[Qemu-devel] [ANNOUNCE] QEMU 2.1.1 Stable released

[Qemu-devel] [ANNOUNCE] QEMU 2.1.1 Stable released

[Michael Roth]

Hi everyone,

I am pleased to announce that the QEMU v2.1.1 stable release is now
available at:

  http://wiki.qemu.org/download/qemu-2.1.1.tar.bz2

v2.1.1 is now tagged in the official qemu.git repository,
and the stable-2.1 branch has been updated accordingly:

  http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1

This release contains 50 build/bug fixes, including fixes for a number
of networking issues related to live migration and important security
updates relating to accessing host memory by overrunning emulated video
memory. See the commit history above for relevant CVEs and additional
details.

Thank you to everyone involved!

CHANGELOG:

3cb451e: Update version for v2.1.1 release (Michael Roth)
82d80e1: target-i386: Support migratable=no properly (Eduardo Habkost)
5dd076a: exec: Save CPUState::exception_index field (Pavel Dovgaluk)
257e9cf: pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
1aa87d3: spice: make sure we don't overflow ssd->buf (Gerd Hoffmann)
7fe5418: vbe: rework sanity checks (Gerd Hoffmann)
c5042f0: vbe: make bochs dispi interface return the correct memory size with qxl (Gerd Hoffmann)
cf29a88: virtio-net: purge outstanding packets when starting vhost (Michael S. Tsirkin)
08743db: net: complete all queued packets on VM stop (Michael S. Tsirkin)
d9c06c0: net: invoke callback when purging queue (Michael S. Tsirkin)
f321710: virtio: don't call device on !vm_running (Michael S. Tsirkin)
ec48bfd: net: Forbid dealing with packets when VM is not running (zhanghailiang)
eb36f79: acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
34d41c1: vhost-scsi: init backend features earlier (Michael S. Tsirkin)
6f8d05a: vhost_net: init acked_features to backend_features (Jason Wang)
5e83dae: vhost_net: start/stop guest notifiers properly (Jason Wang)
ff34ca0: pci: avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
e685d2a: virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
67cfda8: qxl-render: add more sanity checks (Gerd Hoffmann)
4fd144f: target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values (Peter Maydell)
ea774b8: target-arm: Fix regression that disabled VFP for ARMv5 CPUs (Peter Maydell)
3e8966d: x86: Clear MTRRs on vCPU reset (Alex Williamson)
ba8576f: x86: kvm: Add MTRR support for kvm_get|put_msrs() (Alex Williamson)
07f8c97: x86: Use common variable range MTRR counts (Alex Williamson)
72c9c9a: target-i386: Don't forbid NX bit on PAE PDEs and PTEs (William Grant)
3d8cc86: vl: process -object after other backend options (Paolo Bonzini)
0824ca6: spapr_pci: map the MSI window in each PHB (Greg Kurz)
feb6334: thread-pool: avoid deadlock in nested aio_poll() calls (Stefan Hajnoczi)
75ada6b: thread-pool: avoid per-thread-pool EventNotifier (Stefan Hajnoczi)
be3af75: pc: reserve more memory for ACPI for new machine types (Michael S. Tsirkin)
bfe3e6f: pcihp: fix possible array out of bounds (Gonglei)
cd4acff: hostmem: set MPOL_MF_MOVE (Michael S. Tsirkin)
4b59161: vmxnet3: Pad short frames to minimum size (60 bytes) (Ben Draper)
fab7560: blkdebug: Delete BH in bdrv_aio_cancel (Fam Zheng)
16c92cd: qemu-iotests: add test case 101 for short file I/O (Stefan Hajnoczi)
dea6efe: raw-posix: fix O_DIRECT short reads (Stefan Hajnoczi)
8c4edd7: block/iscsi: fix memory corruption on iscsi resize (Peter Lieven)
504e2a7: arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2 (Christoffer Dall)
2f6d5e1: target-arm: Rename QEMU PSCI v0.1 definitions (Christoffer Dall)
20463dc: target-arm: Fix return address for A64 BRK instructions (Peter Maydell)
2a575c4: virtio-blk: fix reference a pointer which might be freed (zhanghailiang)
1ad9dce: acpi: align RSDP (Michael S. Tsirkin)
ba1bc81: numa: show hex number in error message for consistency and prefix them with 0x (Hu Tao)
948574e: pc-dimm: fix up error message (Michael S. Tsirkin)
044af98: pc-dimm: validate node property (Hu Tao)
7c68c54: hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE (Hu Tao)
bd47406: ide: only constrain read/write requests to drive size, not other types (Michael Tokarev)
e22d5dc: l2tpv3 (configure): it is linux-specific (Michael Tokarev)
dfd4808: vfio: Fix MSI-X vector expansion (Alex Williamson)
5f26e63: qdev-monitor: include QOM properties in -device FOO, help output (Stefan Hajnoczi)
42f7a13: qmp: hide "hotplugged" device property from device-list-properties (Stefan Hajnoczi)

