From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu v2 2/2] stable fixes for QEMU 9.2.0
Date: Tue, 28 Jan 2025 16:15:59 +0100 [thread overview]
Message-ID: <20250128151559.147227-3-f.ebner@proxmox.com> (raw)
In-Reply-To: <20250128151559.147227-1-f.ebner@proxmox.com>
Most notabbly, there now is an upstream workaround for the "Windows
PCI Label bug" [0] and the revert of QEMU commit 44d975ef34 ("x86:
acpi: workaround Windows not handling name references in Package
properly") can be dropped.
Pick up some other fixes already merged in current master, for
emulation as well as x86(_64) KVM, some PCI/USB fixes and a pair of
regression fixes for the net subsystem.
[0]: https://gitlab.com/qemu-project/qemu/-/issues/774
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...workaround-Windows-not-handling-name.patch | 45 ------
...Reset-free_temps-before-tcg_optimize.patch | 82 ++++++++++
...t-TSCs-of-parked-vCPUs-too-on-VM-res.patch | 149 ++++++++++++++++++
...x10_version-filtered-when-prefix-is-.patch | 41 +++++
| 67 ++++++++
...ectly-compute-Ethernet-packet-offset.patch | 67 ++++++++
...-Windows-PCI-Label-Id-bug-workaround.patch | 96 +++++++++++
...pci-Use-modulo-to-select-MSI-vector-.patch | 53 +++++++
...-link-status-bits-for-downstream-por.patch | 63 ++++++++
...x-pba-read-vector-poll-end-calculati.patch | 36 +++++
debian/patches/series | 10 +-
11 files changed, 663 insertions(+), 46 deletions(-)
delete mode 100644 debian/patches/extra/0003-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
create mode 100644 debian/patches/extra/0003-tcg-Reset-free_temps-before-tcg_optimize.patch
create mode 100644 debian/patches/extra/0004-target-i386-Reset-TSCs-of-parked-vCPUs-too-on-VM-res.patch
create mode 100644 debian/patches/extra/0005-i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch
create mode 100644 debian/patches/extra/0006-net-Fix-announce_self.patch
create mode 100644 debian/patches/extra/0007-net-dump-Correctly-compute-Ethernet-packet-offset.patch
create mode 100644 debian/patches/extra/0008-pci-acpi-Windows-PCI-Label-Id-bug-workaround.patch
create mode 100644 debian/patches/extra/0009-hw-usb-hcd-xhci-pci-Use-modulo-to-select-MSI-vector-.patch
create mode 100644 debian/patches/extra/0010-pci-ensure-valid-link-status-bits-for-downstream-por.patch
create mode 100644 debian/patches/extra/0011-pci-msix-Fix-msix-pba-read-vector-poll-end-calculati.patch
diff --git a/debian/patches/extra/0003-Revert-x86-acpi-workaround-Windows-not-handling-name.patch b/debian/patches/extra/0003-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
deleted file mode 100644
index 5d903da..0000000
--- a/debian/patches/extra/0003-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Fri, 17 Nov 2023 11:18:06 +0100
-Subject: [PATCH] Revert "x86: acpi: workaround Windows not handling name
- references in Package properly"
-
-This reverts commit 44d975ef340e2f21f236f9520c53e1b30d2213a4.
-
-As reported in the community forum [0] and reproduced locally this
-breaks VirtIO network adapters in (at least) the German ISO of Windows
-Server 2022. The fix itself was for
-
-> Issue is not fatal but as result acpi-index/"PCI Label ID" property
-> is either not shown in device details page or shows incorrect value.
-
-so revert and tolerate that as a stop-gap, rather than have the
-devices not working at all.
-
-[0]: https://forum.proxmox.com/threads/92094/post-605684
-
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/i386/acpi-build.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index 9fcc2897b8..45a3392d04 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -345,13 +345,9 @@ Aml *aml_pci_device_dsm(void)
- {
- Aml *params = aml_local(0);
- Aml *pkg = aml_package(2);
-- aml_append(pkg, aml_int(0));
-- aml_append(pkg, aml_int(0));
-+ aml_append(pkg, aml_name("BSEL"));
-+ aml_append(pkg, aml_name("ASUN"));
- aml_append(method, aml_store(pkg, params));
-- aml_append(method,
-- aml_store(aml_name("BSEL"), aml_index(params, aml_int(0))));
-- aml_append(method,
-- aml_store(aml_name("ASUN"), aml_index(params, aml_int(1))));
- aml_append(method,
- aml_return(aml_call5("PDSM", aml_arg(0), aml_arg(1),
- aml_arg(2), aml_arg(3), params))
diff --git a/debian/patches/extra/0003-tcg-Reset-free_temps-before-tcg_optimize.patch b/debian/patches/extra/0003-tcg-Reset-free_temps-before-tcg_optimize.patch
new file mode 100644
index 0000000..15b3016
--- /dev/null
+++ b/debian/patches/extra/0003-tcg-Reset-free_temps-before-tcg_optimize.patch
@@ -0,0 +1,82 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Sat, 7 Dec 2024 18:14:45 +0000
+Subject: [PATCH] tcg: Reset free_temps before tcg_optimize
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When allocating new temps during tcg_optmize, do not re-use
+any EBB temps that were used within the TB. We do not have
+any idea what span of the TB in which the temp was live.
