github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-01 08:56:32 +00:00
Code Issues Projects Releases Wiki Activity

packaging: merge packaging repository

Browse Source 
git-subtree-dir: tools/packaging
git-subtree-mainline: f818b46a41
git-subtree-split: 1f22d72d5d

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Peng Tao
2020-06-23 22:49:04 -07:00
parent f818b46a41 1f22d72d5d
commit 782cd2ed10
645 changed files with 292694 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
tools/packaging/qemu/patches/4.0.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch Normal file
View File

@@ -0,0 +1,98 @@
From 894a8ae5524fff4ad9d3551c515788c5650e1fc7 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 55821343e5..c5f089860d 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -690,10 +690,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3525,7 +3522,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -3543,8 +3540,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 8883761b2c..24aeba03f7 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -320,21 +320,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index 19e4d9287e..728a25865d 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -47,6 +47,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.17.2

73
tools/packaging/qemu/patches/4.0.x/0002-migration-allow-private-destination-ram-with-x-ignor.patch Normal file
View File

@@ -0,0 +1,73 @@
From b17fbbe55cba95ad323b27c2f9f3e22eb6364d4b Mon Sep 17 00:00:00 2001
From: Peng Tao <tao.peng@linux.alibaba.com>
Date: Fri, 14 Jun 2019 14:35:13 +0800
Subject: [PATCH] migration: allow private destination ram with x-ignore-shared
By removing the share ram check, qemu is able to migrate
to private destination ram when x-ignore-shared capability
is on. Then we can create multiple destination VMs based
on the same source VM.
This changes the x-ignore-shared migration capability to
work similar to Lai's original bypass-shared-memory
work(https://lists.gnu.org/archive/html/qemu-devel/2018-04/msg00003.html)
which enables kata containers (https://katacontainers.io)
to implement the VM templating feature.
An example usage in kata containers(https://katacontainers.io):
1. Start the source VM:
qemu-system-x86 -m 2G \
-object memory-backend-file,id=mem0,size=2G,share=on,mem-path=/tmpfs/template-memory \
-numa node,memdev=mem0
2. Stop the template VM, set migration x-ignore-shared capability,
migrate "exec:cat>/tmpfs/state", quit it
3. Start target VM:
qemu-system-x86 -m 2G \
-object memory-backend-file,id=mem0,size=2G,share=off,mem-path=/tmpfs/template-memory \
-numa node,memdev=mem0 \
-incoming defer
4. connect to target VM qmp, set migration x-ignore-shared capability,
migrate_incoming "exec:cat /tmpfs/state"
5. create more target VMs repeating 3 and 4
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Yury Kotov <yury-kotov@yandex-team.ru>
Cc: Jiangshan Lai <laijs@hyper.sh>
Cc: Xu Wang <xu@hyper.sh>
Signed-off-by: Peng Tao <tao.peng@linux.alibaba.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <1560494113-1141-1-git-send-email-tao.peng@linux.alibaba.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
---
migration/ram.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/migration/ram.c b/migration/ram.c
index 8a6ad61d3d..8622b4dc49 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -3426,7 +3426,6 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
}
if (migrate_ignore_shared()) {
qemu_put_be64(f, block->mr->addr);
- qemu_put_byte(f, ramblock_is_ignored(block) ? 1 : 0);
}
}
@@ -4393,12 +4392,6 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
}
if (migrate_ignore_shared()) {
hwaddr addr = qemu_get_be64(f);
- bool ignored = qemu_get_byte(f);
- if (ignored != ramblock_is_ignored(block)) {
- error_report("RAM block %s should %s be migrated",
- id, ignored ? "" : "not");
- ret = -EINVAL;
- }
if (ramblock_is_ignored(block) &&
block->mr->addr != addr) {
error_report("Mismatched GPAs for block %s "
--
2.17.1

43
tools/packaging/qemu/patches/4.0.x/0003-memory-backend-file-nvdimm-support-read-only-files-a.patch Normal file
View File

