diff --git a/SOURCES/kvm-vfio-container-Fix-container-object-destruction.patch b/SOURCES/kvm-vfio-container-Fix-container-object-destruction.patch new file mode 100644 index 0000000..aa9bcb9 --- /dev/null +++ b/SOURCES/kvm-vfio-container-Fix-container-object-destruction.patch @@ -0,0 +1,61 @@ +From 21236464550a1a4c844de937e48ff88619228ed7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= +Date: Mon, 18 Nov 2024 16:34:40 +0100 +Subject: [PATCH 1/3] vfio/container: Fix container object destruction +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Cédric Le Goater +RH-MergeRequest: 294: vfio/container: Fix container object destruction +RH-Jira: RHEL-67936 +RH-Acked-by: Eric Auger +RH-Acked-by: Alex Williamson +RH-Commit: [1/1] 5ae46457515b16aee12f5e010d9ef3179525f57f (clegoate/qemu-kvm-centos) + +JIRA: https://issues.redhat.com/browse/RHEL-67936 + +commit ebbf7c60bbd1ceedf9faf962e428ceda2388c248 +Author: Cédric Le Goater +Date: Fri Nov 15 09:34:40 2024 +0100 + + vfio/container: Fix container object destruction + + When commit 96b7af4388b3 intoduced a .instance_finalize() handler, + it did not take into account that the container was not necessarily + inserted into the container list of the address space. Hence, if + the container object is destroyed, by calling object_unref() for + example, before vfio_address_space_insert() is called, QEMU may + crash when removing the container from the list as done in + vfio_container_instance_finalize(). This was seen with an SEV-SNP + guest for which discarding of RAM fails. + + To resolve this issue, use the safe version of QLIST_REMOVE(). + + Cc: Zhenzhong Duan + Cc: Eric Auger + Fixes: 96b7af4388b3 ("vfio/container: Move vfio_container_destroy() to an instance_finalize() handler") + Reviewed-by: Zhenzhong Duan + Signed-off-by: Cédric Le Goater + +Signed-off-by: Cédric Le Goater +--- + hw/vfio/container-base.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/vfio/container-base.c b/hw/vfio/container-base.c +index 809b157674..6f86c37d97 100644 +--- a/hw/vfio/container-base.c ++++ b/hw/vfio/container-base.c +@@ -103,7 +103,7 @@ static void vfio_container_instance_finalize(Object *obj) + VFIOContainerBase *bcontainer = VFIO_IOMMU(obj); + VFIOGuestIOMMU *giommu, *tmp; + +- QLIST_REMOVE(bcontainer, next); ++ QLIST_SAFE_REMOVE(bcontainer, next); + + QLIST_FOREACH_SAFE(giommu, &bcontainer->giommu_list, giommu_next, tmp) { + memory_region_unregister_iommu_notifier( +-- +2.39.3 + diff --git a/SOURCES/kvm-virtio-net-disable-USO-for-RHEL9.patch b/SOURCES/kvm-virtio-net-disable-USO-for-RHEL9.patch new file mode 100644 index 0000000..6b32588 --- /dev/null +++ b/SOURCES/kvm-virtio-net-disable-USO-for-RHEL9.patch @@ -0,0 +1,49 @@ +From cd94a5c750554f21ddbff37f53ff629128200259 Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Wed, 6 Nov 2024 17:29:35 -0500 +Subject: [PATCH 2/3] virtio-net: disable USO for RHEL9 + +RH-Author: MST +RH-MergeRequest: 289: Disable USO for virtio-net to fix RHEL10 to RHEL9 migration +RH-Jira: RHEL-40950 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/1] 9fc588b66c5bad72df1e9b644f48a2a7aa82bfa3 (mstredhat/qemu-kvm-centos) + +Theoretically, QEMU from RHEL9.3 and on supports USO, +but practically we clear the support because RHEL9 +kernels do not support that. + +Now that RHEL10 beta does we suddenly get a migration compatibility +issue. We should not have enabled the feature in RHEL9 userspace, +but luckily, it's not too late to fix that. + +Note: if we ever change RHEL9 kernel to enable USO, we will need to +mask this in RHEL9 QEMU, too. + +Upstream status: n/a: upstream has no guarantee if kernel features change +Tested: lightly on developer's machine. +JIRA: https://issues.redhat.com/browse/RHEL-40950 +Signed-off-by: Michael S. Tsirkin +--- + hw/core/machine.