diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch index 306dc3b..a45ee6e 100644 --- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch +++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch @@ -254,10 +254,10 @@ index 663e2b7002..9099c75992 100644 errp); if (!job) { diff --git a/blockdev.c b/blockdev.c -index d7b5c18f0a..6c34d9bb3a 100644 +index e464daea58..1010b60804 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -2932,6 +2932,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2942,6 +2942,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, BlockDriverState *target, const char *replaces, enum MirrorSyncMode sync, @@ -267,7 +267,7 @@ index d7b5c18f0a..6c34d9bb3a 100644 BlockMirrorBackingMode backing_mode, bool zero_target, bool has_speed, int64_t speed, -@@ -2950,6 +2953,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -2960,6 +2963,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, { BlockDriverState *unfiltered_bs; int job_flags = JOB_DEFAULT; @@ -275,7 +275,7 @@ index d7b5c18f0a..6c34d9bb3a 100644 if (!has_speed) { speed = 0; -@@ -3001,6 +3005,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -3011,6 +3015,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, sync = MIRROR_SYNC_MODE_FULL; } @@ -305,7 +305,7 @@ index d7b5c18f0a..6c34d9bb3a 100644 if (!replaces) { /* We want to mirror from @bs, but keep implicit filters on top */ unfiltered_bs = bdrv_skip_implicit_filters(bs); -@@ -3046,8 +3073,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -3056,8 +3083,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, * and will allow to check whether the node still exist at mirror completion */ mirror_start(job_id, bs, target, @@ -316,7 +316,7 @@ index d7b5c18f0a..6c34d9bb3a 100644 on_source_error, on_target_error, unmap, filter_node_name, copy_mode, errp); } -@@ -3192,6 +3219,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) +@@ -3202,6 +3229,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) blockdev_mirror_common(arg->job_id, bs, target_bs, arg->replaces, arg->sync, @@ -325,7 +325,7 @@ index d7b5c18f0a..6c34d9bb3a 100644 backing_mode, zero_target, arg->has_speed, arg->speed, arg->has_granularity, arg->granularity, -@@ -3213,6 +3242,8 @@ void qmp_blockdev_mirror(const char *job_id, +@@ -3223,6 +3252,8 @@ void qmp_blockdev_mirror(const char *job_id, const char *device, const char *target, const char *replaces, MirrorSyncMode sync, @@ -334,7 +334,7 @@ index d7b5c18f0a..6c34d9bb3a 100644 bool has_speed, int64_t speed, bool has_granularity, uint32_t granularity, bool has_buf_size, int64_t buf_size, -@@ -3261,7 +3292,8 @@ void qmp_blockdev_mirror(const char *job_id, +@@ -3271,7 +3302,8 @@ void qmp_blockdev_mirror(const char *job_id, } blockdev_mirror_common(job_id, bs, target_bs, diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch index 3061723..e1cd354 100644 --- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch +++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch @@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 3 insertions(+) diff --git a/blockdev.c b/blockdev.c -index 6c34d9bb3a..24a76b451d 100644 +index 1010b60804..19f490fce7 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -3026,6 +3026,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -3036,6 +3036,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) { return; } diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch index 4139251..7dc188b 100644 --- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch +++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch @@ -62,10 +62,10 @@ index f42953837b..8f79efaa87 100644 if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) { diff --git a/blockdev.c b/blockdev.c -index 24a76b451d..3917af7d02 100644 +index 19f490fce7..9a010f3a86 100644 --- a/blockdev.c +++ b/blockdev.c -@@ -3005,7 +3005,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, +@@ -3015,7 +3015,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs, sync = MIRROR_SYNC_MODE_FULL; } diff --git a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch new file mode 100644 index 0000000..ab3db30 --- /dev/null +++ b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Thu, 13 Apr 2023 13:19:46 -0400 +Subject: [PATCH] rtl8139: fix large_send_mss divide-by-zero +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the driver sets large_send_mss to 0 then a divide-by-zero occurs. +Even if the division wasn't a problem, the for loop that emits MSS-sized +packets would never terminate. + +Solve these issues by skipping offloading when large_send_mss=0. + +This issue was found by OSS-Fuzz as part of Alexander Bulekov's device +fuzzing work. The reproducer is: + + $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \ + 512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \ + rtl8139,netdev=net0 -netdev user,id=net0 -device \ + pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \ + memory-backend-ram,id=mem1,size=2M -qtest stdio + outl 0xcf8 0x80000814 + outl 0xcfc 0xe0000000 + outl 0xcf8 0x80000804 + outw 0xcfc 0x06 + write 0xe0000037 0x1 0x04 + write 0xe00000e0 0x2 0x01 + write 0x1 0x1 0x04 + write 0x3 0x1 0x98 + write 0xa 0x1 0x8c + write 0xb 0x1 0x02 + write 0xc 0x1 0x46 + write 0xd 0x1 0xa6 + write 0xf 0x1 0xb8 + write 0xb800a646028c000c 0x1 0x08 + write 0xb800a646028c000e 0x1 0x47 + write 0xb800a646028c0010 0x1 0x02 + write 0xb800a646028c0017 0x1 0x06 + write 0xb800a646028c0036 0x1 0x80 + write 0xe00000d9 0x1 0x40 + EOF + +Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582 +Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value") +Reported-by: Alexander Bulekov +Cc: Peter Maydell +Signed-off-by: Stefan Hajnoczi +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Alexander Bulekov +Reviewed-by: Peter Maydell +Acked-by: Jason Wang +(picked up from https://patchew.org/QEMU/20230413171946.2865726-1-stefanha@redhat.com/) +Signed-off-by: Fiona Ebner +--- + hw/net/rtl8139.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 5a5aaf868d..5f1a4d359b 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + + int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) & + CP_TC_LGSEN_MSS_MASK; ++ if (large_send_mss == 0) { ++ goto skip_offload; ++ } + + DPRINTF("+++ C+ mode offloaded task TSO IP data %d " + "frame data %d specified MSS=%d\n", diff --git a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch new file mode 100644 index 0000000..0255bd3 --- /dev/null +++ b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Wang Liang +Date: Mon, 24 Apr 2023 18:39:02 +0800 +Subject: [PATCH] block/monitor: Fix crash when executing HMP commit + +hmp_commit() calls blk_is_available() from a non-coroutine context (and +in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock +function, and in the non-coroutine context it calls AIO_WAIT_WHILE(), +which crashes if the aio_context lock is not taken before. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1615 +Signed-off-by: Wang Liang +Message-Id: <20230424103902.45265-1-wangliangzz@126.com> +Reviewed-by: Emanuele Giuseppe Esposito +Reviewed-by: Kevin Wolf +Signed-off-by: Kevin Wolf +(cherry-picked from commit 8c1e8fb2e7fc2cbeb57703e143965a4cd3ad301a) +Signed-off-by: Fiona Ebner +--- + block/monitor/block-hmp-cmds.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c +index 2846083546..ca2599de44 100644 +--- a/block/monitor/block-hmp-cmds.c ++++ b/block/monitor/block-hmp-cmds.c +@@ -214,15 +214,17 @@ void hmp_commit(Monitor *mon, const QDict *qdict) + error_report("Device '%s' not found", device); + return; + } +- if (!blk_is_available(blk)) { +- error_report("Device '%s' has no medium", device); +- return; +- } + + bs = bdrv_skip_implicit_filters(blk_bs(blk)); + aio_context = bdrv_get_aio_context(bs); + aio_context_acquire(aio_context); + ++ if (!blk_is_available(blk)) { ++ error_report("Device '%s' has no medium", device); ++ aio_context_release(aio_context); ++ return; ++ } ++ + ret = bdrv_commit(bs); + + aio_context_release(aio_context); diff --git a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch new file mode 100644 index 0000000..c0368b8 --- /dev/null +++ b/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Fri, 28 Apr 2023 19:48:06 +0400 +Subject: [PATCH] ui: return NULL when getting cursor without a console +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +VNC may try to get the current cursor even when there are no consoles +and crashes. Simple reproducer is qemu with -nodefaults. + +Fixes: (again) +https://gitlab.com/qemu-project/qemu/-/issues/1548 + +Fixes: commit 385ac97f8 ("ui: keep current cursor with QemuConsole") +Signed-off-by: Marc-André Lureau +Reviewed-by: Philippe Mathieu-Daudé +(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-04/msg05598.html) +Signed-off-by: Fiona Ebner +--- + ui/console.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ui/console.c b/ui/console.c +index 6e8a3cdc62..594517ecdb 100644 +--- a/ui/console.c ++++ b/ui/console.c +@@ -2306,7 +2306,7 @@ QEMUCursor *qemu_console_get_cursor(QemuConsole *con) + if (con == NULL) { + con = active_console; + } +- return con->cursor; ++ return con ? con->cursor : NULL; + } + + bool qemu_console_is_visible(QemuConsole *con) diff --git a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch new file mode 100644 index 0000000..d76b723 --- /dev/null +++ b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch @@ -0,0 +1,77 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Maydell +Date: Tue, 2 May 2023 14:55:48 +0100 +Subject: [PATCH] ui: Fix pixel colour channel order for PNG screenshots +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When we take a PNG screenshot the ordering of the colour channels in +the data is not correct, resulting in the image having weird +colouring compared to the actual display. (Specifically, on a +little-endian host the blue and red channels are swapped; on +big-endian everything is wrong.) + +This happens because the pixman idea of the pixel data and the libpng +idea differ. PIXMAN_a9r8g8b8 defines that pixels are 32-bit values, +with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits +0-7. This means that on little-endian systems