diff --git a/target/loongarch64/op_helper.c b/target/loongarch64/op_helper.c new file mode 100644 -index 0000000000..9a34c0d25e +index 000000000..9a34c0d25 --- /dev/null +++ b/target/loongarch64/op_helper.c @@ -0,0 +1,533 @@ @@ -8655,7 +8654,7 @@ index 0000000000..9a34c0d25e +} diff --git a/target/loongarch64/stabletimer.c b/target/loongarch64/stabletimer.c new file mode 100644 -index 0000000000..b86fecf899 +index 000000000..b86fecf89 --- /dev/null +++ b/target/loongarch64/stabletimer.c @@ -0,0 +1,122 @@ @@ -8783,7 +8782,7 @@ index 0000000000..b86fecf899 +} diff --git a/target/loongarch64/tlb_helper.c b/target/loongarch64/tlb_helper.c new file mode 100644 -index 0000000000..f5e68349a9 +index 000000000..f5e68349a --- /dev/null +++ b/target/loongarch64/tlb_helper.c @@ -0,0 +1,729 @@ @@ -9518,7 +9517,7 @@ index 0000000000..f5e68349a9 +#endif /* !CONFIG_USER_ONLY */ diff --git a/target/loongarch64/trace-events b/target/loongarch64/trace-events new file mode 100644 -index 0000000000..e0bca4f82e +index 000000000..e0bca4f82 --- /dev/null +++ b/target/loongarch64/trace-events @@ -0,0 +1,3 @@ @@ -9527,7 +9526,7 @@ index 0000000000..e0bca4f82e +# target/loongarch/translate.c diff --git a/target/loongarch64/trans.inc.c b/target/loongarch64/trans.inc.c new file mode 100644 -index 0000000000..e50670be47 +index 000000000..e50670be4 --- /dev/null +++ b/target/loongarch64/trans.inc.c @@ -0,0 +1,3472 @@ @@ -13005,7 +13004,7 @@ index 0000000000..e50670be47 +} diff --git a/target/loongarch64/translate.c b/target/loongarch64/translate.c new file mode 100644 -index 0000000000..fe122e4c31 +index 000000000..fe122e4c3 --- /dev/null +++ b/target/loongarch64/translate.c @@ -0,0 +1,2892 @@ @@ -15902,7 +15901,7 @@ index 0000000000..fe122e4c31 + } +} diff --git a/target/meson.build b/target/meson.build -index 2f6940255e..ac0ce618b7 100644 +index 2f6940255..ac0ce618b 100644 --- a/target/meson.build +++ b/target/meson.build @@ -5,6 +5,7 @@ subdir('cris') @@ -15914,5 +15913,5 @@ index 2f6940255e..ac0ce618b7 100644 subdir('microblaze') subdir('mips') -- -2.27.0 +2.43.5 diff --git a/0005-Add-linux-headers-and-linux-user.patch b/0005-Add-linux-headers-and-linux-user.patch index 93ba8edf51f2167c5e5de8b70d4e6c25dc0e7172..8e5b37e66e30cf268b4ede4ce06f0d02e1b3bca7 100644 --- a/0005-Add-linux-headers-and-linux-user.patch +++ b/0005-Add-linux-headers-and-linux-user.patch @@ -1,7 +1,7 @@ -From 0d21e423fc15e8e2e2fdc910a7e94e051427f230 Mon Sep 17 00:00:00 2001 +From be4aee607329aee902b9a03936523c7d57d47100 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Fri, 19 Aug 2022 23:47:06 -0400 -Subject: [PATCH 5/8] Add linux-headers and linux-user. +Subject: [PATCH 05/28] Add linux-headers and linux-user. Change-Id: If052442a981fed87c03ca431c010629dc8e872ca Signed-off-by: lixianglai @@ -42,7 +42,7 @@ Signed-off-by: lixianglai diff --git a/linux-headers/asm-loongarch64/bitsperlong.h b/linux-headers/asm-loongarch64/bitsperlong.h new file mode 100644 -index 0000000000..5c2c8779a6 +index 000000000..5c2c8779a --- /dev/null +++ b/linux-headers/asm-loongarch64/bitsperlong.h @@ -0,0 +1,9 @@ @@ -57,7 +57,7 @@ index 0000000000..5c2c8779a6 +#endif /* __ASM_LOONGARCH_BITSPERLONG_H */ diff --git a/linux-headers/asm-loongarch64/kvm.h b/linux-headers/asm-loongarch64/kvm.h new file mode 100644 -index 0000000000..a24375ee59 +index 000000000..a24375ee5 --- /dev/null +++ b/linux-headers/asm-loongarch64/kvm.h @@ -0,0 +1,346 @@ @@ -409,7 +409,7 @@ index 0000000000..a24375ee59 +#endif /* __LINUX_KVM_LOONGARCH_H */ diff --git a/linux-headers/asm-loongarch64/sgidefs.h b/linux-headers/asm-loongarch64/sgidefs.h new file mode 100644 -index 0000000000..b809608349 +index 000000000..b80960834 --- /dev/null +++ b/linux-headers/asm-loongarch64/sgidefs.h @@ -0,0 +1,20 @@ @@ -435,7 +435,7 @@ index 0000000000..b809608349 +#endif /* __ASM_SGIDEFS_H */ diff --git a/linux-headers/asm-loongarch64/unistd.h b/linux-headers/asm-loongarch64/unistd.h new file mode 100644 -index 0000000000..2a6014562a +index 000000000..2a6014562 --- /dev/null +++ b/linux-headers/asm-loongarch64/unistd.h @@ -0,0 +1,23 @@ @@ -464,7 +464,7 @@ index 0000000000..2a6014562a +#include diff --git a/linux-user/loongarch64/cpu_loop.c b/linux-user/loongarch64/cpu_loop.c new file mode 100644 -index 0000000000..6d4093e1d7 +index 000000000..6d4093e1d --- /dev/null +++ b/linux-user/loongarch64/cpu_loop.c @@ -0,0 +1,193 @@ @@ -663,7 +663,7 @@ index 0000000000..6d4093e1d7 +} diff --git a/linux-user/loongarch64/meson.build b/linux-user/loongarch64/meson.build new file mode 100644 -index 0000000000..c4c0b4d701 +index 000000000..c4c0b4d70 --- /dev/null +++ b/linux-user/loongarch64/meson.build @@ -0,0 +1,6 @@ @@ -675,7 +675,7 @@ index 0000000000..c4c0b4d701 +} diff --git a/linux-user/loongarch64/signal.c b/linux-user/loongarch64/signal.c new file mode 100644 -index 0000000000..6fe6852758 +index 000000000..6fe685275 --- /dev/null +++ b/linux-user/loongarch64/signal.c @@ -0,0 +1,212 @@ @@ -893,14 +893,14 @@ index 0000000000..6fe6852758 +} diff --git a/linux-user/loongarch64/sockbits.h b/linux-user/loongarch64/sockbits.h new file mode 100644 -index 0000000000..0e4c8f012d +index 000000000..0e4c8f012 --- /dev/null +++ b/linux-user/loongarch64/sockbits.h @@ -0,0 +1 @@ +#include "../generic/sockbits.h" diff --git a/linux-user/loongarch64/syscall_nr.h b/linux-user/loongarch64/syscall_nr.h new file mode 100644 -index 0000000000..a30aca8d8e +index 000000000..a30aca8d8 --- /dev/null +++ b/linux-user/loongarch64/syscall_nr.h @@ -0,0 +1,287 @@ @@ -1193,7 +1193,7 @@ index 0000000000..a30aca8d8e +#endif diff --git a/linux-user/loongarch64/target_cpu.h b/linux-user/loongarch64/target_cpu.h new file mode 100644 -index 0000000000..0f6845737f +index 000000000..0f6845737 --- /dev/null +++ b/linux-user/loongarch64/target_cpu.h @@ -0,0 +1,45 @@ @@ -1244,7 +1244,7 @@ index 0000000000..0f6845737f +#endif diff --git a/linux-user/loongarch64/target_elf.h b/linux-user/loongarch64/target_elf.h new file mode 100644 -index 0000000000..6c153d12c4 +index 000000000..6c153d12c --- /dev/null +++ b/linux-user/loongarch64/target_elf.h @@ -0,0 +1,14 @@ @@ -1264,7 +1264,7 @@ index 0000000000..6c153d12c4 +#endif diff --git a/linux-user/loongarch64/target_fcntl.h b/linux-user/loongarch64/target_fcntl.h new file mode 100644 -index 0000000000..a3d7b46062 +index 000000000..a3d7b4606 --- /dev/null +++ b/linux-user/loongarch64/target_fcntl.h @@ -0,0 +1,13 @@ @@ -1283,7 +1283,7 @@ index 0000000000..a3d7b46062 +#endif /* LOONGARCH_TARGET_FCNTL_H */ diff --git a/linux-user/loongarch64/target_signal.h b/linux-user/loongarch64/target_signal.h new file mode 100644 -index 0000000000..e418c8e8f5 +index 000000000..e418c8e8f --- /dev/null +++ b/linux-user/loongarch64/target_signal.h @@ -0,0 +1,23 @@ @@ -1312,7 +1312,7 @@ index 0000000000..e418c8e8f5 +#endif /* LOONGARCH_TARGET_SIGNAL_H */ diff --git a/linux-user/loongarch64/target_structs.h b/linux-user/loongarch64/target_structs.h new file mode 100644 -index 0000000000..280acd0971 +index 000000000..280acd097 --- /dev/null +++ b/linux-user/loongarch64/target_structs.h @@ -0,0 +1,62 @@ @@ -1380,7 +1380,7 @@ index 0000000000..280acd0971 +#endif diff --git a/linux-user/loongarch64/target_syscall.h b/linux-user/loongarch64/target_syscall.h new file mode 100644 -index 0000000000..cb77f07080 +index 000000000..cb77f0708 --- /dev/null +++ b/linux-user/loongarch64/target_syscall.h @@ -0,0 +1,44 @@ @@ -1430,7 +1430,7 @@ index 0000000000..cb77f07080 +#endif /* LOONGARCH_TARGET_SYSCALL_H */ diff --git a/linux-user/loongarch64/termbits.h b/linux-user/loongarch64/termbits.h new file mode 100644 -index 0000000000..6c613a1973 +index 000000000..6c613a197 --- /dev/null +++ b/linux-user/loongarch64/termbits.h @@ -0,0 +1,224 @@ @@ -1659,5 +1659,5 @@ index 0000000000..6c613a1973 + +#endif -- -2.27.0 +2.43.5 diff --git a/0006-Add-disas-gdb.patch b/0006-Add-disas-gdb.patch index 00d9b5ed37d0ea9ec82b8fe8017ec3fe46fcb45a..97e9a6d84400e83434066de66efa1973ee0bb150 100644 --- a/0006-Add-disas-gdb.patch +++ b/0006-Add-disas-gdb.patch @@ -1,7 +1,7 @@ -From 0789663b3a2ad105a209c7aa36d102a5b05f1397 Mon Sep 17 00:00:00 2001 +From dbf0724c5c9e7928f0007e6a5e0009cabba90457 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Fri, 19 Aug 2022 23:51:12 -0400 -Subject: [PATCH 6/8] Add disas gdb. +Subject: [PATCH 06/28] Add disas gdb. Change-Id: If41c0fc8aa128796e342319c7673fab3ccbf3913 Signed-off-by: lixianglai @@ -25,7 +25,7 @@ Signed-off-by: lixianglai diff --git a/configs/devices/loongarch64-softmmu/default.mak b/configs/devices/loongarch64-softmmu/default.mak new file mode 100644 -index 0000000000..fcb7e45dd2 +index 000000000..fcb7e45dd --- /dev/null +++ b/configs/devices/loongarch64-softmmu/default.mak @@ -0,0 +1,154 @@ @@ -185,7 +185,7 @@ index 0000000000..fcb7e45dd2 +CONFIG_LS7A_RTC=y diff --git a/configs/targets/loongarch64-softmmu.mak b/configs/targets/loongarch64-softmmu.mak new file mode 100644 -index 0000000000..dc5ab39661 +index 000000000..dc5ab3966 --- /dev/null +++ b/configs/targets/loongarch64-softmmu.mak @@ -0,0 +1,4 @@ @@ -195,7 +195,7 @@ index 0000000000..dc5ab39661 + diff --git a/disas/loongarch.c b/disas/loongarch.c new file mode 100644 -index 0000000000..14dd131e2e +index 000000000..14dd131e2 --- /dev/null +++ b/disas/loongarch.c @@ -0,0 +1,2748 @@ @@ -2948,7 +2948,7 @@ index 0000000000..14dd131e2e + return INSNLEN; +} diff --git a/disas/meson.build b/disas/meson.build -index 449f99e1de..06a69d9d72 100644 +index 449f99e1d..06a69d9d7 100644 --- a/disas/meson.build +++ b/disas/meson.build @@ -12,6 +12,7 @@ common_ss.add(when: 'CONFIG_I386_DIS', if_true: files('i386.c')) @@ -2961,7 +2961,7 @@ index 449f99e1de..06a69d9d72 100644 common_ss.add(when: 'CONFIG_PPC_DIS', if_true: files('ppc.c')) diff --git a/gdb-xml/loongarch-base32.xml b/gdb-xml/loongarch-base32.xml new file mode 100644 -index 0000000000..04891e023f +index 000000000..04891e023 --- /dev/null +++ b/gdb-xml/loongarch-base32.xml @@ -0,0 +1,43 @@ @@ -3010,7 +3010,7 @@ index 0000000000..04891e023f + diff --git a/gdb-xml/loongarch-base64.xml b/gdb-xml/loongarch-base64.xml new file mode 100644 -index 0000000000..6308fb6ecb +index 000000000..6308fb6ec --- /dev/null +++ b/gdb-xml/loongarch-base64.xml @@ -0,0 +1,43 @@ @@ -3059,7 +3059,7 @@ index 0000000000..6308fb6ecb + diff --git a/gdb-xml/loongarch-fpu32.xml b/gdb-xml/loongarch-fpu32.xml new file mode 100644 -index 0000000000..a5b4d80e6c +index 000000000..a5b4d80e6 --- /dev/null +++ b/gdb-xml/loongarch-fpu32.xml @@ -0,0 +1,52 @@ @@ -3117,7 +3117,7 @@ index 0000000000..a5b4d80e6c + diff --git a/gdb-xml/loongarch-fpu64.xml b/gdb-xml/loongarch-fpu64.xml new file mode 100644 -index 0000000000..74ab55a015 +index 000000000..74ab55a01 --- /dev/null +++ b/gdb-xml/loongarch-fpu64.xml @@ -0,0 +1,57 @@ @@ -3179,5 +3179,5 @@ index 0000000000..74ab55a015 + + -- -2.27.0 +2.43.5 diff --git a/0007-Modify-kvm-cpu-vga-qapi.patch b/0007-Modify-kvm-cpu-vga-qapi.patch index c2b94f1fbca179772e24c1563c45beb094b0d5f3..7c09b0a68a65277ce9cf28dd417e84ad7bb46abd 100644 --- a/0007-Modify-kvm-cpu-vga-qapi.patch +++ b/0007-Modify-kvm-cpu-vga-qapi.patch @@ -1,38 +1,36 @@ -From 6e52e755bd54efb15afa052dac6dd0c7f696e366 Mon Sep 17 00:00:00 2001 +From 42c6c2a89fa44100141cd2b7e178f965d1b8f80f Mon Sep 17 00:00:00 2001 From: lixianglai Date: Sat, 20 Aug 2022 02:18:41 -0400 -Subject: [PATCH 7/8] Modify kvm cpu vga qapi. +Subject: [PATCH 07/28] Modify kvm cpu vga qapi. Change-Id: I7923af804bdbe6d44d3f521df1859aa081afceba Signed-off-by: lixianglai Signed-off-by: Mao Bibo --- - hw/acpi/cpu.c | 11 ++++++ - hw/loongarch/iocsr.c | 2 ++ - hw/loongarch/larch_3a.c | 18 +++++----- - hw/meson.build | 1 + - include/disas/dis-asm.h | 1 + - include/elf.h | 2 ++ - include/hw/loongarch/larch.h | 1 - - include/qemu/osdep.h | 3 ++ - include/sysemu/arch_init.h | 1 + - linux-headers/linux/kvm.h | 23 ++++++++++++ - linux-user/elfload.c | 67 +++++++++++++++++++++++++++++++++++ - linux-user/meson.build | 1 + - linux-user/qemu.h | 2 +- - linux-user/syscall.c | 3 ++ - linux-user/syscall_defs.h | 9 ++--- - meson.build | 1 + - pc-bios/loongarch_bios.bin | Bin 0 -> 4190208 bytes - pc-bios/meson.build | 1 + - qapi/machine-target.json | 6 ++-- - qapi/machine.json | 2 +- - qapi/misc-target.json | 1 + - 21 files changed, 138 insertions(+), 18 deletions(-) - create mode 100644 pc-bios/loongarch_bios.bin + hw/acpi/cpu.c | 11 ++++++ + hw/loongarch/iocsr.c | 2 ++ + hw/loongarch/larch_3a.c | 18 +++++----- + hw/meson.build | 1 + + include/disas/dis-asm.h | 1 + + include/elf.h | 2 ++ + include/hw/loongarch/larch.h | 1 - + include/qemu/osdep.h | 3 ++ + include/sysemu/arch_init.h | 1 + + linux-headers/linux/kvm.h | 23 +++++++++++++ + linux-user/elfload.c | 67 ++++++++++++++++++++++++++++++++++++ + linux-user/meson.build | 1 + + linux-user/qemu.h | 2 +- + linux-user/syscall.c | 3 ++ + linux-user/syscall_defs.h | 9 ++--- + meson.build | 1 + + pc-bios/meson.build | 1 + + qapi/machine-target.json | 6 ++-- + qapi/machine.json | 2 +- + qapi/misc-target.json | 1 + + 20 files changed, 138 insertions(+), 18 deletions(-) diff --git a/hw/acpi/cpu.c b/hw/acpi/cpu.c -index b20903ea30..cd73fab65b 100644 +index b20903ea3..cd73fab65 100644 --- a/hw/acpi/cpu.c +++ b/hw/acpi/cpu.c @@ -371,14 +371,25 @@ void build_cpus_aml(Aml *table, MachineState *machine, CPUHotplugFeatures opts, @@ -62,7 +60,7 @@ index b20903ea30..cd73fab65b 100644 field = aml_field("PRST", AML_BYTE_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS); diff --git a/hw/loongarch/iocsr.c b/hw/loongarch/iocsr.c -index 14521c2d5c..60daafd6e1 100644 +index 14521c2d5..60daafd6e 100644 --- a/hw/loongarch/iocsr.c +++ b/hw/loongarch/iocsr.c @@ -59,6 +59,7 @@ enum { @@ -82,7 +80,7 @@ index 14521c2d5c..60daafd6e1 100644 #define TYPE_IOCSR "iocsr" diff --git a/hw/loongarch/larch_3a.c b/hw/loongarch/larch_3a.c -index 3db269274f..3194a822cc 100644 +index 3db269274..3194a822c 100644 --- a/hw/loongarch/larch_3a.c +++ b/hw/loongarch/larch_3a.c @@ -846,7 +846,7 @@ static void fw_cfg_add_kernel_info(FWCfgState *fw_cfg, @@ -136,7 +134,7 @@ index 3db269274f..3194a822cc 100644 } } diff --git a/hw/meson.build b/hw/meson.build -index b3366c888e..f224f8ad28 100644 +index b3366c888..f224f8ad2 100644 --- a/hw/meson.build +++ b/hw/meson.build @@ -17,6 +17,7 @@ subdir('intc') @@ -148,7 +146,7 @@ index b3366c888e..f224f8ad28 100644 subdir('misc') subdir('net') diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h -index 08e1beec85..95b93f1002 100644 +index 08e1beec8..95b93f100 100644 --- a/include/disas/dis-asm.h +++ b/include/disas/dis-asm.h @@ -461,6 +461,7 @@ int print_insn_riscv32 (bfd_vma, disassemble_info*); @@ -160,7 +158,7 @@ index 08e1beec85..95b93f1002 100644 #ifdef CONFIG_CAPSTONE bool cap_disas_target(disassemble_info *info, uint64_t pc, size_t size); diff --git a/include/elf.h b/include/elf.h -index 811bf4a1cb..66030f4906 100644 +index 4edab8e5a..c614bfb12 100644 --- a/include/elf.h +++ b/include/elf.h @@ -182,6 +182,8 @@ typedef struct mips_elf_abiflags_v0 { @@ -173,7 +171,7 @@ index 811bf4a1cb..66030f4906 100644 * This is an interim value that we will use until the committee comes * up with a final number. diff --git a/include/hw/loongarch/larch.h b/include/hw/loongarch/larch.h -index 0886ed52af..62e2830e27 100644 +index 0886ed52a..62e2830e2 100644 --- a/include/hw/loongarch/larch.h +++ b/include/hw/loongarch/larch.h @@ -159,5 +159,4 @@ bool loongarch_is_acpi_enabled(LoongarchMachineState *vms); @@ -183,7 +181,7 @@ index 0886ed52af..62e2830e27 100644 -extern uint64_t host_cpufreq; #endif diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h -index 60718fc342..903475bb21 100644 +index 60718fc34..903475bb2 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -533,6 +533,9 @@ static inline void qemu_cleanup_generic_vfree(void *p) @@ -197,7 +195,7 @@ index 60718fc342..903475bb21 100644 /* Use 1 MiB (segment size) alignment so gmap can be used by KVM. */ # define QEMU_VMALLOC_ALIGN (256 * 4096) diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h -index 70c579560a..62d1a4b92d 100644 +index 70c579560..62d1a4b92 100644 --- a/include/sysemu/arch_init.h +++ b/include/sysemu/arch_init.h @@ -24,6 +24,7 @@ enum { @@ -209,10 +207,10 @@ index 70c579560a..62d1a4b92d 100644 extern const uint32_t arch_type; diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h -index bcaf66cc4d..20b90426f5 100644 +index c65930288..0e50d3749 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h -@@ -2002,6 +2002,29 @@ struct kvm_stats_desc { +@@ -2115,6 +2115,29 @@ struct kvm_stats_desc { char name[]; }; @@ -243,7 +241,7 @@ index bcaf66cc4d..20b90426f5 100644 /* Available with KVM_CAP_XSAVE2 */ diff --git a/linux-user/elfload.c b/linux-user/elfload.c -index 767f54c76d..9fb632780a 100644 +index 767f54c76..9fb632780 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -1041,6 +1041,73 @@ static uint32_t get_elf_hwcap(void) @@ -321,7 +319,7 @@ index 767f54c76d..9fb632780a 100644 #define ELF_START_MMAP 0x80000000 diff --git a/linux-user/meson.build b/linux-user/meson.build -index bf62c13e37..195f9e83ac 100644 +index bf62c13e3..195f9e83a 100644 --- a/linux-user/meson.build +++ b/linux-user/meson.build @@ -39,3 +39,4 @@ subdir('sh4') @@ -330,7 +328,7 @@ index bf62c13e37..195f9e83ac 100644 subdir('xtensa') +subdir('loongarch64') diff --git a/linux-user/qemu.h b/linux-user/qemu.h -index 5c713fa8ab..66ddb25d1c 100644 +index 5c713fa8a..66ddb25d1 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -61,7 +61,7 @@ struct image_info { @@ -343,7 +341,7 @@ index 5c713fa8ab..66ddb25d1c 100644 int interp_fp_abi; #endif diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index f1cfcc8104..729131ecd0 100644 +index f1cfcc810..729131ecd 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1614,6 +1614,9 @@ static abi_long do_pipe(void *cpu_env, abi_ulong pipedes, @@ -357,7 +355,7 @@ index f1cfcc8104..729131ecd0 100644 ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1]; return host_pipe[0]; diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index 0b13975937..7e2915d53e 100644 +index 0b1397593..7e2915d53 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -74,7 +74,7 @@ @@ -405,7 +403,7 @@ index 0b13975937..7e2915d53e 100644 struct target_statfs { abi_long f_type; diff --git a/meson.build b/meson.build -index 5f6ba86dbb..fc2dc58f33 100644 +index 5f6ba86db..fc2dc58f3 100644 --- a/meson.build +++ b/meson.build @@ -1814,6 +1814,7 @@ disassemblers = { @@ -416,9 +414,8 @@ index 5f6ba86dbb..fc2dc58f33 100644 } if link_language == 'cpp' disassemblers += { - diff --git a/pc-bios/meson.build b/pc-bios/meson.build -index b40ff3f2bd..a09ca4d03c 100644 +index b40ff3f2b..a09ca4d03 100644 --- a/pc-bios/meson.build +++ b/pc-bios/meson.build @@ -83,6 +83,7 @@ blobs = files( @@ -430,7 +427,7 @@ index b40ff3f2bd..a09ca4d03c 100644 if get_option('install_blobs') diff --git a/qapi/machine-target.json b/qapi/machine-target.json -index f5ec4bc172..682dc86b42 100644 +index f5ec4bc17..682dc86b4 100644 --- a/qapi/machine-target.json +++ b/qapi/machine-target.json @@ -324,7 +324,8 @@ @@ -451,7 +448,7 @@ index f5ec4bc172..682dc86b42 100644 + 'TARGET_MIPS', + 'TARGET_LOONGARCH64' ] } } diff --git a/qapi/machine.json b/qapi/machine.json -index a9f33d0f27..cd47b8d6bc 100644 +index a9f33d0f2..cd47b8d6b 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -34,7 +34,7 @@ @@ -464,7 +461,7 @@ index a9f33d0f27..cd47b8d6bc 100644 ## # @CpuS390State: diff --git a/qapi/misc-target.json b/qapi/misc-target.json -index 4bc45d2474..63cebef573 100644 +index ede905244..2cf4fa418 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -33,6 +33,7 @@ @@ -476,5 +473,5 @@ index 4bc45d2474..63cebef573 100644 ## -- -2.27.0 +2.43.5 diff --git a/0008-Modify-compile-script.patch b/0008-Modify-compile-script.patch index 87054eeab4b4c0db0c5c933ff8bb2c1a64d28a54..bcf14ccab0a6fd7e6d84d2dd967bae16607360dc 100644 --- a/0008-Modify-compile-script.patch +++ b/0008-Modify-compile-script.patch @@ -1,7 +1,7 @@ -From b051f9fdabc2cd49c1c80ef50bbee276b6946609 Mon Sep 17 00:00:00 2001 +From c46de76fc41792974d0e1c9896f89ab257cae345 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 22 Aug 2022 08:22:03 -0400 -Subject: [PATCH 08/10] Modify compile script. +Subject: [PATCH 08/28] Modify compile script. Change-Id: I8573477d64f5974092001869d7aa9bb093f347e8 Signed-off-by: lixianglai @@ -10,7 +10,7 @@ Signed-off-by: lixianglai 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build -index fc2dc58f33..c0fb5788f7 100644 +index fc2dc58f3..c0fb5788f 100644 --- a/meson.build +++ b/meson.build @@ -56,7 +56,7 @@ python = import('python').find_installation() @@ -32,5 +32,5 @@ index fc2dc58f33..c0fb5788f7 100644 kvm_targets = [] endif -- -2.27.0 +2.43.5 diff --git a/0009-Add-loongarch64-rh-devices.mak.patch b/0009-Add-loongarch64-rh-devices.mak.patch index ef7533dda0e809d0480e1620c5741dfc1e52e977..a06c1f067bca8236427fe6b668b02f1682242f52 100644 --- a/0009-Add-loongarch64-rh-devices.mak.patch +++ b/0009-Add-loongarch64-rh-devices.mak.patch @@ -1,7 +1,7 @@ -From d2163a939cd14d3d9a8a4afb9d9eacbb71b61517 Mon Sep 17 00:00:00 2001 +From 89fb9c8e0ca11e311417981d46768642d1f8e6d2 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Wed, 24 Aug 2022 22:56:29 -0400 -Subject: [PATCH 09/10] Add loongarch64-rh-devices.mak. +Subject: [PATCH 09/28] Add loongarch64-rh-devices.mak. Change-Id: I375face82c0aa68c053254b879267830d6981756 Signed-off-by: lixianglai @@ -25,7 +25,7 @@ Signed-off-by: lixianglai diff --git a/configs/devices/loongarch64-softmmu/loongarch64-rh-devices.mak b/configs/devices/loongarch64-softmmu/loongarch64-rh-devices.mak new file mode 100644 -index 0000000000..e7b5bdc8e9 +index 000000000..e7b5bdc8e --- /dev/null +++ b/configs/devices/loongarch64-softmmu/loongarch64-rh-devices.mak @@ -0,0 +1,155 @@ @@ -185,7 +185,7 @@ index 0000000000..e7b5bdc8e9 +CONFIG_ACPI_LOONGARCH=y +CONFIG_LS7A_RTC=y diff --git a/configure b/configure -index 48c21775f3..1f932f7eeb 100755 +index 48c21775f..1f932f7ee 100755 --- a/configure +++ b/configure @@ -581,6 +581,8 @@ elif check_define __arm__ ; then @@ -208,7 +208,7 @@ index 48c21775f3..1f932f7eeb 100755 cpu="mips" ;; diff --git a/meson.build b/meson.build -index c0fb5788f7..c5fdb78569 100644 +index c0fb5788f..c5fdb7856 100644 --- a/meson.build +++ b/meson.build @@ -361,6 +361,8 @@ if not get_option('tcg').disabled() @@ -221,7 +221,7 @@ index c0fb5788f7..c5fdb78569 100644 add_project_arguments('-iquote', meson.current_source_dir() / 'tcg' / tcg_arch, language: ['c', 'cpp', 'objc']) diff --git a/pc-bios/meson.build b/pc-bios/meson.build -index a09ca4d03c..60009bd89e 100644 +index a09ca4d03..60009bd89 100644 --- a/pc-bios/meson.build +++ b/pc-bios/meson.build @@ -84,6 +84,7 @@ blobs = files( @@ -234,7 +234,7 @@ index a09ca4d03c..60009bd89e 100644 if get_option('install_blobs') diff --git a/tcg/loongarch64/tcg-insn-defs.c.inc b/tcg/loongarch64/tcg-insn-defs.c.inc new file mode 100644 -index 0000000000..d162571856 +index 000000000..d16257185 --- /dev/null +++ b/tcg/loongarch64/tcg-insn-defs.c.inc @@ -0,0 +1,979 @@ @@ -1219,7 +1219,7 @@ index 0000000000..d162571856 +/* End of generated code. */ diff --git a/tcg/loongarch64/tcg-target-con-set.h b/tcg/loongarch64/tcg-target-con-set.h new file mode 100644 -index 0000000000..349c672687 +index 000000000..349c67268 --- /dev/null +++ b/tcg/loongarch64/tcg-target-con-set.h @@ -0,0 +1,31 @@ @@ -1256,7 +1256,7 @@ index 0000000000..349c672687 +C_O1_I2(r, rZ, rZ) diff --git a/tcg/loongarch64/tcg-target-con-str.h b/tcg/loongarch64/tcg-target-con-str.h new file mode 100644 -index 0000000000..c3986a4fd4 +index 000000000..c3986a4fd --- /dev/null +++ b/tcg/loongarch64/tcg-target-con-str.h @@ -0,0 +1,28 @@ @@ -1290,7 +1290,7 @@ index 0000000000..c3986a4fd4 +CONST('W', TCG_CT_CONST_WSZ) diff --git a/tcg/loongarch64/tcg-target.c.inc b/tcg/loongarch64/tcg-target.c.inc new file mode 100644 -index 0000000000..9b53549edb +index 000000000..9b53549ed --- /dev/null +++ b/tcg/loongarch64/tcg-target.c.inc @@ -0,0 +1,1744 @@ @@ -3040,7 +3040,7 @@ index 0000000000..9b53549edb +} diff --git a/tcg/loongarch64/tcg-target.h b/tcg/loongarch64/tcg-target.h new file mode 100644 -index 0000000000..d58a6162f2 +index 000000000..d58a6162f --- /dev/null +++ b/tcg/loongarch64/tcg-target.h @@ -0,0 +1,178 @@ @@ -3223,5 +3223,5 @@ index 0000000000..d58a6162f2 + +#endif /* LOONGARCH_TCG_TARGET_H */ -- -2.27.0 +2.43.5 diff --git a/Add-lbt-support-for-kvm.patch b/Add-lbt-support-for-kvm.patch index d2d6ef431a23b865d7986ca9d52a2b8bbfa9785b..660785f9b96191c48b1c33fb93082979741ee81b 100644 --- a/Add-lbt-support-for-kvm.patch +++ b/Add-lbt-support-for-kvm.patch @@ -1,7 +1,7 @@ -From 02aacf8cfbe627c0012bf38a007a8a8ec9f95cb5 Mon Sep 17 00:00:00 2001 +From b7760c4fd70de74df6014394c5d27d498fed3e31 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 08:00:52 -0400 -Subject: [PATCH 13/14] Add lbt support for kvm +Subject: [PATCH 22/28] Add lbt support for kvm Signed-off-by: lixianglai --- @@ -150,5 +150,5 @@ index b6711da91..0eaabe394 100644 return ret; } -- -2.27.0 +2.43.5 diff --git a/Add-loongarch-into-QEMU_ARCH_VIRTIO_PCI-to-support-q.patch b/Add-loongarch-into-QEMU_ARCH_VIRTIO_PCI-to-support-q.patch index 7991934f46a0a2cd538f02e8901e70a3f5f4ab31..330b37d5accfd60c8c1a79fcbeae37e2067c8e09 100644 --- a/Add-loongarch-into-QEMU_ARCH_VIRTIO_PCI-to-support-q.patch +++ b/Add-loongarch-into-QEMU_ARCH_VIRTIO_PCI-to-support-q.patch @@ -1,7 +1,7 @@ -From 1ebc0cc2ede04d6e70291ff1344ee80c38e5ebd2 Mon Sep 17 00:00:00 2001 +From 3e8ddd1af3c46387ed45319dd0dc3c0a673b989f Mon Sep 17 00:00:00 2001 From: Tianrui Zhao Date: Mon, 19 Jun 2023 09:38:16 +0800 -Subject: [PATCH] Add loongarch into QEMU_ARCH_VIRTIO_PCI to support qdev +Subject: [PATCH 25/28] Add loongarch into QEMU_ARCH_VIRTIO_PCI to support qdev alias Signed-off-by: Tianrui Zhao @@ -10,7 +10,7 @@ Signed-off-by: Tianrui Zhao 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c -index 01f3834db..49491d74a 100644 +index 01f3834db..ece96121d 100644 --- a/softmmu/qdev-monitor.c +++ b/softmmu/qdev-monitor.c @@ -60,7 +60,8 @@ typedef struct QDevAlias @@ -24,5 +24,5 @@ index 01f3834db..49491d74a 100644 #define QEMU_ARCH_VIRTIO_MMIO (QEMU_ARCH_M68K) -- -2.39.3 +2.43.5 diff --git a/Add-usb-storage-config-for-loongarch.patch b/Add-usb-storage-config-for-loongarch.patch index 86857da0080ba42640c324ef9de267143189f9e7..05295153a337d02bbd1f197d409854f8f7d72bd9 100644 --- a/Add-usb-storage-config-for-loongarch.patch +++ b/Add-usb-storage-config-for-loongarch.patch @@ -1,7 +1,7 @@ -From be087165d6ff6c45e768b85a23834d5e68fa0197 Mon Sep 17 00:00:00 2001 +From 1f41256389e5d8862d08b2253d752569727f1e79 Mon Sep 17 00:00:00 2001 From: Tianrui Zhao Date: Mon, 19 Jun 2023 09:34:02 +0800 -Subject: [PATCH] Add usb-storage config for loongarch +Subject: [PATCH 24/28] Add usb-storage config for loongarch Signed-off-by: Tianrui Zhao --- @@ -22,5 +22,5 @@ index 696ee9b72..15fc2d00f 100644 CONFIG_TPM_TIS=y CONFIG_PLATFORM_BUS=y -- -2.39.3 +2.43.5 diff --git a/Fix-LoongArch-KVM-header-macros.patch b/Fix-LoongArch-KVM-header-macros.patch index a6c82333ad4479605da8f266dff3b77427eef116..57ea9d8ad249c803a1183250aefd711f23b392c6 100644 --- a/Fix-LoongArch-KVM-header-macros.patch +++ b/Fix-LoongArch-KVM-header-macros.patch @@ -1,7 +1,7 @@ -From 6291b67e4a12d65595de2884e5939a19a3c7b052 Mon Sep 17 00:00:00 2001 +From d090e30797ef1acc5f0f5488a60040606f60ff44 Mon Sep 17 00:00:00 2001 From: Tianrui Zhao Date: Tue, 20 Jun 2023 16:34:43 +0800 -Subject: [PATCH] Fix LoongArch KVM header macros +Subject: [PATCH 27/28] Fix LoongArch KVM header macros Signed-off-by: Tianrui Zhao --- @@ -9,10 +9,10 @@ Signed-off-by: Tianrui Zhao 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h -index 1e6aed0fb..f99455294 100644 +index f5589b068..0e50d3749 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h -@@ -2057,10 +2057,10 @@ struct kvm_loongarch_vcpu_state { +@@ -2126,10 +2126,10 @@ struct kvm_loongarch_vcpu_state { __u64 core_ext_ioisr[4]; }; @@ -28,5 +28,5 @@ index 1e6aed0fb..f99455294 100644 #define KVM_LARCH_SET_VCPU_STATE _IOW(KVMIO, 0xc1, struct kvm_loongarch_vcpu_state) #define KVM_LARCH_GET_CPUCFG _IOR(KVMIO, 0xc2, struct kvm_cpucfg) -- -2.39.3 +2.43.5 diff --git a/Fix-host-architecture-macro-of-LoongArch-to-HOST_LOO.patch b/Fix-host-architecture-macro-of-LoongArch-to-HOST_LOO.patch index ea7daee349a79c527e777db4d484cd7ebc9e311d..9d6896c7f9504e0d9b1ae8b85368ae62009274d0 100644 --- a/Fix-host-architecture-macro-of-LoongArch-to-HOST_LOO.patch +++ b/Fix-host-architecture-macro-of-LoongArch-to-HOST_LOO.patch @@ -1,7 +1,8 @@ -From 442aa58bc9508065c85a3d2b9790943559c2c812 Mon Sep 17 00:00:00 2001 +From ff15ca716d827e6364e51f1ee9d7bc6440d55c20 Mon Sep 17 00:00:00 2001 From: Tianrui Zhao Date: Mon, 19 Jun 2023 16:38:29 +0800 -Subject: [PATCH] Fix host architecture macro of LoongArch to HOST_LOONGARCH64 +Subject: [PATCH 26/28] Fix host architecture macro of LoongArch to + HOST_LOONGARCH64 Signed-off-by: Tianrui Zhao --- @@ -9,10 +10,10 @@ Signed-off-by: Tianrui Zhao 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c -index e7d1e9ace..fbd6f5fcc 100644 +index 48034d427..6d63f0ab0 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c -@@ -2423,7 +2423,7 @@ static int kvm_init(MachineState *ms) +@@ -2503,7 +2503,7 @@ static int kvm_init(MachineState *ms) soft_vcpus_limit = kvm_recommended_vcpus(s); hard_vcpus_limit = kvm_max_vcpus(s); @@ -22,5 +23,5 @@ index e7d1e9ace..fbd6f5fcc 100644 * On POWER, the kernel advertises a soft limit based on the * number of CPU threads on the host. We want to allow exceeding -- -2.39.3 +2.43.5 diff --git a/Fix-irq-routing-and-fpu-option-to-compat-with-kernel.patch b/Fix-irq-routing-and-fpu-option-to-compat-with-kernel.patch index 8937b8d5d83b319260a3dd66a162ee30361c9d00..09a842dac43c86903cdcbb1ceb96bd64b4d8f3a0 100644 --- a/Fix-irq-routing-and-fpu-option-to-compat-with-kernel.patch +++ b/Fix-irq-routing-and-fpu-option-to-compat-with-kernel.patch @@ -1,7 +1,7 @@ -From 889d874e72cec80244363d3c4f9594d14f05d529 Mon Sep 17 00:00:00 2001 +From d24d2e0d530e6354d4f9a4b213983779136f4ab7 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:38:26 -0400 -Subject: [PATCH 07/14] Fix irq routing and fpu option to compat with kernel +Subject: [PATCH 16/28] Fix irq routing and fpu option to compat with kernel v6.4 Fix set irq routing and enable fpu for kvm to compat @@ -27,5 +27,5 @@ index 6885ec6c9..b6711da91 100644 cpu->kvm_csr_buf = g_malloc0(CSR_BUF_SIZE + CSR_BUF_SIZE); -- -2.27.0 +2.43.5 diff --git a/Fix-smp.cores-value.patch b/Fix-smp.cores-value.patch index 26f4b7bad86b2810ad5d5b735a339846996a83cc..9517ef98fa9162771e6f9f19e860abbdbc901078 100644 --- a/Fix-smp.cores-value.patch +++ b/Fix-smp.cores-value.patch @@ -1,7 +1,7 @@ -From 509d230669e65fd45bd3a58f3167e4a12a74877e Mon Sep 17 00:00:00 2001 +From 902dc77676bc6ada74ddbdb57d00821435550bdb Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:55:12 -0400 -Subject: [PATCH 12/14] Fix smp.cores value +Subject: [PATCH 21/28] Fix smp.cores value The smp.cores should use the default value passed from qemu start command, and the argument is cores_per_socket. @@ -31,5 +31,5 @@ index b1501e0ea..8fc79546d 100644 return; } -- -2.27.0 +2.43.5 diff --git a/Fixed-the-issue-where-qemu-specifies-the-boot-order.patch b/Fixed-the-issue-where-qemu-specifies-the-boot-order.patch index 781123afcd9e9e21517f23a402c38798c9ddcea3..b86a98133830e68a54eeb3a0ded6483927c59b1f 100644 --- a/Fixed-the-issue-where-qemu-specifies-the-boot-order.patch +++ b/Fixed-the-issue-where-qemu-specifies-the-boot-order.patch @@ -1,7 +1,7 @@ -From 4e2e6a0576cdf365bf7df1693e7d6debd0179de5 Mon Sep 17 00:00:00 2001 +From d280c3a4a6ea0b3b9bf03bd4d4bd36b7e763287e Mon Sep 17 00:00:00 2001 From: lixianglai Date: Wed, 23 Aug 2023 07:10:25 -0400 -Subject: [PATCH] Fixed the issue where qemu specifies the boot order +Subject: [PATCH 28/28] Fixed the issue where qemu specifies the boot order Fixed the issue that the device path of bootorder in the generated fw_cfg was abnormal because the @@ -136,5 +136,5 @@ index 63a070296..05edee603 100644 } LS7APCIEHost; -- -2.27.0 +2.43.5 diff --git a/Modify-smbios-option-lack-and-Modify-the-maximum-num.patch b/Modify-smbios-option-lack-and-Modify-the-maximum-num.patch index 959dd7edc09375f9c335b2c73c9cd28d7bf9c84e..10eb346c3ad1ba8ddcee365d2090a0ba1578f1c9 100644 --- a/Modify-smbios-option-lack-and-Modify-the-maximum-num.patch +++ b/Modify-smbios-option-lack-and-Modify-the-maximum-num.patch @@ -1,7 +1,7 @@ -From 5fb830ad315907fca8a30551c1160632001fc6fb Mon Sep 17 00:00:00 2001 +From 3839b5ecff1bb68ed03e0cb901acfd331668d4fd Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 05:48:46 -0400 -Subject: [PATCH 01/14] Modify smbios option lack and Modify the maximum number +Subject: [PATCH 10/28] Modify smbios option lack and Modify the maximum number of CPUs supported by the virtual machine. Add smbios option support for loongarch. @@ -14,10 +14,10 @@ Signed-off-by: lixianglai 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c -index 8f2a53438..e7d1e9ace 100644 +index 3b7bc3982..48034d427 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c -@@ -2423,7 +2423,7 @@ static int kvm_init(MachineState *ms) +@@ -2503,7 +2503,7 @@ static int kvm_init(MachineState *ms) soft_vcpus_limit = kvm_recommended_vcpus(s); hard_vcpus_limit = kvm_max_vcpus(s); @@ -27,7 +27,7 @@ index 8f2a53438..e7d1e9ace 100644 * On POWER, the kernel advertises a soft limit based on the * number of CPU threads on the host. We want to allow exceeding diff --git a/qemu-options.hx b/qemu-options.hx -index 4b7798088..8997969d5 100644 +index 981248e28..1b3f2df49 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2480,7 +2480,7 @@ DEF("smbios", HAS_ARG, QEMU_OPTION_smbios, @@ -40,5 +40,5 @@ index 4b7798088..8997969d5 100644 ``-smbios file=binary`` Load SMBIOS entry from binary file. -- -2.27.0 +2.43.5 diff --git a/Modify-the-ioctl-command-of-kvm.patch b/Modify-the-ioctl-command-of-kvm.patch index 9927a6306619d3aa46d21eaa978c9b43e6e441c8..6b41fb1c89dcc2d8dc65fea11e6fd3eea1fcb013 100644 --- a/Modify-the-ioctl-command-of-kvm.patch +++ b/Modify-the-ioctl-command-of-kvm.patch @@ -1,7 +1,7 @@ -From 01a90be04dd6dd7edb3f49feca1ff1500ccb551b Mon Sep 17 00:00:00 2001 +From c593589f83c7655dcd8b9c144bf6061933d4ed40 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 08:44:26 -0400 -Subject: [PATCH 14/14] Modify the ioctl command of kvm. +Subject: [PATCH 23/28] Modify the ioctl command of kvm. Signed-off-by: lixianglai --- @@ -9,10 +9,10 @@ Signed-off-by: lixianglai 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h -index f99455294..1e6aed0fb 100644 +index 0e50d3749..f5589b068 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h -@@ -2057,10 +2057,10 @@ struct kvm_loongarch_vcpu_state { +@@ -2126,10 +2126,10 @@ struct kvm_loongarch_vcpu_state { __u64 core_ext_ioisr[4]; }; @@ -28,5 +28,5 @@ index f99455294..1e6aed0fb 100644 #define KVM_LARCH_SET_VCPU_STATE _IOW(KVMIO, 0xc1, struct kvm_loongarch_vcpu_state) #define KVM_LARCH_GET_CPUCFG _IOR(KVMIO, 0xc2, struct kvm_cpucfg) -- -2.27.0 +2.43.5 diff --git a/Support-TPM.patch b/Support-TPM.patch index 6601bce96e9d6fceb0bf324d8611bad5aadc1825..8bfa5304ed8003784a95626aefcdde9c9555e82f 100644 --- a/Support-TPM.patch +++ b/Support-TPM.patch @@ -1,7 +1,7 @@ -From e7b5a4aea5499e793ef769d1c39161ab33870bb2 Mon Sep 17 00:00:00 2001 +From 8eea4ea57942c83f0e1d9d4073004409505fda59 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:16:34 -0400 -Subject: [PATCH 04/14] Support TPM. +Subject: [PATCH 13/28] Support TPM. Signed-off-by: lixianglai --- @@ -514,5 +514,5 @@ index 000000000..340c382cd + hwaddr bus_size, int irq_start); +#endif -- -2.27.0 +2.43.5 diff --git a/Support-vfio-config.patch b/Support-vfio-config.patch index 6ae48b9e6f294de12b92be1c7df4ad7491c45a7b..01b2bb6b27835903a107675f9053112f17cc0cf5 100644 --- a/Support-vfio-config.patch +++ b/Support-vfio-config.patch @@ -1,7 +1,7 @@ -From 16268ffb6e5abbb5369a6a6bda9c60cd5fff22c9 Mon Sep 17 00:00:00 2001 +From e2e67dd2c2b0c3ff2737cd477bfc79cac64d4053 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:41:14 -0400 -Subject: [PATCH 08/14] Support vfio config +Subject: [PATCH 17/28] Support vfio config Signed-off-by: lixianglai --- @@ -43,5 +43,5 @@ index e7b5bdc8e..696ee9b72 100644 +CONFIG_VFIO_AMD_XGBE=y + -- -2.27.0 +2.43.5 diff --git a/address-space-code-cleanup-on-7A-virt-machine.patch