diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch index 0532896..ddf26e4 100644 --- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch +++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch @@ -27,7 +27,7 @@ Signed-off-by: Ma Haocong Signed-off-by: John Snow Signed-off-by: Fabian Grünbichler Signed-off-by: Thomas Lamprecht -[FE: rebased for 8.2.2] +[FE: rebased for 9.1.2] Signed-off-by: Fiona Ebner --- block/mirror.c | 99 ++++++++++++++++++++------ @@ -38,7 +38,7 @@ Signed-off-by: Fiona Ebner 5 files changed, 142 insertions(+), 28 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index 1bdce3b657..0c5c72df2e 100644 +index 61f0a717b7..83a88562c5 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -51,7 +51,7 @@ typedef struct MirrorBlockJob { @@ -59,7 +59,7 @@ index 1bdce3b657..0c5c72df2e 100644 BdrvDirtyBitmap *dirty_bitmap; BdrvDirtyBitmapIter *dbi; uint8_t *buf; -@@ -722,7 +724,8 @@ static int mirror_exit_common(Job *job) +@@ -723,7 +725,8 @@ static int mirror_exit_common(Job *job) &error_abort); if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) { @@ -69,7 +69,7 @@ index 1bdce3b657..0c5c72df2e 100644 BlockDriverState *unfiltered_target = bdrv_skip_filters(target_bs); if (bdrv_cow_bs(unfiltered_target) != backing) { -@@ -819,6 +822,16 @@ static void mirror_abort(Job *job) +@@ -824,6 +827,16 @@ static void mirror_abort(Job *job) assert(ret == 0); } @@ -86,7 +86,7 @@ index 1bdce3b657..0c5c72df2e 100644 static void coroutine_fn mirror_throttle(MirrorBlockJob *s) { int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME); -@@ -1015,7 +1028,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp) +@@ -1020,7 +1033,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp) mirror_free_init(s); s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME); @@ -96,7 +96,7 @@ index 1bdce3b657..0c5c72df2e 100644 ret = mirror_dirty_init(s); if (ret < 0 || job_is_cancelled(&s->common.job)) { goto immediate_exit; -@@ -1304,6 +1318,7 @@ static const BlockJobDriver mirror_job_driver = { +@@ -1309,6 +1323,7 @@ static const BlockJobDriver mirror_job_driver = { .run = mirror_run, .prepare = mirror_prepare, .abort = mirror_abort, @@ -104,7 +104,7 @@ index 1bdce3b657..0c5c72df2e 100644 .pause = mirror_pause, .complete = mirror_complete, .cancel = mirror_cancel, -@@ -1322,6 +1337,7 @@ static const BlockJobDriver commit_active_job_driver = { +@@ -1327,6 +1342,7 @@ static const BlockJobDriver commit_active_job_driver = { .run = mirror_run, .prepare = mirror_prepare, .abort = mirror_abort, @@ -112,7 +112,7 @@ index 1bdce3b657..0c5c72df2e 100644 .pause = mirror_pause, .complete = mirror_complete, .cancel = commit_active_cancel, -@@ -1714,7 +1730,10 @@ static BlockJob *mirror_start_job( +@@ -1719,7 +1735,10 @@ static BlockJob *mirror_start_job( BlockCompletionFunc *cb, void *opaque, const BlockJobDriver *driver, @@ -123,8 +123,8 @@ index 1bdce3b657..0c5c72df2e 100644 + BlockDriverState *base, bool auto_complete, const char *filter_node_name, bool is_mirror, MirrorCopyMode copy_mode, - Error **errp) -@@ -1728,10 +1747,39 @@ static BlockJob *mirror_start_job( + bool base_ro, +@@ -1734,10 +1753,39 @@ static BlockJob *mirror_start_job( GLOBAL_STATE_CODE(); @@ -166,7 +166,7 @@ index 1bdce3b657..0c5c72df2e 100644 assert(is_power_of_2(granularity)); if (buf_size < 0) { -@@ -1871,7 +1919,9 @@ static BlockJob *mirror_start_job( +@@ -1878,7 +1926,9 @@ static BlockJob *mirror_start_job( s->replaces = g_strdup(replaces); s->on_source_error = on_source_error; s->on_target_error = on_target_error; @@ -177,7 +177,7 @@ index 1bdce3b657..0c5c72df2e 100644 s->backing_mode = backing_mode; s->zero_target = zero_target; qatomic_set(&s->copy_mode, copy_mode); -@@ -1897,6 +1947,18 @@ static BlockJob *mirror_start_job( +@@ -1904,6 +1954,18 @@ static BlockJob *mirror_start_job( */ bdrv_disable_dirty_bitmap(s->dirty_bitmap); @@ -196,7 +196,7 @@ index 1bdce3b657..0c5c72df2e 100644 bdrv_graph_wrlock(); ret = block_job_add_bdrv(&s->common, "source", bs, 0, BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE | -@@ -1979,6 +2041,9 @@ fail: +@@ -1986,6 +2048,9 @@ fail: if (s->dirty_bitmap) { bdrv_release_dirty_bitmap(s->dirty_bitmap); } @@ -206,7 +206,7 @@ index 1bdce3b657..0c5c72df2e 100644 job_early_fail(&s->common.job); } -@@ -2001,35 +2066,28 @@ void mirror_start(const char *job_id, BlockDriverState *bs, +@@ -2008,35 +2073,28 @@ void mirror_start(const char *job_id, BlockDriverState *bs, BlockDriverState *target, const char *replaces, int creation_flags, int64_t speed, uint32_t granularity, int64_t buf_size, @@ -241,13 +241,13 @@ index 1bdce3b657..0c5c72df2e 100644 speed, granularity, buf_size, backing_mode, zero_target, on_source_error, on_target_error, unmap, NULL, NULL, - &mirror_job_driver, is_none_mode, base, false, -- filter_node_name, true, copy_mode, errp); +- filter_node_name, true, copy_mode, false, errp); + &mirror_job_driver, mode, bitmap, bitmap_mode, base, -+ false, filter_node_name, true, copy_mode, errp); ++ false, filter_node_name, true, copy_mode, false, errp); } BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs, -@@ -2056,7 +2114,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs, +@@ -2063,7 +2121,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs, job_id, bs, creation_flags, base, NULL, speed, 0, 0, MIRROR_LEAVE_BACKING_CHAIN, false, on_error, on_error, true, cb, opaque, @@ -255,13 +255,13 @@ index 1bdce3b657..0c5c72df2e 100644 + &commit_active_job_driver, MIRROR_SYNC_MODE_FULL, + NULL, 0, base, auto_complete, filter_node_name, false, MIRROR_COPY_MODE_BACKGROUND, - errp); + base_read_only, errp); if (!job) { diff --git a/blockdev.c b/blockdev.c -index 4c33c3f5f0..f3e508a6a7 100644 +index 835064ed03..9b10e3917c 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -2776,6 +2776,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2778,6 +2778,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, BlockDriverState *target, const char *replaces, enum MirrorSyncMode sync, @@ -271,7 +271,7 @@ index 4c33c3f5f0..f3e508a6a7 100644 BlockMirrorBackingMode backing_mode, bool zero_target, bool has_speed, int64_t speed, -@@ -2794,6 +2797,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2796,6 +2799,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, { BlockDriverState *unfiltered_bs; int job_flags = JOB_DEFAULT; @@ -279,7 +279,7 @@ index 4c33c3f5f0..f3e508a6a7 100644 GLOBAL_STATE_CODE(); GRAPH_RDLOCK_GUARD_MAINLOOP(); -@@ -2848,6 +2852,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2850,6 +2854,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, sync = MIRROR_SYNC_MODE_FULL; } @@ -309,7 +309,7 @@ index 4c33c3f5f0..f3e508a6a7 100644 if (!replaces) { /* We want to mirror from @bs, but keep implicit filters on top */ unfiltered_bs = bdrv_skip_implicit_filters(bs); -@@ -2889,8 +2916,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2891,8 +2918,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, * and will allow to check whether the node still exist at mirror completion */ mirror_start(job_id, bs, target, @@ -320,7 +320,7 @@ index 4c33c3f5f0..f3e508a6a7 100644 on_source_error, on_target_error, unmap, filter_node_name, copy_mode, errp); } -@@ -3034,6 +3061,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) +@@ -3036,6 +3063,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) blockdev_mirror_common(arg->job_id, bs, target_bs, arg->replaces, arg->sync, @@ -329,7 +329,7 @@ index 4c33c3f5f0..f3e508a6a7 100644 backing_mode, zero_target, arg->has_speed, arg->speed, arg->has_granularity, arg->granularity, -@@ -3053,6 +3082,8 @@ void qmp_blockdev_mirror(const char *job_id, +@@ -3055,6 +3084,8 @@ void qmp_blockdev_mirror(const char *job_id, const char *device, const char *target, const char *replaces, MirrorSyncMode sync, @@ -338,7 +338,7 @@ index 4c33c3f5f0..f3e508a6a7 100644 bool has_speed, int64_t speed, bool has_granularity, uint32_t granularity, bool has_buf_size, int64_t buf_size, -@@ -3093,7 +3124,8 @@ void qmp_blockdev_mirror(const char *job_id, +@@ -3095,7 +3126,8 @@ void qmp_blockdev_mirror(const char *job_id, } blockdev_mirror_common(job_id, bs, target_bs, @@ -364,7 +364,7 @@ index eb2d92a226..f0c642b194 100644 BlockdevOnError on_source_error, BlockdevOnError on_target_error, diff --git a/qapi/block-core.json b/qapi/block-core.json -index b179d65520..905da8be72 100644 +index aa40d44f1d..c2a337cc04 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2174,6 +2174,15 @@ diff --git a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch index 8a1b5d8..7bce3ec 100644 --- a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch +++ b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch @@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index 0c5c72df2e..37fee3fa25 100644 +index 83a88562c5..fc439ea936 100644 --- a/block/mirror.c +++ b/block/mirror.c -@@ -693,8 +693,6 @@ static int mirror_exit_common(Job *job) +@@ -694,8 +694,6 @@ static int mirror_exit_common(Job *job) bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs); } @@ -36,7 +36,7 @@ index 0c5c72df2e..37fee3fa25 100644 /* Make sure that the source BDS doesn't go away during bdrv_replace_node, * before we can call bdrv_drained_end */ bdrv_ref(src); -@@ -800,6 +798,18 @@ static int mirror_exit_common(Job *job) +@@ -805,6 +803,18 @@ static int mirror_exit_common(Job *job) bdrv_drained_end(target_bs); bdrv_unref(target_bs); @@ -55,7 +55,7 @@ index 0c5c72df2e..37fee3fa25 100644 bs_opaque->job = NULL; bdrv_drained_end(src); -@@ -1757,10 +1767,6 @@ static BlockJob *mirror_start_job( +@@ -1763,10 +1773,6 @@ static BlockJob *mirror_start_job( " sync mode", MirrorSyncMode_str(sync_mode)); return NULL; @@ -66,7 +66,7 @@ index 0c5c72df2e..37fee3fa25 100644 } } else if (bitmap) { error_setg(errp, -@@ -1777,6 +1783,12 @@ static BlockJob *mirror_start_job( +@@ -1783,6 +1789,12 @@ static BlockJob *mirror_start_job( return NULL; } granularity = bdrv_dirty_bitmap_granularity(bitmap); diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch index d1e0fb0..d82c415 100644 --- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch +++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch @@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 3 insertions(+) diff --git a/blockdev.c b/blockdev.c -index f3e508a6a7..37b8437f3e 100644 +index 9b10e3917c..c3fa897289 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -2873,6 +2873,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2875,6 +2875,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) { return; } diff --git a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch index 33e6923..dee6c7e 100644 --- a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch +++ b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch @@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index 37fee3fa25..6b3cce1007 100644 +index fc439ea936..cde5d710fd 100644 --- a/block/mirror.c +++ b/block/mirror.c -@@ -804,8 +804,8 @@ static int mirror_exit_common(Job *job) +@@ -809,8 +809,8 @@ static int mirror_exit_common(Job *job) job->ret == 0 && ret == 0)) { /* Success; synchronize copy back to sync. */ bdrv_clear_dirty_bitmap(s->sync_bitmap, NULL); @@ -30,7 +30,7 @@ index 37fee3fa25..6b3cce1007 100644 } } bdrv_release_dirty_bitmap(s->dirty_bitmap); -@@ -1964,11 +1964,8 @@ static BlockJob *mirror_start_job( +@@ -1971,11 +1971,8 @@ static BlockJob *mirror_start_job( } if (s->sync_mode == MIRROR_SYNC_MODE_BITMAP) { diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch index 9f68e4f..f0165d5 100644 --- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch +++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch @@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner 3 files changed, 70 insertions(+), 59 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index 6b3cce1007..2f1223852b 100644 +index cde5d710fd..e20f50e5fb 100644 --- a/block/mirror.c +++ b/block/mirror.c -@@ -1757,31 +1757,13 @@ static BlockJob *mirror_start_job( +@@ -1763,31 +1763,13 @@ static BlockJob *mirror_start_job( GLOBAL_STATE_CODE(); @@ -62,10 +62,10 @@ index 6b3cce1007..2f1223852b 100644 if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) { diff --git a/blockdev.c b/blockdev.c -index 37b8437f3e..ed8198f351 100644 +index c3fa897289..9cbd166674 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -2852,7 +2852,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2854,7 +2854,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, sync = MIRROR_SYNC_MODE_FULL; } diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch index 45e7f87..e0be888 100644 --- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch +++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch @@ -48,7 +48,7 @@ Signed-off-by: Thomas Lamprecht 6 files changed, 59 insertions(+), 5 deletions(-) diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h -index 965f5d5450..e04bd059b6 100644 +index c3740ec616..7f38ce6b8b 100644 --- a/include/monitor/monitor.h +++ b/include/monitor/monitor.h @@ -16,6 +16,7 @@ extern QemuOptsList qemu_mon_opts; @@ -60,7 +60,7 @@ index 965f5d5450..e04bd059b6 100644 void monitor_init_globals(void); void monitor_init_globals_core(void); diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h -index 252de85681..8db28f9272 100644 +index cb628f681d..93dbd62fc2 100644 --- a/monitor/monitor-internal.h +++ b/monitor/monitor-internal.h @@ -151,6 +151,13 @@ typedef struct { @@ -78,10 +78,10 @@ index 252de85681..8db28f9272 100644 /** diff --git a/monitor/monitor.c b/monitor/monitor.c -index 01ede1babd..5681bca346 100644 +index db52a9c7ef..2d63959351 100644 --- a/monitor/monitor.c +++ b/monitor/monitor.c -@@ -117,6 +117,21 @@ bool monitor_cur_is_qmp(void) +@@ -116,6 +116,21 @@ bool monitor_cur_is_qmp(void) return cur_mon && monitor_is_qmp(cur_mon); } @@ -104,7 +104,7 @@ index 01ede1babd..5681bca346 100644 * Is @mon is using readline? * Note: not all HMP monitors use readline, e.g., gdbserver has a diff --git a/monitor/qmp.c b/monitor/qmp.c -index a239945e8d..589c9524f8 100644 +index 5e538f34c0..eb181d5979 100644 --- a/monitor/qmp.c +++ b/monitor/qmp.c @@ -165,6 +165,8 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req) @@ -189,7 +189,7 @@ index 176b549473..790bb7d1da 100644 aio_bh_schedule_oneshot(iohandler_get_aio_context(), do_qmp_dispatch_bh, &data); diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c -index afa477aae6..d3ff124bf3 100644 +index 1894cdfe1f..d74d0459f0 100644 --- a/stubs/monitor-core.c +++ b/stubs/monitor-core.c @@ -12,6 +12,11 @@ Monitor *monitor_set_cur(Coroutine *co, Monitor *mon) @@ -201,6 +201,6 @@ index afa477aae6..d3ff124bf3 100644 + return -1; +} + - void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp) + void qapi_event_emit(QAPIEvent event, QDict *qdict) { } diff --git a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch index 502c9d2..b97684d 100644 --- a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch +++ b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch @@ -55,7 +55,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/ide/core.c b/hw/ide/core.c -index e8cb2dac92..3b21acf651 100644 +index 08d9218455..20d8c0cf66 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -456,7 +456,7 @@ static void ide_trim_bh_cb(void *opaque) diff --git a/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch b/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch index 22eb1e7..99b9499 100644 --- a/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch +++ b/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch @@ -24,10 +24,10 @@ Signed-off-by: Fiona Ebner 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c -index 53f804ac16..9b1b9f0412 100644 +index 5d4bd2b710..67194bb705 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c -@@ -347,13 +347,9 @@ Aml *aml_pci_device_dsm(void) +@@ -346,13 +346,9 @@ Aml *aml_pci_device_dsm(void) { Aml *params = aml_local(0); Aml *pkg = aml_package(2); diff --git a/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch b/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch deleted file mode 100644 index a8bdd85..0000000 --- a/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Mon, 29 Apr 2024 15:41:11 +0200 -Subject: [PATCH] block/copy-before-write: use uint64_t for timeout in - nanoseconds - -rather than the uint32_t for which the maximum is slightly more than 4 -seconds and larger values would overflow. The QAPI interface allows -specifying the number of seconds, so only values 0 to 4 are safe right -now, other values lead to a much lower timeout than a user expects. - -The block_copy() call where this is used already takes a uint64_t for -the timeout, so no change required there. - -Fixes: 6db7fd1ca9 ("block/copy-before-write: implement cbw-timeout option") -Reported-by: Friedrich Weber -Signed-off-by: Fiona Ebner -Tested-by: Friedrich Weber ---- - block/copy-before-write.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/block/copy-before-write.c b/block/copy-before-write.c -index 8aba27a71d..026fa9840f 100644 ---- a/block/copy-before-write.c -+++ b/block/copy-before-write.c -@@ -43,7 +43,7 @@ typedef struct BDRVCopyBeforeWriteState { - BlockCopyState *bcs; - BdrvChild *target; - OnCbwError on_cbw_error; -- uint32_t cbw_timeout_ns; -+ uint64_t cbw_timeout_ns; - - /* - * @lock: protects access to @access_bitmap, @done_bitmap and diff --git a/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch b/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch deleted file mode 100644 index 6a759a4..0000000 --- a/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy -Date: Thu, 11 Apr 2024 11:29:22 +0200 -Subject: [PATCH] block/copy-before-write: fix permission - -In case when source node does not have any parents, the condition still -works as required: backup job do create the parent by - - block_job_create -> block_job_add_bdrv -> bdrv_root_attach_child - -Still, in this case checking @perm variable doesn't work, as backup job -creates the root blk with empty permissions (as it rely on CBW filter -to require correct permissions and don't want to create extra -conflicts). - -So, we should not check @perm. - -The hack may be dropped entirely when transactional insertion of -filter (when we don't try to recalculate permissions in intermediate -state, when filter does conflict with original parent of the source -node) merged (old big series -"[PATCH v5 00/45] Transactional block-graph modifying API"[1] and it's -current in-flight part is "[PATCH v8 0/7] blockdev-replace"[2]) - -[1] https://patchew.org/QEMU/20220330212902.590099-1-vsementsov@openvz.org/ -[2] https://patchew.org/QEMU/20231017184444.932733-1-vsementsov@yandex-team.ru/ - -Signed-off-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Fiona Ebner -Signed-off-by: Thomas Lamprecht ---- - block/copy-before-write.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/block/copy-before-write.c b/block/copy-before-write.c -index 026fa9840f..5a9456d426 100644 ---- a/block/copy-before-write.c -+++ b/block/copy-before-write.c -@@ -364,9 +364,13 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role, - perm, shared, nperm, nshared); - - if (!QLIST_EMPTY(&bs->parents)) { -- if (perm & BLK_PERM_WRITE) { -- *nperm = *nperm | BLK_PERM_CONSISTENT_READ; -- } -+ /* -+ * Note, that source child may be shared with backup job. Backup job -+ * does create own blk parent on copy-before-write node, so this -+ * works even if source node does not have any parents before backup -+ * start -+ */ -+ *nperm = *nperm | BLK_PERM_CONSISTENT_READ; - *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); - } - } diff --git a/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch b/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch deleted file mode 100644 index f651c58..0000000 --- a/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy -Date: Thu, 11 Apr 2024 11:29:23 +0200 -Subject: [PATCH] block/copy-before-write: support unligned snapshot-discard - -First thing that crashes on unligned access here is -bdrv_reset_dirty_bitmap(). Correct way is to align-down the -snapshot-discard request. - -Signed-off-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Fiona Ebner -Signed-off-by: Thomas Lamprecht ---- - block/copy-before-write.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/block/copy-before-write.c b/block/copy-before-write.c -index 5a9456d426..c0e70669a2 100644 ---- a/block/copy-before-write.c -+++ b/block/copy-before-write.c -@@ -325,14 +325,24 @@ static int coroutine_fn GRAPH_RDLOCK - cbw_co_pdiscard_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes) - { - BDRVCopyBeforeWriteState *s = bs->opaque; -+ uint32_t cluster_size = block_copy_cluster_size(s->bcs); -+ int64_t aligned_offset = QEMU_ALIGN_UP(offset, cluster_size); -+ int64_t aligned_end = QEMU_ALIGN_DOWN(offset + bytes, cluster_size); -+ int64_t aligned_bytes; -+ -+ if (aligned_end <= aligned_offset) { -+ return 0; -+ } -+ aligned_bytes = aligned_end - aligned_offset; - - WITH_QEMU_LOCK_GUARD(&s->lock) { -- bdrv_reset_dirty_bitmap(s->access_bitmap, offset, bytes); -+ bdrv_reset_dirty_bitmap(s->access_bitmap, aligned_offset, -+ aligned_bytes); - } - -- block_copy_reset(s->bcs, offset, bytes); -+ block_copy_reset(s->bcs, aligned_offset, aligned_bytes); - -- return bdrv_co_pdiscard(s->target, offset, bytes); -+ return bdrv_co_pdiscard(s->target, aligned_offset, aligned_bytes); - } - - static void GRAPH_RDLOCK cbw_refresh_filename(BlockDriverState *bs) diff --git a/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch b/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch deleted file mode 100644 index 7cd24d0..0000000 --- a/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch +++ /dev/null @@ -1,373 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy -Date: Thu, 11 Apr 2024 11:29:24 +0200 -Subject: [PATCH] block/copy-before-write: create block_copy bitmap in filter - node - -Currently block_copy creates copy_bitmap in source node. But that is in -bad relation with .independent_close=true of copy-before-write filter: -source node may be detached and removed before .bdrv_close() handler -called, which should call block_copy_state_free(), which in turn should -remove copy_bitmap. - -That's all not ideal: it would be better if internal bitmap of -block-copy object is not attached to any node. But that is not possible -now. - -The simplest solution is just create copy_bitmap in filter node, where -anyway two other bitmaps are created. - -Signed-off-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Fiona Ebner -Signed-off-by: Thomas Lamprecht ---- - block/block-copy.c | 3 +- - block/copy-before-write.c | 2 +- - include/block/block-copy.h | 1 + - tests/qemu-iotests/257.out | 112 ++++++++++++++++++------------------- - 4 files changed, 60 insertions(+), 58 deletions(-) - -diff --git a/block/block-copy.c b/block/block-copy.c -index 9ee3dd7ef5..8fca2c3698 100644 ---- a/block/block-copy.c -+++ b/block/block-copy.c -@@ -351,6 +351,7 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target, - } - - BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, -+ BlockDriverState *copy_bitmap_bs, - const BdrvDirtyBitmap *bitmap, - Error **errp) - { -@@ -367,7 +368,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, - return NULL; - } - -- copy_bitmap = bdrv_create_dirty_bitmap(source->bs, cluster_size, NULL, -+ copy_bitmap = bdrv_create_dirty_bitmap(copy_bitmap_bs, cluster_size, NULL, - errp); - if (!copy_bitmap) { - return NULL; -diff --git a/block/copy-before-write.c b/block/copy-before-write.c -index c0e70669a2..94db31512d 100644 ---- a/block/copy-before-write.c -+++ b/block/copy-before-write.c -@@ -468,7 +468,7 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags, - ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) & - bs->file->bs->supported_zero_flags); - -- s->bcs = block_copy_state_new(bs->file, s->target, bitmap, errp); -+ s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp); - if (!s->bcs) { - error_prepend(errp, "Cannot create block-copy-state: "); - return -EINVAL; -diff --git a/include/block/block-copy.h b/include/block/block-copy.h -index 0700953ab8..8b41643bfa 100644 ---- a/include/block/block-copy.h -+++ b/include/block/block-copy.h -@@ -25,6 +25,7 @@ typedef struct BlockCopyState BlockCopyState; - typedef struct BlockCopyCallState BlockCopyCallState; - - BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, -+ BlockDriverState *copy_bitmap_bs, - const BdrvDirtyBitmap *bitmap, - Error **errp); - -diff --git a/tests/qemu-iotests/257.out b/tests/qemu-iotests/257.out -index aa76131ca9..c33dd7f3a9 100644 ---- a/tests/qemu-iotests/257.out -+++ b/tests/qemu-iotests/257.out -@@ -120,16 +120,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -596,16 +596,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -865,16 +865,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -1341,16 +1341,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -1610,16 +1610,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -2086,16 +2086,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -2355,16 +2355,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -2831,16 +2831,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -3100,16 +3100,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -3576,16 +3576,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -3845,16 +3845,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -4321,16 +4321,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -4590,16 +4590,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, -@@ -5066,16 +5066,16 @@ write -P0x67 0x3fe0000 0x20000 - "granularity": 65536, - "persistent": false, - "recording": false -- } -- ], -- "drive0": [ -+ }, - { - "busy": false, - "count": 0, - "granularity": 65536, - "persistent": false, - "recording": false -- }, -+ } -+ ], -+ "drive0": [ - { - "busy": false, - "count": 458752, diff --git a/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch b/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch deleted file mode 100644 index e11a37d..0000000 --- a/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch +++ /dev/null @@ -1,277 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy -Date: Thu, 11 Apr 2024 11:29:25 +0200 -Subject: [PATCH] qapi: blockdev-backup: add discard-source parameter - -Add a parameter that enables discard-after-copy. That is mostly useful -in "push backup with fleecing" scheme, when source is snapshot-access -format driver node, based on copy-before-write filter snapshot-access -API: - -[guest] [snapshot-access] ~~ blockdev-backup ~~> [backup target] - | | - | root | file - v v -[copy-before-write] - | | - | file | target - v v -[active disk] [temp.img] - -In this case discard-after-copy does two things: - - - discard data in temp.img to save disk space - - avoid further copy-before-write operation in discarded area - -Note that we have to declare WRITE permission on source in -copy-before-write filter, for discard to work. Still we can't take it -unconditionally, as it will break normal backup from RO source. So, we -have to add a parameter and pass it thorough bdrv_open flags. - -Signed-off-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Fiona Ebner -Signed-off-by: Thomas Lamprecht ---- - block/backup.c | 5 +++-- - block/block-copy.c | 9 +++++++++ - block/copy-before-write.c | 15 +++++++++++++-- - block/copy-before-write.h | 1 + - block/replication.c | 4 ++-- - blockdev.c | 2 +- - include/block/block-common.h | 2 ++ - include/block/block-copy.h | 1 + - include/block/block_int-global-state.h | 2 +- - qapi/block-core.json | 4 ++++ - 10 files changed, 37 insertions(+), 8 deletions(-) - -diff --git a/block/backup.c b/block/backup.c -index ec29d6b810..3dd2e229d2 100644 ---- a/block/backup.c -+++ b/block/backup.c -@@ -356,7 +356,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, - BlockDriverState *target, int64_t speed, - MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap, - BitmapSyncMode bitmap_mode, -- bool compress, -+ bool compress, bool discard_source, - const char *filter_node_name, - BackupPerf *perf, - BlockdevOnError on_source_error, -@@ -457,7 +457,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, - goto error; - } - -- cbw = bdrv_cbw_append(bs, target, filter_node_name, &bcs, errp); -+ cbw = bdrv_cbw_append(bs, target, filter_node_name, discard_source, -+ &bcs, errp); - if (!cbw) { - goto error; - } -diff --git a/block/block-copy.c b/block/block-copy.c -index 8fca2c3698..7e3b378528 100644 ---- a/block/block-copy.c -+++ b/block/block-copy.c -@@ -137,6 +137,7 @@ typedef struct BlockCopyState { - CoMutex lock; - int64_t in_flight_bytes; - BlockCopyMethod method; -+ bool discard_source; - BlockReqList reqs; - QLIST_HEAD(, BlockCopyCallState) calls; - /* -@@ -353,6 +354,7 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target, - BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, - BlockDriverState *copy_bitmap_bs, - const BdrvDirtyBitmap *bitmap, -+ bool discard_source, - Error **errp) - { - ERRP_GUARD(); -@@ -418,6 +420,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, - cluster_size), - }; - -+ s->discard_source = discard_source; - block_copy_set_copy_opts(s, false, false); - - ratelimit_init(&s->rate_limit); -@@ -589,6 +592,12 @@ static coroutine_fn int block_copy_task_entry(AioTask *task) - co_put_to_shres(s->mem, t->req.bytes); - block_copy_task_end(t, ret); - -+ if (s->discard_source && ret == 0) { -+ int64_t nbytes = -+ MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset; -+ bdrv_co_pdiscard(s->source, t->req.offset, nbytes); -+ } -+ - return ret; - } - -diff --git a/block/copy-before-write.c b/block/copy-before-write.c -index 94db31512d..853e01a1eb 100644 ---- a/block/copy-before-write.c -+++ b/block/copy-before-write.c -@@ -44,6 +44,7 @@ typedef struct BDRVCopyBeforeWriteState { - BdrvChild *target; - OnCbwError on_cbw_error; - uint64_t cbw_timeout_ns; -+ bool discard_source; - - /* - * @lock: protects access to @access_bitmap, @done_bitmap and -@@ -357,6 +358,8 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role, - uint64_t perm, uint64_t shared, - uint64_t *nperm, uint64_t *nshared) - { -+ BDRVCopyBeforeWriteState *s = bs->opaque; -+ - if (!(role & BDRV_CHILD_FILTERED)) { - /* - * Target child -@@ -381,6 +384,10 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role, - * start - */ - *nperm = *nperm | BLK_PERM_CONSISTENT_READ; -+ if (s->discard_source) { -+ *nperm = *nperm | BLK_PERM_WRITE; -+ } -+ - *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); - } - } -@@ -468,7 +475,9 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags, - ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) & - bs->file->bs->supported_zero_flags); - -- s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp); -+ s->discard_source = flags & BDRV_O_CBW_DISCARD_SOURCE; -+ s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, -+ flags & BDRV_O_CBW_DISCARD_SOURCE, errp); - if (!s->bcs) { - error_prepend(errp, "Cannot create block-copy-state: "); - return -EINVAL; -@@ -535,12 +544,14 @@ static BlockDriver bdrv_cbw_filter = { - BlockDriverState *bdrv_cbw_append(BlockDriverState *source, - BlockDriverState *target, - const char *filter_node_name, -+ bool discard_source, - BlockCopyState **bcs, - Error **errp) - { - BDRVCopyBeforeWriteState *state; - BlockDriverState *top; - QDict *opts; -+ int flags = BDRV_O_RDWR | (discard_source ? BDRV_O_CBW_DISCARD_SOURCE : 0); - - assert(source->total_sectors == target->total_sectors); - GLOBAL_STATE_CODE(); -@@ -553,7 +564,7 @@ BlockDriverState *bdrv_cbw_append(BlockDriverState *source, - qdict_put_str(opts, "file", bdrv_get_node_name(source)); - qdict_put_str(opts, "target", bdrv_get_node_name(target)); - -- top = bdrv_insert_node(source, opts, BDRV_O_RDWR, errp); -+ top = bdrv_insert_node(source, opts, flags, errp); - if (!top) { - return NULL; - } -diff --git a/block/copy-before-write.h b/block/copy-before-write.h -index 6e72bb25e9..01af0cd3c4 100644 ---- a/block/copy-before-write.h -+++ b/block/copy-before-write.h -@@ -39,6 +39,7 @@ - BlockDriverState *bdrv_cbw_append(BlockDriverState *source, - BlockDriverState *target, - const char *filter_node_name, -+ bool discard_source, - BlockCopyState **bcs, - Error **errp); - void bdrv_cbw_drop(BlockDriverState *bs); -diff --git a/block/replication.c b/block/replication.c -index ca6bd0a720..0415a5e8b7 100644 ---- a/block/replication.c -+++ b/block/replication.c -@@ -582,8 +582,8 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, - - s->backup_job = backup_job_create( - NULL, s->secondary_disk->bs, s->hidden_disk->bs, -- 0, MIRROR_SYNC_MODE_NONE, NULL, 0, false, NULL, -- &perf, -+ 0, MIRROR_SYNC_MODE_NONE, NULL, 0, false, false, -+ NULL, &perf, - BLOCKDEV_ON_ERROR_REPORT, - BLOCKDEV_ON_ERROR_REPORT, JOB_INTERNAL, - backup_job_completed, bs, NULL, &local_err); -diff --git a/blockdev.c b/blockdev.c -index 057601dcf0..4c33c3f5f0 100644 ---- a/blockdev.c -+++ b/blockdev.c -@@ -2726,7 +2726,7 @@ static BlockJob *do_backup_common(BackupCommon *backup, - - job = backup_job_create(backup->job_id, bs, target_bs, backup->speed, - backup->sync, bmap, backup->bitmap_mode, -- backup->compress, -+ backup->compress, backup->discard_source, - backup->filter_node_name, - &perf, - backup->on_source_error, -diff --git a/include/block/block-common.h b/include/block/block-common.h -index a846023a09..338fe5ff7a 100644 ---- a/include/block/block-common.h -+++ b/include/block/block-common.h -@@ -243,6 +243,8 @@ typedef enum { - read-write fails */ - #define BDRV_O_IO_URING 0x40000 /* use io_uring instead of the thread pool */ - -+#define BDRV_O_CBW_DISCARD_SOURCE 0x80000 /* for copy-before-write filter */ -+ - #define BDRV_O_CACHE_MASK (BDRV_O_NOCACHE | BDRV_O_NO_FLUSH) - - -diff --git a/include/block/block-copy.h b/include/block/block-copy.h -index 8b41643bfa..bdc703bacd 100644 ---- a/include/block/block-copy.h -+++ b/include/block/block-copy.h -@@ -27,6 +27,7 @@ typedef struct BlockCopyCallState BlockCopyCallState; - BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, - BlockDriverState *copy_bitmap_bs, - const BdrvDirtyBitmap *bitmap, -+ bool discard_source, - Error **errp); - - /* Function should be called prior any actual copy request */ -diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h -index d2201e27f4..eb2d92a226 100644 ---- a/include/block/block_int-global-state.h -+++ b/include/block/block_int-global-state.h -@@ -193,7 +193,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, - MirrorSyncMode sync_mode, - BdrvDirtyBitmap *sync_bitmap, - BitmapSyncMode bitmap_mode, -- bool compress, -+ bool compress, bool discard_source, - const char *filter_node_name, - BackupPerf *perf, - BlockdevOnError on_source_error, -diff --git a/qapi/block-core.json b/qapi/block-core.json -index 4b18e01b85..b179d65520 100644 ---- a/qapi/block-core.json -+++ b/qapi/block-core.json -@@ -1610,6 +1610,9 @@ - # node specified by @drive. If this option is not given, a node - # name is autogenerated. (Since: 4.2) - # -+# @discard-source: Discard blocks on source which are already copied -+# to the target. (Since 9.0) -+# - # @x-perf: Performance options. (Since 6.0) - # - # Features: -@@ -1631,6 +1634,7 @@ - '*on-target-error': 'BlockdevOnError', - '*auto-finalize': 'bool', '*auto-dismiss': 'bool', - '*filter-node-name': 'str', -+ '*discard-source': 'bool', - '*x-perf': { 'type': 'BackupPerf', - 'features': [ 'unstable' ] } } } - diff --git a/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch b/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch deleted file mode 100644 index c5a3e92..0000000 --- a/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Huth -Date: Tue, 18 Jun 2024 14:19:58 +0200 -Subject: [PATCH] hw/virtio: Fix the de-initialization of vhost-user devices - -The unrealize functions of the various vhost-user devices are -calling the corresponding vhost_*_set_status() functions with a -status of 0 to shut down the device correctly. - -Now these vhost_*_set_status() functions all follow this scheme: - - bool should_start = virtio_device_should_start(vdev, status); - - if (vhost_dev_is_started(&vvc->vhost_dev) == should_start) { - return; - } - - if (should_start) { - /* ... do the initialization stuff ... */ - } else { - /* ... do the cleanup stuff ... */ - } - -The problem here is virtio_device_should_start(vdev, 0) currently -always returns "true" since it internally only looks at vdev->started -instead of looking at the "status" parameter. Thus once the device -got started once, virtio_device_should_start() always returns true -and thus the vhost_*_set_status() functions return early, without -ever doing any clean-up when being called with status == 0. This -causes e.g. problems when trying to hot-plug and hot-unplug a vhost -user devices multiple times since the de-initialization step is -completely skipped during the unplug operation. - -This bug has been introduced in commit 9f6bcfd99f ("hw/virtio: move -vm_running check to virtio_device_started") which replaced - - should_start = status & VIRTIO_CONFIG_S_DRIVER_OK; - -with - - should_start = virtio_device_started(vdev, status); - -which later got replaced by virtio_device_should_start(). This blocked -the possibility to set should_start to false in case the status flag -VIRTIO_CONFIG_S_DRIVER_OK was not set. - -Fix it by adjusting the virtio_device_should_start() function to -only consider the status flag instead of vdev->started. Since this -function is only used in the various vhost_*_set_status() functions -for exactly the same purpose, it should be fine to fix it in this -central place there without any risk to change the behavior of other -code. - -Fixes: 9f6bcfd99f ("hw/virtio: move vm_running check to virtio_device_started") -Buglink: https://issues.redhat.com/browse/RHEL-40708 -Signed-off-by: Thomas Huth -Message-Id: <20240618121958.88673-1-thuth@redhat.com> -Reviewed-by: Manos Pitsidianakis -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -(cherry picked from commit d72479b11797c28893e1e3fc565497a9cae5ca16) -Signed-off-by: Fiona Ebner ---- - include/hw/virtio/virtio.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h -index 7d5ffdc145..2eafad17b8 100644 ---- a/include/hw/virtio/virtio.h -+++ b/include/hw/virtio/virtio.h -@@ -470,9 +470,9 @@ static inline bool virtio_device_started(VirtIODevice *vdev, uint8_t status) - * @vdev - the VirtIO device - * @status - the devices status bits - * -- * This is similar to virtio_device_started() but also encapsulates a -- * check on the VM status which would prevent a device starting -- * anyway. -+ * This is similar to virtio_device_started() but ignores vdev->started -+ * and also encapsulates a check on the VM status which would prevent a -+ * device from starting anyway. - */ - static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status) - { -@@ -480,7 +480,7 @@ static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status - return false; - } - -- return virtio_device_started(vdev, status); -+ return status & VIRTIO_CONFIG_S_DRIVER_OK; - } - - static inline void virtio_set_started(VirtIODevice *vdev, bool started) diff --git a/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch b/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch deleted file mode 100644 index 3ca2147..0000000 --- a/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniyal Khan -Date: Wed, 17 Jul 2024 16:01:47 +1000 -Subject: [PATCH] target/arm: Use float_status copy in sme_fmopa_s -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We made a copy above because the fp exception flags -are not propagated back to the FPST register, but -then failed to use the copy. - -Cc: qemu-stable@nongnu.org -Fixes: 558e956c719 ("target/arm: Implement FMOPA, FMOPS (non-widening)") -Signed-off-by: Daniyal Khan -Signed-off-by: Richard Henderson -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Alex Bennée -Message-id: 20240717060149.204788-2-richard.henderson@linaro.org -[rth: Split from a larger patch] -Signed-off-by: Richard Henderson -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Alex Bennée -Signed-off-by: Peter Maydell -(cherry picked from commit 31d93fedf41c24b0badb38cd9317590d1ef74e37) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/sme_helper.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c -index e2e0575039..5a6dd76489 100644 ---- a/target/arm/tcg/sme_helper.c -+++ b/target/arm/tcg/sme_helper.c -@@ -916,7 +916,7 @@ void HELPER(sme_fmopa_s)(void *vza, void *vzn, void *vzm, void *vpn, - if (pb & 1) { - uint32_t *a = vza_row + H1_4(col); - uint32_t *m = vzm + H1_4(col); -- *a = float32_muladd(n, *m, *a, 0, vst); -+ *a = float32_muladd(n, *m, *a, 0, &fpst); - } - col += 4; - pb >>= 4; diff --git a/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch b/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch deleted file mode 100644 index 56f24fc..0000000 --- a/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Richard Henderson -Date: Wed, 17 Jul 2024 16:01:48 +1000 -Subject: [PATCH] target/arm: Use FPST_F16 for SME FMOPA (widening) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This operation has float16 inputs and thus must use -the FZ16 control not the FZ control. - -Cc: qemu-stable@nongnu.org -Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") -Reported-by: Daniyal Khan -Signed-off-by: Richard Henderson -Reviewed-by: Alex Bennée -Message-id: 20240717060149.204788-3-richard.henderson@linaro.org -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2374 -Signed-off-by: Richard Henderson -Reviewed-by: Alex Bennée -Signed-off-by: Peter Maydell -(cherry picked from commit 207d30b5fdb5b45a36f26eefcf52fe2c1714dd4f) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/translate-sme.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c -index 46c7fce8b4..185a8a917b 100644 ---- a/target/arm/tcg/translate-sme.c -+++ b/target/arm/tcg/translate-sme.c -@@ -304,6 +304,7 @@ static bool do_outprod(DisasContext *s, arg_op *a, MemOp esz, - } - - static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz, -+ ARMFPStatusFlavour e_fpst, - gen_helper_gvec_5_ptr *fn) - { - int svl = streaming_vec_reg_size(s); -@@ -319,15 +320,18 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz, - zm = vec_full_reg_ptr(s, a->zm); - pn = pred_full_reg_ptr(s, a->pn); - pm = pred_full_reg_ptr(s, a->pm); -- fpst = fpstatus_ptr(FPST_FPCR); -+ fpst = fpstatus_ptr(e_fpst); - - fn(za, zn, zm, pn, pm, fpst, tcg_constant_i32(desc)); - return true; - } - --TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_h) --TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_s) --TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, MO_64, gen_helper_sme_fmopa_d) -+TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, -+ MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h) -+TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, -+ MO_32, FPST_FPCR, gen_helper_sme_fmopa_s) -+TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, -+ MO_64, FPST_FPCR, gen_helper_sme_fmopa_d) - - /* TODO: FEAT_EBF16 */ - TRANS_FEAT(BFMOPA, aa64_sme, do_outprod, a, MO_32, gen_helper_sme_bfmopa) diff --git a/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch b/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch deleted file mode 100644 index 6fad4dc..0000000 --- a/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Wed, 10 Jul 2024 17:25:29 +0200 -Subject: [PATCH] scsi: fix regression and honor bootindex again for legacy - drives - -Commit 3089637461 ("scsi: Don't ignore most usb-storage properties") -removed the call to object_property_set_int() and thus the 'set' -method for the bootindex property was also not called anymore. Here -that method is device_set_bootindex() (as configured by -scsi_dev_instance_init() -> device_add_bootindex_property()) which as -a side effect registers the device via add_boot_device_path(). - -As reported by a downstream user [0], the bootindex property did not -have the desired effect anymore for legacy drives. Fix the regression -by explicitly calling the add_boot_device_path() function after -checking that the bootindex is not yet used (to avoid -add_boot_device_path() calling exit()). - -[0]: https://forum.proxmox.com/threads/149772/post-679433 - -Cc: qemu-stable@nongnu.org -Fixes: 3089637461 ("scsi: Don't ignore most usb-storage properties") -Suggested-by: Kevin Wolf -Signed-off-by: Fiona Ebner -Link: https://lore.kernel.org/r/20240710152529.1737407-1-f.ebner@proxmox.com -Signed-off-by: Paolo Bonzini -(cherry picked from commit 57a8a80d1a5b28797b21d30bfc60601945820e51) -Signed-off-by: Fiona Ebner ---- - hw/scsi/scsi-bus.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c -index 9e40b0c920..53eff5dd3d 100644 ---- a/hw/scsi/scsi-bus.c -+++ b/hw/scsi/scsi-bus.c -@@ -384,6 +384,7 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk, - DeviceState *dev; - SCSIDevice *s; - DriveInfo *dinfo; -+ Error *local_err = NULL; - - if (blk_is_sg(blk)) { - driver = "scsi-generic"; -@@ -403,6 +404,14 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk, - s = SCSI_DEVICE(dev); - s->conf = *conf; - -+ check_boot_index(conf->bootindex, &local_err); -+ if (local_err) { -+ object_unparent(OBJECT(dev)); -+ error_propagate(errp, local_err); -+ return NULL; -+ } -+ add_boot_device_path(conf->bootindex, dev, NULL); -+ - qdev_prop_set_uint32(dev, "scsi-id", unit); - if (object_property_find(OBJECT(dev), "removable")) { - qdev_prop_set_bit(dev, "removable", removable); diff --git a/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch b/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch deleted file mode 100644 index e118289..0000000 --- a/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Mon, 15 Jul 2024 15:14:03 +0200 -Subject: [PATCH] hw/scsi/lsi53c895a: bump instruction limit in scripts - processing to fix regression - -Commit 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts -processing") reduced the maximum allowed instruction count by -a factor of 100 all the way down to 100. - -This causes the "Check Point R81.20 Gaia" appliance [0] to fail to -boot after fully finishing the installation via the appliance's web -interface (there is already one reboot before that). - -With a limit of 150, the appliance still fails to boot, while with a -limit of 200, it works. Bump to 500 to fix the regression and be on -the safe side. - -Originally reported in the Proxmox community forum[1]. - -[0]: https://support.checkpoint.com/results/download/124397 -[1]: https://forum.proxmox.com/threads/149772/post-683459 - -Cc: qemu-stable@nongnu.org -Fixes: 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts processing") -Signed-off-by: Fiona Ebner -Acked-by: Sven Schnelle -Link: https://lore.kernel.org/r/20240715131403.223239-1-f.ebner@proxmox.com -Signed-off-by: Paolo Bonzini -(cherry picked from commit a4975023fb13cf229bd59c9ceec1b8cbdc5b9a20) -Signed-off-by: Fiona Ebner ---- - hw/scsi/lsi53c895a.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c -index eb9828dd5e..f1935e5328 100644 ---- a/hw/scsi/lsi53c895a.c -+++ b/hw/scsi/lsi53c895a.c -@@ -188,7 +188,7 @@ static const char *names[] = { - #define LSI_TAG_VALID (1 << 16) - - /* Maximum instructions to process. */ --#define LSI_MAX_INSN 100 -+#define LSI_MAX_INSN 500 - - typedef struct lsi_request { - SCSIRequest *req; diff --git a/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch b/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch deleted file mode 100644 index dc1d2c1..0000000 --- a/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 27 Jun 2024 20:12:44 +0200 -Subject: [PATCH] block-copy: Fix missing graph lock - -The graph lock needs to be held when calling bdrv_co_pdiscard(). Fix -block_copy_task_entry() to take it for the call. - -WITH_GRAPH_RDLOCK_GUARD() was implemented in a weak way because of -limitations in clang's Thread Safety Analysis at the time, so that it -only asserts that the lock is held (which allows calling functions that -require the lock), but we never deal with the unlocking (so even after -the scope of the guard, the compiler assumes that the lock is still -held). This is why the compiler didn't catch this locking error. - -Signed-off-by: Kevin Wolf -Reviewed-by: Stefan Hajnoczi -(picked from https://lore.kernel.org/qemu-devel/20240627181245.281403-2-kwolf@redhat.com/) -Signed-off-by: Fiona Ebner ---- - block/block-copy.