the bytes in memory +are + B G R A +and on big-endian systems they are + A R G B + +libpng, on the other hand, thinks of pixels as being a series of +values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA +always wants bytes in the order + R G B A + +This isn't the same as the pixman order for either big or little +endian hosts. + +The alpha channel is also unnecessary bulk in the output PNG file, +because there is no alpha information in a screenshot. + +To handle the endianness issue, we already define in ui/qemu-pixman.h +various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent +byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and +PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of + R G B +and 3 bytes per pixel. + +(PPM format screenshots get this right; they already use the +PIXMAN_BE_r8g8b8 format.) + +Cc: qemu-stable@nongnu.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622 +Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG") +Signed-off-by: Peter Maydell +Reviewed-by: Marc-André Lureau +(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00229.html) +Signed-off-by: Fiona Ebner +--- + ui/console.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ui/console.c b/ui/console.c +index 594517ecdb..7461446e71 100644 +--- a/ui/console.c ++++ b/ui/console.c +@@ -311,7 +311,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp) + png_struct *png_ptr; + png_info *info_ptr; + g_autoptr(pixman_image_t) linebuf = +- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width); ++ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width); + uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf); + FILE *f = fdopen(fd, "wb"); + int y; +@@ -341,7 +341,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp) + png_init_io(png_ptr, f); + + png_set_IHDR(png_ptr, info_ptr, width, height, 8, +- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE, ++ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE, + PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE); + + png_write_info(png_ptr, info_ptr); diff --git a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch new file mode 100644 index 0000000..799aa84 --- /dev/null +++ b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Richard Henderson +Date: Thu, 4 May 2023 11:42:32 +0100 +Subject: [PATCH] target/arm: Fix vd == vm overlap in sve_ldff1_z + +If vd == vm, copy vm to scratch, so that we can pre-zero +the output and still access the gather indicies. + +Cc: qemu-stable@nongnu.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612 +Signed-off-by: Richard Henderson +(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00961.html) +Signed-off-by: Fiona Ebner +--- + target/arm/tcg/sve_helper.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c +index ccf5e5beca..0097522470 100644 +--- a/target/arm/tcg/sve_helper.c ++++ b/target/arm/tcg/sve_helper.c +@@ -6727,6 +6727,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm, + intptr_t reg_off; + SVEHostPage info; + target_ulong addr, in_page; ++ ARMVectorReg scratch; + + /* Skip to the first true predicate. */ + reg_off = find_next_active(vg, 0, reg_max, esz); +@@ -6736,6 +6737,11 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm, + return; + } + ++ /* Protect against overlap between vd and vm. */ ++ if (unlikely(vd == vm)) { ++ vm = memcpy(&scratch, vm, reg_max); ++ } ++ + /* + * Probe the first element, allowing faults. + */ diff --git a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch new file mode 100644 index 0000000..a9cc766 --- /dev/null +++ b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Shivaprasad G Bhat +Date: Tue, 2 May 2023 20:55:30 +0530 +Subject: [PATCH] softfloat: Fix the incorrect computation in float32_exp2 + +The float32_exp2 function is computing wrong exponent of 2. + +For example, with the following set of values {0.1, 2.0, 2.0, -1.0}, +the expected output would be {1.071773, 4.000000, 4.000000, 0.500000}. +Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.191022} + +Looking at the code, the float32_exp2() attempts to do this + + 2 3 4 5 n + x x x x x x x + e = 1 + --- + --- + --- + --- + --- + ... + --- + ... + 1! 2! 3! 4! 5! n! + +But because of the typo it ends up doing + + x x x x x x x + e = 1 + --- + --- + --- + --- + --- + ... + --- + ... + 1! 2! 3! 4! 