@@ -0,0 +1,43 @@
From bf71d7d8e04e85517578c021804c77739f9fed72 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if this is not modified
in the guest. In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backeds.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index 3e78de3b8f..a1b6f939fb 100644
--- a/exec.c
+++ b/exec.c
@@ -1865,6 +1865,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.17.2

98
tools/packaging/qemu/patches/4.1.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch Normal file
View File

@@ -0,0 +1,98 @@
From 493163ca322c87860492328c7898064051321c67 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/3] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 55821343e5..c5f089860d 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -690,10 +690,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3525,7 +3522,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -3543,8 +3540,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 8883761b2c..24aeba03f7 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -320,21 +320,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index 19e4d9287e..728a25865d 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -47,6 +47,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.17.2

45
tools/packaging/qemu/patches/4.1.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch Normal file
View File

@@ -0,0 +1,45 @@
From f116c58ab18762b1fdf5b5908af8612bf933d159 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH 2/3] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently it is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if the file itself
is not modified in the guest. Same goes for files that do not have write access.
In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backends.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index 3e78de3b8f..a1b6f939fb 100644
--- a/exec.c
+++ b/exec.c
@@ -1865,6 +1865,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS || errno == EACCES) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.17.2

71
tools/packaging/qemu/patches/4.1.x/0003-configure-more-resilient-Python-version-capture.patch Normal file
View File

@@ -0,0 +1,71 @@
From 19ec1516315083bb609a6683271dc19adb464522 Mon Sep 17 00:00:00 2001
From: Cleber Rosa <crosa@redhat.com>
Date: Mon, 26 Aug 2019 11:58:32 -0400
Subject: [PATCH 3/3] configure: more resilient Python version capture
The current approach to capture the Python version is fragile, as it
was demonstrated by a very specific build of Python 3 on Fedora 29
that, under non-interactive shells would print multiline version
information.
The (badly) stripped version output would be sent to config-host.mak,
producing bad syntax and rendering the makefiles unusable. Now, the
Python versions is printed by configure, but only a simple (and better
controlled variable) indicating whether the build system is using
Python 2 is kept on config-host.mak.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20190826155832.17427-1-crosa@redhat.com>
Reviewed-by: Tony Nguyen <tony.nguyen@bt.com>
---
configure | 5 +++--
tests/Makefile.include | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/configure b/configure
index 714e7fb6a1..0a6a617fa3 100755
--- a/configure
+++ b/configure
@@ -1864,7 +1864,7 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (2,7))'; then
fi
# Preserve python version since some functionality is dependent on it
-python_version=$($python -V 2>&1 | sed -e 's/Python\ //')
+python_version=$($python -c 'import sys; print("%d.%d.%d" % (sys.version_info[0], sys.version_info[1], sys.version_info[2]))' 2>/dev/null)
# Suppress writing compiled files
python="$python -B"
@@ -6514,6 +6514,7 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (3,0))'; then
echo
echo "warning: Python 2 support is deprecated" >&2
echo "warning: Python 3 will be required for building future versions of QEMU" >&2
+ python2="y"
fi
config_host_mak="config-host.mak"
@@ -7333,7 +7334,7 @@ echo "INSTALL_DATA=$install -c -m 0644" >> $config_host_mak
echo "INSTALL_PROG=$install -c -m 0755" >> $config_host_mak
echo "INSTALL_LIB=$install -c -m 0644" >> $config_host_mak
echo "PYTHON=$python" >> $config_host_mak
-echo "PYTHON_VERSION=$python_version" >> $config_host_mak
+echo "PYTHON2=$python2" >> $config_host_mak
echo "CC=$cc" >> $config_host_mak
if $iasl -h > /dev/null 2>&1; then
echo "IASL=$iasl" >> $config_host_mak
diff --git a/tests/Makefile.include b/tests/Makefile.include
index fd7fdb8658..fc67846431 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -1132,7 +1132,7 @@ TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results
AVOCADO_SHOW=app
AVOCADO_TAGS=$(patsubst %-softmmu,-t arch:%, $(filter %-softmmu,$(TARGET_DIRS)))
-ifneq ($(findstring v2,"v$(PYTHON_VERSION)"),v2)
+ifneq ($(PYTHON2),y)
$(TESTS_VENV_DIR): $(TESTS_VENV_REQ)
$(call quiet-command, \
$(PYTHON) -m venv --system-site-packages $@, \
--
2.17.2