+
+Introduce tcg_temp_ebb_reset_freed and use before tcg_optimize,
+as well as replacing the equivalent in plugin_gen_inject and
+tcg_func_start.
+
+Cc: qemu-stable@nongnu.org
+Fixes: fb04ab7ddd8 ("tcg/optimize: Lower TCG_COND_TST{EQ,NE} if unsupported")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2711
+Reported-by: wannacu <wannacu2049@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+(cherry picked from commit 04e006ab36a8565b92d4e21dd346367fbade7d74)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ accel/tcg/plugin-gen.c | 2 +-
+ include/tcg/tcg-temp-internal.h | 6 ++++++
+ tcg/tcg.c | 5 ++++-
+ 3 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
+index 0f47bfbb48..1ef075552c 100644
+--- a/accel/tcg/plugin-gen.c
++++ b/accel/tcg/plugin-gen.c
+@@ -275,7 +275,7 @@ static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
+ * that might be live within the existing opcode stream.
+ * The simplest solution is to release them all and create new.
+ */
+- memset(tcg_ctx->free_temps, 0, sizeof(tcg_ctx->free_temps));
++ tcg_temp_ebb_reset_freed(tcg_ctx);
+
+ QTAILQ_FOREACH_SAFE(op, &tcg_ctx->ops, link, next) {
+ switch (op->opc) {
+diff --git a/include/tcg/tcg-temp-internal.h b/include/tcg/tcg-temp-internal.h
+index 44192c55a9..98f91e68b7 100644
+--- a/include/tcg/tcg-temp-internal.h
++++ b/include/tcg/tcg-temp-internal.h
+@@ -42,4 +42,10 @@ TCGv_i64 tcg_temp_ebb_new_i64(void);
+ TCGv_ptr tcg_temp_ebb_new_ptr(void);
+ TCGv_i128 tcg_temp_ebb_new_i128(void);
+
++/* Forget all freed EBB temps, so that new allocations produce new temps. */
++static inline void tcg_temp_ebb_reset_freed(TCGContext *s)
++{
++ memset(s->free_temps, 0, sizeof(s->free_temps));
++}
++
+ #endif /* TCG_TEMP_FREE_H */
+diff --git a/tcg/tcg.c b/tcg/tcg.c
+index 0babae1b88..4578b185be 100644
+--- a/tcg/tcg.c
++++ b/tcg/tcg.c
+@@ -1489,7 +1489,7 @@ void tcg_func_start(TCGContext *s)
+ s->nb_temps = s->nb_globals;
+
+ /* No temps have been previously allocated for size or locality. */
+- memset(s->free_temps, 0, sizeof(s->free_temps));
++ tcg_temp_ebb_reset_freed(s);
+
+ /* No constant temps have been previously allocated. */
+ for (int i = 0; i < TCG_TYPE_COUNT; ++i) {
+@@ -6120,6 +6120,9 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb, uint64_t pc_start)
+ }
+ #endif
+
++ /* Do not reuse any EBB that may be allocated within the TB. */
++ tcg_temp_ebb_reset_freed(s);
++
+ tcg_optimize(s);
+
+ reachable_code_pass(s);
diff --git a/debian/patches/extra/0004-target-i386-Reset-TSCs-of-parked-vCPUs-too-on-VM-res.patch b/debian/patches/extra/0004-target-i386-Reset-TSCs-of-parked-vCPUs-too-on-VM-res.patch
new file mode 100644
index 0000000..071d51a
--- /dev/null
+++ b/debian/patches/extra/0004-target-i386-Reset-TSCs-of-parked-vCPUs-too-on-VM-res.patch
@@ -0,0 +1,149 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
+Date: Thu, 12 Dec 2024 15:51:15 +0100
+Subject: [PATCH] target/i386: Reset TSCs of parked vCPUs too on VM reset
+
+Since commit 5286c3662294 ("target/i386: properly reset TSC on reset")
+QEMU writes the special value of "1" to each online vCPU TSC on VM reset
+to reset it.
+
+However parked vCPUs don't get that handling and due to that their TSCs
+get desynchronized when the VM gets reset.