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/block/block-copy.c b/block/block-copy.c -index 7e3b378528..cc618e4561 100644 ---- a/block/block-copy.c -+++ b/block/block-copy.c -@@ -595,7 +595,9 @@ static coroutine_fn int block_copy_task_entry(AioTask *task) - if (s->discard_source && ret == 0) { - int64_t nbytes = - MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset; -- bdrv_co_pdiscard(s->source, t->req.offset, nbytes); -+ WITH_GRAPH_RDLOCK_GUARD() { -+ bdrv_co_pdiscard(s->source, t->req.offset, nbytes); -+ } - } - - return ret; diff --git a/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch b/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch deleted file mode 100644 index 088af84..0000000 --- a/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sergey Dyasli -Date: Fri, 12 Jul 2024 09:26:59 +0000 -Subject: [PATCH] Revert "qemu-char: do not operate on sources from finalize - callbacks" - -This reverts commit 2b316774f60291f57ca9ecb6a9f0712c532cae34. - -After 038b4217884c ("Revert "chardev: use a child source for qio input -source"") we've been observing the "iwp->src == NULL" assertion -triggering periodically during the initial capabilities querying by -libvirtd. One of possible backtraces: - -Thread 1 (Thread 0x7f16cd4f0700 (LWP 43858)): -0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 -1 0x00007f16c6c21e65 in __GI_abort () at abort.c:79 -2 0x00007f16c6c21d39 in __assert_fail_base at assert.c:92 -3 0x00007f16c6c46e86 in __GI___assert_fail (assertion=assertion@entry=0x562e9bcdaadd "iwp->src == NULL", file=file@entry=0x562e9bcdaac8 "../chardev/char-io.c", line=line@entry=99, function=function@entry=0x562e9bcdab10 <__PRETTY_FUNCTION__.20549> "io_watch_poll_finalize") at assert.c:101 -4 0x0000562e9ba20c2c in io_watch_poll_finalize (source=) at ../chardev/char-io.c:99 -5 io_watch_poll_finalize (source=) at ../chardev/char-io.c:88 -6 0x00007f16c904aae0 in g_source_unref_internal () from /lib64/libglib-2.0.so.0 -7 0x00007f16c904baf9 in g_source_destroy_internal () from /lib64/libglib-2.0.so.0 -8 0x0000562e9ba20db0 in io_remove_watch_poll (source=0x562e9d6720b0) at ../chardev/char-io.c:147 -9 remove_fd_in_watch (chr=chr@entry=0x562e9d5f3800) at ../chardev/char-io.c:153 -10 0x0000562e9ba23ffb in update_ioc_handlers (s=0x562e9d5f3800) at ../chardev/char-socket.c:592 -11 0x0000562e9ba2072f in qemu_chr_fe_set_handlers_full at ../chardev/char-fe.c:279 -12 0x0000562e9ba207a9 in qemu_chr_fe_set_handlers at ../chardev/char-fe.c:304 -13 0x0000562e9ba2ca75 in monitor_qmp_setup_handlers_bh (opaque=0x562e9d4c2c60) at ../monitor/qmp.c:509 -14 0x0000562e9bb6222e in aio_bh_poll (ctx=ctx@entry=0x562e9d4c2f20) at ../util/async.c:216 -15 0x0000562e9bb4de0a in aio_poll (ctx=0x562e9d4c2f20, blocking=blocking@entry=true) at ../util/aio-posix.c:722 -16 0x0000562e9b99dfaa in iothread_run (opaque=0x562e9d4c26f0) at ../iothread.c:63 -17 0x0000562e9bb505a4 in qemu_thread_start (args=0x562e9d4c7ea0) at ../util/qemu-thread-posix.c:543 -18 0x00007f16c70081ca in start_thread (arg=) at pthread_create.c:479 -19 0x00007f16c6c398d3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 - -io_remove_watch_poll(), which makes sure that iwp->src is NULL, calls -g_source_destroy() which finds that iwp->src is not NULL in the finalize -callback. This can only happen if another thread has managed to trigger -io_watch_poll_prepare() callback in the meantime. - -Move iwp->src destruction back to the finalize callback to prevent the -described race, and also remove the stale comment. The deadlock glib bug -was fixed back in 2010 by b35820285668 ("gmain: move finalization of -GSource outside of context lock"). - -Suggested-by: Paolo Bonzini -Signed-off-by: Sergey Dyasli -Link: https://lore.kernel.org/r/20240712092659.216206-1-sergey.dyasli@nutanix.com -Signed-off-by: Paolo Bonzini -(cherry picked from commit e0bf95443ee9326d44031373420cf9f3513ee255) -Signed-off-by: Fiona Ebner ---- - chardev/char-io.c | 19 +++++-------------- - 1 file changed, 5 insertions(+), 14 deletions(-) - -diff --git a/chardev/char-io.c b/chardev/char-io.c -index dab77b112e..3be17b51ca 100644 ---- a/chardev/char-io.c -+++ b/chardev/char-io.c -@@ -87,16 +87,12 @@ static gboolean io_watch_poll_dispatch(GSource *source, GSourceFunc callback, - - static void io_watch_poll_finalize(GSource *source) - { -- /* -- * Due to a glib bug, removing the last reference to a source -- * inside a finalize callback causes recursive locking (and a -- * deadlock). This is not a problem inside other callbacks, -- * including dispatch callbacks, so we call io_remove_watch_poll -- * to remove this source. At this point, iwp->src must -- * be NULL, or we would leak it. -- */ - IOWatchPoll *iwp = io_watch_poll_from_source(source); -- assert(iwp->src == NULL); -+ if (iwp->src) { -+ g_source_destroy(iwp->src); -+ g_source_unref(iwp->src); -+ iwp->src = NULL; -+ } - } - - static GSourceFuncs io_watch_poll_funcs = { -@@ -139,11 +135,6 @@ static void io_remove_watch_poll(GSource *source) - IOWatchPoll *iwp; - - iwp = io_watch_poll_from_source(source); -- if (iwp->src) { -- g_source_destroy(iwp->src); -- g_source_unref(iwp->src); -- iwp->src = NULL; -- } - g_source_destroy(&iwp->parent); - } - diff --git a/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch b/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch deleted file mode 100644 index 055d7c0..0000000 --- a/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Cindy Lu -Date: Tue, 6 Aug 2024 17:37:12 +0800 -Subject: [PATCH] virtio-pci: Fix the use of an uninitialized irqfd - -The crash was reported in MAC OS and NixOS, here is the link for this bug -https://gitlab.com/qemu-project/qemu/-/issues/2334 -https://gitlab.com/qemu-project/qemu/-/issues/2321 - -In this bug, they are using the virtio_input device. The guest notifier was -not supported for this device, The function virtio_pci_set_guest_notifiers() -was not called, and the vector_irqfd was not initialized. - -So the fix is adding the check for vector_irqfd in virtio_pci_get_notifier() - -The function virtio_pci_get_notifier() can be used in various devices. -It could also be called when VIRTIO_CONFIG_S_DRIVER_OK is not set. In this situation, -the vector_irqfd being NULL is acceptable. We can allow the device continue to boot - -If the vector_irqfd still hasn't been initialized after VIRTIO_CONFIG_S_DRIVER_OK -is set, it means that the function set_guest_notifiers was not called before the -driver started. This indicates that the device is not using the notifier. -At this point, we will let the check fail. - -This fix is verified in vyatta,MacOS,NixOS,fedora system. - -The bt tree for this bug is: -Thread 6 "CPU 0/KVM" received signal SIGSEGV, Segmentation fault. -[Switching to Thread 0x7c817be006c0 (LWP 1269146)] -kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817 -817 if (irqfd->users == 0) { -(gdb) thread apply all bt -... -Thread 6 (Thread 0x7c817be006c0 (LWP 1269146) "CPU 0/KVM"): -0 kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817 -1 kvm_virtio_pci_vector_use_one () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:893 -2 0x00005983657045e2 in memory_region_write_accessor () at ../qemu-9.0.0/system/memory.c:497 -3 0x0000598365704ba6 in access_with_adjusted_size () at ../qemu-9.0.0/system/memory.c:573 -4 0x0000598365705059 in memory_region_dispatch_write () at ../qemu-9.0.0/system/memory.c:1528 -5 0x00005983659b8e1f in flatview_write_continue_step.isra.0 () at ../qemu-9.0.0/system/physmem.c:2713 -6 0x000059836570ba7d in flatview_write_continue () at ../qemu-9.0.0/system/physmem.c:2743 -7 flatview_write () at ../qemu-9.0.0/system/physmem.c:2774 -8 0x000059836570bb76 in address_space_write () at ../qemu-9.0.0/system/physmem.c:2894 -9 0x0000598365763afe in address_space_rw () at ../qemu-9.0.0/system/physmem.c:2904 -10 kvm_cpu_exec () at ../qemu-9.0.0/accel/kvm/kvm-all.c:2917 -11 0x000059836576656e in kvm_vcpu_thread_fn () at ../qemu-9.0.0/accel/kvm/kvm-accel-ops.c:50 -12 0x0000598365926ca8 in qemu_thread_start () at ../qemu-9.0.0/util/qemu-thread-posix.c:541 -13 0x00007c8185bcd1cf in ??? () at /usr/lib/libc.so.6 -14 0x00007c8185c4e504 in clone () at /usr/lib/libc.so.6 - -Fixes: 2ce6cff94d ("virtio-pci: fix use of a released vector") -Cc: qemu-stable@nongnu.org -Signed-off-by: Cindy Lu -Message-Id: <20240806093715.65105-1-lulu@redhat.com> -Acked-by: Jason Wang -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -(cherry picked from commit a8e63ff289d137197ad7a701a587cc432872d798) -Signed-off-by: Fiona Ebner ---- - hw/virtio/virtio-pci.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c -index e04218a9fb..389bab003f 100644 ---- a/hw/virtio/virtio-pci.c -+++ b/hw/virtio/virtio-pci.c -@@ -860,6 +860,9 @@ static int virtio_pci_get_notifier(VirtIOPCIProxy *proxy, int queue_no, - VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); - VirtQueue *vq; - -+ if (!proxy->vector_irqfd && vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) -+ return -1; -+ - if (queue_no == VIRTIO_CONFIG_IRQ_IDX) { - *n = virtio_config_get_guest_notifier(vdev); - *vector = vdev->config_vector; diff --git a/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch b/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch deleted file mode 100644 index 1dcb129..0000000 --- a/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Akihiko Odaki -Date: Mon, 1 Jul 2024 20:58:04 +0900 -Subject: [PATCH] virtio-net: Ensure queue index fits with RSS - -Ensure the queue index points to a valid queue when software RSS -enabled. The new calculation matches with the behavior of Linux's TAP -device with the RSS eBPF program. - -Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing") -Reported-by: Zhibin Hu -Cc: qemu-stable@nongnu.org -Signed-off-by: Akihiko Odaki -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Jason Wang -(cherry picked from commit f1595ceb9aad36a6c1da95bcb77ab9509b38822d) -Signed-off-by: Fiona Ebner ---- - hw/net/virtio-net.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c -index 3644bfd91b..f48588638d 100644 ---- a/hw/net/virtio-net.c -+++ b/hw/net/virtio-net.c -@@ -1949,7 +1949,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, - if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) { - int index = virtio_net_process_rss(nc, buf, size); - if (index >= 0) { -- NetClientState *nc2 = qemu_get_subqueue(n->nic, index); -+ NetClientState *nc2 = -+ qemu_get_subqueue(n->nic, index % n->curr_queue_pairs); - return virtio_net_receive_rcu(nc2, buf, size, true); - } - } diff --git a/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch b/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch deleted file mode 100644 index b8f67d4..0000000 --- a/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: thomas -Date: Fri, 12 Jul 2024 11:10:53 +0800 -Subject: [PATCH] virtio-net: Fix network stall at the host side waiting for - kick - -Patch 06b12970174 ("virtio-net: fix network stall under load") -added double-check to test whether the available buffer size -can satisfy the request or not, in case the guest has added -some buffers to the avail ring simultaneously after the first -check. It will be lucky if the available buffer size becomes -okay after the double-check, then the host can send the packet -to the guest. If the buffer size still can't satisfy the request, -even if the guest has added some buffers, viritio-net would -stall at the host side forever. - -The patch enables notification and checks whether the guest has -added some buffers since last check of available buffers when -the available buffers are insufficient. If no buffer is added, -return false, else recheck the available buffers in the loop. -If the available buffers are sufficient, disable notification -and return true. - -Changes: -1. Change the return type of virtqueue_get_avail_bytes() from void - to int, it returns an opaque that represents the shadow_avail_idx - of the virtqueue on success, else -1 on error. -2. Add a new API: virtio_queue_enable_notification_and_check(), - it takes an opaque as input arg which is returned from - virtqueue_get_avail_bytes(). It enables notification firstly, - then checks whether the guest has added some buffers since - last check of available buffers or not by virtio_queue_poll(), - return ture if yes. - -The patch also reverts patch "06b12970174". - -The case below can reproduce the stall. - - Guest 0 - +--------+ - | iperf | - ---------------> | server | - Host | +--------+ - +--------+ | ... - | iperf |---- - | client |---- Guest n - +--------+ | +--------+ - | | iperf | - ---------------> | server | - +--------+ - -Boot many guests from qemu with virtio network: - qemu ... -netdev tap,id=net_x \ - -device virtio-net-pci-non-transitional,\ - iommu_platform=on,mac=xx:xx:xx:xx:xx:xx,netdev=net_x - -Each guest acts as iperf server with commands below: - iperf3 -s -D -i 10 -p 8001 - iperf3 -s -D -i 10 -p 8002 - -The host as iperf client: - iperf3 -c guest_IP -p 8001 -i 30 -w 256k -P 20 -t 40000 - iperf3 -c guest_IP -p 8002 -i 30 -w 256k -P 20 -t 40000 - -After some time, the host loses connection to the guest, -the guest can send packet to the host, but can't receive -packet from the host. - -It's more likely to happen if SWIOTLB is enabled in the guest, -allocating and freeing bounce buffer takes some CPU ticks, -copying from/to bounce buffer takes more CPU ticks, compared -with that there is no bounce buffer in the guest. -Once the rate of producing packets from the host approximates -the rate of receiveing packets in the guest, the guest would -loop in NAPI. - - receive packets --- - | | - v | - free buf virtnet_poll - | | - v | - add buf to avail ring --- - | - | need kick the host? - | NAPI continues - v - receive packets --- - | | - v | - free buf virtnet_poll - | | - v | - add buf to avail ring --- - | - v - ... ... - -On the other hand, the host fetches free buf from avail -ring, if the buf in the avail ring is not enough, the -host notifies the guest the event by writing the avail -idx read from avail ring to the event idx of used ring, -then the host goes to sleep, waiting for the kick signal -from the guest. - -Once the guest finds the host is waiting for kick singal -(in virtqueue_kick_prepare_split()), it kicks the host. - -The host may stall forever at the sequences below: - - Host Guest - ------------ ----------- - fetch buf, send packet receive packet --- - ... ... | - fetch buf, send packet add buf | - ... add buf virtnet_poll - buf not enough avail idx-> add buf | - read avail idx add buf | - add buf --- - receive packet --- - write event idx ... | - wait for kick add buf virtnet_poll - ... | - --- - no more packet, exit NAPI - -In the first loop of NAPI above, indicated in the range of -virtnet_poll above, the host is sending packets while the -guest is receiving packets and adding buffers. - step 1: The buf is not enough, for example, a big packet - needs 5 buf, but the available buf count is 3. - The host read current avail idx. - step 2: The guest adds some buf, then checks whether the - host is waiting for kick signal, not at this time. - The used ring is not empty, the guest continues - the second loop of NAPI. - step 3: The host writes the avail idx read from avail - ring to used ring as event idx via - virtio_queue_set_notification(q->rx_vq, 1). - step 4: At the end of the second loop of NAPI, recheck - whether kick is needed, as the event idx in the - used ring written by the host is beyound the - range of kick condition, the guest will not - send kick signal to the host. - -Fixes: 06b12970174 ("virtio-net: fix network stall under load") -Cc: qemu-stable@nongnu.org -Signed-off-by: Wencheng Yang -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Jason Wang -(cherry picked from commit f937309fbdbb48c354220a3e7110c202ae4aa7fa) -Signed-off-by: Fiona Ebner ---- - hw/net/virtio-net.c | 28 ++++++++++------- - hw/virtio/virtio.c | 64 +++++++++++++++++++++++++++++++++++--- - include/hw/virtio/virtio.h | 21 +++++++++++-- - 3 files changed, 94 insertions(+), 19 deletions(-) - -diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c -index f48588638d..d4b979d343 100644 ---- a/hw/net/virtio-net.c -+++ b/hw/net/virtio-net.c -@@ -1680,24 +1680,28 @@ static bool virtio_net_can_receive(NetClientState *nc) - - static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize) - { -+ int opaque; -+ unsigned int in_bytes; - VirtIONet *n = q->n; -- if (virtio_queue_empty(q->rx_vq) || -- (n->mergeable_rx_bufs && -- !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) { -- virtio_queue_set_notification(q->rx_vq, 1); -- -- /* To avoid a race condition where the guest has made some buffers -- * available after the above check but before notification was -- * enabled, check for available buffers again. -- */ -- if (virtio_queue_empty(q->rx_vq) || -- (n->mergeable_rx_bufs && -- !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) { -+ -+ while (virtio_queue_empty(q->rx_vq) || n->mergeable_rx_bufs) { -+ opaque = virtqueue_get_avail_bytes(q->rx_vq, &in_bytes, NULL, -+ bufsize, 0); -+ /* Buffer is enough, disable notifiaction */ -+ if (bufsize <= in_bytes) { -+ break; -+ } -+ -+ if (virtio_queue_enable_notification_and_check(q->rx_vq, opaque)) { -+ /* Guest has added some buffers, try again */ -+ continue; -+ } else { - return 0; - } - } - - virtio_queue_set_notification(q->rx_vq, 0); -+ - return 1; - } - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index fd2dfe3a6b..08fba6b2d8 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -743,6 +743,60 @@ int virtio_queue_empty(VirtQueue *vq) - } - } - -+static bool virtio_queue_split_poll(VirtQueue *vq, unsigned shadow_idx) -+{ -+ if (unlikely(!vq->vring.avail)) { -+ return false; -+ } -+ -+ return (uint16_t)shadow_idx != vring_avail_idx(vq); -+} -+ -+static bool virtio_queue_packed_poll(VirtQueue *vq, unsigned shadow_idx) -+{ -+ VRingPackedDesc desc; -+ VRingMemoryRegionCaches *caches; -+ -+ if (unlikely(!vq->vring.desc)) { -+ return false; -+ } -+ -+ caches = vring_get_region_caches(vq); -+ if (!caches) { -+ return false; -+ } -+ -+ vring_packed_desc_read(vq->vdev, &desc, &caches->desc, -+ shadow_idx, true); -+ -+ return is_desc_avail(desc.flags, vq->shadow_avail_wrap_counter); -+} -+ -+static bool virtio_queue_poll(VirtQueue *vq, unsigned shadow_idx) -+{ -+ if (virtio_device_disabled(vq->vdev)) { -+ return false; -+ } -+ -+ if (virtio_vdev_has_feature(vq->vdev, VIRTIO_F_RING_PACKED)) { -+ return virtio_queue_packed_poll(vq, shadow_idx); -+ } else { -+ return virtio_queue_split_poll(vq, shadow_idx); -+ } -+} -+ -+bool virtio_queue_enable_notification_and_check(VirtQueue *vq, -+ int opaque) -+{ -+ virtio_queue_set_notification(vq, 1); -+ -+ if (opaque >= 0) { -+ return virtio_queue_poll(vq, (unsigned)opaque); -+ } else { -+ return false; -+ } -+} -+ - static void virtqueue_unmap_sg(VirtQueue *vq, const VirtQueueElement *elem, - unsigned int len) - { -@@ -1330,9 +1384,9 @@ err: - goto done; - } - --void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, -- unsigned int *out_bytes, -- unsigned max_in_bytes, unsigned max_out_bytes) -+int virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, -+ unsigned int *out_bytes, unsigned max_in_bytes, -+ unsigned max_out_bytes) - { - uint16_t desc_size; - VRingMemoryRegionCaches *caches; -@@ -1365,7 +1419,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, - caches); - } - -- return; -+ return (int)vq->shadow_avail_idx; - err: - if (in_bytes) { - *in_bytes = 0; -@@ -1373,6 +1427,8 @@ err: - if (out_bytes) { - *out_bytes = 0; - } -+ -+ return -1; - } - - int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes, -diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h -index 2eafad17b8..8b4da92889 100644 ---- a/include/hw/virtio/virtio.h -+++ b/include/hw/virtio/virtio.h -@@ -271,9 +271,13 @@ void qemu_put_virtqueue_element(VirtIODevice *vdev, QEMUFile *f, - VirtQueueElement *elem); - int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes, - unsigned int out_bytes); --void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, -- unsigned int *out_bytes, -- unsigned max_in_bytes, unsigned max_out_bytes); -+/** -+ * Return <0 on error or an opaque >=0 to pass to -+ * virtio_queue_enable_notification_and_check on success. -+ */ -+int virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, -+ unsigned int *out_bytes, unsigned max_in_bytes, -+ unsigned max_out_bytes); - - void virtio_notify_irqfd(VirtIODevice *vdev, VirtQueue *vq); - void virtio_notify(VirtIODevice *vdev, VirtQueue *vq); -@@ -307,6 +311,17 @@ int virtio_queue_ready(VirtQueue *vq); - - int virtio_queue_empty(VirtQueue *vq); - -+/** -+ * Enable notification and check whether guest has added some -+ * buffers since last call to virtqueue_get_avail_bytes. -+ * -+ * @opaque: value returned from virtqueue_get_avail_bytes -+ */ -+bool virtio_queue_enable_notification_and_check(VirtQueue *vq, -+ int opaque); -+ -+void virtio_queue_set_shadow_avail_idx(VirtQueue *vq, uint16_t idx); -+ - /* Host binding interface. */ - - uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr); diff --git a/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch b/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch deleted file mode 100644 index c99b7a5..0000000 --- a/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: David Woodhouse -Date: Tue, 9 Jul 2024 13:34:44 +0100 -Subject: [PATCH] net: Reinstate '-net nic, model=help' output as documented in - man page - -While refactoring the NIC initialization code, I broke '-net nic,model=help' -which no longer outputs a list of available NIC models. - -Fixes: 2cdeca04adab ("net: report list of available models according to platform") -Cc: qemu-stable@nongnu.org -Signed-off-by: David Woodhouse -Reviewed-by: Michael Tokarev -Signed-off-by: Jason Wang -(cherry picked from commit 64f75f57f9d2c8c12ac6d9355fa5d3a2af5879ca) -Signed-off-by: Fiona Ebner ---- - net/net.c | 25 ++++++++++++++++++++++--- - 1 file changed, 22 insertions(+), 3 deletions(-) - -diff --git a/net/net.c b/net/net.c -index a2f0c828bb..e6ca2529bb 100644 ---- a/net/net.c -+++ b/net/net.c -@@ -1150,6 +1150,21 @@ NICInfo *qemu_find_nic_info(const char *typename, bool match_default, - return NULL; - } - -+static bool is_nic_model_help_option(const char *model) -+{ -+ if (model && is_help_option(model)) { -+ /* -+ * Trigger the help output by instantiating the hash table which -+ * will gather tha available models as they get registered. -+ */ -+ if (!nic_model_help) { -+ nic_model_help = g_hash_table_new_full(g_str_hash, g_str_equal, -+ g_free, NULL); -+ } -+ return true; -+ } -+ return false; -+} - - /* "I have created a device. Please configure it if you can" */ - bool qemu_configure_nic_device(DeviceState *dev, bool match_default, -@@ -1733,6 +1748,12 @@ void net_check_clients(void) - - static int net_init_client(void *dummy, QemuOpts *opts, Error **errp) - { -+ const char *model = qemu_opt_get_del(opts, "model"); -+ -+ if (is_nic_model_help_option(model)) { -+ return 0; -+ } -+ - return net_client_init(opts, false, errp); - } - -@@ -1789,9 +1810,7 @@ static int net_param_nic(void *dummy, QemuOpts *opts, Error **errp) - memset(ni, 0, sizeof(*ni)); - ni->model = qemu_opt_get_del(opts, "model"); - -- if (!nic_model_help && !g_strcmp0(ni->model, "help")) { -- nic_model_help = g_hash_table_new_full(g_str_hash, g_str_equal, -- g_free, NULL); -+ if (is_nic_model_help_option(ni->model)) { - return 0; - } - diff --git a/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch b/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch deleted file mode 100644 index 3ab2407..0000000 --- a/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: David Woodhouse -Date: Tue, 6 Aug 2024 18:21:37 +0100 -Subject: [PATCH] net: Fix '-net nic,model=' for non-help arguments - -Oops, don't *delete* the model option when checking for 'help'. - -Fixes: 64f75f57f9d2 ("net: Reinstate '-net nic, model=help' output as documented in man page") -Reported-by: Hans -Signed-off-by: David Woodhouse -Cc: qemu-stable@nongnu.org -Reviewed-by: Michael Tokarev -Signed-off-by: Jason Wang -(cherry picked from commit fa62cb989a9146c82f8f172715042852f5d36200) -Signed-off-by: Fiona Ebner ---- - net/net.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/net/net.c b/net/net.c -index e6ca2529bb..897bb936cf 100644 ---- a/net/net.c -+++ b/net/net.c -@@ -1748,7 +1748,7 @@ void net_check_clients(void) - - static int net_init_client(void *dummy, QemuOpts *opts, Error **errp) - { -- const char *model = qemu_opt_get_del(opts, "model"); -+ const char *model = qemu_opt_get(opts, "model"); - - if (is_nic_model_help_option(model)) { - return 0; diff --git a/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch b/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch deleted file mode 100644 index 9667ef4..0000000 --- a/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Mon, 22 Jul 2024 18:29:54 +0100 -Subject: [PATCH] target/arm: Don't assert for 128-bit tile accesses when SVL - is 128 - -For an instruction which accesses a 128-bit element tile when -the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]), -we will assert in get_tile_rowcol(): - -qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion `len > 0' failed. - -This happens because we calculate - len = ctz32(streaming_vec_reg_size(s)) - esz;$ -but if the SVL and the element size are the same len is 0, and -the deposit operation asserts. - -In this case the ZA storage contains exactly one 128 bit -element ZA tile, and the horizontal or vertical slice is just -that tile. This means that regardless of the index value in -the Ws register, we always access that tile. (In pseudocode terms, -we calculate (index + offset) MOD 1, which is 0.) - -Special case the len == 0 case to avoid hitting the assertion -in tcg_gen_deposit_z_i32(). - -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Maydell -Reviewed-by: Richard Henderson -Message-id: 20240722172957.1041231-2-peter.maydell@linaro.org -(cherry picked from commit 56f1c0db928aae0b83fd91c89ddb226b137e2b21) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/translate-sme.