b/address-space-code-cleanup-on-7A-virt-machine.patch index 1e64b4c5c64f52aa35ef8c94672f8055f4ac614e..61c4d7882e4b81657b03c47a0d4a6fd855421748 100644 --- a/address-space-code-cleanup-on-7A-virt-machine.patch +++ b/address-space-code-cleanup-on-7A-virt-machine.patch @@ -1,7 +1,7 @@ -From fe4009a9b0ddc2058793d3dc782778c95164ef39 Mon Sep 17 00:00:00 2001 +From 731b161d2cfddb67e4088282a33acaf90c2bd928 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:33:26 -0400 -Subject: [PATCH 06/14] address space code cleanup on 7A virt-machine. +Subject: [PATCH 15/28] address space code cleanup on 7A virt-machine. Signed-off-by: lixianglai --- @@ -272,5 +272,5 @@ index fc78083be..63a070296 100644 /* LS7A registers */ MemoryRegion iomem; -- -2.27.0 +2.43.5 diff --git a/code-cleanup-for-loongarch-kvm.patch b/code-cleanup-for-loongarch-kvm.patch index a4bbf4bfcbe820eb16c9a58cf024abd7da16992b..e94f6de3443f3019750b528f12b2eb02ff16be2b 100644 --- a/code-cleanup-for-loongarch-kvm.patch +++ b/code-cleanup-for-loongarch-kvm.patch @@ -1,7 +1,7 @@ -From 1ab7b25cd4b5d827e8b04c981293b135059681ad Mon Sep 17 00:00:00 2001 +From 4bf40ba9ed6f98e7082623927d1c0c9ec6090f12 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:04:10 -0400 -Subject: [PATCH 03/14] code cleanup for loongarch kvm. +Subject: [PATCH 12/28] code cleanup for loongarch kvm. Signed-off-by: lixianglai --- @@ -30,5 +30,5 @@ index a24375ee5..799af7594 100644 * Register set = 2: KVM specific registers (see definitions below). * -- -2.27.0 +2.43.5 diff --git a/fix-smbios-type4-info-for-numa-support.patch b/fix-smbios-type4-info-for-numa-support.patch index 948aab789f2967cd5d15ced74b604804bcc70053..3e5f0fb7b9cb241b0d08bef048df7202d0a0c101 100644 --- a/fix-smbios-type4-info-for-numa-support.patch +++ b/fix-smbios-type4-info-for-numa-support.patch @@ -1,7 +1,7 @@ -From d68ddb24ed08459b9641615e00cec50e6d025a5e Mon Sep 17 00:00:00 2001 +From 1565426c6bc04bffe941ad6d7ce819278da323e8 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:53:36 -0400 -Subject: [PATCH 11/14] fix smbios type4 info for numa support. +Subject: [PATCH 20/28] fix smbios type4 info for numa support. Signed-off-by: lixianglai --- @@ -40,5 +40,5 @@ index 5e271f339..b1501e0ea 100644 } -- -2.27.0 +2.43.5 diff --git a/fixup-can-t-find-cpu-type.patch b/fixup-can-t-find-cpu-type.patch index b9dbf89716c2f1827dc95e2632e0b160aab32302..3ffeaf4c7517721cc6816495d0d77d7dea8d069b 100644 --- a/fixup-can-t-find-cpu-type.patch +++ b/fixup-can-t-find-cpu-type.patch @@ -1,7 +1,7 @@ -From e2d6998cad687af9d0efcc54139b28b0ff990b57 Mon Sep 17 00:00:00 2001 +From a08da06ba1ca817465e894737dced362babc9f18 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:51:55 -0400 -Subject: [PATCH 10/14] fixup can't find cpu type. +Subject: [PATCH 19/28] fixup can't find cpu type. Signed-off-by: lixianglai --- @@ -30,5 +30,5 @@ index f83bd3750..5e271f339 100644 while (*buf_p != ':') { buf_p++; -- -2.27.0 +2.43.5 diff --git a/kvm-csr-save-and-restore-optimization.patch b/kvm-csr-save-and-restore-optimization.patch index 8a609980a78df48b9fb94b19242d06ab04b587cc..a5c3954fca1b90644afd79d1fa433de30d915588 100644 --- a/kvm-csr-save-and-restore-optimization.patch +++ b/kvm-csr-save-and-restore-optimization.patch @@ -1,7 +1,7 @@ -From d28802932e2379a474e86010581390dbacfab8f2 Mon Sep 17 00:00:00 2001 +From 2b5b79cc839c3b471724c263a1a5e35bf69c1bc9 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:25:52 -0400 -Subject: [PATCH 05/14] kvm csr save and restore optimization. +Subject: [PATCH 14/28] kvm csr save and restore optimization. Signed-off-by: lixianglai --- @@ -595,5 +595,5 @@ index b5c655812..6885ec6c9 100644 } -- -2.27.0 +2.43.5 diff --git a/kvm-hw-char-virtio-serial-bus-Protect-from-DMA-re-entran.patch b/kvm-hw-char-virtio-serial-bus-Protect-from-DMA-re-entran.patch new file mode 100644 index 0000000000000000000000000000000000000000..d684d63b99d0b3d63e7ed7e91235829d60ef2f67 --- /dev/null +++ b/kvm-hw-char-virtio-serial-bus-Protect-from-DMA-re-entran.patch @@ -0,0 +1,61 @@ +From f4623ea611a74c684b0097b98a803cbe7ffb0825 Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Thu, 18 Jul 2024 09:26:55 -0400 +Subject: [PATCH 5/6] hw/char/virtio-serial-bus: Protect from DMA re-entrancy + bugs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability +RH-Jira: RHEL-32276 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Commit: [5/6] fc8a445ebf6e763cd1482cd1f7ee23e5b5bbb388 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2) + +JIRA: https://issues.redhat.com/browse/RHEL-32276 +CVE: CVE-2024-3446 +Upstream: Merged + +commit b4295bff25f7b50de1d9cc94a9c6effd40056bca +Author: Philippe Mathieu-Daudé +Date: Thu Apr 4 20:56:35 2024 +0200 + + hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs + + Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() + so the bus and device use the same guard. Otherwise the + DMA-reentrancy protection can be bypassed. + + Fixes: CVE-2024-3446 + Cc: qemu-stable@nongnu.org + Suggested-by: Alexander Bulekov + Reviewed-by: Gerd Hoffmann + Acked-by: Michael S. Tsirkin + Signed-off-by: Philippe Mathieu-Daudé + Reviewed-by: Michael S. Tsirkin + Message-Id: <20240409105537.18308-4-philmd@linaro.org> + +Signed-off-by: Jon Maloy +--- + hw/char/virtio-serial-bus.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c +index f18124b155..791b7ac59e 100644 +--- a/hw/char/virtio-serial-bus.c ++++ b/hw/char/virtio-serial-bus.c +@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) + return; + } + +- port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port, +- &dev->mem_reentrancy_guard); ++ port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port); + port->elem = NULL; + } + +-- +2.39.3 + diff --git a/kvm-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch b/kvm-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch new file mode 100644 index 0000000000000000000000000000000000000000..840213030aaf5b27a487da3db2e88e807c1ab9e1 --- /dev/null +++ b/kvm-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch @@ -0,0 +1,160 @@ +From d37035373a266644b241aab1f041ab09c9185540 Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Thu, 18 Jul 2024 09:29:54 -0400 +Subject: [PATCH 4/6] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability +RH-Jira: RHEL-32276 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Commit: [4/6] e3cd21742228528a1a74ea62d55b5941d3efb261 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2) + +JIRA: https://issues.redhat.com/browse/RHEL-32276 +CVE: CVE-2024-3446 +Upstream: Merged + +commit ba28e0ff4d95b56dc334aac2730ab3651ffc3132 +Author: Philippe Mathieu-Daudé +Date: Thu Apr 4 20:56:27 2024 +0200 + + hw/display/virtio-gpu: Protect from DMA re-entrancy bugs + + Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() + so the bus and device use the same guard. Otherwise the + DMA-reentrancy protection can be bypassed: + + $ cat << EOF | qemu-system-i386 -display none -nodefaults \ + -machine q35,accel=qtest \ + -m 512M \ + -device virtio-gpu \ + -qtest stdio + outl 0xcf8 0x80000820 + outl 0xcfc 0xe0004000 + outl 0xcf8 0x80000804 + outw 0xcfc 0x06 + write 0xe0004030 0x4 0x024000e0 + write 0xe0004028 0x1 0xff + write 0xe0004020 0x4 0x00009300 + write 0xe000401c 0x1 0x01 + write 0x101 0x1 0x04 + write 0x103 0x1 0x1c + write 0x9301c8 0x1 0x18 + write 0x105 0x1 0x1c + write 0x107 0x1 0x1c + write 0x109 0x1 0x1c + write 0x10b 0x1 0x00 + write 0x10d 0x1 0x00 + write 0x10f 0x1 0x00 + write 0x111 0x1 0x00 + write 0x113 0x1 0x00 + write 0x115 0x1 0x00 + write 0x117 0x1 0x00 + write 0x119 0x1 0x00 + write 0x11b 0x1 0x00 + write 0x11d 0x1 0x00 + write 0x11f 0x1 0x00 + write 0x121 0x1 0x00 + write 0x123 0x1 0x00 + write 0x125 0x1 0x00 + write 0x127 0x1 0x00 + write 0x129 0x1 0x00 + write 0x12b 0x1 0x00 + write 0x12d 0x1 0x00 + write 0x12f 0x1 0x00 + write 0x131 0x1 0x00 + write 0x133 0x1 0x00 + write 0x135 0x1 0x00 + write 0x137 0x1 0x00 + write 0x139 0x1 0x00 + write 0xe0007003 0x1 0x00 + EOF + ... + ================================================================= + ==276099==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000011178 + at pc 0x562cc3b736c7 bp 0x7ffed49dee60 sp 0x7ffed49dee58 + READ of size 8 at 0x60d000011178 thread T0 + #0 0x562cc3b736c6 in virtio_gpu_ctrl_response hw/display/virtio-gpu.c:180:42 + #1 0x562cc3b7c40b in virtio_gpu_ctrl_response_nodata hw/display/virtio-gpu.c:192:5 + #2 0x562cc3b7c40b in virtio_gpu_simple_process_cmd hw/display/virtio-gpu.c:1015:13 + #3 0x562cc3b82873 in virtio_gpu_process_cmdq hw/display/virtio-gpu.c:1050:9 + #4 0x562cc4a85514 in aio_bh_call util/async.c:169:5 + #5 0x562cc4a85c52 in aio_bh_poll util/async.c:216:13 + #6 0x562cc4a1a79b in aio_dispatch util/aio-posix.c:423:5 + #7 0x562cc4a8a2da in aio_ctx_dispatch util/async.c:358:5 + #8 0x7f36840547a8 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x547a8) + #9 0x562cc4a8b753 in glib_pollfds_poll util/main-loop.c:290:9 + #10 0x562cc4a8b753 in os_host_main_loop_wait util/main-loop.c:313:5 + #11 0x562cc4a8b753 in main_loop_wait util/main-loop.c:592:11 + #12 0x562cc3938186 in qemu_main_loop system/runstate.c:782:9 + #13 0x562cc43b7af5 in qemu_default_main system/main.c:37:14 + #14 0x7f3683a6c189 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 + #15 0x7f3683a6c244 in __libc_start_main csu/../csu/libc-start.c:381:3 + #16 0x562cc2a58ac0 in _start (qemu-system-i386+0x231bac0) + + 0x60d000011178 is located 56 bytes inside of 136-byte region [0x60d000011140,0x60d0000111c8) + freed by thread T0 here: + #0 0x562cc2adb662 in __interceptor_free (qemu-system-i386+0x239e662) + #1 0x562cc3b86b21 in virtio_gpu_reset hw/display/virtio-gpu.c:1524:9 + #2 0x562cc416e20e in virtio_reset hw/virtio/virtio.c:2145:9 + #3 0x562cc37c5644 in virtio_pci_reset hw/virtio/virtio-pci.c:2249:5 + #4 0x562cc4233758 in memory_region_write_accessor system/memory.c:497:5 + #5 0x562cc4232eea in access_with_adjusted_size system/memory.c:573:18 + + previously allocated by thread T0 here: + #0 0x562cc2adb90e in malloc (qemu-system-i386+0x239e90e) + #1 0x7f368405a678 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5a678) + #2 0x562cc4163ffc in virtqueue_split_pop hw/virtio/virtio.c:1612:12 + #3 0x562cc4163ffc in virtqueue_pop hw/virtio/virtio.c:1783:16 + #4 0x562cc3b91a95 in virtio_gpu_handle_ctrl hw/display/virtio-gpu.c:1112:15 + #5 0x562cc4a85514 in aio_bh_call util/async.c:169:5 + #6 0x562cc4a85c52 in aio_bh_poll util/async.c:216:13 + #7 0x562cc4a1a79b in aio_dispatch util/aio-posix.c:423:5 + + SUMMARY: AddressSanitizer: heap-use-after-free hw/display/virtio-gpu.c:180:42 in virtio_gpu_ctrl_response + + With this change, the same reproducer triggers: + + qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: virtio-pci-common-virtio-gpu at addr: 0x6 + + Fixes: CVE-2024-3446 + Cc: qemu-stable@nongnu.org + Reported-by: Alexander Bulekov + Reported-by: Yongkang Jia + Reported-by: Xiao Lei + Reported-by: Yiming Tao + Buglink: https://bugs.launchpad.net/qemu/+bug/1888606 + Reviewed-by: Gerd Hoffmann + Acked-by: Michael S. Tsirkin + Signed-off-by: Philippe Mathieu-Daudé + Reviewed-by: Michael S. Tsirkin + Message-Id: <20240409105537.18308-3-philmd@linaro.org> + +Signed-off-by: Jon Maloy +--- + hw/display/virtio-gpu.