vitalif
/
pve-qemu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update submodule and patches to QEMU 8.1.5 

Most notable fixes from a Proxmox VE perspective are:

* "virtio-net: correctly copy vnet header when flushing TX"
  To prevent a stack overflow that could lead to leaking parts of the
  QEMU process's memory.
* "hw/pflash: implement update buffer for block writes"
  To prevent an edge case for half-completed writes. This potentially
  affected EFI disks.
* Fixes to i386 emulation and ARM emulation.

No changes for patches were necessary (all are just automatic context
changes).

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
master
Fiona Ebner 2024-01-30 15:14:37 +01:00 committed by Thomas Lamprecht
parent f366bb97ae
commit 4b7975e75d
30 changed files with 74 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch vendored
View File

@ -360,7 +360,7 @@ index da5fb31089..32f0f9858a 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 2b1d493d6e..903392cb8f 100644
index bca1a0c372..a5cea82139 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2145,6 +2145,15 @@

10
debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch vendored
View File

@ -104,7 +104,7 @@ index dc352f9e9d..56e1307014 100644
* Is @mon is using readline?
* Note: not all HMP monitors use readline, e.g., gdbserver has a
diff --git a/monitor/qmp.c b/monitor/qmp.c
index 6eee450fe4..c15bf1e1fc 100644
index a239945e8d..589c9524f8 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -165,6 +165,8 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
@ -135,7 +135,7 @@ index 6eee450fe4..c15bf1e1fc 100644
qobject_unref(rsp);
}
@@ -478,6 +490,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
@@ -461,6 +473,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
switch (event) {
case CHR_EVENT_OPENED:
@ -144,7 +144,7 @@ index 6eee450fe4..c15bf1e1fc 100644
monitor_qmp_caps_reset(mon);
data = qmp_greeting(mon);
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
index 555528b6bb..3baa508b4b 100644
index 176b549473..790bb7d1da 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
@@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
@ -180,13 +180,13 @@ index 555528b6bb..3baa508b4b 100644
aio_co_wake(data->co);
}
@@ -231,6 +243,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
@@ -253,6 +265,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
.ret = &ret,
.errp = &err,
.co = qemu_coroutine_self(),
+ .conn_nr = monitor_get_connection_nr(cur_mon),
};
aio_bh_schedule_oneshot(qemu_get_aio_context(), do_qmp_dispatch_bh,
aio_bh_schedule_oneshot(iohandler_get_aio_context(), do_qmp_dispatch_bh,
&data);
diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c
index afa477aae6..d3ff124bf3 100644

2
debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch vendored
View File

@ -55,7 +55,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 07971c0218..6a74afe564 100644
index c3508acbb1..289347af58 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -444,7 +444,7 @@ static void ide_trim_bh_cb(void *opaque)

0
debian/patches/extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch → debian/patches/extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch vendored
View File

100
debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch vendored
View File

