diff --git a/0481-57-intel-sig-backporting-kvm-x86-advertise-avx10-1-m.patch b/0481-57-intel-sig-backporting-kvm-x86-advertise-avx10-1-m.patch new file mode 100644 index 0000000000000000000000000000000000000000..a28a31745bc68ac416c911e31a836e802ce546ac --- /dev/null +++ b/0481-57-intel-sig-backporting-kvm-x86-advertise-avx10-1-m.patch @@ -0,0 +1,759 @@ +From 022833ba8357f22c3f72cfdddebc7f9c688b5a32 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 31 Oct 2024 16:52:26 +0800 +Subject: [PATCH 1/8] target/i386: cpu: set correct supported XCR0 features for + TCG + +commit 33098002a838a0450f243f5e17463aca700e923d upstream. + +Intel-SIG: commit 33098002a838 target/i386: cpu: set correct supported XCR0 features for TCG. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20241031085233.425388-2-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index efe8bf0948..ac608dcb75 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1133,7 +1133,9 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .needs_ecx = true, .ecx = 0, + .reg = R_EAX, + }, +- .tcg_features = ~0U, ++ .tcg_features = XSTATE_FP_MASK | XSTATE_SSE_MASK | ++ XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK | ++ XSTATE_PKRU_MASK, + .migratable_flags = XSTATE_FP_MASK | XSTATE_SSE_MASK | + XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK | + XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | XSTATE_Hi16_ZMM_MASK | +@@ -1146,7 +1148,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .needs_ecx = true, .ecx = 0, + .reg = R_EDX, + }, +- .tcg_features = ~0U, ++ .tcg_features = 0U, + }, + /*Below are MSR exposed features*/ + [FEAT_ARCH_CAPABILITIES] = { +-- +Gitee + + +From 29111cd733c0b4bdae75aa7f04ee34dd155451ab Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 31 Oct 2024 16:52:27 +0800 +Subject: [PATCH 2/8] target/i386: do not rely on ExtSaveArea for + accelerator-supported XCR0 bits + +commit b888c7807049cc044d10d70139cb945202fb7cd2 upstream. + +Right now, QEMU is using the "feature" and "bits" fields of ExtSaveArea +to query the accelerator for the support status of extended save areas. +This is a problem for AVX10, which attaches two feature bits (AVX512F +and AVX10) to the same extended save states. + +To keep the AVX10 hacks to the minimum, limit usage of esa->features +and esa->bits. Instead, just query the accelerator for the 0xD leaf. +Do it in common code and clear esa->size if an extended save state is +unsupported. + +Intel-SIG: commit b888c7807049 target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20241031085233.425388-3-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 33 +++++++++++++++++++++++++++++++-- + target/i386/kvm/kvm-cpu.c | 4 ---- + 2 files changed, 31 insertions(+), 6 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index ac608dcb75..cb805bcf16 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -7188,6 +7188,15 @@ static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env) + #endif + } + ++static bool cpuid_has_xsave_feature(CPUX86State *env, const ExtSaveArea *esa) ++{ ++ if (!esa->size) { ++ return false; ++ } ++ ++ return (env->features[esa->feature] & esa->bits); ++} ++ + static void x86_cpu_reset_hold(Object *obj) + { + CPUState *s = CPU(obj); +@@ -7296,7 +7305,7 @@ static void x86_cpu_reset_hold(Object *obj) + if (!((1 << i) & CPUID_XSTATE_XCR0_MASK)) { + continue; + } +- if (env->features[esa->feature] & esa->bits) { ++ if (cpuid_has_xsave_feature(env, esa)) { + xcr0 |= 1ull << i; + } + } +@@ -7434,7 +7443,7 @@ static void x86_cpu_enable_xsave_components(X86CPU *cpu) + mask = 0; + for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) { + const ExtSaveArea *esa = &x86_ext_save_areas[i]; +- if (env->features[esa->feature] & esa->bits) { ++ if (cpuid_has_xsave_feature(env, esa)) { + mask |= (1ULL << i); + } + } +@@ -8103,6 +8112,26 @@ static void x86_cpu_register_feature_bit_props(X86CPUClass *xcc, + + static void x86_cpu_post_initfn(Object *obj) + { ++ static bool first = true; ++ uint64_t supported_xcr0; ++ int i; ++ ++ if (first) { ++ first = false; ++ ++ supported_xcr0 = ++ ((uint64_t) x86_cpu_get_supported_feature_word(NULL, FEAT_XSAVE_XCR0_HI) << 32) | ++ x86_cpu_get_supported_feature_word(NULL, FEAT_XSAVE_XCR0_LO); ++ ++ for (i = XSTATE_SSE_BIT + 1; i < XSAVE_STATE_AREA_COUNT; i++) { ++ ExtSaveArea *esa = &x86_ext_save_areas[i]; ++ ++ if (!