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c -index 185a8a917b..a50a419af2 100644 ---- a/target/arm/tcg/translate-sme.c -+++ b/target/arm/tcg/translate-sme.c -@@ -49,7 +49,15 @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs, - /* Prepare a power-of-two modulo via extraction of @len bits. */ - len = ctz32(streaming_vec_reg_size(s)) - esz; - -- if (vertical) { -+ if (!len) { -+ /* -+ * SVL is 128 and the element size is 128. There is exactly -+ * one 128x128 tile in the ZA storage, and so we calculate -+ * (Rs + imm) MOD 1, which is always 0. We need to special case -+ * this because TCG doesn't allow deposit ops with len 0. -+ */ -+ tcg_gen_movi_i32(tmp, 0); -+ } else if (vertical) { - /* - * Compute the byte offset of the index within the tile: - * (index % (svl / size)) * size diff --git a/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch b/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch deleted file mode 100644 index cd60b30..0000000 --- a/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Mon, 22 Jul 2024 18:29:55 +0100 -Subject: [PATCH] target/arm: Fix UMOPA/UMOPS of 16-bit values - -The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or -16 bit elements and accumulate the products into a 64-bit element. -In the Arm ARM pseudocode, this is done with the usual -infinite-precision signed arithmetic. However our implementation -doesn't quite get it right, because in the DEF_IMOP_64() macro we do: - sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); - -where NTYPE and MTYPE are uint16_t or int16_t. In the uint16_t case, -the C usual arithmetic conversions mean the values are converted to -"int" type and the multiply is done as a 32-bit multiply. This means -that if the inputs are, for example, 0xffff and 0xffff then the -result is 0xFFFE0001 as an int, which is then promoted to uint64_t -for the accumulation into sum; this promotion incorrectly sign -extends the multiply. - -Avoid the incorrect sign extension by casting to int64_t before -the multiply, so we do the multiply as 64-bit signed arithmetic, -which is a type large enough that the multiply can never -overflow into the sign bit. - -(The equivalent 8-bit operations in DEF_IMOP_32() are fine, because -the 8-bit multiplies can never overflow into the sign bit of a -32-bit integer.) - -Cc: qemu-stable@nongnu.org -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2372 -Signed-off-by: Peter Maydell -Reviewed-by: Richard Henderson -Message-id: 20240722172957.1041231-3-peter.maydell@linaro.org -(cherry picked from commit ea3f5a90f036734522e9af3bffd77e69e9f47355) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/sme_helper.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c -index 5a6dd76489..f9001f5213 100644 ---- a/target/arm/tcg/sme_helper.c -+++ b/target/arm/tcg/sme_helper.c -@@ -1146,10 +1146,10 @@ static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \ - uint64_t sum = 0; \ - /* Apply P to N as a mask, making the inactive elements 0. */ \ - n &= expand_pred_h(p); \ -- sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ -- sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ -- sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ -- sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ -+ sum += (int64_t)(NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ -+ sum += (int64_t)(NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ -+ sum += (int64_t)(NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ -+ sum += (int64_t)(NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ - return neg ? a - sum : a + sum; \ - } - diff --git a/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch b/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch deleted file mode 100644 index 52ca765..0000000 --- a/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Mon, 22 Jul 2024 18:29:56 +0100 -Subject: [PATCH] target/arm: Avoid shifts by -1 in tszimm_shr() and - tszimm_shl() - -The function tszimm_esz() returns a shift amount, or possibly -1 in -certain cases that correspond to unallocated encodings in the -instruction set. We catch these later in the trans_ functions -(generally with an "a-esz < 0" check), but before we do the -decodetree-generated code will also call tszimm_shr() or tszimm_sl(), -which will use the tszimm_esz() return value as a shift count without -checking that it is not negative, which is undefined behaviour. - -Avoid the UB by checking the return value in tszimm_shr() and -tszimm_shl(). - -Cc: qemu-stable@nongnu.org -Resolves: Coverity CID 1547617, 1547694 -Signed-off-by: Peter Maydell -Reviewed-by: Richard Henderson -Message-id: 20240722172957.1041231-4-peter.maydell@linaro.org -(cherry picked from commit 76916dfa89e8900639c1055c07a295c06628a0bc) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/translate-sve.c | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) - -diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c -index ada05aa530..466a19c25a 100644 ---- a/target/arm/tcg/translate-sve.c -+++ b/target/arm/tcg/translate-sve.c -@@ -50,13 +50,27 @@ static int tszimm_esz(DisasContext *s, int x) - - static int tszimm_shr(DisasContext *s, int x) - { -- return (16 << tszimm_esz(s, x)) - x; -+ /* -+ * We won't use the tszimm_shr() value if tszimm_esz() returns -1 (the -+ * trans function will check for esz < 0), so we can return any -+ * value we like from here in that case as long as we avoid UB. -+ */ -+ int esz = tszimm_esz(s, x); -+ if (esz < 0) { -+ return esz; -+ } -+ return (16 << esz) - x; - } - - /* See e.g. LSL (immediate, predicated). */ - static int tszimm_shl(DisasContext *s, int x) - { -- return x - (8 << tszimm_esz(s, x)); -+ /* As with tszimm_shr(), value will be unused if esz < 0 */ -+ int esz = tszimm_esz(s, x); -+ if (esz < 0) { -+ return esz; -+ } -+ return x - (8 << esz); - } - - /* The SH bit is in bit 8. Extract the low 8 and shift. */ diff --git a/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch b/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch deleted file mode 100644 index bc8bd39..0000000 --- a/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Mon, 22 Jul 2024 18:29:57 +0100 -Subject: [PATCH] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is - not enabled - -When determining the current vector length, the SMCR_EL2.LEN and -SVCR_EL2.LEN settings should only be considered if EL2 is enabled -(compare the pseudocode CurrentSVL and CurrentNSVL which call -EL2Enabled()). - -We were checking against ARM_FEATURE_EL2 rather than calling -arm_is_el2_enabled(), which meant that we would look at -SMCR_EL2/SVCR_EL2 when in Secure EL1 or Secure EL0 even if Secure EL2 -was not enabled. - -Use the correct check in sve_vqm1_for_el_sm(). - -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Maydell -Reviewed-by: Richard Henderson -Message-id: 20240722172957.1041231-5-peter.maydell@linaro.org -(cherry picked from commit f573ac059ed060234fcef4299fae9e500d357c33) -Signed-off-by: Fiona Ebner ---- - target/arm/helper.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/target/arm/helper.c b/target/arm/helper.c -index a620481d7c..42044ae14b 100644 ---- a/target/arm/helper.c -+++ b/target/arm/helper.c -@@ -7191,7 +7191,7 @@ uint32_t sve_vqm1_for_el_sm(CPUARMState *env, int el, bool sm) - if (el <= 1 && !el_is_in_host(env, el)) { - len = MIN(len, 0xf & (uint32_t)cr[1]); - } -- if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) { -+ if (el <= 2 && arm_is_el2_enabled(env)) { - len = MIN(len, 0xf & (uint32_t)cr[2]); - } - if (arm_feature(env, ARM_FEATURE_EL3)) { diff --git a/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch b/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch deleted file mode 100644 index b1a55e8..0000000 --- a/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Thu, 1 Aug 2024 10:15:03 +0100 -Subject: [PATCH] target/arm: Handle denormals correctly for FMOPA (widening) - -The FMOPA (widening) SME instruction takes pairs of half-precision -floating point values, widens them to single-precision, does a -two-way dot product and accumulates the results into a -single-precision destination. We don't quite correctly handle the -FPCR bits FZ and FZ16 which control flushing of denormal inputs and -outputs. This is because at the moment we pass a single float_status -value to the helper function, which then uses that configuration for -all the fp operations it does. However, because the inputs to this -operation are float16 and the outputs are float32 we need to use the -fp_status_f16 for the float16 input widening but the normal fp_status -for everything else. Otherwise we will apply the flushing control -FPCR.FZ16 to the 32-bit output rather than the FPCR.FZ control, and -incorrectly flush a denormal output to zero when we should not (or -vice-versa). - -(In commit 207d30b5fdb5b we tried to fix the FZ handling but -didn't get it right, switching from "use FPCR.FZ for everything" to -"use FPCR.FZ16 for everything".) - -Pass the CPU env to the sme_fmopa_h helper instead of an fp_status -pointer, and have the helper pass an extra fp_status into the -f16_dotadd() function so that we can use the right status for the -right parts of this operation. - -Cc: qemu-stable@nongnu.org -Fixes: 207d30b5fdb5 ("target/arm: Use FPST_F16 for SME FMOPA (widening)") -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2373 -Signed-off-by: Peter Maydell -Reviewed-by: Richard Henderson -(cherry picked from commit 55f9f4ee018c5ccea81d8c8c586756d7711ae46f) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/helper-sme.h | 2 +- - target/arm/tcg/sme_helper.c | 39 +++++++++++++++++++++++----------- - target/arm/tcg/translate-sme.c | 25 ++++++++++++++++++++-- - 3 files changed, 51 insertions(+), 15 deletions(-) - -diff --git a/target/arm/tcg/helper-sme.h b/target/arm/tcg/helper-sme.h -index 27eef49a11..d22bf9d21b 100644 ---- a/target/arm/tcg/helper-sme.h -+++ b/target/arm/tcg/helper-sme.h -@@ -121,7 +121,7 @@ DEF_HELPER_FLAGS_5(sme_addha_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) - DEF_HELPER_FLAGS_5(sme_addva_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) - - DEF_HELPER_FLAGS_7(sme_fmopa_h, TCG_CALL_NO_RWG, -- void, ptr, ptr, ptr, ptr, ptr, ptr, i32) -+ void, ptr, ptr, ptr, ptr, ptr, env, i32) - DEF_HELPER_FLAGS_7(sme_fmopa_s, TCG_CALL_NO_RWG, - void, ptr, ptr, ptr, ptr, ptr, ptr, i32) - DEF_HELPER_FLAGS_7(sme_fmopa_d, TCG_CALL_NO_RWG, -diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c -index f9001f5213..3906bb51c0 100644 ---- a/target/arm/tcg/sme_helper.c -+++ b/target/arm/tcg/sme_helper.c -@@ -976,12 +976,23 @@ static inline uint32_t f16mop_adj_pair(uint32_t pair, uint32_t pg, uint32_t neg) - } - - static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2, -- float_status *s_std, float_status *s_odd) -+ float_status *s_f16, float_status *s_std, -+ float_status *s_odd) - { -- float64 e1r = float16_to_float64(e1 & 0xffff, true, s_std); -- float64 e1c = float16_to_float64(e1 >> 16, true, s_std); -- float64 e2r = float16_to_float64(e2 & 0xffff, true, s_std); -- float64 e2c = float16_to_float64(e2 >> 16, true, s_std); -+ /* -+ * We need three different float_status for different parts of this -+ * operation: -+ * - the input conversion of the float16 values must use the -+ * f16-specific float_status, so that the FPCR.FZ16 control is applied -+ * - operations on float32 including the final accumulation must use -+ * the normal float_status, so that FPCR.FZ is applied -+ * - we have pre-set-up copy of s_std which is set to round-to-odd, -+ * for the multiply (see below) -+ */ -+ float64 e1r = float16_to_float64(e1 & 0xffff, true, s_f16); -+ float64 e1c = float16_to_float64(e1 >> 16, true, s_f16); -+ float64 e2r = float16_to_float64(e2 & 0xffff, true, s_f16); -+ float64 e2c = float16_to_float64(e2 >> 16, true, s_f16); - float64 t64; - float32 t32; - -@@ -1003,20 +1014,23 @@ static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2, - } - - void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn, -- void *vpm, void *vst, uint32_t desc) -+ void *vpm, CPUARMState *env, uint32_t desc) - { - intptr_t row, col, oprsz = simd_maxsz(desc); - uint32_t neg = simd_data(desc) * 0x80008000u; - uint16_t *pn = vpn, *pm = vpm; -- float_status fpst_odd, fpst_std; -+ float_status fpst_odd, fpst_std, fpst_f16; - - /* -- * Make a copy of float_status because this operation does not -- * update the cumulative fp exception status. It also produces -- * default nans. Make a second copy with round-to-odd -- see above. -+ * Make copies of fp_status and fp_status_f16, because this operation -+ * does not update the cumulative fp exception status. It also -+ * produces default NaNs. We also need a second copy of fp_status with -+ * round-to-odd -- see above. - */ -- fpst_std = *(float_status *)vst; -+ fpst_f16 = env->vfp.fp_status_f16; -+ fpst_std = env->vfp.fp_status; - set_default_nan_mode(true, &fpst_std); -+ set_default_nan_mode(true, &fpst_f16); - fpst_odd = fpst_std; - set_float_rounding_mode(float_round_to_odd, &fpst_odd); - -@@ -1036,7 +1050,8 @@ void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn, - uint32_t m = *(uint32_t *)(vzm + H1_4(col)); - - m = f16mop_adj_pair(m, pcol, 0); -- *a = f16_dotadd(*a, n, m, &fpst_std, &fpst_odd); -+ *a = f16_dotadd(*a, n, m, -+ &fpst_f16, &fpst_std, &fpst_odd); - } - col += 4; - pcol >>= 4; -diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c -index a50a419af2..ae42ddef7b 100644 ---- a/target/arm/tcg/translate-sme.c -+++ b/target/arm/tcg/translate-sme.c -@@ -334,8 +334,29 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz, - return true; - } - --TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, -- MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h) -+static bool do_outprod_env(DisasContext *s, arg_op *a, MemOp esz, -+ gen_helper_gvec_5_ptr *fn) -+{ -+ int svl = streaming_vec_reg_size(s); -+ uint32_t desc = simd_desc(svl, svl, a->sub); -+ TCGv_ptr za, zn, zm, pn, pm; -+ -+ if (!sme_smza_enabled_check(s)) { -+ return true; -+ } -+ -+ za = get_tile(s, esz, a->zad); -+ zn = vec_full_reg_ptr(s, a->zn); -+ zm = vec_full_reg_ptr(s, a->zm); -+ pn = pred_full_reg_ptr(s, a->pn); -+ pm = pred_full_reg_ptr(s, a->pm); -+ -+ fn(za, zn, zm, pn, pm, tcg_env, tcg_constant_i32(desc)); -+ return true; -+} -+ -+TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_env, a, -+ MO_32, gen_helper_sme_fmopa_h) - TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, - MO_32, FPST_FPCR, gen_helper_sme_fmopa_s) - TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, diff --git a/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch b/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch deleted file mode 100644 index b10cff7..0000000 --- a/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cl=C3=A9ment=20Mathieu--Drif?= - -Date: Tue, 9 Jul 2024 14:26:08 +0000 -Subject: [PATCH] intel_iommu: fix FRCD construction macro -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The constant must be unsigned, otherwise the two's complement -overrides the other fields when a PASID is present. - -Fixes: 1b2b12376c8a ("intel-iommu: PASID support") -Signed-off-by: Clément Mathieu--Drif -Reviewed-by: Yi Liu -Reviewed-by: Zhenzhong Duan -Reviewed-by: Minwoo Im -Message-Id: <20240709142557.317271-2-clement.mathieu--drif@eviden.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -(cherry picked from commit a3c8d7e38550c3d5a46e6fa94ffadfa625a4861d) -Signed-off-by: Fiona Ebner ---- - hw/i386/intel_iommu_internal.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h -index f8cf99bddf..cbc4030031 100644 ---- a/hw/i386/intel_iommu_internal.h -+++ b/hw/i386/intel_iommu_internal.h -@@ -267,7 +267,7 @@ - /* For the low 64-bit of 128-bit */ - #define VTD_FRCD_FI(val) ((val) & ~0xfffULL) - #define VTD_FRCD_PV(val) (((val) & 0xffffULL) << 40) --#define VTD_FRCD_PP(val) (((val) & 0x1) << 31) -+#define VTD_FRCD_PP(val) (((val) & 0x1ULL) << 31) - #define VTD_FRCD_IR_IDX(val) (((val) & 0xffffULL) << 48) - - /* DMA Remapping Fault Conditions */ diff --git a/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch b/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch deleted file mode 100644 index 04ce93b..0000000 --- a/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Richard Henderson -Date: Mon, 12 Aug 2024 12:58:42 +1000 -Subject: [PATCH] target/i386: Do not apply REX to MMX operands - -Cc: qemu-stable@nongnu.org -Fixes: b3e22b2318a ("target/i386: add core of new i386 decoder") -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2495 -Signed-off-by: Richard Henderson -Link: https://lore.kernel.org/r/20240812025844.58956-2-richard.henderson@linaro.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit 416f2b16c02c618c0f233372ebfe343f9ee667d4) -Signed-off-by: Fiona Ebner ---- - target/i386/tcg/decode-new.c.inc | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc -index 4209d59ca8..09b8d2314a 100644 ---- a/target/i386/tcg/decode-new.c.inc -+++ b/target/i386/tcg/decode-new.c.inc -@@ -1271,7 +1271,10 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode, - op->unit = X86_OP_SSE; - } - get_reg: -- op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s); -+ op->n = ((get_modrm(s, env) >> 3) & 7); -+ if (op->unit != X86_OP_MMX) { -+ op->n |= REX_R(s); -+ } - break; - - case X86_TYPE_E: /* ALU modrm operand */ diff --git a/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch b/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch deleted file mode 100644 index fca8612..0000000 --- a/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Alexander Ivanov -Date: Fri, 9 Aug 2024 14:13:40 +0200 -Subject: [PATCH] module: Prevent crash by resetting local_err in - module_load_qom_all() - -Set local_err to NULL after it has been freed in error_report_err(). This -avoids triggering assert(*errp == NULL) failure in error_setv() when -local_err is reused in the loop. - -Signed-off-by: Alexander Ivanov -Reviewed-by: Claudio Fontana -Reviewed-by: Denis V. Lunev -Link: https://lore.kernel.org/r/20240809121340.992049-2-alexander.ivanov@virtuozzo.com -[Do the same by moving the declaration instead. - Paolo] -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit 940d802b24e63650e0eacad3714e2ce171cba17c) -Signed-off-by: Fiona Ebner ---- - util/module.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/module.c b/util/module.c -index 32e263163c..3eb0f06df1 100644 ---- a/util/module.c -+++ b/util/module.c -@@ -354,13 +354,13 @@ int module_load_qom(const char *type, Error **errp) - void module_load_qom_all(void) - { - const QemuModinfo *modinfo; -- Error *local_err = NULL; - - if (module_loaded_qom_all) { - return; - } - - for (modinfo = module_info; modinfo->name != NULL; modinfo++) { -+ Error *local_err = NULL; - if (!modinfo->objs) { - continue; - } diff --git a/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch b/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch deleted file mode 100644 index 57eb418..0000000 --- a/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Wed, 7 Aug 2024 08:50:01 -0500 -Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upcoming patches to fix a CVE need to track an opaque pointer passed -in by the owner of a client object, as well as request for a time -limit on how fast negotiation must complete. Prepare for that by -changing the signature of nbd_client_new() and adding an accessor to -get at the opaque pointer, although for now the two servers -(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though -they pass in a new default timeout value. - -Suggested-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-11-eblake@redhat.com> -Reviewed-by: Daniel P. Berrangé -[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan] -Signed-off-by: Eric Blake -(cherry picked from commit fb1c2aaa981e0a2fa6362c9985f1296b74f055ac) -Signed-off-by: Fiona Ebner ---- - blockdev-nbd.c | 6 ++++-- - include/block/nbd.h | 11 ++++++++++- - nbd/server.c | 20 +++++++++++++++++--- - qemu-nbd.c | 4 +++- - 4 files changed, 34 insertions(+), 7 deletions(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index 213012435f..267a1de903 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - nbd_update_server_watch(nbd_server); - - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); -- nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, -- nbd_blockdev_client_closed); -+ /* TODO - expose handshake timeout as QMP option */ -+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, -+ nbd_server->tlscreds, nbd_server->tlsauthz, -+ nbd_blockdev_client_closed, NULL); - } - - static void nbd_update_server_watch(NBDServerData *s) -diff --git a/include/block/nbd.h b/include/block/nbd.h -index 4e7bd6342f..1d4d65922d 100644 ---- a/include/block/nbd.h -+++ b/include/block/nbd.h -@@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts; - - extern const BlockExportDriver blk_exp_nbd; - -+/* -+ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must -+ * succeed at NBD_OPT_GO before being forcefully dropped as too slow. -+ */ -+#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 -+ - /* Handshake phase structs - this struct is passed on the wire */ - - typedef struct NBDOption { -@@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp); - NBDExport *nbd_export_find(const char *name); - - void nbd_client_new(QIOChannelSocket *sioc, -+ uint32_t handshake_max_secs, - QCryptoTLSCreds *tlscreds, - const char *tlsauthz, -- void (*close_fn)(NBDClient *, bool)); -+ void (*close_fn)(NBDClient *, bool), -+ void *owner); -+void *nbd_client_owner(NBDClient *client); - void nbd_client_get(NBDClient *client); - void nbd_client_put(NBDClient *client); - -diff --git a/nbd/server.c b/nbd/server.c -index 892797bb11..e50012499f 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -124,12 +124,14 @@ struct NBDMetaContexts { - struct NBDClient { - int refcount; /* atomic */ - void (*close_fn)(NBDClient *client, bool negotiated); -+ void *owner; - - QemuMutex lock; - - NBDExport *exp; - QCryptoTLSCreds *tlscreds; - char *tlsauthz; -+ uint32_t handshake_max_secs; - QIOChannelSocket *sioc; /* The underlying data channel */ - QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ - -@@ -3191,6 +3193,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - - qemu_co_mutex_init(&client->send_lock); - -+ /* TODO - utilize client->handshake_max_secs */ - if (nbd_negotiate(client, &local_err)) { - if (local_err) { - error_report_err(local_err); -@@ -3205,14 +3208,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - } - - /* -- * Create a new client listener using the given channel @sioc. -+ * Create a new client listener using the given channel @sioc and @owner. - * Begin servicing it in a coroutine. When the connection closes, call -- * @close_fn with an indication of whether the client completed negotiation. -+ * @close_fn with an indication of whether the client completed negotiation -+ * within @handshake_max_secs seconds (0 for unbounded). - */ - void nbd_client_new(QIOChannelSocket *sioc, -+ uint32_t handshake_max_secs, - QCryptoTLSCreds *tlscreds, - const char *tlsauthz, -- void (*close_fn)(NBDClient *, bool)) -+ void (*close_fn)(NBDClient *, bool), -+ void *owner) - { - NBDClient *client; - Coroutine *co; -@@ -3225,13 +3231,21 @@ void nbd_client_new(QIOChannelSocket *sioc, - object_ref(OBJECT(client->tlscreds)); - } - client->tlsauthz = g_strdup(tlsauthz); -+ client->handshake_max_secs = handshake_max_secs; - client->sioc = sioc; - qio_channel_set_delay(QIO_CHANNEL(sioc), false); - object_ref(OBJECT(client->sioc)); - client->ioc = QIO_CHANNEL(sioc); - object_ref(OBJECT(client->ioc)); - client->close_fn = close_fn; -+ client->owner = owner; - - co = qemu_coroutine_create(nbd_co_client_start, client); - qemu_coroutine_enter(co); - } -+ -+void * -+nbd_client_owner(NBDClient *client) -+{ -+ return client->owner; -+} -diff --git a/qemu-nbd.c b/qemu-nbd.c -index d7b3ccab21..48e2fa5858 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -390,7 +390,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - - nb_fds++; - nbd_update_server_watch(); -- nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed); -+ /* TODO - expose handshake timeout as command line option */ -+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, -+ tlscreds, tlsauthz, nbd_client_closed, NULL); - } - - static void nbd_update_server_watch(void) diff --git a/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch b/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch deleted file mode 100644 index 5f804f9..0000000 --- a/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Tue, 6 Aug 2024 13:53:00 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Allowing an unlimited number of