@ -1,100 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Fiona Ebner <f.ebner@proxmox.com>
Date: Thu, 24 Aug 2023 11:22:21 +0200
Subject: [PATCH] hw/ide: reset: cancel async DMA operation before reseting
state
If there is a pending DMA operation during ide_bus_reset(), the fact
that the IDEstate is already reset before the operation is canceled
can be problematic. In particular, ide_dma_cb() might be called and
then use the reset IDEstate which contains the signature after the
reset. When used to construct the IO operation this leads to
ide_get_sector() returning 0 and nsector being 1. This is particularly
bad, because a write command will thus destroy the first sector which
often contains a partition table or similar.
Traces showing the unsolicited write happening with IDEstate
0x5595af6949d0 being used after reset:
> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 0x00000300
> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
> ide_reset IDEstate 0x5595af6949d0
> ide_reset IDEstate 0x5595af694da8
> ide_bus_reset_aio aio_cancel
> dma_aio_cancel dbs=0x7f64600089a0
> dma_blk_cb dbs=0x7f64600089a0 ret=0
> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
> ahci_populate_sglist ahci(0x5595af6923f0)[0]
> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 prepared=512
> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
> dma_blk_cb dbs=0x7f6420802010 ret=0
> (gdb) p *qiov
> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 0x0,
> iov_len = 512}}, {__pad = "\001\000\000\000\000\000\000\000\000\000\000",
> size = 512}}}
> (gdb) bt
> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, flags=0,
> cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
> at ../block/block-backend.c:1682
> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized out>)
> at ../softmmu/dma-helpers.c:179
> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
> io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
> cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
> cb=cb@entry=0x5595acd40b30 <ide_dma_cb>, opaque=opaque@entry=0x5595af6949d0)
> at ../softmmu/dma-helpers.c:280
> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized out>)
> at ../hw/ide/core.c:953
> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
> at ../softmmu/dma-helpers.c:107
> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
> at ../block/block-backend.c:1527
> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at ../block/block-backend.c:1594
> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
> i1=<optimized out>) at ../util/coroutine-ucontext.c:177
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/ide/core.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 6a74afe564..289347af58 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2515,19 +2515,19 @@ static void ide_dummy_transfer_stop(IDEState *s)
void ide_bus_reset(IDEBus *bus)
{
- bus->unit = 0;
- bus->cmd = 0;
- ide_reset(&bus->ifs[0]);
- ide_reset(&bus->ifs[1]);
- ide_clear_hob(bus);
-
- /* pending async DMA */
+ /* pending async DMA - needs the IDEState before it is reset */
if (bus->dma->aiocb) {
trace_ide_bus_reset_aio();
blk_aio_cancel(bus->dma->aiocb);
bus->dma->aiocb = NULL;
}
+ bus->unit = 0;
+ bus->cmd = 0;
+ ide_reset(&bus->ifs[0]);
+ ide_reset(&bus->ifs[1]);
+ ide_clear_hob(bus);
+
/* reset dma provider too */
if (bus->dma->ops->reset) {
bus->dma->ops->reset(bus->dma);

0
debian/patches/extra/0007-migration-states-workaround-snapshot-performance-reg.patch → debian/patches/extra/0006-migration-states-workaround-snapshot-performance-reg.patch vendored
View File

0
debian/patches/extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch → debian/patches/extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch vendored
View File

107
debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch vendored
View File

