Add Vitastor support

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

Makefile

@@ -58,7 +58,7 @@ $(BUILDDIR): submodule
 deb kvm: $(DEBS)
 $(DEB_DBG): $(DEB)
 $(DEB): $(BUILDDIR)
-	cd $(BUILDDIR); dpkg-buildpackage -b -us -uc
+	cd $(BUILDDIR); dpkg-buildpackage -b -us -uc -j32
 	lintian $(DEBS)
 
 sbuild: $(DSC)

debian/changelog

@@ -1,3 +1,27 @@
+pve-qemu-kvm (9.0.2-1+vitastor1) bookworm; urgency=medium
+
+  * Add Vitastor support
+
+ -- Vitaliy Filippov <vitalif@yourcmc.ru>  Fri, 02 Aug 2024 00:03:15 +0300
+
+pve-qemu-kvm (9.0.2-1) bookworm; urgency=medium
+
+  * update submodule and patches to QEMU 9.0.2. While our version had most
+    stable fixes included already, there are new fixes for VirtIO and VGA
+    display screen blanking (#4786)
+
+  * backport fix for a regression with the LSI-53c895a controller and one for
+    the boot order getting ignored for USB storage
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Jul 2024 18:59:40 +0200
+
+pve-qemu-kvm (9.0.0-6) bookworm; urgency=medium
+
+  * fix a regression in the zeroinit block driver that prevented importing and
+    cloning disks to RBD storages which are not using the krbd setting
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 08 Jul 2024 16:11:15 +0200
+
 pve-qemu-kvm (9.0.0-5) bookworm; urgency=medium
 
   * backport fix for CVE-2024-4467 to prevent malicious qcow2 image files from

debian/control

@@ -59,6 +59,7 @@ Depends: ceph-common (>= 0.48),
          libspice-server1 (>= 0.14.0~),
          libusb-1.0-0 (>= 1.0.17-1),
          libusbredirparser1 (>= 0.6-2),
+         vitastor-client (>= 0.9.4),
          libuuid1,
          ${misc:Depends},
          ${shlibs:Depends},

debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch

@@ -258,7 +258,7 @@ index 1bdce3b657..0c5c72df2e 100644
                       errp);
      if (!job) {
 diff --git a/blockdev.c b/blockdev.c
-index 057601dcf0..8682814a7a 100644
+index 4c33c3f5f0..f3e508a6a7 100644
 --- a/blockdev.c
 +++ b/blockdev.c
 @@ -2776,6 +2776,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
@@ -349,7 +349,7 @@ index 057601dcf0..8682814a7a 100644
                             has_granularity, granularity,
                             has_buf_size, buf_size,
 diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
-index d2201e27f4..cc1387ae02 100644
+index eb2d92a226..f0c642b194 100644
 --- a/include/block/block_int-global-state.h
 +++ b/include/block/block_int-global-state.h
 @@ -158,7 +158,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
@@ -364,7 +364,7 @@ index d2201e27f4..cc1387ae02 100644
                    BlockdevOnError on_source_error,
                    BlockdevOnError on_target_error,
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 746d1694c2..45ab548dfe 100644
+index b179d65520..905da8be72 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -2174,6 +2174,15 @@

debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch

@@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 3 insertions(+)
 
 diff --git a/blockdev.c b/blockdev.c
-index 8682814a7a..5b75a085ee 100644
+index f3e508a6a7..37b8437f3e 100644
 --- a/blockdev.c
 +++ b/blockdev.c
 @@ -2873,6 +2873,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,

debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch

@@ -62,7 +62,7 @@ index 6b3cce1007..2f1223852b 100644
  
          if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
 diff --git a/blockdev.c b/blockdev.c
-index 5b75a085ee..d27d8c38ec 100644
+index 37b8437f3e..ed8198f351 100644
 --- a/blockdev.c
 +++ b/blockdev.c
 @@ -2852,7 +2852,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,

debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch

@@ -144,7 +144,7 @@ index a239945e8d..589c9524f8 100644
          monitor_qmp_caps_reset(mon);
          data = qmp_greeting(mon);
 diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index f3488afeef..2624eb3470 100644
+index 176b549473..790bb7d1da 100644
 --- a/qapi/qmp-dispatch.c
 +++ b/qapi/qmp-dispatch.c
 @@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
@@ -180,7 +180,7 @@ index f3488afeef..2624eb3470 100644
      aio_co_wake(data->co);
  }
  
-@@ -250,6 +262,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
+@@ -253,6 +265,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
              .ret        = &ret,
              .errp       = &err,
              .co         = qemu_coroutine_self(),

debian/patches/extra/0006-Revert-virtio-pci-fix-use-of-a-released-vector.patch

@@ -24,10 +24,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
  1 file changed, 2 insertions(+), 35 deletions(-)
 
 diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index cb159fd078..cb6940fc0e 100644
+index e04218a9fb..fd66713848 100644
 --- a/hw/virtio/virtio-pci.c
 +++ b/hw/virtio/virtio-pci.c
-@@ -1424,38 +1424,6 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
+@@ -1410,38 +1410,6 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
      return offset;
  }
  
@@ -66,7 +66,7 @@ index cb159fd078..cb6940fc0e 100644
  int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy,
                             uint8_t bar, uint64_t offset, uint64_t length,
                             uint8_t id)
-@@ -1602,8 +1570,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
+@@ -1588,8 +1556,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
          } else {
              val = VIRTIO_NO_VECTOR;
          }
@@ -76,7 +76,7 @@ index cb159fd078..cb6940fc0e 100644
          break;
      case VIRTIO_PCI_COMMON_STATUS:
          if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
-@@ -1643,7 +1610,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
+@@ -1629,7 +1596,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr,
          } else {
              val = VIRTIO_NO_VECTOR;
          }

debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch

@@ -1,98 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Thu, 16 May 2024 12:40:22 +0400
-Subject: [PATCH] virtio-gpu: fix v2 migration
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit dfcf74fa ("virtio-gpu: fix scanout migration post-load") broke
-forward/backward version migration. Versioning of nested VMSD structures
-is not straightforward, as the wire format doesn't have nested
-structures versions. Introduce x-scanout-vmstate-version and a field
-test to save/load appropriately according to the machine version.
-
-Fixes: dfcf74fa ("virtio-gpu: fix scanout migration post-load")
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
----
- hw/core/machine.c              |  1 +
- hw/display/virtio-gpu.c        | 24 ++++++++++++++++--------
- include/hw/virtio/virtio-gpu.h |  1 +
- 3 files changed, 18 insertions(+), 8 deletions(-)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 37ede0e7d4..d33a37a6f6 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -37,6 +37,7 @@ GlobalProperty hw_compat_8_2[] = {
-     { "migration", "zero-page-detection", "legacy"},
-     { TYPE_VIRTIO_IOMMU_PCI, "granule", "4k" },
-     { TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" },
-+    { "virtio-gpu-device", "x-scanout-vmstate-version", "1" },
- };
- const size_t hw_compat_8_2_len = G_N_ELEMENTS(hw_compat_8_2);
- 
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index ae831b6b3e..85323daf99 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -1166,10 +1166,17 @@ static void virtio_gpu_cursor_bh(void *opaque)
-     virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
- }
- 
-+static bool scanout_vmstate_after_v2(void *opaque, int version)
-+{
-+    struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout);
-+    struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj);
-+
-+    return gpu->scanout_vmstate_version >= 2;
-+}
-+
- static const VMStateDescription vmstate_virtio_gpu_scanout = {
-     .name = "virtio-gpu-one-scanout",
--    .version_id = 2,
--    .minimum_version_id = 1,
-+    .version_id = 1,
-     .fields = (const VMStateField[]) {
-         VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
-         VMSTATE_UINT32(width, struct virtio_gpu_scanout),
-@@ -1181,12 +1188,12 @@ static const VMStateDescription vmstate_virtio_gpu_scanout = {
-         VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
-         VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
-         VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
--        VMSTATE_UINT32_V(fb.format, struct virtio_gpu_scanout, 2),
--        VMSTATE_UINT32_V(fb.bytes_pp, struct virtio_gpu_scanout, 2),
--        VMSTATE_UINT32_V(fb.width, struct virtio_gpu_scanout, 2),
--        VMSTATE_UINT32_V(fb.height, struct virtio_gpu_scanout, 2),
--        VMSTATE_UINT32_V(fb.stride, struct virtio_gpu_scanout, 2),
--        VMSTATE_UINT32_V(fb.offset, struct virtio_gpu_scanout, 2),
-+        VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
-+        VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
-+        VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
-+        VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
-+        VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
-+        VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, scanout_vmstate_after_v2),
-         VMSTATE_END_OF_LIST()
-     },
- };
-@@ -1659,6 +1666,7 @@ static Property virtio_gpu_properties[] = {
-     DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
-                     VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
-     DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0),
-+    DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2),
-     DEFINE_PROP_END_OF_LIST(),
- };
- 
-diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
-index ed44cdad6b..842315d51d 100644
---- a/include/hw/virtio/virtio-gpu.h
-+++ b/include/hw/virtio/virtio-gpu.h
-@@ -177,6 +177,7 @@ typedef struct VGPUDMABuf {
- struct VirtIOGPU {
-     VirtIOGPUBase parent_obj;
- 
-+    uint8_t scanout_vmstate_version;
-     uint64_t conf_max_hostmem;
- 
-     VirtQueue *ctrl_vq;

debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch

@@ -1,59 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 16 May 2024 10:46:34 +0200
-Subject: [PATCH] hw/pflash: fix block write start
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Move the pflash_blk_write_start() call.  We need the offset of the
-first data write, not the offset for the setup (number-of-bytes)
-write.  Without this fix u-boot can do block writes to the first
-flash block only.
-
-While being at it drop a leftover FIXME.
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2343
-Fixes: fcc79f2e0955 ("hw/pflash: implement update buffer for block writes")
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-(picked up from https://lists.nongnu.org/archive/html/qemu-stable/2024-05/msg00091.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/block/pflash_cfi01.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
-index 1bda8424b9..c8f1cf5a87 100644
---- a/hw/block/pflash_cfi01.c
-+++ b/hw/block/pflash_cfi01.c
-@@ -518,10 +518,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
-             break;
-         case 0xe8: /* Write to buffer */
-             trace_pflash_write(pfl->name, "write to buffer");
--            /* FIXME should save @offset, @width for case 1+ */
--            qemu_log_mask(LOG_UNIMP,
--                          "%s: Write to buffer emulation is flawed\n",
--                          __func__);
-             pfl->status |= 0x80; /* Ready! */
-             break;
-         case 0xf0: /* Probe for AMD flash */
-@@ -574,7 +570,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
-             }
-             pfl->counter = value;
-             pfl->wcycle++;
--            pflash_blk_write_start(pfl, offset);
-             break;
-         case 0x60:
-             if (cmd == 0xd0) {
-@@ -605,6 +600,9 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
-         switch (pfl->cmd) {
-         case 0xe8: /* Block write */
-             /* FIXME check @offset, @width */
-+            if (pfl->blk_offset == -1 && pfl->counter) {
-+                pflash_blk_write_start(pfl, offset);
-+            }
-             if (!pfl->ro && (pfl->blk_offset != -1)) {
-                 pflash_data_write(pfl, offset, value, width, be);
-             } else {

debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch

@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 9 May 2024 12:38:10 +0200
-Subject: [PATCH] target/i386: fix operand size for DATA16 REX.W POPCNT
-
-According to the manual, 32-bit vs 64-bit is governed by REX.W
-and REX ignores the 0x66 prefix.  This can be confirmed with this
-program:
-
-    #include <stdio.h>
-    int main()
-    {
-       int x = 0x12340000;
-       int y;
-       asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y);
-       asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); printf("%x\n", y);
-       asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); printf("%x\n", y);
-    }
-
-which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000
-on QEMU.
-
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b)
-[FE: keep mo_64_32 helper which still has other users in 9.0.0]
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/translate.c | 7 +------
- 1 file changed, 1 insertion(+), 6 deletions(-)
-
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index 76a42c679c..b60f3bd642 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -6799,12 +6799,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
-         modrm = x86_ldub_code(env, s);
-         reg = ((modrm >> 3) & 7) | REX_R(s);
- 
--        if (s->prefix & PREFIX_DATA) {
--            ot = MO_16;
--        } else {
--            ot = mo_64_32(dflag);
--        }
--
-+        ot = dflag;
-         gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
-         gen_extu(ot, s->T0);
-         tcg_gen_mov_tl(cpu_cc_src, s->T0);

debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch

@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 9 May 2024 15:55:47 +0200
-Subject: [PATCH] target/i386: rdpkru/wrpkru are no-prefix instructions
-
-Reject 0x66/0xf3/0xf2 in front of them.
-
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 40a3ec7b5ffde500789d016660a171057d6b467c)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/translate.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index b60f3bd642..3e949fe964 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -6083,7 +6083,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
-             gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
-             break;
-         case 0xee: /* rdpkru */
--            if (prefixes & PREFIX_LOCK) {
-+            if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
-+                             | PREFIX_REPZ | PREFIX_REPNZ)) {
-                 goto illegal_op;
-             }
-             tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
-@@ -6091,7 +6092,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
-             tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
-             break;
-         case 0xef: /* wrpkru */
--            if (prefixes & PREFIX_LOCK) {
-+            if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
-+                             | PREFIX_REPZ | PREFIX_REPNZ)) {
-                 goto illegal_op;
-             }
-             tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],

debian/patches/extra/0010-qapi-blockdev-backup-add-discard-source-parameter.patch

@@ -45,10 +45,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  10 files changed, 37 insertions(+), 8 deletions(-)
 
 diff --git a/block/backup.c b/block/backup.c
-index 16d611c4ca..1963e47ab9 100644
+index ec29d6b810..3dd2e229d2 100644
 --- a/block/backup.c
 +++ b/block/backup.c
-@@ -332,7 +332,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -356,7 +356,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
                    BlockDriverState *target, int64_t speed,
                    MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
                    BitmapSyncMode bitmap_mode,
@@ -57,7 +57,7 @@ index 16d611c4ca..1963e47ab9 100644
                    const char *filter_node_name,
                    BackupPerf *perf,
                    BlockdevOnError on_source_error,
-@@ -433,7 +433,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -457,7 +457,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
          goto error;
      }
  
@@ -203,10 +203,10 @@ index ca6bd0a720..0415a5e8b7 100644
                                  BLOCKDEV_ON_ERROR_REPORT, JOB_INTERNAL,
                                  backup_job_completed, bs, NULL, &local_err);
 diff --git a/blockdev.c b/blockdev.c
-index 5e5dbc1da9..1054a69279 100644
+index 057601dcf0..4c33c3f5f0 100644
 --- a/blockdev.c
 +++ b/blockdev.c
-@@ -2727,7 +2727,7 @@ static BlockJob *do_backup_common(BackupCommon *backup,
+@@ -2726,7 +2726,7 @@ static BlockJob *do_backup_common(BackupCommon *backup,
  
      job = backup_job_create(backup->job_id, bs, target_bs, backup->speed,
                              backup->sync, bmap, backup->bitmap_mode,
@@ -241,10 +241,10 @@ index 8b41643bfa..bdc703bacd 100644
  
  /* Function should be called prior any actual copy request */
 diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
-index cc1387ae02..f0c642b194 100644
+index d2201e27f4..eb2d92a226 100644
 --- a/include/block/block_int-global-state.h
 +++ b/include/block/block_int-global-state.h
-@@ -195,7 +195,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -193,7 +193,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
                              MirrorSyncMode sync_mode,
                              BdrvDirtyBitmap *sync_bitmap,
                              BitmapSyncMode bitmap_mode,
@@ -254,10 +254,10 @@ index cc1387ae02..f0c642b194 100644
                              BackupPerf *perf,
                              BlockdevOnError on_source_error,
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index f516d8e95a..d796d49abb 100644
+index 4b18e01b85..b179d65520 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
-@@ -1849,6 +1849,9 @@
+@@ -1610,6 +1610,9 @@
  #     node specified by @drive.  If this option is not given, a node
  #     name is autogenerated.  (Since: 4.2)
  #
@@ -267,7 +267,7 @@ index f516d8e95a..d796d49abb 100644
  # @x-perf: Performance options.  (Since 6.0)
  #
  # Features:
-@@ -1870,6 +1873,7 @@
+@@ -1631,6 +1634,7 @@
              '*on-target-error': 'BlockdevOnError',
              '*auto-finalize': 'bool', '*auto-dismiss': 'bool',
              '*filter-node-name': 'str',

debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch

@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Wed, 8 May 2024 11:10:54 +0200
-Subject: [PATCH] target/i386: fix feature dependency for WAITPKG
-
-The VMX feature bit depends on general availability of WAITPKG,
-not the other way round.
-
-Fixes: 33cc88261c3 ("target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE", 2023-08-28)
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit fe01af5d47d4cf7fdf90c54d43f784e5068c8d72)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/cpu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/target/i386/cpu.c b/target/i386/cpu.c
-index 33760a2ee1..e693f8ca9a 100644
---- a/target/i386/cpu.c
-+++ b/target/i386/cpu.c
-@@ -1550,8 +1550,8 @@ static FeatureDep feature_dependencies[] = {
-         .to = { FEAT_SVM,                   ~0ull },
-     },
-     {
--        .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE },
--        .to = { FEAT_7_0_ECX,               CPUID_7_0_ECX_WAITPKG },
-+        .from = { FEAT_7_0_ECX,             CPUID_7_0_ECX_WAITPKG },
-+        .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE },
-     },
- };
- 

debian/patches/extra/0011-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch

@@ -0,0 +1,92 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Tue, 18 Jun 2024 14:19:58 +0200
+Subject: [PATCH] hw/virtio: Fix the de-initialization of vhost-user devices
+
+The unrealize functions of the various vhost-user devices are
+calling the corresponding vhost_*_set_status() functions with a
+status of 0 to shut down the device correctly.
+
+Now these vhost_*_set_status() functions all follow this scheme:
+
+    bool should_start = virtio_device_should_start(vdev, status);
+
+    if (vhost_dev_is_started(&vvc->vhost_dev) == should_start) {
+        return;
+    }
+
+    if (should_start) {
+        /* ... do the initialization stuff ... */
+    } else {
+        /* ... do the cleanup stuff ... */
+    }
+
+The problem here is virtio_device_should_start(vdev, 0) currently
+always returns "true" since it internally only looks at vdev->started
+instead of looking at the "status" parameter. Thus once the device
+got started once, virtio_device_should_start() always returns true
+and thus the vhost_*_set_status() functions return early, without
+ever doing any clean-up when being called with status == 0. This
+causes e.g. problems when trying to hot-plug and hot-unplug a vhost
+user devices multiple times since the de-initialization step is
+completely skipped during the unplug operation.
+
+This bug has been introduced in commit 9f6bcfd99f ("hw/virtio: move
+vm_running check to virtio_device_started") which replaced
+
+ should_start = status & VIRTIO_CONFIG_S_DRIVER_OK;
+
+with
+
+ should_start = virtio_device_started(vdev, status);
+
+which later got replaced by virtio_device_should_start(). This blocked
+the possibility to set should_start to false in case the status flag
+VIRTIO_CONFIG_S_DRIVER_OK was not set.
+
+Fix it by adjusting the virtio_device_should_start() function to
+only consider the status flag instead of vdev->started. Since this
+function is only used in the various vhost_*_set_status() functions
+for exactly the same purpose, it should be fine to fix it in this
+central place there without any risk to change the behavior of other
+code.
+
+Fixes: 9f6bcfd99f ("hw/virtio: move vm_running check to virtio_device_started")
+Buglink: https://issues.redhat.com/browse/RHEL-40708
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20240618121958.88673-1-thuth@redhat.com>
+Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit d72479b11797c28893e1e3fc565497a9cae5ca16)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ include/hw/virtio/virtio.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index 7d5ffdc145..2eafad17b8 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -470,9 +470,9 @@ static inline bool virtio_device_started(VirtIODevice *vdev, uint8_t status)
+  * @vdev - the VirtIO device
+  * @status - the devices status bits
+  *
+- * This is similar to virtio_device_started() but also encapsulates a
+- * check on the VM status which would prevent a device starting
+- * anyway.
++ * This is similar to virtio_device_started() but ignores vdev->started
++ * and also encapsulates a check on the VM status which would prevent a
++ * device from starting anyway.
+  */
+ static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status)
+ {
+@@ -480,7 +480,7 @@ static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status
+         return false;
+     }
+ 
+-    return virtio_device_started(vdev, status);
++    return status & VIRTIO_CONFIG_S_DRIVER_OK;
+ }
+ 
+ static inline void virtio_set_started(VirtIODevice *vdev, bool started)

debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch

@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Thu, 16 May 2024 15:21:07 +0200
-Subject: [PATCH] hw/core/machine: move compatibility flags for VirtIO-net USO
- to machine 8.1
-
-Migration from an 8.2 or 9.0 binary to an 8.1 binary with machine
-version 8.1 can fail with:
-
-> kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7
-> kvm: Failed to load virtio-net:virtio
-> kvm: error while loading state for instance 0x0 of device '0000:00:12.0/virtio-net'
-> kvm: load of migration failed: Operation not permitted
-
-The series
-
-53da8b5a99 virtio-net: Add support for USO features
-9da1684954 virtio-net: Add USO flags to vhost support.
-f03e0cf63b tap: Add check for USO features
-2ab0ec3121 tap: Add USO support to tap device.
-
-only landed in QEMU 8.2, so the compatibility flags should be part of
-machine version 8.1.
-
-Moving the flags unfortunately breaks forward migration with machine
-version 8.1 from a binary without this patch to a binary with this
-patch when the feature is enabled by the guest.
-
-Fixes: 53da8b5a99 ("virtio-net: Add support for USO features")
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/core/machine.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index d33a37a6f6..4273de16a0 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -46,15 +46,15 @@ GlobalProperty hw_compat_8_1[] = {
-     { "ramfb", "x-migrate", "off" },
-     { "vfio-pci-nohotplug", "x-ramfb-migrate", "off" },
-     { "igb", "x-pcie-flr-init", "off" },
-+    { TYPE_VIRTIO_NET, "host_uso", "off"},
-+    { TYPE_VIRTIO_NET, "guest_uso4", "off"},
-+    { TYPE_VIRTIO_NET, "guest_uso6", "off"},
- };
- const size_t hw_compat_8_1_len = G_N_ELEMENTS(hw_compat_8_1);
- 
- GlobalProperty hw_compat_8_0[] = {
-     { "migration", "multifd-flush-after-each-section", "on"},
-     { TYPE_PCI_DEVICE, "x-pcie-ari-nextfn-1", "on" },
--    { TYPE_VIRTIO_NET, "host_uso", "off"},
--    { TYPE_VIRTIO_NET, "guest_uso4", "off"},
--    { TYPE_VIRTIO_NET, "guest_uso6", "off"},
- };
- const size_t hw_compat_8_0_len = G_N_ELEMENTS(hw_compat_8_0);
- 

debian/patches/extra/0012-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch

@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniyal Khan <danikhan632@gmail.com>
+Date: Wed, 17 Jul 2024 16:01:47 +1000
+Subject: [PATCH] target/arm: Use float_status copy in sme_fmopa_s
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We made a copy above because the fp exception flags
+are not propagated back to the FPST register, but
+then failed to use the copy.
+
+Cc: qemu-stable@nongnu.org
+Fixes: 558e956c719 ("target/arm: Implement FMOPA, FMOPS (non-widening)")
+Signed-off-by: Daniyal Khan <danikhan632@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Message-id: 20240717060149.204788-2-richard.henderson@linaro.org
+[rth: Split from a larger patch]
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 31d93fedf41c24b0badb38cd9317590d1ef74e37)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ target/arm/tcg/sme_helper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
+index e2e0575039..5a6dd76489 100644
+--- a/target/arm/tcg/sme_helper.c
++++ b/target/arm/tcg/sme_helper.c
+@@ -916,7 +916,7 @@ void HELPER(sme_fmopa_s)(void *vza, void *vzn, void *vzm, void *vpn,
+                         if (pb & 1) {
+                             uint32_t *a = vza_row + H1_4(col);
+                             uint32_t *m = vzm + H1_4(col);
+-                            *a = float32_muladd(n, *m, *a, 0, vst);
++                            *a = float32_muladd(n, *m, *a, 0, &fpst);
+                         }
+                         col += 4;
+                         pb >>= 4;

debian/patches/extra/0013-Revert-monitor-use-aio_co_reschedule_self.patch

@@ -1,53 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Mon, 6 May 2024 15:06:21 -0400
-Subject: [PATCH] Revert "monitor: use aio_co_reschedule_self()"
-
-Commit 1f25c172f837 ("monitor: use aio_co_reschedule_self()") was a code
-cleanup that uses aio_co_reschedule_self() instead of open coding
-coroutine rescheduling.
-
-Bug RHEL-34618 was reported and Kevin Wolf <kwolf@redhat.com> identified
-the root cause. I missed that aio_co_reschedule_self() ->
-qemu_get_current_aio_context() only knows about
-qemu_aio_context/IOThread AioContexts and not about iohandler_ctx. It
-does not function correctly when going back from the iohandler_ctx to
-qemu_aio_context.
-
-Go back to open coding the AioContext transitions to avoid this bug.
-
-This reverts commit 1f25c172f83704e350c0829438d832384084a74d.
-
-Buglink: https://issues.redhat.com/browse/RHEL-34618
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(picked from: https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg01090.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- qapi/qmp-dispatch.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index 2624eb3470..790bb7d1da 100644
---- a/qapi/qmp-dispatch.c
-+++ b/qapi/qmp-dispatch.c
-@@ -224,7 +224,8 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
-              * executing the command handler so that it can make progress if it
-              * involves an AIO_WAIT_WHILE().
-              */
--            aio_co_reschedule_self(qemu_get_aio_context());
-+            aio_co_schedule(qemu_get_aio_context(), qemu_coroutine_self());
-+            qemu_coroutine_yield();
-         }
- 
-         monitor_set_cur(qemu_coroutine_self(), cur_mon);
-@@ -238,7 +239,9 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
-              * Move back to iohandler_ctx so that nested event loops for
-              * qemu_aio_context don't start new monitor commands.
-              */
--            aio_co_reschedule_self(iohandler_get_aio_context());
-+            aio_co_schedule(iohandler_get_aio_context(),
-+                            qemu_coroutine_self());
-+            qemu_coroutine_yield();
-         }
-     } else {
-        /*

debian/patches/extra/0013-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch

@@ -0,0 +1,62 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Wed, 17 Jul 2024 16:01:48 +1000
+Subject: [PATCH] target/arm: Use FPST_F16 for SME FMOPA (widening)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This operation has float16 inputs and thus must use
+the FZ16 control not the FZ control.
+
+Cc: qemu-stable@nongnu.org
+Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
+Reported-by: Daniyal Khan <danikhan632@gmail.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Message-id: 20240717060149.204788-3-richard.henderson@linaro.org
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2374
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 207d30b5fdb5b45a36f26eefcf52fe2c1714dd4f)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ target/arm/tcg/translate-sme.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
+index 46c7fce8b4..185a8a917b 100644
+--- a/target/arm/tcg/translate-sme.c
++++ b/target/arm/tcg/translate-sme.c
+@@ -304,6 +304,7 @@ static bool do_outprod(DisasContext *s, arg_op *a, MemOp esz,
+ }
+ 
+ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
++                            ARMFPStatusFlavour e_fpst,
+                             gen_helper_gvec_5_ptr *fn)
+ {
+     int svl = streaming_vec_reg_size(s);
+@@ -319,15 +320,18 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
+     zm = vec_full_reg_ptr(s, a->zm);
+     pn = pred_full_reg_ptr(s, a->pn);
+     pm = pred_full_reg_ptr(s, a->pm);
+-    fpst = fpstatus_ptr(FPST_FPCR);
++    fpst = fpstatus_ptr(e_fpst);
+ 
+     fn(za, zn, zm, pn, pm, fpst, tcg_constant_i32(desc));
+     return true;
+ }
+ 
+-TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_h)
+-TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_s)
+-TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, MO_64, gen_helper_sme_fmopa_d)
++TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a,
++           MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h)
++TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a,
++           MO_32, FPST_FPCR, gen_helper_sme_fmopa_s)
++TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a,
++           MO_64, FPST_FPCR, gen_helper_sme_fmopa_d)
+ 
+ /* TODO: FEAT_EBF16 */
+ TRANS_FEAT(BFMOPA, aa64_sme, do_outprod, a, MO_32, gen_helper_sme_bfmopa)

debian/patches/extra/0014-scsi-fix-regression-and-honor-bootindex-again-for-le.patch

@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner@proxmox.com>
+Date: Wed, 10 Jul 2024 17:25:29 +0200
+Subject: [PATCH] scsi: fix regression and honor bootindex again for legacy
+ drives
+
+Commit 3089637461 ("scsi: Don't ignore most usb-storage properties")
+removed the call to object_property_set_int() and thus the 'set'
+method for the bootindex property was also not called anymore. Here
+that method is device_set_bootindex() (as configured by
+scsi_dev_instance_init() -> device_add_bootindex_property()) which as
+a side effect registers the device via add_boot_device_path().
+
+As reported by a downstream user [0], the bootindex property did not
+have the desired effect anymore for legacy drives. Fix the regression
+by explicitly calling the add_boot_device_path() function after
+checking that the bootindex is not yet used (to avoid
+add_boot_device_path() calling exit()).
+
+[0]: https://forum.proxmox.com/threads/149772/post-679433
+
+Cc: qemu-stable@nongnu.org
+Fixes: 3089637461 ("scsi: Don't ignore most usb-storage properties")
+Suggested-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+Link: https://lore.kernel.org/r/20240710152529.1737407-1-f.ebner@proxmox.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 57a8a80d1a5b28797b21d30bfc60601945820e51)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/scsi/scsi-bus.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
+index 9e40b0c920..53eff5dd3d 100644
+--- a/hw/scsi/scsi-bus.c
++++ b/hw/scsi/scsi-bus.c
+@@ -384,6 +384,7 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
+     DeviceState *dev;
+     SCSIDevice *s;
+     DriveInfo *dinfo;
++    Error *local_err = NULL;
+ 
+     if (blk_is_sg(blk)) {
+         driver = "scsi-generic";
+@@ -403,6 +404,14 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
+     s = SCSI_DEVICE(dev);
+     s->conf = *conf;
+ 
++    check_boot_index(conf->bootindex, &local_err);
++    if (local_err) {
++        object_unparent(OBJECT(dev));
++        error_propagate(errp, local_err);
++        return NULL;
++    }
++    add_boot_device_path(conf->bootindex, dev, NULL);
++
+     qdev_prop_set_uint32(dev, "scsi-id", unit);
+     if (object_property_find(OBJECT(dev), "removable")) {
+         qdev_prop_set_bit(dev, "removable", removable);

debian/patches/extra/0014-target-arm-Restrict-translation-disabled-alignment-c.patch

@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Mon, 22 Apr 2024 10:07:22 -0700
-Subject: [PATCH] target/arm: Restrict translation disabled alignment check to
- VMSA
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-For cpus using PMSA, when the MPU is disabled, the default memory
-type is Normal, Non-cachable. This means that it should not
-have alignment restrictions enforced.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 59754f85ed3 ("target/arm: Do memory type alignment check when translation disabled")
-Reported-by: Clément Chigot <chigot@adacore.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Tested-by: Clément Chigot <chigot@adacore.com>
-Message-id: 20240422170722.117409-1-richard.henderson@linaro.org
-[PMM: trivial comment, commit message tweaks]
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-(cherry picked from commit 7b19a3554d2df22d29c75319a1dac17615d1b20e)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/hflags.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c
-index 5da1b0fc1d..f03977b4b0 100644
---- a/target/arm/tcg/hflags.c
-+++ b/target/arm/tcg/hflags.c
-@@ -38,8 +38,16 @@ static bool aprofile_require_alignment(CPUARMState *env, int el, uint64_t sctlr)
-     }
- 
-     /*
--     * If translation is disabled, then the default memory type is
--     * Device(-nGnRnE) instead of Normal, which requires that alignment
-+     * With PMSA, when the MPU is disabled, all memory types in the
-+     * default map are Normal, so don't need aligment enforcing.
-+     */
-+    if (arm_feature(env, ARM_FEATURE_PMSA)) {
-+        return false;
-+    }
-+
-+    /*
-+     * With VMSA, if translation is disabled, then the default memory type
-+     * is Device(-nGnRnE) instead of Normal, which requires that alignment
-      * be enforced.  Since this affects all ram, it is most efficient
-      * to handle this during translation.
-      */

debian/patches/extra/0015-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch

@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner@proxmox.com>
+Date: Mon, 15 Jul 2024 15:14:03 +0200
+Subject: [PATCH] hw/scsi/lsi53c895a: bump instruction limit in scripts
+ processing to fix regression
+
+Commit 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts
+processing") reduced the maximum allowed instruction count by
+a factor of 100 all the way down to 100.
+
+This causes the "Check Point R81.20 Gaia" appliance [0] to fail to
+boot after fully finishing the installation via the appliance's web
+interface (there is already one reboot before that).
+
+With a limit of 150, the appliance still fails to boot, while with a
+limit of 200, it works. Bump to 500 to fix the regression and be on
+the safe side.
+
+Originally reported in the Proxmox community forum[1].
+
+[0]: https://support.checkpoint.com/results/download/124397
+[1]: https://forum.proxmox.com/threads/149772/post-683459
+
+Cc: qemu-stable@nongnu.org
+Fixes: 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts processing")
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+Acked-by: Sven Schnelle <svens@stackframe.org>
+Link: https://lore.kernel.org/r/20240715131403.223239-1-f.ebner@proxmox.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit a4975023fb13cf229bd59c9ceec1b8cbdc5b9a20)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/scsi/lsi53c895a.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index eb9828dd5e..f1935e5328 100644
+--- a/hw/scsi/lsi53c895a.c
++++ b/hw/scsi/lsi53c895a.c
+@@ -188,7 +188,7 @@ static const char *names[] = {
+ #define LSI_TAG_VALID     (1 << 16)
+ 
+ /* Maximum instructions to process. */
+-#define LSI_MAX_INSN    100
++#define LSI_MAX_INSN    500
+ 
+ typedef struct lsi_request {
+     SCSIRequest *req;

debian/patches/extra/0015-target-i386-Give-IRQs-a-chance-when-resetting-HF_INH.patch