clients to any web service is a recipe -for a rudimentary denial of service attack: the client merely needs to -open lots of sockets without closing them, until qemu no longer has -any more fds available to allocate. - -For qemu-nbd, we default to allowing only 1 connection unless more are -explicitly asked for (-e or --shared); this was historically picked as -a nice default (without an explicit -t, a non-persistent qemu-nbd goes -away after a client disconnects, without needing any additional -follow-up commands), and we are not going to change that interface now -(besides, someday we want to point people towards qemu-storage-daemon -instead of qemu-nbd). - -But for qemu proper, and the newer qemu-storage-daemon, the QMP -nbd-server-start command has historically had a default of unlimited -number of connections, in part because unlike qemu-nbd it is -inherently persistent until nbd-server-stop. Allowing multiple client -sockets is particularly useful for clients that can take advantage of -MULTI_CONN (creating parallel sockets to increase throughput), -although known clients that do so (such as libnbd's nbdcopy) typically -use only 8 or 16 connections (the benefits of scaling diminish once -more sockets are competing for kernel attention). Picking a number -large enough for typical use cases, but not unlimited, makes it -slightly harder for a malicious client to perform a denial of service -merely by opening lots of connections withot progressing through the -handshake. - -This change does not eliminate CVE-2024-7409 on its own, but reduces -the chance for fd exhaustion or unlimited memory usage as an attack -surface. On the other hand, by itself, it makes it more obvious that -with a finite limit, we have the problem of an unauthenticated client -holding 100 fds opened as a way to block out a legitimate client from -being able to connect; thus, later patches will further add timeouts -to reject clients that are not making progress. - -This is an INTENTIONAL change in behavior, and will break any client -of nbd-server-start that was not passing an explicit max-connections -parameter, yet expects more than 100 simultaneous connections. We are -not aware of any such client (as stated above, most clients aware of -MULTI_CONN get by just fine on 8 or 16 connections, and probably cope -with later connections failing by relying on the earlier connections; -libvirt has not yet been passing max-connections, but generally -creates NBD servers with the intent for a single client for the sake -of live storage migration; meanwhile, the KubeSAN project anticipates -a large cluster sharing multiple clients [up to 8 per node, and up to -100 nodes in a cluster], but it currently uses qemu-nbd with an -explicit --shared=0 rather than qemu-storage-daemon with -nbd-server-start). - -We considered using a deprecation period (declare that omitting -max-parameters is deprecated, and make it mandatory in 3 releases - -then we don't need to pick an arbitrary default); that has zero risk -of breaking any apps that accidentally depended on more than 100 -connections, and where such breakage might not be noticed under unit -testing but only under the larger loads of production usage. But it -does not close the denial-of-service hole until far into the future, -and requires all apps to change to add the parameter even if 100 was -good enough. It also has a drawback that any app (like libvirt) that -is accidentally relying on an unlimited default should seriously -consider their own CVE now, at which point they are going to change to -pass explicit max-connections sooner than waiting for 3 qemu releases. -Finally, if our changed default breaks an app, that app can always -pass in an explicit max-parameters with a larger value. - -It is also intentional that the HMP interface to nbd-server-start is -not changed to expose max-connections (any client needing to fine-tune -things should be using QMP). - -Suggested-by: Daniel P. Berrangé -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-12-eblake@redhat.com> -Reviewed-by: Daniel P. Berrangé -[ericb: Expand commit message to summarize Dan's argument for why we -break corner-case back-compat behavior without a deprecation period] -Signed-off-by: Eric Blake -(cherry picked from commit c8a76dbd90c2f48df89b75bef74917f90a59b623) -Signed-off-by: Fiona Ebner ---- - block/monitor/block-hmp-cmds.c | 3 ++- - blockdev-nbd.c | 8 ++++++++ - include/block/nbd.h | 7 +++++++ - qapi/block-export.json | 4 ++-- - 4 files changed, 19 insertions(+), 3 deletions(-) - -diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index d954bec6f1..bdf2eb50b6 100644 ---- a/block/monitor/block-hmp-cmds.c -+++ b/block/monitor/block-hmp-cmds.c -@@ -402,7 +402,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict) - goto exit; - } - -- nbd_server_start(addr, NULL, NULL, 0, &local_err); -+ nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS, -+ &local_err); - qapi_free_SocketAddress(addr); - if (local_err != NULL) { - goto exit; -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index 267a1de903..24ba5382db 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds, - - void nbd_server_start_options(NbdServerOptions *arg, Error **errp) - { -+ if (!arg->has_max_connections) { -+ arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS; -+ } -+ - nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz, - arg->max_connections, errp); - } -@@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr, - { - SocketAddress *addr_flat = socket_address_flatten(addr); - -+ if (!has_max_connections) { -+ max_connections = NBD_DEFAULT_MAX_CONNECTIONS; -+ } -+ - nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp); - qapi_free_SocketAddress(addr_flat); - } -diff --git a/include/block/nbd.h b/include/block/nbd.h -index 1d4d65922d..d4f8b21aec 100644 ---- a/include/block/nbd.h -+++ b/include/block/nbd.h -@@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd; - */ - #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 - -+/* -+ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at -+ * once; must be large enough to allow a MULTI_CONN-aware client like -+ * nbdcopy to create its typical number of 8-16 sockets. -+ */ -+#define NBD_DEFAULT_MAX_CONNECTIONS 100 -+ - /* Handshake phase structs - this struct is passed on the wire */ - - typedef struct NBDOption { -diff --git a/qapi/block-export.json b/qapi/block-export.json -index 3919a2d5b9..f45e4fd481 100644 ---- a/qapi/block-export.json -+++ b/qapi/block-export.json -@@ -28,7 +28,7 @@ - # @max-connections: The maximum number of connections to allow at the - # same time, 0 for unlimited. Setting this to 1 also stops the - # server from advertising multiple client support (since 5.2; --# default: 0) -+# default: 100) - # - # Since: 4.2 - ## -@@ -63,7 +63,7 @@ - # @max-connections: The maximum number of connections to allow at the - # same time, 0 for unlimited. Setting this to 1 also stops the - # server from advertising multiple client support (since 5.2; --# default: 0). -+# default: 100). - # - # Errors: - # - if the server is already running diff --git a/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch b/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch deleted file mode 100644 index 0b113e5..0000000 --- a/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 8 Aug 2024 16:05:08 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A client that opens a socket but does not negotiate is merely hogging -qemu's resources (an open fd and a small amount of memory); and a -malicious client that can access the port where NBD is listening can -attempt a denial of service attack by intentionally opening and -abandoning lots of unfinished connections. The previous patch put a -default bound on the number of such ongoing connections, but once that -limit is hit, no more clients can connect (including legitimate ones). -The solution is to insist that clients complete handshake within a -reasonable time limit, defaulting to 10 seconds. A client that has -not successfully completed NBD_OPT_GO by then (including the case of -where the client didn't know TLS credentials to even reach the point -of NBD_OPT_GO) is wasting our time and does not deserve to stay -connected. Later patches will allow fine-tuning the limit away from -the default value (including disabling it for doing integration -testing of the handshake process itself). - -Note that this patch in isolation actually makes it more likely to see -qemu SEGV after nbd-server-stop, as any client socket still connected -when the server shuts down will now be closed after 10 seconds rather -than at the client's whims. That will be addressed in the next patch. - -For a demo of this patch in action: -$ qemu-nbd -f raw -r -t -e 10 file & -$ nbdsh --opt-mode -c ' -H = list() -for i in range(20): - print(i) - H.insert(i, nbd.NBD()) - H[i].set_opt_mode(True) - H[i].connect_uri("nbd://localhost") -' -$ kill $! - -where later connections get to start progressing once earlier ones are -forcefully dropped for taking too long, rather than hanging. - -Suggested-by: Daniel P. Berrangé -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-13-eblake@redhat.com> -Reviewed-by: Daniel P. Berrangé -[eblake: rebase to changes earlier in series, reduce scope of timer] -Signed-off-by: Eric Blake -(cherry picked from commit b9b72cb3ce15b693148bd09cef7e50110566d8a0) -Signed-off-by: Fiona Ebner ---- - nbd/server.c | 28 +++++++++++++++++++++++++++- - nbd/trace-events | 1 + - 2 files changed, 28 insertions(+), 1 deletion(-) - -diff --git a/nbd/server.c b/nbd/server.c -index e50012499f..39285cc971 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -3186,22 +3186,48 @@ static void nbd_client_receive_next_request(NBDClient *client) - } - } - -+static void nbd_handshake_timer_cb(void *opaque) -+{ -+ QIOChannel *ioc = opaque; -+ -+ trace_nbd_handshake_timer_cb(); -+ qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL); -+} -+ - static coroutine_fn void nbd_co_client_start(void *opaque) - { - NBDClient *client = opaque; - Error *local_err = NULL; -+ QEMUTimer *handshake_timer = NULL; - - qemu_co_mutex_init(&client->send_lock); - -- /* TODO - utilize client->handshake_max_secs */ -+ /* -+ * Create a timer to bound the time spent in negotiation. If the -+ * timer expires, it is likely nbd_negotiate will fail because the -+ * socket was shutdown. -+ */ -+ if (client->handshake_max_secs > 0) { -+ handshake_timer = aio_timer_new(qemu_get_aio_context(), -+ QEMU_CLOCK_REALTIME, -+ SCALE_NS, -+ nbd_handshake_timer_cb, -+ client->sioc); -+ timer_mod(handshake_timer, -+ qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + -+ client->handshake_max_secs * NANOSECONDS_PER_SECOND); -+ } -+ - if (nbd_negotiate(client, &local_err)) { - if (local_err) { - error_report_err(local_err); - } -+ timer_free(handshake_timer); - client_close(client, false); - return; - } - -+ timer_free(handshake_timer); - WITH_QEMU_LOCK_GUARD(&client->lock) { - nbd_client_receive_next_request(client); - } -diff --git a/nbd/trace-events b/nbd/trace-events -index 00ae3216a1..cbd0a4ab7e 100644 ---- a/nbd/trace-events -+++ b/nbd/trace-events -@@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload - nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64 - nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32 - nbd_trip(void) "Reading request" -+nbd_handshake_timer_cb(void) "client took too long to negotiate" - - # client-connection.c - nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64 diff --git a/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch b/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch deleted file mode 100644 index 1d16a52..0000000 --- a/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Wed, 7 Aug 2024 12:23:13 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A malicious client can attempt to connect to an NBD server, and then -intentionally delay progress in the handshake, including if it does -not know the TLS secrets. Although the previous two patches reduce -this behavior by capping the default max-connections parameter and -killing slow clients, they did not eliminate the possibility of a -client waiting to close the socket until after the QMP nbd-server-stop -command is executed, at which point qemu would SEGV when trying to -dereference the NULL nbd_server global which is no longer present. -This amounts to a denial of service attack. Worse, if another NBD -server is started before the malicious client disconnects, I cannot -rule out additional adverse effects when the old client interferes -with the connection count of the new server (although the most likely -is a crash due to an assertion failure when checking -nbd_server->connections > 0). - -For environments without this patch, the CVE can be mitigated by -ensuring (such as via a firewall) that only trusted clients can -connect to an NBD server. Note that using frameworks like libvirt -that ensure that TLS is used and that nbd-server-stop is not executed -while any trusted clients are still connected will only help if there -is also no possibility for an untrusted client to open a connection -but then stall on the NBD handshake. - -Given the previous patches, it would be possible to guarantee that no -clients remain connected by having nbd-server-stop sleep for longer -than the default handshake deadline before finally freeing the global -nbd_server object, but that could make QMP non-responsive for a long -time. So intead, this patch fixes the problem by tracking all client -sockets opened while the server is running, and forcefully closing any -such sockets remaining without a completed handshake at the time of -nbd-server-stop, then waiting until the coroutines servicing those -sockets notice the state change. nbd-server-stop now has a second -AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the -blk_exp_close_all_type() that disconnects all clients that completed -handshakes), but forced socket shutdown is enough to progress the -coroutines and quickly tear down all clients before the server is -freed, thus finally fixing the CVE. - -This patch relies heavily on the fact that nbd/server.c guarantees -that it only calls nbd_blockdev_client_closed() from the main loop -(see the assertion in nbd_client_put() and the hoops used in -nbd_client_put_nonzero() to achieve that); if we did not have that -guarantee, we would also need a mutex protecting our accesses of the -list of connections to survive re-entrancy from independent iothreads. - -Although I did not actually try to test old builds, it looks like this -problem has existed since at least commit 862172f45c (v2.12.0, 2017) - -even back when that patch started using a QIONetListener to handle -listening on multiple sockets, nbd_server_free() was already unaware -that the nbd_blockdev_client_closed callback can be reached later by a -client thread that has not completed handshakes (and therefore the -client's socket never got added to the list closed in -nbd_export_close_all), despite that patch intentionally tearing down -the QIONetListener to prevent new clients. - -Reported-by: Alexander Ivanov -Fixes: CVE-2024-7409 -CC: qemu-stable@nongnu.org -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-14-eblake@redhat.com> -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 3e7ef738c8462c45043a1d39f702a0990406a3b3) -Signed-off-by: Fiona Ebner ---- - blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++- - 1 file changed, 34 insertions(+), 1 deletion(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index 24ba5382db..f73409ae49 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -21,12 +21,18 @@ - #include "io/channel-socket.h" - #include "io/net-listener.h" - -+typedef struct NBDConn { -+ QIOChannelSocket *cioc; -+ QLIST_ENTRY(NBDConn) next; -+} NBDConn; -+ - typedef struct NBDServerData { - QIONetListener *listener; - QCryptoTLSCreds *tlscreds; - char *tlsauthz; - uint32_t max_connections; - uint32_t connections; -+ QLIST_HEAD(, NBDConn) conns; - } NBDServerData; - - static NBDServerData *nbd_server; -@@ -51,6 +57,14 @@ int nbd_server_max_connections(void) - - static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) - { -+ NBDConn *conn = nbd_client_owner(client); -+ -+ assert(qemu_in_main_thread() && nbd_server); -+ -+ object_unref(OBJECT(conn->cioc)); -+ QLIST_REMOVE(conn, next); -+ g_free(conn); -+ - nbd_client_put(client); - assert(nbd_server->connections > 0); - nbd_server->connections--; -@@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) - static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - gpointer opaque) - { -+ NBDConn *conn = g_new0(NBDConn, 1); -+ -+ assert(qemu_in_main_thread() && nbd_server); - nbd_server->connections++; -+ object_ref(OBJECT(cioc)); -+ conn->cioc = cioc; -+ QLIST_INSERT_HEAD(&nbd_server->conns, conn, next); - nbd_update_server_watch(nbd_server); - - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); - /* TODO - expose handshake timeout as QMP option */ - nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, - nbd_server->tlscreds, nbd_server->tlsauthz, -- nbd_blockdev_client_closed, NULL); -+ nbd_blockdev_client_closed, conn); - } - - static void nbd_update_server_watch(NBDServerData *s) -@@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s) - - static void nbd_server_free(NBDServerData *server) - { -+ NBDConn *conn, *tmp; -+ - if (!server) { - return; - } - -+ /* -+ * Forcefully close the listener socket, and any clients that have -+ * not yet disconnected on their own. -+ */ - qio_net_listener_disconnect(server->listener); - object_unref(OBJECT(server->listener)); -+ QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { -+ qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, -+ NULL); -+ } -+ -+ AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0); -+ - if (server->tlscreds) { - object_unref(OBJECT(server->tlscreds)); - } diff --git a/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch b/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch deleted file mode 100644 index 65b5be0..0000000 --- a/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 20 Aug 2024 17:11:12 +0400 -Subject: [PATCH] vnc: fix crash when no console attached -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since commit e99441a3793b5 ("ui/curses: Do not use console_select()") -qemu_text_console_put_keysym() no longer checks for NULL console -argument, which leads to a later crash: - -Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. -0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332 -332 } else if (s->echo && (keysym == '\r' || keysym == '\n')) { -(gdb) bt - #0 0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332 - #1 0x00005555559e18e5 in qemu_text_console_put_keysym (s=, keysym=) at ../ui/console.c:303 - #2 0x00005555559f2e88 in do_key_event (vs=vs@entry=0x5555579045c0, down=down@entry=1, keycode=keycode@entry=60, sym=sym@entry=65471) at ../ui/vnc.c:2034 - #3 0x00005555559f845c in ext_key_event (vs=0x5555579045c0, down=1, sym=65471, keycode=) at ../ui/vnc.c:2070 - #4 protocol_client_msg (vs=0x5555579045c0, data=, len=) at ../ui/vnc.c:2514 - #5 0x00005555559f515c in vnc_client_read (vs=0x5555579045c0) at ../ui/vnc.c:1607 - -Fixes: e99441a3793b5 ("ui/curses: Do not use console_select()") -Fixes: https://issues.redhat.com/browse/RHEL-50529 -Cc: qemu-stable@nongnu.org -Signed-off-by: Marc-André Lureau -Reviewed-by: Akihiko Odaki -(picked from https://lore.kernel.org/qemu-devel/20240820131112.1267954-1-marcandre.lureau@redhat.com/) -Signed-off-by: Fiona Ebner ---- - ui/vnc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ui/vnc.c b/ui/vnc.c -index b3fd78022b..953ea38318 100644 ---- a/ui/vnc.c -+++ b/ui/vnc.c -@@ -1935,7 +1935,7 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym) - } - - qkbd_state_key_event(vs->vd->kbd, qcode, down); -- if (!qemu_console_is_graphic(vs->vd->dcl.con)) { -+ if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) { - QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con); - bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK); - bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL); diff --git a/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch b/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch deleted file mode 100644 index d40a438..0000000 --- a/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 22 Aug 2024 09:35:29 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Avoid use-after-free when closing - server - -Commit 3e7ef738 plugged the use-after-free of the global nbd_server -object, but overlooked a use-after-free of nbd_server->listener. -Although this race is harder to hit, notice that our shutdown path -first drops the reference count of nbd_server->listener, then triggers -actions that can result in a pending client reaching the -nbd_blockdev_client_closed() callback, which in turn calls -qio_net_listener_set_client_func on a potentially stale object. - -If we know we don't want any more clients to connect, and have already -told the listener socket to shut down, then we should not be trying to -update the listener socket's associated function. - -Reproducer: - -> #!/usr/bin/python3 -> -> import os -> from threading import Thread -> -> def start_stop(): -> while 1: -> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-start", -+"arguments":{"addr":{"type":"unix","data":{"path":"/tmp/nbd-sock"}}}}\'') -> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-stop"}\'') -> -> def nbd_list(): -> while 1: -> os.system('/path/to/build/qemu-nbd -L -k /tmp/nbd-sock') -> -> def test(): -> sst = Thread(target=start_stop) -> sst.start() -> nlt = Thread(target=nbd_list) -> nlt.start() -> -> sst.join() -> nlt.join() -> -> test() - -Fixes: CVE-2024-7409 -Fixes: 3e7ef738c8 ("nbd/server: CVE-2024-7409: Close stray clients at server-stop") -CC: qemu-stable@nongnu.org -Reported-by: Andrey Drobyshev -Signed-off-by: Eric Blake -Message-ID: <20240822143617.800419-2-eblake@redhat.com> -Reviewed-by: Stefan Hajnoczi -(cherry picked from commit 3874f5f73c441c52f1c699c848d463b0eda01e4c) -Signed-off-by: Fiona Ebner ---- - blockdev-nbd.