From: Thomas Lamprecht Date: Wed, 6 May 2020 08:13:55 +0000 (+0200) Subject: rebase patches on top of Ubuntu-5.4.0-30.34 X-Git-Url: https://git.proxmox.com/?p=pve-kernel.git;a=commitdiff_plain;h=9522496954193bb42193989e61f1db1515fdcf28 rebase patches on top of Ubuntu-5.4.0-30.34 (generated with debian/scripts/import-upstream-tag) Signed-off-by: Thomas Lamprecht --- diff --git a/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch b/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch deleted file mode 100644 index a684a53..0000000 --- a/patches/kernel/0002-bridge-keep-MAC-of-first-assigned-port.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= -Date: Thu, 14 Sep 2017 11:02:18 +0200 -Subject: [PATCH] bridge: keep MAC of first assigned port -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -original commit message: - -Default bridge changes MAC dynamically using smallest MAC of all -connected ports (for no real reason). To avoid problems with ARP -we simply use the MAC of the first connected port. - -Signed-off-by: Fabian Grünbichler -Signed-off-by: Thomas Lamprecht ---- - net/bridge/br_stp_if.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c -index d174d3a566aa..885e18c72c87 100644 ---- a/net/bridge/br_stp_if.c -+++ b/net/bridge/br_stp_if.c -@@ -256,10 +256,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br) - return false; - - list_for_each_entry(p, &br->port_list, list) { -- if (addr == br_mac_zero || -- memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0) -- addr = p->dev->dev_addr; -- -+ addr = p->dev->dev_addr; - } - - if (ether_addr_equal(br->bridge_id.addr, addr)) diff --git a/patches/kernel/0003-bridge-keep-MAC-of-first-assigned-port.patch b/patches/kernel/0003-bridge-keep-MAC-of-first-assigned-port.patch new file mode 100644 index 0000000..a684a53 --- /dev/null +++ b/patches/kernel/0003-bridge-keep-MAC-of-first-assigned-port.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= +Date: Thu, 14 Sep 2017 11:02:18 +0200 +Subject: [PATCH] bridge: keep MAC of first assigned port +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +original commit message: + +Default bridge changes MAC dynamically using smallest MAC of all +connected ports (for no real reason). To avoid problems with ARP +we simply use the MAC of the first connected port. + +Signed-off-by: Fabian Grünbichler +Signed-off-by: Thomas Lamprecht +--- + net/bridge/br_stp_if.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c +index d174d3a566aa..885e18c72c87 100644 +--- a/net/bridge/br_stp_if.c ++++ b/net/bridge/br_stp_if.c +@@ -256,10 +256,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br) + return false; + + list_for_each_entry(p, &br->port_list, list) { +- if (addr == br_mac_zero || +- memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0) +- addr = p->dev->dev_addr; +- ++ addr = p->dev->dev_addr; + } + + if (ether_addr_equal(br->bridge_id.addr, addr)) diff --git a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch deleted file mode 100644 index a8f0453..0000000 --- a/patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch +++ /dev/null @@ -1,196 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Mark Weiman -Date: Wed, 7 Feb 2018 16:04:03 -0500 -Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This an updated version of Alex Williamson's patch from: -https://lkml.org/lkml/2013/5/30/513 - -Original commit message follows: -PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that -allows us to control whether transactions are allowed to be redirected -in various subnodes of a PCIe topology. For instance, if two -endpoints are below a root port or downsteam switch port, the -downstream port may optionally redirect transactions between the -devices, bypassing upstream devices. The same can happen internally -on multifunction devices. The transaction may never be visible to the -upstream devices. - -One upstream device that we particularly care about is the IOMMU. If -a redirection occurs in the topology below the IOMMU, then the IOMMU -cannot provide isolation between devices. This is why the PCIe spec -encourages topologies to include ACS support. Without it, we have to -assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation. - -Unfortunately, far too many topologies do not support ACS to make this -a steadfast requirement. Even the latest chipsets from Intel are only -sporadically supporting ACS. We have trouble getting interconnect -vendors to include the PCIe spec required PCIe capability, let alone -suggested features. - -Therefore, we need to add some flexibility. The pcie_acs_override= -boot option lets users opt-in specific devices or sets of devices to -assume ACS support. The "downstream" option assumes full ACS support -on root ports and downstream switch ports. The "multifunction" -option assumes the subset of ACS features available on multifunction -endpoints and upstream switch ports are supported. The "id:nnnn:nnnn" -option enables ACS support on devices matching the provided vendor -and device IDs, allowing more strategic ACS overrides. These options -may be combined in any order. A maximum of 16 id specific overrides -are available. It's suggested to use the most limited set of options -necessary to avoid completely disabling ACS across the topology. -Note to hardware vendors, we have facilities to permanently quirk -specific devices which enforce isolation but not provide an ACS -capability. Please contact me to have your devices added and save -your customers the hassle of this boot option. - -Signed-off-by: Fabian Grünbichler -Signed-off-by: Thomas Lamprecht ---- - .../admin-guide/kernel-parameters.txt | 9 ++ - drivers/pci/quirks.c | 102 ++++++++++++++++++ - 2 files changed, 111 insertions(+) - -diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 174554924fb8..efa4a99121b7 100644 ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -3434,6 +3434,15 @@ - Also, it enforces the PCI Local Bus spec - rule that those bits should be 0 in system reset - events (useful for kexec/kdump cases). -+ pci_acs_override = -+ [PCIE] Override missing PCIe ACS support for: -+ downstream -+ All downstream ports - full ACS capabilities -+ multifunction -+ Add multifunction devices - multifunction ACS subset -+ id:nnnn:nnnn -+ Specific device - full ACS capabilities -+ Specified as vid:did (vendor/device ID) in hex - noioapicquirk [APIC] Disable all boot interrupt quirks. - Safety option to keep boot IRQs enabled. This - should never be necessary. -diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index 18119626d5c8..529feee083e2 100644 ---- a/drivers/pci/quirks.c -+++ b/drivers/pci/quirks.c -@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void) - } - fs_initcall_sync(pci_apply_final_quirks); - -+static bool acs_on_downstream; -+static bool acs_on_multifunction; -+ -+#define NUM_ACS_IDS 16 -+struct acs_on_id { -+ unsigned short vendor; -+ unsigned short device; -+}; -+static struct acs_on_id acs_on_ids[NUM_ACS_IDS]; -+static u8 max_acs_id; -+ -+static __init int pcie_acs_override_setup(char *p) -+{ -+ if (!p) -+ return -EINVAL; -+ -+ while (*p) { -+ if (!strncmp(p, "downstream", 10)) -+ acs_on_downstream = true; -+ if (!strncmp(p, "multifunction", 13)) -+ acs_on_multifunction = true; -+ if (!strncmp(p, "id:", 3)) { -+ char opt[5]; -+ int ret; -+ long val; -+ -+ if (max_acs_id >= NUM_ACS_IDS - 1) { -+ pr_warn("Out of PCIe ACS override slots (%d)\n", -+ NUM_ACS_IDS); -+ goto next; -+ } -+ -+ p += 3; -+ snprintf(opt, 5, "%s", p); -+ ret = kstrtol(opt, 16, &val); -+ if (ret) { -+ pr_warn("PCIe ACS ID parse error %d\n", ret); -+ goto next; -+ } -+ acs_on_ids[max_acs_id].vendor = val; -+ p += strcspn(p, ":"); -+ if (*p != ':') { -+ pr_warn("PCIe ACS invalid ID\n"); -+ goto next; -+ } -+ -+ p++; -+ snprintf(opt, 5, "%s", p); -+ ret = kstrtol(opt, 16, &val); -+ if (ret) { -+ pr_warn("PCIe ACS ID parse error %d\n", ret); -+ goto next; -+ } -+ acs_on_ids[max_acs_id].device = val; -+ max_acs_id++; -+ } -+next: -+ p += strcspn(p, ","); -+ if (*p == ',') -+ p++; -+ } -+ -+ if (acs_on_downstream || acs_on_multifunction || max_acs_id) -+ pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n"); -+ -+ return 0; -+} -+early_param("pcie_acs_override", pcie_acs_override_setup); -+ -+static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags) -+{ -+ int i; -+ -+ /* Never override ACS for legacy devices or devices with ACS caps */ -+ if (!pci_is_pcie(dev) || -+ pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS)) -+ return -ENOTTY; -+ -+ for (i = 0; i < max_acs_id; i++) -+ if (acs_on_ids[i].vendor == dev->vendor && -+ acs_on_ids[i].device == dev->device) -+ return 1; -+ -+ switch (pci_pcie_type(dev)) { -+ case PCI_EXP_TYPE_DOWNSTREAM: -+ case PCI_EXP_TYPE_ROOT_PORT: -+ if (acs_on_downstream) -+ return 1; -+ break; -+ case PCI_EXP_TYPE_ENDPOINT: -+ case PCI_EXP_TYPE_UPSTREAM: -+ case PCI_EXP_TYPE_LEG_END: -+ case PCI_EXP_TYPE_RC_END: -+ if (acs_on_multifunction && dev->multifunction) -+ return 1; -+ } -+ -+ return -ENOTTY; -+} -+ - /* - * Decoding should be disabled for a PCI device during BAR sizing to avoid - * conflict. But doing so may cause problems on host bridge and perhaps other -@@ -4698,6 +4798,8 @@ static const struct pci_dev_acs_enabled { - { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs }, - /* APM X-Gene */ - { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs }, -+ /* Enable overrides for missing ACS capabilities */ -+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides }, - /* Ampere Computing */ - { PCI_VENDOR_ID_AMPERE, 0xE005, pci_quirk_xgene_acs }, - { PCI_VENDOR_ID_AMPERE, 0xE006, pci_quirk_xgene_acs }, diff --git a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch deleted file mode 100644 index 2770e07..0000000 --- a/patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= -Date: Thu, 14 Sep 2017 11:09:58 +0200 -Subject: [PATCH] kvm: disable default dynamic halt polling growth -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Fabian Grünbichler -Signed-off-by: Thomas Lamprecht ---- - virt/kvm/kvm_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 35a82cb10556..84cf5dcb0405 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -76,7 +76,7 @@ module_param(halt_poll_ns, uint, 0644); - EXPORT_SYMBOL_GPL(halt_poll_ns); - - /* Default doubles per-vcpu halt_poll_ns. */ --unsigned int halt_poll_ns_grow = 2; -+unsigned int halt_poll_ns_grow = 0; - module_param(halt_poll_ns_grow, uint, 0644); - EXPORT_SYMBOL_GPL(halt_poll_ns_grow); - diff --git a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch new file mode 100644 index 0000000..33c9ae3 --- /dev/null +++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch @@ -0,0 +1,196 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Mark Weiman +Date: Wed, 7 Feb 2018 16:04:03 -0500 +Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.15) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This an updated version of Alex Williamson's patch from: +https://lkml.org/lkml/2013/5/30/513 + +Original commit message follows: +PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that +allows us to control whether transactions are allowed to be redirected +in various subnodes of a PCIe topology. For instance, if two +endpoints are below a root port or downsteam switch port, the +downstream port may optionally redirect transactions between the +devices, bypassing upstream devices. The same can happen internally +on multifunction devices. The transaction may never be visible to the +upstream devices. + +One upstream device that we particularly care about is the IOMMU. If +a redirection occurs in the topology below the IOMMU, then the IOMMU +cannot provide isolation between devices. This is why the PCIe spec +encourages topologies to include ACS support. Without it, we have to +assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation. + +Unfortunately, far too many topologies do not support ACS to make this +a steadfast requirement. Even the latest chipsets from Intel are only +sporadically supporting ACS. We have trouble getting interconnect +vendors to include the PCIe spec required PCIe capability, let alone +suggested features. + +Therefore, we need to add some flexibility. The pcie_acs_override= +boot option lets users opt-in specific devices or sets of devices to +assume ACS support. The "downstream" option assumes full ACS support +on root ports and downstream switch ports. The "multifunction" +option assumes the subset of ACS features available on multifunction +endpoints and upstream switch ports are supported. The "id:nnnn:nnnn" +option enables ACS support on devices matching the provided vendor +and device IDs, allowing more strategic ACS overrides. These options +may be combined in any order. A maximum of 16 id specific overrides +are available. It's suggested to use the most limited set of options +necessary to avoid completely disabling ACS across the topology. +Note to hardware vendors, we have facilities to permanently quirk +specific devices which enforce isolation but not provide an ACS +capability. Please contact me to have your devices added and save +your customers the hassle of this boot option. + +Signed-off-by: Fabian Grünbichler +Signed-off-by: Thomas Lamprecht +--- + .../admin-guide/kernel-parameters.txt | 9 ++ + drivers/pci/quirks.c | 102 ++++++++++++++++++ + 2 files changed, 111 insertions(+) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 174554924fb8..efa4a99121b7 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -3434,6 +3434,15 @@ + Also, it enforces the PCI Local Bus spec + rule that those bits should be 0 in system reset + events (useful for kexec/kdump cases). ++ pci_acs_override = ++ [PCIE] Override missing PCIe ACS support for: ++ downstream ++ All downstream ports - full ACS capabilities ++ multifunction ++ Add multifunction devices - multifunction ACS subset ++ id:nnnn:nnnn ++ Specific device - full ACS capabilities ++ Specified as vid:did (vendor/device ID) in hex + noioapicquirk [APIC] Disable all boot interrupt quirks. + Safety option to keep boot IRQs enabled. This + should never be necessary. +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index 8991b59c5c5b..86f6b7ae6fe6 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void) + } + fs_initcall_sync(pci_apply_final_quirks); + ++static bool acs_on_downstream; ++static bool acs_on_multifunction; ++ ++#define NUM_ACS_IDS 16 ++struct acs_on_id { ++ unsigned short vendor; ++ unsigned short device; ++}; ++static struct acs_on_id acs_on_ids[NUM_ACS_IDS]; ++static u8 max_acs_id; ++ ++static __init int pcie_acs_override_setup(char *p) ++{ ++ if (!p) ++ return -EINVAL; ++ ++ while (*p) { ++ if (!strncmp(p, "downstream", 10)) ++ acs_on_downstream = true; ++ if (!strncmp(p, "multifunction", 13)) ++ acs_on_multifunction = true; ++ if (!strncmp(p, "id:", 3)) { ++ char opt[5]; ++ int ret; ++ long val; ++ ++ if (max_acs_id >= NUM_ACS_IDS - 1) { ++ pr_warn("Out of PCIe ACS override slots (%d)\n", ++ NUM_ACS_IDS); ++ goto next; ++ } ++ ++ p += 3; ++ snprintf(opt, 5, "%s", p); ++ ret = kstrtol(opt, 16, &val); ++ if (ret) { ++ pr_warn("PCIe ACS ID parse error %d\n", ret); ++ goto next; ++ } ++ acs_on_ids[max_acs_id].vendor = val; ++ p += strcspn(p, ":"); ++ if (*p != ':') { ++ pr_warn("PCIe ACS invalid ID\n"); ++ goto next; ++ } ++ ++ p++; ++ snprintf(opt, 5, "%s", p); ++ ret = kstrtol(opt, 16, &val); ++ if (ret) { ++ pr_warn("PCIe ACS ID parse error %d\n", ret); ++ goto next; ++ } ++ acs_on_ids[max_acs_id].device = val; ++ max_acs_id++; ++ } ++next: ++ p += strcspn(p, ","); ++ if (*p == ',') ++ p++; ++ } ++ ++ if (acs_on_downstream || acs_on_multifunction || max_acs_id) ++ pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n"); ++ ++ return 0; ++} ++early_param("pcie_acs_override", pcie_acs_override_setup); ++ ++static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags) ++{ ++ int i; ++ ++ /* Never override ACS for legacy devices or devices with ACS caps */ ++ if (!pci_is_pcie(dev) || ++ pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS)) ++ return -ENOTTY; ++ ++ for (i = 0; i < max_acs_id; i++) ++ if (acs_on_ids[i].vendor == dev->vendor && ++ acs_on_ids[i].device == dev->device) ++ return 1; ++ ++ switch (pci_pcie_type(dev)) { ++ case PCI_EXP_TYPE_DOWNSTREAM: ++ case PCI_EXP_TYPE_ROOT_PORT: ++ if (acs_on_downstream) ++ return 1; ++ break; ++ case PCI_EXP_TYPE_ENDPOINT: ++ case PCI_EXP_TYPE_UPSTREAM: ++ case PCI_EXP_TYPE_LEG_END: ++ case PCI_EXP_TYPE_RC_END: ++ if (acs_on_multifunction && dev->multifunction) ++ return 1; ++ } ++ ++ return -ENOTTY; ++} ++ + /* + * Decoding should be disabled for a PCI device during BAR sizing to avoid + * conflict. But doing so may cause problems on host bridge and perhaps other +@@ -4764,6 +4864,8 @@ static const struct pci_dev_acs_enabled { + { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs }, + /* APM X-Gene */ + { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs }, ++ /* Enable overrides for missing ACS capabilities */ ++ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides }, + /* Ampere Computing */ + { PCI_VENDOR_ID_AMPERE, 0xE005, pci_quirk_xgene_acs }, + { PCI_VENDOR_ID_AMPERE, 0xE006, pci_quirk_xgene_acs }, diff --git a/patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch b/patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch deleted file mode 100644 index 4e060b9..0000000 --- a/patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Lamprecht -Date: Fri, 7 Jun 2019 21:16:42 +0200 -Subject: [PATCH] Revert "KVM: VMX: enable nested virtualization by default" - -This reverts commit 1e58e5e59148916fa43444a406335a990783fb78 - -As we're not yet there, and this effectively breaks live migration -for all VMs using host or +vmx which did not manually enabled nesting - -Those which already enabled nesting manually have already breakage, -but that was something to expect. The situation will get better in -the future (probably post qemu 4.1). - -Signed-off-by: Thomas Lamprecht ---- - arch/x86/kvm/vmx/vmx.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c -index 8129b6b27c93..49987441862e 100644 ---- a/arch/x86/kvm/vmx/vmx.c -+++ b/arch/x86/kvm/vmx/vmx.c -@@ -103,7 +103,7 @@ module_param(enable_apicv, bool, S_IRUGO); - * VMX and be a hypervisor for its own guests. If nested=0, guests may not - * use VMX instructions. - */ --static bool __read_mostly nested = 1; -+static bool __read_mostly nested = 0; - module_param(nested, bool, S_IRUGO); - - static u64 __read_mostly host_xss; diff --git a/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch new file mode 100644 index 0000000..2770e07 --- /dev/null +++ b/patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= +Date: Thu, 14 Sep 2017 11:09:58 +0200 +Subject: [PATCH] kvm: disable default dynamic halt polling growth +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Fabian Grünbichler +Signed-off-by: Thomas Lamprecht +--- + virt/kvm/kvm_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c +index 35a82cb10556..84cf5dcb0405 100644 +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -76,7 +76,7 @@ module_param(halt_poll_ns, uint, 0644); + EXPORT_SYMBOL_GPL(halt_poll_ns); + + /* Default doubles per-vcpu halt_poll_ns. */ +-unsigned int halt_poll_ns_grow = 2; ++unsigned int halt_poll_ns_grow = 0; + module_param(halt_poll_ns_grow, uint, 0644); + EXPORT_SYMBOL_GPL(halt_poll_ns_grow); + diff --git a/patches/kernel/0006-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch b/patches/kernel/0006-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch new file mode 100644 index 0000000..5c01659 --- /dev/null +++ b/patches/kernel/0006-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Lamprecht +Date: Fri, 7 Jun 2019 21:16:42 +0200 +Subject: [PATCH] Revert "KVM: VMX: enable nested virtualization by default" + +This reverts commit 1e58e5e59148916fa43444a406335a990783fb78 + +As we're not yet there, and this effectively breaks live migration +for all VMs using host or +vmx which did not manually enabled nesting + +Those which already enabled nesting manually have already breakage, +but that was something to expect. The situation will get better in +the future (probably post qemu 4.1). + +Signed-off-by: Thomas Lamprecht +--- + arch/x86/kvm/vmx/vmx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index 39a116d43993..25ecb53517eb 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -103,7 +103,7 @@ module_param(enable_apicv, bool, S_IRUGO); + * VMX and be a hypervisor for its own guests. If nested=0, guests may not + * use VMX instructions. + */ +-static bool __read_mostly nested = 1; ++static bool __read_mostly nested = 0; + module_param(nested, bool, S_IRUGO); + + static u64 __read_mostly host_xss;