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index c28ce1ea72..64fdc18478 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -1334,10 +1334,8 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) + + g->ctrl_vq = virtio_get_queue(vdev, 0); + g->cursor_vq = virtio_get_queue(vdev, 1); +- g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, +- &qdev->mem_reentrancy_guard); +- g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, +- &qdev->mem_reentrancy_guard); ++ g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g); ++ g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g); + g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); + qemu_cond_init(&g->reset_cond); + QTAILQ_INIT(&g->reslist); +-- +2.39.3 + diff --git a/kvm-hw-virtio-Introduce-virtio_bh_new_guarded-helper.patch b/kvm-hw-virtio-Introduce-virtio_bh_new_guarded-helper.patch new file mode 100644 index 0000000000000000000000000000000000000000..cdb03e2aac18f9ec244e01a556db62f7fee616bf --- /dev/null +++ b/kvm-hw-virtio-Introduce-virtio_bh_new_guarded-helper.patch @@ -0,0 +1,86 @@ +From 1b62d61c495bf4cd3a819ab8d1ef024d153e0ece Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Thu, 18 Jul 2024 09:40:29 -0400 +Subject: [PATCH 3/6] hw/virtio: Introduce virtio_bh_new_guarded() helper +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability +RH-Jira: RHEL-32276 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Commit: [3/6] 1cbde7ddb8393b72e2e8d457b5e2d739116567a9 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2) + +JIRA: https://issues.redhat.com/browse/RHEL-32276 +CVE: CVE-2024-3446 +Upstream: Merged + +commit ec0504b989ca61e03636384d3602b7bf07ffe4da +Author: Philippe Mathieu-Daudé +Date: Thu Apr 4 20:56:11 2024 +0200 + + hw/virtio: Introduce virtio_bh_new_guarded() helper + + Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded() + but using the transport memory guard, instead of the device one + (there can only be one virtio device per virtio bus). + + Inspired-by: Gerd Hoffmann + Reviewed-by: Gerd Hoffmann + Acked-by: Michael S. Tsirkin + Signed-off-by: Philippe Mathieu-Daudé + Reviewed-by: Michael S. Tsirkin + Message-Id: <20240409105537.18308-2-philmd@linaro.org> + +Signed-off-by: Jon Maloy +--- + hw/virtio/virtio.c | 10 ++++++++++ + include/hw/virtio/virtio.h | 7 +++++++ + 2 files changed, 17 insertions(+) + +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c +index ea7c079fb0..5ae9c44841 100644 +--- a/hw/virtio/virtio.c ++++ b/hw/virtio/virtio.c +@@ -3874,3 +3874,13 @@ static void virtio_register_types(void) + } + + type_init(virtio_register_types) ++ ++QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev, ++ QEMUBHFunc *cb, void *opaque, ++ const char *name) ++{ ++ DeviceState *transport = qdev_get_parent_bus(dev)->parent; ++ ++ return qemu_bh_new_full(cb, opaque, name, ++ &transport->mem_reentrancy_guard); ++} +diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h +index 8bab9cfb75..731c631a81 100644 +--- a/include/hw/virtio/virtio.h ++++ b/include/hw/virtio/virtio.h +@@ -22,6 +22,7 @@ + #include "standard-headers/linux/virtio_config.h" + #include "standard-headers/linux/virtio_ring.h" + #include "qom/object.h" ++#include "block/aio.h" + + /* A guest should never accept this. It implies negotiation is broken. */ + #define VIRTIO_F_BAD_FEATURE 30 +@@ -397,4 +398,10 @@ static inline bool virtio_device_disabled(VirtIODevice *vdev) + bool virtio_legacy_allowed(VirtIODevice *vdev); + bool virtio_legacy_check_disabled(VirtIODevice *vdev); + ++QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev, ++ QEMUBHFunc *cb, void *opaque, ++ const char *name); ++#define virtio_bh_new_guarded(dev, cb, opaque) \ ++ virtio_bh_new_guarded_full((dev), (cb), (opaque), (stringify(cb))) ++ + #endif +-- +2.39.3 + diff --git a/kvm-hw-virtio-virtio-crypto-Protect-from-DMA-re-entrancy.patch b/kvm-hw-virtio-virtio-crypto-Protect-from-DMA-re-entrancy.patch new file mode 100644 index 0000000000000000000000000000000000000000..9126ae8683ebc2ab1bd9cb388fa5457d1894a016 --- /dev/null +++ b/kvm-hw-virtio-virtio-crypto-Protect-from-DMA-re-entrancy.patch @@ -0,0 +1,62 @@ +From 2ecbd673a0e2191821ce88128587f709936ad765 Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Thu, 18 Jul 2024 09:21:27 -0400 +Subject: [PATCH 6/6] hw/virtio/virtio-crypto: Protect from DMA re-entrancy + bugs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability +RH-Jira: RHEL-32276 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Commit: [6/6] 975ac4640fd8e7cbf3820757787ee7b1270173be (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2) + +JIRA: https://issues.redhat.com/browse/RHEL-32276 +CVE: CVE-2024-3446 +Upstream: Merged + +commit f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc +Author: Philippe Mathieu-Daudé +Date: Thu Apr 4 20:56:41 2024 +0200 + + hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs + + Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() + so the bus and device use the same guard. Otherwise the + DMA-reentrancy protection can be bypassed. + + Fixes: CVE-2024-3446 + Cc: qemu-stable@nongnu.org + Suggested-by: Alexander Bulekov + Reviewed-by: Gerd Hoffmann + Acked-by: Michael S. Tsirkin + Signed-off-by: Philippe Mathieu-Daudé + Reviewed-by: Michael S. Tsirkin + Message-Id: <20240409105537.18308-5-philmd@linaro.org> + +Signed-off-by: Jon Maloy +--- + hw/virtio/virtio-crypto.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index 1be7bb543c..1741d4aba1 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -817,8 +817,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) + vcrypto->vqs[i].dataq = + virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); + vcrypto->vqs[i].dataq_bh = +- qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i], +- &dev->mem_reentrancy_guard); ++ virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh, ++ &vcrypto->vqs[i]); + vcrypto->vqs[i].vcrypto = vcrypto; + } + +-- +2.39.3 + diff --git a/kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch b/kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch new file mode 100644 index 0000000000000000000000000000000000000000..c39d85ecdbc5d1e5ffab5cf00988ff2bc9c2a99d --- /dev/null +++ b/kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch @@ -0,0 +1,187 @@ +From adfddc25c82576458442f61efb913e44d83bcbd0 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Tue, 6 Aug 2024 13:53:00 -0500 +Subject: [PATCH 2/5] nbd/server: CVE-2024-7409: Cap default max-connections to + 100 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eric Blake +RH-MergeRequest: 388: nbd/server: fix CVE-2024-7409 (qemu crash on nbd-server-stop) [rhel-8.10.z] +RH-Jira: RHEL-52611 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Richard W.M. Jones +RH-Commit: [2/4] 1f5d88d5644c46cbb957778254a993930b9d86dc (ebblake/qemu-kvm) + +Allowing an unlimited number of clients to any web service is a recipe +for a rudimentary denial of service attack: the client merely needs to +open lots of sockets without closing them, until qemu no longer has +any more fds available to allocate. + +For qemu-nbd, we default to allowing only 1 connection unless more are +explicitly asked for (-e or --shared); this was historically picked as +a nice default (without an explicit -t, a non-persistent qemu-nbd goes +away after a client disconnects, without needing any additional +follow-up commands), and we are not going to change that interface now +(besides, someday we want to point people towards qemu-storage-daemon +instead of qemu-nbd). + +But for qemu proper, and the newer qemu-storage-daemon, the QMP +nbd-server-start command has historically had a default of unlimited +number of connections, in part because unlike qemu-nbd it is +inherently persistent until nbd-server-stop. Allowing multiple client +sockets is particularly useful for clients that can take advantage of +MULTI_CONN (creating parallel sockets to increase throughput), +although known clients that do so (such as libnbd's nbdcopy) typically +use only 8 or 16 connections (the benefits of scaling diminish once +more sockets are competing for kernel attention). Picking a number +large enough for typical use cases, but not unlimited, makes it +slightly harder for a malicious client to perform a denial of service +merely by opening lots of connections withot progressing through the +handshake. + +This change does not eliminate CVE-2024-7409 on its own, but reduces +the chance for fd exhaustion or unlimited memory usage as an attack +surface. On the other hand, by itself, it makes it more obvious that +with a finite limit, we have the problem of an unauthenticated client +holding 100 fds opened as a way to block out a legitimate client from +being able to connect; thus, later patches will further add timeouts +to reject clients that are not making progress. + +This is an INTENTIONAL change in behavior, and will break any client +of nbd-server-start that was not passing an explicit max-connections +parameter, yet expects more than 100 simultaneous connections. We are +not aware of any such client (as stated above, most clients aware of +MULTI_CONN get by just fine on 8 or 16 connections, and probably cope +with later connections failing by relying on the earlier connections; +libvirt has not yet been passing max-connections, but generally +creates NBD servers with the intent for a single client for the sake +of live storage migration; meanwhile, the KubeSAN project anticipates +a large cluster sharing multiple clients [up to 8 per node, and up to +100 nodes in a cluster], but it currently uses qemu-nbd with an +explicit --shared=0 rather than qemu-storage-daemon with +nbd-server-start). + +We considered using a deprecation period (declare that omitting +max-parameters is deprecated, and make it mandatory in 3 releases - +then we don't need to pick an arbitrary default); that has zero risk +of breaking any apps that accidentally depended on more than 100 +connections, and where such breakage might not be noticed under unit +testing but only under the larger loads of production usage. But it +does not close the denial-of-service hole until far into the future, +and requires all apps to change to add the parameter even if 100 was +good enough. It also has a drawback that any app (like libvirt) that +is accidentally relying on an unlimited default should seriously +consider their own CVE now, at which point they are going to change to +pass explicit max-connections sooner than waiting for 3 qemu releases. +Finally, if our changed default breaks an app, that app can always +pass in an explicit max-parameters with a larger value. + +It is also intentional that the HMP interface to nbd-server-start is +not changed to expose max-connections (any client needing to fine-tune +things should be using QMP). + +Suggested-by: Daniel P. Berrangé +Signed-off-by: Eric Blake +Message-ID: <20240807174943.771624-12-eblake@redhat.com> +Reviewed-by: Daniel P. Berrangé +[ericb: Expand commit message to summarize Dan's argument for why we +break corner-case back-compat behavior without a deprecation period] +Signed-off-by: Eric Blake + +(cherry picked from commit c8a76dbd90c2f48df89b75bef74917f90a59b623) +Conflicts: + qapi/block-export.json - context (no multi-conn, older format) +Jira: https://issues.redhat.com/browse/RHEL-52611 +Signed-off-by: Eric Blake +--- + block/monitor/block-hmp-cmds.c | 3 ++- + blockdev-nbd.c | 8 ++++++++ + include/block/nbd.h | 7 +++++++ + qapi/block-export.json | 4 ++-- + 4 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c +index 2ac4aedfff..32a666b5dc 100644 +--- a/block/monitor/block-hmp-cmds.c ++++ b/block/monitor/block-hmp-cmds.c +@@ -411,7 +411,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict) + goto exit; + } + +- nbd_server_start(addr, NULL, NULL, 0, &local_err); ++ nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS, ++ &local_err); + qapi_free_SocketAddress(addr); + if (local_err != NULL) { + goto exit; +diff --git a/blockdev-nbd.c b/blockdev-nbd.c +index b9e8dc78f3..4bd90bac16 100644 +--- a/blockdev-nbd.c ++++ b/blockdev-nbd.c +@@ -171,6 +171,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds, + + void nbd_server_start_options(NbdServerOptions *arg, Error **errp) + { ++ if (!arg->has_max_connections) { ++ arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS; ++ } ++ + nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz, + arg->max_connections, errp); + } +@@ -183,6 +187,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr, + { + SocketAddress *addr_flat = socket_address_flatten(addr); + ++ if (!has_max_connections) { ++ max_connections = NBD_DEFAULT_MAX_CONNECTIONS; ++ } ++ + nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp); + qapi_free_SocketAddress(addr_flat); + } +diff --git a/include/block/nbd.h b/include/block/nbd.h +index b71a297249..a31c34a8a6 100644 +--- a/include/block/nbd.h ++++ b/include/block/nbd.h +@@ -33,6 +33,13 @@ extern const BlockExportDriver blk_exp_nbd; + */ + #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 + ++/* ++ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at ++ * once; must be large enough to allow a MULTI_CONN-aware client like ++ * nbdcopy to create its typical number of 8-16 sockets. ++ */ ++#define NBD_DEFAULT_MAX_CONNECTIONS 100 ++ + /* Handshake phase structs - this struct is passed on the wire */ + + struct NBDOption { +diff --git a/qapi/block-export.json b/qapi/block-export.json +index c1b92ce1c1..181d7238fe 100644 +--- a/qapi/block-export.json ++++ b/qapi/block-export.json +@@ -21,7 +21,7 @@ + # recreated on the fly while the NBD server is active. + # If missing, it will default to denying access (since 4.0). + # @max-connections: The maximum number of connections to allow at the same +-# time, 0 for unlimited. (since 5.2; default: 0) ++# time, 0 for unlimited. (since 5.2; default: 100) + # + # Since: 4.2 + ## +@@ -50,7 +50,7 @@ + # recreated on the fly while the NBD server is active. + # If missing, it will default to denying access (since 4.0). + # @max-connections: The maximum number of connections to allow at the same +-# time, 0 for unlimited. (since 5.2; default: 0) ++# time, 0 for unlimited. (since 5.2; default: 100) + # + # Returns: error if the server is already running. + # +-- +2.39.3 + diff --git a/kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch b/kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch new file mode 100644 index 0000000000000000000000000000000000000000..985b0d28d3437edccad883a7ec2c6abc335b57b6 --- /dev/null +++ b/kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch @@ -0,0 +1,180 @@ +From 4ab086cdf9a5842c49f3fe59baff1747d863b97a Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Wed, 7 Aug 2024 12:23:13 -0500 +Subject: [PATCH 4/5] nbd/server: CVE-2024-7409: Close stray clients at + server-stop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eric Blake +RH-MergeRequest: 388: nbd/server: fix CVE-2024-7409 (qemu crash on nbd-server-stop) [rhel-8.10.z] +RH-Jira: RHEL-52611 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Richard W.M. Jones +RH-Commit: [4/4] 92a20764dbee3cf94181cab412d90cbf92b4a417 (ebblake/qemu-kvm) + +A malicious client can attempt to connect to an NBD server, and then +intentionally delay progress in the handshake, including if it does +not know the TLS secrets. Although the previous two patches reduce +this behavior by capping the default max-connections parameter and +killing slow clients, they did not eliminate the possibility of a +client waiting to close the socket until after the QMP nbd-server-stop +command is executed, at which point qemu would SEGV when trying to +dereference the NULL nbd_server global which is no longer present. +This amounts to a denial of service attack. Worse, if another NBD +server is started before the malicious client disconnects, I cannot +rule out additional adverse effects when the old client interferes +with the connection count of the new server (although the most likely +is a crash due to an assertion failure when checking +nbd_server->connections > 0). + +For environments without this patch, the CVE can be mitigated by +ensuring (such as via a firewall) that only trusted clients can +connect to an NBD server. Note that using frameworks like libvirt +that ensure that TLS is used and that nbd-server-stop is not executed +while any trusted clients are still connected will only help if there +is also no possibility for an untrusted client to open a connection +but then stall on the NBD handshake. + +Given the previous patches, it would be possible to guarantee that no +clients remain connected by having nbd-server-stop sleep for longer +than the default handshake deadline before finally freeing the global +nbd_server object, but that could make QMP non-responsive for a long +time. So intead, this patch fixes the problem by tracking all client +sockets opened while the server is running, and forcefully closing any +such sockets remaining without a completed handshake at the time of +nbd-server-stop, then waiting until the coroutines servicing those +sockets notice the state change. nbd-server-stop now has a second +AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the +blk_exp_close_all_type() that disconnects all clients that completed +handshakes), but forced socket shutdown is enough to progress the +coroutines and quickly tear down all clients before the server is +freed, thus finally fixing the CVE. + +This patch relies heavily on the fact that nbd/server.c guarantees +that it only calls nbd_blockdev_client_closed() from the main loop +(see the assertion in nbd_client_put() and the hoops used in +nbd_client_put_nonzero() to achieve that); if we did not have that +guarantee, we would also need a mutex protecting our accesses of the +list of connections to survive re-entrancy from independent iothreads. + +Although I did not actually try to test old builds, it looks like this +problem has existed since at least commit 862172f45c (v2.12.0, 2017) - +even back when that patch started using a QIONetListener to handle +listening on multiple sockets, nbd_server_free() was already unaware +that the nbd_blockdev_client_closed callback can be reached later by a +client thread that has not completed handshakes (and therefore the +client's socket never got added to the list closed in +nbd_export_close_all), despite that patch intentionally tearing down +the QIONetListener to prevent new clients. + +Reported-by: Alexander Ivanov +Fixes: CVE-2024-7409 +CC: qemu-stable@nongnu.org +Signed-off-by: Eric Blake +Message-ID: <20240807174943.771624-14-eblake@redhat.com> +Reviewed-by: Daniel P. Berrangé + +(cherry picked from commit 3e7ef738c8462c45043a1d39f702a0990406a3b3) +Conflicts: + - blockdev-nbd.c: + - qemu_in_main_thread() not backported, but only used in assertions so + safe to drop + - AIO_WAIT_WHILE_UNLOCKED() not backported, use AIO_WAIT_WHILE() like + blk_exp_close_all_type() +Jira: https://issues.redhat.com/browse/RHEL-52611 +Signed-off-by: Eric Blake +--- + blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++- + 1 file changed, 34 insertions(+), 1 deletion(-) + +diff --git a/blockdev-nbd.c b/blockdev-nbd.c +index 4bd90bac16..87839c180b 100644 +--- a/blockdev-nbd.c ++++ b/blockdev-nbd.c +@@ -21,12 +21,18 @@ + #include "io/channel-socket.h" + #include "io/net-listener.h" + ++typedef struct NBDConn { ++ QIOChannelSocket *cioc; ++ QLIST_ENTRY(NBDConn) next; ++} NBDConn; ++ + typedef struct NBDServerData { + QIONetListener *listener; + QCryptoTLSCreds *tlscreds; + char *tlsauthz; + uint32_t max_connections; + uint32_t connections; ++ QLIST_HEAD(, NBDConn) conns; + } NBDServerData; + + static NBDServerData *nbd_server; +@@ -46,6 +52,14 @@ bool nbd_server_is_running(void) + + static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) + { ++ NBDConn *conn = nbd_client_owner(client); ++ ++ assert(nbd_server); ++ ++ object_unref(OBJECT(conn->cioc)); ++ QLIST_REMOVE(conn, next); ++ g_free(conn); ++ + nbd_client_put(client); + assert(nbd_server->connections > 0); + nbd_server->connections--; +@@ -55,14 +69,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) + static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, + gpointer opaque) + { ++ NBDConn *conn = g_new0(NBDConn, 1); ++ ++ assert(nbd_server); + nbd_server->connections++; ++ object_ref(OBJECT(cioc)); ++ conn->cioc = cioc; ++ QLIST_INSERT_HEAD(&nbd_server->conns, conn, next); + nbd_update_server_watch(nbd_server); + + qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); + /* TODO - expose handshake timeout as QMP option */ + nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, + nbd_server->tlscreds, nbd_server->tlsauthz, +- nbd_blockdev_client_closed, NULL); ++ nbd_blockdev_client_closed, conn); + } + + static void nbd_update_server_watch(NBDServerData *s) +@@ -76,12 +96,25 @@ static void nbd_update_server_watch(NBDServerData *s) + + static void nbd_server_free(NBDServerData *server) + { ++ NBDConn *conn, *tmp; ++ + if (!server) { + return; + } + ++ /* ++ * Forcefully close the listener socket, and any clients that have ++ * not yet disconnected on their own. ++ */ + qio_net_listener_disconnect(server->listener); + object_unref(OBJECT(server->listener)); ++ QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { ++ qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, ++ NULL); ++ } ++ ++ AIO_WAIT_WHILE(NULL, server->connections > 0); ++ + if (server->tlscreds) { + object_unref(OBJECT(server->tlscreds)); + } +-- +2.39.3 + diff --git a/kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch b/kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch new file mode 100644 index 0000000000000000000000000000000000000000..fffca1c6133fb6ed46d5521a495a88b292408799 --- /dev/null +++ b/kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch @@ -0,0 +1,135 @@ +From faac5261d5a9af155950c4e7779c5a4721562824 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Thu, 8 Aug 2024 16:05:08 -0500 +Subject: [PATCH 3/5] nbd/server: CVE-2024-7409: Drop non-negotiating clients +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eric Blake +RH-MergeRequest: 388: nbd/server: fix CVE-2024-7409 (qemu crash on nbd-server-stop) [rhel-8.10.z] +RH-Jira: RHEL-52611 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Richard W.M. Jones +RH-Commit: [3/4] 8c39829f8efbded9af018a4b915af266a55a793a (ebblake/qemu-kvm) + +A client that opens a socket but does not negotiate is merely hogging +qemu's resources (an open fd and a small amount of memory); and a +malicious client that can access the port where NBD is listening can +attempt a denial of service attack by intentionally opening and +abandoning lots of unfinished connections. The previous patch put a +default bound on the number of such ongoing connections, but once that +limit is hit, no more clients can connect (including legitimate ones). +The solution is to insist that clients complete handshake within a +reasonable time limit, defaulting to 10 seconds. A client that has +not successfully completed NBD_OPT_GO by then (including the case of +where the client didn't know TLS credentials to even reach the point +of NBD_OPT_GO) is wasting our time and does not deserve to stay +connected. Later patches will allow fine-tuning the limit away from +the default value (including disabling it for doing integration +testing of the handshake process itself). + +Note that this patch in isolation actually makes it more likely to see +qemu SEGV after nbd-server-stop, as any client socket still connected +when the server shuts down will now be closed after 10 seconds rather +than at the client's whims. That will be addressed in the next patch. + +For a demo of this patch in action: +$ qemu-nbd -f raw -r -t -e 10 file & +$ nbdsh --opt-mode -c ' +H = list() +for i in range(20): + print(i) + H.insert(i, nbd.NBD()) + H[i].set_opt_mode(True) + H[i].connect_uri("nbd://localhost") +' +$ kill $! + +where later connections get to start progressing once earlier ones are +forcefully dropped for taking too long, rather than hanging. + +Suggested-by: Daniel P. Berrangé +Signed-off-by: Eric Blake +Message-ID: <20240807174943.771624-13-eblake@redhat.com> +Reviewed-by: Daniel P. Berrangé +[eblake: rebase to changes earlier in series, reduce scope of timer] +Signed-off-by: Eric Blake + +(cherry picked from commit b9b72cb3ce15b693148bd09cef7e50110566d8a0) +Conflicts: + nbd/server.c - context with different aiocontext locking + nbd/trace-events - context with no client-connection.c +Jira: https://issues.redhat.com/browse/RHEL-52611 +Signed-off-by: Eric Blake +--- + nbd/server.c | 28 +++++++++++++++++++++++++++- + nbd/trace-events | 1 + + 2 files changed, 28 insertions(+), 1 deletion(-) + +diff --git a/nbd/server.c b/nbd/server.c +index cc1b6838bf..1265068f70 100644 +--- a/nbd/server.c ++++ b/nbd/server.c +@@ -2701,22 +2701,48 @@ static void nbd_client_receive_next_request(NBDClient *client) + } + } + ++static void nbd_handshake_timer_cb(void *opaque) ++{ ++ QIOChannel *ioc = opaque; ++ ++ trace_nbd_handshake_timer_cb(); ++ qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL); ++} ++ + static