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index f73409ae49..b36f41b7c5 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -92,10 +92,13 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - - static void nbd_update_server_watch(NBDServerData *s) - { -- if (!s->max_connections || s->connections < s->max_connections) { -- qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, NULL); -- } else { -- qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL); -+ if (s->listener) { -+ if (!s->max_connections || s->connections < s->max_connections) { -+ qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, -+ NULL); -+ } else { -+ qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL); -+ } - } - } - -@@ -113,6 +116,7 @@ static void nbd_server_free(NBDServerData *server) - */ - qio_net_listener_disconnect(server->listener); - object_unref(OBJECT(server->listener)); -+ server->listener = NULL; - QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { - qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, - NULL); diff --git a/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch b/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch deleted file mode 100644 index a185744..0000000 --- a/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: David Hildenbrand -Date: Wed, 28 Aug 2024 11:07:43 +0200 -Subject: [PATCH] softmmu/physmem: fix memory leak in dirty_memory_extend() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As reported by Peter, we might be leaking memory when removing the -highest RAMBlock (in the weird ram_addr_t space), and adding a new one. - -We will fail to realize that we already allocated bitmaps for more -dirty memory blocks, and effectively discard the pointers to them. - -Fix it by getting rid of last_ram_page() and by remembering the number -of dirty memory blocks that have been allocated already. - -While at it, let's use "unsigned int" for the number of blocks, which -should be sufficient until we reach ~32 exabytes. - -Looks like this leak was introduced as we switched from using a single -bitmap_zero_extend() to allocating multiple bitmaps: -bitmap_zero_extend() relies on g_renew() which should have taken care of -this. - -Resolves: https://lkml.kernel.org/r/CAFEAcA-k7a+VObGAfCFNygQNfCKL=AfX6A4kScq=VSSK0peqPg@mail.gmail.com -Reported-by: Peter Maydell -Fixes: 5b82b703b69a ("memory: RCU ram_list.dirty_memory[] for safe RAM hotplug") -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Peter Xu -Tested-by: Peter Maydell -Cc: qemu-stable@nongnu.org -Cc: Stefan Hajnoczi -Cc: Paolo Bonzini -Cc: Peter Xu -Cc: "Philippe Mathieu-Daudé" -Signed-off-by: David Hildenbrand -(picked from https://lore.kernel.org/qemu-devel/20240828090743.128647-1-david@redhat.com/) -[FE: backport - remove not-yet-existing variable in context of hunk touching ram_block_add()] -Signed-off-by: Fiona Ebner ---- - include/exec/ramlist.h | 1 + - system/physmem.c | 35 +++++++++-------------------------- - 2 files changed, 10 insertions(+), 26 deletions(-) - -diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h -index 2ad2a81acc..d9cfe530be 100644 ---- a/include/exec/ramlist.h -+++ b/include/exec/ramlist.h -@@ -50,6 +50,7 @@ typedef struct RAMList { - /* RCU-enabled, writes protected by the ramlist lock. */ - QLIST_HEAD(, RAMBlock) blocks; - DirtyMemoryBlocks *dirty_memory[DIRTY_MEMORY_NUM]; -+ unsigned int num_dirty_blocks; - uint32_t version; - QLIST_HEAD(, RAMBlockNotifier) ramblock_notifiers; - } RAMList; -diff --git a/system/physmem.c b/system/physmem.c -index a4fe3d2bf8..78f7db1121 100644 ---- a/system/physmem.c -+++ b/system/physmem.c -@@ -1497,18 +1497,6 @@ static ram_addr_t find_ram_offset(ram_addr_t size) - return offset; - } - --static unsigned long last_ram_page(void) --{ -- RAMBlock *block; -- ram_addr_t last = 0; -- -- RCU_READ_LOCK_GUARD(); -- RAMBLOCK_FOREACH(block) { -- last = MAX(last, block->offset + block->max_length); -- } -- return last >> TARGET_PAGE_BITS; --} -- - static void qemu_ram_setup_dump(void *addr, ram_addr_t size) - { - int ret; -@@ -1762,13 +1750,11 @@ void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length) - } - - /* Called with ram_list.mutex held */ --static void dirty_memory_extend(ram_addr_t old_ram_size, -- ram_addr_t new_ram_size) -+static void dirty_memory_extend(ram_addr_t new_ram_size) - { -- ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size, -- DIRTY_MEMORY_BLOCK_SIZE); -- ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size, -- DIRTY_MEMORY_BLOCK_SIZE); -+ unsigned int old_num_blocks = ram_list.num_dirty_blocks; -+ unsigned int new_num_blocks = DIV_ROUND_UP(new_ram_size, -+ DIRTY_MEMORY_BLOCK_SIZE); - int i; - - /* Only need to extend if block count increased */ -@@ -1800,6 +1786,8 @@ static void dirty_memory_extend(ram_addr_t old_ram_size, - g_free_rcu(old_blocks, rcu); - } - } -+ -+ ram_list.num_dirty_blocks = new_num_blocks; - } - - static void ram_block_add(RAMBlock *new_block, Error **errp) -@@ -1808,11 +1796,9 @@ static void ram_block_add(RAMBlock *new_block, Error **errp) - const bool shared = qemu_ram_is_shared(new_block); - RAMBlock *block; - RAMBlock *last_block = NULL; -- ram_addr_t old_ram_size, new_ram_size; -+ ram_addr_t ram_size; - Error *err = NULL; - -- old_ram_size = last_ram_page(); -- - qemu_mutex_lock_ramlist(); - new_block->offset = find_ram_offset(new_block->max_length); - -@@ -1840,11 +1826,8 @@ static void ram_block_add(RAMBlock *new_block, Error **errp) - } - } - -- new_ram_size = MAX(old_ram_size, -- (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS); -- if (new_ram_size > old_ram_size) { -- dirty_memory_extend(old_ram_size, new_ram_size); -- } -+ ram_size = (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS; -+ dirty_memory_extend(ram_size); - /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ, - * QLIST (which has an RCU-friendly variant) does not have insertion at - * tail, so save the last element in last_block. diff --git a/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch b/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch deleted file mode 100644 index 3a9e131..0000000 --- a/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Thu, 7 Nov 2024 17:51:13 +0100 -Subject: [PATCH] block/reqlist: allow adding overlapping requests - -Allow overlapping request by removing the assert that made it -impossible. There are only two callers: - -1. block_copy_task_create() - -It already asserts the very same condition before calling -reqlist_init_req(). - -2. cbw_snapshot_read_lock() - -There is no need to have read requests be non-overlapping in -copy-before-write when used for snapshot-access. In fact, there was no -protection against two callers of cbw_snapshot_read_lock() calling -reqlist_init_req() with overlapping ranges and this could lead to an -assertion failure [1]. - -In particular, with the reproducer script below [0], two -cbw_co_snapshot_block_status() callers could race, with the second -calling reqlist_init_req() before the first one finishes and removes -its conflicting request. - -[0]: - -> #!/bin/bash -e -> dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=1024 -> ./qemu-img create /tmp/fleecing.raw -f raw 1G -> ( -> ./qemu-system-x86_64 --qmp stdio \ -> --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw \ -> --blockdev raw,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.raw \ -> < {"execute": "qmp_capabilities"} -> {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write", "file": "node0", "target": "node1", "node-name": "node3" } } -> {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access", "file": "node3", "node-name": "snap0" } } -> {"execute": "nbd-server-start", "arguments": {"addr": { "type": "unix", "data": { "path": "/tmp/nbd.socket" } } } } -> {"execute": "block-export-add", "arguments": {"id": "exp0", "node-name": "snap0", "type": "nbd", "name": "exp0"}} -> EOF -> ) & -> sleep 5 -> while true; do -> ./qemu-nbd -d /dev/nbd0 -> ./qemu-nbd -c /dev/nbd0 nbd:unix:/tmp/nbd.socket:exportname=exp0 -f raw -r -> nbdinfo --map 'nbd+unix:///exp0?socket=/tmp/nbd.socket' -> done - -[1]: - -> #5 0x000071e5f0088eb2 in __GI___assert_fail (...) at ./assert/assert.c:101 -> #6 0x0000615285438017 in reqlist_init_req (...) at ../block/reqlist.c:23 -> #7 0x00006152853e2d98 in cbw_snapshot_read_lock (...) at ../block/copy-before-write.c:237 -> #8 0x00006152853e3068 in cbw_co_snapshot_block_status (...) at ../block/copy-before-write.c:304 -> #9 0x00006152853f4d22 in bdrv_co_snapshot_block_status (...) at ../block/io.c:3726 -> #10 0x000061528543a63e in snapshot_access_co_block_status (...) at ../block/snapshot-access.c:48 -> #11 0x00006152853f1a0a in bdrv_co_do_block_status (...) at ../block/io.c:2474 -> #12 0x00006152853f2016 in bdrv_co_common_block_status_above (...) at ../block/io.c:2652 -> #13 0x00006152853f22cf in bdrv_co_block_status_above (...) at ../block/io.c:2732 -> #14 0x00006152853d9a86 in blk_co_block_status_above (...) at ../block/block-backend.c:1473 -> #15 0x000061528538da6c in blockstatus_to_extents (...) at ../nbd/server.c:2374 -> #16 0x000061528538deb1 in nbd_co_send_block_status (...) at ../nbd/server.c:2481 -> #17 0x000061528538f424 in nbd_handle_request (...) at ../nbd/server.c:2978 -> #18 0x000061528538f906 in nbd_trip (...) at ../nbd/server.c:3121 -> #19 0x00006152855a7caf in coroutine_trampoline (...) at ../util/coroutine-ucontext.c:175 - -Cc: qemu-stable@nongnu.org -Suggested-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Fiona Ebner -Reviewed-by: Vladimir Sementsov-Ogievskiy ---- - block/copy-before-write.c | 3 ++- - block/reqlist.c | 2 -- - 2 files changed, 2 insertions(+), 3 deletions(-) - -diff --git a/block/copy-before-write.c b/block/copy-before-write.c -index 8aba27a71d..3698b3bc60 100644 ---- a/block/copy-before-write.c -+++ b/block/copy-before-write.c -@@ -65,7 +65,8 @@ typedef struct BDRVCopyBeforeWriteState { - - /* - * @frozen_read_reqs: current read requests for fleecing user in bs->file -- * node. These areas must not be rewritten by guest. -+ * node. These areas must not be rewritten by guest. There can be multiple -+ * overlapping read requests. - */ - BlockReqList frozen_read_reqs; - -diff --git a/block/reqlist.c b/block/reqlist.c -index 08cb57cfa4..098e807378 100644 ---- a/block/reqlist.c -+++ b/block/reqlist.c -@@ -20,8 +20,6 @@ - void reqlist_init_req(BlockReqList *reqs, BlockReq *req, int64_t offset, - int64_t bytes) - { -- assert(!reqlist_find_conflict(reqs, offset, bytes)); -- - *req = (BlockReq) { - .offset = offset, - .bytes = bytes, diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch index f68e0df..0e5a7d3 100644 --- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch +++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch @@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/block/file-posix.c b/block/file-posix.c -index 35684f7e21..43bc0bd520 100644 +index ff928b5e85..99e5bea1cc 100644 --- a/block/file-posix.c +++ b/block/file-posix.c -@@ -563,7 +563,7 @@ static QemuOptsList raw_runtime_opts = { +@@ -564,7 +564,7 @@ static QemuOptsList raw_runtime_opts = { { .name = "locking", .type = QEMU_OPT_STRING, @@ -26,7 +26,7 @@ index 35684f7e21..43bc0bd520 100644 }, { .name = "pr-manager", -@@ -663,7 +663,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options, +@@ -664,7 +664,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options, s->use_lock = false; break; case ON_OFF_AUTO_AUTO: diff --git a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch index 62bbda8..69efd94 100644 --- a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch +++ b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch @@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/net.h b/include/net/net.h -index b1f9b35fcc..096c0d52e4 100644 +index c8f679761b..35a1338e40 100644 --- a/include/net/net.h +++ b/include/net/net.h -@@ -317,8 +317,8 @@ void netdev_add(QemuOpts *opts, Error **errp); +@@ -309,8 +309,8 @@ void netdev_add(QemuOpts *opts, Error **errp); int net_hub_id_for_client(NetClientState *nc, int *id); NetClientState *net_hub_port_find(int hub_id); diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch index 71236cf..74d94eb 100644 --- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch +++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch @@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/cpu.h b/target/i386/cpu.h -index 6b05738079..d82869900a 100644 +index fa027cc206..da7ef0cbe6 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h -@@ -2291,9 +2291,9 @@ uint64_t cpu_get_tsc(CPUX86State *env); +@@ -2418,9 +2418,9 @@ uint64_t cpu_get_tsc(CPUX86State *env); #define CPU_RESOLVING_TYPE TYPE_X86_CPU #ifdef TARGET_X86_64 diff --git a/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch b/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch index cb94976..6d4cc69 100644 --- a/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch +++ b/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch @@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/block/gluster.c b/block/gluster.c -index cc74af06dc..3ba9bbfa5e 100644 +index f8b415f381..02bde39d94 100644 --- a/block/gluster.c +++ b/block/gluster.c -@@ -43,7 +43,7 @@ +@@ -42,7 +42,7 @@ #define GLUSTER_DEBUG_DEFAULT 4 #define GLUSTER_DEBUG_MAX 9 #define GLUSTER_OPT_LOGFILE "logfile" @@ -21,7 +21,7 @@ index cc74af06dc..3ba9bbfa5e 100644 /* * Several versions of GlusterFS (3.12? -> 6.0.1) fail when the transfer size * is greater or equal to 1024 MiB, so we are limiting the transfer size to 512 -@@ -425,6 +425,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf, +@@ -421,6 +421,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf, int old_errno; SocketAddressList *server; uint64_t port; @@ -29,7 +29,7 @@ index cc74af06dc..3ba9bbfa5e 100644 glfs = glfs_find_preopened(gconf->volume); if (glfs) { -@@ -467,9 +468,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf, +@@ -463,9 +464,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf, } } diff --git a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch index 8881ab8..3b31de2 100644 --- a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch +++ b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch @@ -18,7 +18,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+) diff --git a/block/rbd.c b/block/rbd.c -index 84bb2fa5d7..63f60d41be 100644 +index 9c0fd0cb3f..101ee59d6e 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -963,6 +963,8 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx, diff --git a/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch b/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch index 56f56f6..ddcaa1f 100644 --- a/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch +++ b/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch @@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/block/gluster.c b/block/gluster.c -index 3ba9bbfa5e..34936eb855 100644 +index 02bde39d94..36c00088cc 100644 --- a/block/gluster.c +++ b/block/gluster.c -@@ -58,6 +58,7 @@ typedef struct GlusterAIOCB { +@@ -57,6 +57,7 @@ typedef struct GlusterAIOCB { int ret; Coroutine *coroutine; AioContext *aio_context; @@ -27,7 +27,7 @@ index 3ba9bbfa5e..34936eb855 100644 } GlusterAIOCB; typedef struct BDRVGlusterState { -@@ -753,8 +754,10 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, +@@ -749,8 +750,10 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, acb->ret = 0; /* Success */ } else if (ret < 0) { acb->ret = -errno; /* Read/Write failed */ @@ -39,7 +39,7 @@ index 3ba9bbfa5e..34936eb855 100644 } aio_co_schedule(acb->aio_context, acb->coroutine); -@@ -1023,6 +1026,7 @@ static coroutine_fn int qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs, +@@ -1019,6 +1022,7 @@ static coroutine_fn int qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs, acb.ret = 0; acb.coroutine = qemu_coroutine_self(); acb.aio_context = bdrv_get_aio_context(bs); @@ -47,7 +47,7 @@ index 3ba9bbfa5e..34936eb855 100644 ret = glfs_zerofill_async(s->fd, offset, bytes, gluster_finish_aiocb, &acb); if (ret < 0) { -@@ -1203,9 +1207,11 @@ static coroutine_fn int qemu_gluster_co_rw(BlockDriverState *bs, +@@ -1199,9 +1203,11 @@ static coroutine_fn int qemu_gluster_co_rw(BlockDriverState *bs, acb.aio_context = bdrv_get_aio_context(bs); if (write) { @@ -59,7 +59,7 @@ index 3ba9bbfa5e..34936eb855 100644 ret = glfs_preadv_async(s->fd, qiov->iov, qiov->niov, offset, 0, gluster_finish_aiocb, &acb); } -@@ -1268,6 +1274,7 @@ static coroutine_fn int qemu_gluster_co_flush_to_disk(BlockDriverState *bs) +@@ -1264,6 +1270,7 @@ static coroutine_fn int qemu_gluster_co_flush_to_disk(BlockDriverState *bs) acb.ret = 0; acb.coroutine = qemu_coroutine_self(); acb.aio_context = bdrv_get_aio_context(bs); @@ -67,7 +67,7 @@ index 3ba9bbfa5e..34936eb855 100644 ret = glfs_fsync_async(s->fd, gluster_finish_aiocb, &acb); if (ret < 0) { -@@ -1316,6 +1323,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs, +@@ -1312,6 +1319,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs, acb.ret = 0; acb.coroutine = qemu_coroutine_self(); acb.aio_context = bdrv_get_aio_context(bs); diff --git a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch index 4fc6215..6face40 100644 --- a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch +++ b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch @@ -18,10 +18,10 @@ Signed-off-by: Fiona Ebner 4 files changed, 82 insertions(+), 4 deletions(-) diff --git a/hw/core/machine-hmp-cmds.c b/hw/core/machine-hmp-cmds.c -index a6ff6a4875..e7f74d1c63 100644 +index 8701f00cc7..3b4c5ef403 100644 --- a/hw/core/machine-hmp-cmds.c +++ b/hw/core/machine-hmp-cmds.c -@@ -175,7 +175,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict) +@@ -179,7 +179,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict) return; } @@ -103,10 +103,10 @@ index 609e39a821..8cb6dfcac3 100644 static void virtio_balloon_to_target(void *opaque, ram_addr_t target) diff --git a/qapi/machine.json b/qapi/machine.json -index e8b60641f2..2054cdc70d 100644 +index d4317435e7..db8ed2e357 100644 --- a/qapi/machine.json +++ b/qapi/machine.json -@@ -1079,9 +1079,29 @@ +@@ -1164,9 +1164,29 @@ # @actual: the logical size of the VM in bytes Formula used: # logical_vm_size = vm_ram_size - balloon_size # diff --git a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch index 255faf5..274665d 100644 --- a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch +++ b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch @@ -13,10 +13,10 @@ Signed-off-by: Dietmar Maurer 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c -index 4b72009cd3..314351cdff 100644 +index 130217da8f..52a6d74820 100644 --- a/hw/core/machine-qmp-cmds.c +++ b/hw/core/machine-qmp-cmds.c -@@ -90,6 +90,12 @@ MachineInfoList *qmp_query_machines(Error **errp) +@@ -90,6 +90,12 @@ MachineInfoList *qmp_query_machines(bool has_compat_props, bool compat_props, info->numa_mem_supported = mc->numa_mem_supported; info->deprecated = !!mc->deprecation_reason; info->acpi = !!object_class_property_find(OBJECT_CLASS(mc), "acpi"); @@ -30,10 +30,10 @@ index 4b72009cd3..314351cdff 100644 info->default_cpu_type = g_strdup(mc->default_cpu_type); } diff --git a/qapi/machine.json b/qapi/machine.json -index 2054cdc70d..a024d5b05d 100644 +index db8ed2e357..0c703316f5 100644 --- a/qapi/machine.json +++ b/qapi/machine.json -@@ -146,6 +146,8 @@ +@@ -168,6 +168,8 @@ # # @is-default: whether the machine is default # @@ -42,7 +42,7 @@ index 2054cdc70d..a024d5b05d 100644 # @cpu-max: maximum number of CPUs supported by the machine type # (since 1.5) # -@@ -170,7 +172,7 @@ +@@ -200,7 +202,7 @@ ## { 'struct': 'MachineInfo', 'data': { 'name': 'str', '*alias': 'str', @@ -50,4 +50,4 @@ index 2054cdc70d..a024d5b05d 100644 + '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int', 'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool', 'deprecated': 'bool', '*default-cpu-type': 'str', - '*default-ram-id': 'str', 'acpi': 'bool' } } + '*default-ram-id': 'str', 'acpi': 'bool', diff --git a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch index b1aff6a..ade3910 100644 --- a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch +++ b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch @@ -14,10 +14,10 @@ Signed-off-by: Fiona Ebner 2 files changed, 7 insertions(+) diff --git a/qapi/ui.json b/qapi/ui.json -index f610bce118..6ea26a9acb 100644 +index 8c8464faac..cebda37f8f 100644 --- a/qapi/ui.json +++ b/qapi/ui.json -@@ -314,11 +314,14 @@ +@@ -312,11 +312,14 @@ # # @channels: a list of @SpiceChannel for each active spice channel # diff --git a/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch b/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch index 875fe26..fb825fa 100644 --- a/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch +++ b/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch @@ -271,7 +271,7 @@ index 0000000000..17ae2cb261 + +#endif /* QIO_CHANNEL_SAVEVM_ASYNC_H */ diff --git a/migration/meson.build b/migration/meson.build -index 1eeb915ff6..95d1cf2250 100644 +index 5ce2acb41e..020127d901 100644 --- a/migration/meson.build +++ b/migration/meson.build @@ -13,6 +13,7 @@ system_ss.add(files( diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch index b0e75e9..f1053f4 100644 --- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch +++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch @@ -37,20 +37,20 @@ Signed-off-by: Fiona Ebner include/migration/snapshot.h | 2 + include/monitor/hmp.h | 3 + migration/meson.build | 1 + - migration/savevm-async.c | 545 +++++++++++++++++++++++++++++++++++ + migration/savevm-async.c | 540 +++++++++++++++++++++++++++++++++++ monitor/hmp-cmds.c | 38 +++ qapi/migration.json | 34 +++ qapi/misc.json | 18 ++ qemu-options.hx | 12 + system/vl.c | 10 + - 11 files changed, 693 insertions(+) + 11 files changed, 688 insertions(+) create mode 100644 migration/savevm-async.c diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx -index ad1b1306e3..d5ab880492 100644 +index c59cd6637b..d1a7b99add 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx -@@ -525,6 +525,19 @@ SRST +@@ -512,6 +512,19 @@ SRST Show current migration parameters. ERST @@ -71,10 +71,10 @@ index ad1b1306e3..d5ab880492 100644 .name = "balloon", .args_type = "", diff --git a/hmp-commands.hx b/hmp-commands.hx -index 2e2a3bcf98..7506de251c 100644 +index 06746f0afc..0c7c6f2c16 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx -@@ -1862,3 +1862,20 @@ SRST +@@ -1859,3 +1859,20 @@ SRST List event channels in the guest ERST #endif @@ -107,7 +107,7 @@ index 9e4dcaaa75..2581730d74 100644 + #endif diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h -index 13f9a2dedb..7a7def7530 100644 +index ae116d9804..2596cc2426 100644 --- a/include/monitor/hmp.h +++ b/include/monitor/hmp.h @@ -28,6 +28,7 @@ void hmp_info_status(Monitor *mon, const QDict *qdict); @@ -118,7 +118,7 @@ index 13f9a2dedb..7a7def7530 100644 void hmp_info_migrate(Monitor *mon, const QDict *qdict); void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict); void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict); -@@ -94,6 +95,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict); +@@ -92,6 +93,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict); void hmp_mouse_move(Monitor *mon, const QDict *qdict); void hmp_mouse_button(Monitor *mon, const QDict *qdict); void hmp_mouse_set(Monitor *mon, const QDict *qdict); @@ -128,10 +128,10 @@ index 13f9a2dedb..7a7def7530 100644 void coroutine_fn hmp_screendump(Monitor *mon, const QDict *qdict); void hmp_chardev_add(Monitor *mon, const QDict *qdict); diff --git a/migration/meson.build b/migration/meson.build -index 95d1cf2250..800f12a60d 100644 +index 020127d901..4b0c4f0f51 100644 --- a/migration/meson.build +++ b/migration/meson.build -@@ -28,6 +28,7 @@ system_ss.add(files( +@@ -27,6 +27,7 @@ system_ss.add(files( 'options.c', 'postcopy-ram.c', 'savevm.c', @@ -141,10 +141,10 @@ index 95d1cf2250..800f12a60d 100644 'threadinfo.c', diff --git a/migration/savevm-async.c b/migration/savevm-async.c new file mode 100644 -index 0000000000..1af32604c7 +index 0000000000..4f1ef0ebd8 --- /dev/null +++ b/migration/savevm-async.c -@@ -0,0 +1,545 @@ +@@ -0,0 +1,540 @@ +#include "qemu/osdep.h" +#include "migration/channel-savevm-async.h" +#include "migration/migration.h" @@ -489,13 +489,8 @@ index 0000000000..1af32604c7 + } + + if (migration_is_running()) { -+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, QERR_MIGRATION_ACTIVE); -+ return; -+ } -+ -+ if (migrate_block()) { + error_set(errp, ERROR_CLASS_GENERIC_ERROR, -+ "Block migration and snapshots are incompatible"); ++ "There's a migration process in progress"); + return; + } + @@ -558,7 +553,7 @@ index 0000000000..1af32604c7 + snap_state.finalize_bh = qemu_bh_new(process_savevm_finalize, &snap_state); + snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL); + qemu_savevm_state_header(snap_state.file); -+ qemu_savevm_state_setup(snap_state.file); ++ qemu_savevm_state_setup(snap_state.file, &local_err); + + /* Async processing from here on out happens in iohandler context, so let + * the target bdrv have its home there. @@ -691,21 +686,21 @@ index 0000000000..1af32604c7 + return ret; +} diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c -index 871898ac46..ef4634e5c1 100644 +index f601d06ab8..874084565f 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c -@@ -22,6 +22,7 @@ - #include "monitor/monitor-internal.h" +@@ -24,6 +24,7 @@ #include "qapi/error.h" #include "qapi/qapi-commands-control.h" + #include "qapi/qapi-commands-machine.h" +#include "qapi/qapi-commands-migration.h" #include "qapi/qapi-commands-misc.h" #include "qapi/qmp/qdict.h" #include "qemu/cutils.h" -@@ -443,3 +444,40 @@ void hmp_info_mtree(Monitor *mon, const QDict *qdict) - - mtree_info(flatview, dispatch_tree, owner, disabled); +@@ -434,3 +435,40 @@ void hmp_dumpdtb(Monitor *mon, const QDict *qdict) + monitor_printf(mon, "dtb dumped to %s", filename); } + #endif + +void hmp_savevm_start(Monitor *mon, const QDict *qdict) +{ @@ -744,10 +739,10 @@ index 871898ac46..ef4634e5c1 100644 + } +} diff --git a/qapi/migration.json b/qapi/migration.json -index 8c65b90328..ed20d066cd 100644 +index 7324571e92..d6e94a7c41 100644 --- a/qapi/migration.json +++ b/qapi/migration.json -@@ -297,6 +297,40 @@ +@@ -276,6 +276,40 @@ '*dirty-limit-throttle-time-per-round': 'uint64', '*dirty-limit-ring-full-time': 'uint64'} } @@ -789,7 +784,7 @@ index 8c65b90328..ed20d066cd 100644 # @query-migrate: # diff --git a/qapi/misc.json b/qapi/misc.json -index ec30e5c570..3c68633f68 100644 +index 559b66f201..7959e89c1e 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -454,6 +454,24 @@ @@ -818,10 +813,10 @@ index ec30e5c570..3c68633f68 100644 # @CommandLineParameterType: # diff --git a/qemu-options.hx b/qemu-options.hx -index 8ce85d4559..511ab9415e 100644 +index d94e2cbbae..07730f9e65 100644 --- a/qemu-options.hx +++ b/qemu-options.hx -@@ -4610,6 +4610,18 @@ SRST +@@ -4805,6 +4805,18 @@ SRST Start right away with a saved state (``loadvm`` in monitor) ERST @@ -841,10 +836,10 @@ index 8ce85d4559..511ab9415e 100644 DEF("daemonize", 0, QEMU_OPTION_daemonize, \ "-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL) diff --git a/system/vl.c b/system/vl.c -index c644222982..2738ab7c91 100644 +index 01b8b8e77a..d6bbdc906e 100644 --- a/system/vl.c +++ b/system/vl.c -@@ -163,6 +163,7 @@ static const char *accelerators; +@@ -164,6 +164,7 @@ static const char *accelerators; static bool have_custom_ram_size; static const char *ram_memdev_id; static QDict *machine_opts_dict; @@ -852,7 +847,7 @@ index c644222982..2738ab7c91 100644 static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts); static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts); static int display_remote; -@@ -2712,6 +2713,12 @@ void qmp_x_exit_preconfig(Error **errp) +@@ -2727,6 +2728,12 @@ void qmp_x_exit_preconfig(Error **errp) RunState state = autostart ? RUN_STATE_RUNNING : runstate_get(); load_snapshot(loadvm, NULL, false, NULL, &error_fatal); load_snapshot_resume(state); @@ -865,7 +860,7 @@ index c644222982..2738ab7c91 100644 } if (replay_mode != REPLAY_MODE_NONE) { replay_vmstate_init(); -@@ -3259,6 +3266,9 @@ void qemu_init(int argc, char **argv) +@@ -3275,6 +3282,9 @@ void qemu_init(int argc, char **argv) case QEMU_OPTION_loadvm: loadvm = optarg; break; diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch index 92bc9f2..176ce0a 100644 --- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch +++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch @@ -13,16 +13,16 @@ Signed-off-by: Thomas Lamprecht [FE: adapt to removal of QEMUFileOps] Signed-off-by: Fiona Ebner --- - migration/qemu-file.c | 50 +++++++++++++++++++++++++++------------- + migration/qemu-file.c | 48 +++++++++++++++++++++++++++------------- migration/qemu-file.h | 2 ++ - migration/savevm-async.c | 5 ++-- - 3 files changed, 39 insertions(+), 18 deletions(-) + migration/savevm-async.c | 5 +++-- + 3 files changed, 38 insertions(+), 17 deletions(-) diff --git a/migration/qemu-file.c b/migration/qemu-file.c -index a10882d47f..19c1de0472 100644 +index b6d2f588bd..754dc0b3f7 100644 --- a/migration/qemu-file.c +++ b/migration/qemu-file.c -@@ -35,8 +35,8 @@ +@@ -34,8 +34,8 @@ #include "rdma.h" #include "io/channel-file.h" @@ -33,7 +33,7 @@ index a10882d47f..19c1de0472 100644 struct QEMUFile { QIOChannel *ioc; -@@ -44,7 +44,8 @@ struct QEMUFile { +@@ -43,7 +43,8 @@ struct QEMUFile { int buf_index; int buf_size; /* 0 when writing */ @@ -43,7 +43,7 @@ index a10882d47f..19c1de0472 100644 DECLARE_BITMAP(may_free, MAX_IOV_SIZE); struct iovec iov[MAX_IOV_SIZE]; -@@ -101,7 +102,9 @@ int qemu_file_shutdown(QEMUFile *f) +@@ -100,7 +101,9 @@ int qemu_file_shutdown(QEMUFile *f) return 0; } @@ -54,7 +54,7 @@ index a10882d47f..19c1de0472 100644 { QEMUFile *f; -@@ -110,6 +113,8 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable) +@@ -109,6 +112,8 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable) object_ref(ioc); f->ioc = ioc; f->is_writable = is_writable; @@ -63,7 +63,7 @@ index a10882d47f..19c1de0472 100644 return f; } -@@ -120,17 +125,27 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable) +@@ -119,17 +124,27 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable) */ QEMUFile *qemu_file_get_return_path(QEMUFile *f) { @@ -94,7 +94,7 @@ index a10882d47f..19c1de0472 100644 } /* -@@ -328,7 +343,7 @@ static ssize_t coroutine_mixed_fn qemu_fill_buffer(QEMUFile *f) +@@ -327,7 +342,7 @@ static ssize_t coroutine_mixed_fn qemu_fill_buffer(QEMUFile *f) do { len = qio_channel_read(f->ioc, (char *)f->buf + pending, @@ -103,7 +103,7 @@ index a10882d47f..19c1de0472 100644 &local_error); if (len == QIO_CHANNEL_ERR_BLOCK) { if (qemu_in_coroutine()) { -@@ -368,6 +383,9 @@ int qemu_fclose(QEMUFile *f) +@@ -367,6 +382,9 @@ int qemu_fclose(QEMUFile *f) ret = ret2; } g_clear_pointer(&f->ioc, object_unref); @@ -113,7 +113,7 @@ index a10882d47f..19c1de0472 100644 error_free(f->last_error_obj); g_free(f); trace_qemu_file_fclose(); -@@ -416,7 +434,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len) +@@ -415,7 +433,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len) { if (!add_to_iovec(f, f->buf + f->buf_index, len, false)) { f->buf_index += len; @@ -122,7 +122,7 @@ index a10882d47f..19c1de0472 100644 qemu_fflush(f); } } -@@ -441,7 +459,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size) +@@ -440,7 +458,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size) } while (size > 0) { @@ -131,7 +131,7 @@ index a10882d47f..19c1de0472 100644 if (l > size) { l = size; } -@@ -587,8 +605,8 @@ size_t coroutine_mixed_fn qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t si +@@ -586,8 +604,8 @@ size_t coroutine_mixed_fn qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t si size_t index; assert(!qemu_file_is_writable(f)); @@ -142,7 +142,7 @@ index a10882d47f..19c1de0472 100644 /* The 1st byte to read from */ index = f->buf_index + offset; -@@ -638,7 +656,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size +@@ -637,7 +655,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size size_t res; uint8_t *src; @@ -151,7 +151,7 @@ index a10882d47f..19c1de0472 100644 if (res == 0) { return done; } -@@ -672,7 +690,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size +@@ -671,7 +689,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size */ size_t coroutine_mixed_fn qemu_get_buffer_in_place(QEMUFile *f, uint8_t **buf, size_t size) { @@ -160,7 +160,7 @@ index a10882d47f..19c1de0472 100644 size_t res; uint8_t *src = NULL; -@@ -697,7 +715,7 @@ int coroutine_mixed_fn qemu_peek_byte(QEMUFile *f, int offset) +@@ -696,7 +714,7 @@ int coroutine_mixed_fn qemu_peek_byte(QEMUFile *f, int offset) int index = f->buf_index + offset; assert(!qemu_file_is_writable(f)); @@ -169,17 +169,8 @@ index a10882d47f..19c1de0472 100644 if (index >= f->buf_size) { qemu_fill_buffer(f); -@@ -811,7 +829,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len, - ssize_t qemu_put_compression_data(QEMUFile *f, z_stream *stream, - const uint8_t *p, size_t size) - { -- ssize_t blen = IO_BUF_SIZE - f->buf_index - sizeof(int32_t); -+ ssize_t blen = f->buf_allocated_size - f->buf_index - sizeof(int32_t); - - if (blen < compressBound(size)) { - return -1; diff --git a/migration/qemu-file.h b/migration/qemu-file.h -index 32fd4a34fd..36a0cd8cc8 100644 +index 11c2120edd..edf3c5d147 100644 --- a/migration/qemu-file.h +++ b/migration/qemu-file.h @@ -30,7 +30,9 @@ @@ -193,10 +184,10 @@ index 32fd4a34fd..36a0cd8cc8 100644 /* diff --git a/migration/savevm-async.c b/migration/savevm-async.c -index 1af32604c7..be2035cd2e 100644 +index 4f1ef0ebd8..84e10b2c4c 100644 --- a/migration/savevm-async.c +++ b/migration/savevm-async.c -@@ -386,7 +386,7 @@ void qmp_savevm_start(const char *statefile, Error **errp) +@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp) QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target, &snap_state.bs_pos)); @@ -205,7 +196,7 @@ index 1af32604c7..be2035cd2e 100644 if (!snap_state.file) { error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile); -@@ -510,7 +510,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp) +@@ -505,7 +505,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp) blk_op_block_all(be, blocker); /* restore the VM state */ diff --git a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch index 7464ca5..360f54e 100644 --- a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch +++ b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch @@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner create mode 100644 block/zeroinit.c diff --git a/block/meson.build b/block/meson.build -index e1f03fd773..b530e117b5 100644 +index f1262ec2ba..6a60b5d6b9 100644 --- a/block/meson.build +++ b/block/meson.build @@ -39,6 +39,7 @@ block_ss.add(files( @@ -23,12 +23,12 @@ index e1f03fd773..b530e117b5 100644 'throttle-groups.c', 'write-threshold.c', + 'zeroinit.c', - ), zstd, zlib, gnutls) + ), zstd, zlib) system_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c')) diff --git a/block/zeroinit.c b/block/zeroinit.c new file mode 100644 -index 0000000000..7998c9332d +index 0000000000..2b2b194ccf --- /dev/null +++ b/block/zeroinit.c @@ -0,0 +1,207 @@ @@ -212,7 +212,7 @@ index 0000000000..7998c9332d + .instance_size = sizeof(BDRVZeroinitState), + + .bdrv_parse_filename = zeroinit_parse_filename, -+ .bdrv_file_open = zeroinit_open, ++ .bdrv_open = zeroinit_open, + .bdrv_close = zeroinit_close, + .bdrv_co_getlength = zeroinit_co_getlength, + .bdrv_child_perm = bdrv_default_perms, diff --git a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch index bc472b0..d69cfab 100644 --- a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch +++ b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch @@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 11 insertions(+) diff --git a/qemu-options.hx b/qemu-options.hx -index 511ab9415e..92e301d545 100644 +index 07730f9e65..7fdc944965 100644 --- a/qemu-options.hx +++ b/qemu-options.hx -@@ -1237,6 +1237,9 @@ legacy PC, they are not recommended for modern configurations. +@@ -1239,6 +1239,9 @@ legacy PC, they are not recommended for modern configurations. ERST @@ -28,10 +28,10 @@ index 511ab9415e..92e301d545 100644 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL) DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL) diff --git a/system/vl.c b/system/vl.c -index 2738ab7c91..20ebf2c920 100644 +index d6bbdc906e..200468a753 100644 --- a/system/vl.c +++ b/system/vl.c -@@ -2748,6 +2748,7 @@ void qemu_init(int argc, char **argv) +@@ -2764,6 +2764,7 @@ void qemu_init(int argc, char **argv) MachineClass *machine_class; bool userconfig = true; FILE *vmstate_dump_file = NULL; @@ -39,7 +39,7 @@ index 2738ab7c91..20ebf2c920 100644 qemu_add_opts(&qemu_drive_opts); qemu_add_drive_opts(&qemu_legacy_drive_opts); -@@ -3371,6 +3372,13 @@ void qemu_init(int argc, char **argv) +@@ -3387,6 +3388,13 @@ void qemu_init(int argc, char **argv) machine_parse_property_opt(qemu_find_opts("smp-opts"), "smp", optarg); break; diff --git a/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch b/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch index 9845cf2..016810d 100644 --- a/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch +++ b/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch @@ -11,7 +11,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 9 insertions(+) diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c -index d8fc1e2815..789694b8b3 100644 +index c13cdd7994..fd5808cdc0 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -263,6 +263,15 @@ static void apic_reset_common(DeviceState *dev) diff --git a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch index 8b7439c..ec053d8 100644 --- a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch +++ b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch @@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 46 insertions(+), 20 deletions(-) diff --git a/block/file-posix.c b/block/file-posix.c -index 43bc0bd520..60e98c87f1 100644 +index 99e5bea1cc..6a4f6a25e6 100644 --- a/block/file-posix.c +++ b/block/file-posix.c -@@ -2876,6 +2876,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp) +@@ -2884,6 +2884,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp) int fd; uint64_t perm, shared; int result = 0; @@ -24,7 +24,7 @@ index 43bc0bd520..60e98c87f1 100644 /* Validate options and set default values */ assert(options->driver == BLOCKDEV_DRIVER_FILE); -@@ -2916,19 +2917,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp) +@@ -2924,19 +2925,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp) perm = BLK_PERM_WRITE | BLK_PERM_RESIZE; shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE; @@ -59,7 +59,7 @@ index 43bc0bd520..60e98c87f1 100644 } /* Clear the file by truncating it to 0 */ -@@ -2982,13 +2986,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp) +@@ -2990,13 +2994,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp) } out_unlock: @@ -82,7 +82,7 @@ index 43bc0bd520..60e98c87f1 100644 } out_close: -@@ -3012,6 +3018,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename, +@@ -3020,6 +3026,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename, PreallocMode prealloc; char *buf = NULL; Error *local_err = NULL; @@ -90,7 +90,7 @@ index 43bc0bd520..60e98c87f1 100644 /* Skip file: protocol prefix */ strstart(filename, "file:", &filename); -@@ -3034,6 +3041,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename, +@@ -3042,6 +3049,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename, return -EINVAL; } @@ -109,7 +109,7 @@ index 43bc0bd520..60e98c87f1 100644 options = (BlockdevCreateOptions) { .driver = BLOCKDEV_DRIVER_FILE, .u.file = { -@@ -3045,6 +3064,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename, +@@ -3053,6 +3072,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename, .nocow = nocow, .has_extent_size_hint = has_extent_size_hint, .extent_size_hint = extent_size_hint, @@ -119,10 +119,10 @@ index 43bc0bd520..60e98c87f1 100644 }; return raw_co_create(&options, errp); diff --git a/qapi/block-core.json b/qapi/block-core.json -index 905da8be72..3db587a6e4 100644 +index c2a337cc04..1cb6f04db3 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json -@@ -4956,6 +4956,10 @@ +@@ -4959,6 +4959,10 @@ # @extent-size-hint: Extent size hint to add to the image file; 0 for # not adding an extent size hint (default: 1 MB, since 5.1) # @@ -133,7 +133,7 @@ index 905da8be72..3db587a6e4 100644 # Since: 2.12 ## { 'struct': 'BlockdevCreateOptionsFile', -@@ -4963,7 +4967,8 @@ +@@ -4966,7 +4970,8 @@ 'size': 'size', '*preallocation': 'PreallocMode', '*nocow': 'bool', diff --git a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch index e3c7ba1..c7e00c9 100644 --- a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch +++ b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch @@ -18,10 +18,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/monitor/qmp.c b/monitor/qmp.c -index 589c9524f8..2505dd658a 100644 +index eb181d5979..20fc0d20a6 100644 --- a/monitor/qmp.c +++ b/monitor/qmp.c -@@ -536,8 +536,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp) +@@ -534,8 +534,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp) qemu_chr_fe_set_echo(&mon->common.chr, true); /* Note: we run QMP monitor in I/O thread when @chr supports that */ diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch index a7630d2..74bc24e 100644 --- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch +++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch @@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/core/machine.c b/hw/core/machine.c -index 4273de16a0..83f1fc0293 100644 +index 27dcda0248..7a13e9f014 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c -@@ -162,7 +162,8 @@ GlobalProperty hw_compat_4_0[] = { +@@ -173,7 +173,8 @@ GlobalProperty hw_compat_4_0[] = { { "virtio-vga", "edid", "false" }, { "virtio-gpu-device", "edid", "false" }, { "virtio-device", "use-started", "false" }, diff --git a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch index eb27304..70c1d15 100644 --- a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch +++ b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch @@ -16,15 +16,15 @@ Signed-off-by: Fiona Ebner --- hw/core/machine-qmp-cmds.c | 5 +++++ include/hw/boards.h | 2 ++ - qapi/machine.json | 4 +++- - system/vl.c | 25 +++++++++++++++++++++++++ - 4 files changed, 35 insertions(+), 1 deletion(-) + qapi/machine.json | 3 +++ + system/vl.c | 24 ++++++++++++++++++++++++ + 4 files changed, 34 insertions(+) diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c -index 314351cdff..628a3537c5 100644 +index 52a6d74820..362128842d 100644 --- a/hw/core/machine-qmp-cmds.c +++ b/hw/core/machine-qmp-cmds.c -@@ -94,6 +94,11 @@ MachineInfoList *qmp_query_machines(Error **errp) +@@ -94,6 +94,11 @@ MachineInfoList *qmp_query_machines(bool has_compat_props, bool compat_props, if (strcmp(mc->name, MACHINE_GET_CLASS(current_machine)->name) == 0) { info->has_is_current = true; info->is_current = true; @@ -37,10 +37,10 @@ index 314351cdff..628a3537c5 100644 if (mc->default_cpu_type) { diff --git a/include/hw/boards.h b/include/hw/boards.h -index 8b8f6d5c00..dd6d0a1447 100644 +index 48ff6d8b93..5cddeb7fcb 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h -@@ -246,6 +246,8 @@ struct MachineClass { +@@ -252,6 +252,8 @@ struct MachineClass { const char *desc; const char *deprecation_reason; @@ -50,52 +50,51 @@ index 8b8f6d5c00..dd6d0a1447 100644 void (*reset)(MachineState *state, ShutdownCause reason); void (*wakeup)(MachineState *state); diff --git a/qapi/machine.json b/qapi/machine.json -index a024d5b05d..1d69bffaa0 100644 +index 0c703316f5..dc46a3e93f 100644 --- a/qapi/machine.json +++ b/qapi/machine.json -@@ -168,6 +168,8 @@ +@@ -190,6 +190,8 @@ # # @acpi: machine type supports ACPI (since 8.0) # +# @pve-version: custom PVE version suffix specified as 'machine+pveN' +# - # Since: 1.2 - ## - { 'struct': 'MachineInfo', -@@ -175,7 +177,7 @@ - '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int', + # @compat-props: The machine type's compatibility properties. Only + # present when query-machines argument @compat-props is true. + # (since 9.1) +@@ -206,6 +208,7 @@ 'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool', 'deprecated': 'bool', '*default-cpu-type': 'str', -- '*default-ram-id': 'str', 'acpi': 'bool' } } -+ '*default-ram-id': 'str', 'acpi': 'bool', '*pve-version': 'str' } } + '*default-ram-id': 'str', 'acpi': 'bool', ++ '*pve-version': 'str', + '*compat-props': { 'type': ['CompatProperty'], + 'features': ['unstable'] } } } - ## - # @query-machines: diff --git a/system/vl.c b/system/vl.c -index 20ebf2c920..4d39e32097 100644 +index 200468a753..0dbdba6421 100644 --- a/system/vl.c +++ b/system/vl.c -@@ -1659,6 +1659,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv, - static MachineClass *select_machine(QDict *qdict, Error **errp) +@@ -1675,6 +1675,7 @@ static MachineClass *select_machine(QDict *qdict, Error **errp) { + ERRP_GUARD(); const char *machine_type = qdict_get_try_str(qdict, "type"); + const char *pvever = qdict_get_try_str(qdict, "pvever"); - GSList *machines = object_class_get_list(TYPE_MACHINE, false); - MachineClass *machine_class; - Error *local_err = NULL; -@@ -1676,6 +1677,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp) - } - } + g_autoptr(GSList) machines = object_class_get_list(TYPE_MACHINE, false); + MachineClass *machine_class = NULL; -+ if (machine_class) { +@@ -1694,7 +1695,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp) + if (!machine_class) { + error_append_hint(errp, + "Use -machine help to list supported machines\n"); ++ } else { + machine_class->pve_version = g_strdup(pvever); + qdict_del(qdict, "pvever"); -+ } + } + - g_slist_free(machines); - if (local_err) { - error_append_hint(&local_err, "Use -machine help to list supported machines\n"); -@@ -3313,12 +3319,31 @@ void qemu_init(int argc, char **argv) + return machine_class; + } + +@@ -3329,12 +3334,31 @@ void qemu_init(int argc, char **argv) case QEMU_OPTION_machine: { bool help; diff --git a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch index d6d7767..0f197ba 100644 --- a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch +++ b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch @@ -26,12 +26,12 @@ Signed-off-by: Fiona Ebner create mode 100644 vma.h diff --git a/block/meson.build b/block/meson.build -index b530e117b5..b245daa98e 100644 +index 6a60b5d6b9..652c8cbdb7 100644 --- a/block/meson.build +++ b/block/meson.build @@ -42,6 +42,8 @@ block_ss.add(files( 'zeroinit.c', - ), zstd, zlib, gnutls) + ), zstd, zlib) +block_ss.add(files('../vma-writer.c'), libuuid) + @@ -39,10 +39,10 @@ index b530e117b5..b245daa98e 100644 system_ss.add(files('block-ram-registrar.c')) diff --git a/meson.build b/meson.build -index 91a0aa64c6..620cc594b2 100644 +index aa7ea85d0b..7eee5b4249 100644 --- a/meson.build +++ b/meson.build -@@ -1922,6 +1922,8 @@ endif +@@ -2012,6 +2012,8 @@ endif has_gettid = cc.has_function('gettid') @@ -51,12 +51,12 @@ index 91a0aa64c6..620cc594b2 100644 # libselinux selinux = dependency('libselinux', required: get_option('selinux'), -@@ -4023,6 +4025,9 @@ if have_tools - dependencies: [blockdev, qemuutil, gnutls, selinux], +@@ -4097,6 +4099,9 @@ if have_tools + dependencies: [blockdev, qemuutil, selinux], install: true) + vma = executable('vma', files('vma.c', 'vma-reader.c') + genh, -+ dependencies: [authz, block, crypto, io, qom], install: true) ++ dependencies: [authz, block, crypto, io, qemuutil, qom], install: true) + subdir('storage-daemon') diff --git a/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch b/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch index 722a22f..39bb0c3 100644 --- a/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch +++ b/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch @@ -247,7 +247,7 @@ index eba5b11493..1963e47ab9 100644 if (perf->max_chunk && perf->max_chunk < cluster_size) { error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup " diff --git a/block/meson.build b/block/meson.build -index b245daa98e..e99914eaa4 100644 +index 652c8cbdb7..e1cf5a2e65 100644 --- a/block/meson.build +++ b/block/meson.build @@ -4,6 +4,7 @@ block_ss.add(files( @@ -259,7 +259,7 @@ index b245daa98e..e99914eaa4 100644 'blklogwrites.c', 'blkverify.c', diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h -index 761276127e..b3e6697613 100644 +index ebb4e56a50..e717a74e5f 100644 --- a/include/block/block_int-common.h +++ b/include/block/block_int-common.h @@ -26,6 +26,7 @@ diff --git a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch index 4cc9c97..7ed6dd2 100644 --- a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch +++ b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch @@ -104,11 +104,11 @@ Signed-off-by: Fiona Ebner create mode 100644 pve-backup.c diff --git a/block/meson.build b/block/meson.build -index e99914eaa4..6bba803f94 100644 +index e1cf5a2e65..2367e1ac1b 100644 --- a/block/meson.build +++ b/block/meson.build @@ -44,6 +44,11 @@ block_ss.add(files( - ), zstd, zlib, gnutls) + ), zstd, zlib) block_ss.add(files('../vma-writer.c'), libuuid) +block_ss.add(files( @@ -167,7 +167,7 @@ index bdf2eb50b6..439a7a14c8 100644 + hmp_handle_error(mon, error); +} diff --git a/blockdev.c b/blockdev.c -index ed8198f351..1054a69279 100644 +index 9cbd166674..8080c47fa6 100644 --- a/blockdev.c +++ b/blockdev.c @@ -37,6 +37,7 @@ @@ -179,10 +179,10 @@ index ed8198f351..1054a69279 100644 #include "monitor/monitor.h" #include "qemu/error-report.h" diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx -index d5ab880492..6c97248d1b 100644 +index d1a7b99add..af588145ff 100644 --- a/hmp-commands-info.hx +++ b/hmp-commands-info.hx -@@ -471,6 +471,20 @@ SRST +@@ -458,6 +458,20 @@ SRST Show the current VM UUID. ERST @@ -204,7 +204,7 @@ index d5ab880492..6c97248d1b 100644 { .name = "usernet", diff --git a/hmp-commands.hx b/hmp-commands.hx -index 7506de251c..d5f9c28194 100644 +index 0c7c6f2c16..bf8315f226 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx @@ -101,6 +101,35 @@ ERST @@ -244,7 +244,7 @@ index 7506de251c..d5f9c28194 100644 { diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h -index 7a7def7530..cba7afe70c 100644 +index 2596cc2426..9dda91d65a 100644 --- a/include/monitor/hmp.h +++ b/include/monitor/hmp.h @@ -32,6 +32,7 @@ void hmp_info_savevm(Monitor *mon, const QDict *qdict); @@ -255,7 +255,7 @@ index 7a7def7530..cba7afe70c 100644 void hmp_info_cpus(Monitor *mon, const QDict *qdict); void hmp_info_vnc(Monitor *mon, const QDict *qdict); void hmp_info_spice(Monitor *mon, const QDict *qdict); -@@ -84,6 +85,8 @@ void hmp_change_vnc(Monitor *mon, const char *device, const char *target, +@@ -82,6 +83,8 @@ void hmp_change_vnc(Monitor *mon, const char *device, const char *target, void hmp_change_medium(Monitor *mon, const char *device, const char *target, const char *arg, const char *read_only, bool force, Error **errp); @@ -265,10 +265,10 @@ index 7a7def7530..cba7afe70c 100644 void hmp_device_add(Monitor *mon, const QDict *qdict); void hmp_device_del(Monitor *mon, const QDict *qdict); diff --git a/meson.build b/meson.build -index 620cc594b2..d16b97cf3c 100644 +index 7eee5b4249..979c452f74 100644 --- a/meson.build +++ b/meson.build -@@ -1923,6 +1923,7 @@ endif +@@ -2013,6 +2013,7 @@ endif has_gettid = cc.has_function('gettid') libuuid = cc.find_library('uuid', required: true) @@ -277,18 +277,18 @@ index 620cc594b2..d16b97cf3c 100644 # libselinux selinux = dependency('libselinux', diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c -index ef4634e5c1..6e25279f42 100644 +index 874084565f..bedeb81f8c 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c -@@ -21,6 +21,7 @@ +@@ -22,6 +22,7 @@ #include "qemu/help_option.h" #include "monitor/monitor-internal.h" #include "qapi/error.h" +#include "qapi/qapi-commands-block-core.h" #include "qapi/qapi-commands-control.h" + #include "qapi/qapi-commands-machine.h" #include "qapi/qapi-commands-migration.h" - #include "qapi/qapi-commands-misc.h" -@@ -144,6 +145,77 @@ void hmp_sync_profile(Monitor *mon, const QDict *qdict) +@@ -119,6 +120,77 @@ void hmp_sync_profile(Monitor *mon, const QDict *qdict) } } @@ -586,7 +586,7 @@ index 0000000000..8cbf645b2c +#endif /* PROXMOX_BACKUP_CLIENT_H */ diff --git a/pve-backup.c b/pve-backup.c new file mode 100644 -index 0000000000..c755bf302b +index 0000000000..9f83ecb310 --- /dev/null +++ b/pve-backup.c @@ -0,0 +1,1092 @@ @@ -1194,7 +1194,7 @@ index 0000000000..c755bf302b + } + BlockDriverState *bs = blk_bs(blk); + if (!bdrv_co_is_inserted(bs)) { -+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, *d); ++ error_setg(errp, "Device '%s' has no medium", *d); + goto err; + } + PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1); @@ -1683,7 +1683,7 @@ index 0000000000..c755bf302b + return ret; +} diff --git a/qapi/block-core.json b/qapi/block-core.json -index 3db587a6e4..d05fffce1d 100644 +index 1cb6f04db3..ac83c3495d 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -851,6 +851,239 @@ @@ -1825,7 +1825,7 @@ index 3db587a6e4..d05fffce1d 100644 +# +# Cancel the current executing backup process. +# -+# Notes: This command succeeds even if there is no backup process running. ++# .. note:: This command succeeds even if there is no backup process running. +# +## +{ 'command': 'backup-cancel', 'coroutine': true } @@ -1927,7 +1927,7 @@ index 3db587a6e4..d05fffce1d 100644 # @BlockDeviceTimedStats: # diff --git a/qapi/common.json b/qapi/common.json -index 7558ce5430..6e3d800373 100644 +index 7558ce5430..5c00bddeb7 100644 --- a/qapi/common.json +++ b/qapi/common.json @@ -200,3 +200,17 @@ @@ -1944,12 +1944,12 @@ index 7558ce5430..6e3d800373 100644 +# +# Since: 0.14.0 +# -+# Notes: If no UUID was specified for the guest, a null UUID is ++# .. note:: If no UUID was specified for the guest, a null UUID is +# returned. +## +{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} } diff --git a/qapi/machine.json b/qapi/machine.json -index 1d69bffaa0..731d8d2f60 100644 +index dc46a3e93f..bd58d58fc5 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -4,6 +4,8 @@ @@ -1961,7 +1961,7 @@ index 1d69bffaa0..731d8d2f60 100644 ## # = Machines ## -@@ -237,20 +239,6 @@ +@@ -303,20 +305,6 @@ ## { 'command': 'query-target', 'returns': 'TargetInfo' } @@ -1974,8 +1974,8 @@ index 1d69bffaa0..731d8d2f60 100644 -# -# Since: 0.14 -# --# Notes: If no UUID was specified for the guest, a null UUID is --# returned. +-# .. note:: If no UUID was specified for the guest, the nil UUID (all +-# zeroes) is returned. -## -{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} } - diff --git a/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch index bde2cb2..5d6f956 100644 --- a/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch +++ b/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch @@ -14,15 +14,15 @@ Signed-off-by: Wolfgang Bumiller create mode 100644 pbs-restore.c diff --git a/meson.build b/meson.build -index d16b97cf3c..6de51c34cb 100644 +index 979c452f74..426f382178 100644 --- a/meson.build +++ b/meson.build -@@ -4029,6 +4029,10 @@ if have_tools +@@ -4103,6 +4103,10 @@ if have_tools vma = executable('vma', files('vma.c', 'vma-reader.c') + genh, - dependencies: [authz, block, crypto, io, qom], install: true) + dependencies: [authz, block, crypto, io, qemuutil, qom], install: true) + pbs_restore = executable('pbs-restore', files('pbs-restore.c') + genh, -+ dependencies: [authz, block, crypto, io, qom, ++ dependencies: [authz, block, crypto, io, qemuutil, qom, + libproxmox_backup_qemu], install: true) + subdir('storage-daemon') diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch index 02efb58..95b82a2 100644 --- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch +++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch @@ -15,15 +15,15 @@ Signed-off-by: Wolfgang Bumiller Signed-off-by: Fiona Ebner --- block/meson.build | 2 + - block/pbs.c | 313 +++++++++++++++++++++++++++++++++++++++++++ + block/pbs.c | 306 +++++++++++++++++++++++++++++++++++++++++++ meson.build | 2 +- qapi/block-core.json | 29 ++++ qapi/pragma.json | 1 + - 5 files changed, 346 insertions(+), 1 deletion(-) + 5 files changed, 339 insertions(+), 1 deletion(-) create mode 100644 block/pbs.c diff --git a/block/meson.build b/block/meson.build -index 6bba803f94..1945e04eeb 100644 +index 2367e1ac1b..e178047ec9 100644 --- a/block/meson.build +++ b/block/meson.build @@ -49,6 +49,8 @@ block_ss.add(files( @@ -37,10 +37,10 @@ index 6bba803f94..1945e04eeb 100644 system_ss.add(files('block-ram-registrar.c')) diff --git a/block/pbs.c b/block/pbs.c new file mode 100644 -index 0000000000..aee66c2e93 +index 0000000000..2d5e28ce8f --- /dev/null +++ b/block/pbs.c -@@ -0,0 +1,313 @@ +@@ -0,0 +1,306 @@ +/* + * Proxmox Backup Server read-only block driver + */ @@ -223,12 +223,6 @@ index 0000000000..aee66c2e93 + return 0; +} + -+static int pbs_file_open(BlockDriverState *bs, QDict *options, int flags, -+ Error **errp) -+{ -+ return pbs_open(bs, options, flags, errp); -+} -+ +static void pbs_close(BlockDriverState *bs) { + BDRVPBSState *s = bs->opaque; + g_free(s->repository); @@ -336,7 +330,6 @@ index 0000000000..aee66c2e93 + + .bdrv_parse_filename = pbs_parse_filename, + -+ .bdrv_file_open = pbs_file_open, + .bdrv_open = pbs_open, + .bdrv_close = pbs_close, + .bdrv_co_getlength = pbs_co_getlength, @@ -355,12 +348,12 @@ index 0000000000..aee66c2e93 + +block_init(bdrv_pbs_init); diff --git a/meson.build b/meson.build -index 6de51c34cb..3bc039f60f 100644 +index 426f382178..7e6130cfdf 100644 --- a/meson.build +++ b/meson.build -@@ -4477,7 +4477,7 @@ summary_info += {'bzip2 support': libbzip2} - summary_info += {'lzfse support': liblzfse} - summary_info += {'zstd support': zstd} +@@ -4559,7 +4559,7 @@ summary_info += {'zstd support': zstd} + summary_info += {'Query Processing Library support': qpl} + summary_info += {'UADK Library support': uadk} summary_info += {'NUMA host support': numa} -summary_info += {'capstone': capstone} +summary_info += {'PBS bdrv support': config_host.has_key('CONFIG_PBS_BDRV')} @@ -368,7 +361,7 @@ index 6de51c34cb..3bc039f60f 100644 summary_info += {'libdaxctl support': libdaxctl} summary_info += {'libudev': libudev} diff --git a/qapi/block-core.json b/qapi/block-core.json -index d05fffce1d..e7cf3d94f3 100644 +index ac83c3495d..fe0eefcea6 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3457,6 +3457,7 @@ @@ -413,7 +406,7 @@ index d05fffce1d..e7cf3d94f3 100644 ## # @BlockdevOptionsNVMe: # -@@ -4977,6 +5005,7 @@ +@@ -4978,6 +5006,7 @@ 'nfs': 'BlockdevOptionsNfs', 'null-aio': 'BlockdevOptionsNull', 'null-co': 'BlockdevOptionsNull', diff --git a/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch index f564373..a4b4cdf 100644 --- a/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch +++ b/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch @@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build -index 3bc039f60f..067e8956a7 100644 +index 7e6130cfdf..984f858bdc 100644 --- a/meson.build +++ b/meson.build -@@ -1923,6 +1923,7 @@ endif +@@ -2013,6 +2013,7 @@ endif has_gettid = cc.has_function('gettid') libuuid = cc.find_library('uuid', required: true) @@ -25,7 +25,7 @@ index 3bc039f60f..067e8956a7 100644 libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true) # libselinux -@@ -3530,7 +3531,7 @@ if have_block +@@ -3597,7 +3598,7 @@ if have_block if host_os == 'windows' system_ss.add(files('os-win32.c')) else @@ -35,7 +35,7 @@ index 3bc039f60f..067e8956a7 100644 endif diff --git a/os-posix.c b/os-posix.c -index a4284e2c07..197a2120fd 100644 +index 43f9a43f3f..a47e46d1c2 100644 --- a/os-posix.c +++ b/os-posix.c @@ -29,6 +29,8 @@ @@ -47,7 +47,7 @@ index a4284e2c07..197a2120fd 100644 #include "qemu/error-report.h" #include "qemu/log.h" -@@ -302,9 +304,10 @@ void os_setup_post(void) +@@ -306,9 +308,10 @@ void os_setup_post(void) dup2(fd, 0); dup2(fd, 1); diff --git a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch index 388bd04..6377a09 100644 --- a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch +++ b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch @@ -26,10 +26,10 @@ Signed-off-by: Fiona Ebner create mode 100644 migration/pbs-state.c diff --git a/include/migration/misc.h b/include/migration/misc.h -index c9e200f4eb..12c99ebc69 100644 +index bfadc5613b..e2e51fcf6b 100644 --- a/include/migration/misc.h +++ b/include/migration/misc.h -@@ -117,4 +117,7 @@ bool migration_in_bg_snapshot(void); +@@ -111,4 +111,7 @@ bool migration_in_bg_snapshot(void); /* migration/block-dirty-bitmap.c */ void dirty_bitmap_mig_init(void); @@ -38,25 +38,31 @@ index c9e200f4eb..12c99ebc69 100644 + #endif diff --git a/migration/meson.build b/migration/meson.build -index 800f12a60d..35a4306183 100644 +index 4b0c4f0f51..d039797132 100644 --- a/migration/meson.build +++ b/migration/meson.build -@@ -7,7 +7,9 @@ migration_files = files( - 'vmstate.c', +@@ -8,6 +8,7 @@ migration_files = files( 'qemu-file.c', 'yank_functions.c', -+ 'pbs-state.c', ) +system_ss.add(libproxmox_backup_qemu) system_ss.add(files( 'block-dirty-bitmap.c', +@@ -25,6 +26,7 @@ system_ss.add(files( + 'multifd-zlib.c', + 'multifd-zero-page.c', + 'options.c', ++ 'pbs-state.c', + 'postcopy-ram.c', + 'savevm.c', + 'savevm-async.c', diff --git a/migration/migration.c b/migration/migration.c -index 86bf76e925..b8d7e471a4 100644 +index ae2be31557..fab4c20ee4 100644 --- a/migration/migration.c +++ b/migration/migration.c -@@ -239,6 +239,7 @@ void migration_object_init(void) - blk_mig_init(); +@@ -263,6 +263,7 @@ void migration_object_init(void) + ram_mig_init(); dirty_bitmap_mig_init(); + pbs_state_mig_init(); @@ -65,7 +71,7 @@ index 86bf76e925..b8d7e471a4 100644 typedef struct { diff --git a/migration/pbs-state.c b/migration/pbs-state.c new file mode 100644 -index 0000000000..887e998b9e +index 0000000000..a97187e4d7 --- /dev/null +++ b/migration/pbs-state.c @@ -0,0 +1,104 @@ @@ -114,7 +120,7 @@ index 0000000000..887e998b9e +} + +/* serialize PBS state and send to target via f, called on source */ -+static int pbs_state_save_setup(QEMUFile *f, void *opaque) ++static int pbs_state_save_setup(QEMUFile *f, void *opaque, Error **errp) +{ + size_t buf_size; + uint8_t *buf = proxmox_export_state(&buf_size); @@ -174,7 +180,7 @@ index 0000000000..887e998b9e + NULL); +} diff --git a/pve-backup.c b/pve-backup.c -index c755bf302b..5ebb6a3947 100644 +index 9f83ecb310..57477f7f2a 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -1085,6 +1085,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp) @@ -186,7 +192,7 @@ index c755bf302b..5ebb6a3947 100644 ret->pbs_masterkey = true; ret->backup_max_workers = true; diff --git a/qapi/block-core.json b/qapi/block-core.json -index e7cf3d94f3..282e2e8a8c 100644 +index fe0eefcea6..521a1914e8 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1004,6 +1004,11 @@ diff --git a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch index 4a5b701..066ad77 100644 --- a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch +++ b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch @@ -15,18 +15,21 @@ transferred. Signed-off-by: Stefan Reiter Signed-off-by: Thomas Lamprecht --- - migration/block-dirty-bitmap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + migration/block-dirty-bitmap.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c -index 2708abf3d7..fb17c01308 100644 +index a7d55048c2..77346a5fa2 100644 --- a/migration/block-dirty-bitmap.c +++ b/migration/block-dirty-bitmap.c -@@ -540,7 +540,7 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs, +@@ -539,7 +539,10 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs, + } - if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, &local_err)) { - error_report_err(local_err); + if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, errp)) { - return -1; ++ if (errp != NULL) { ++ error_report_err(*errp); ++ } + continue; } diff --git a/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch b/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch index c78bc03..0dc48df 100644 --- a/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch +++ b/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch @@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 30 insertions(+) diff --git a/block/iscsi.c b/block/iscsi.c -index 2ff14b7472..46f275fbf7 100644 +index 979bf90cb7..961714a4be 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -1392,12 +1392,42 @@ static char *get_initiator_name(QemuOpts *opts) diff --git a/debian/patches/pve/0038-block-add-alloc-track-driver.patch b/debian/patches/pve/0038-block-add-alloc-track-driver.patch index d302c8e..a398c56 100644 --- a/debian/patches/pve/0038-block-add-alloc-track-driver.patch +++ b/debian/patches/pve/0038-block-add-alloc-track-driver.patch @@ -42,7 +42,7 @@ Signed-off-by: Fiona Ebner diff --git a/block/alloc-track.c b/block/alloc-track.c new file mode 100644 -index 0000000000..b9f8ea9137 +index 0000000000..b4a9851144 --- /dev/null +++ b/block/alloc-track.c @@ -0,0 +1,366 @@ @@ -386,7 +386,7 @@ index 0000000000..b9f8ea9137 + .format_name = "alloc-track", + .instance_size = sizeof(BDRVAllocTrackState), + -+ .bdrv_file_open = track_open, ++ .bdrv_open = track_open, + .bdrv_close = track_close, + .bdrv_co_getlength = track_co_getlength, + .bdrv_child_perm = track_child_perm, @@ -413,7 +413,7 @@ index 0000000000..b9f8ea9137 + +block_init(bdrv_alloc_track_init); diff --git a/block/meson.build b/block/meson.build -index 1945e04eeb..2873f3a25a 100644 +index e178047ec9..7ef7250d31 100644 --- a/block/meson.build +++ b/block/meson.build @@ -2,6 +2,7 @@ block_ss.add(genh) diff --git a/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch b/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch index f99f717..c773c6c 100644 --- a/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch +++ b/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch @@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 40 deletions(-) diff --git a/block/rbd.c b/block/rbd.c -index 63f60d41be..367db42dce 100644 +index 101ee59d6e..4ad3b1a7b1 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -1515,7 +1515,6 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs, diff --git a/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch b/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch index 5ae0bff..dfe5895 100644 --- a/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch +++ b/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch @@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/block/rbd.c b/block/rbd.c -index 367db42dce..347b121626 100644 +index 4ad3b1a7b1..e341745255 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -1474,11 +1474,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len, diff --git a/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch b/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch index 38966fe..596649e 100644 --- a/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch +++ b/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch @@ -24,7 +24,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 112 deletions(-) diff --git a/block/rbd.c b/block/rbd.c -index 347b121626..e61b359b97 100644 +index e341745255..436d3d7811 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -108,12 +108,6 @@ typedef struct RBDTask { @@ -152,7 +152,7 @@ index 347b121626..e61b359b97 100644 static int64_t coroutine_fn qemu_rbd_co_getlength(BlockDriverState *bs) { BDRVRBDState *s = bs->opaque; -@@ -1800,7 +1689,6 @@ static BlockDriver bdrv_rbd = { +@@ -1801,7 +1690,6 @@ static BlockDriver bdrv_rbd = { #ifdef LIBRBD_SUPPORTS_WRITE_ZEROES .bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes, #endif diff --git a/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch b/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch index 812026d..c0e323a 100644 --- a/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch +++ b/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch @@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/block/alloc-track.c b/block/alloc-track.c -index b9f8ea9137..f3ed2935c4 100644 +index b4a9851144..fc7d58a5d0 100644 --- a/block/alloc-track.c +++ b/block/alloc-track.c @@ -34,7 +34,6 @@ typedef struct { diff --git a/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch b/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch index 295319c..5e1683b 100644 --- a/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch +++ b/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch @@ -20,7 +20,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 26 deletions(-) diff --git a/block/alloc-track.c b/block/alloc-track.c -index f3ed2935c4..29138dcc49 100644 +index fc7d58a5d0..b56425b7f0 100644 --- a/block/alloc-track.c +++ b/block/alloc-track.c @@ -25,15 +25,9 @@ diff --git a/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch b/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch index 0b9717c..3c13f8c 100644 --- a/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch +++ b/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch @@ -108,10 +108,10 @@ index bdc703bacd..77857c6c68 100644 /* Function should be called prior any actual copy request */ diff --git a/qapi/block-core.json b/qapi/block-core.json -index 282e2e8a8c..9caf04cbe9 100644 +index 521a1914e8..171846deb1 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json -@@ -4926,12 +4926,18 @@ +@@ -4927,12 +4927,18 @@ # @on-cbw-error parameter will decide how this failure is handled. # Default 0. (Since 7.1) # diff --git a/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch b/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch index 267dead..e0ab0b3 100644 --- a/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch +++ b/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch @@ -68,10 +68,10 @@ index 01af0cd3c4..dc6cafe7fa 100644 Error **errp); void bdrv_cbw_drop(BlockDriverState *bs); diff --git a/blockdev.c b/blockdev.c -index 1054a69279..cbe224387b 100644 +index 8080c47fa6..3f67eb413d 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -2654,6 +2654,9 @@ static BlockJob *do_backup_common(BackupCommon *backup, +@@ -2656,6 +2656,9 @@ static BlockJob *do_backup_common(BackupCommon *backup, if (backup->x_perf->has_max_chunk) { perf.max_chunk = backup->x_perf->max_chunk; } @@ -82,7 +82,7 @@ index 1054a69279..cbe224387b 100644 if ((backup->sync == MIRROR_SYNC_MODE_BITMAP) || diff --git a/qapi/block-core.json b/qapi/block-core.json -index 9caf04cbe9..df934647ed 100644 +index 171846deb1..653df22046 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1790,11 +1790,16 @@ diff --git a/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch b/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch index 2f63bc0..3a70297 100644 --- a/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch +++ b/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch @@ -80,7 +80,7 @@ index 439a7a14c8..d0e7771dcc 100644 hmp_handle_error(mon, error); diff --git a/pve-backup.c b/pve-backup.c -index 5ebb6a3947..a747d12d3d 100644 +index 57477f7f2a..0f098000dd 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -7,9 +7,11 @@ @@ -252,7 +252,7 @@ index 5ebb6a3947..a747d12d3d 100644 + } + BlockDriverState *fleecing_bs = blk_bs(fleecing_blk); + if (!bdrv_co_is_inserted(fleecing_bs)) { -+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, fleecing_devid); ++ error_setg(errp, "Device '%s' has no medium", fleecing_devid); + goto err; + } + /* @@ -294,7 +294,7 @@ index 5ebb6a3947..a747d12d3d 100644 return ret; } diff --git a/qapi/block-core.json b/qapi/block-core.json -index df934647ed..ff441d4258 100644 +index 653df22046..9f25c398ec 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -948,6 +948,10 @@ diff --git a/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch b/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch index a57cebd..a7e8986 100644 --- a/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch +++ b/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch @@ -96,7 +96,7 @@ index dc6cafe7fa..a27d2d7d9f 100644 #endif /* COPY_BEFORE_WRITE_H */ diff --git a/pve-backup.c b/pve-backup.c -index a747d12d3d..4e730aa3da 100644 +index 0f098000dd..75da1dc051 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -374,6 +374,15 @@ static void pvebackup_complete_cb(void *opaque, int ret) diff --git a/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch b/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch index dc5e3f1..9a8ac00 100644 --- a/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch +++ b/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch @@ -18,7 +18,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index 4e730aa3da..c4178758b3 100644 +index 75da1dc051..167f0b5c3f 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -357,22 +357,23 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque) diff --git a/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch b/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch index 81ac557..7cac5cb 100644 --- a/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch +++ b/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch @@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 58 insertions(+), 37 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index c4178758b3..051ebffe48 100644 +index 167f0b5c3f..f136d004c4 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -525,6 +525,62 @@ static int coroutine_fn pvebackup_co_add_config( diff --git a/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch b/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch index 5ad62ca..a854b32 100644 --- a/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch +++ b/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch @@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index 051ebffe48..33c23e53c2 100644 +index f136d004c4..8ccb281c8c 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -94,6 +94,7 @@ typedef struct PVEBackupDevInfo { diff --git a/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch b/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch index dc9c883..bf79355 100644 --- a/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch +++ b/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch @@ -10,7 +10,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pve-backup.c b/pve-backup.c -index 33c23e53c2..d931746453 100644 +index 8ccb281c8c..255465676c 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -626,7 +626,8 @@ static void create_backup_jobs_bh(void *opaque) { diff --git a/debian/patches/series b/debian/patches/series index 93c97bf..3b57a3a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,39 +2,6 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch -extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch -extra/0006-block-copy-before-write-fix-permission.patch -extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch -extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch -extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch -extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch -extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch -extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch -extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch -extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch -extra/0015-block-copy-Fix-missing-graph-lock.patch -extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch -extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch -extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch -extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch -extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch -extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch -extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch -extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch -extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch -extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch -extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch -extra/0027-intel_iommu-fix-FRCD-construction-macro.patch -extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch -extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch -extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch -extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch -extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch -extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch -extra/0034-vnc-fix-crash-when-no-console-attached.patch -extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch -extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch -extra/0037-block-reqlist-allow-adding-overlapping-requests.patch bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch diff --git a/qemu b/qemu index 5ebde3b..508081a 160000 --- a/qemu +++ b/qemu @@ -1 +1 @@ -Subproject commit 5ebde3b5c00e15f560f73055fac4ab31c0cac6d2 +Subproject commit 508081a49b0d624930ca479b8a27bccdc50bdfb2