[pve-devel] [PATCH qemu] fixes for QEMU 9.0
Fiona Ebner
f.ebner at proxmox.com
Fri May 17 10:44:57 CEST 2024
Most importantly, fix forwards and backwards migration with VirtIO-GPU
display.
Other fixes are for a regression in pflash device (introduced in 8.2)
and some fixes for x86(_64) TCG emulation. One of the patches needed
to be adapted, because it removed a helper that is still in use in
9.0.0.
There also is a revert for a fix in VirtIO PCI devices that turned out
to cause some issues, see the revert itself for more details.
Lastly, there is a change to move compatibility flags for a new
VirtIO-net feature to the correct machine type. The feature was
introduced in QEMU 8.2, but the compatibility flags got added to
machine version 8.0 instead of 8.1. This breaks backwards migration
with machine version 8.1 from a 8.2/9.0 binary to an 8.1 binary, in
cases where the guest kernel enables the feature (e.g. Ubuntu 23.10).
While that breaks migration with machine version 8.1 from an unpatched
to a patched binary, Proxmox VE only ever had 8.2 on the test
repository and 9.0 not yet in any public repository. An upstream
developer suggested it is the proper fix [0]. Upstream submission [1].
[0]: https://lore.kernel.org/qemu-devel/CACGkMEtZrJuhof+hUGVRvLLQE+8nQE5XmSHpT0NAQ1EpnqfmsA@mail.gmail.com/T/#u
[1]: https://lore.kernel.org/qemu-devel/20240517075336.104091-1-f.ebner@proxmox.com/T/#u
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
.../0006-virtio-gpu-fix-v2-migration.patch | 98 +++++++++++++++++++
...0007-hw-pflash-fix-block-write-start.patch | 59 +++++++++++
...operand-size-for-DATA16-REX.W-POPCNT.patch | 51 ++++++++++
...ru-wrpkru-are-no-prefix-instructions.patch | 40 ++++++++
...6-fix-feature-dependency-for-WAITPKG.patch | 33 +++++++
...tio-pci-fix-use-of-a-released-vector.patch | 87 ++++++++++++++++
...move-compatibility-flags-for-VirtIO-.patch | 57 +++++++++++
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
debian/patches/series | 7 ++
9 files changed, 434 insertions(+), 2 deletions(-)
create mode 100644 debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch
create mode 100644 debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch
create mode 100644 debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch
create mode 100644 debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch
create mode 100644 debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch
create mode 100644 debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch
create mode 100644 debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch
diff --git a/debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch b/debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch
new file mode 100644
index 0000000..132baed
--- /dev/null
+++ b/debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch
@@ -0,0 +1,98 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau at redhat.com>
+Date: Thu, 16 May 2024 12:40:22 +0400
+Subject: [PATCH] virtio-gpu: fix v2 migration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit dfcf74fa ("virtio-gpu: fix scanout migration post-load") broke
+forward/backward version migration. Versioning of nested VMSD structures
+is not straightforward, as the wire format doesn't have nested
+structures versions. Introduce x-scanout-vmstate-version and a field
+test to save/load appropriately according to the machine version.
+
+Fixes: dfcf74fa ("virtio-gpu: fix scanout migration post-load")
+Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
+Signed-off-by: Peter Xu <peterx at redhat.com>
+---
+ hw/core/machine.c | 1 +
+ hw/display/virtio-gpu.c | 24 ++++++++++++++++--------
+ include/hw/virtio/virtio-gpu.h | 1 +
+ 3 files changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index 37ede0e7d4..d33a37a6f6 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -37,6 +37,7 @@ GlobalProperty hw_compat_8_2[] = {
+ { "migration", "zero-page-detection", "legacy"},
+ { TYPE_VIRTIO_IOMMU_PCI, "granule", "4k" },
+ { TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" },
++ { "virtio-gpu-device", "x-scanout-vmstate-version", "1" },
+ };
+ const size_t hw_compat_8_2_len = G_N_ELEMENTS(hw_compat_8_2);
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index ae831b6b3e..85323daf99 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -1166,10 +1166,17 @@ static void virtio_gpu_cursor_bh(void *opaque)
+ virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
+ }
+
++static bool scanout_vmstate_after_v2(void *opaque, int version)
++{
++ struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout);
++ struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj);
++
++ return gpu->scanout_vmstate_version >= 2;
++}
++
+ static const VMStateDescription vmstate_virtio_gpu_scanout = {
+ .name = "virtio-gpu-one-scanout",
+- .version_id = 2,
+- .minimum_version_id = 1,
++ .version_id = 1,
+ .fields = (const VMStateField[]) {
+ VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
