From 0f693c2caba51bedf306c9b8d3f2d45f399b5d7c Mon Sep 17 00:00:00 2001 From: Fiona Ebner Date: Tue, 6 Jun 2023 10:58:49 +0200 Subject: [PATCH] update submodule and patches to QEMU 8.0.2 Signed-off-by: Fiona Ebner --- ...le-reentrancy-detection-for-script-R.patch | 4 +- ...39-fix-large_send_mss-divide-by-zero.patch | 72 ---- ...en-getting-cursor-without-a-console.patch} | 2 +- ...-Fix-crash-when-executing-HMP-commit.patch | 48 --- ...our-channel-order-for-PNG-screenshot.patch | 77 ---- ...arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch | 41 -- ...e-incorrect-computation-in-float32_e.patch | 56 --- ...ge-wrong-XFRM-value-in-SGX-CPUID-lea.patch | 39 -- ...t-assert_bdrv_graph_readable-by-defa.patch | 106 ----- ...CI_ERR_UNCOR_MASK-register-for-machi.patch | 100 ----- ...after-free-in-blockdev_mark_auto_del.patch | 57 --- ...ly-call-bdrv_activate-outside-corout.patch | 64 --- ...o_unref-for-calls-in-coroutine-conte.patch | 373 ------------------ ...-no_coroutine_fns-in-qmp_block_resiz.patch | 43 -- ...-tcg-Fix-atomic_mmu_lookup-for-reads.patch | 36 -- debian/patches/series | 15 +- qemu | 2 +- 17 files changed, 5 insertions(+), 1130 deletions(-) delete mode 100644 debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch rename debian/patches/extra/{0009-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0007-ui-return-NULL-when-getting-cursor-without-a-console.patch} (97%) delete mode 100644 debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch delete mode 100644 debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch delete mode 100644 debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch delete mode 100644 debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch delete mode 100644 debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch delete mode 100644 debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch delete mode 100644 debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch delete mode 100644 debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch delete mode 100644 debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch delete mode 100644 debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch delete mode 100644 debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch delete mode 100644 debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch diff --git a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch index d7c7496..8f488dc 100644 --- a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch +++ b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch @@ -15,10 +15,10 @@ Signed-off-by: Alexander Bulekov 1 file changed, 6 insertions(+) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c -index af93557a9a..db27872963 100644 +index bbf32d3f73..17af67935f 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c -@@ -2302,6 +2302,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp) +@@ -2313,6 +2313,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp) memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, "lsi-io", 256); diff --git a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch deleted file mode 100644 index ab3db30..0000000 --- a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi -Date: Thu, 13 Apr 2023 13:19:46 -0400 -Subject: [PATCH] rtl8139: fix large_send_mss divide-by-zero -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If the driver sets large_send_mss to 0 then a divide-by-zero occurs. -Even if the division wasn't a problem, the for loop that emits MSS-sized -packets would never terminate. - -Solve these issues by skipping offloading when large_send_mss=0. - -This issue was found by OSS-Fuzz as part of Alexander Bulekov's device -fuzzing work. The reproducer is: - - $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \ - 512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \ - rtl8139,netdev=net0 -netdev user,id=net0 -device \ - pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \ - memory-backend-ram,id=mem1,size=2M -qtest stdio - outl 0xcf8 0x80000814 - outl 0xcfc 0xe0000000 - outl 0xcf8 0x80000804 - outw 0xcfc 0x06 - write 0xe0000037 0x1 0x04 - write 0xe00000e0 0x2 0x01 - write 0x1 0x1 0x04 - write 0x3 0x1 0x98 - write 0xa 0x1 0x8c - write 0xb 0x1 0x02 - write 0xc 0x1 0x46 - write 0xd 0x1 0xa6 - write 0xf 0x1 0xb8 - write 0xb800a646028c000c 0x1 0x08 - write 0xb800a646028c000e 0x1 0x47 - write 0xb800a646028c0010 0x1 0x02 - write 0xb800a646028c0017 0x1 0x06 - write 0xb800a646028c0036 0x1 0x80 - write 0xe00000d9 0x1 0x40 - EOF - -Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582 -Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value") -Reported-by: Alexander Bulekov -Cc: Peter Maydell -Signed-off-by: Stefan Hajnoczi -Reviewed-by: Philippe Mathieu-Daudé -Tested-by: Alexander Bulekov -Reviewed-by: Peter Maydell -Acked-by: Jason Wang -(picked up from https://patchew.org/QEMU/20230413171946.2865726-1-stefanha@redhat.com/) -Signed-off-by: Fiona Ebner ---- - hw/net/rtl8139.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c -index 5a5aaf868d..5f1a4d359b 100644 ---- a/hw/net/rtl8139.c -+++ b/hw/net/rtl8139.c -@@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) - - int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) & - CP_TC_LGSEN_MSS_MASK; -+ if (large_send_mss == 0) { -+ goto skip_offload; -+ } - - DPRINTF("+++ C+ mode offloaded task TSO IP data %d " - "frame data %d specified MSS=%d\n", diff --git a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch similarity index 97% rename from debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch rename to debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch index c0368b8..0b8d2c0 100644 --- a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch +++ b/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch @@ -22,7 +22,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/console.c b/ui/console.c -index 6e8a3cdc62..594517ecdb 100644 +index e173731e20..7461446e71 100644 --- a/ui/console.c +++ b/ui/console.c @@ -2306,7 +2306,7 @@ QEMUCursor *qemu_console_get_cursor(QemuConsole *con) diff --git a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch deleted file mode 100644 index 0255bd3..0000000 --- a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Wang Liang -Date: Mon, 24 Apr 2023 18:39:02 +0800 -Subject: [PATCH] block/monitor: Fix crash when executing HMP commit - -hmp_commit() calls blk_is_available() from a non-coroutine context (and -in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock -function, and in the non-coroutine context it calls AIO_WAIT_WHILE(), -which crashes if the aio_context lock is not taken before. - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1615 -Signed-off-by: Wang Liang -Message-Id: <20230424103902.45265-1-wangliangzz@126.com> -Reviewed-by: Emanuele Giuseppe Esposito -Reviewed-by: Kevin Wolf -Signed-off-by: Kevin Wolf -(cherry-picked from commit 8c1e8fb2e7fc2cbeb57703e143965a4cd3ad301a) -Signed-off-by: Fiona Ebner ---- - block/monitor/block-hmp-cmds.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index 2846083546..ca2599de44 100644 ---- a/block/monitor/block-hmp-cmds.c -+++ b/block/monitor/block-hmp-cmds.c -@@ -214,15 +214,17 @@ void hmp_commit(Monitor *mon, const QDict *qdict) - error_report("Device '%s' not found", device); - return; - } -- if (!blk_is_available(blk)) { -- error_report("Device '%s' has no medium", device); -- return; -- } - - bs = bdrv_skip_implicit_filters(blk_bs(blk)); - aio_context = bdrv_get_aio_context(bs); - aio_context_acquire(aio_context); - -+ if (!blk_is_available(blk)) { -+ error_report("Device '%s' has no medium", device); -+ aio_context_release(aio_context); -+ return; -+ } -+ - ret = bdrv_commit(bs); - - aio_context_release(aio_context); diff --git a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch deleted file mode 100644 index d76b723..0000000 --- a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Tue, 2 May 2023 14:55:48 +0100 -Subject: [PATCH] ui: Fix pixel colour channel order for PNG screenshots -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When we take a PNG screenshot the ordering of the colour channels in -the data is not correct, resulting in the image having weird -colouring compared to the actual display. (Specifically, on a -little-endian host the blue and red channels are swapped; on -big-endian everything is wrong.) - -This happens because the pixman idea of the pixel data and the libpng -idea differ. PIXMAN_a9r8g8b8 defines that pixels are 32-bit values, -with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits -0-7. This means that on little-endian systems the bytes in memory -are - B G R A -and on big-endian systems they are - A R G B - -libpng, on the other hand, thinks of pixels as being a series of -values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA -always wants bytes in the order - R G B A - -This isn't the same as the pixman order for either big or little -endian hosts. - -The alpha channel is also unnecessary bulk in the output PNG file, -because there is no alpha information in a screenshot. - -To handle the endianness issue, we already define in ui/qemu-pixman.h -various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent -byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and -PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of - R G B -and 3 bytes per pixel. - -(PPM format screenshots get this right; they already use the -PIXMAN_BE_r8g8b8 format.) - -Cc: qemu-stable@nongnu.org -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622 -Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG") -Signed-off-by: Peter Maydell -Reviewed-by: Marc-André Lureau -(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00229.html) -Signed-off-by: Fiona Ebner ---- - ui/console.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ui/console.c b/ui/console.c -index 594517ecdb..7461446e71 100644 ---- a/ui/console.c -+++ b/ui/console.c -@@ -311,7 +311,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp) - png_struct *png_ptr; - png_info *info_ptr; - g_autoptr(pixman_image_t) linebuf = -- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width); -+ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width); - uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf); - FILE *f = fdopen(fd, "wb"); - int y; -@@ -341,7 +341,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp) - png_init_io(png_ptr, f); - - png_set_IHDR(png_ptr, info_ptr, width, height, 8, -- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE, -+ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE, - PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE); - - png_write_info(png_ptr, info_ptr); diff --git a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch deleted file mode 100644 index 799aa84..0000000 --- a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Richard Henderson -Date: Thu, 4 May 2023 11:42:32 +0100 -Subject: [PATCH] target/arm: Fix vd == vm overlap in sve_ldff1_z - -If vd == vm, copy vm to scratch, so that we can pre-zero -the output and still access the gather indicies. - -Cc: qemu-stable@nongnu.org -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612 -Signed-off-by: Richard Henderson -(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00961.html) -Signed-off-by: Fiona Ebner ---- - target/arm/tcg/sve_helper.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c -index ccf5e5beca..0097522470 100644 ---- a/target/arm/tcg/sve_helper.c -+++ b/target/arm/tcg/sve_helper.c -@@ -6727,6 +6727,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm, - intptr_t reg_off; - SVEHostPage info; - target_ulong addr, in_page; -+ ARMVectorReg scratch; - - /* Skip to the first true predicate. */ - reg_off = find_next_active(vg, 0, reg_max, esz); -@@ -6736,6 +6737,11 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm, - return; - } - -+ /* Protect against overlap between vd and vm. */ -+ if (unlikely(vd == vm)) { -+ vm = memcpy(&scratch, vm, reg_max); -+ } -+ - /* - * Probe the first element, allowing faults. - */ diff --git a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch deleted file mode 100644 index a9cc766..0000000 --- a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Shivaprasad G Bhat -Date: Tue, 2 May 2023 20:55:30 +0530 -Subject: [PATCH] softfloat: Fix the incorrect computation in float32_exp2 - -The float32_exp2 function is computing wrong exponent of 2. - -For example, with the following set of values {0.1, 2.0, 2.0, -1.0}, -the expected output would be {1.071773, 4.000000, 4.000000, 0.500000}. -Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.191022} - -Looking at the code, the float32_exp2() attempts to do this - - 2 3 4 5 n - x x x x x x x - e = 1 + --- + --- + --- + --- + --- + ... + --- + ... - 1! 2! 3! 4! 5! n! - -But because of the typo it ends up doing - - x x x x x x x - e = 1 + --- + --- + --- + --- + --- + ... + --- + ... - 1! 2! 3! 4! 5! n! - -This is because instead of the xnp which holds the numerator, parts_muladd -is using the xp which is just 'x'. Commit '572c4d862ff2' refactored this -function, and mistakenly used xp instead of xnp. - -Cc: qemu-stable@nongnu.org -Fixes: 572c4d862ff2 "softfloat: Convert float32_exp2 to FloatParts" -Partially-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1623 -Reported-By: Luca Barbato (https://gitlab.com/lu-zero) -Signed-off-by: Shivaprasad G Bhat -Signed-off-by: Vaibhav Jain -Message-Id: <168304110865.537992.13059030916325018670.stgit@localhost.localdomain> -Reviewed-by: Richard Henderson -Signed-off-by: Richard Henderson -(cherry-picked from commit 1098cc3fcf952763fc9fd72c1c8fda30a18cc8ea) -Signed-off-by: Fiona Ebner ---- - fpu/softfloat.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fpu/softfloat.c b/fpu/softfloat.c -index c7454c3eb1..108f9cb224 100644 ---- a/fpu/softfloat.c -+++ b/fpu/softfloat.c -@@ -5135,7 +5135,7 @@ float32 float32_exp2(float32 a, float_status *status) - float64_unpack_canonical(&rp, float64_one, status); - for (i = 0 ; i < 15 ; i++) { - float64_unpack_canonical(&tp, float32_exp2_coefficients[i], status); -- rp = *parts_muladd(&tp, &xp, &rp, 0, status); -+ rp = *parts_muladd(&tp, &xnp, &rp, 0, status); - xnp = *parts_mul(&xnp, &xp, status); - } - diff --git a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch deleted file mode 100644 index 425b39d..0000000 --- a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Yang Zhong -Date: Thu, 6 Apr 2023 02:40:41 -0400 -Subject: [PATCH] target/i386: Change wrong XFRM value in SGX CPUID leaf -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with -FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result, -SGX enclaves only supported SSE and x87 feature (xfrm=0x3). - -Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features") -Signed-off-by: Yang Zhong -Reviewed-by: Yang Weijiang -Reviewed-by: Kai Huang -Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com> -Signed-off-by: Paolo Bonzini -(cherry-picked from commit 72497cff896fecf74306ed33626c30e43633cdd6) -Signed-off-by: Fiona Ebner ---- - target/i386/cpu.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/target/i386/cpu.c b/target/i386/cpu.c -index 6576287e5b..f083ff4335 100644 ---- a/target/i386/cpu.c -+++ b/target/i386/cpu.c -@@ -5718,8 +5718,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, - } else { - *eax &= env->features[FEAT_SGX_12_1_EAX]; - *ebx &= 0; /* ebx reserve */ -- *ecx &= env->features[FEAT_XSAVE_XSS_LO]; -- *edx &= env->features[FEAT_XSAVE_XSS_HI]; -+ *ecx &= env->features[FEAT_XSAVE_XCR0_LO]; -+ *edx &= env->features[FEAT_XSAVE_XCR0_HI]; - - /* FP and SSE are always allowed regardless of XSAVE/XCR0. */ - *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK; diff --git a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch deleted file mode 100644 index f0534d8..0000000 --- a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi -Date: Mon, 1 May 2023 13:34:43 -0400 -Subject: [PATCH] block: compile out assert_bdrv_graph_readable() by default - -reader_count() is a performance bottleneck because the global -aio_context_list_lock mutex causes thread contention. Put this debugging -assertion behind a new ./configure --enable-debug-graph-lock option and -disable it by default. - -The --enable-debug-graph-lock option is also enabled by the more general ---enable-debug option. - -Signed-off-by: Stefan Hajnoczi -(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00058.html) -Signed-off-by: Fiona Ebner ---- - block/graph-lock.c | 3 +++ - configure | 1 + - meson.build | 2 ++ - meson_options.txt | 2 ++ - scripts/meson-buildoptions.sh | 4 ++++ - 5 files changed, 12 insertions(+) - -diff --git a/block/graph-lock.c b/block/graph-lock.c -index 454c31e691..259a7a0bde 100644 ---- a/block/graph-lock.c -+++ b/block/graph-lock.c -@@ -265,7 +265,10 @@ void bdrv_graph_rdunlock_main_loop(void) - - void assert_bdrv_graph_readable(void) - { -+ /* reader_count() is slow due to aio_context_list_lock lock contention */ -+#ifdef CONFIG_DEBUG_GRAPH_LOCK - assert(qemu_in_main_thread() || reader_count()); -+#endif - } - - void assert_bdrv_graph_writable(void) -diff --git a/configure b/configure -index 800b5850f4..a62a3e6be9 100755 ---- a/configure -+++ b/configure -@@ -806,6 +806,7 @@ for opt do - --enable-debug) - # Enable debugging options that aren't excessively noisy - debug_tcg="yes" -+ meson_option_parse --enable-debug-graph-lock "" - meson_option_parse --enable-debug-mutex "" - meson_option_add -Doptimization=0 - fortify_source="no" -diff --git a/meson.build b/meson.build -index c44d05a13f..d964e741e7 100644 ---- a/meson.build -+++ b/meson.build -@@ -1956,6 +1956,7 @@ if get_option('debug_stack_usage') and have_coroutine_pool - have_coroutine_pool = false - endif - config_host_data.set10('CONFIG_COROUTINE_POOL', have_coroutine_pool) -+config_host_data.set('CONFIG_DEBUG_GRAPH_LOCK', get_option('debug_graph_lock')) - config_host_data.set('CONFIG_DEBUG_MUTEX', get_option('debug_mutex')) - config_host_data.set('CONFIG_DEBUG_STACK_USAGE', get_option('debug_stack_usage')) - config_host_data.set('CONFIG_GPROF', get_option('gprof')) -@@ -3833,6 +3834,7 @@ summary_info += {'PIE': get_option('b_pie')} - summary_info += {'static build': config_host.has_key('CONFIG_STATIC')} - summary_info += {'malloc trim support': has_malloc_trim} - summary_info += {'membarrier': have_membarrier} -+summary_info += {'debug graph lock': get_option('debug_graph_lock')} - summary_info += {'debug stack usage': get_option('debug_stack_usage')} - summary_info += {'mutex debugging': get_option('debug_mutex')} - summary_info += {'memory allocator': get_option('malloc')} -diff --git a/meson_options.txt b/meson_options.txt -index fc9447d267..bc857fe68b 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -311,6 +311,8 @@ option('rng_none', type: 'boolean', value: false, - description: 'dummy RNG, avoid using /dev/(u)random and getrandom()') - option('coroutine_pool', type: 'boolean', value: true, - description: 'coroutine freelist (better performance)') -+option('debug_graph_lock', type: 'boolean', value: false, -+ description: 'graph lock debugging support') - option('debug_mutex', type: 'boolean', value: false, - description: 'mutex debugging support') - option('debug_stack_usage', type: 'boolean', value: false, -diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh -index 009fab1515..30e1f25259 100644 ---- a/scripts/meson-buildoptions.sh -+++ b/scripts/meson-buildoptions.sh -@@ -21,6 +21,8 @@ meson_options_help() { - printf "%s\n" ' QEMU' - printf "%s\n" ' --enable-cfi Control-Flow Integrity (CFI)' - printf "%s\n" ' --enable-cfi-debug Verbose errors in case of CFI violation' -+ printf "%s\n" ' --enable-debug-graph-lock' -+ printf "%s\n" ' graph lock debugging support' - printf "%s\n" ' --enable-debug-mutex mutex debugging support' - printf "%s\n" ' --enable-debug-stack-usage' - printf "%s\n" ' measure coroutine stack usage' -@@ -249,6 +251,8 @@ _meson_option_parse() { - --datadir=*) quote_sh "-Ddatadir=$2" ;; - --enable-dbus-display) printf "%s" -Ddbus_display=enabled ;; - --disable-dbus-display) printf "%s" -Ddbus_display=disabled ;; -+ --enable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=true ;; -+ --disable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=false ;; - --enable-debug-mutex) printf "%s" -Ddebug_mutex=true ;; - --disable-debug-mutex) printf "%s" -Ddebug_mutex=false ;; - --enable-debug-stack-usage) printf "%s" -Ddebug_stack_usage=true ;; diff --git a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch deleted file mode 100644 index b7e45e5..0000000 --- a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Leonardo Bras -Date: Tue, 2 May 2023 21:27:02 -0300 -Subject: [PATCH] hw/pci: Disable PCI_ERR_UNCOR_MASK register for machine type - < 8.0 - -Since it's implementation on v8.0.0-rc0, having the PCI_ERR_UNCOR_MASK -set for machine types < 8.0 will cause migration to fail if the target -QEMU version is < 8.0.0 : - -qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10a read: 40 device: 0 cmask: ff wmask: 0 w1cmask:0 -qemu-system-x86_64: Failed to load PCIDevice:config -qemu-system-x86_64: Failed to load e1000e:parent_obj -qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:02.0/e1000e' -qemu-system-x86_64: load of migration failed: Invalid argument - -The above test migrated a 7.2 machine type from QEMU master to QEMU 7.2.0, -with this cmdline: - -./qemu-system-x86_64 -M pc-q35-7.2 [-incoming XXX] - -In order to fix this, property x-pcie-err-unc-mask was introduced to -control when PCI_ERR_UNCOR_MASK is enabled. This property is enabled by -default, but is disabled if machine type <= 7.2. - -Fixes: 010746ae1d ("hw/pci/aer: Implement PCI_ERR_UNCOR_MASK register") -Suggested-by: Michael S. Tsirkin -Signed-off-by: Leonardo Bras -Reviewed-by: Jonathan Cameron -Reviewed-by: Peter Xu -Reviewed-by: Juan Quintela -(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00350.html) -Signed-off-by: Fiona Ebner ---- - hw/core/machine.c | 1 + - hw/pci/pci.c | 2 ++ - hw/pci/pcie_aer.c | 11 +++++++---- - include/hw/pci/pci.h | 2 ++ - 4 files changed, 12 insertions(+), 4 deletions(-) - -diff --git a/hw/core/machine.c b/hw/core/machine.c -index cd13b8b0a3..5060119952 100644 ---- a/hw/core/machine.c -+++ b/hw/core/machine.c -@@ -43,6 +43,7 @@ GlobalProperty hw_compat_7_2[] = { - { "e1000e", "migrate-timadj", "off" }, - { "virtio-mem", "x-early-migration", "false" }, - { "migration", "x-preempt-pre-7-2", "true" }, -+ { TYPE_PCI_DEVICE, "x-pcie-err-unc-mask", "off" }, - }; - const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2); - -diff --git a/hw/pci/pci.c b/hw/pci/pci.c -index def5000e7b..8ad4349e96 100644 ---- a/hw/pci/pci.c -+++ b/hw/pci/pci.c -@@ -79,6 +79,8 @@ static Property pci_props[] = { - DEFINE_PROP_STRING("failover_pair_id", PCIDevice, - failover_pair_id), - DEFINE_PROP_UINT32("acpi-index", PCIDevice, acpi_index, 0), -+ DEFINE_PROP_BIT("x-pcie-err-unc-mask", PCIDevice, cap_present, -+ QEMU_PCIE_ERR_UNC_MASK_BITNR, true), - DEFINE_PROP_END_OF_LIST() - }; - -diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c -index 103667c368..374d593ead 100644 ---- a/hw/pci/pcie_aer.c -+++ b/hw/pci/pcie_aer.c -@@ -112,10 +112,13 @@ int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset, - - pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS, - PCI_ERR_UNC_SUPPORTED); -- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK, -- PCI_ERR_UNC_MASK_DEFAULT); -- pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK, -- PCI_ERR_UNC_SUPPORTED); -+ -+ if (dev->cap_present & QEMU_PCIE_ERR_UNC_MASK) { -+ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK, -+ PCI_ERR_UNC_MASK_DEFAULT); -+ pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK, -+ PCI_ERR_UNC_SUPPORTED); -+ } - - pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER, - PCI_ERR_UNC_SEVERITY_DEFAULT); -diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h -index d5a40cd058..6dc6742fc4 100644 ---- a/include/hw/pci/pci.h -+++ b/include/hw/pci/pci.h -@@ -207,6 +207,8 @@ enum { - QEMU_PCIE_EXTCAP_INIT = (1 << QEMU_PCIE_EXTCAP_INIT_BITNR), - #define QEMU_PCIE_CXL_BITNR 10 - QEMU_PCIE_CAP_CXL = (1 << QEMU_PCIE_CXL_BITNR), -+#define QEMU_PCIE_ERR_UNC_MASK_BITNR 11 -+ QEMU_PCIE_ERR_UNC_MASK = (1 << QEMU_PCIE_ERR_UNC_MASK_BITNR), - }; - - typedef struct PCIINTxRoute { diff --git a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch deleted file mode 100644 index 20e3e35..0000000 --- a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Wed, 3 May 2023 16:01:42 +0200 -Subject: [PATCH] block: Fix use after free in blockdev_mark_auto_del() - -job_cancel_locked() drops the job list lock temporarily and it may call -aio_poll(). We must assume that the list has changed after this call. -Also, with unlucky timing, it can end up freeing the job during -job_completed_txn_abort_locked(), making the job pointer invalid, too. - -For both reasons, we can't just continue at block_job_next_locked(job). -Instead, start at the head of the list again after job_cancel_locked() -and skip those jobs that we already cancelled (or that are completing -anyway). - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Message-Id: <20230503140142.474404-1-kwolf@redhat.com> -Reviewed-by: Stefan Hajnoczi -Signed-off-by: Kevin Wolf -(cherry-picked from commit e2626874a32602d4e52971c786ef5ffb4430629d) -Signed-off-by: Fiona Ebner ---- - blockdev.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/blockdev.c b/blockdev.c -index d7b5c18f0a..2c1752a403 100644 ---- a/blockdev.c -+++ b/blockdev.c -@@ -153,12 +153,22 @@ void blockdev_mark_auto_del(BlockBackend *blk) - - JOB_LOCK_GUARD(); - -- for (job = block_job_next_locked(NULL); job; -- job = block_job_next_locked(job)) { -- if (block_job_has_bdrv(job, blk_bs(blk))) { -+ do { -+ job = block_job_next_locked(NULL); -+ while (job && (job->job.cancelled || -+ job->job.deferred_to_main_loop || -+ !block_job_has_bdrv(job, blk_bs(blk)))) -+ { -+ job = block_job_next_locked(job); -+ } -+ if (job) { -+ /* -+ * This drops the job lock temporarily and polls, so we need to -+ * restart processing the list from the start after this. -+ */ - job_cancel_locked(&job->job, false); - } -- } -+ } while (job); - - dinfo->auto_del = 1; - } diff --git a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch deleted file mode 100644 index a65c044..0000000 --- a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 4 May 2023 13:57:32 +0200 -Subject: [PATCH] block: Consistently call bdrv_activate() outside coroutine - -Migration code can call bdrv_activate() in coroutine context, whereas -other callers call it outside of coroutines. As it calls other code that -is not supposed to run in coroutines, standardise on running outside of -coroutines. - -This adds a no_co_wrapper to switch to the main loop before calling -bdrv_activate(). - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Eric Blake -Reviewed-by: Stefan Hajnoczi -Message-Id: <20230504115750.54437-3-kwolf@redhat.com> -Signed-off-by: Kevin Wolf -(cherry-picked from commit da4afaff074e56b0fa0d25abf865784148018895) -Signed-off-by: Fiona Ebner ---- - block/block-backend.c | 10 +++++++++- - include/block/block-global-state.h | 6 +++++- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/block/block-backend.c b/block/block-backend.c -index 55efc735b4..d59f759daf 100644 ---- a/block/block-backend.c -+++ b/block/block-backend.c -@@ -2018,7 +2018,15 @@ void blk_activate(BlockBackend *blk, Error **errp) - return; - } - -- bdrv_activate(bs, errp); -+ /* -+ * Migration code can call this function in coroutine context, so leave -+ * coroutine context if necessary. -+ */ -+ if (qemu_in_coroutine()) { -+ bdrv_co_activate(bs, errp); -+ } else { -+ bdrv_activate(bs, errp); -+ } - } - - bool coroutine_fn blk_co_is_inserted(BlockBackend *blk) -diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h -index 399200a9a3..2c312cc774 100644 ---- a/include/block/block-global-state.h -+++ b/include/block/block-global-state.h -@@ -166,7 +166,11 @@ int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts, - BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs, - const char *node_name, Error **errp); - --int bdrv_activate(BlockDriverState *bs, Error **errp); -+int no_coroutine_fn bdrv_activate(BlockDriverState *bs, Error **errp); -+ -+int coroutine_fn no_co_wrapper -+bdrv_co_activate(BlockDriverState *bs, Error **errp); -+ - void bdrv_activate_all(Error **errp); - int bdrv_inactivate_all(void); - diff --git a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch deleted file mode 100644 index 541e64e..0000000 --- a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch +++ /dev/null @@ -1,373 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 4 May 2023 13:57:33 +0200 -Subject: [PATCH] block: bdrv/blk_co_unref() for calls in coroutine context - -These functions must not be called in coroutine context, because they -need write access to the graph. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Eric Blake -Reviewed-by: Stefan Hajnoczi -Message-Id: <20230504115750.54437-4-kwolf@redhat.com> -Signed-off-by: Kevin Wolf -(cherry-picked from commit b2ab5f545fa1eaaf2955dd617bee19a8b3279786) -Signed-off-by: Fiona Ebner ---- - block.c | 2 +- - block/crypto.c | 6 +++--- - block/parallels.c | 6 +++--- - block/qcow.c | 6 +++--- - block/qcow2.c | 14 +++++++------- - block/qed.c | 6 +++--- - block/vdi.c | 6 +++--- - block/vhdx.c | 6 +++--- - block/vmdk.c | 18 +++++++++--------- - block/vpc.c | 6 +++--- - include/block/block-global-state.h | 3 ++- - include/sysemu/block-backend-global-state.h | 5 ++++- - 12 files changed, 44 insertions(+), 40 deletions(-) - -diff --git a/block.c b/block.c -index d79a52ca74..a48112f945 100644 ---- a/block.c -+++ b/block.c -@@ -680,7 +680,7 @@ int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv, - - ret = 0; - out: -- blk_unref(blk); -+ blk_co_unref(blk); - return ret; - } - -diff --git a/block/crypto.c b/block/crypto.c -index ca67289187..8fd3ad0054 100644 ---- a/block/crypto.c -+++ b/block/crypto.c -@@ -355,7 +355,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size, - ret = 0; - cleanup: - qcrypto_block_free(crypto); -- blk_unref(blk); -+ blk_co_unref(blk); - return ret; - } - -@@ -661,7 +661,7 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) - - ret = 0; - fail: -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - return ret; - } - -@@ -730,7 +730,7 @@ fail: - bdrv_co_delete_file_noerr(bs); - } - -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - qapi_free_QCryptoBlockCreateOptions(create_opts); - qobject_unref(cryptoopts); - return ret; -diff --git a/block/parallels.c b/block/parallels.c -index 013684801a..b49c35929e 100644 ---- a/block/parallels.c -+++ b/block/parallels.c -@@ -613,8 +613,8 @@ static int coroutine_fn parallels_co_create(BlockdevCreateOptions* opts, - - ret = 0; - out: -- blk_unref(blk); -- bdrv_unref(bs); -+ blk_co_unref(blk); -+ bdrv_co_unref(bs); - return ret; - - exit: -@@ -691,7 +691,7 @@ parallels_co_create_opts(BlockDriver *drv, const char *filename, - - done: - qobject_unref(qdict); -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - qapi_free_BlockdevCreateOptions(create_options); - return ret; - } -diff --git a/block/qcow.c b/block/qcow.c -index 490e4f819e..a0c701f578 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -915,8 +915,8 @@ static int coroutine_fn qcow_co_create(BlockdevCreateOptions *opts, - g_free(tmp); - ret = 0; - exit: -- blk_unref(qcow_blk); -- bdrv_unref(bs); -+ blk_co_unref(qcow_blk); -+ bdrv_co_unref(bs); - qcrypto_block_free(crypto); - return ret; - } -@@ -1015,7 +1015,7 @@ qcow_co_create_opts(BlockDriver *drv, const char *filename, - fail: - g_free(backing_fmt); - qobject_unref(qdict); -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - qapi_free_BlockdevCreateOptions(create_options); - return ret; - } -diff --git a/block/qcow2.c b/block/qcow2.c -index 30fd53fa64..6746763c34 100644 ---- a/block/qcow2.c -+++ b/block/qcow2.c -@@ -3705,7 +3705,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) - goto out; - } - -- blk_unref(blk); -+ blk_co_unref(blk); - blk = NULL; - - /* -@@ -3785,7 +3785,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) - } - } - -- blk_unref(blk); -+ blk_co_unref(blk); - blk = NULL; - - /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning. -@@ -3810,9 +3810,9 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) - - ret = 0; - out: -- blk_unref(blk); -- bdrv_unref(bs); -- bdrv_unref(data_bs); -+ blk_co_unref(blk); -+ bdrv_co_unref(bs); -+ bdrv_co_unref(data_bs); - return ret; - } - -@@ -3943,8 +3943,8 @@ finish: - } - - qobject_unref(qdict); -- bdrv_unref(bs); -- bdrv_unref(data_bs); -+ bdrv_co_unref(bs); -+ bdrv_co_unref(data_bs); - qapi_free_BlockdevCreateOptions(create_options); - return ret; - } -diff --git a/block/qed.c b/block/qed.c -index 0705a7b4e2..aff2a2076e 100644 ---- a/block/qed.c -+++ b/block/qed.c -@@ -748,8 +748,8 @@ static int coroutine_fn bdrv_qed_co_create(BlockdevCreateOptions *opts, - ret = 0; /* success */ - out: - g_free(l1_table); -- blk_unref(blk); -- bdrv_unref(bs); -+ blk_co_unref(blk); -+ bdrv_co_unref(bs); - return ret; - } - -@@ -819,7 +819,7 @@ bdrv_qed_co_create_opts(BlockDriver *drv, const char *filename, - - fail: - qobject_unref(qdict); -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - qapi_free_BlockdevCreateOptions(create_options); - return ret; - } -diff --git a/block/vdi.c b/block/vdi.c -index f2434d6153..08331d2dd7 100644 ---- a/block/vdi.c -+++ b/block/vdi.c -@@ -886,8 +886,8 @@ static int coroutine_fn vdi_co_do_create(BlockdevCreateOptions *create_options, - - ret = 0; - exit: -- blk_unref(blk); -- bdrv_unref(bs_file); -+ blk_co_unref(blk); -+ bdrv_co_unref(bs_file); - g_free(bmap); - return ret; - } -@@ -975,7 +975,7 @@ vdi_co_create_opts(BlockDriver *drv, const char *filename, - done: - qobject_unref(qdict); - qapi_free_BlockdevCreateOptions(create_options); -- bdrv_unref(bs_file); -+ bdrv_co_unref(bs_file); - return ret; - } - -diff --git a/block/vhdx.c b/block/vhdx.c -index 81420722a1..00777da91a 100644 ---- a/block/vhdx.c -+++ b/block/vhdx.c -@@ -2053,8 +2053,8 @@ static int coroutine_fn vhdx_co_create(BlockdevCreateOptions *opts, - - ret = 0; - delete_and_exit: -- blk_unref(blk); -- bdrv_unref(bs); -+ blk_co_unref(blk); -+ bdrv_co_unref(bs); - g_free(creator); - return ret; - } -@@ -2144,7 +2144,7 @@ vhdx_co_create_opts(BlockDriver *drv, const char *filename, - - fail: - qobject_unref(qdict); -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - qapi_free_BlockdevCreateOptions(create_options); - return ret; - } -diff --git a/block/vmdk.c b/block/vmdk.c -index f5f49018fe..01ca13c82b 100644 ---- a/block/vmdk.c -+++ b/block/vmdk.c -@@ -2306,7 +2306,7 @@ exit: - if (pbb) { - *pbb = blk; - } else { -- blk_unref(blk); -+ blk_co_unref(blk); - blk = NULL; - } - } -@@ -2516,12 +2516,12 @@ vmdk_co_do_create(int64_t size, - if (strcmp(blk_bs(backing)->drv->format_name, "vmdk")) { - error_setg(errp, "Invalid backing file format: %s. Must be vmdk", - blk_bs(backing)->drv->format_name); -- blk_unref(backing); -+ blk_co_unref(backing); - ret = -EINVAL; - goto exit; - } - ret = vmdk_read_cid(blk_bs(backing), 0, &parent_cid); -- blk_unref(backing); -+ blk_co_unref(backing); - if (ret) { - error_setg(errp, "Failed to read parent CID"); - goto exit; -@@ -2542,14 +2542,14 @@ vmdk_co_do_create(int64_t size, - blk_bs(extent_blk)->filename); - created_size += cur_size; - extent_idx++; -- blk_unref(extent_blk); -+ blk_co_unref(extent_blk); - } - - /* Check whether we got excess extents */ - extent_blk = extent_fn(-1, extent_idx, flat, split, compress, zeroed_grain, - opaque, NULL); - if (extent_blk) { -- blk_unref(extent_blk); -+ blk_co_unref(extent_blk); - error_setg(errp, "List of extents contains unused extents"); - ret = -EINVAL; - goto exit; -@@ -2590,7 +2590,7 @@ vmdk_co_do_create(int64_t size, - ret = 0; - exit: - if (blk) { -- blk_unref(blk); -+ blk_co_unref(blk); - } - g_free(desc); - g_free(parent_desc_line); -@@ -2641,7 +2641,7 @@ vmdk_co_create_opts_cb(int64_t size, int idx, bool flat, bool split, - errp)) { - goto exit; - } -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - exit: - g_free(ext_filename); - return blk; -@@ -2797,12 +2797,12 @@ static BlockBackend * coroutine_fn vmdk_co_create_cb(int64_t size, int idx, - return NULL; - } - blk_set_allow_write_beyond_eof(blk, true); -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - - if (size != -1) { - ret = vmdk_init_extent(blk, size, flat, compress, zeroed_grain, errp); - if (ret) { -- blk_unref(blk); -+ blk_co_unref(blk); - blk = NULL; - } - } -diff --git a/block/vpc.c b/block/vpc.c -index b89b0ff8e2..07ddda5b99 100644 ---- a/block/vpc.c -+++ b/block/vpc.c -@@ -1082,8 +1082,8 @@ static int coroutine_fn vpc_co_create(BlockdevCreateOptions *opts, - } - - out: -- blk_unref(blk); -- bdrv_unref(bs); -+ blk_co_unref(blk); -+ bdrv_co_unref(bs); - return ret; - } - -@@ -1162,7 +1162,7 @@ vpc_co_create_opts(BlockDriver *drv, const char *filename, - - fail: - qobject_unref(qdict); -- bdrv_unref(bs); -+ bdrv_co_unref(bs); - qapi_free_BlockdevCreateOptions(create_options); - return ret; - } -diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h -index 2c312cc774..ec3ddb17a8 100644 ---- a/include/block/block-global-state.h -+++ b/include/block/block-global-state.h -@@ -218,7 +218,8 @@ void bdrv_img_create(const char *filename, const char *fmt, - bool quiet, Error **errp); - - void bdrv_ref(BlockDriverState *bs); --void bdrv_unref(BlockDriverState *bs); -+void no_coroutine_fn bdrv_unref(BlockDriverState *bs); -+void coroutine_fn no_co_wrapper bdrv_co_unref(BlockDriverState *bs); - void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child); - BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, - BlockDriverState *child_bs, -diff --git a/include/sysemu/block-backend-global-state.h b/include/sysemu/block-backend-global-state.h -index 2b6d27db7c..fa83f9389c 100644 ---- a/include/sysemu/block-backend-global-state.h -+++ b/include/sysemu/block-backend-global-state.h -@@ -42,7 +42,10 @@ blk_co_new_open(const char *filename, const char *reference, QDict *options, - - int blk_get_refcnt(BlockBackend *blk); - void blk_ref(BlockBackend *blk); --void blk_unref(BlockBackend *blk); -+ -+void no_coroutine_fn blk_unref(BlockBackend *blk); -+void coroutine_fn no_co_wrapper blk_co_unref(BlockBackend *blk); -+ - void blk_remove_all_bs(void); - BlockBackend *blk_by_name(const char *name); - BlockBackend *blk_next(BlockBackend *blk); diff --git a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch deleted file mode 100644 index 685b7a8..0000000 --- a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 4 May 2023 13:57:34 +0200 -Subject: [PATCH] block: Don't call no_coroutine_fns in qmp_block_resize() - -This QMP handler runs in a coroutine, so it must use the corresponding -no_co_wrappers instead. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2185688 -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Eric Blake -Reviewed-by: Stefan Hajnoczi -Message-Id: <20230504115750.54437-5-kwolf@redhat.com> -Signed-off-by: Kevin Wolf -(cherry-picked from commit 0c7d204f50c382c6baac8c94bd57af4a022b3888) -Signed-off-by: Fiona Ebner ---- - blockdev.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/blockdev.c b/blockdev.c -index 2c1752a403..e464daea58 100644 ---- a/blockdev.c -+++ b/blockdev.c -@@ -2440,7 +2440,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name, - return; - } - -- blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp); -+ blk = blk_co_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp); - if (!blk) { - return; - } -@@ -2455,7 +2455,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name, - - bdrv_co_lock(bs); - bdrv_drained_end(bs); -- blk_unref(blk); -+ blk_co_unref(blk); - bdrv_co_unlock(bs); - } - diff --git a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch deleted file mode 100644 index e4d9946..0000000 --- a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Richard Henderson -Date: Fri, 5 May 2023 21:40:49 +0100 -Subject: [PATCH] accel/tcg: Fix atomic_mmu_lookup for reads -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A copy-paste bug had us looking at the victim cache for writes. - -Cc: qemu-stable@nongnu.org -Reported-by: Peter Maydell -Signed-off-by: Richard Henderson -Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops") -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Peter Maydell -Message-Id: <20230505204049.352469-1-richard.henderson@linaro.org> -(cherry-picked from commit 8c313254e61ed47a1bf4a2db714b25cdd94fbcce) -Signed-off-by: Fiona Ebner ---- - accel/tcg/cputlb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c -index e984a98dc4..145fba45b2 100644 ---- a/accel/tcg/cputlb.c -+++ b/accel/tcg/cputlb.c -@@ -1830,7 +1830,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr, - } else /* if (prot & PAGE_READ) */ { - tlb_addr = tlbe->addr_read; - if (!tlb_hit(tlb_addr, addr)) { -- if (!VICTIM_TLB_HIT(addr_write, addr)) { -+ if (!VICTIM_TLB_HIT(addr_read, addr)) { - tlb_fill(env_cpu(env), addr, size, - MMU_DATA_LOAD, mmu_idx, retaddr); - index = tlb_index(env, mmu_idx, addr); diff --git a/debian/patches/series b/debian/patches/series index 375b2db..7b45528 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,20 +4,7 @@ extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch -extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch -extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch -extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch -extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch -extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch -extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch -extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch -extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch -extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch -extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch -extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch -extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch -extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch -extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch +extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch diff --git a/qemu b/qemu index c1eb2dd..f7f686b 160000 --- a/qemu +++ b/qemu @@ -1 +1 @@ -Subproject commit c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4 +Subproject commit f7f686b61cf7ee142c9264d2e04ac2c6a96d37f8