(supported_xcr0 & (1 << i))) { ++ esa->size = 0; ++ } ++ } ++ } ++ + accel_cpu_instance_init(CPU(obj)); + } + +diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c +index a3bc8d8f83..5df8a01313 100644 +--- a/target/i386/kvm/kvm-cpu.c ++++ b/target/i386/kvm/kvm-cpu.c +@@ -137,10 +137,6 @@ static void kvm_cpu_xsave_init(void) + if (!esa->size) { + continue; + } +- if ((x86_cpu_get_supported_feature_word(NULL, esa->feature) & esa->bits) +- != esa->bits) { +- continue; +- } + host_cpuid(0xd, i, &eax, &ebx, &ecx, &edx); + if (eax != 0) { + assert(esa->size == eax); +-- +Gitee + + +From 071f8dd6d5e62828c4c229eb69641d3cc357edbd Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 31 Oct 2024 16:52:28 +0800 +Subject: [PATCH 3/8] target/i386: return bool from x86_cpu_filter_features + +commit 3507c6f04606593711408a6d26141bdbceff9377 upstream. + +Prepare for filtering non-boolean features such as AVX10 version. + +Intel-SIG: commit 3507c6f04606 target/i386: return bool from x86_cpu_filter_features. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241031085233.425388-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index cb805bcf16..65f3e9ecf3 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -5944,7 +5944,7 @@ static void x86_cpu_parse_featurestr(const char *typename, char *features, + } + } + +-static void x86_cpu_filter_features(X86CPU *cpu, bool verbose); ++static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose); + + /* Build a list with the name of all features on a feature word array */ + static void x86_cpu_list_feature_names(FeatureWordArray features, +@@ -7642,9 +7642,9 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + * Finishes initialization of CPUID data, filters CPU feature + * words based on host availability of each feature. + * +- * Returns: 0 if all flags are supported by the host, non-zero otherwise. ++ * Returns: true if any flag is not supported by the host, false otherwise. + */ +-static void x86_cpu_filter_features(X86CPU *cpu, bool verbose) ++static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + { + CPUX86State *env = &cpu->env; + FeatureWord w; +@@ -7691,6 +7691,8 @@ static void x86_cpu_filter_features(X86CPU *cpu, bool verbose) + mark_unavailable_features(cpu, FEAT_7_0_EBX, CPUID_7_0_EBX_INTEL_PT, prefix); + } + } ++ ++ return x86_cpu_have_filtered_features(cpu); + } + + static void x86_cpu_hyperv_realize(X86CPU *cpu) +@@ -7789,14 +7791,14 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) + } + } + +- x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid); +- +- if (cpu->enforce_cpuid && x86_cpu_have_filtered_features(cpu)) { +- error_setg(&local_err, +- accel_uses_host_cpuid() ? ++ if (x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid)) { ++ if (cpu->enforce_cpuid) { ++ error_setg(&local_err, ++ accel_uses_host_cpuid() ? + "Host doesn't support requested features" : + "TCG doesn't support requested features"); +- goto out; ++ goto out; ++ } + } + + /* On AMD CPUs, some CPUID[8000_0001].EDX bits must match the bits on +-- +Gitee + + +From 537695a3e30d84206cebc3e0bb67fa810be4bb0c Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:29 +0800 +Subject: [PATCH 4/8] target/i386: add AVX10 feature and AVX10 version property + +commit bccfb846fd52d6f20704ecfa4d01b60b43c6f640 upstream. + +When AVX10 enable bit is set, the 0x24 leaf will be present as "AVX10 +Converged Vector ISA leaf" containing fields for the version number and +the supported vector bit lengths. + +Introduce avx10-version property so that avx10 version can be controlled +by user and cpu model. Per spec, avx10 version can never be 0, the default +value of avx10-version is set to 0 to determine whether it is specified by +user. The default can come from the device model or, for the max model, +from KVM's reported value. + +Intel-SIG: commit bccfb846fd52 target/i386: add AVX10 feature and AVX10 version property. +GNR AVX10.1 backporting + +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-3-tao1.su@linux.intel.com +Link: https://lore.kernel.org/r/20241028024512.156724-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +Tested-by: Xuelian Guo +Link: https://lore.kernel.org/r/20241031085233.425388-5-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 64 ++++++++++++++++++++++++++++++++++++++----- + target/i386/cpu.h | 4 +++ + target/i386/kvm/kvm.c | 3 +- + 3 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 65f3e9ecf3..cd51ccceba 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -48,6 +48,9 @@ + #include "cpu-internal.h" + + static void x86_cpu_realizefn(DeviceState *dev, Error **errp); ++static void x86_cpu_get_supported_cpuid(uint32_t func, uint32_t index, ++ uint32_t *eax, uint32_t *ebx, ++ uint32_t *ecx, uint32_t *edx); + + /* Helpers for building CPUID[2] descriptors: */ + +@@ -985,7 +988,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "avx-vnni-int8", "avx-ne-convert", NULL, NULL, + "amx-complex", NULL, NULL, NULL, + NULL, NULL, "prefetchiti", NULL, +- NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, "avx10", + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +@@ -1789,6 +1792,7 @@ typedef