@@ -1,80 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ruihan Li <lrh2000@pku.edu.cn>
-Date: Mon, 15 Apr 2024 14:45:21 +0800
-Subject: [PATCH] target/i386: Give IRQs a chance when resetting
- HF_INHIBIT_IRQ_MASK
-
-When emulated with QEMU, interrupts will never come in the following
-loop. However, if the NOP instruction is uncommented, interrupts will
-fire as normal.
-
-	loop:
-		cli
-    		call do_sti
-		jmp loop
-
-	do_sti:
-		sti
-		# nop
-		ret
-
-This behavior is different from that of a real processor. For example,
-if KVM is enabled, interrupts will always fire regardless of whether the
-NOP instruction is commented or not. Also, the Intel Software Developer
-Manual states that after the STI instruction is executed, the interrupt
-inhibit should end as soon as the next instruction (e.g., the RET
-instruction if the NOP instruction is commented) is executed.
-
-This problem is caused because the previous code may choose not to end
-the TB even if the HF_INHIBIT_IRQ_MASK has just been reset (e.g., in the
-case where the STI instruction is immediately followed by the RET
-instruction), so that IRQs may not have a change to trigger. This commit
-fixes the problem by always terminating the current TB to give IRQs a
-chance to trigger when HF_INHIBIT_IRQ_MASK is reset.
-
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
-Message-ID: <20240415064518.4951-4-lrh2000@pku.edu.cn>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 6a5a63f74ba5c5355b7a8468d3d814bfffe928fb)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/translate.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index 3e949fe964..b5ebff2c89 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -2798,13 +2798,17 @@ static void gen_bnd_jmp(DisasContext *s)
- static void
- do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
- {
-+    bool inhibit_reset;
-+
-     gen_update_cc_op(s);
- 
-     /* If several instructions disable interrupts, only the first does it.  */
--    if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
--        gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
--    } else {
-+    inhibit_reset = false;
-+    if (s->flags & HF_INHIBIT_IRQ_MASK) {
-         gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
-+        inhibit_reset = true;
-+    } else if (inhibit) {
-+        gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
-     }
- 
-     if (s->base.tb->flags & HF_RF_MASK) {
-@@ -2815,7 +2819,9 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
-         tcg_gen_exit_tb(NULL, 0);
-     } else if (s->flags & HF_TF_MASK) {
-         gen_helper_single_step(tcg_env);
--    } else if (jr) {
-+    } else if (jr &&
-+               /* give irqs a chance to happen */
-+               !inhibit_reset) {
-         tcg_gen_lookup_and_goto_ptr();
-     } else {
-         tcg_gen_exit_tb(NULL, 0);

debian/patches/extra/0016-block-copy-Fix-missing-graph-lock.patch

@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Thu, 27 Jun 2024 20:12:44 +0200
+Subject: [PATCH] block-copy: Fix missing graph lock
+
+The graph lock needs to be held when calling bdrv_co_pdiscard(). Fix
+block_copy_task_entry() to take it for the call.
+
+WITH_GRAPH_RDLOCK_GUARD() was implemented in a weak way because of
+limitations in clang's Thread Safety Analysis at the time, so that it
+only asserts that the lock is held (which allows calling functions that
+require the lock), but we never deal with the unlocking (so even after
+the scope of the guard, the compiler assumes that the lock is still
+held). This is why the compiler didn't catch this locking error.
+
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+(picked from https://lore.kernel.org/qemu-devel/20240627181245.281403-2-kwolf@redhat.com/)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ block/block-copy.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/block/block-copy.c b/block/block-copy.c
+index 7e3b378528..cc618e4561 100644
+--- a/block/block-copy.c
++++ b/block/block-copy.c
+@@ -595,7 +595,9 @@ static coroutine_fn int block_copy_task_entry(AioTask *task)
+     if (s->discard_source && ret == 0) {
+         int64_t nbytes =
+             MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset;
+-        bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
++        WITH_GRAPH_RDLOCK_GUARD() {
++            bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
++        }
+     }
+ 
+     return ret;

debian/patches/extra/0016-target-i386-hyper-v-Correct-kvm_hv_handle_exit-retur.patch

@@ -1,60 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: donsheng <dongsheng.x.zhang@intel.com>
-Date: Wed, 22 May 2024 04:01:14 +0800
-Subject: [PATCH] target-i386: hyper-v: Correct kvm_hv_handle_exit return value
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This bug fix addresses the incorrect return value of kvm_hv_handle_exit for
-KVM_EXIT_HYPERV_SYNIC, which should be EXCP_INTERRUPT.
-
-Handling of KVM_EXIT_HYPERV_SYNIC in QEMU needs to be synchronous.
-This means that async_synic_update should run in the current QEMU vCPU
-thread before returning to KVM, returning EXCP_INTERRUPT to guarantee this.
-Returning 0 can cause async_synic_update to run asynchronously.
-
-One problem (kvm-unit-tests's hyperv_synic test fails with timeout error)
-caused by this bug:
-
-When a guest VM writes to the HV_X64_MSR_SCONTROL MSR to enable Hyper-V SynIC,
-a VM exit is triggered and processed by the kvm_hv_handle_exit function of the
-QEMU vCPU. This function then calls the async_synic_update function to set
-synic->sctl_enabled to true. A true value of synic->sctl_enabled is required
-before creating SINT routes using the hyperv_sint_route_new() function.
-
-If kvm_hv_handle_exit returns 0 for KVM_EXIT_HYPERV_SYNIC, the current QEMU
-vCPU thread may return to KVM and enter the guest VM before running
-async_synic_update. In such case, the hyperv_synic test’s subsequent call to
-synic_ctl(HV_TEST_DEV_SINT_ROUTE_CREATE, ...) immediately after writing to
-HV_X64_MSR_SCONTROL can cause QEMU’s hyperv_sint_route_new() function to return
-prematurely (because synic->sctl_enabled is false).
-
-If the SINT route is not created successfully, the SINT interrupt will not be
-fired, resulting in a timeout error in the hyperv_synic test.
-
-Fixes: 267e071bd6d6 (“hyperv: make overlay pages for SynIC”)
-Suggested-by: Chao Gao <chao.gao@intel.com>
-Signed-off-by: Dongsheng Zhang <dongsheng.x.zhang@intel.com>
-Message-ID: <20240521200114.11588-1-dongsheng.x.zhang@intel.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 84d4b72854869821eb89813c195927fdd3078c12)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/kvm/hyperv.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c
-index f2a3fe650a..b94f12acc2 100644
---- a/target/i386/kvm/hyperv.c
-+++ b/target/i386/kvm/hyperv.c
-@@ -81,7 +81,7 @@ int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit)
-          */
-         async_safe_run_on_cpu(CPU(cpu), async_synic_update, RUN_ON_CPU_NULL);
- 
--        return 0;
-+        return EXCP_INTERRUPT;
-     case KVM_EXIT_HYPERV_HCALL: {
-         uint16_t code = exit->u.hcall.input & 0xffff;
-         bool fast = exit->u.hcall.input & HV_HYPERCALL_FAST;

debian/patches/extra/0017-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch

@@ -0,0 +1,93 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Sergey Dyasli <sergey.dyasli@nutanix.com>
+Date: Fri, 12 Jul 2024 09:26:59 +0000
+Subject: [PATCH] Revert "qemu-char: do not operate on sources from finalize
+ callbacks"
+
+This reverts commit 2b316774f60291f57ca9ecb6a9f0712c532cae34.
+
+After 038b4217884c ("Revert "chardev: use a child source for qio input
+source"") we've been observing the "iwp->src == NULL" assertion
+triggering periodically during the initial capabilities querying by
+libvirtd. One of possible backtraces:
+
+Thread 1 (Thread 0x7f16cd4f0700 (LWP 43858)):
+0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
+1  0x00007f16c6c21e65 in __GI_abort () at abort.c:79
+2  0x00007f16c6c21d39 in __assert_fail_base  at assert.c:92
+3  0x00007f16c6c46e86 in __GI___assert_fail (assertion=assertion@entry=0x562e9bcdaadd "iwp->src == NULL", file=file@entry=0x562e9bcdaac8 "../chardev/char-io.c", line=line@entry=99, function=function@entry=0x562e9bcdab10 <__PRETTY_FUNCTION__.20549> "io_watch_poll_finalize") at assert.c:101
+4  0x0000562e9ba20c2c in io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:99
+5  io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:88
+6  0x00007f16c904aae0 in g_source_unref_internal () from /lib64/libglib-2.0.so.0
+7  0x00007f16c904baf9 in g_source_destroy_internal () from /lib64/libglib-2.0.so.0
+8  0x0000562e9ba20db0 in io_remove_watch_poll (source=0x562e9d6720b0) at ../chardev/char-io.c:147
+9  remove_fd_in_watch (chr=chr@entry=0x562e9d5f3800) at ../chardev/char-io.c:153
+10 0x0000562e9ba23ffb in update_ioc_handlers (s=0x562e9d5f3800) at ../chardev/char-socket.c:592
+11 0x0000562e9ba2072f in qemu_chr_fe_set_handlers_full at ../chardev/char-fe.c:279
+12 0x0000562e9ba207a9 in qemu_chr_fe_set_handlers at ../chardev/char-fe.c:304
+13 0x0000562e9ba2ca75 in monitor_qmp_setup_handlers_bh (opaque=0x562e9d4c2c60) at ../monitor/qmp.c:509
+14 0x0000562e9bb6222e in aio_bh_poll (ctx=ctx@entry=0x562e9d4c2f20) at ../util/async.c:216
+15 0x0000562e9bb4de0a in aio_poll (ctx=0x562e9d4c2f20, blocking=blocking@entry=true) at ../util/aio-posix.c:722
+16 0x0000562e9b99dfaa in iothread_run (opaque=0x562e9d4c26f0) at ../iothread.c:63
+17 0x0000562e9bb505a4 in qemu_thread_start (args=0x562e9d4c7ea0) at ../util/qemu-thread-posix.c:543
+18 0x00007f16c70081ca in start_thread (arg=<optimized out>) at pthread_create.c:479
+19 0x00007f16c6c398d3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
+
+io_remove_watch_poll(), which makes sure that iwp->src is NULL, calls
+g_source_destroy() which finds that iwp->src is not NULL in the finalize
+callback. This can only happen if another thread has managed to trigger
+io_watch_poll_prepare() callback in the meantime.
+
+Move iwp->src destruction back to the finalize callback to prevent the
+described race, and also remove the stale comment. The deadlock glib bug
+was fixed back in 2010 by b35820285668 ("gmain: move finalization of
+GSource outside of context lock").
+
+Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Sergey Dyasli <sergey.dyasli@nutanix.com>
+Link: https://lore.kernel.org/r/20240712092659.216206-1-sergey.dyasli@nutanix.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit e0bf95443ee9326d44031373420cf9f3513ee255)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ chardev/char-io.c | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+diff --git a/chardev/char-io.c b/chardev/char-io.c
+index dab77b112e..3be17b51ca 100644
+--- a/chardev/char-io.c
++++ b/chardev/char-io.c
+@@ -87,16 +87,12 @@ static gboolean io_watch_poll_dispatch(GSource *source, GSourceFunc callback,
+ 
+ static void io_watch_poll_finalize(GSource *source)
+ {
+-    /*
+-     * Due to a glib bug, removing the last reference to a source
+-     * inside a finalize callback causes recursive locking (and a
+-     * deadlock).  This is not a problem inside other callbacks,
+-     * including dispatch callbacks, so we call io_remove_watch_poll
+-     * to remove this source.  At this point, iwp->src must
+-     * be NULL, or we would leak it.
+-     */
+     IOWatchPoll *iwp = io_watch_poll_from_source(source);
+-    assert(iwp->src == NULL);
++    if (iwp->src) {
++        g_source_destroy(iwp->src);
++        g_source_unref(iwp->src);
++        iwp->src = NULL;
++    }
+ }
+ 
+ static GSourceFuncs io_watch_poll_funcs = {
+@@ -139,11 +135,6 @@ static void io_remove_watch_poll(GSource *source)
+     IOWatchPoll *iwp;
+ 
+     iwp = io_watch_poll_from_source(source);
+-    if (iwp->src) {
+-        g_source_destroy(iwp->src);
+-        g_source_unref(iwp->src);
+-        iwp->src = NULL;
+-    }
+     g_source_destroy(&iwp->parent);
+ }
+ 

debian/patches/extra/0017-target-i386-disable-jmp_opt-if-EFLAGS.RF-is-1.patch

@@ -1,31 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 24 May 2024 17:17:47 +0200
-Subject: [PATCH] target/i386: disable jmp_opt if EFLAGS.RF is 1
-
-If EFLAGS.RF is 1, special processing in gen_eob_worker() is needed and
-therefore goto_tb cannot be used.
-
-Suggested-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 8225bff7c5db504f50e54ef66b079854635dba70)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/translate.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index b5ebff2c89..c2c5e73b3f 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -6971,7 +6971,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
-     dc->cpuid_7_1_eax_features = env->features[FEAT_7_1_EAX];
-     dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
-     dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
--                    (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
-+                    (flags & (HF_RF_MASK | HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
-     /*
-      * If jmp_opt, we want to handle each string instruction individually.
-      * For icount also disable repz optimization so that each iteration

debian/patches/extra/0018-target-i386-no-single-step-exception-after-MOV-or-PO.patch

@@ -1,30 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Sat, 25 May 2024 10:03:22 +0200
-Subject: [PATCH] target/i386: no single-step exception after MOV or POP SS
-
-Intel SDM 18.3.1.4 "If an occurrence of the MOV or POP instruction
-loads the SS register executes with EFLAGS.TF = 1, no single-step debug
-exception occurs following the MOV or POP instruction."
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit f0f0136abba688a6516647a79cc91e03fad6d5d7)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/translate.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
-index c2c5e73b3f..a55df176c6 100644
---- a/target/i386/tcg/translate.c
-+++ b/target/i386/tcg/translate.c
-@@ -2817,7 +2817,7 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
-     if (recheck_tf) {
-         gen_helper_rechecking_single_step(tcg_env);
-         tcg_gen_exit_tb(NULL, 0);
--    } else if (s->flags & HF_TF_MASK) {
-+    } else if ((s->flags & HF_TF_MASK) && !inhibit) {
-         gen_helper_single_step(tcg_env);
-     } else if (jr &&
-                /* give irqs a chance to happen */

debian/patches/extra/0019-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch

@@ -1,107 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Tue, 2 Jul 2024 18:39:40 +0200
-Subject: [PATCH] qcow2: Don't open data_file with BDRV_O_NO_IO
-
-One use case for 'qemu-img info' is verifying that untrusted images
-don't reference an unwanted external file, be it as a backing file or an
-external data file. To make sure that calling 'qemu-img info' can't
-already have undesired side effects with a malicious image, just don't
-open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
-I/O, we don't need to have it open.
-
-This changes the output of iotests case 061, which used 'qemu-img info'
-to show that opening an image with an invalid data file fails. After
-this patch, it succeeds. Replace this part of the test with a qemu-io
-call, but keep the final 'qemu-img info' to show that the invalid data
-file is correctly displayed in the output.
-
-Fixes: CVE-2024-4467
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-(picked from https://lore.kernel.org/qemu-devel/20240702163943.276618-2-kwolf@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/qcow2.c              | 17 ++++++++++++++++-
- tests/qemu-iotests/061     |  6 ++++--
- tests/qemu-iotests/061.out |  8 ++++++--
- 3 files changed, 26 insertions(+), 5 deletions(-)
-
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 956128b409..4c78665bcb 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -1636,7 +1636,22 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
-         goto fail;
-     }
- 
--    if (open_data_file) {
-+    if (open_data_file && (flags & BDRV_O_NO_IO)) {
-+        /*
-+         * Don't open the data file for 'qemu-img info' so that it can be used
-+         * to verify that an untrusted qcow2 image doesn't refer to external
-+         * files.
-+         *
-+         * Note: This still makes has_data_file() return true.
-+         */
-+        if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
-+            s->data_file = NULL;
-+        } else {
-+            s->data_file = bs->file;
-+        }
-+        qdict_extract_subqdict(options, NULL, "data-file.");
-+        qdict_del(options, "data-file");
-+    } else if (open_data_file) {
-         /* Open external data file */
-         bdrv_graph_co_rdunlock();
-         s->data_file = bdrv_co_open_child(NULL, options, "data-file", bs,
-diff --git a/tests/qemu-iotests/061 b/tests/qemu-iotests/061
-index 53c7d428e3..b71ac097d1 100755
---- a/tests/qemu-iotests/061
-+++ b/tests/qemu-iotests/061
-@@ -326,12 +326,14 @@ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
- echo
- _make_test_img -o "compat=1.1,data_file=$TEST_IMG.data" 64M
- $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
--_img_info --format-specific
-+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
-+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
- TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
- 
- echo
- $QEMU_IMG amend -o "data_file=" --image-opts "data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG"
--_img_info --format-specific
-+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
-+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
- TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
- 
- echo
-diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out
-index 139fc68177..24c33add7c 100644
---- a/tests/qemu-iotests/061.out
-+++ b/tests/qemu-iotests/061.out
-@@ -545,7 +545,9 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
- qemu-img: data-file can only be set for images that use an external data file
- 
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 data_file=TEST_DIR/t.IMGFMT.data
--qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'foo': No such file or directory
-+qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'foo': No such file or directory
-+read 4096/4096 bytes at offset 0
-+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- image: TEST_DIR/t.IMGFMT
- file format: IMGFMT
- virtual size: 64 MiB (67108864 bytes)
-@@ -560,7 +562,9 @@ Format specific information:
-     corrupt: false
-     extended l2: false
- 
--qemu-img: Could not open 'TEST_DIR/t.IMGFMT': 'data-file' is required for this image
-+qemu-io: can't open device TEST_DIR/t.IMGFMT: 'data-file' is required for this image
-+read 4096/4096 bytes at offset 0
-+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- image: TEST_DIR/t.IMGFMT
- file format: IMGFMT
- virtual size: 64 MiB (67108864 bytes)

debian/patches/extra/0020-block-Parse-filenames-only-when-explicitly-requested.patch