@ -1,107 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Niklas Cassel <niklas.cassel@wdc.com>
Date: Wed, 8 Nov 2023 23:26:57 +0100
Subject: [PATCH] hw/ide/ahci: fix legacy software reset
Legacy software contains a standard mechanism for generating a reset to a
Serial ATA device - setting the SRST (software reset) bit in the Device
Control register.
Serial ATA has a more robust mechanism called COMRESET, also referred to
as port reset. A port reset is the preferred mechanism for error
recovery and should be used in place of software reset.
Commit e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
improved the handling of PxCI, such that PxCI gets cleared after handling
a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
receiving anything - even a FIS that failed to parse, which should NOT
clear PxCI, so that you can see which command slot that caused an error).
However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
enough, we also need to clear PxCI when receiving a SRST in the Device
Control register.
A legacy software reset is performed by the host sending two H2D FISes,
the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
The first H2D FIS will not get a D2H reply, and requires the FIS to have
the C bit set to one, such that the HBA itself will clear the bit in PxCI.
The second H2D FIS will get a D2H reply once the diagnostic is completed.
The clearing of the bit in PxCI for this command should ideally be done
in ahci_init_d2h() (if it was a legacy software reset that caused the
reset (a COMRESET does not use a command slot)). However, since the reset
value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
that way we can avoid complex logic in ahci_init_d2h().
This fixes an issue for FreeBSD where the device would fail to reset.
The problem was not noticed in Linux, because Linux uses a COMRESET
instead of a legacy software reset by default.
Fixes: e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
(picked from https://lists.nongnu.org/archive/html/qemu-devel/2023-11/msg02277.html)
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/ide/ahci.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index d0a774bc17..1718b7e902 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -623,9 +623,13 @@ static void ahci_init_d2h(AHCIDevice *ad)
return;
}
+ /*
+ * For simplicity, do not call ahci_clear_cmd_issue() for this
+ * ahci_write_fis_d2h(). (The reset value for PxCI is 0.)
+ */
if (ahci_write_fis_d2h(ad, true)) {
ad->init_d2h_sent = true;
- /* We're emulating receiving the first Reg H2D Fis from the device;
+ /* We're emulating receiving the first Reg D2H FIS from the device;
* Update the SIG register, but otherwise proceed as normal. */
pr->sig = ((uint32_t)ide_state->hcyl << 24) |
(ide_state->lcyl << 16) |
@@ -663,6 +667,7 @@ static void ahci_reset_port(AHCIState *s, int port)
pr->scr_act = 0;
pr->tfdata = 0x7F;
pr->sig = 0xFFFFFFFF;
+ pr->cmd_issue = 0;
d->busy_slot = -1;
d->init_d2h_sent = false;
@@ -1243,10 +1248,30 @@ static void handle_reg_h2d_fis(AHCIState *s, int port,
case STATE_RUN:
if (cmd_fis[15] & ATA_SRST) {
s->dev[port].port_state = STATE_RESET;
+ /*
+ * When setting SRST in the first H2D FIS in the reset sequence,
+ * the device does not send a D2H FIS. Host software thus has to
+ * set the "Clear Busy upon R_OK" bit such that PxCI (and BUSY)
+ * gets cleared. See AHCI 1.3.1, section 10.4.1 Software Reset.
+ */
+ if (opts & AHCI_CMD_CLR_BUSY) {
+ ahci_clear_cmd_issue(ad, slot);
+ }
}
break;
case STATE_RESET:
if (!(cmd_fis[15] & ATA_SRST)) {
+ /*
+ * When clearing SRST in the second H2D FIS in the reset
+ * sequence, the device will execute diagnostics. When this is
+ * done, the device will send a D2H FIS with the good status.
+ * See SATA 3.5a Gold, section 11.4 Software reset protocol.
+ *
+ * This D2H FIS is the first D2H FIS received from the device,
+ * and is received regardless if the reset was performed by a
+ * COMRESET or by setting and clearing the SRST bit. Therefore,
+ * the logic for this is found in ahci_init_d2h() and not here.
+ */
ahci_reset_port(s, port);
}
break;

34
debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch vendored
View File

@ -1,34 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Fiona Ebner <f.ebner@proxmox.com>
Date: Wed, 22 Nov 2023 13:17:25 +0100
Subject: [PATCH] ui/vnc-clipboard: fix inflate_buffer
Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
required, because it can happen that stream.avail_in becomes zero
before coming across a return value of Z_STREAM_END.
This fixes the host->guest direction with noNVC.
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
ui/vnc-clipboard.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
index c759be3438..124b6fbd9c 100644
--- a/ui/vnc-clipboard.c
+++ b/ui/vnc-clipboard.c
@@ -69,6 +69,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size)
}
}
+ *size = stream.total_out;
+ inflateEnd(&stream);
+
+ return out;
+
err_end:
inflateEnd(&stream);
err:

36
debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch vendored
View File

@ -1,36 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Fri, 8 Dec 2023 13:43:52 +0100
Subject: [PATCH] block: Fix AioContext locking in qmp_block_resize()
The AioContext must be unlocked before calling blk_co_unref(), because
it takes the AioContext lock internally in blk_unref_bh(), which is
scheduled in the main thread. If we don't unlock, the AioContext is
locked twice and nested event loops such as in bdrv_graph_wrlock() will
deadlock.
Cc: qemu-stable@nongnu.org
Fixes: https://issues.redhat.com/browse/RHEL-15965
Fixes: 0c7d204f50c382c6baac8c94bd57af4a022b3888
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-12/msg01102.html)
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
blockdev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/blockdev.c b/blockdev.c
index e6eba61484..c28462a633 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2361,8 +2361,9 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
bdrv_co_lock(bs);
bdrv_drained_end(bs);
- blk_co_unref(blk);
bdrv_co_unlock(bs);
+
+ blk_co_unref(blk);
}
void qmp_block_stream(const char *job_id, const char *device,