5! n! + +This is because instead of the xnp which holds the numerator, parts_muladd +is using the xp which is just 'x'. Commit '572c4d862ff2' refactored this +function, and mistakenly used xp instead of xnp. + +Cc: qemu-stable@nongnu.org +Fixes: 572c4d862ff2 "softfloat: Convert float32_exp2 to FloatParts" +Partially-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1623 +Reported-By: Luca Barbato (https://gitlab.com/lu-zero) +Signed-off-by: Shivaprasad G Bhat +Signed-off-by: Vaibhav Jain +Message-Id: <168304110865.537992.13059030916325018670.stgit@localhost.localdomain> +Reviewed-by: Richard Henderson +Signed-off-by: Richard Henderson +(cherry-picked from commit 1098cc3fcf952763fc9fd72c1c8fda30a18cc8ea) +Signed-off-by: Fiona Ebner +--- + fpu/softfloat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fpu/softfloat.c b/fpu/softfloat.c +index c7454c3eb1..108f9cb224 100644 +--- a/fpu/softfloat.c ++++ b/fpu/softfloat.c +@@ -5135,7 +5135,7 @@ float32 float32_exp2(float32 a, float_status *status) + float64_unpack_canonical(&rp, float64_one, status); + for (i = 0 ; i < 15 ; i++) { + float64_unpack_canonical(&tp, float32_exp2_coefficients[i], status); +- rp = *parts_muladd(&tp, &xp, &rp, 0, status); ++ rp = *parts_muladd(&tp, &xnp, &rp, 0, status); + xnp = *parts_mul(&xnp, &xp, status); + } + diff --git a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch new file mode 100644 index 0000000..425b39d --- /dev/null +++ b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Yang Zhong +Date: Thu, 6 Apr 2023 02:40:41 -0400 +Subject: [PATCH] target/i386: Change wrong XFRM value in SGX CPUID leaf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with +FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result, +SGX enclaves only supported SSE and x87 feature (xfrm=0x3). + +Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features") +Signed-off-by: Yang Zhong +Reviewed-by: Yang Weijiang +Reviewed-by: Kai Huang +Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com> +Signed-off-by: Paolo Bonzini +(cherry-picked from commit 72497cff896fecf74306ed33626c30e43633cdd6) +Signed-off-by: Fiona Ebner +--- + target/i386/cpu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 6576287e5b..f083ff4335 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -5718,8 +5718,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + } else { + *eax &= env->features[FEAT_SGX_12_1_EAX]; + *ebx &= 0; /* ebx reserve */ +- *ecx &= env->features[FEAT_XSAVE_XSS_LO]; +- *edx &= env->features[FEAT_XSAVE_XSS_HI]; ++ *ecx &= env->features[FEAT_XSAVE_XCR0_LO]; ++ *edx &= env->features[FEAT_XSAVE_XCR0_HI]; + + /* FP and SSE are always allowed regardless of XSAVE/XCR0. */ + *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK; diff --git a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch new file mode 100644 index 0000000..f0534d8 --- /dev/null +++ b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch @@ -0,0 +1,106 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Mon, 1 May 2023 13:34:43 -0400 +Subject: [PATCH] block: compile out assert_bdrv_graph_readable() by default + +reader_count() is a performance bottleneck because the global +aio_context_list_lock mutex causes thread contention. Put this debugging +assertion behind a new ./configure --enable-debug-graph-lock option and +disable it by default. + +The --enable-debug-graph-lock option is also enabled by the more general +--enable-debug option. + +Signed-off-by: Stefan Hajnoczi +(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00058.html) +Signed-off-by: Fiona Ebner +--- + block/graph-lock.c | 3 +++ + configure | 1 + + meson.build | 2 ++ + meson_options.txt | 2 ++ + scripts/meson-buildoptions.sh | 4 ++++ + 5 files changed, 12 insertions(+) + +diff --git a/block/graph-lock.c b/block/graph-lock.c +index 454c31e691..259a7a0bde 100644 +--- a/block/graph-lock.c ++++ b/block/graph-lock.c +@@ -265,7 +265,10 @@ void bdrv_graph_rdunlock_main_loop(void) + + void assert_bdrv_graph_readable(void) + { ++ /* reader_count() is slow due to aio_context_list_lock lock contention */ ++#ifdef CONFIG_DEBUG_GRAPH_LOCK + assert(qemu_in_main_thread() || reader_count()); ++#endif + } + + void assert_bdrv_graph_writable(void) +diff --git a/configure b/configure +index 800b5850f4..a62a3e6be9 100755 +--- a/configure ++++ b/configure +@@ -806,6 +806,7 @@ for opt do + --enable-debug) + # Enable debugging options that aren't excessively noisy + debug_tcg="yes" ++ meson_option_parse --enable-debug-graph-lock "" + meson_option_parse --enable-debug-mutex "" + meson_option_add -Doptimization=0 + fortify_source="no" +diff --git a/meson.build b/meson.build +index c44d05a13f..d964e741e7 100644 +--- a/meson.build ++++ b/meson.build +@@ -1956,6 +1956,7 @@ if get_option('debug_stack_usage') and have_coroutine_pool + have_coroutine_pool = false + endif + config_host_data.set10('CONFIG_COROUTINE_POOL', have_coroutine_pool) ++config_host_data.set('CONFIG_DEBUG_GRAPH_LOCK', get_option('debug_graph_lock')) + config_host_data.set('CONFIG_DEBUG_MUTEX', get_option('debug_mutex')) + config_host_data.set('CONFIG_DEBUG_STACK_USAGE', get_option('debug_stack_usage')) + config_host_data.set('CONFIG_GPROF', get_option('gprof')) +@@ -3833,6 +3834,7 @@ summary_info += {'PIE': get_option('b_pie')} + summary_info += {'static build': config_host.has_key('CONFIG_STATIC')} + summary_info += {'malloc trim support': has_malloc_trim} + summary_info += {'membarrier': have_membarrier} ++summary_info += {'debug graph lock': get_option('debug_graph_lock')} + summary_info += {'debug stack usage': get_option('debug_stack_usage')} + summary_info += {'mutex debugging': get_option('debug_mutex')} + summary_info += {'memory allocator': get_option('malloc')} +diff --git a/meson_options.txt b/meson_options.txt +index fc9447d267..bc857fe68b 