+This in turn causes KVM to turn off PVCLOCK_TSC_STABLE_BIT in its exported
+PV clock.
+Note that KVM has no understanding of vCPU being currently parked.
+
+Without PVCLOCK_TSC_STABLE_BIT the sched clock is marked unstable in
+the guest's kvm_sched_clock_init().
+This causes a performance regressions to show in some tests.
+
+Fix this issue by writing the special value of "1" also to TSCs of parked
+vCPUs on VM reset.
+
+Reproducing the issue:
+1) Boot a VM with "-smp 2,maxcpus=3" or similar
+
+2) device_add host-x86_64-cpu,id=vcpu,node-id=0,socket-id=0,core-id=2,thread-id=0
+
+3) Wait a few seconds
+
+4) device_del vcpu
+
+5) Inside the VM run:
+# echo "t" >/proc/sysrq-trigger; dmesg | grep sched_clock_stable
+Observe the sched_clock_stable() value is 1.
+
+6) Reboot the VM
+
+7) Once the VM boots once again run inside it:
+# echo "t" >/proc/sysrq-trigger; dmesg | grep sched_clock_stable
+Observe the sched_clock_stable() value is now 0.
+
+Fixes: 5286c3662294 ("target/i386: properly reset TSC on reset")
+Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
+Link: https://lore.kernel.org/r/5a605a88e9a231386dc803c60f5fed9b48108139.1734014926.git.maciej.szmigiero@oracle.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 3f2a05b31ee9ce2ddb6c75a9bc3f5e7f7af9a76f)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ accel/kvm/kvm-all.c | 11 +++++++++++
+ configs/targets/i386-softmmu.mak | 1 +
+ configs/targets/x86_64-softmmu.mak | 1 +
+ include/sysemu/kvm.h | 8 ++++++++
+ target/i386/kvm/kvm.c | 15 +++++++++++++++
+ 5 files changed, 36 insertions(+)
+
+diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
+index 801cff16a5..dec1d1c16a 100644
+--- a/accel/kvm/kvm-all.c
++++ b/accel/kvm/kvm-all.c
+@@ -437,6 +437,16 @@ int kvm_unpark_vcpu(KVMState *s, unsigned long vcpu_id)
+ return kvm_fd;
+ }
+
++static void kvm_reset_parked_vcpus(void *param)
++{
++ KVMState *s = param;
++ struct KVMParkedVcpu *cpu;
++
++ QLIST_FOREACH(cpu, &s->kvm_parked_vcpus, node) {
++ kvm_arch_reset_parked_vcpu(cpu->vcpu_id, cpu->kvm_fd);
++ }
++}
++
+ int kvm_create_vcpu(CPUState *cpu)
+ {
+ unsigned long vcpu_id = kvm_arch_vcpu_id(cpu);
+@@ -2728,6 +2738,7 @@ static int kvm_init(MachineState *ms)
+ }
+
+ qemu_register_reset(kvm_unpoison_all, NULL);
++ qemu_register_reset(kvm_reset_parked_vcpus, s);
+
+ if (s->kernel_irqchip_allowed) {
+ kvm_irqchip_create(s);
+diff --git a/configs/targets/i386-softmmu.mak b/configs/targets/i386-softmmu.mak
+index 2ac69d5ba3..2eb0e86250 100644
+--- a/configs/targets/i386-softmmu.mak
++++ b/configs/targets/i386-softmmu.mak
+@@ -1,4 +1,5 @@
+ TARGET_ARCH=i386
+ TARGET_SUPPORTS_MTTCG=y
+ TARGET_KVM_HAVE_GUEST_DEBUG=y
++TARGET_KVM_HAVE_RESET_PARKED_VCPU=y
+ TARGET_XML_FILES= gdb-xml/i386-32bit.xml
+diff --git a/configs/targets/x86_64-softmmu.mak b/configs/targets/x86_64-softmmu.mak
+index e12ac3dc59..920e9a4200 100644
+--- a/configs/targets/x86_64-softmmu.mak
++++ b/configs/targets/x86_64-softmmu.mak
+@@ -2,4 +2,5 @@ TARGET_ARCH=x86_64
+ TARGET_BASE_ARCH=i386
+ TARGET_SUPPORTS_MTTCG=y
+ TARGET_KVM_HAVE_GUEST_DEBUG=y
++TARGET_KVM_HAVE_RESET_PARKED_VCPU=y
+ TARGET_XML_FILES= gdb-xml/i386-64bit.xml
+diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
+index c3a60b2890..ab17c09a55 100644
+--- a/include/sysemu/kvm.h
++++ b/include/sysemu/kvm.h
+@@ -377,6 +377,14 @@ int kvm_arch_init(MachineState *ms, KVMState *s);
+ int kvm_arch_init_vcpu(CPUState *cpu);
+ int kvm_arch_destroy_vcpu(CPUState *cpu);
+
++#ifdef TARGET_KVM_HAVE_RESET_PARKED_VCPU
++void kvm_arch_reset_parked_vcpu(unsigned long vcpu_id, int kvm_fd);