Re: [Qemu-devel] [Qemu-stable] [ANNOUNCE] QEMU 2.1.1 Stable released

[Dietmar Maurer]

Seems that we get a crash when we live-migrate a VMs using virtio-net-pci (vhost=on).
This worked in 2.1.0. Any ideas?

> I am pleased to announce that the QEMU v2.1.1 stable release is now available
> at:

Re: [Qemu-devel] [Qemu-stable] [ANNOUNCE] QEMU 2.1.1 Stable released

[Michael Roth]

Quoting Dietmar Maurer (2014-09-11 04:55:05)
> Seems that we get a crash when we live-migrate a VMs using virtio-net-pci (vhost=on).
> This worked in 2.1.0. Any ideas?

Is this what you're seeing on the source side?

qemu-system-x86_64: /home/mdroth/w/qemu3.git/hw/net/virtio-net.c:1348: virtio_net_save: Assertion `!n->vhost_started' failed. 

If so I can reproduce on both stable and current master. A bisect of master
points to the following commit.
269bd822e7f5ab80048b05fb7076236ed66ffbce is the first bad commit
commit 269bd822e7f5ab80048b05fb7076236ed66ffbce
Author: Michael S. Tsirkin <mst@redhat.com>
Date:   Thu Sep 4 13:32:54 2014 +0300

    virtio: don't call device on !vm_running
    
    On vm stop, virtio changes vm_running state
    too soon, so callbacks can get envoked with
    vm_running = false;
    
    Cc: qemu-stable@nongnu.org
    Cc: Jason Wang <jasowang@redhat.com>
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Any ideas Michael/Jason? This is with:

qemu-system-x86_64 -enable-kvm -L build/build3-bios -M pc-i440fx-2.1 -m 512M -kernel boot/vmlinuz-x86_64 -initrd boot/test-initramfs-x86_64.img.gz -vga cirrus -append seed=1234 -drive file=disk1.img,if=virtio,cache=directsync -drive file=disk2.img,if=virtio -device virtio-net-pci,netdev=net0 -netdev tap,id=net0,vhost=on,script=/etc/qemu-ifup -incoming unix:/tmp/migrate.sock -monitor unix:/tmp/vm-hmp-incoming.sock,server,nowait -qmp unix:/tmp/vm-qmp-incoming.sock,server,nowait

Since this is such a common use-case of live migration I'll likely be putting out
a minor 2.1.2 update once we identify the fix. I unfortunately didn't have vhost
enabled in the migration tests, which was a pretty big oversight on my part.

> 
> > I am pleased to announce that the QEMU v2.1.1 stable release is now available
> > at:

Re: [Qemu-devel] [Qemu-stable] [ANNOUNCE] QEMU 2.1.1 Stable released

[Michael S. Tsirkin]