+ VMSTATE_UINT32(width, struct virtio_gpu_scanout),
+@@ -1181,12 +1188,12 @@ static const VMStateDescription vmstate_virtio_gpu_scanout = {
+ VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
+ VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
+ VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
+- VMSTATE_UINT32_V(fb.format, struct virtio_gpu_scanout, 2),
+- VMSTATE_UINT32_V(fb.bytes_pp, struct virtio_gpu_scanout, 2),
+- VMSTATE_UINT32_V(fb.width, struct virtio_gpu_scanout, 2),
+- VMSTATE_UINT32_V(fb.height, struct virtio_gpu_scanout, 2),
+- VMSTATE_UINT32_V(fb.stride, struct virtio_gpu_scanout, 2),
+- VMSTATE_UINT32_V(fb.offset, struct virtio_gpu_scanout, 2),
++ VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
++ VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
++ VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
++ VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
++ VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
++ VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
+ VMSTATE_END_OF_LIST()
+ },
+ };
+@@ -1659,6 +1666,7 @@ static Property virtio_gpu_properties[] = {
+ DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
+ VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
+ DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0),
++ DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2),
+ DEFINE_PROP_END_OF_LIST(),
+ };
+
+diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
+index ed44cdad6b..842315d51d 100644
+--- a/include/hw/virtio/virtio-gpu.h
++++ b/include/hw/virtio/virtio-gpu.h
+@@ -177,6 +177,7 @@ typedef struct VGPUDMABuf {
+ struct VirtIOGPU {
+ VirtIOGPUBase parent_obj;
+
++ uint8_t scanout_vmstate_version;
+ uint64_t conf_max_hostmem;
+
+ VirtQueue *ctrl_vq;
diff --git a/debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch b/debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch
new file mode 100644
index 0000000..b53570b
--- /dev/null
+++ b/debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch
@@ -0,0 +1,59 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel at redhat.com>
+Date: Thu, 16 May 2024 10:46:34 +0200
+Subject: [PATCH] hw/pflash: fix block write start
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Move the pflash_blk_write_start() call. We need the offset of the
+first data write, not the offset for the setup (number-of-bytes)
+write. Without this fix u-boot can do block writes to the first
+flash block only.
+
+While being at it drop a leftover FIXME.
+
+Cc: qemu-stable at nongnu.org
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2343
+Fixes: fcc79f2e0955 ("hw/pflash: implement update buffer for block writes")
+Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd at linaro.org>
+(picked up from https://lists.nongnu.org/archive/html/qemu-stable/2024-05/msg00091.html)
+Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
+---
+ hw/block/pflash_cfi01.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
+index 1bda8424b9..c8f1cf5a87 100644
+--- a/hw/block/pflash_cfi01.c
++++ b/hw/block/pflash_cfi01.c
+@@ -518,10 +518,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
+ break;
+ case 0xe8: /* Write to buffer */
+ trace_pflash_write(pfl->name, "write to buffer");
+- /* FIXME should save @offset, @width for case 1+ */
+- qemu_log_mask(LOG_UNIMP,
+- "%s: Write to buffer emulation is flawed\n",
+- __func__);
+ pfl->status |= 0x80; /* Ready! */
+ break;
+ case 0xf0: /* Probe for AMD flash */
+@@ -574,7 +570,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
+ }
+ pfl->counter = value;
+ pfl->wcycle++;
+- pflash_blk_write_start(pfl, offset);
+ break;
+ case 0x60:
+ if (cmd == 0xd0) {
+@@ -605,6 +600,9 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
+ switch (pfl->cmd) {
+ case 0xe8: /* Block write */
+ /* FIXME check @offset, @width */
++ if (pfl->blk_offset == -1 && pfl->counter) {
++ pflash_blk_write_start(pfl, offset);
++ }
+ if (!pfl->ro && (pfl->blk_offset != -1)) {
+ pflash_data_write(pfl, offset, value, width, be);
+ } else {
diff --git a/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch b/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch
new file mode 100644
index 0000000..d10cbbc
--- /dev/null
+++ b/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch
@@ -0,0 +1,51 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Thu, 9 May 2024 12:38:10 +0200
+Subject: [PATCH] target/i386: fix operand size for DATA16 REX.W POPCNT
+
+According to the manual, 32-bit vs 64-bit is governed by REX.W
+and REX ignores the 0x66 prefix. This can be confirmed with this
+program:
+
+ #include <stdio.h>
+ int main()
+ {
+ int x = 0x12340000;
+ int y;
+ asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y);
+ asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); printf("%x\n", y);
+ asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); printf("%x\n", y);
+ }
+
+which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000
+on QEMU.