++#else
++static inline void kvm_arch_reset_parked_vcpu(unsigned long vcpu_id, int kvm_fd)
++{
++}
++#endif
++
+ bool kvm_vcpu_id_is_valid(int vcpu_id);
+
+ /* Returns VCPU ID to be used on KVM_CREATE_VCPU ioctl() */
+diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
+index 8e17942c3b..2ff618fbf1 100644
+--- a/target/i386/kvm/kvm.c
++++ b/target/i386/kvm/kvm.c
+@@ -2415,6 +2415,21 @@ void kvm_arch_after_reset_vcpu(X86CPU *cpu)
+ }
+ }
+
++void kvm_arch_reset_parked_vcpu(unsigned long vcpu_id, int kvm_fd)
++{
++ g_autofree struct kvm_msrs *msrs = NULL;
++
++ msrs = g_malloc0(sizeof(*msrs) + sizeof(msrs->entries[0]));
++ msrs->entries[0].index = MSR_IA32_TSC;
++ msrs->entries[0].data = 1; /* match the value in x86_cpu_reset() */
++ msrs->nmsrs++;
++
++ if (ioctl(kvm_fd, KVM_SET_MSRS, msrs) != 1) {
++ warn_report("parked vCPU %lu TSC reset failed: %d",
++ vcpu_id, errno);
++ }
++}
++
+ void kvm_arch_do_init_vcpu(X86CPU *cpu)
+ {
+ CPUX86State *env = &cpu->env;
diff --git a/debian/patches/extra/0005-i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch b/debian/patches/extra/0005-i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch
new file mode 100644
index 0000000..6f5444c
--- /dev/null
+++ b/debian/patches/extra/0005-i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Zhao Liu <zhao1.liu@intel.com>
+Date: Wed, 6 Nov 2024 11:07:18 +0800
+Subject: [PATCH] i386/cpu: Mark avx10_version filtered when prefix is NULL
+
+In x86_cpu_filter_features(), if host doesn't support AVX10, the
+configured avx10_version should be marked as filtered regardless of
+whether prefix is NULL or not.
+
+Check prefix before warn_report() instead of checking for
+have_filtered_features.
+
+Cc: qemu-stable@nongnu.org
+Fixes: commit bccfb846fd52 ("target/i386: add AVX10 feature and AVX10 version property")
+Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
+Reviewed-by: Tao Su <tao1.su@linux.intel.com>
+Link: https://lore.kernel.org/r/20241106030728.553238-2-zhao1.liu@intel.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit cf4c263551886964c5d58bd7b675b13fd497b402)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ target/i386/cpu.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 3725dbbc4b..1981aeaba5 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -7718,8 +7718,10 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose)
+ env->avx10_version = version;
+ have_filtered_features = true;
+ }
+- } else if (env->avx10_version && prefix) {
+- warn_report("%s: avx10.%d.", prefix, env->avx10_version);
++ } else if (env->avx10_version) {
++ if (prefix) {
++ warn_report("%s: avx10.%d.", prefix, env->avx10_version);
++ }
+ have_filtered_features = true;
+ }
+
--git a/debian/patches/extra/0006-net-Fix-announce_self.patch b/debian/patches/extra/0006-net-Fix-announce_self.patch
new file mode 100644
index 0000000..0c11819
--- /dev/null
+++ b/debian/patches/extra/0006-net-Fix-announce_self.patch
@@ -0,0 +1,67 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Laurent Vivier <lvivier@redhat.com>
+Date: Fri, 17 Jan 2025 12:17:08 +0100
+Subject: [PATCH] net: Fix announce_self
+
+b9ad513e1876 ("net: Remove receive_raw()") adds an iovec entry
+in qemu_deliver_packet_iov() to add the virtio-net header
+in the data when QEMU_NET_PACKET_FLAG_RAW is set but forgets
+to increase the number of iovec entries in the array, so
+receive_iov() will only send the first entry (the virtio-net
+entry, full of 0) and no data. The packet will be discarded.
+
+The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self.