coroutine_fn void nbd_co_client_start(void *opaque) + { + NBDClient *client = opaque; + Error *local_err = NULL; ++ QEMUTimer *handshake_timer = NULL; + + qemu_co_mutex_init(&client->send_lock); + +- /* TODO - utilize client->handshake_max_secs */ ++ /* ++ * Create a timer to bound the time spent in negotiation. If the ++ * timer expires, it is likely nbd_negotiate will fail because the ++ * socket was shutdown. ++ */ ++ if (client->handshake_max_secs > 0) { ++ handshake_timer = aio_timer_new(qemu_get_aio_context(), ++ QEMU_CLOCK_REALTIME, ++ SCALE_NS, ++ nbd_handshake_timer_cb, ++ client->sioc); ++ timer_mod(handshake_timer, ++ qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + ++ client->handshake_max_secs * NANOSECONDS_PER_SECOND); ++ } ++ + if (nbd_negotiate(client, &local_err)) { + if (local_err) { + error_report_err(local_err); + } ++ timer_free(handshake_timer); + client_close(client, false); + return; + } + ++ timer_free(handshake_timer); + nbd_client_receive_next_request(client); + } + +diff --git a/nbd/trace-events b/nbd/trace-events +index c4919a2dd5..553546f1f2 100644 +--- a/nbd/trace-events ++++ b/nbd/trace-events +@@ -73,3 +73,4 @@ nbd_co_receive_request_decode_type(uint64_t handle, uint16_t type, const char *n + nbd_co_receive_request_payload_received(uint64_t handle, uint32_t len) "Payload received: handle = %" PRIu64 ", len = %" PRIu32 + nbd_co_receive_align_compliance(const char *op, uint64_t from, uint32_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx32 ", align=0x%" PRIx32 + nbd_trip(void) "Reading request" ++nbd_handshake_timer_cb(void) "client took too long to negotiate" +-- +2.39.3 + diff --git a/kvm-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch b/kvm-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch new file mode 100644 index 0000000000000000000000000000000000000000..31494541c3a8563c1f4c49e8ca273b0e8c5ffd2d --- /dev/null +++ b/kvm-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch @@ -0,0 +1,174 @@ +From 0d204cb81aec2b13254a0bd53938f53bfea81cb5 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Wed, 7 Aug 2024 08:50:01 -0500 +Subject: [PATCH 1/5] nbd/server: Plumb in new args to nbd_client_add() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eric Blake +RH-MergeRequest: 388: nbd/server: fix CVE-2024-7409 (qemu crash on nbd-server-stop) [rhel-8.10.z] +RH-Jira: RHEL-52611 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Richard W.M. Jones +RH-Commit: [1/4] 292be8dd2df2a840b2200e31a27e9d17fdab91ad (ebblake/qemu-kvm) + +Upcoming patches to fix a CVE need to track an opaque pointer passed +in by the owner of a client object, as well as request for a time +limit on how fast negotiation must complete. Prepare for that by +changing the signature of nbd_client_new() and adding an accessor to +get at the opaque pointer, although for now the two servers +(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though +they pass in a new default timeout value. + +Suggested-by: Vladimir Sementsov-Ogievskiy +Signed-off-by: Eric Blake +Message-ID: <20240807174943.771624-11-eblake@redhat.com> +Reviewed-by: Daniel P. Berrangé +[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan] +Signed-off-by: Eric Blake + +(cherry picked from commit fb1c2aaa981e0a2fa6362c9985f1296b74f055ac) +Jira: https://issues.redhat.com/browse/RHEL-52611 +Signed-off-by: Eric Blake +--- + blockdev-nbd.c | 6 ++++-- + include/block/nbd.h | 11 ++++++++++- + nbd/server.c | 20 +++++++++++++++++--- + qemu-nbd.c | 4 +++- + 4 files changed, 34 insertions(+), 7 deletions(-) + +diff --git a/blockdev-nbd.c b/blockdev-nbd.c +index bdfa7ed3a5..b9e8dc78f3 100644 +--- a/blockdev-nbd.c ++++ b/blockdev-nbd.c +@@ -59,8 +59,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, + nbd_update_server_watch(nbd_server); + + qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); +- nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, +- nbd_blockdev_client_closed); ++ /* TODO - expose handshake timeout as QMP option */ ++ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, ++ nbd_server->tlscreds, nbd_server->tlsauthz, ++ nbd_blockdev_client_closed, NULL); + } + + static void nbd_update_server_watch(NBDServerData *s) +diff --git a/include/block/nbd.h b/include/block/nbd.h +index 78d101b774..b71a297249 100644 +--- a/include/block/nbd.h ++++ b/include/block/nbd.h +@@ -27,6 +27,12 @@ + + extern const BlockExportDriver blk_exp_nbd; + ++/* ++ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must ++ * succeed at NBD_OPT_GO before being forcefully dropped as too slow. ++ */ ++#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 ++ + /* Handshake phase structs - this struct is passed on the wire */ + + struct NBDOption { +@@ -338,9 +344,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp); + NBDExport *nbd_export_find(const char *name); + + void nbd_client_new(QIOChannelSocket *sioc, ++ uint32_t handshake_max_secs, + QCryptoTLSCreds *tlscreds, + const char *tlsauthz, +- void (*close_fn)(NBDClient *, bool)); ++ void (*close_fn)(NBDClient *, bool), ++ void *owner); ++void *nbd_client_owner(NBDClient *client); + void nbd_client_get(NBDClient *client); + void nbd_client_put(NBDClient *client); + +diff --git a/nbd/server.c b/nbd/server.c +index 6db124cf53..cc1b6838bf 100644 +--- a/nbd/server.c ++++ b/nbd/server.c +@@ -120,10 +120,12 @@ typedef struct NBDExportMetaContexts { + struct NBDClient { + int refcount; + void (*close_fn)(NBDClient *client, bool negotiated); ++ void *owner; + + NBDExport *exp; + QCryptoTLSCreds *tlscreds; + char *tlsauthz; ++ uint32_t handshake_max_secs; + QIOChannelSocket *sioc; /* The underlying data channel */ + QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ + +@@ -2706,6 +2708,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) + + qemu_co_mutex_init(&client->send_lock); + ++ /* TODO - utilize client->handshake_max_secs */ + if (nbd_negotiate(client, &local_err)) { + if (local_err) { + error_report_err(local_err); +@@ -2718,14 +2721,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque) + } + + /* +- * Create a new client listener using the given channel @sioc. ++ * Create a new client listener using the given channel @sioc and @owner. + * Begin servicing it in a coroutine. When the connection closes, call +- * @close_fn with an indication of whether the client completed negotiation. ++ * @close_fn with an indication of whether the client completed negotiation ++ * within @handshake_max_secs seconds (0 for unbounded). + */ + void nbd_client_new(QIOChannelSocket *sioc, ++ uint32_t handshake_max_secs, + QCryptoTLSCreds *tlscreds, + const char *tlsauthz, +- void (*close_fn)(NBDClient *, bool)) ++ void (*close_fn)(NBDClient *, bool), ++ void *owner) + { + NBDClient *client; + Coroutine *co; +@@ -2737,13 +2743,21 @@ void nbd_client_new(QIOChannelSocket *sioc, + object_ref(OBJECT(client->tlscreds)); + } + client->tlsauthz = g_strdup(tlsauthz); ++ client->handshake_max_secs = handshake_max_secs; + client->sioc = sioc; + qio_channel_set_delay(QIO_CHANNEL(sioc), false); + object_ref(OBJECT(client->sioc)); + client->ioc = QIO_CHANNEL(sioc); + object_ref(OBJECT(client->ioc)); + client->close_fn = close_fn; ++ client->owner = owner; + + co = qemu_coroutine_create(nbd_co_client_start, client); + qemu_coroutine_enter(co); + } ++ ++void * ++nbd_client_owner(NBDClient *client) ++{ ++ return client->owner; ++} +diff --git a/qemu-nbd.c b/qemu-nbd.c +index c6c20df68a..f48abf379e 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -363,7 +363,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, + + nb_fds++; + nbd_update_server_watch(); +- nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed); ++ /* TODO - expose handshake timeout as command line option */ ++ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, ++ tlscreds, tlsauthz, nbd_client_closed, NULL); + } + + static void nbd_update_server_watch(void) +-- +2.39.3 + diff --git a/kvm-virtio-gpu-free-BHs-by-implementing-unrealize.patch b/kvm-virtio-gpu-free-BHs-by-implementing-unrealize.patch new file mode 100644 index 0000000000000000000000000000000000000000..cd0dab2995ce8e9232fd131ca4086d141e1da963 --- /dev/null +++ b/kvm-virtio-gpu-free-BHs-by-implementing-unrealize.patch @@ -0,0 +1,92 @@ +From 7ad4fc282b1f96d619ce2f9f7ed9049c3b894dd4 Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Thu, 18 Jul 2024 09:42:42 -0400 +Subject: [PATCH 1/6] virtio-gpu: free BHs, by implementing unrealize +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability +RH-Jira: RHEL-32276 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/6] d05c10426afac428d775669748f0aa689c23e787 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2) + +JIRA: https://issues.redhat.com/browse/RHEL-32276 +CVE: CVE-2024-3446 +Upstream: Merged + +commit 957d77863e4564454eb97f8f371096843daf4678 +Author: Marc-André Lureau +Date: Wed Jul 26 21:39:28 2023 +0400 + + virtio-gpu: free BHs, by implementing unrealize + + Acked-by: Dongwon Kim + Signed-off-by: Marc-André Lureau + Message-Id: <20230726173929.690601-2-marcandre.lureau@redhat.com> + +Signed-off-by: Jon Maloy +--- + hw/display/virtio-gpu-base.c | 2 +- + hw/display/virtio-gpu.c | 10 ++++++++++ + include/hw/virtio/virtio-gpu.h | 1 + + 3 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/hw/display/virtio-gpu-base.c b/hw/display/virtio-gpu-base.c +index c8da4806e0..e3ff9dcf38 100644 +--- a/hw/display/virtio-gpu-base.c ++++ b/hw/display/virtio-gpu-base.c +@@ -223,7 +223,7 @@ virtio_gpu_base_set_features(VirtIODevice *vdev, uint64_t features) + trace_virtio_gpu_features(((features & virgl) == virgl)); + } + +-static void ++void + virtio_gpu_base_device_unrealize(DeviceState *qdev) + { + VirtIOGPUBase *g = VIRTIO_GPU_BASE(qdev); +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index ecf9079145..e230e5091f 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -1341,6 +1341,15 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) + QTAILQ_INIT(&g->fenceq); + } + ++static void virtio_gpu_device_unrealize(DeviceState *qdev) ++{ ++ VirtIOGPU *g = VIRTIO_GPU(qdev); ++ ++ g_clear_pointer(&g->ctrl_bh, qemu_bh_delete); ++ g_clear_pointer(&g->cursor_bh, qemu_bh_delete); ++ virtio_gpu_base_device_unrealize(qdev); ++} ++ + void virtio_gpu_reset(VirtIODevice *vdev) + { + VirtIOGPU *g = VIRTIO_GPU(vdev); +@@ -1436,6 +1445,7 @@ static void virtio_gpu_class_init(ObjectClass *klass, void *data) + vgbc->gl_flushed = virtio_gpu_handle_gl_flushed; + + vdc->realize = virtio_gpu_device_realize; ++ vdc->unrealize = virtio_gpu_device_unrealize; + vdc->reset = virtio_gpu_reset; + vdc->get_config = virtio_gpu_get_config; + vdc->set_config = virtio_gpu_set_config; +diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h +index acfba7c76c..4367d005f1 100644 +--- a/include/hw/virtio/virtio-gpu.h ++++ b/include/hw/virtio/virtio-gpu.h +@@ -235,6 +235,7 @@ bool virtio_gpu_base_device_realize(DeviceState *qdev, + VirtIOHandleOutput ctrl_cb, + VirtIOHandleOutput cursor_cb, + Error **errp); ++void virtio_gpu_base_device_unrealize(DeviceState *qdev); + void virtio_gpu_base_reset(VirtIOGPUBase *g); + void virtio_gpu_base_fill_display_info(VirtIOGPUBase *g, + struct virtio_gpu_resp_display_info *dpy_info); +-- +2.39.3 + diff --git a/kvm-virtio-gpu-reset-gfx-resources-in-main-thread.patch b/kvm-virtio-gpu-reset-gfx-resources-in-main-thread.