6
debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch vendored
View File

@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
index aa89789737..0db366a851 100644
index 7f540b03ed..ca551baa42 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -564,7 +564,7 @@ static QemuOptsList raw_runtime_opts = {
@@ -563,7 +563,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@ -26,7 +26,7 @@ index aa89789737..0db366a851 100644
},
{
.name = "pr-manager",
@@ -664,7 +664,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
@@ -663,7 +663,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:

4
debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch vendored
View File

@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
index 1448d00afb..d1601d32c1 100644
index 685ec58318..22edf4ee96 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -258,8 +258,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
@@ -260,8 +260,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
int net_hub_id_for_client(NetClientState *nc, int *id);
NetClientState *net_hub_port_find(int hub_id);

2
debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch vendored
View File

@ -10,7 +10,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e0771a1043..1018ccc0b8 100644
index 0893b794e9..6d650a58b9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2243,9 +2243,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);

2
debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch vendored
View File

@ -9,7 +9,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
index 27f48051b0..bb287d8538 100644
index 78433f3746..25d427edd1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3062,7 +3062,8 @@ static int img_info(int argc, char **argv)

12
debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch vendored
View File

@ -54,10 +54,10 @@ index 1b1dab5b17..d1616c045a 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index bb287d8538..09c0340d16 100644
index 25d427edd1..220e6ec577 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4888,10 +4888,12 @@ static int img_bitmap(int argc, char **argv)
@@ -4899,10 +4899,12 @@ static int img_bitmap(int argc, char **argv)
#define C_IF 04
#define C_OF 010
#define C_SKIP 020
@ -70,7 +70,7 @@ index bb287d8538..09c0340d16 100644
};
struct DdIo {
@@ -4967,6 +4969,19 @@ static int img_dd_skip(const char *arg,
@@ -4978,6 +4980,19 @@ static int img_dd_skip(const char *arg,
return 0;
}
@ -90,7 +90,7 @@ index bb287d8538..09c0340d16 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
@@ -5007,6 +5022,7 @@ static int img_dd(int argc, char **argv)
@@ -5018,6 +5033,7 @@ static int img_dd(int argc, char **argv)
{ "if", img_dd_if, C_IF },
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
@ -98,7 +98,7 @@ index bb287d8538..09c0340d16 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
@@ -5082,91 +5098,112 @@ static int img_dd(int argc, char **argv)
@@ -5093,91 +5109,112 @@ static int img_dd(int argc, char **argv)
arg = NULL;
}
@ -275,7 +275,7 @@ index bb287d8538..09c0340d16 100644
}
if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
@@ -5183,20 +5220,43 @@ static int img_dd(int argc, char **argv)
@@ -5194,20 +5231,43 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
for (out_pos = 0; in_pos < size; ) {

14
debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch vendored
View File

@ -16,10 +16,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index 09c0340d16..556535d9d5 100644
index 220e6ec577..58bf9b43d1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4889,11 +4889,13 @@ static int img_bitmap(int argc, char **argv)
@@ -4900,11 +4900,13 @@ static int img_bitmap(int argc, char **argv)
#define C_OF 010
#define C_SKIP 020
#define C_OSIZE 040
@ -33,7 +33,7 @@ index 09c0340d16..556535d9d5 100644
};
struct DdIo {
@@ -4982,6 +4984,19 @@ static int img_dd_osize(const char *arg,
@@ -4993,6 +4995,19 @@ static int img_dd_osize(const char *arg,
return 0;
}
@ -53,7 +53,7 @@ index 09c0340d16..556535d9d5 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
@@ -4996,12 +5011,14 @@ static int img_dd(int argc, char **argv)
@@ -5007,12 +5022,14 @@ static int img_dd(int argc, char **argv)
int c, i;
const char *out_fmt = "raw";
const char *fmt = NULL;
@ -69,7 +69,7 @@ index 09c0340d16..556535d9d5 100644
};
struct DdIo in = {
.bsz = 512, /* Block size is by default 512 bytes */
@@ -5023,6 +5040,7 @@ static int img_dd(int argc, char **argv)
@@ -5034,6 +5051,7 @@ static int img_dd(int argc, char **argv)
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ "osize", img_dd_osize, C_OSIZE },
@ -77,7 +77,7 @@ index 09c0340d16..556535d9d5 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
@@ -5219,9 +5237,10 @@ static int img_dd(int argc, char **argv)
@@ -5230,9 +5248,10 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
@ -90,7 +90,7 @@ index 09c0340d16..556535d9d5 100644
if (blk1) {
in_ret = blk_pread(blk1, in_pos, bytes, in.buf, 0);
if (in_ret == 0) {
@@ -5230,6 +5249,9 @@ static int img_dd(int argc, char **argv)
@@ -5241,6 +5260,9 @@ static int img_dd(int argc, char **argv)
} else {
in_ret = read(STDIN_FILENO, in.buf, bytes);
if (in_ret == 0) {