+
+We can see the problem with tcpdump:
+
+- QEMU parameters:
+
+ .. -monitor stdio \
+ -netdev bridge,id=netdev0,br=virbr0 \
+ -device virtio-net,mac=9a:2b:2c:2d:2e:2f,netdev=netdev0 \
+
+- HMP command:
+
+ (qemu) announce_self
+
+- TCP dump:
+
+ $ sudo tcpdump -nxi virbr0
+
+ without the fix:
+
+ <nothing>
+
+ with the fix:
+
+ ARP, Reverse Request who-is 9a:2b:2c:2d:2e:2f tell 9a:2b:2c:2d:2e:2f, length 46
+ 0x0000: 0001 0800 0604 0003 9a2b 2c2d 2e2f 0000
+ 0x0010: 0000 9a2b 2c2d 2e2f 0000 0000 0000 0000
+ 0x0020: 0000 0000 0000 0000 0000 0000 0000
+
+Reported-by: Xiaohui Li <xiaohli@redhat.com>
+Bug: https://issues.redhat.com/browse/RHEL-73891
+Fixes: b9ad513e1876 ("net: Remove receive_raw()")
+Cc: akihiko.odaki@daynix.com
+Signed-off-by: Laurent Vivier <lvivier@redhat.com>
+Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
+(picked from https://lore.kernel.org/qemu-devel/20250117111709.970789-2-lvivier@redhat.com/)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ net/net.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/net.c b/net/net.c
+index 7ef6885876..fefa701bb2 100644
+--- a/net/net.c
++++ b/net/net.c
+@@ -822,6 +822,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
+ iov_copy[0].iov_len = nc->vnet_hdr_len;
+ memcpy(&iov_copy[1], iov, iovcnt * sizeof(*iov));
+ iov = iov_copy;
++ iovcnt++;
+ }
+
+ if (nc->info->receive_iov) {
diff --git a/debian/patches/extra/0007-net-dump-Correctly-compute-Ethernet-packet-offset.patch b/debian/patches/extra/0007-net-dump-Correctly-compute-Ethernet-packet-offset.patch
new file mode 100644
index 0000000..09b00f7
--- /dev/null
+++ b/debian/patches/extra/0007-net-dump-Correctly-compute-Ethernet-packet-offset.patch
@@ -0,0 +1,67 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Laurent Vivier <lvivier@redhat.com>
+Date: Fri, 17 Jan 2025 12:17:09 +0100
+Subject: [PATCH] net/dump: Correctly compute Ethernet packet offset
+
+When a packet is sent with QEMU_NET_PACKET_FLAG_RAW by QEMU it
+never includes virtio-net header even if qemu_get_vnet_hdr_len()
+is not 0, and filter-dump is not managing this case.
+
+The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self,
+we can show the problem using it and tcpddump:
+
+- QEMU parameters:
+
+ .. -monitor stdio \
+ -netdev bridge,id=netdev0,br=virbr0 \
+ -device virtio-net,mac=9a:2b:2c:2d:2e:2f,netdev=netdev0 \
+ -object filter-dump,netdev=netdev0,file=log.pcap,id=pcap0
+
+- HMP command:
+
+ (qemu) announce_self
+
+- TCP dump:
+
+ $ tcpdump -nxr log.pcap
+
+ without the fix:
+
+ 08:00:06:04:00:03 > 2e:2f:80:35:00:01, ethertype Unknown (0x9a2b), length 50:
+ 0x0000: 2c2d 2e2f 0000 0000 9a2b 2c2d 2e2f 0000
+ 0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0020: 0000 0000
+
+ with the fix:
+
+ ARP, Reverse Request who-is 9a:2b:2c:2d:2e:2f tell 9a:2b:2c:2d:2e:2f, length 46
+ 0x0000: 0001 0800 0604 0003 9a2b 2c2d 2e2f 0000
+ 0x0010: 0000 9a2b 2c2d 2e2f 0000 0000 0000 0000
+ 0x0020: 0000 0000 0000 0000 0000 0000 0000
+
+Fixes: 481c52320a26 ("net: Strip virtio-net header when dumping")
+Cc: akihiko.odaki@daynix.com
+Signed-off-by: Laurent Vivier <lvivier@redhat.com>
+Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
+(picked from https://lore.kernel.org/qemu-devel/20250117111709.970789-3-lvivier@redhat.com/)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ net/dump.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/dump.c b/net/dump.c
+index 956e34a123..42ab8d7716 100644
+--- a/net/dump.c
++++ b/net/dump.c
+@@ -155,7 +155,8 @@ static ssize_t filter_dump_receive_iov(NetFilterState *nf, NetClientState *sndr,
+ {
+ NetFilterDumpState *nfds = FILTER_DUMP(nf);
+
+- dump_receive_iov(&nfds->ds, iov, iovcnt, qemu_get_vnet_hdr_len(nf->netdev));
++ dump_receive_iov(&nfds->ds, iov, iovcnt, flags & QEMU_NET_PACKET_FLAG_RAW ?