98
tools/packaging/qemu/patches/4.2.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch Normal file
View File

@@ -0,0 +1,98 @@
From 4400ea745b2a073186061a04dc07d90a8fb8a51f Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 520177f40c..191c43e42d 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1082,10 +1082,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3968,7 +3965,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -3986,8 +3983,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 3904f82901..30ecab2b2e 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -380,21 +380,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index c2cdc7a9ea..0fe971d1f5 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -46,6 +46,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.21.0

45
tools/packaging/qemu/patches/4.2.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch Normal file
View File

@@ -0,0 +1,45 @@
From f06edce09ed88568a743c6aa36343081e35cca54 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH 2/2] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently it is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if the file itself
is not modified in the guest. Same goes for files that do not have write access.
In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backends.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index ffdb518535..506a5af8c1 100644
--- a/exec.c
+++ b/exec.c
@@ -1819,6 +1819,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS || errno == EACCES) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.21.0

98
tools/packaging/qemu/patches/5.0.x/0001-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch Normal file
View File

@@ -0,0 +1,98 @@
From 3de89ce9fb5eda46f7cefd70e9090cb7cd7ec803 Mon Sep 17 00:00:00 2001
From: Yang Zhong <yang.zhong@intel.com>
Date: Wed, 28 Mar 2018 20:14:53 +0800
Subject: [PATCH 1/2] 9p: removing coroutines of 9p to increase the I/O
performance
This is a quick workaround, need to be fixed.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
---
hw/9pfs/9p.c | 12 +++++-------
hw/9pfs/9p.h | 6 +++---
hw/9pfs/coth.h | 3 +++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 9e046f7acb..11c8ee08d9 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1082,10 +1082,7 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len)
out_notify:
pdu->s->transport->push_and_notify(pdu);
- /* Now wakeup anybody waiting in flush for this request */
- if (!qemu_co_queue_next(&pdu->complete)) {
- pdu_free(pdu);
- }
+ pdu_free(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -3997,7 +3994,7 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
{
- Coroutine *co;
+// Coroutine *co;
CoroutineEntry *handler;
V9fsState *s = pdu->s;
@@ -4015,8 +4012,9 @@ void pdu_submit(V9fsPDU *pdu, P9MsgHeader *hdr)
}
qemu_co_queue_init(&pdu->complete);
- co = qemu_coroutine_create(handler, pdu);
- qemu_coroutine_enter(co);
+ handler(pdu);
+ //co = qemu_coroutine_create(handler, pdu);
+ //qemu_coroutine_enter(co);
}
/* Returns 0 on success, 1 on failure. */
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index b8f72a3bd9..d16bf9d05e 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -391,21 +391,21 @@ extern int total_open_fd;
static inline void v9fs_path_write_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_wrlock(&s->rename_lock);
+ // qemu_co_rwlock_wrlock(&s->rename_lock);
}
}
static inline void v9fs_path_read_lock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_rdlock(&s->rename_lock);
+ // qemu_co_rwlock_rdlock(&s->rename_lock);
}
}
static inline void v9fs_path_unlock(V9fsState *s)
{
if (s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT) {
- qemu_co_rwlock_unlock(&s->rename_lock);
+ // qemu_co_rwlock_unlock(&s->rename_lock);
}
}
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index c2cdc7a9ea..0fe971d1f5 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -46,6 +46,9 @@
qemu_coroutine_yield(); \
} while (0)
+#undef v9fs_co_run_in_worker
+#define v9fs_co_run_in_worker(code_block) do {code_block} while(0);
+
void co_run_in_worker_bh(void *);
int coroutine_fn v9fs_co_readlink(V9fsPDU *, V9fsPath *, V9fsString *);
int coroutine_fn v9fs_co_readdir(V9fsPDU *, V9fsFidState *, struct dirent **);
--
2.21.0