10
debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch vendored
View File

@ -65,10 +65,10 @@ index d1616c045a..b5b0bb4467 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index 556535d9d5..289c78febb 100644
index 58bf9b43d1..9d414d639b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -5013,7 +5013,7 @@ static int img_dd(int argc, char **argv)
@@ -5024,7 +5024,7 @@ static int img_dd(int argc, char **argv)
const char *fmt = NULL;
int64_t size = 0, readsize = 0;
int64_t out_pos, in_pos;
@ -77,7 +77,7 @@ index 556535d9d5..289c78febb 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
@@ -5051,7 +5051,7 @@ static int img_dd(int argc, char **argv)
@@ -5062,7 +5062,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@ -86,7 +86,7 @@ index 556535d9d5..289c78febb 100644
if (c == EOF) {
break;
}
@@ -5071,6 +5071,9 @@ static int img_dd(int argc, char **argv)
@@ -5082,6 +5082,9 @@ static int img_dd(int argc, char **argv)
case 'h':
help();
break;
@ -96,7 +96,7 @@ index 556535d9d5..289c78febb 100644
case 'U':
force_share = true;
break;
@@ -5201,13 +5204,15 @@ static int img_dd(int argc, char **argv)
@@ -5212,13 +5215,15 @@ static int img_dd(int argc, char **argv)
size - in.bsz * in.offset, &error_abort);
}

14
debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch vendored
View File

@ -46,10 +46,10 @@ index b5b0bb4467..36f97e1f19 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index 289c78febb..da543d05cb 100644
index 9d414d639b..e13a12137b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -5005,6 +5005,7 @@ static int img_dd(int argc, char **argv)
@@ -5016,6 +5016,7 @@ static int img_dd(int argc, char **argv)
BlockDriver *drv = NULL, *proto_drv = NULL;
BlockBackend *blk1 = NULL, *blk2 = NULL;
QemuOpts *opts = NULL;
@ -57,7 +57,7 @@ index 289c78febb..da543d05cb 100644
QemuOptsList *create_opts = NULL;
Error *local_err = NULL;
bool image_opts = false;
@@ -5014,6 +5015,7 @@ static int img_dd(int argc, char **argv)
@@ -5025,6 +5026,7 @@ static int img_dd(int argc, char **argv)
int64_t size = 0, readsize = 0;
int64_t out_pos, in_pos;
bool force_share = false, skip_create = false;
@ -65,7 +65,7 @@ index 289c78febb..da543d05cb 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
@@ -5051,7 +5053,7 @@ static int img_dd(int argc, char **argv)
@@ -5062,7 +5064,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@ -74,7 +74,7 @@ index 289c78febb..da543d05cb 100644
if (c == EOF) {
break;
}
@@ -5074,6 +5076,19 @@ static int img_dd(int argc, char **argv)
@@ -5085,6 +5087,19 @@ static int img_dd(int argc, char **argv)
case 'n':
skip_create = true;
break;
@ -94,7 +94,7 @@ index 289c78febb..da543d05cb 100644
case 'U':
force_share = true;
break;
@@ -5133,11 +5148,24 @@ static int img_dd(int argc, char **argv)
@@ -5144,11 +5159,24 @@ static int img_dd(int argc, char **argv)
if (dd.flags & C_IF) {
blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
force_share);
@ -120,7 +120,7 @@ index 289c78febb..da543d05cb 100644
}
if (dd.flags & C_OSIZE) {
@@ -5292,6 +5320,7 @@ static int img_dd(int argc, char **argv)
@@ -5303,6 +5331,7 @@ static int img_dd(int argc, char **argv)
out:
g_free(arg);
qemu_opts_del(opts);

