diff -Nru qemu-4.2/debian/changelog qemu-4.2/debian/changelog --- qemu-4.2/debian/changelog 2020-05-27 21:19:20.000000000 +0000 +++ qemu-4.2/debian/changelog 2020-06-02 08:42:49.000000000 +0000 @@ -1,3 +1,12 @@ +qemu (1:4.2-3ubuntu6.3) focal; urgency=medium + + * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that + crashes it on shutdown (LP: #1878973) + * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not + supporting to set them (LP: #1882774) + + -- Christian Ehrhardt Tue, 02 Jun 2020 10:42:49 +0200 + qemu (1:4.2-3ubuntu6.2) focal; urgency=medium * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts diff -Nru qemu-4.2/debian/patches/lp-1882774-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch qemu-4.2/debian/patches/lp-1882774-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch --- qemu-4.2/debian/patches/lp-1882774-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-4.2/debian/patches/lp-1882774-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch 2020-06-02 08:42:49.000000000 +0000 @@ -0,0 +1,103 @@ +From 4a910e1f6ab4155ec8b24c49b2585cc486916985 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Tue, 31 Mar 2020 18:27:52 +0200 +Subject: [PATCH] target/i386: do not set unsupported VMX secondary execution + controls + +Commit 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for +secondary execution controls") added a workaround for KVM pre-dating +commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm +KVM_GET_MSRS") which wasn't setting certain available controls. The +workaround uses generic CPUID feature bits to set missing VMX controls. + +It was found that in some cases it is possible to observe hosts which +have certain CPUID features but lack the corresponding VMX control. + +In particular, it was reported that Azure VMs have RDSEED but lack +VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature +bit result in QEMU abort. + +Resolve the issue but not applying the workaround when we don't have +to. As there is no good way to find out if KVM has the fix itself, use +95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead +as these [are supposed to] come together. + +Fixes: 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls") +Suggested-by: Paolo Bonzini +Signed-off-by: Vitaly Kuznetsov +Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com> +Signed-off-by: Paolo Bonzini + +Backport-Note: MSR_IA32_UCODE_REV didn't exist in qemu 4.2 yet but is in the context +Origin: backport, https://git.qemu.org/?p=qemu.git;a=commit;h=4a910e1f6ab4155ec8b24c49b2585c +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1882774 +Last-Update: 2020-06-09 + +--- + target/i386/kvm.c | 41 ++++++++++++++++++++++++++--------------- + 1 file changed, 26 insertions(+), 15 deletions(-) + +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -105,6 +105,7 @@ static bool has_msr_smi_count; + static bool has_msr_arch_capabs; + static bool has_msr_core_capabs; + static bool has_msr_vmx_vmfunc; ++static bool has_msr_vmx_procbased_ctls2; + + static uint32_t has_architectural_pmu_version; + static uint32_t num_architectural_pmu_gp_counters; +@@ -489,21 +490,28 @@ uint64_t kvm_arch_get_supported_msr_feat + value = msr_data.entries[0].data; + switch (index) { + case MSR_IA32_VMX_PROCBASED_CTLS2: +- /* KVM forgot to add these bits for some time, do this ourselves. */ +- if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) { +- value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32; +- } +- if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) { +- value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32; +- } +- if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) { +- value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32; +- } +- if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) { +- value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32; +- } +- if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) { +- value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32; ++ if (!has_msr_vmx_procbased_ctls2) { ++ /* KVM forgot to add these bits for some time, do this ourselves. */ ++ if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & ++ CPUID_XSAVE_XSAVES) { ++ value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32; ++ } ++ if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & ++ CPUID_EXT_RDRAND) { ++ value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32; ++ } ++ if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & ++ CPUID_7_0_EBX_INVPCID) { ++ value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32; ++ } ++ if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & ++ CPUID_7_0_EBX_RDSEED) { ++ value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32; ++ } ++ if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & ++ CPUID_EXT2_RDTSCP) { ++ value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32; ++ } + } + /* fall through */ + case MSR_IA32_VMX_TRUE_PINBASED_CTLS: +@@ -2056,6 +2064,9 @@ static int kvm_get_supported_msrs(KVMSta + case MSR_IA32_VMX_VMFUNC: + has_msr_vmx_vmfunc = true; + break; ++ case MSR_IA32_VMX_PROCBASED_CTLS2: ++ has_msr_vmx_procbased_ctls2 = true; ++ break; + } + } + } diff -Nru qemu-4.2/debian/patches/series qemu-4.2/debian/patches/series --- qemu-4.2/debian/patches/series 2020-05-27 21:19:20.000000000 +0000 +++ qemu-4.2/debian/patches/series 2020-06-02 08:42:49.000000000 +0000 @@ -91,3 +91,5 @@ ubuntu/lp-1872945-target-riscv-update-mstatus.SD-when-FS-is-set-dirty.patch ubuntu/lp-1872945-target-openrisc-Fix-FPCSR-mask-to-allow-setting-DZF.patch ubuntu/CVE-2020-11869.patch +ubuntu/lp-1878973-fix-assert-regression.patch +lp-1882774-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch diff -Nru qemu-4.2/debian/patches/ubuntu/lp-1878973-fix-assert-regression.patch qemu-4.2/debian/patches/ubuntu/lp-1878973-fix-assert-regression.patch --- qemu-4.2/debian/patches/ubuntu/lp-1878973-fix-assert-regression.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-4.2/debian/patches/ubuntu/lp-1878973-fix-assert-regression.patch 2020-06-02 08:42:49.000000000 +0000 @@ -0,0 +1,41 @@ +Subject: qga: fix assert regression on guest-shutdown +From: Marc-André Lureau +Subject: [PATCH] qga: fix assert regression on guest-shutdown +Date: Thu, 4 Jun 2020 11:44:25 +0200 + +Since commit 781f2b3d1e ("qga: process_event() simplification"), +send_response() is called unconditionally, but will assert when "rsp" is +NULL. This may happen with QCO_NO_SUCCESS_RESP commands, such as +"guest-shutdown". + +Fixes: 781f2b3d1e5ef389b44016a897fd55e7a780bf35 +Cc: Michael Roth +Reported-by: Christian Ehrhardt +Signed-off-by: Marc-André Lureau + +Origin: upstream, https://lists.nongnu.org/archive/html/qemu-devel/2020-06/msg00962.html +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1878973 +Last-Update: 2020-06-09 +--- + qga/main.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/qga/main.c b/qga/main.c +index f0e454f28d3..3febf3b0fdf 100644 +--- a/qga/main.c ++++ b/qga/main.c +@@ -531,7 +531,11 @@ static int send_response(GAState *s, const QDict *rsp) + QString *payload_qstr, *response_qstr; + GIOStatus status; + +- g_assert(rsp && s->channel); ++ g_assert(s->channel); ++ ++ if (!rsp) { ++ return 0; ++ } + + payload_qstr = qobject_to_json(QOBJECT(rsp)); + if (!payload_qstr) { +-- +2.26.2.561.g07d8ea56f2