diff -Nru qemu-2.11+dfsg/debian/changelog qemu-2.11+dfsg/debian/changelog --- qemu-2.11+dfsg/debian/changelog 2022-12-08 09:08:49.000000000 +0000 +++ qemu-2.11+dfsg/debian/changelog 2023-03-02 21:26:12.000000000 +0000 @@ -1,3 +1,15 @@ +qemu (1:2.11+dfsg-1ubuntu7.42) bionic; urgency=medium + + [ Brett Milford ] + * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt + error 'migration was active, but no RAM info was set' (LP: #1994002) + + [ Mauricio Faria de Oliveira ] + * d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint + to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048) + + -- Mauricio Faria de Oliveira Thu, 02 Mar 2023 18:26:12 -0300 + qemu (1:2.11+dfsg-1ubuntu7.41) bionic-security; urgency=medium * SECURITY UPDATE: DMA reentrancy issue diff -Nru qemu-2.11+dfsg/debian/patches/series qemu-2.11+dfsg/debian/patches/series --- qemu-2.11+dfsg/debian/patches/series 2022-12-07 13:39:50.000000000 +0000 +++ qemu-2.11+dfsg/debian/patches/series 2023-03-02 21:26:12.000000000 +0000 @@ -244,3 +244,5 @@ CVE-2021-3750.patch CVE-2022-0216-1.patch CVE-2022-0216-2.patch +ubuntu/lp1994002-migration-Read-state-once.patch +ubuntu/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch diff -Nru qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch --- qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-2.11+dfsg/debian/patches/ubuntu/lp1994002-migration-Read-state-once.patch 2023-03-02 21:26:12.000000000 +0000 @@ -0,0 +1,59 @@ +Origin: backport, https://gitlab.com/qemu-project/qemu/-/commit/552de79bfdd5e9e53847eb3c6d6e4cd898a4370e +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1994002 +From 552de79bfdd5e9e53847eb3c6d6e4cd898a4370e Mon Sep 17 00:00:00 2001 +From: "Dr. David Alan Gilbert" +Date: Wed, 13 Apr 2022 12:33:29 +0100 +Subject: [PATCH] migration: Read state once + +The 'status' field for the migration is updated normally using +an atomic operation from the migration thread. +Most readers of it aren't that careful, and in most cases it doesn't +matter. + +In query_migrate->fill_source_migration_info the 'state' +is read twice; the first time to decide which state fields to fill in, +and then secondly to copy the state to the status field; that can end up +with a status that's inconsistent; e.g. setting up the fields +for 'setup' and then having an 'active' status. In that case +libvirt gets upset by the lack of ram info. +The symptom is: + libvirt.libvirtError: internal error: migration was active, but no RAM info was set + +Read the state exactly once in fill_source_migration_info. + +This is a possible fix for: +https://bugzilla.redhat.com/show_bug.cgi?id=2074205 + +Signed-off-by: Dr. David Alan Gilbert +Message-Id: <20220413113329.103696-1-dgilbert@redhat.com> +Reviewed-by: Juan Quintela +Reviewed-by: Peter Xu +Signed-off-by: Dr. David Alan Gilbert +[mfo: backport: different function: qmp_query_migrate() and + refresh context lines.] +--- + migration/migration.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/migration/migration.c ++++ b/migration/migration.c +@@ -595,8 +595,9 @@ MigrationInfo *qmp_query_migrate(Error * + { + MigrationInfo *info = g_malloc0(sizeof(*info)); + MigrationState *s = migrate_get_current(); ++ int state = atomic_read(&s->state); + +- switch (s->state) { ++ switch (state) { + case MIGRATION_STATUS_NONE: + /* no migration has happened ever */ + break; +@@ -648,7 +649,7 @@ MigrationInfo *qmp_query_migrate(Error * + info->has_status = true; + break; + } +- info->status = s->state; ++ info->status = state; + + return info; + } diff -Nru qemu-2.11+dfsg/debian/patches/ubuntu/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch qemu-2.11+dfsg/debian/patches/ubuntu/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch --- qemu-2.11+dfsg/debian/patches/ubuntu/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-2.11+dfsg/debian/patches/ubuntu/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch 2023-03-02 21:26:12.000000000 +0000 @@ -0,0 +1,57 @@ +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2009048 +Description: Add hint to VFIO_MAP_DMA/EINVAL on AMD IOMMU for VMs with ~1TB+ RAM +Author: Mauricio Faria de Oliveira +Forwarded: not-needed +Last-Update: 2023-03-02 + +Index: qemu/hw/vfio/common.c +=================================================================== +--- qemu.orig/hw/vfio/common.c ++++ qemu/hw/vfio/common.c +@@ -253,6 +253,46 @@ static int vfio_dma_map(VFIOContainer *c + return 0; + } + ++ /* ++ * (LP: #2009048) ++ * x86_64: provide a hint if VFIO_IOMMU_DMA_MAP fails due to overlap with ++ * the reserved region (EINVAL) below 1T on AMD IOMMU (check for AMD CPU); ++ * that happens if the VM memory is ~ 1T or more (resolved with qemu 7.1). ++ * ++ * """ ++ * AMD systems with an IOMMU have an additional hole close to the ++ * 1Tb, which are special GPAs that cannot be DMA mapped. Depending ++ * on kernel version, VFIO may or may not let you DMA map those ranges. ++ * Starting Linux v5.4 we validate it, and can't create guests on AMD machines ++ * with certain memory sizes. [...] ++ * """ ++ * ++ * References: ++ * commit 8504f129450b ("i386/pc: relocate 4g start to 1T where applicable") ++ * commit 4ab4c33014b4 ("hw/i386: add 4g boundary start to X86MachineState") ++ */ ++ ++#ifdef TARGET_X86_64 ++#define PC_4GB_START 0x0100000000ULL ++#define AMD_HT_START 0xfd00000000ULL ++/* copy IS_AMD_CPU() from target/i386/cpu.c */ ++#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \ ++ (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \ ++ (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3) ++ ++ if (errno == EINVAL && iova == PC_4GB_START && ++ size > (AMD_HT_START - PC_4GB_START) && ++ IS_AMD_CPU(&(X86_CPU(first_cpu))->env)) { ++ error_report("VFIO_MAP_DMA: %d (hint: AMD IOMMU: reduce VM ram)", ++ -errno); ++ return -errno; ++ } ++ ++#undef PC_4GB_START ++#undef AMD_HT_START ++#undef IS_AMD_CPU ++#endif ++ + error_report("VFIO_MAP_DMA: %d", -errno); + return -errno; + }