10
debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch vendored
View File

@ -800,10 +800,10 @@ index cda2effa81..94a58bb0bf 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
index b56f6b2fb2..c8c78c92d4 100644
index 8073f5edf5..dc1ececc9c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4479,6 +4479,18 @@ SRST
@@ -4483,6 +4483,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@ -823,7 +823,7 @@ index b56f6b2fb2..c8c78c92d4 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index b0b96f67fa..f3251de3e7 100644
index c9e9ede237..3f2681aded 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -164,6 +164,7 @@ static const char *accelerators;
@ -834,7 +834,7 @@ index b0b96f67fa..f3251de3e7 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static int display_remote;
@@ -2643,6 +2644,12 @@ void qmp_x_exit_preconfig(Error **errp)
@@ -2647,6 +2648,12 @@ void qmp_x_exit_preconfig(Error **errp)
if (loadvm) {
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
@ -847,7 +847,7 @@ index b0b96f67fa..f3251de3e7 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
@@ -3190,6 +3197,9 @@ void qemu_init(int argc, char **argv)
@@ -3194,6 +3201,9 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;

8
debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch vendored
View File

@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
index c8c78c92d4..20ca2cdba7 100644
index dc1ececc9c..848d2dfdd1 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1197,6 +1197,9 @@ legacy PC, they are not recommended for modern configurations.
@ -28,10 +28,10 @@ index c8c78c92d4..20ca2cdba7 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index f3251de3e7..1b63ffd33d 100644
index 3f2681aded..1a3b9cc4b8 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2679,6 +2679,7 @@ void qemu_init(int argc, char **argv)
@@ -2683,6 +2683,7 @@ void qemu_init(int argc, char **argv)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@ -39,7 +39,7 @@ index f3251de3e7..1b63ffd33d 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
@@ -3302,6 +3303,13 @@ void qemu_init(int argc, char **argv)
@@ -3306,6 +3307,13 @@ void qemu_init(int argc, char **argv)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;

18
debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch vendored
View File

@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
index 0db366a851..46f1ee38ae 100644
index ca551baa42..8b3b83e9d4 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -2870,6 +2870,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
@@ -2873,6 +2873,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@ -24,7 +24,7 @@ index 0db366a851..46f1ee38ae 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
@@ -2910,19 +2911,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
@@ -2913,19 +2914,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@ -59,7 +59,7 @@ index 0db366a851..46f1ee38ae 100644
}
/* Clear the file by truncating it to 0 */
@@ -2976,13 +2980,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
@@ -2979,13 +2983,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@ -82,7 +82,7 @@ index 0db366a851..46f1ee38ae 100644
}
out_close:
@@ -3006,6 +3012,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
@@ -3009,6 +3015,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@ -90,7 +90,7 @@ index 0db366a851..46f1ee38ae 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
@@ -3028,6 +3035,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
@@ -3031,6 +3038,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
return -EINVAL;
}
@ -109,7 +109,7 @@ index 0db366a851..46f1ee38ae 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
@@ -3039,6 +3058,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
@@ -3042,6 +3061,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@ -119,10 +119,10 @@ index 0db366a851..46f1ee38ae 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 903392cb8f..125aa89858 100644
index a5cea82139..bb471c078d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4876,7 +4876,8 @@
@@ -4880,7 +4880,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',

4
debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch vendored
View File

@ -18,10 +18,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
index c15bf1e1fc..04fe25c62c 100644
index 589c9524f8..2505dd658a 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -553,8 +553,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
@@ -536,8 +536,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
qemu_chr_fe_set_echo(&mon->common.chr, true);
/* Note: we run QMP monitor in I/O thread when @chr supports that */