+
+Cc: qemu-stable at nongnu.org
+Reviewed-by: Zhao Liu <zhao1.liu at intel.com>
+Reviewed-by: Richard Henderson <richard.henderson at linaro.org>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b)
+[FE: keep mo_64_32 helper which still has other users in 9.0.0]
+Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
+---
+ target/i386/tcg/translate.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
+index 76a42c679c..b60f3bd642 100644
+--- a/target/i386/tcg/translate.c
++++ b/target/i386/tcg/translate.c
+@@ -6799,12 +6799,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
+ modrm = x86_ldub_code(env, s);
+ reg = ((modrm >> 3) & 7) | REX_R(s);
+
+- if (s->prefix & PREFIX_DATA) {
+- ot = MO_16;
+- } else {
+- ot = mo_64_32(dflag);
+- }
+-
++ ot = dflag;
+ gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
+ gen_extu(ot, s->T0);
+ tcg_gen_mov_tl(cpu_cc_src, s->T0);
diff --git a/debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch b/debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch
new file mode 100644
index 0000000..eb42f84
--- /dev/null
+++ b/debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Thu, 9 May 2024 15:55:47 +0200
+Subject: [PATCH] target/i386: rdpkru/wrpkru are no-prefix instructions
+
+Reject 0x66/0xf3/0xf2 in front of them.
+
+Cc: qemu-stable at nongnu.org
+Reviewed-by: Richard Henderson <richard.henderson at linaro.org>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+(cherry picked from commit 40a3ec7b5ffde500789d016660a171057d6b467c)
+Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
+---
+ target/i386/tcg/translate.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
+index b60f3bd642..3e949fe964 100644
+--- a/target/i386/tcg/translate.c
++++ b/target/i386/tcg/translate.c
+@@ -6083,7 +6083,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
+ gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
+ break;
+ case 0xee: /* rdpkru */
+- if (prefixes & PREFIX_LOCK) {
++ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
++ | PREFIX_REPZ | PREFIX_REPNZ)) {
+ goto illegal_op;
+ }
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
+@@ -6091,7 +6092,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
+ tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
+ break;
+ case 0xef: /* wrpkru */
+- if (prefixes & PREFIX_LOCK) {
++ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
++ | PREFIX_REPZ | PREFIX_REPNZ)) {
+ goto illegal_op;
+ }
+ tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
diff --git a/debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch b/debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch
new file mode 100644
index 0000000..ed1d6d7
--- /dev/null
+++ b/debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Wed, 8 May 2024 11:10:54 +0200
+Subject: [PATCH] target/i386: fix feature dependency for WAITPKG
+
+The VMX feature bit depends on general availability of WAITPKG,
+not the other way round.
+
+Fixes: 33cc88261c3 ("target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE", 2023-08-28)
+Cc: qemu-stable at nongnu.org
+Reviewed-by: Zhao Liu <zhao1.liu at intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+(cherry picked from commit fe01af5d47d4cf7fdf90c54d43f784e5068c8d72)
+Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
+---
+ target/i386/cpu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 33760a2ee1..e693f8ca9a 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1550,8 +1550,8 @@ static FeatureDep feature_dependencies[] = {
+ .to = { FEAT_SVM, ~0ull },
+ },
+ {
+- .from = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE },
+- .to = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG },
++ .from = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG },
++ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE },
+ },
+ };
+
diff --git a/debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch b/debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch
new file mode 100644
index 0000000..2826b9b
--- /dev/null
+++ b/debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch
@@ -0,0 +1,87 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner at proxmox.com>
+Date: Thu, 16 May 2024 12:59:52 +0200
+Subject: [PATCH] Revert "virtio-pci: fix use of a released vector"
+
+This reverts commit 2ce6cff94df2650c460f809e5ad263f1d22507c0.
+
+The fix causes some issues:
+https://gitlab.com/qemu-project/qemu/-/issues/2321
+https://gitlab.com/qemu-project/qemu/-/issues/2334
+
+The CVE fixed by commit 2ce6cff94d ("virtio-pci: fix use of a released
+vector") is CVE-2024-4693 [0] and allows a malicious guest that
+controls the boot process in the guest to crash its QEMU process.
+
+The issues sound worse than the CVE, so revert until there is a proper
+fix.
+
+[0]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4693
+
+Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
+---
+ hw/virtio/virtio-pci.c | 37 ++-----------------------------------
+ 1 file changed, 2 insertions(+), 35 deletions(-)
+
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index cb159fd078..cb6940fc0e 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -1424,38 +1424,6 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
+ return offset;
+ }
+
+-static void virtio_pci_set_vector(VirtIODevice *vdev,
+- VirtIOPCIProxy *proxy,
+- int queue_no, uint16_t old_vector,
+- uint16_t new_vector)
+-{
+- bool kvm_irqfd = (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+- msix_enabled(&proxy->pci_dev) && kvm_msi_via_irqfd_enabled();
+-
+- if (new_vector == old_vector) {
+- return;
+- }
+-
+- /*
+- * If the device uses irqfd and the vector changes after DRIVER_OK is
+- * set, we need to release the old vector and set up the new one.