++ 0 : qemu_get_vnet_hdr_len(nf->netdev));
+ return 0;
+ }
+
diff --git a/debian/patches/extra/0008-pci-acpi-Windows-PCI-Label-Id-bug-workaround.patch b/debian/patches/extra/0008-pci-acpi-Windows-PCI-Label-Id-bug-workaround.patch
new file mode 100644
index 0000000..acb7662
--- /dev/null
+++ b/debian/patches/extra/0008-pci-acpi-Windows-PCI-Label-Id-bug-workaround.patch
@@ -0,0 +1,96 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Igor Mammedov <imammedo@redhat.com>
+Date: Wed, 15 Jan 2025 13:53:41 +0100
+Subject: [PATCH] pci: acpi: Windows 'PCI Label Id' bug workaround
+
+Current versions of Windows call _DSM(func=7) regardless
+of whether it is supported or not. It leads to NICs having bogus
+'PCI Label Id = 0', where none should be set at all.
+
+Also presence of 'PCI Label Id' triggers another Windows bug
+on localized versions that leads to hangs. The later bug is fixed
+in latest updates for 'Windows Server' but not in consumer
+versions of Windows (and there is no plans to fix it
+as far as I'm aware).
+
+Given it's easy, implement Microsoft suggested workaround
+(return invalid Package) so that affected Windows versions
+could boot on QEMU.
+This would effectvely remove bogus 'PCI Label Id's on NICs,
+but MS teem confirmed that flipping 'PCI Label Id' should not
+change 'Network Connection' ennumeration, so it should be safe
+for QEMU to change _DSM without any compat code.
+
+Smoke tested with WinXP and WS2022
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/774
+Signed-off-by: Igor Mammedov <imammedo@redhat.com>
+Message-Id: <20250115125342.3883374-3-imammedo@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 0b053391985abcc40b16ac8fc4a7f6588d1d95c1)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/i386/acpi-build.c | 33 +++++++++++++++++++++++----------
+ 1 file changed, 23 insertions(+), 10 deletions(-)
+
+diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
+index 9fcc2897b8..f7b961e04c 100644
+--- a/hw/i386/acpi-build.c
++++ b/hw/i386/acpi-build.c
+@@ -654,6 +654,7 @@ static Aml *aml_pci_pdsm(void)
+ Aml *acpi_index = aml_local(2);
+ Aml *zero = aml_int(0);
+ Aml *one = aml_int(1);
++ Aml *not_supp = aml_int(0xFFFFFFFF);
+ Aml *func = aml_arg(2);
+ Aml *params = aml_arg(4);
+ Aml *bnum = aml_derefof(aml_index(params, aml_int(0)));
+@@ -678,7 +679,7 @@ static Aml *aml_pci_pdsm(void)
+ */
+ ifctx1 = aml_if(aml_lnot(
+ aml_or(aml_equal(acpi_index, zero),
+- aml_equal(acpi_index, aml_int(0xFFFFFFFF)), NULL)
++ aml_equal(acpi_index, not_supp), NULL)
+ ));
+ {
+ /* have supported functions */
+@@ -704,18 +705,30 @@ static Aml *aml_pci_pdsm(void)
+ {
+ Aml *pkg = aml_package(2);
+
+- aml_append(pkg, zero);
+- /*
+- * optional, if not impl. should return null string
+- */
+- aml_append(pkg, aml_string("%s", ""));
+- aml_append(ifctx, aml_store(pkg, ret));
+-
+ aml_append(ifctx, aml_store(aml_call2("AIDX", bnum, sunum), acpi_index));
++ aml_append(ifctx, aml_store(pkg, ret));
+ /*
+- * update acpi-index to actual value
++ * Windows calls func=7 without checking if it's available,
++ * as workaround Microsoft has suggested to return invalid for func7
++ * Package, so return 2 elements package but only initialize elements
++ * when acpi_index is supported and leave them uninitialized, which
++ * leads elements to being Uninitialized ObjectType and should trip
++ * Windows into discarding result as an unexpected and prevent setting
++ * bogus 'PCI Label' on the device.