4
debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch vendored
View File

@ -72,7 +72,7 @@ index fbb61f18e4..7da3c519ba 100644
##
# @query-machines:
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 1b63ffd33d..20ba2c5c87 100644
index 1a3b9cc4b8..e9b5f62cc3 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -1597,6 +1597,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
@ -95,7 +95,7 @@ index 1b63ffd33d..20ba2c5c87 100644
g_slist_free(machines);
if (local_err) {
error_append_hint(&local_err, "Use -machine help to list supported machines\n");
@@ -3244,12 +3250,31 @@ void qemu_init(int argc, char **argv)
@@ -3248,12 +3254,31 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_machine:
{
bool help;

2
debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch vendored
View File

@ -1709,7 +1709,7 @@ index 0000000000..d84d807654
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 125aa89858..331c8336d1 100644
index bb471c078d..1b8462a51b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -839,6 +839,235 @@

4
debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch vendored
View File

@ -403,7 +403,7 @@ index c3330310d9..cbfc9a43fb 100644
summary_info += {'libdaxctl support': libdaxctl}
summary_info += {'libudev': libudev}
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 331c8336d1..a818d5f90f 100644
index 1b8462a51b..d67a6d448a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3396,6 +3396,7 @@
@ -432,7 +432,7 @@ index 331c8336d1..a818d5f90f 100644
##
# @BlockdevOptionsNVMe:
#
@@ -4886,6 +4898,7 @@
@@ -4890,6 +4902,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',

2
debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch vendored
View File

@ -186,7 +186,7 @@ index d84d807654..9c8b88d075 100644
ret->pbs_masterkey = true;
ret->backup_max_workers = true;
diff --git a/qapi/block-core.json b/qapi/block-core.json
index a818d5f90f..48eb47c6ea 100644
index d67a6d448a..09de550c95 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -991,6 +991,11 @@

2
debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch vendored
View File

@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+)
diff --git a/block/io.c b/block/io.c
index 055fcf7438..63f7b3ad3e 100644
index 83d1b1dfdc..24a3c84c93 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1710,6 +1710,10 @@ static int bdrv_pad_request(BlockDriverState *bs,

8
debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch vendored
View File

@ -140,10 +140,10 @@ index 86c2256a2b..8423e0c9f9 100644
if (ret) {
return ret;
diff --git a/migration/ram.c b/migration/ram.c
index 9040d66e61..01532c9fc9 100644
index 6e1514f69f..6a1aec7031 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2895,8 +2895,16 @@ static void migration_bitmap_clear_discarded_pages(RAMState *rs)
@@ -2896,8 +2896,16 @@ static void migration_bitmap_clear_discarded_pages(RAMState *rs)
static void ram_init_bitmaps(RAMState *rs)
{
@ -162,7 +162,7 @@ index 9040d66e61..01532c9fc9 100644
qemu_mutex_lock_ramlist();
WITH_RCU_READ_LOCK_GUARD() {
@@ -2908,7 +2916,9 @@ static void ram_init_bitmaps(RAMState *rs)
@@ -2909,7 +2917,9 @@ static void ram_init_bitmaps(RAMState *rs)
}
}
qemu_mutex_unlock_ramlist();
@ -174,7 +174,7 @@ index 9040d66e61..01532c9fc9 100644
/*
* After an eventual first bitmap sync, fixup the initial bitmap
diff --git a/migration/savevm.c b/migration/savevm.c
index a2cb8855e2..ea8b30a630 100644
index d60c4f487a..3c015722f7 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1625,10 +1625,8 @@ static int qemu_savevm_state(QEMUFile *f, Error **errp)

10
debian/patches/series vendored
View File

@ -2,13 +2,9 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-migration-block-dirty-bitmap-fix-loading-bitmap-when.patch
extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch
extra/0007-migration-states-workaround-snapshot-performance-reg.patch
extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
extra/0006-migration-states-workaround-snapshot-performance-reg.patch
extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch

2
qemu

@ -1 +1 @@
Subproject commit 78385bc738108a9b5b20e639520dc60425ca2a5a
Subproject commit 20a1b341a0af1fef84cec9e521d33da0e8d9ecf3