struct X86CPUDefinition { + int family; + int model; + int stepping; ++ uint8_t avx10_version; + FeatureWordArray features; + const char *model_id; + const CPUCaches *const cache_info; +@@ -6405,6 +6409,9 @@ static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel *model) + */ + object_property_set_str(OBJECT(cpu), "vendor", def->vendor, &error_abort); + ++ object_property_set_uint(OBJECT(cpu), "avx10-version", def->avx10_version, ++ &error_abort); ++ + x86_cpu_apply_version_props(cpu, model); + + /* +@@ -6959,6 +6966,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + } + break; + } ++ case 0x24: { ++ *eax = 0; ++ *ebx = 0; ++ *ecx = 0; ++ *edx = 0; ++ if ((env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) && count == 0) { ++ *ebx = env->features[FEAT_24_0_EBX] | env->avx10_version; ++ } ++ break; ++ } + case 0x40000000: + /* + * CPUID code in kvm_arch_init_vcpu() ignores stuff +@@ -7536,6 +7553,12 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + ~env->user_features[w] & + ~feature_word_info[w].no_autoenable_flags; + } ++ ++ if ((env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) && !env->avx10_version) { ++ uint32_t eax, ebx, ecx, edx; ++ x86_cpu_get_supported_cpuid(0x24, 0, &eax, &ebx, &ecx, &edx); ++ env->avx10_version = ebx & 0xff; ++ } + } + + for (i = 0; i < ARRAY_SIZE(feature_dependencies); i++) { +@@ -7599,6 +7622,11 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F); + } + ++ /* Advanced Vector Extensions 10 (AVX10) requires CPUID[0x24] */ ++ if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) { ++ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x24); ++ } ++ + /* SVM requires CPUID[0x8000000A] */ + if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) { + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A); +@@ -7649,6 +7677,10 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + CPUX86State *env = &cpu->env; + FeatureWord w; + const char *prefix = NULL; ++ bool have_filtered_features; ++ ++ uint32_t eax_0, ebx_0, ecx_0, edx_0; ++ uint32_t eax_1, ebx_1, ecx_1, edx_1; + + if (verbose) { + prefix = accel_uses_host_cpuid() +@@ -7665,13 +7697,10 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + } + + if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) { +- uint32_t eax_0, ebx_0, ecx_0, edx_0_unused; +- uint32_t eax_1, ebx_1, ecx_1_unused, edx_1_unused; +- + x86_cpu_get_supported_cpuid(0x14, 0, +- &eax_0, &ebx_0, &ecx_0, &edx_0_unused); ++ &eax_0, &ebx_0, &ecx_0, &edx_0); + x86_cpu_get_supported_cpuid(0x14, 1, +- &eax_1, &ebx_1, &ecx_1_unused, &edx_1_unused); ++ &eax_1, &ebx_1, &ecx_1, &edx_1); + + if (!eax_0 || + ((ebx_0 & INTEL_PT_MINIMAL_EBX) != INTEL_PT_MINIMAL_EBX) || +@@ -7692,7 +7721,27 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + } + } + +- return x86_cpu_have_filtered_features(cpu); ++ have_filtered_features = x86_cpu_have_filtered_features(cpu); ++ ++ if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) { ++ x86_cpu_get_supported_cpuid(0x24, 0, ++ &eax_0, &ebx_0, &ecx_0, &edx_0); ++ uint8_t version = ebx_0 & 0xff; ++ ++ if (version < env->avx10_version) { ++ if (prefix) { ++ warn_report("%s: avx10.%d. Adjust to avx10.%d", ++ prefix, env->avx10_version, version); ++ } ++ env->avx10_version = version; ++ have_filtered_features = true; ++ } ++ } else if (env->avx10_version && prefix) { ++ warn_report("%s: avx10.%d.", prefix, env->avx10_version); ++ have_filtered_features = true; ++ } ++ ++ return have_filtered_features; + } + + static void x86_cpu_hyperv_realize(X86CPU *cpu) +@@ -8428,6 +8477,7 @@ static Property x86_cpu_properties[] = { + DEFINE_PROP_UINT32("min-level", X86CPU, env.cpuid_min_level, 0), + DEFINE_PROP_UINT32("min-xlevel", X86CPU, env.cpuid_min_xlevel, 0), + DEFINE_PROP_UINT32("min-xlevel2", X86CPU, env.cpuid_min_xlevel2, 0), ++ DEFINE_PROP_UINT8("avx10-version", X86CPU, env.avx10_version, 0), + DEFINE_PROP_UINT64("ucode-rev", X86CPU, ucode_rev, 0), + DEFINE_PROP_BOOL("full-cpuid-auto-level", X86CPU, full_cpuid_auto_level, true), + DEFINE_PROP_STRING("hv-vendor-id", X86CPU, hyperv_vendor), +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 9b37b6a8c4..33756f1bcb 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -976,6 +976,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + #define CPUID_7_1_EDX_AVX_VNNI_INT16 (1U << 10) + /* PREFETCHIT0/1 Instructions */ + #define CPUID_7_1_EDX_PREFETCHITI (1U << 14) ++/* Support for Advanced Vector Extensions 10 */ ++#define CPUID_7_1_EDX_AVX10 (1U << 19) + + /* Indicate bit 7 of the IA32_SPEC_CTRL MSR is supported */ + #define CPUID_7_2_EDX_PSFD (1U << 0) +@@ -1876,6 +1878,8 @@ typedef struct CPUArchState { + uint32_t cpuid_vendor3; + uint32_t cpuid_version; + FeatureWordArray features; ++ /* AVX10 version */ ++ uint8_t avx10_version; + /* Features that were explicitly enabled/disabled */ + FeatureWordArray user_features; + uint32_t cpuid_model[12]; +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 59b0041427..3e2d4aaa26 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -1796,7 +1796,8 @@ static uint32_t kvm_x86_build_cpuid(CPUX86State *env, + case 0x7: + case 0x14: + case 0x1d: +- case 0x1e: { ++ case 0x1e: ++ case 0x24: { + uint32_t times; + + c->function = i; +-- +Gitee + + +From 1261488c5aff2a81907c696e1c155e4a4008878e Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:30 +0800 +Subject: [PATCH 5/8] target/i386: add CPUID.24 features for AVX10 + +commit 2d055b8fe11ee567c2ae8047311fd83697e494b6 upstream. + +Introduce features for the supported vector bit lengths. + +Intel-SIG: commit 2d055b8fe11e target/i386: add CPUID.24 features for AVX10. +GNR AVX10.1 backporting + +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-3-tao1.su@linux.intel.com +Link: https://lore.kernel.org/r/20241028024512.156724-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Tested-by: Xuelian Guo +Link: https://lore.kernel.org/r/20241031085233.425388-6-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 15 +++++++++++++++ + target/i386/cpu.h | 8 ++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index cd51ccceba..bef265e1bf 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -754,6 +754,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1, + #define TCG_SGX_12_0_EAX_FEATURES 0 + #define TCG_SGX_12_0_EBX_FEATURES 0 + #define TCG_SGX_12_1_EAX_FEATURES 0 ++#define TCG_24_0_EBX_FEATURES 0 + + #if defined CONFIG_USER_ONLY + #define CPUID_8000_0008_EBX_KERNEL_FEATURES (CPUID_8000_0008_EBX_IBPB | \ +@@ -1019,6 +1020,20 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + }, + .tcg_features = TCG_7_2_EDX_FEATURES, + }, ++ [FEAT_24_0_EBX] = { ++ .type = CPUID_FEATURE_WORD, ++ .feat_names = { ++ [16] = "avx10-128", ++ [17] = "avx10-256", ++ [18] = "avx10-512", ++ }, ++ .cpuid = { ++ .eax = 0x24, ++ .needs_ecx = true, .ecx = 0, ++ .reg = R_EBX, ++ }, ++ .tcg_features = TCG_24_0_EBX_FEATURES, ++ }, + [FEAT_8000_0007_EDX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 33756f1bcb..3f4f833494 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -650,6 +650,7 @@ typedef enum FeatureWord { + FEAT_XSAVE_XSS_HI, /* CPUID[EAX=0xd,ECX=1].EDX */ + FEAT_7_1_EDX, /* CPUID[EAX=7,ECX=1].EDX */ + FEAT_7_2_EDX, /* CPUID[EAX=7,ECX=2].EDX */ ++ FEAT_24_0_EBX, /* CPUID[EAX=0x24,ECX=0].EBX */ + FEATURE_WORDS, + } FeatureWord; + +@@ -998,6 +999,13 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + /* Packets which contain IP payload have LIP values */ + #define CPUID_14_0_ECX_LIP (1U << 31) + ++/* AVX10 128-bit vector support is present */ ++#define CPUID_24_0_EBX_AVX10_128 (1U << 16) ++/* AVX10 256-bit vector support is present */ ++#define CPUID_24_0_EBX_AVX10_256 (1U << 17) ++/* AVX10 512-bit vector support is present */ ++#define CPUID_24_0_EBX_AVX10_512 (1U << 18) ++ + /* CLZERO instruction */ + #define CPUID_8000_0008_EBX_CLZERO (1U << 0) + /* Always save/restore FP error pointers */ +-- +Gitee + + +From 6fcb566d906d796ff5360305939ac50ac76fde26 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:31 +0800 +Subject: [PATCH 6/8] target/i386: Add feature dependencies for AVX10 + +commit 150ab84b2d0083e6af344cca70290614d4fe568d upstream. + +Since the highest supported vector length for a processor implies that +all lesser vector lengths are also supported, add the dependencies of +the supported vector lengths. If all vector lengths aren't supported, +clear AVX10 enable bit as well. + +Note that the order of AVX10 related dependencies should be kept as: + CPUID_24_0_EBX_AVX10_128 -> CPUID_24_0_EBX_AVX10_256, + CPUID_24_0_EBX_AVX10_256 -> CPUID_24_0_EBX_AVX10_512, + CPUID_24_0_EBX_AVX10_VL_MASK -> CPUID_7_1_EDX_AVX10, + CPUID_7_1_EDX_AVX10 -> CPUID_24_0_EBX, +so that prevent user from setting weird CPUID combinations, e.g. 256-bits +and 512-bits are supported but 128-bits is not, no vector lengths are +supported but AVX10 enable bit is still set. + +Since AVX10_128 will be reserved as 1, adding these dependencies has the +bonus that when user sets -cpu host,-avx10-128, CPUID_7_1_EDX_AVX10 and +CPUID_24_0_EBX will be disabled automatically. + +Intel-SIG: commit 150ab84b2d00 target/i386: Add feature dependencies for AVX10. +GNR AVX10.1 backporting + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-5-tao1.su@linux.intel.com +Reviewed-by: Zhao Liu +Signed-off-by: Paolo Bonzini +Link: https://lore.kernel.org/r/20241031085233.425388-7-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 16 ++++++++++++++++ + target/i386/cpu.h | 4 ++++ + 2 files changed, 20 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index