On Thu, Sep 11, 2014 at 09:11:40AM -0500, Michael Roth wrote:
> Quoting Dietmar Maurer (2014-09-11 04:55:05)
> > Seems that we get a crash when we live-migrate a VMs using virtio-net-pci (vhost=on).
> > This worked in 2.1.0. Any ideas?
> 
> Is this what you're seeing on the source side?
> 
> qemu-system-x86_64: /home/mdroth/w/qemu3.git/hw/net/virtio-net.c:1348: virtio_net_save: Assertion `!n->vhost_started' failed. 
> 
> If so I can reproduce on both stable and current master. A bisect of master
> points to the following commit.
> 269bd822e7f5ab80048b05fb7076236ed66ffbce is the first bad commit
> commit 269bd822e7f5ab80048b05fb7076236ed66ffbce
> Author: Michael S. Tsirkin <mst@redhat.com>
> Date:   Thu Sep 4 13:32:54 2014 +0300
> 
>     virtio: don't call device on !vm_running
>     
>     On vm stop, virtio changes vm_running state
>     too soon, so callbacks can get envoked with
>     vm_running = false;
>     
>     Cc: qemu-stable@nongnu.org
>     Cc: Jason Wang <jasowang@redhat.com>
>     Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>     Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> 
> Any ideas Michael/Jason? This is with:
> 
> qemu-system-x86_64 -enable-kvm -L build/build3-bios -M pc-i440fx-2.1 -m 512M -kernel boot/vmlinuz-x86_64 -initrd boot/test-initramfs-x86_64.img.gz -vga cirrus -append seed=1234 -drive file=disk1.img,if=virtio,cache=directsync -drive file=disk2.img,if=virtio -device virtio-net-pci,netdev=net0 -netdev tap,id=net0,vhost=on,script=/etc/qemu-ifup -incoming unix:/tmp/migrate.sock -monitor unix:/tmp/vm-hmp-incoming.sock,server,nowait -qmp unix:/tmp/vm-qmp-incoming.sock,server,nowait
> 
> Since this is such a common use-case of live migration I'll likely be putting out
> a minor 2.1.2 update once we identify the fix. I unfortunately didn't have vhost
> enabled in the migration tests, which was a pretty big oversight on my part.

I expect to look into this later today, if not - Sunday.
Sorry about the delay.

> > 
> > > I am pleased to announce that the QEMU v2.1.1 stable release is now available
> > > at:

Re: [Qemu-devel] [Qemu-stable] [ANNOUNCE] QEMU 2.1.1 Stable released

[Michael S. Tsirkin]

On Thu, Sep 11, 2014 at 09:11:40AM -0500, Michael Roth wrote:
> Quoting Dietmar Maurer (2014-09-11 04:55:05)
> > Seems that we get a crash when we live-migrate a VMs using virtio-net-pci (vhost=on).
> > This worked in 2.1.0. Any ideas?
> 
> Is this what you're seeing on the source side?
> 
> qemu-system-x86_64: /home/mdroth/w/qemu3.git/hw/net/virtio-net.c:1348: virtio_net_save: Assertion `!n->vhost_started' failed. 
> 
> If so I can reproduce on both stable and current master. A bisect of master
> points to the following commit.
> 269bd822e7f5ab80048b05fb7076236ed66ffbce is the first bad commit
> commit 269bd822e7f5ab80048b05fb7076236ed66ffbce
> Author: Michael S. Tsirkin <mst@redhat.com>
> Date:   Thu Sep 4 13:32:54 2014 +0300
> 
>     virtio: don't call device on !vm_running
>     
>     On vm stop, virtio changes vm_running state
>     too soon, so callbacks can get envoked with
>     vm_running = false;
>     
>     Cc: qemu-stable@nongnu.org
>     Cc: Jason Wang <jasowang@redhat.com>
>     Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>     Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> 
> Any ideas Michael/Jason?

OK, I sent two patches to fix this. Will send upstream shortly, too.

> This is with:
> 
> qemu-system-x86_64 -enable-kvm -L build/build3-bios -M pc-i440fx-2.1 -m 512M -kernel boot/vmlinuz-x86_64 -initrd boot/test-initramfs-x86_64.img.gz -vga cirrus -append seed=1234 -drive file=disk1.img,if=virtio,cache=directsync -drive file=disk2.img,if=virtio -device virtio-net-pci,netdev=net0 -netdev tap,id=net0,vhost=on,script=/etc/qemu-ifup -incoming unix:/tmp/migrate.sock -monitor unix:/tmp/vm-hmp-incoming.sock,server,nowait -qmp unix:/tmp/vm-qmp-incoming.sock,server,nowait
> 
> Since this is such a common use-case of live migration I'll likely be putting out
> a minor 2.1.2 update once we identify the fix. I unfortunately didn't have vhost
> enabled in the migration tests, which was a pretty big oversight on my part.

Mee too :(

> > 
> > > I am pleased to announce that the QEMU v2.1.1 stable release is now available
> > > at: