From 693d0df48337fcfb8ac2964cb263567dc8b9d50f Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@fedoraproject.org>
Date: Jun 03 2009 15:04:28 +0000
Subject: - Prevent locked cdrom eject - fixes hang at end of anaconda installs

    (#501412)
- Fix crash with '-net socket,listen=...' (#501264)
- Avoid harmless 'unhandled wrmsr' warnings (#499712)

---

diff --git a/qemu-avoid-harmless-msr-warnings.patch b/qemu-avoid-harmless-msr-warnings.patch
new file mode 100644
index 0000000..76ed787
--- /dev/null
+++ b/qemu-avoid-harmless-msr-warnings.patch
@@ -0,0 +1,73 @@
+From d283d5a65a2bdcc570065267be21848bd6fe3d78 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Thu, 7 May 2009 15:48:48 -0300
+Subject: [PATCH 1/1] Avoid harmless unhandled wrmsr 0xc0010117 messages
+
+Olders kernel which don't contain kvm.git commit
+61a6bd672bda3b9468bf5895c1be085c4e481138 display the following message:
+
+kvm: 32301: cpu0 unhandled wrmsr: 0xc0010117 data 0
+
+When kvm_arch_load_regs is called. This is confusing in bug reports.
+
+Avoid it by checking whether the host advertises the MSR, similarly to
+how MSR_STAR is handled.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+---
+ qemu-kvm-x86.c |   15 +++++++++++----
+ 1 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
+index 98aa530..1096e65 100644
+--- a/qemu-kvm-x86.c
++++ b/qemu-kvm-x86.c
+@@ -25,6 +25,7 @@
+ static struct kvm_msr_list *kvm_msr_list;
+ extern unsigned int kvm_shadow_memory;
+ static int kvm_has_msr_star;
++static int kvm_has_vm_hsave_pa;
+ 
+ static int lm_capable_kernel;
+ 
+@@ -54,10 +55,14 @@ int kvm_arch_qemu_create_context(void)
+     kvm_msr_list = kvm_get_msr_list(kvm_context);
+     if (!kvm_msr_list)
+ 		return -1;
+-    for (i = 0; i < kvm_msr_list->nmsrs; ++i)
++    for (i = 0; i < kvm_msr_list->nmsrs; ++i) {
+ 	if (kvm_msr_list->indices[i] == MSR_STAR)
+ 	    kvm_has_msr_star = 1;
+-	return 0;
++        if (kvm_msr_list->indices[i] == MSR_VM_HSAVE_PA)
++            kvm_has_vm_hsave_pa = 1;
++    }
++
++    return 0;
+ }
+ 
+ static void set_msr_entry(struct kvm_msr_entry *entry, uint32_t index,
+@@ -260,7 +265,8 @@ void kvm_arch_load_regs(CPUState *env)
+     set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip);
+     if (kvm_has_msr_star)
+ 	set_msr_entry(&msrs[n++], MSR_STAR,              env->star);
+-    set_msr_entry(&msrs[n++], MSR_VM_HSAVE_PA, env->vm_hsave);
++    if (kvm_has_vm_hsave_pa)
++        set_msr_entry(&msrs[n++], MSR_VM_HSAVE_PA, env->vm_hsave);
+ #ifdef TARGET_X86_64
+     if (lm_capable_kernel) {
+         set_msr_entry(&msrs[n++], MSR_CSTAR,             env->cstar);
+@@ -435,7 +441,8 @@ void kvm_arch_save_regs(CPUState *env)
+     if (kvm_has_msr_star)
+ 	msrs[n++].index = MSR_STAR;
+     msrs[n++].index = MSR_IA32_TSC;
+-    msrs[n++].index = MSR_VM_HSAVE_PA;
++    if (kvm_has_vm_hsave_pa)
++        msrs[n++].index = MSR_VM_HSAVE_PA;
+ #ifdef TARGET_X86_64
+     if (lm_capable_kernel) {
+         msrs[n++].index = MSR_CSTAR;
+-- 
+1.6.0.6
+
diff --git a/qemu-fix-net-socket-list-init.patch b/qemu-fix-net-socket-list-init.patch
new file mode 100644
index 0000000..7f4b6f4
--- /dev/null
+++ b/qemu-fix-net-socket-list-init.patch
@@ -0,0 +1,34 @@
+From ea053add700d8abe203cd79a9ffb082aee4eabc0 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Tue, 21 Apr 2009 19:56:11 +0000
+Subject: [PATCH 1/1] net: Fix -net socket,listen (Jan Kiszka)
+
+In case no symbolic name is provided when requesting VLAN connection via
+listening TCP socket ('-net socket,listen=...'), qemu crashes. This
+fixes the cause.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+
+
+git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7196 c046a42c-6fe2-441c-8c8c-71466251a162
+---
+ net.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/net.c b/net.c
+index 7a1b2df..ff6230c 100644
+--- a/net.c
++++ b/net.c
+@@ -1658,7 +1658,7 @@ static int net_socket_listen_init(VLANState *vlan,
+     }
+     s->vlan = vlan;
+     s->model = strdup(model);
+-    s->name = strdup(name);
++    s->name = name ? strdup(name) : NULL;
+     s->fd = fd;
+     qemu_set_fd_handler(fd, net_socket_accept, NULL, s);
+     return 0;
+-- 
+1.6.0.6
+
diff --git a/qemu-prevent-cdrom-media-eject-while-device-is-locked.patch b/qemu-prevent-cdrom-media-eject-while-device-is-locked.patch
new file mode 100644
index 0000000..0152f4a
--- /dev/null
+++ b/qemu-prevent-cdrom-media-eject-while-device-is-locked.patch
@@ -0,0 +1,118 @@
+From: Mark McLoughlin <markmc@redhat.com>
+Subject: [PATCH] Prevent CD-ROM media eject while device is locked
+
+Section 10.8.25 ("START/STOP UNIT Command") of SFF-8020i states that
+if the device is locked we should refuse to eject if the device is
+locked.
+
+ASC_MEDIA_REMOVAL_PREVENTED is the appropriate return in this case.
+
+In order to stop itself from ejecting the media it is running from,
+Fedora's installer (anaconda) requires the CDROMEJECT ioctl() to fail
+if the drive has been previously locked.
+
+See also https://bugzilla.redhat.com/501412
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ block.c  |    9 ++++++++-
+ block.h  |    2 +-
+ hw/ide.c |   26 ++++++++++++++++++--------
+ 3 files changed, 27 insertions(+), 10 deletions(-)
+
+diff --git a/block.c b/block.c
+index 9a2873f..863897a 100644
+--- a/block.c
++++ b/block.c
+@@ -1673,11 +1673,15 @@ int bdrv_media_changed(BlockDriverState *bs)
+ /**
+  * If eject_flag is TRUE, eject the media. Otherwise, close the tray
+  */
+-void bdrv_eject(BlockDriverState *bs, int eject_flag)
++int bdrv_eject(BlockDriverState *bs, int eject_flag)
+ {
+     BlockDriver *drv = bs->drv;
+     int ret;
+ 
++    if (bs->locked) {
++        return -EBUSY;
++    }
++
+     if (!drv || !drv->bdrv_eject) {
+         ret = -ENOTSUP;
+     } else {
+@@ -1686,7 +1690,10 @@ void bdrv_eject(BlockDriverState *bs, int eject_flag)
+     if (ret == -ENOTSUP) {
+         if (eject_flag)
+             bdrv_close(bs);
++        ret = 0;
+     }
++
++    return ret;
+ }
+ 
+ int bdrv_is_locked(BlockDriverState *bs)
+diff --git a/block.h b/block.h
+index 979781a..e1070e9 100644
+--- a/block.h
++++ b/block.h
+@@ -132,7 +132,7 @@ int bdrv_is_inserted(BlockDriverState *bs);
+ int bdrv_media_changed(BlockDriverState *bs);
+ int bdrv_is_locked(BlockDriverState *bs);
+ void bdrv_set_locked(BlockDriverState *bs, int locked);
+-void bdrv_eject(BlockDriverState *bs, int eject_flag);
++int bdrv_eject(BlockDriverState *bs, int eject_flag);
+ void bdrv_set_change_cb(BlockDriverState *bs,
+                         void (*change_cb)(void *opaque), void *opaque);
+ void bdrv_get_format(BlockDriverState *bs, char *buf, int buf_size);
+diff --git a/hw/ide.c b/hw/ide.c
+index 6ad1d08..9b93e7f 100644
+--- a/hw/ide.c
++++ b/hw/ide.c
+@@ -359,6 +359,7 @@
+ #define ASC_INCOMPATIBLE_FORMAT              0x30
+ #define ASC_MEDIUM_NOT_PRESENT               0x3a
+ #define ASC_SAVING_PARAMETERS_NOT_SUPPORTED  0x39
++#define ASC_MEDIA_REMOVAL_PREVENTED          0x53
+ 
+ #define CFA_NO_ERROR            0x00
+ #define CFA_MISC_ERROR          0x09
+@@ -1818,18 +1819,27 @@ static void ide_atapi_cmd(IDEState *s)
+         break;
+     case GPCMD_START_STOP_UNIT:
+         {
+-            int start, eject;
++            int start, eject, err = 0;
+             start = packet[4] & 1;
+             eject = (packet[4] >> 1) & 1;
+ 
+-            if (eject && !start) {
+-                /* eject the disk */
+-                bdrv_eject(s->bs, 1);
+-            } else if (eject && start) {
+-                /* close the tray */
+-                bdrv_eject(s->bs, 0);
++            if (eject) {
++                err = bdrv_eject(s->bs, !start);
++            }
++
++            switch (err) {
++            case 0:
++                ide_atapi_cmd_ok(s);
++                break;
++            case -EBUSY:
++                ide_atapi_cmd_error(s, SENSE_NOT_READY,
++                                    ASC_MEDIA_REMOVAL_PREVENTED);
++                break;
++            default:
++                ide_atapi_cmd_error(s, SENSE_NOT_READY,
++                                    ASC_MEDIUM_NOT_PRESENT);
++                break;
+             }
+-            ide_atapi_cmd_ok(s);
+         }
+         break;
+     case GPCMD_MECHANISM_STATUS:
+-- 
+1.6.2.2
+
diff --git a/qemu.spec b/qemu.spec
index b869277..e7ef33e 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,7 +1,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 0.10.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 # Epoch because we pushed a qemu-1.0 package
 Epoch: 2
 License: GPLv2+ and LGPLv2+ and BSD
@@ -27,7 +27,9 @@ Patch11: qemu-roms-more-room.patch
 Patch12: qemu-roms-more-room-fix-vga-align.patch
 Patch13: qemu-bios-bigger-roms.patch
 Patch14: qemu-kvm-fix-kerneldir-includes.patch
-
+Patch15: qemu-fix-net-socket-list-init.patch
+Patch16: qemu-prevent-cdrom-media-eject-while-device-is-locked.patch
+Patch17: qemu-avoid-harmless-msr-warnings.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel
@@ -222,6 +224,9 @@ such as kvmtrace and kvm_stat.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
 
 %build
 # systems like rhel build system does not have a recent enough linker so
@@ -464,6 +469,11 @@ fi
 %{_mandir}/man1/qemu-img.1*
 
 %changelog
+* Wed Jun  3 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.5-2
+- Prevent locked cdrom eject - fixes hang at end of anaconda installs (#501412)
+- Fix crash with '-net socket,listen=...' (#501264)
+- Avoid harmless 'unhandled wrmsr' warnings (#499712)
+
 * Sun May 31 2009 Glauber Costa <glommer@redhat.com> - 2:0.10.5-1
 - Update to 0.10.5, and remove already upstream patches
     qemu-fix-gcc.patch