Patch Round-up for stable 8.1.3, freeze on 2023-11-19

[Stable-8.1.3 35/55] hw/xen: take iothread mutex in xen_evtchn_reset_op()

Posted by Michael Tokarev 1 year, 6 months ago

From: David Woodhouse <dwmw@amazon.co.uk>

The xen_evtchn_soft_reset() function requires the iothread mutex, but is
also called for the EVTCHNOP_reset hypercall. Ensure the mutex is taken
in that case.

Cc: qemu-stable@nongnu.org
Fixes: a15b10978fe6 ("hw/xen: Implement EVTCHNOP_reset")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit debc995e883b05c2fd02fb797a61ab1328e5bae2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
index 3d6f4b4a0a..b2b4be9983 100644
--- a/hw/i386/kvm/xen_evtchn.c
+++ b/hw/i386/kvm/xen_evtchn.c
@@ -1135,6 +1135,7 @@ int xen_evtchn_reset_op(struct evtchn_reset *reset)
         return -ESRCH;
     }
 
+    QEMU_IOTHREAD_LOCK_GUARD();
     return xen_evtchn_soft_reset();
 }
 
-- 
2.39.2

[Stable-8.1.3 01/55] hw/pvrdma: Protect against buggy or malicious guest driver
[Stable-8.1.3 02/55] migration: Fix analyze-migration read operation signedness
[Stable-8.1.3 03/55] migration: Non multifd migration don't care about multifd flushes
[Stable-8.1.3 04/55] python/qmp: remove Server.wait_closed() call for Python 3.12
[Stable-8.1.3 05/55] tests/docker: avoid invalid escape in Python string
[Stable-8.1.3 06/55] docs/sphinx: avoid invalid escape in Python string
[Stable-8.1.3 07/55] target/hexagon: avoid invalid escape in Python string
[Stable-8.1.3 08/55] tests/avocado: avoid invalid escape in Python string
[Stable-8.1.3 09/55] tests/vm: avoid invalid escape in Python string
[Stable-8.1.3 10/55] tracetool: avoid invalid escape in Python string
[Stable-8.1.3 11/55] linux-user: Fixes for zero_bss
[Stable-8.1.3 12/55] linux-user/mips: fix abort on integer overflow
[Stable-8.1.3 13/55] linux-user/sh4: Fix crashes on signal delivery
[Stable-8.1.3 14/55] lasips2: LASI PS/2 devices are not user-createable
[Stable-8.1.3 15/55] target/arm: Fix CNTPCT_EL0 trapping from EL0 when HCR_EL2.E2H is 0
[Stable-8.1.3 16/55] hw/sd/sdhci: Block Size Register bits [14:12] is lost
[Stable-8.1.3 17/55] hw/rdma/vmw/pvrdma_cmd: Use correct struct in query_port()
[Stable-8.1.3 18/55] target/sparc: Clear may_lookup for npc == DYNAMIC_PC
[Stable-8.1.3 19/55] target/arm: Fix syndrome for FGT traps on ERET
[Stable-8.1.3 20/55] misc/led: LED state is set opposite of what is expected
[Stable-8.1.3 21/55] block: Fix locking in media change monitor commands
[Stable-8.1.3 22/55] tests/tcg: Add -fno-stack-protector
[Stable-8.1.3 23/55] qemu-img: rebase: stop when reaching EOF of old backing file
[Stable-8.1.3 24/55] qemu-iotests: 024: add rebasing test case for overlay_size > backing_size
[Stable-8.1.3 25/55] target/arm: Fix SVE STR increment
[Stable-8.1.3 26/55] target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk
[Stable-8.1.3 27/55] util/uuid: Add UUID_STR_LEN definition
[Stable-8.1.3 28/55] vfio/pci: Fix buffer overrun when writing the VF token
[Stable-8.1.3 29/55] util/uuid: Remove UUID_FMT_LEN
[Stable-8.1.3 30/55] i386/xen: Don't advertise XENFEAT_supervisor_mode_kernel
[Stable-8.1.3 31/55] i386/xen: fix per-vCPU upcall vector for Xen emulation
[Stable-8.1.3 32/55] hw/xen: select kernel mode for per-vCPU event channel upcall vector
[Stable-8.1.3 33/55] hw/xen: don't clear map_track[] in xen_gnttab_reset()
[Stable-8.1.3 34/55] hw/xen: fix XenStore watch delivery to guest
[Stable-8.1.3 35/55] hw/xen: take iothread mutex in xen_evtchn_reset_op()
[Stable-8.1.3 36/55] hw/xen: use correct default protocol for xen-block on x86
[Stable-8.1.3 37/55] virtio-gpu: block migration of VMs with blob=true
[Stable-8.1.3 38/55] block/nvme: nvme_process_completion() fix bound for cid
[Stable-8.1.3 39/55] target/arm: Fix A64 LDRA immediate decode
[Stable-8.1.3 40/55] qcow2: keep reference on zeroize with discard-no-unref enabled
[Stable-8.1.3 41/55] block/file-posix: fix update_zones_wp() caller
[Stable-8.1.3 42/55] file-posix: fix over-writing of returning zone_append offset
[Stable-8.1.3 43/55] ati-vga: Implement fallback for pixman routines
[Stable-8.1.3 44/55] ui/gtk: force realization of drawing area
[Stable-8.1.3 45/55] ui/gtk-egl: apply scale factor when calculating window's dimension
[Stable-8.1.3 46/55] ui/gtk-egl: Check EGLSurface before doing scanout
[Stable-8.1.3 47/55] target/mips: Fix MSA BZ/BNZ opcodes displacement
[Stable-8.1.3 48/55] target/mips: Fix TX79 LQ/SQ opcodes
[Stable-8.1.3 49/55] hw/ide: reset: cancel async DMA operation before resetting state
[Stable-8.1.3 50/55] tests/qtest: ahci-test: add test exposing reset issue with pending callback
[Stable-8.1.3 51/55] target/s390x: Fix CLC corrupting cc_src
[Stable-8.1.3 52/55] tests/tcg/s390x: Test CLC with inaccessible second operand
[Stable-8.1.3 53/55] target/s390x: Fix LAALG not updating cc_src
[Stable-8.1.3 54/55] tests/tcg/s390x: Test LAALG with negative cc_src
[Stable-8.1.3 55/55] hw/ide/ahci: trigger either error IRQ or regular IRQ, not both