bef265e1bf..cc4bf40605 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1586,6 +1586,22 @@ static FeatureDep feature_dependencies[] = { + .from = { FEAT_7_1_EAX, CPUID_7_1_EAX_WRMSRNS }, + .to = { FEAT_7_1_EAX, CPUID_7_1_EAX_FRED }, + }, ++ { ++ .from = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_128 }, ++ .to = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_256 }, ++ }, ++ { ++ .from = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_256 }, ++ .to = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_512 }, ++ }, ++ { ++ .from = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_VL_MASK }, ++ .to = { FEAT_7_1_EDX, CPUID_7_1_EDX_AVX10 }, ++ }, ++ { ++ .from = { FEAT_7_1_EDX, CPUID_7_1_EDX_AVX10 }, ++ .to = { FEAT_24_0_EBX, ~0ull }, ++ }, + }; + + typedef struct X86RegisterInfo32 { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 3f4f833494..e4e0e1abd9 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1005,6 +1005,10 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + #define CPUID_24_0_EBX_AVX10_256 (1U << 17) + /* AVX10 512-bit vector support is present */ + #define CPUID_24_0_EBX_AVX10_512 (1U << 18) ++/* AVX10 vector length support mask */ ++#define CPUID_24_0_EBX_AVX10_VL_MASK (CPUID_24_0_EBX_AVX10_128 | \ ++ CPUID_24_0_EBX_AVX10_256 | \ ++ CPUID_24_0_EBX_AVX10_512) + + /* CLZERO instruction */ + #define CPUID_8000_0008_EBX_CLZERO (1U << 0) +-- +Gitee + + +From 93936f0d00f69d9ba2b11199b2be4240bf67aae1 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:32 +0800 +Subject: [PATCH 7/8] target/i386: Add AVX512 state when AVX10 is supported + +commit 0d7475be3b402c25d74c5a4573cbeb733c8f3559 upstream. + +AVX10 state enumeration in CPUID leaf D and enabling in XCR0 register +are identical to AVX512 state regardless of the supported vector lengths. + +Given that some E-cores will support AVX10 but not support AVX512, add +AVX512 state components to guest when AVX10 is enabled. + +Based on a patch by Tao Su + +Intel-SIG: commit 0d7475be3b40 target/i386: Add AVX512 state when AVX10 is supported. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241031085233.425388-8-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index cc4bf40605..ac71abe051 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -7242,7 +7242,15 @@ static bool cpuid_has_xsave_feature(CPUX86State *env, const ExtSaveArea *esa) + return false; + } + +- return (env->features[esa->feature] & esa->bits); ++ if (env->features[esa->feature] & esa->bits) { ++ return true; ++ } ++ if (esa->feature == FEAT_7_0_EBX && esa->bits == CPUID_7_0_EBX_AVX512F ++ && (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10)) { ++ return true; ++ } ++ ++ return false; + } + + static void x86_cpu_reset_hold(Object *obj) +-- +Gitee + + +From 7c82e2ff003ec5494a02eb3891446c264ba256c5 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:33 +0800 +Subject: [PATCH 8/8] target/i386: Introduce GraniteRapids-v2 model + +commit 1a519388a882fbb352e49cbebb0ed8f62d05842d upstream. + +Update GraniteRapids CPU model to add AVX10 and the missing features(ss, +tsc-adjust, cldemote, movdiri, movdir64b). + +Intel-SIG: commit 1a519388a882 target/i386: Introduce GraniteRapids-v2 model. +GNR AVX10.1 backporting + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-7-tao1.su@linux.intel.com +Reviewed-by: Zhao Liu +Signed-off-by: Paolo Bonzini +Link: https://lore.kernel.org/r/20241031085233.425388-9-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index ac71abe051..fd6ff026a6 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -4226,6 +4226,23 @@ static const X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Xeon Processor (GraniteRapids)", + .versions = (X86CPUVersionDefinition[]) { + { .version = 1 }, ++ { ++ .version = 2, ++ .props = (PropValue[]) { ++ { "ss", "on" }, ++ { "tsc-adjust", "on" }, ++ { "cldemote", "on" }, ++ { "movdiri", "on" }, ++ { "movdir64b", "on" }, ++ { "avx10", "on" }, ++ { "avx10-128", "on" }, ++ { "avx10-256", "on" }, ++ { "avx10-512", "on" }, ++ { "avx10-version", "1" }, ++ { "stepping", "1" }, ++ { /* end of list */ } ++ } ++ }, + { /* end of list */ }, + }, + }, +-- +Gitee + diff --git a/0482-hw-nvme-use-pcie-sriov-num-vfs.patch b/0482-hw-nvme-use-pcie-sriov-num-vfs.patch new file mode 100644 index 0000000000000000000000000000000000000000..f9ddb7e47b285bbec75bb9e8c6fe4bedd1780369 --- /dev/null +++ b/0482-hw-nvme-use-pcie-sriov-num-vfs.patch @@ -0,0 +1,88 @@ +From aad15893cb1ef4982b8439ee9534457e015f19e5 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Wed, 28 Feb 2024 20:33:12 +0900 +Subject: [PATCH] hw/nvme: Use pcie_sriov_num_vfs() + +commit 91bb64a8d2014fda33a81fcf0fce37340f0d3b0c upstream. + +nvme_sriov_pre_write_ctrl() used to directly inspect SR-IOV +configurations to know the number of VFs being disabled due to SR-IOV +configuration writes, but the logic was flawed and resulted in +out-of-bound memory access. + +It assumed PCI_SRIOV_NUM_VF always has the number of currently enabled +VFs, but it actually doesn't in the following cases: +- PCI_SRIOV_NUM_VF has been set but PCI_SRIOV_CTRL_VFE has never been. +- PCI_SRIOV_NUM_VF was written after PCI_SRIOV_CTRL_VFE was set. +- VFs were only partially enabled because of realization failure. + +It is a responsibility of pcie_sriov to interpret SR-IOV configurations +and pcie_sriov does it correctly, so use pcie_sriov_num_vfs(), which it +provides, to get the number of enabled VFs before and after SR-IOV +configuration writes. + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2024-26328 +Fixes: 11871f53ef8e ("hw/nvme: Add support for the Virtualization Management command") +Suggested-by: Michael S. Tsirkin +Signed-off-by: Akihiko Odaki +Message-Id: <20240228-reuse-v8-1-282660281e60@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bin Guo +--- + hw/nvme/ctrl.c | 26 ++++++++------------------ + 1 file changed, 8 insertions(+), 18 deletions(-) + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 76fe039704..2860a9bed1 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -8466,36 +8466,26 @@ static void nvme_pci_reset(DeviceState *qdev) + nvme_ctrl_reset(n, NVME_RESET_FUNCTION); + } + +-static void nvme_sriov_pre_write_ctrl(PCIDevice *dev, uint32_t address, +- uint32_t val, int len) ++static void nvme_sriov_post_write_config(PCIDevice *dev, uint16_t old_num_vfs) + { + NvmeCtrl *n = NVME(dev); + NvmeSecCtrlEntry *sctrl; +- uint16_t sriov_cap = dev->exp.sriov_cap; +- uint32_t off = address - sriov_cap; +- int i, num_vfs; ++ int i; + +- if (!sriov_cap) { +- return; +- } +- +- if (range_covers_byte(off, len, PCI_SRIOV_CTRL)) { +- if (!(val & PCI_SRIOV_CTRL_VFE)) { +- num_vfs = pci_get_word(dev->config + sriov_cap + PCI_SRIOV_NUM_VF); +- for (i = 0; i < num_vfs; i++) { +- sctrl = &n->sec_ctrl_list.sec[i]; +- nvme_virt_set_state(n, le16_to_cpu(sctrl->scid), false); +- } +- } ++ for (i = pcie_sriov_num_vfs(dev); i < old_num_vfs; i++) { ++ sctrl = &n->sec_ctrl_list.sec[i]; ++ nvme_virt_set_state(n, le16_to_cpu(sctrl->scid), false); + } + } + + static void nvme_pci_write_config(PCIDevice *dev, uint32_t address, + uint32_t val, int len) + { +- nvme_sriov_pre_write_ctrl(dev, address, val, len); ++ uint16_t old_num_vfs = pcie_sriov_num_vfs(dev); ++ + pci_default_write_config(dev, address, val, len); + pcie_cap_flr_write_config(dev, address, val, len); ++ nvme_sriov_post_write_config(dev, old_num_vfs); + } + + static const VMStateDescription nvme_vmstate = { +-- +2.39.3 + diff --git a/0483-pcie-sriov-validate-numvfs.patch b/0483-pcie-sriov-validate-numvfs.patch new file mode 100644 index 0000000000000000000000000000000000000000..3ef2e95077b62ff99dec15fad3ccfebd0b3898e6 --- /dev/null +++ b/0483-pcie-sriov-validate-numvfs.patch @@ -0,0 +1,40 @@ +From 07d415b526862256e31888d9c0d3d5871eec39f1 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Wed, 28 Feb 2024 20:33:13 +0900 +Subject: [PATCH] pcie_sriov: Validate NumVFs + +commit 6081b4243cd64dff1b2cf5b0c215c71e9d7e753b upstream. + +The guest may write NumVFs greater than TotalVFs and that can lead +to buffer overflow in VF implementations. + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2024-26327 +Fixes: 7c0fa8dff811 ("pcie: Add support for Single Root I/O Virtualization (SR/IOV)") +Signed-off-by: Akihiko Odaki +Message-Id: <20240228-reuse-v8-2-282660281e60@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Sriram Yagnaraman +Signed-off-by: Bin Guo +--- + hw/pci/pcie_sriov.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c +index a1fe65f5d8..da209b7f47 100644 +--- a/hw/pci/pcie_sriov.c ++++ b/hw/pci/pcie_sriov.c +@@ -176,6 +176,9 @@ static void register_vfs(PCIDevice *dev) + + assert(sriov_cap > 0); + num_vfs = pci_get_word(dev->config + sriov_cap + PCI_SRIOV_NUM_VF); ++ if (num_vfs > pci_get_word(dev->config + sriov_cap + PCI_SRIOV_TOTAL_VF)) { ++ return; ++ } + + dev->exp.sriov_pf.vf = g_new(PCIDevice *, num_vfs); + +-- +2.39.3 + diff --git a/0484-pcie-sriov-reset-sr-iov-extended-capability.patch b/0484-pcie-sriov-reset-sr-iov-extended-capability.patch new file mode 100644 index 0000000000000000000000000000000000000000..801d2d575a997c67389c9de5843680fc197b3eca --- /dev/null +++ b/0484-pcie-sriov-reset-sr-iov-extended-capability.patch @@ -0,0 +1,111 @@ +From dad42928d23079d634b55afc5b3105ecdc49ba05 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Wed, 28 Feb 2024 20:33:14 +0900 +Subject: [PATCH] pcie_sriov: Reset SR-IOV extended capability + +commit c8bc4db403e17663b69d811e69f88c9dfc6f7be2 upstream. + +pcie_sriov_pf_disable_vfs() is called when resetting the PF, but it only +disables VFs and does not reset SR-IOV extended capability, leaking the +state and making the VF Enable register inconsistent with the actual +state. + +Replace pcie_sriov_pf_disable_vfs() with pcie_sriov_pf_reset(), which +does not only disable VFs but also resets the capability. + +Signed-off-by: Akihiko Odaki +Message-Id: <20240228-reuse-v8-3-282660281e60@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Sriram Yagnaraman +Signed-off-by: Bin Guo +--- + hw/net/igb.c | 2 +- + hw/nvme/ctrl.c | 2 +- + hw/pci/pcie_sriov.c | 26 ++++++++++++++++++-------- + include/hw/pci/pcie_sriov.h | 4 ++-- + 4 files changed, 22 insertions(+), 12 deletions(-) + +diff --git a/hw/net/igb.c b/hw/net/igb.c +index 8089acfea4..18a22d2dd9 100644 +--- a/hw/net/igb.c ++++ b/hw/net/igb.c +@@ -493,7 +493,7 @@ static void igb_qdev_reset_hold(Object *obj) + + trace_e1000e_cb_qdev_reset_hold(); + +- pcie_sriov_pf_disable_vfs(d); ++ pcie_sriov_pf_reset(d); + igb_core_reset(&s->core); + } + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 2860a9bed1..447c4de6fd 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -7116,7 +7116,7 @@ static void nvme_ctrl_reset(NvmeCtrl *n, NvmeResetType rst) + } + + if (rst != NVME_RESET_CONTROLLER) { +- pcie_sriov_pf_disable_vfs(pci_dev); ++ pcie_sriov_pf_reset(pci_dev); + } + } + +diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c +index da209b7f47..51b66d1bb3 100644 +--- a/hw/pci/pcie_sriov.c ++++ b/hw/pci/pcie_sriov.c +@@ -249,16 +249,26 @@ void pcie_sriov_config_write(PCIDevice *dev, uint32_t address, + } + + +-/* Reset SR/IOV VF Enable bit to trigger an unregister of all VFs */ +-void pcie_sriov_pf_disable_vfs(PCIDevice *dev) ++/* Reset SR/IOV */ ++void pcie_sriov_pf_reset(PCIDevice *dev) + { + uint16_t sriov_cap = dev->exp.sriov_cap; +- if (sriov_cap) { +- uint32_t val = pci_get_byte(dev->config + sriov_cap + PCI_SRIOV_CTRL); +- if (val & PCI_SRIOV_CTRL_VFE) { +- val &= ~PCI_SRIOV_CTRL_VFE; +- pcie_sriov_config_write(dev, sriov_cap + PCI_SRIOV_CTRL, val, 1); +- } ++ if (!sriov_cap) { ++ return; ++ } ++ ++ pci_set_word(dev->config + sriov_cap + PCI_SRIOV_CTRL, 0); ++ unregister_vfs(dev); ++ ++ /* ++ * Default is to use 4K pages, software can modify it ++ * to any of the supported bits ++ */ ++ pci_set_word(dev->config + sriov_cap + PCI_SRIOV_SYS_PGSIZE, 0x1); ++ ++ for (uint16_t i = 0; i < PCI_NUM_REGIONS; i++) { ++ pci_set_quad(dev->config + sriov_cap + PCI_SRIOV_BAR + i * 4, ++ dev->exp.sriov_pf.vf_bar_type[i]); + } + } + +diff --git a/include/hw/pci/pcie_sriov.h b/include/hw/pci/pcie_sriov.h +index 095fb0c9ed..b77eb7bf58 100644 +--- a/include/hw/pci/pcie_sriov.h ++++ b/include/hw/pci/pcie_sriov.h +@@ -58,8 +58,8 @@ void pcie_sriov_pf_add_sup_pgsize(PCIDevice *dev, uint16_t opt_sup_pgsize); + void pcie_sriov_config_write(PCIDevice *dev, uint32_t address, + uint32_t val, int len); + +-/* Reset SR/IOV VF Enable bit to unregister all VFs */ +-void pcie_sriov_pf_disable_vfs(PCIDevice *dev); ++/* Reset SR/IOV */ ++void pcie_sriov_pf_reset(PCIDevice *dev); + + /* Get logical VF number of a VF - only valid for VFs */ + uint16_t pcie_sriov_vf_number(PCIDevice *dev); +-- +2.39.3 + diff --git a/0485-pcie-sriov-do-not-reset-numvfs-after-disabling-vfs.patch b/0485-pcie-sriov-do-not-reset-numvfs-after-disabling-vfs.patch new file mode 100644 index 0000000000000000000000000000000000000000..2cd460fde1df6c1fc79704ca125461e2d9d518fb --- /dev/null +++ b/0485-pcie-sriov-do-not-reset-numvfs-after-disabling-vfs.patch @@ -0,0 +1,46 @@ +From 291419101c5231899ed68117be5aed16e5666e61 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Wed, 28 Feb 2024 20:33:15 +0900 +Subject: [PATCH] pcie_sriov: Do not reset NumVFs after disabling VFs + +commit 63eb76dda237843582f3616f4403ae795e471e17 upstream. + +The spec does not NumVFs is reset after disabling VFs except when +resetting the PF. Clearing it is guest visible and out of spec, even +though Linux doesn't rely on this value being preserved, so we never +noticed. + +Fixes: 7c0fa8dff811 ("pcie: Add support for Single Root I/O Virtualization (SR/IOV)") +Signed-off-by: Akihiko Odaki +Message-Id: <20240228-reuse-v8-4-282660281e60@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bin Guo +--- + hw/pci/pcie_sriov.