+- * Otherwise just need to set the new vector on the device.
+- */
+- if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR) {
+- kvm_virtio_pci_vector_release_one(proxy, queue_no);
+- }
+- /* Set the new vector on the device. */
+- if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
+- vdev->config_vector = new_vector;
+- } else {
+- virtio_queue_set_vector(vdev, queue_no, new_vector);
+- }
+- /* If the new vector changed need to set it up. */
+- if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR) {
+- kvm_virtio_pci_vector_use_one(proxy, queue_no);
+- }
+-}
+-
+ int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy,
+ uint8_t bar, uint64_t offset, uint64_t length,
+ uint8_t id)
+@@ -1602,8 +1570,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
+ } else {
+ val = VIRTIO_NO_VECTOR;
+ }
+- virtio_pci_set_vector(vdev, proxy, VIRTIO_CONFIG_IRQ_IDX,
+- vdev->config_vector, val);
++ vdev->config_vector = val;
+ break;
+ case VIRTIO_PCI_COMMON_STATUS:
+ if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
+@@ -1643,7 +1610,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
+ } else {
+ val = VIRTIO_NO_VECTOR;
+ }
+- virtio_pci_set_vector(vdev, proxy, vdev->queue_sel, vector, val);
++ virtio_queue_set_vector(vdev, vdev->queue_sel, val);
+ break;
+ case VIRTIO_PCI_COMMON_Q_ENABLE:
+ if (val == 1) {
diff --git a/debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch b/debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch
new file mode 100644
index 0000000..afe7d5a
--- /dev/null
+++ b/debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch
@@ -0,0 +1,57 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner at proxmox.com>
+Date: Thu, 16 May 2024 15:21:07 +0200
+Subject: [PATCH] hw/core/machine: move compatibility flags for VirtIO-net USO
+ to machine 8.1
+
+Migration from an 8.2 or 9.0 binary to an 8.1 binary with machine
+version 8.1 can fail with:
+
+> kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7
+> kvm: Failed to load virtio-net:virtio
+> kvm: error while loading state for instance 0x0 of device '0000:00:12.0/virtio-net'
+> kvm: load of migration failed: Operation not permitted
+
+The series
+
+53da8b5a99 virtio-net: Add support for USO features
+9da1684954 virtio-net: Add USO flags to vhost support.
+f03e0cf63b tap: Add check for USO features
+2ab0ec3121 tap: Add USO support to tap device.
+
+only landed in QEMU 8.2, so the compatibility flags should be part of
+machine version 8.1.
+
+Moving the flags unfortunately breaks forward migration with machine
+version 8.1 from a binary without this patch to a binary with this
+patch when the feature is enabled by the guest.
+
+Fixes: 53da8b5a99 ("virtio-net: Add support for USO features")
+Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
+---
+ hw/core/machine.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index d33a37a6f6..4273de16a0 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -46,15 +46,15 @@ GlobalProperty hw_compat_8_1[] = {
+ { "ramfb", "x-migrate", "off" },
+ { "vfio-pci-nohotplug", "x-ramfb-migrate", "off" },
+ { "igb", "x-pcie-flr-init", "off" },
++ { TYPE_VIRTIO_NET, "host_uso", "off"},
++ { TYPE_VIRTIO_NET, "guest_uso4", "off"},
++ { TYPE_VIRTIO_NET, "guest_uso6", "off"},
+ };
+ const size_t hw_compat_8_1_len = G_N_ELEMENTS(hw_compat_8_1);
+
+ GlobalProperty hw_compat_8_0[] = {
+ { "migration", "multifd-flush-after-each-section", "on"},
+ { TYPE_PCI_DEVICE, "x-pcie-ari-nextfn-1", "on" },
+- { TYPE_VIRTIO_NET, "host_uso", "off"},
+- { TYPE_VIRTIO_NET, "guest_uso4", "off"},
+- { TYPE_VIRTIO_NET, "guest_uso6", "off"},
+ };
+ const size_t hw_compat_8_0_len = G_N_ELEMENTS(hw_compat_8_0);
+
diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
index 0b7c435..a7630d2 100644
--- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
+++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
@@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 37ede0e7d4..513e49bab1 100644
+index 4273de16a0..83f1fc0293 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -161,7 +161,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -162,7 +162,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
diff --git a/debian/patches/series b/debian/patches/series
index b97881e..6352df7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,13 @@ extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
+extra/0006-virtio-gpu-fix-v2-migration.patch
+extra/0007-hw-pflash-fix-block-write-start.patch
+extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch
+extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch
+extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch
+extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch
+extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
More information about the pve-devel
mailing list