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index d95f246f66..04d180eac4 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -337,6 +337,11 @@ GlobalProperty hw_compat_rhel_9_5[] = { + { TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" }, + /* hw_compat_rhel_9_5 from hw_compat_8_2 */ + { "virtio-gpu-device", "x-scanout-vmstate-version", "1" }, ++ /* supported by userspace, but RHEL 9 *kernels* do not support USO. */ ++ /* TODO: if we ever add 9.6 compat, this has to be there, too */ ++ { TYPE_VIRTIO_NET, "host_uso", "off"}, ++ { TYPE_VIRTIO_NET, "guest_uso4", "off"}, ++ { TYPE_VIRTIO_NET, "guest_uso6", "off"}, + }; + const size_t hw_compat_rhel_9_5_len = G_N_ELEMENTS(hw_compat_rhel_9_5); + +-- +2.39.3 + diff --git a/SOURCES/qemu-ga.sysconfig b/SOURCES/qemu-ga.sysconfig index 736b471..6f6e98b 100644 --- a/SOURCES/qemu-ga.sysconfig +++ b/SOURCES/qemu-ga.sysconfig @@ -13,7 +13,7 @@ # # You can get the list of RPC commands using "qemu-ga --allow-rpcs='?'". # There should be no spaces between commas and commands in the allow list. -FILTER_RPC_ARGS="--allow-rpcs=guest-sync-delimited,guest-sync,guest-ping,guest-get-time,guest-set-time,guest-info,guest-shutdown,guest-fsfreeze-status,guest-fsfreeze-freeze,guest-fsfreeze-freeze-list,guest-fsfreeze-thaw,guest-fstrim,guest-suspend-disk,guest-suspend-ram,guest-suspend-hybrid,guest-network-get-interfaces,guest-get-vcpus,guest-set-vcpus,guest-get-disks,guest-get-fsinfo,guest-set-user-password,guest-get-memory-blocks,guest-set-memory-blocks,guest-get-memory-block-info,guest-get-host-name,guest-get-users,guest-get-timezone,guest-get-osinfo,guest-get-devices,guest-ssh-get-authorized-keys,guest-ssh-add-authorized-keys,guest-ssh-remove-authorized-keys,guest-get-diskstats,guest-get-cpustats" +FILTER_RPC_ARGS="--allow-rpcs=guest-sync-delimited,guest-sync,guest-ping,guest-get-time,guest-set-time,guest-info,guest-shutdown,guest-fsfreeze-status,guest-fsfreeze-freeze,guest-fsfreeze-freeze-list,guest-fsfreeze-thaw,guest-fstrim,guest-suspend-disk,guest-suspend-ram,guest-suspend-hybrid,guest-network-get-interfaces,guest-get-vcpus,guest-set-vcpus,guest-get-disks,guest-get-fsinfo,guest-set-user-password,guest-get-memory-blocks,guest-set-memory-blocks,guest-get-memory-block-info,guest-get-host-name,guest-get-users,guest-get-timezone,guest-get-osinfo,guest-get-devices,guest-ssh-get-authorized-keys,guest-ssh-add-authorized-keys,guest-ssh-remove-authorized-keys,guest-get-diskstats,guest-get-cpustats,guest-network-get-route" # Fsfreeze hook script specification. # diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec index e91bdf8..71727ad 100644 --- a/SPECS/qemu-kvm.spec +++ b/SPECS/qemu-kvm.spec @@ -143,7 +143,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 9.1.0 -Release: 5%{?rcrel}%{?dist}%{?cc_suffix} +Release: 6%{?rcrel}%{?dist}%{?cc_suffix} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -336,6 +336,10 @@ Patch79: kvm-KVM-Define-KVM_MEMSLOTS_NUM_MAX_DEFAULT.patch Patch80: kvm-KVM-Rename-KVMMemoryListener.nr_used_slots-to-nr_slo.patch # For RHEL-57685 - Bad migration performance when performing vGPU VM live migration Patch81: kvm-KVM-Rename-KVMState-nr_slots-to-nr_slots_max.patch +# For RHEL-67936 - QEMU should fail gracefully with passthrough devices in SEV-SNP guests +Patch82: kvm-vfio-container-Fix-container-object-destruction.patch +# For RHEL-40950 - [Stable_Guest_ABI][USO]From 10-beta to RHEL.9.5.0 the guest with 9.4 machine type only, the guest crashed with - qemu-kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7 +Patch83: kvm-virtio-net-disable-USO-for-RHEL9.patch %if %{have_clang} BuildRequires: clang @@ -1402,6 +1406,17 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Mon Nov 25 2024 Miroslav Rezanina - 9.1.0-6 +- kvm-vfio-container-Fix-container-object-destruction.patch [RHEL-67936] +- kvm-virtio-net-disable-USO-for-RHEL9.patch [RHEL-40950] +- kvm-qemu-guest-agent-add-new-api-to-allow-rpc.patch [RHEL-60223] +- Resolves: RHEL-67936 + (QEMU should fail gracefully with passthrough devices in SEV-SNP guests) +- Resolves: RHEL-40950 + ([Stable_Guest_ABI][USO]From 10-beta to RHEL.9.5.0 the guest with 9.4 machine type only, the guest crashed with - qemu-kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7 ) +- Resolves: RHEL-60223 + ([qemu-guest-agent] Add new api 'guest-network-get-route' to allow-rpc) + * Tue Nov 19 2024 Miroslav Rezanina - 9.1.0-5 - kvm-migration-Ensure-vmstate_save-sets-errp.patch [RHEL-63051] - kvm-kvm-replace-fprintf-with-error_report-printf-in-kvm_.patch [RHEL-57685]