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c +index 51b66d1bb3..e9b23221d7 100644 +--- a/hw/pci/pcie_sriov.c ++++ b/hw/pci/pcie_sriov.c +@@ -215,7 +215,6 @@ static void unregister_vfs(PCIDevice *dev) + g_free(dev->exp.sriov_pf.vf); + dev->exp.sriov_pf.vf = NULL; + dev->exp.sriov_pf.num_vfs = 0; +- pci_set_word(dev->config + dev->exp.sriov_cap + PCI_SRIOV_NUM_VF, 0); + } + + void pcie_sriov_config_write(PCIDevice *dev, uint32_t address, +@@ -260,6 +259,8 @@ void pcie_sriov_pf_reset(PCIDevice *dev) + pci_set_word(dev->config + sriov_cap + PCI_SRIOV_CTRL, 0); + unregister_vfs(dev); + ++ pci_set_word(dev->config + sriov_cap + PCI_SRIOV_NUM_VF, 0); ++ + /* + * Default is to use 4K pages, software can modify it + * to any of the supported bits +-- +2.39.3 + diff --git a/0486-hw-pci-always-call-pcie-sriov-pf-reset.patch b/0486-hw-pci-always-call-pcie-sriov-pf-reset.patch new file mode 100644 index 0000000000000000000000000000000000000000..930965e9784b872eb563268b2ae9e5fef9b75856 --- /dev/null +++ b/0486-hw-pci-always-call-pcie-sriov-pf-reset.patch @@ -0,0 +1,70 @@ +From a1a82ba4b16da05ddf591da3e38e130c16370aa0 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Wed, 28 Feb 2024 20:33:16 +0900 +Subject: [PATCH] hw/pci: Always call pcie_sriov_pf_reset() + +commit 1a909e3dd85d5c57a0e6a7e3285a29e57574f80d upstream. + +Call pcie_sriov_pf_reset() from pci_do_device_reset() just as we do +for msi_reset() and msix_reset() to prevent duplicating code for each +SR-IOV PF. + +Signed-off-by: Akihiko Odaki +Message-Id: <20240228-reuse-v8-5-282660281e60@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Sriram Yagnaraman +Signed-off-by: Bin Guo +--- + hw/net/igb.c | 2 -- + hw/nvme/ctrl.c | 4 ---- + hw/pci/pci.c | 1 + + 3 files changed, 1 insertion(+), 6 deletions(-) + +diff --git a/hw/net/igb.c b/hw/net/igb.c +index 18a22d2dd9..a6ad046084 100644 +--- a/hw/net/igb.c ++++ b/hw/net/igb.c +@@ -488,12 +488,10 @@ static void igb_pci_uninit(PCIDevice *pci_dev) + + static void igb_qdev_reset_hold(Object *obj) + { +- PCIDevice *d = PCI_DEVICE(obj); + IGBState *s = IGB(obj); + + trace_e1000e_cb_qdev_reset_hold(); + +- pcie_sriov_pf_reset(d); + igb_core_reset(&s->core); + } + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 447c4de6fd..40159f39b8 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -7114,10 +7114,6 @@ static void nvme_ctrl_reset(NvmeCtrl *n, NvmeResetType rst) + sctrl = &n->sec_ctrl_list.sec[i]; + nvme_virt_set_state(n, le16_to_cpu(sctrl->scid), false); + } +- +- if (rst != NVME_RESET_CONTROLLER) { +- pcie_sriov_pf_reset(pci_dev); +- } + } + + if (rst != NVME_RESET_CONTROLLER) { +diff --git a/hw/pci/pci.c b/hw/pci/pci.c +index c49417abb2..b6314b6a1e 100644 +--- a/hw/pci/pci.c ++++ b/hw/pci/pci.c +@@ -407,6 +407,7 @@ static void pci_do_device_reset(PCIDevice *dev) + + msi_reset(dev); + msix_reset(dev); ++ pcie_sriov_pf_reset(dev); + } + + /* +-- +2.39.3 + diff --git a/qemu.spec b/qemu.spec index a0f688874b4a80e6b3b1ad4c60cf7324221e6280..c320ffe86cd7e8a1b67537dd94135c3490bd79f6 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,4 +1,4 @@ -%define anolis_release 32 +%define anolis_release 33 %bcond_with check %global all_system_emu_support 0 @@ -766,6 +766,12 @@ Patch0477: 0477-meson-always-probe-u2f-and-canokey-if-the-option-is-.patch Patch0478: 0478-hw-net-net-tx-pkt-fix-overrun-in-update-sctp-checksu.patch Patch0479: 0479-util-iov-do-not-assert-offset-is-in-iov.patch Patch0480: 0480-revert-hw-net-net-tx-pkt-fix-overrun-in-update-sctp-.patch +Patch0481: 0481-57-intel-sig-backporting-kvm-x86-advertise-avx10-1-m.patch +Patch0482: 0482-hw-nvme-use-pcie-sriov-num-vfs.patch +Patch0483: 0483-pcie-sriov-validate-numvfs.patch +Patch0484: 0484-pcie-sriov-reset-sr-iov-extended-capability.patch +Patch0485: 0485-pcie-sriov-do-not-reset-numvfs-after-disabling-vfs.patch +Patch0486: 0486-hw-pci-always-call-pcie-sriov-pf-reset.patch ExclusiveArch: x86_64 aarch64 loongarch64 riscv64 @@ -2330,19 +2336,20 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Wed Aug 27 2025 wh02252983 - 2:8.2.0-33 +- Backporting: KVM: x86: Advertise AVX10.1 +- add patch to fix CVE-2024-26327 and CVE-2024-26328 + * Fri Aug 15 2025 wh02252983 - 2:8.2.0-32 -- meson: move subdirs to "Collect sources" section -- meson: always probe u2f and canokey if the option is enabled -- hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() -- util/iov: Do not assert offset is in iov -- Revert "hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()" +- update-linux-headers.sh related patches +- fetch patches about configure and meson from upstream +- add patch to fix CVE-2024-3567 * Tue Jul 15 2025 wh02252983 - 2:8.2.0-31 -- virtio-net: Ensure queue index fits with RSS -- hw/virtio: Introduce virtio_bh_new_guarded() helper -- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs -- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs -- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs +- Backport multifd live migration acceleration using HW accelerators +- add patch to fix CVE-2024-7409 +- add rtc acpi table +- add patch to fix CVE-2024-3446 * Sat Jun 14 2025 Chang Gao - 2:8.2.0-30 - add patch to fix riscv build failure