@@ -1,241 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Tue, 2 Jul 2024 18:39:43 +0200
-Subject: [PATCH] block: Parse filenames only when explicitly requested
-
-When handling image filenames from legacy options such as -drive or from
-tools, these filenames are parsed for protocol prefixes, including for
-the json:{} pseudo-protocol.
-
-This behaviour is intended for filenames that come directly from the
-command line and for backing files, which may come from the image file
-itself. Higher level management tools generally take care to verify that
-untrusted images don't contain a bad (or any) backing file reference;
-'qemu-img info' is a suitable tool for this.
-
-However, for other files that can be referenced in images, such as
-qcow2 data files or VMDK extents, the string from the image file is
-usually not verified by management tools - and 'qemu-img info' wouldn't
-be suitable because in contrast to backing files, it already opens these
-other referenced files. So here the string should be interpreted as a
-literal local filename. More complex configurations need to be specified
-explicitly on the command line or in QMP.
-
-This patch changes bdrv_open_inherit() so that it only parses filenames
-if a new parameter parse_filename is true. It is set for the top level
-in bdrv_open(), for the file child and for the backing file child. All
-other callers pass false and disable filename parsing this way.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-(picked from https://lore.kernel.org/qemu-devel/20240702163943.276618-5-kwolf@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block.c | 90 ++++++++++++++++++++++++++++++++++++---------------------
- 1 file changed, 57 insertions(+), 33 deletions(-)
-
-diff --git a/block.c b/block.c
-index 468cf5e67d..50bdd197b7 100644
---- a/block.c
-+++ b/block.c
-@@ -86,6 +86,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
-                                            BlockDriverState *parent,
-                                            const BdrvChildClass *child_class,
-                                            BdrvChildRole child_role,
-+                                           bool parse_filename,
-                                            Error **errp);
- 
- static bool bdrv_recurse_has_child(BlockDriverState *bs,
-@@ -2058,7 +2059,8 @@ static void parse_json_protocol(QDict *options, const char **pfilename,
-  * block driver has been specified explicitly.
-  */
- static int bdrv_fill_options(QDict **options, const char *filename,
--                             int *flags, Error **errp)
-+                             int *flags, bool allow_parse_filename,
-+                             Error **errp)
- {
-     const char *drvname;
-     bool protocol = *flags & BDRV_O_PROTOCOL;
-@@ -2100,7 +2102,7 @@ static int bdrv_fill_options(QDict **options, const char *filename,
-     if (protocol && filename) {
-         if (!qdict_haskey(*options, "filename")) {
-             qdict_put_str(*options, "filename", filename);
--            parse_filename = true;
-+            parse_filename = allow_parse_filename;
-         } else {
-             error_setg(errp, "Can't specify 'file' and 'filename' options at "
-                              "the same time");
-@@ -3663,7 +3665,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
-     }
- 
-     backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
--                                   &child_of_bds, bdrv_backing_role(bs), errp);
-+                                   &child_of_bds, bdrv_backing_role(bs), true,
-+                                   errp);
-     if (!backing_hd) {
-         bs->open_flags |= BDRV_O_NO_BACKING;
-         error_prepend(errp, "Could not open backing file: ");
-@@ -3697,7 +3700,8 @@ free_exit:
- static BlockDriverState *
- bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
-                    BlockDriverState *parent, const BdrvChildClass *child_class,
--                   BdrvChildRole child_role, bool allow_none, Error **errp)
-+                   BdrvChildRole child_role, bool allow_none,
-+                   bool parse_filename, Error **errp)
- {
-     BlockDriverState *bs = NULL;
-     QDict *image_options;
-@@ -3728,7 +3732,8 @@ bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
-     }
- 
-     bs = bdrv_open_inherit(filename, reference, image_options, 0,
--                           parent, child_class, child_role, errp);
-+                           parent, child_class, child_role, parse_filename,
-+                           errp);
-     if (!bs) {
-         goto done;
-     }
-@@ -3738,6 +3743,33 @@ done:
-     return bs;
- }
- 
-+static BdrvChild *bdrv_open_child_common(const char *filename,
-+                                         QDict *options, const char *bdref_key,
-+                                         BlockDriverState *parent,
-+                                         const BdrvChildClass *child_class,
-+                                         BdrvChildRole child_role,
-+                                         bool allow_none, bool parse_filename,
-+                                         Error **errp)
-+{
-+    BlockDriverState *bs;
-+    BdrvChild *child;
-+
-+    GLOBAL_STATE_CODE();
-+
-+    bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
-+                            child_role, allow_none, parse_filename, errp);
-+    if (bs == NULL) {
-+        return NULL;
-+    }
-+
-+    bdrv_graph_wrlock();
-+    child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
-+                              errp);
-+    bdrv_graph_wrunlock();
-+
-+    return child;
-+}
-+
- /*
-  * Opens a disk image whose options are given as BlockdevRef in another block
-  * device's options.
-@@ -3761,27 +3793,15 @@ BdrvChild *bdrv_open_child(const char *filename,
-                            BdrvChildRole child_role,
-                            bool allow_none, Error **errp)
- {
--    BlockDriverState *bs;
--    BdrvChild *child;
--
--    GLOBAL_STATE_CODE();
--
--    bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
--                            child_role, allow_none, errp);
--    if (bs == NULL) {
--        return NULL;
--    }
--
--    bdrv_graph_wrlock();
--    child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
--                              errp);
--    bdrv_graph_wrunlock();
--
--    return child;
-+    return bdrv_open_child_common(filename, options, bdref_key, parent,
-+                                  child_class, child_role, allow_none, false,
-+                                  errp);
- }
- 
- /*
-- * Wrapper on bdrv_open_child() for most popular case: open primary child of bs.
-+ * This does mostly the same as bdrv_open_child(), but for opening the primary
-+ * child of a node. A notable difference from bdrv_open_child() is that it
-+ * enables filename parsing for protocol names (including json:).
-  *
-  * @parent can move to a different AioContext in this function.
-  */
-@@ -3796,8 +3816,8 @@ int bdrv_open_file_child(const char *filename,
-     role = parent->drv->is_filter ?
-         (BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY) : BDRV_CHILD_IMAGE;
- 
--    if (!bdrv_open_child(filename, options, bdref_key, parent,
--                         &child_of_bds, role, false, errp))
-+    if (!bdrv_open_child_common(filename, options, bdref_key, parent,
-+                                &child_of_bds, role, false, true, errp))
-     {
-         return -EINVAL;
-     }
-@@ -3842,7 +3862,8 @@ BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
- 
-     }
- 
--    bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
-+    bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, false,
-+                           errp);
-     obj = NULL;
-     qobject_unref(obj);
-     visit_free(v);
-@@ -3932,7 +3953,7 @@ static BlockDriverState * no_coroutine_fn
- bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-                   int flags, BlockDriverState *parent,
-                   const BdrvChildClass *child_class, BdrvChildRole child_role,
--                  Error **errp)
-+                  bool parse_filename, Error **errp)
- {
-     int ret;
-     BlockBackend *file = NULL;
-@@ -3980,9 +4001,11 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-     }
- 
-     /* json: syntax counts as explicit options, as if in the QDict */
--    parse_json_protocol(options, &filename, &local_err);
--    if (local_err) {
--        goto fail;
-+    if (parse_filename) {
-+        parse_json_protocol(options, &filename, &local_err);
-+        if (local_err) {
-+            goto fail;
-+        }
-     }
- 
-     bs->explicit_options = qdict_clone_shallow(options);
-@@ -4007,7 +4030,8 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-                                      parent->open_flags, parent->options);
-     }
- 
--    ret = bdrv_fill_options(&options, filename, &flags, &local_err);
-+    ret = bdrv_fill_options(&options, filename, &flags, parse_filename,
-+                            &local_err);
-     if (ret < 0) {
-         goto fail;
-     }
-@@ -4076,7 +4100,7 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
- 
-         file_bs = bdrv_open_child_bs(filename, options, "file", bs,
-                                      &child_of_bds, BDRV_CHILD_IMAGE,
--                                     true, &local_err);
-+                                     true, true, &local_err);
-         if (local_err) {
-             goto fail;
-         }
-@@ -4225,7 +4249,7 @@ BlockDriverState *bdrv_open(const char *filename, const char *reference,
-     GLOBAL_STATE_CODE();
- 
-     return bdrv_open_inherit(filename, reference, options, flags, NULL,
--                             NULL, 0, errp);
-+                             NULL, 0, true, errp);
- }
- 
- /* Return true if the NULL-terminated @list contains @str */

debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch

@@ -5,12 +5,13 @@ Subject: [PATCH] PVE: block: add the zeroinit block driver filter
 
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 [FE: adapt to changed function signatures
-     adhere to block graph lock requirements]
+     adhere to block graph lock requirements
+     use dedicated function to open file child]
 Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
 ---
  block/meson.build |   1 +
- block/zeroinit.c  | 214 ++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 215 insertions(+)
+ block/zeroinit.c  | 207 ++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 208 insertions(+)
  create mode 100644 block/zeroinit.c
 
 diff --git a/block/meson.build b/block/meson.build
@@ -27,10 +28,10 @@ index e1f03fd773..b530e117b5 100644
  system_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
 diff --git a/block/zeroinit.c b/block/zeroinit.c
 new file mode 100644
-index 0000000000..696558d8d6
+index 0000000000..7998c9332d
 --- /dev/null
 +++ b/block/zeroinit.c
-@@ -0,0 +1,214 @@
+@@ -0,0 +1,207 @@
 +/*
 + * Filter to fake a zero-initialized block device.
 + *
@@ -96,7 +97,6 @@ index 0000000000..696558d8d6
 +                          Error **errp)
 +{
 +    BDRVZeroinitState *s = bs->opaque;
-+    BdrvChild *file = NULL;
 +    QemuOpts *opts;
 +    Error *local_err = NULL;
 +    int ret;
@@ -112,15 +112,9 @@ index 0000000000..696558d8d6
 +    }
 +
 +    /* Open the raw file */
-+    file = bdrv_open_child(qemu_opt_get(opts, "x-next"), options, "next", bs,
-+                           &child_of_bds,
-+                           BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, false,
-+                           &local_err);
-+    bdrv_graph_wrlock();
-+    bs->file = file;
-+    bdrv_graph_wrunlock();
-+    if (local_err) {
-+        ret = -EINVAL;
++    ret = bdrv_open_file_child(qemu_opt_get(opts, "x-next"), options, "next",
++                               bs, &local_err);
++    if (ret < 0) {
 +        error_propagate(errp, local_err);
 +        goto fail;
 +    }

debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch

@@ -119,7 +119,7 @@ index 43bc0bd520..60e98c87f1 100644
      };
      return raw_co_create(&options, errp);
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 45ab548dfe..f7c2b63c5d 100644
+index 905da8be72..3db587a6e4 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -4956,6 +4956,10 @@

debian/patches/pve/0026-block-backup-move-bcs-bitmap-initialization-to-job-c.patch

@@ -25,7 +25,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/block/backup.c b/block/backup.c
-index ec29d6b810..270957c0cd 100644
+index 3dd2e229d2..eba5b11493 100644
 --- a/block/backup.c
 +++ b/block/backup.c
 @@ -237,8 +237,8 @@ static void backup_init_bcs_bitmap(BackupBlockJob *job)
@@ -48,7 +48,7 @@ index ec29d6b810..270957c0cd 100644
      if (s->sync_mode == MIRROR_SYNC_MODE_TOP) {
          int64_t offset = 0;
          int64_t count;
-@@ -501,6 +499,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -502,6 +500,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
                         &error_abort);
      bdrv_graph_wrunlock();
  

debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch

@@ -199,7 +199,7 @@ index 0000000000..e46abf1070
 +    return bs;
 +}
 diff --git a/block/backup.c b/block/backup.c
-index 270957c0cd..16d611c4ca 100644
+index eba5b11493..1963e47ab9 100644
 --- a/block/backup.c
 +++ b/block/backup.c
 @@ -29,28 +29,6 @@
@@ -231,7 +231,7 @@ index 270957c0cd..16d611c4ca 100644
  static const BlockJobDriver backup_job_driver;
  
  static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret)
-@@ -461,6 +439,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -462,6 +440,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
      }
  
      cluster_size = block_copy_cluster_size(bcs);

debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch

@@ -167,7 +167,7 @@ index d954bec6f1..5000c084c5 100644
 +    hmp_handle_error(mon, error);
 +}
 diff --git a/blockdev.c b/blockdev.c
-index d27d8c38ec..5e5dbc1da9 100644
+index ed8198f351..1054a69279 100644
 --- a/blockdev.c
 +++ b/blockdev.c
 @@ -37,6 +37,7 @@
@@ -1683,7 +1683,7 @@ index 0000000000..c755bf302b
 +    return ret;
 +}
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index f7c2b63c5d..e49c7b5bc9 100644
+index 3db587a6e4..d05fffce1d 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -851,6 +851,239 @@

debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch

@@ -368,7 +368,7 @@ index 6de51c34cb..3bc039f60f 100644
  summary_info += {'libdaxctl support': libdaxctl}
  summary_info += {'libudev':           libudev}
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index e49c7b5bc9..fc32ff9957 100644
+index d05fffce1d..e7cf3d94f3 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -3457,6 +3457,7 @@

debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch

@@ -186,7 +186,7 @@ index c755bf302b..5ebb6a3947 100644
      ret->pbs_masterkey = true;
      ret->backup_max_workers = true;
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index fc32ff9957..f516d8e95a 100644
+index e7cf3d94f3..282e2e8a8c 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -1004,6 +1004,11 @@

debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch

@@ -25,7 +25,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  4 files changed, 23 insertions(+), 6 deletions(-)
 
 diff --git a/block/block-copy.c b/block/block-copy.c
-index 7e3b378528..adb1cbb440 100644
+index cc618e4561..12d662e9d4 100644
 --- a/block/block-copy.c
 +++ b/block/block-copy.c
 @@ -310,6 +310,7 @@ void block_copy_set_copy_opts(BlockCopyState *s, bool use_copy_range,
@@ -108,10 +108,10 @@ index bdc703bacd..77857c6c68 100644
  
  /* Function should be called prior any actual copy request */
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index d796d49abb..edbf6e78b9 100644
+index 282e2e8a8c..9caf04cbe9 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
-@@ -4930,12 +4930,18 @@
+@@ -4926,12 +4926,18 @@
  #     @on-cbw-error parameter will decide how this failure is handled.
  #     Default 0.  (Since 7.1)
  #

debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch

@@ -82,7 +82,7 @@ index 1054a69279..cbe224387b 100644
  
      if ((backup->sync == MIRROR_SYNC_MODE_BITMAP) ||
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index edbf6e78b9..6e7ee87633 100644
+index 9caf04cbe9..df934647ed 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -1790,11 +1790,16 @@

debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch

@@ -294,7 +294,7 @@ index 5ebb6a3947..a747d12d3d 100644
      return ret;
  }
 diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 6e7ee87633..dc5f75cd39 100644
+index df934647ed..ff441d4258 100644
 --- a/qapi/block-core.json
 +++ b/qapi/block-core.json
 @@ -948,6 +948,10 @@

debian/patches/series

@@ -3,21 +3,18 @@ extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
 extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
 extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
 extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
-extra/0006-virtio-gpu-fix-v2-migration.patch
-extra/0007-hw-pflash-fix-block-write-start.patch
-extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch
-extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch
-extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch
-extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch
-extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch
-extra/0013-Revert-monitor-use-aio_co_reschedule_self.patch
-extra/0014-target-arm-Restrict-translation-disabled-alignment-c.patch
-extra/0015-target-i386-Give-IRQs-a-chance-when-resetting-HF_INH.patch
-extra/0016-target-i386-hyper-v-Correct-kvm_hv_handle_exit-retur.patch
-extra/0017-target-i386-disable-jmp_opt-if-EFLAGS.RF-is-1.patch
-extra/0018-target-i386-no-single-step-exception-after-MOV-or-PO.patch
-extra/0019-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch
-extra/0020-block-Parse-filenames-only-when-explicitly-requested.patch
+extra/0006-Revert-virtio-pci-fix-use-of-a-released-vector.patch
+extra/0007-block-copy-before-write-fix-permission.patch
+extra/0008-block-copy-before-write-support-unligned-snapshot-di.patch
+extra/0009-block-copy-before-write-create-block_copy-bitmap-in-.patch
+extra/0010-qapi-blockdev-backup-add-discard-source-parameter.patch
+extra/0011-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
+extra/0012-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
+extra/0013-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
+extra/0014-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
+extra/0015-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
+extra/0016-block-copy-Fix-missing-graph-lock.patch
+extra/0017-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
 bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
 bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
 bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -67,11 +64,8 @@ pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
 pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
 pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
 pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
-pve/0044-block-copy-before-write-fix-permission.patch
-pve/0045-block-copy-before-write-support-unligned-snapshot-di.patch
-pve/0046-block-copy-before-write-create-block_copy-bitmap-in-.patch
-pve/0047-qapi-blockdev-backup-add-discard-source-parameter.patch
-pve/0048-copy-before-write-allow-specifying-minimum-cluster-s.patch
-pve/0049-backup-add-minimum-cluster-size-to-performance-optio.patch
-pve/0050-PVE-backup-add-fleecing-option.patch
-pve/0051-PVE-backup-improve-error-when-copy-before-write-fail.patch
+pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
+pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
+pve/0046-PVE-backup-add-fleecing-option.patch
+pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
+pve-qemu-9.0-vitastor.patch