+ */
+- aml_append(ifctx, aml_store(acpi_index, aml_index(ret, zero)));
++ ifctx1 = aml_if(aml_lnot(aml_lor(
++ aml_equal(acpi_index, zero), aml_equal(acpi_index, not_supp)
++ )));
++ {
++ aml_append(ifctx1, aml_store(acpi_index, aml_index(ret, zero)));
++ /*
++ * optional, if not impl. should return null string
++ */
++ aml_append(ifctx1, aml_store(aml_string("%s", ""),
++ aml_index(ret, one)));
++ }
++ aml_append(ifctx, ifctx1);
++
+ aml_append(ifctx, aml_return(ret));
+ }
+
diff --git a/debian/patches/extra/0009-hw-usb-hcd-xhci-pci-Use-modulo-to-select-MSI-vector-.patch b/debian/patches/extra/0009-hw-usb-hcd-xhci-pci-Use-modulo-to-select-MSI-vector-.patch
new file mode 100644
index 0000000..780586c
--- /dev/null
+++ b/debian/patches/extra/0009-hw-usb-hcd-xhci-pci-Use-modulo-to-select-MSI-vector-.patch
@@ -0,0 +1,53 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Phil Dennis-Jordan <phil@philjordan.eu>
+Date: Fri, 13 Dec 2024 17:06:14 +0100
+Subject: [PATCH] hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per
+ spec
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+QEMU would crash with a failed assertion if the XHCI controller
+attempted to raise the interrupt on an interrupter corresponding
+to a MSI vector with a higher index than the highest configured
+for the device by the guest driver.
+
+This behaviour is correct on the MSI/PCI side: per PCI 3.0 spec,
+devices must ensure they do not send MSI notifications for
+vectors beyond the range of those allocated by the system/driver
+software. Unlike MSI-X, there is no generic way for handling
+aliasing in the case of fewer allocated vectors than requested,
+so the specifics are up to device implementors. (Section
+6.8.3.4. "Sending Messages")
+
+It turns out the XHCI spec (Implementation Note in section 4.17,
+"Interrupters") requires that the host controller signal the MSI
+vector with the number computed by taking the interrupter number
+modulo the number of enabled MSI vectors.
+
+This change introduces that modulo calculation, fixing the
+failed assertion. This makes the device work correctly in MSI mode
+with macOS's XHCI driver, which only allocates a single vector.
+
+Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Message-ID: <20250112210056.16658-2-phil@philjordan.eu>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+(cherry picked from commit bb5b7fced6b5d3334ab20702fc846e47bb1fb731)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/usb/hcd-xhci-pci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c
+index a039f5778a..516e6909d2 100644
+--- a/hw/usb/hcd-xhci-pci.c
++++ b/hw/usb/hcd-xhci-pci.c
+@@ -74,6 +74,7 @@ static bool xhci_pci_intr_raise(XHCIState *xhci, int n, bool level)
+ }
+
+ if (msi_enabled(pci_dev) && level) {
++ n %= msi_nr_vectors_allocated(pci_dev);
+ msi_notify(pci_dev, n);
+ return true;
+ }
diff --git a/debian/patches/extra/0010-pci-ensure-valid-link-status-bits-for-downstream-por.patch b/debian/patches/extra/0010-pci-ensure-valid-link-status-bits-for-downstream-por.patch
new file mode 100644
index 0000000..f566570
--- /dev/null
+++ b/debian/patches/extra/0010-pci-ensure-valid-link-status-bits-for-downstream-por.patch
@@ -0,0 +1,63 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Sebastian Ott <sebott@redhat.com>
+Date: Tue, 3 Dec 2024 13:19:28 +0100
+Subject: [PATCH] pci: ensure valid link status bits for downstream ports
+
+PCI hotplug for downstream endpoints on arm fails because Linux'
+PCIe hotplug driver doesn't like the QEMU provided LNKSTA:
+
+ pcieport 0000:08:01.0: pciehp: Slot(2): Card present
+ pcieport 0000:08:01.0: pciehp: Slot(2): Link Up
+ pcieport 0000:08:01.0: pciehp: Slot(2): Cannot train link: status 0x2000
+
+There's 2 cases where LNKSTA isn't setup properly:
+* the downstream device has no express capability
+* max link width of the bridge is 0
+
+Move the sanity checks added via 88c869198aa63
+("pci: Sanity test minimum downstream LNKSTA") outside of the
+branch to make sure downstream ports always have a valid LNKSTA.
+
+Signed-off-by: Sebastian Ott <sebott@redhat.com>
+Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
+Message-Id: <20241203121928.14861-1-sebott@redhat.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 694632fd44987cc4618612a38ad151047524a590)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/pci/pcie.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
+index 0b455c8654..1b12db6fa2 100644
+--- a/hw/pci/pcie.c
++++ b/hw/pci/pcie.c
+@@ -1113,18 +1113,22 @@ void pcie_sync_bridge_lnk(PCIDevice *bridge_dev)
+ if ((lnksta & PCI_EXP_LNKSTA_NLW) > (lnkcap & PCI_EXP_LNKCAP_MLW)) {
+ lnksta &= ~PCI_EXP_LNKSTA_NLW;
+ lnksta |= lnkcap & PCI_EXP_LNKCAP_MLW;
+- } else if (!(lnksta & PCI_EXP_LNKSTA_NLW)) {
+- lnksta |= QEMU_PCI_EXP_LNKSTA_NLW(QEMU_PCI_EXP_LNK_X1);
+ }
+
+ if ((lnksta & PCI_EXP_LNKSTA_CLS) > (lnkcap & PCI_EXP_LNKCAP_SLS)) {
+ lnksta &= ~PCI_EXP_LNKSTA_CLS;
+ lnksta |= lnkcap & PCI_EXP_LNKCAP_SLS;
+- } else if (!(lnksta & PCI_EXP_LNKSTA_CLS)) {
+- lnksta |= QEMU_PCI_EXP_LNKSTA_CLS(QEMU_PCI_EXP_LNK_2_5GT);
+ }
+ }
+
++ if (!(lnksta & PCI_EXP_LNKSTA_NLW)) {
++ lnksta |= QEMU_PCI_EXP_LNKSTA_NLW(QEMU_PCI_EXP_LNK_X1);
++ }
++
++ if (!(lnksta & PCI_EXP_LNKSTA_CLS)) {
++ lnksta |= QEMU_PCI_EXP_LNKSTA_CLS(QEMU_PCI_EXP_LNK_2_5GT);
++ }
++
+ pci_word_test_and_clear_mask(exp_cap + PCI_EXP_LNKSTA,
+ PCI_EXP_LNKSTA_CLS | PCI_EXP_LNKSTA_NLW);
+ pci_word_test_and_set_mask(exp_cap + PCI_EXP_LNKSTA, lnksta &
diff --git a/debian/patches/extra/0011-pci-msix-Fix-msix-pba-read-vector-poll-end-calculati.patch b/debian/patches/extra/0011-pci-msix-Fix-msix-pba-read-vector-poll-end-calculati.patch
new file mode 100644
index 0000000..3ffee58
--- /dev/null
+++ b/debian/patches/extra/0011-pci-msix-Fix-msix-pba-read-vector-poll-end-calculati.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Nicholas Piggin <npiggin@gmail.com>
+Date: Thu, 12 Dec 2024 22:04:02 +1000
+Subject: [PATCH] pci/msix: Fix msix pba read vector poll end calculation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The end vector calculation has a bug that results in polling fewer
+than required vectors when reading at a non-zero offset in PBA memory.
+
+Fixes: bbef882cc193 ("msi: add API to get notified about pending bit poll")
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Message-Id: <20241212120402.1475053-1-npiggin@gmail.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 42e2a7a0ab23784e44fcb18369e06067abc89305)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/pci/msix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/pci/msix.c b/hw/pci/msix.c
+index 487e49834e..cc6e79ec67 100644
+--- a/hw/pci/msix.c
++++ b/hw/pci/msix.c
+@@ -250,7 +250,7 @@ static uint64_t msix_pba_mmio_read(void *opaque, hwaddr addr,
+ PCIDevice *dev = opaque;
+ if (dev->msix_vector_poll_notifier) {
+ unsigned vector_start = addr * 8;
+- unsigned vector_end = MIN(addr + size * 8, dev->msix_entries_nr);
++ unsigned vector_end = MIN((addr + size) * 8, dev->msix_entries_nr);
+ dev->msix_vector_poll_notifier(dev, vector_start, vector_end);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index e359265..b780c1f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,14 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-ide-avoid-potential-deadlock-when-draining-during-tr.patch
-extra/0003-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+extra/0003-tcg-Reset-free_temps-before-tcg_optimize.patch
+extra/0004-target-i386-Reset-TSCs-of-parked-vCPUs-too-on-VM-res.patch
+extra/0005-i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch
+extra/0006-net-Fix-announce_self.patch
+extra/0007-net-dump-Correctly-compute-Ethernet-packet-offset.patch
+extra/0008-pci-acpi-Windows-PCI-Label-Id-bug-workaround.patch
+extra/0009-hw-usb-hcd-xhci-pci-Use-modulo-to-select-MSI-vector-.patch
+extra/0010-pci-ensure-valid-link-status-bits-for-downstream-por.patch
+extra/0011-pci-msix-Fix-msix-pba-read-vector-poll-end-calculati.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-01-28 15:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-28 15:15 [pve-devel] [PATCH-SERIES qemu v2 0/2] " Fiona Ebner
2025-01-28 15:15 ` [pve-devel] [PATCH qemu v2 1/2] update submodule and patches to " Fiona Ebner
2025-01-28 15:15 ` Fiona Ebner [this message]
2025-02-04 9:01 ` [pve-devel] applied: [PATCH-SERIES qemu v2 0/2] " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250128151559.147227-3-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.