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ec5913fa2965fed0537b9064bd840b4eafac4e7 --- /dev/null +++ b/kvm-virtio-gpu-reset-gfx-resources-in-main-thread.patch @@ -0,0 +1,143 @@ +From 29328e9693aeae1c980a859d4966deda9f54242d Mon Sep 17 00:00:00 2001 +From: Jon Maloy +Date: Thu, 18 Jul 2024 09:36:06 -0400 +Subject: [PATCH 2/6] virtio-gpu: reset gfx resources in main thread +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Jon Maloy +RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability +RH-Jira: RHEL-32276 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/6] a97eef1e6e85b44c08d17adcdc468e857e48a17e (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2) + +JIRA: https://issues.redhat.com/browse/RHEL-32276 +CVE: CVE-2024-3446 +Upstream: Merged + +commit a41e2d97f92b48552988b3cc62dce79d62f60dcc +Author: Marc-André Lureau +Date: Wed Jul 26 21:39:29 2023 +0400 + + virtio-gpu: reset gfx resources in main thread + + Calling OpenGL from different threads can have bad consequences if not + carefully reviewed. It's not generally supported. In my case, I was + debugging a crash in glDeleteTextures from OPENGL32.DLL, where I asked + qemu for gl=es, and thus ANGLE implementation was expected. libepoxy did + resolution of the global pointer for glGenTexture to the GLES version + from the main thread. But it resolved glDeleteTextures to the GL + version, because it was done from a different thread without correct + context. Oops. + + Let's stick to the main thread for GL calls by using a BH. + + Note: I didn't use atomics for reset_finished check, assuming the BQL + will provide enough of sync, but I might be wrong. + + Acked-by: Dongwon Kim + Signed-off-by: Marc-André Lureau + Message-Id: <20230726173929.690601-3-marcandre.lureau@redhat.com> + +Signed-off-by: Jon Maloy +--- + hw/display/virtio-gpu.c | 35 +++++++++++++++++++++++++++++++--- + include/hw/virtio/virtio-gpu.h | 3 +++ + 2 files changed, 35 insertions(+), 3 deletions(-) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index e230e5091f..c28ce1ea72 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -14,6 +14,7 @@ + #include "qemu/osdep.h" + #include "qemu/units.h" + #include "qemu/iov.h" ++#include "sysemu/cpus.h" + #include "ui/console.h" + #include "trace.h" + #include "sysemu/dma.h" +@@ -42,6 +43,7 @@ virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, + + static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, + struct virtio_gpu_simple_resource *res); ++static void virtio_gpu_reset_bh(void *opaque); + + void virtio_gpu_update_cursor_data(VirtIOGPU *g, + struct virtio_gpu_scanout *s, +@@ -1336,6 +1338,8 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) + &qdev->mem_reentrancy_guard); + g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, + &qdev->mem_reentrancy_guard); ++ g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); ++ qemu_cond_init(&g->reset_cond); + QTAILQ_INIT(&g->reslist); + QTAILQ_INIT(&g->cmdq); + QTAILQ_INIT(&g->fenceq); +@@ -1347,19 +1351,44 @@ static void virtio_gpu_device_unrealize(DeviceState *qdev) + + g_clear_pointer(&g->ctrl_bh, qemu_bh_delete); + g_clear_pointer(&g->cursor_bh, qemu_bh_delete); ++ g_clear_pointer(&g->reset_bh, qemu_bh_delete); ++ qemu_cond_destroy(&g->reset_cond); + virtio_gpu_base_device_unrealize(qdev); + } + +-void virtio_gpu_reset(VirtIODevice *vdev) ++static void virtio_gpu_reset_bh(void *opaque) + { +- VirtIOGPU *g = VIRTIO_GPU(vdev); ++ VirtIOGPU *g = VIRTIO_GPU(opaque); + struct virtio_gpu_simple_resource *res, *tmp; +- struct virtio_gpu_ctrl_command *cmd; ++ int i = 0; + + QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { + virtio_gpu_resource_destroy(g, res); + } + ++ for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { ++ dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL); ++ } ++ ++ g->reset_finished = true; ++ qemu_cond_signal(&g->reset_cond); ++} ++ ++void virtio_gpu_reset(VirtIODevice *vdev) ++{ ++ VirtIOGPU *g = VIRTIO_GPU(vdev); ++ struct virtio_gpu_ctrl_command *cmd; ++ ++ if (qemu_in_vcpu_thread()) { ++ g->reset_finished = false; ++ qemu_bh_schedule(g->reset_bh); ++ while (!g->reset_finished) { ++ qemu_cond_wait_iothread(&g->reset_cond); ++ } ++ } else { ++ virtio_gpu_reset_bh(g); ++ } ++ + while (!QTAILQ_EMPTY(&g->cmdq)) { + cmd = QTAILQ_FIRST(&g->cmdq); + QTAILQ_REMOVE(&g->cmdq, cmd, next); +diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h +index 4367d005f1..f3578c1325 100644 +--- a/include/hw/virtio/virtio-gpu.h ++++ b/include/hw/virtio/virtio-gpu.h +@@ -166,6 +166,9 @@ struct VirtIOGPU { + + QEMUBH *ctrl_bh; + QEMUBH *cursor_bh; ++ QEMUBH *reset_bh; ++ QemuCond reset_cond; ++ bool reset_finished; + + QTAILQ_HEAD(, virtio_gpu_simple_resource) reslist; + QTAILQ_HEAD(, virtio_gpu_ctrl_command) cmdq; +-- +2.39.3 + diff --git a/kvm-vnc-increase-max-display-size.patch b/kvm-vnc-increase-max-display-size.patch new file mode 100644 index 0000000000000000000000000000000000000000..1553813dd51d86f73512bbdf9aeb1aa89cbaa882 --- /dev/null +++ b/kvm-vnc-increase-max-display-size.patch @@ -0,0 +1,49 @@ +From a38e51982522910475ec051f81116639254a2955 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 30 May 2024 13:10:29 +0200 +Subject: [PATCH 5/5] vnc: increase max display size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Marc-André Lureau +RH-MergeRequest: 391: vnc: increase max display size +RH-Jira: RHEL-50854 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/1] 8d79bbc6949ca7264f6701121b47e946eb8ac824 + +Resolves: +https://issues.redhat.com/browse/RHEL-50854 + +It's 2024. 4k display resolutions are a thing these days. +Raise width and height limits of the qemu vnc server. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1596 +Signed-off-by: Gerd Hoffmann +Reviewed-by: Daniel P. Berrangé +Message-ID: <20240530111029.1726329-1-kraxel@redhat.com> + +(cherry picked from commit 1f1736a8f16d27a99abd371caaeedc10e6411d15) +Signed-off-by: Marc-André Lureau +--- + ui/vnc.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ui/vnc.h b/ui/vnc.h +index a7149831f9..4d44957cc2 100644 +--- a/ui/vnc.h ++++ b/ui/vnc.h +@@ -81,8 +81,8 @@ typedef void VncSendHextileTile(VncState *vs, + + /* VNC_MAX_WIDTH must be a multiple of VNC_DIRTY_PIXELS_PER_BIT. */ + +-#define VNC_MAX_WIDTH ROUND_UP(2560, VNC_DIRTY_PIXELS_PER_BIT) +-#define VNC_MAX_HEIGHT 2048 ++#define VNC_MAX_WIDTH ROUND_UP(5120, VNC_DIRTY_PIXELS_PER_BIT) ++#define VNC_MAX_HEIGHT 2160 + + /* VNC_DIRTY_BITS is the number of bits in the dirty bitmap. */ + #define VNC_DIRTY_BITS (VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT) +-- +2.39.3 + diff --git a/pass-to-make-check.patch b/pass-to-make-check.patch index a0bc8ca87f423b4e70fed7eb398ce32efdbee33a..3a3761e68d0177b1464044a6554533912609265e 100644 --- a/pass-to-make-check.patch +++ b/pass-to-make-check.patch @@ -1,7 +1,7 @@ -From b30eda522b141cf4b26a2fb22c2123d487f4169d Mon Sep 17 00:00:00 2001 +From d597742733befe23034a87afad7d18ee36d01ceb Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 07:49:06 -0400 -Subject: [PATCH 09/14] pass to make check. +Subject: [PATCH 18/28] pass to make check. With this patch, when running make check command, qemu passes to compile. @@ -160,5 +160,5 @@ index b69bca6a9..dea6a7034 100644 r = kvm_vcpu_ioctl(CPU(cpu), KVM_LARCH_GET_VCPU_STATE, &vcpu_state); if (r < 0) { -- -2.27.0 +2.43.5 diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 72094cf774241429139bafb53639d733c6b3dbe0..02a349db5a5ef1d7081853a348fc75a5031ed912 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.2 +%define anolis_release .0.1 %global SLOF_gittagdate 20191022 %global SLOF_gittagcommit 899d9883 @@ -92,7 +92,7 @@ Obsoletes: %1-rhev <= %{epoch}:%{version}-%{release} Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 6.2.0 -Release: 50%{?rcrel}%{anolis_release}%{?dist} +Release: 52%{?rcrel}%{anolis_release}%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -868,6 +868,28 @@ Patch347: kvm-iotests-270-Don-t-store-data-file-with-json-prefix-i.patch Patch348: kvm-block-introduce-bdrv_open_file_child-helper.patch # For RHEL-35616 - CVE-2024-4467 virt:rhel/qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write [rhel-8.10.z] Patch349: kvm-block-Parse-filenames-only-when-explicitly-requested.patch +# For RHEL-32276 - CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8] +Patch350: kvm-virtio-gpu-free-BHs-by-implementing-unrealize.patch +# For RHEL-32276 - CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8] +Patch351: kvm-virtio-gpu-reset-gfx-resources-in-main-thread.patch +# For RHEL-32276 - CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8] +Patch352: kvm-hw-virtio-Introduce-virtio_bh_new_guarded-helper.patch +# For RHEL-32276 - CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8] +Patch353: kvm-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch +# For RHEL-32276 - CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8] +Patch354: kvm-hw-char-virtio-serial-bus-Protect-from-DMA-re-entran.patch +# For RHEL-32276 - CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8] +Patch355: kvm-hw-virtio-virtio-crypto-Protect-from-DMA-re-entrancy.patch +# For RHEL-52611 - CVE-2024-7409 virt:rhel/qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-8.10.z] +Patch356: kvm-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch +# For RHEL-52611 - CVE-2024-7409 virt:rhel/qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-8.10.z] +Patch357: kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch +# For RHEL-52611 - CVE-2024-7409 virt:rhel/qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-8.10.z] +Patch358: kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch +# For RHEL-52611 - CVE-2024-7409 virt:rhel/qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-8.10.z] +Patch359: kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch +# For RHEL-50854 - vnc: increase max display size to 4K +Patch360: kvm-vnc-increase-max-display-size.patch Patch1000: kvm-virtiofsd-Adjust-limit-for-minor-version.patch @@ -2202,10 +2224,7 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %endif %changelog -* Thu Jul 18 2024 Quanxian Wang - 6.2.0-50.0.2 -- Intel-SIG: Supprt Intel SPR/GNR/SRF new ISAs and cpu models - -* Mon Jul 15 2024 Jacob Wang - 6.2.0-50.0.1 +* Wed Aug 28 2024 Jacob Wang - 6.2.0-52.0.1 - Adjust limit for virtiofsd minor version - Add loongarch supporti (lixianglai@loongson.cn) - Add package qemu-user-static (fuyuan.wh@alibaba-inc.com) @@ -2242,6 +2261,28 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : - Support reuse ASID for CSV guests (hanliyang@hygon.cn) - Support tkm key isolation (xiongmengbiao@hygon.cn) - Add Hygon Dhyana-v3 and Dharma CPU model (zhouyanjing@hygon.cn) +- Intel-SIG: Supprt Intel SPR/GNR/SRF new ISAs and cpu models (quanxian.wang@intel.com) + +* Wed Aug 21 2024 Miroslav Rezanina - 6.2.0-52.el8 +- kvm-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch [RHEL-52611] +- kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch [RHEL-52611] +- kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch [RHEL-52611] +- kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch [RHEL-52611] +- kvm-vnc-increase-max-display-size.patch [RHEL-50854] +- Resolves: RHEL-52611 + (CVE-2024-7409 virt:rhel/qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-8.10.z]) +- Resolves: RHEL-50854 + (vnc: increase max display size to 4K) + +* Mon Jul 29 2024 Miroslav Rezanina - 6.2.0-51.el8 +- kvm-virtio-gpu-free-BHs-by-implementing-unrealize.patch [RHEL-32276] +- kvm-virtio-gpu-reset-gfx-resources-in-main-thread.patch [RHEL-32276] +- kvm-hw-virtio-Introduce-virtio_bh_new_guarded-helper.patch [RHEL-32276] +- kvm-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch [RHEL-32276] +- kvm-hw-char-virtio-serial-bus-Protect-from-DMA-re-entran.patch [RHEL-32276] +- kvm-hw-virtio-virtio-crypto-Protect-from-DMA-re-entrancy.patch [RHEL-32276] +- Resolves: RHEL-32276 + (CVE-2024-3446 virt:rhel/qemu-kvm: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability [rhel-8]) * Thu Jul 04 2024 Miroslav Rezanina - 6.2.0-50 - kvm-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch [RHEL-35616] diff --git a/rename-kvm_msr_buf-with-kvm_csr_buf.patch b/rename-kvm_msr_buf-with-kvm_csr_buf.patch index 4ebe9fdaa9a4cbab27d2f9b813cf246a81ddcee2..6d13b6e9eb721d927954fccfb516e9eaec82076f 100644 --- a/rename-kvm_msr_buf-with-kvm_csr_buf.patch +++ b/rename-kvm_msr_buf-with-kvm_csr_buf.patch @@ -1,7 +1,7 @@ -From be136658b2055e4835f1d41c0729dba7b68cba16 Mon Sep 17 00:00:00 2001 +From 25f1ae50858b5c580336321e18ef0029d3dec922 Mon Sep 17 00:00:00 2001 From: lixianglai Date: Mon, 29 May 2023 05:57:27 -0400 -Subject: [PATCH 02/14] rename kvm_msr_buf with kvm_csr_buf. +Subject: [PATCH 11/28] rename kvm_msr_buf with kvm_csr_buf. Signed-off-by: lixianglai --- @@ -634,5 +634,5 @@ index 404a605eb..b5c655812 100644 (uint32_t)e->index); } -- -2.27.0 +2.43.5