45
tools/packaging/qemu/patches/5.0.x/0002-memory-backend-file-nvdimm-support-read-only-files-a.patch Normal file
View File

@@ -0,0 +1,45 @@
From 3a6e5e157f355b3c42b6c2a0c85b4acaba849ac3 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 8 Jul 2019 21:19:36 +0000
Subject: [PATCH 2/2] memory-backend-file/nvdimm: support read-only files as
memory-backends
Currently it is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if the file itself
is not modified in the guest. Same goes for files that do not have write access.
In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backends.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Message-Id: <20190708211936.8037-1-julio.montes@intel.com>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index 2874bb5088..ba2fff234b 100644
--- a/exec.c
+++ b/exec.c
@@ -1781,6 +1781,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS || errno == EACCES) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.21.0

26
tools/packaging/qemu/patches/virtiofsd/0001-add-time-to-seccomp.patch Normal file
View File

@@ -0,0 +1,26 @@
From 2317a63d2acab16be4655ec87542a2bf3d75551b Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Thu, 26 Sep 2019 18:41:34 +0100
Subject: [PATCH] virtiofsd: Add time to seccomp
Needed by static builds
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
contrib/virtiofsd/seccomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/virtiofsd/seccomp.c b/contrib/virtiofsd/seccomp.c
index 3b92c6ee13..374bab2bef 100644
--- a/contrib/virtiofsd/seccomp.c
+++ b/contrib/virtiofsd/seccomp.c
@@ -75,6 +75,7 @@ static const int syscall_whitelist[] = {
SCMP_SYS(setresuid),
SCMP_SYS(set_robust_list),
SCMP_SYS(symlinkat),
+ SCMP_SYS(time), /* Rarely needed, except on static builds */
SCMP_SYS(tgkill),
SCMP_SYS(unlinkat),
SCMP_SYS(utimensat),
--
2.21.0

50
tools/packaging/qemu/patches/virtiofsd/0002-libvhost-user-Fix-the-VHOST_USER_PROTOCOL_F_SLAVE_SE.patch Normal file
View File

@@ -0,0 +1,50 @@
From 47adda63e398a179b6211763377c8f61c5d62f5a Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Wed, 7 Aug 2019 07:15:32 -0700
Subject: [PATCH] libvhost-user: Fix the VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD
check
Vhost user protocol features are set as a bitmask. And the following
constant VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD value is 10 because the bit
10 indicates if the features is set or not.
The proper way to check for the presence or absence of this feature is
to shift 1 by the value of this constant and then mask it with the
actual bitmask representing the supported protocol features.
This patch aims to fix the current code as it was not doing the
shifting, but instead it was masking directly with the value of the
constant itself.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
contrib/libvhost-user/libvhost-user.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/contrib/libvhost-user/libvhost-user.c b/contrib/libvhost-user/libvhost-user.c
index 215ce22b79..626e2a035f 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -1129,7 +1129,8 @@ bool vu_set_queue_host_notifier(VuDev *dev, VuVirtq *vq, int fd,
vmsg.fd_num = fd_num;
- if ((dev->protocol_features & VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD) == 0) {
+ if ((dev->protocol_features &
+ (1ULL << VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD)) == 0) {
return false;
}
@@ -2554,7 +2555,8 @@ int64_t vu_fs_cache_request(VuDev *dev, VhostUserSlaveRequest req, int fd,
vmsg.fd_num = fd_num;
- if ((dev->protocol_features & VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD) == 0) {
+ if ((dev->protocol_features &
+ (1ULL << VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD)) == 0) {
return -EINVAL;
}
--
2.20.1