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -311,6 +311,8 @@ option('rng_none', type: 'boolean', value: false, + description: 'dummy RNG, avoid using /dev/(u)random and getrandom()') + option('coroutine_pool', type: 'boolean', value: true, + description: 'coroutine freelist (better performance)') ++option('debug_graph_lock', type: 'boolean', value: false, ++ description: 'graph lock debugging support') + option('debug_mutex', type: 'boolean', value: false, + description: 'mutex debugging support') + option('debug_stack_usage', type: 'boolean', value: false, +diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh +index 009fab1515..30e1f25259 100644 +--- a/scripts/meson-buildoptions.sh ++++ b/scripts/meson-buildoptions.sh +@@ -21,6 +21,8 @@ meson_options_help() { + printf "%s\n" ' QEMU' + printf "%s\n" ' --enable-cfi Control-Flow Integrity (CFI)' + printf "%s\n" ' --enable-cfi-debug Verbose errors in case of CFI violation' ++ printf "%s\n" ' --enable-debug-graph-lock' ++ printf "%s\n" ' graph lock debugging support' + printf "%s\n" ' --enable-debug-mutex mutex debugging support' + printf "%s\n" ' --enable-debug-stack-usage' + printf "%s\n" ' measure coroutine stack usage' +@@ -249,6 +251,8 @@ _meson_option_parse() { + --datadir=*) quote_sh "-Ddatadir=$2" ;; + --enable-dbus-display) printf "%s" -Ddbus_display=enabled ;; + --disable-dbus-display) printf "%s" -Ddbus_display=disabled ;; ++ --enable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=true ;; ++ --disable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=false ;; + --enable-debug-mutex) printf "%s" -Ddebug_mutex=true ;; + --disable-debug-mutex) printf "%s" -Ddebug_mutex=false ;; + --enable-debug-stack-usage) printf "%s" -Ddebug_stack_usage=true ;; diff --git a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch new file mode 100644 index 0000000..b7e45e5 --- /dev/null +++ b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch @@ -0,0 +1,100 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leonardo Bras +Date: Tue, 2 May 2023 21:27:02 -0300 +Subject: [PATCH] hw/pci: Disable PCI_ERR_UNCOR_MASK register for machine type + < 8.0 + +Since it's implementation on v8.0.0-rc0, having the PCI_ERR_UNCOR_MASK +set for machine types < 8.0 will cause migration to fail if the target +QEMU version is < 8.0.0 : + +qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10a read: 40 device: 0 cmask: ff wmask: 0 w1cmask:0 +qemu-system-x86_64: Failed to load PCIDevice:config +qemu-system-x86_64: Failed to load e1000e:parent_obj +qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:02.0/e1000e' +qemu-system-x86_64: load of migration failed: Invalid argument + +The above test migrated a 7.2 machine type from QEMU master to QEMU 7.2.0, +with this cmdline: + +./qemu-system-x86_64 -M pc-q35-7.2 [-incoming XXX] + +In order to fix this, property x-pcie-err-unc-mask was introduced to +control when PCI_ERR_UNCOR_MASK is enabled. This property is enabled by +default, but is disabled if machine type <= 7.2. + +Fixes: 010746ae1d ("hw/pci/aer: Implement PCI_ERR_UNCOR_MASK register") +Suggested-by: Michael S. Tsirkin +Signed-off-by: Leonardo Bras +Reviewed-by: Jonathan Cameron +Reviewed-by: Peter Xu +Reviewed-by: Juan Quintela +(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00350.html) +Signed-off-by: Fiona Ebner +--- + hw/core/machine.c | 1 + + hw/pci/pci.c | 2 ++ + hw/pci/pcie_aer.c | 11 +++++++---- + include/hw/pci/pci.h | 2 ++ + 4 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index cd13b8b0a3..5060119952 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -43,6 +43,7 @@ GlobalProperty hw_compat_7_2[] = { + { "e1000e", "migrate-timadj", "off" }, + { "virtio-mem", "x-early-migration", "false" }, + { "migration", "x-preempt-pre-7-2", "true" }, ++ { TYPE_PCI_DEVICE, "x-pcie-err-unc-mask", "off" }, + }; + const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2); + +diff --git a/hw/pci/pci.c b/hw/pci/pci.c +index def5000e7b..8ad4349e96 100644 +--- a/hw/pci/pci.c ++++ b/hw/pci/pci.c +@@ -79,6 +79,8 @@ static Property pci_props[] = { + DEFINE_PROP_STRING("failover_pair_id", PCIDevice, + failover_pair_id), + DEFINE_PROP_UINT32("acpi-index", PCIDevice, acpi_index, 0), ++ DEFINE_PROP_BIT("x-pcie-err-unc-mask", PCIDevice, cap_present, ++ QEMU_PCIE_ERR_UNC_MASK_BITNR, true), + DEFINE_PROP_END_OF_LIST() + }; + +diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c +index 103667c368..374d593ead 100644 +--- a/hw/pci/pcie_aer.c ++++ b/hw/pci/pcie_aer.c +@@ -112,10 +112,13 @@ int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset, + + pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS, + PCI_ERR_UNC_SUPPORTED); +- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK, +- PCI_ERR_UNC_MASK_DEFAULT); +- pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK, +- PCI_ERR_UNC_SUPPORTED); ++ ++ if (dev->cap_present & QEMU_PCIE_ERR_UNC_MASK) { ++ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK, ++ PCI_ERR_UNC_MASK_DEFAULT); ++ pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK, ++ PCI_ERR_UNC_SUPPORTED); ++ } + + pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER, + PCI_ERR_UNC_SEVERITY_DEFAULT); +diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h +index d5a40cd058..6dc6742fc4 100644 +--- a/include/hw/pci/pci.h ++++ b/include/hw/pci/pci.h +@@ -207,6 +207,8 @@ enum { + QEMU_PCIE_EXTCAP_INIT = (1 << QEMU_PCIE_EXTCAP_INIT_BITNR), + #define QEMU_PCIE_CXL_BITNR 10 + QEMU_PCIE_CAP_CXL = (1 << QEMU_PCIE_CXL_BITNR), ++#define QEMU_PCIE_ERR_UNC_MASK_BITNR 11 ++ QEMU_PCIE_ERR_UNC_MASK = (1 << QEMU_PCIE_ERR_UNC_MASK_BITNR), + }; + + typedef struct PCIINTxRoute { diff --git a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch new file mode 100644 index 0000000..20e3e35 --- /dev/null +++ b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch @@ -0,0 +1,57 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Wed, 3 May 2023 16:01:42 +0200 +Subject: [PATCH] block: Fix use after free in blockdev_mark_auto_del() + +job_cancel_locked() drops the job list lock temporarily and it may call +aio_poll(). We must assume that the list has changed after this call. +Also, with unlucky timing, it can end up freeing the job during +job_completed_txn_abort_locked(), making the job pointer invalid, too. + +For both reasons, we can't just continue at block_job_next_locked(job). +Instead, start at the head of the list again after job_cancel_locked() +and skip those jobs that we already cancelled (or that are completing +anyway). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Message-Id: <20230503140142.474404-1-kwolf@redhat.com> +Reviewed-by: Stefan Hajnoczi +Signed-off-by: Kevin Wolf +(cherry-picked from commit e2626874a32602d4e52971c786ef5ffb4430629d) +Signed-off-by: Fiona Ebner +--- + blockdev.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/blockdev.c b/blockdev.c +index d7b5c18f0a..2c1752a403 100644 +--- a/blockdev.c ++++ b/blockdev.c +@@ -153,12 +153,22 @@ void blockdev_mark_auto_del(BlockBackend *blk) + + JOB_LOCK_GUARD(); + +- for (job = block_job_next_locked(NULL); job; +- job = block_job_next_locked(job)) { +- if (block_job_has_bdrv(job, blk_bs(blk))) { ++ do { ++ job = block_job_next_locked(NULL); ++ while (job && (job->job.cancelled || ++ job->job.deferred_to_main_loop || ++ !block_job_has_bdrv(job, blk_bs(blk)))) ++ { ++ job = block_job_next_locked(job); ++ } ++ if (job) { ++ /* ++ * This drops the job lock temporarily and polls, so we need to ++ * restart processing the list from the start after this. ++ */ + job_cancel_locked(&job->job, false); + } +- } ++ } while (job); + + dinfo->auto_del = 1; + } diff --git a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch new file mode 100644 index 0000000..a65c044 --- /dev/null +++ b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Thu, 4 May 2023 13:57:32 +0200 +Subject: [PATCH] block: Consistently call bdrv_activate() outside coroutine + +Migration code can call bdrv_activate() in coroutine context, whereas +other callers call it outside of coroutines. As it calls other code that +is not supposed to run in coroutines, standardise on running outside of +coroutines. + +This adds a no_co_wrapper to switch to the main loop before calling +bdrv_activate(). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Reviewed-by: Eric Blake +Reviewed-by: Stefan Hajnoczi +Message-Id: <20230504115750.54437-3-kwolf@redhat.com> +Signed-off-by: Kevin Wolf +(cherry-picked from commit da4afaff074e56b0fa0d25abf865784148018895) +Signed-off-by: Fiona Ebner +--- + block/block-backend.c | 10 +++++++++- + include/block/block-global-state.h | 6 +++++- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/block/block-backend.c b/block/block-backend.c +index 55efc735b4..d59f759daf 100644 +--- a/block/block-backend.c ++++ b/block/block-backend.c +@@ -2018,7 +2018,15 @@ void blk_activate(BlockBackend *blk, Error **errp) + return; + } + +- bdrv_activate(bs, errp); ++ /* ++ * Migration code can call this function in coroutine context, so leave ++ * coroutine context if necessary. ++ */ ++ if (qemu_in_coroutine()) { ++ bdrv_co_activate(bs, errp); ++ } else { ++ bdrv_activate(bs, errp); ++ } + } + + bool coroutine_fn blk_co_is_inserted(BlockBackend *blk) +diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h +index 399200a9a3..2c312cc774 100644 +--- a/include/block/block-global-state.h ++++ b/include/block/block-global-state.h +@@ -166,7 +166,11 @@ int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts, + BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs, + const char *node_name, Error **errp); + +-int bdrv_activate(BlockDriverState *bs, Error **errp); ++int no_coroutine_fn bdrv_activate(BlockDriverState *bs, Error **errp); ++ ++int coroutine_fn no_co_wrapper ++bdrv_co_activate(BlockDriverState *bs, Error **errp); ++ + void bdrv_activate_all(Error **errp); + int bdrv_inactivate_all(void); + diff --git a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch new file mode 100644 index 0000000..541e64e --- /dev/null +++ b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch @@ -0,0 +1,373 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Thu, 4 May 2023 13:57:33 +0200 +Subject: [PATCH] block: bdrv/blk_co_unref() for calls in coroutine context + +These functions must not be called in coroutine context, because they +need write access to the graph. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Reviewed-by: Eric Blake +Reviewed-by: Stefan Hajnoczi +Message-Id: <20230504115750.54437-4-kwolf@redhat.com> +Signed-off-by: Kevin Wolf +(cherry-picked from commit b2ab5f545fa1eaaf2955dd617bee19a8b3279786) +Signed-off-by: Fiona Ebner +--- + block.c | 2 +- + block/crypto.c | 6 +++--- + block/parallels.c | 6 +++--- + block/qcow.c | 6 +++--- + block/qcow2.c | 14 +++++++------- + block/qed.c | 6 +++--- + block/vdi.c | 6 +++--- + block/vhdx.c | 6 +++--- + block/vmdk.c | 18 +++++++++--------- + block/vpc.c | 6 +++--- + include/block/block-global-state.h | 3 ++- + include/sysemu/block-backend-global-state.h | 5 ++++- + 12 files changed, 44 insertions(+), 40 deletions(-) + +diff --git a/block.c b/block.c +index d79a52ca74..a48112f945 100644 +--- a/block.c ++++ b/block.c +@@ -680,7 +680,7 @@ int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv, + + ret = 0; + out: +- blk_unref(blk); ++ blk_co_unref(blk); + return ret; + } + +diff --git a/block/crypto.c b/block/crypto.c +index ca67289187..8fd3ad0054 100644 +--- a/block/crypto.c ++++ b/block/crypto.c +@@ -355,7 +355,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size, + ret = 0; + cleanup: + qcrypto_block_free(crypto); +- blk_unref(blk); ++ blk_co_unref(blk); + return ret; + } + +@@ -661,7 +661,7 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) + + ret = 0; + fail: +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + return ret; + } + +@@ -730,7 +730,7 @@ fail: + bdrv_co_delete_file_noerr(bs); + } + +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + qapi_free_QCryptoBlockCreateOptions(create_opts); + qobject_unref(cryptoopts); + return ret; +diff --git a/block/parallels.c b/block/parallels.c +index 013684801a..b49c35929e 100644 +--- a/block/parallels.c ++++ b/block/parallels.c +@@ -613,8 +613,8 @@ static int coroutine_fn parallels_co_create(BlockdevCreateOptions* opts, + + ret = 0; + out: +- blk_unref(blk); +- bdrv_unref(bs); ++ blk_co_unref(blk); ++ bdrv_co_unref(bs); + return ret; + + exit: +@@ -691,7 +691,7 @@ parallels_co_create_opts(BlockDriver *drv, const char *filename, + + done: + qobject_unref(qdict); +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + qapi_free_BlockdevCreateOptions(create_options); + return ret; + } +diff --git a/block/qcow.c b/block/qcow.c +index 490e4f819e..a0c701f578 100644 +--- a/block/qcow.c ++++ b/block/qcow.c +@@ -915,8 +915,8 @@ static int coroutine_fn qcow_co_create(BlockdevCreateOptions *opts, + g_free(tmp); + ret = 0; + exit: +- blk_unref(qcow_blk); +- bdrv_unref(bs); ++ blk_co_unref(qcow_blk); ++ bdrv_co_unref(bs); + qcrypto_block_free(crypto); + return ret; + } +@@ -1015,7 +1015,7 @@ qcow_co_create_opts(BlockDriver *drv, const char *filename, + fail: + g_free(backing_fmt); + qobject_unref(qdict); +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + qapi_free_BlockdevCreateOptions(create_options); + return ret; + } +diff --git a/block/qcow2.c b/block/qcow2.c +index 30fd53fa64..6746763c34 100644 +--- a/block/qcow2.c ++++ b/block/qcow2.c +@@ -3705,7 +3705,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) + goto out; + } + +- blk_unref(blk); ++ blk_co_unref(blk); + blk = NULL; + + /* +@@ -3785,7 +3785,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) + } + } + +- blk_unref(blk); ++ blk_co_unref(blk); + blk = NULL; + + /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning. +@@ -3810,9 +3810,9 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) + + ret = 0; + out: +- blk_unref(blk); +- bdrv_unref(bs); +- bdrv_unref(data_bs); ++ blk_co_unref(blk); ++ bdrv_co_unref(bs); ++ bdrv_co_unref(data_bs); + return ret; + } + +@@ -3943,8 +3943,8 @@ finish: + } + + qobject_unref(qdict); +- bdrv_unref(bs); +- bdrv_unref(data_bs); ++ bdrv_co_unref(bs); ++ bdrv_co_unref(data_bs); + qapi_free_BlockdevCreateOptions(create_options); + return ret; + } +diff --git a/block/qed.c b/block/qed.c +index 0705a7b4e2..aff2a2076e 100644 +--- a/block/qed.c ++++ b/block/qed.c +@@ -748,8 +748,8 @@ static int coroutine_fn bdrv_qed_co_create(BlockdevCreateOptions *opts, + ret = 0; /* success */ + out: + g_free(l1_table); +- blk_unref(blk); +- bdrv_unref(bs); ++ blk_co_unref(blk); ++ bdrv_co_unref(bs); + return ret; + } + +@@ -819,7 +819,7 @@ bdrv_qed_co_create_opts(BlockDriver *drv, const char *filename, + + fail: + qobject_unref(qdict); +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + qapi_free_BlockdevCreateOptions(create_options); + return ret; + } +diff --git a/block/vdi.c b/block/vdi.c +index f2434d6153..08331d2dd7 100644 +--- a/block/vdi.c ++++ b/block/vdi.c +@@ -886,8 +886,8 @@ static int coroutine_fn vdi_co_do_create(BlockdevCreateOptions *create_options, + + ret = 0; + exit: +- blk_unref(blk); +- bdrv_unref(bs_file); ++ blk_co_unref(blk); ++ bdrv_co_unref(bs_file); + g_free(bmap); + return ret; + } +@@ -975,7 +975,7 @@ vdi_co_create_opts(BlockDriver *drv, const char *filename, + done: + qobject_unref(qdict); + qapi_free_BlockdevCreateOptions(create_options); +- bdrv_unref(bs_file); ++ bdrv_co_unref(bs_file); + return ret; + } + +diff --git a/block/vhdx.c b/block/vhdx.c +index 81420722a1..00777da91a 100644 +--- a/block/vhdx.c ++++ b/block/vhdx.c +@@ -2053,8 +2053,8 @@ static int coroutine_fn vhdx_co_create(BlockdevCreateOptions *opts, + + ret = 0; + delete_and_exit: +- blk_unref(blk); +- bdrv_unref(bs); ++ blk_co_unref(blk); ++ bdrv_co_unref(bs); + g_free(creator); + return ret; + } +@@ -2144,7 +2144,7 @@ vhdx_co_create_opts(BlockDriver *drv, const char *filename, + + fail: + qobject_unref(qdict); +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + qapi_free_BlockdevCreateOptions(create_options); + return ret; + } +diff --git a/block/vmdk.c b/block/vmdk.c +index f5f49018fe..01ca13c82b 100644 +--- a/block/vmdk.c ++++ b/block/vmdk.c +@@ -2306,7 +2306,7 @@ exit: + if (pbb) { + *pbb = blk; + } else { +- blk_unref(blk); ++ blk_co_unref(blk); + blk = NULL; + } + } +@@ -2516,12 +2516,12 @@ vmdk_co_do_create(int64_t size, + if (strcmp(blk_bs(backing)->drv->format_name, "vmdk")) { + error_setg(errp, "Invalid backing file format: %s. Must be vmdk", + blk_bs(backing)->drv->format_name); +- blk_unref(backing); ++ blk_co_unref(backing); + ret = -EINVAL; + goto exit; + } + ret = vmdk_read_cid(blk_bs(backing), 0, &parent_cid); +- blk_unref(backing); ++ blk_co_unref(backing); + if (ret) { + error_setg(errp, "Failed to read parent CID"); + goto exit; +@@ -2542,14 +2542,14 @@ vmdk_co_do_create(int64_t size, + blk_bs(extent_blk)->filename); + created_size += cur_size; + extent_idx++; +- blk_unref(extent_blk); ++ blk_co_unref(extent_blk); + } + + /* Check whether we got excess extents */ + extent_blk = extent_fn(-1, extent_idx, flat, split, compress, zeroed_grain, + opaque, NULL); + if (extent_blk) { +- blk_unref(extent_blk); ++ blk_co_unref(extent_blk); + error_setg(errp, "List of extents contains unused extents"); + ret = -EINVAL; + goto exit; +@@ -2590,7 +2590,7 @@ vmdk_co_do_create(int64_t size, + ret = 0; + exit: + if (blk) { +- blk_unref(blk); ++ blk_co_unref(blk); + } + g_free(desc); + g_free(parent_desc_line); +@@ -2641,7 +2641,7 @@ vmdk_co_create_opts_cb(int64_t size, int idx, bool flat, bool split, + errp)) { + goto exit; + } +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + exit: + g_free(ext_filename); + return blk; +@@ -2797,12 +2797,12 @@ static BlockBackend * coroutine_fn vmdk_co_create_cb(int64_t size, int idx, + return NULL; + } + blk_set_allow_write_beyond_eof(blk, true); +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + + if (size != -1) { + ret = vmdk_init_extent(blk, size, flat, compress, zeroed_grain, errp); + if (ret) { +- blk_unref(blk); ++ blk_co_unref(blk); + blk = NULL; + } + } +diff --git a/block/vpc.c b/block/vpc.c +index b89b0ff8e2..07ddda5b99 100644 +--- a/block/vpc.c ++++ b/block/vpc.c +@@ -1082,8 +1082,8 @@ static int coroutine_fn vpc_co_create(BlockdevCreateOptions *opts, + } + + out: +- blk_unref(blk); +- bdrv_unref(bs); ++ blk_co_unref(blk); ++ bdrv_co_unref(bs); + return ret; + } + +@@ -1162,7 +1162,7 @@ vpc_co_create_opts(BlockDriver *drv, const char *filename, + + fail: + qobject_unref(qdict); +- bdrv_unref(bs); ++ bdrv_co_unref(bs); + qapi_free_BlockdevCreateOptions(create_options); + return ret; + } +diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h +index 2c312cc774..ec3ddb17a8 100644 +--- a/include/block/block-global-state.h ++++ b/include/block/block-global-state.h +@@ -218,7 +218,8 @@ void bdrv_img_create(const char *filename, const char *fmt, + bool quiet, Error **errp); + + void bdrv_ref(BlockDriverState *bs); +-void bdrv_unref(BlockDriverState *bs); ++void no_coroutine_fn bdrv_unref(BlockDriverState *bs); ++void coroutine_fn no_co_wrapper bdrv_co_unref(BlockDriverState *bs); + void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child); + BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, + BlockDriverState *child_bs, +diff --git a/include/sysemu/block-backend-global-state.h b/include/sysemu/block-backend-global-state.h +index 2b6d27db7c..fa83f9389c 100644 +--- a/include/sysemu/block-backend-global-state.h ++++ b/include/sysemu/block-backend-global-state.h +@@ -42,7 +42,10 @@ blk_co_new_open(const char *filename, const char *reference, QDict *options, + + int blk_get_refcnt(BlockBackend *blk); + void blk_ref(BlockBackend *blk); +-void blk_unref(BlockBackend *blk); ++ ++void no_coroutine_fn blk_unref(BlockBackend *blk); ++void coroutine_fn no_co_wrapper blk_co_unref(BlockBackend *blk); ++ + void blk_remove_all_bs(void); + BlockBackend *blk_by_name(const char *name); + BlockBackend *blk_next(BlockBackend *blk); diff --git a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch new file mode 100644 index 0000000..685b7a8 --- /dev/null +++ b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Thu, 4 May 2023 13:57:34 +0200 +Subject: [PATCH] block: Don't call no_coroutine_fns in qmp_block_resize() + +This QMP handler runs in a coroutine, so it must use the corresponding +no_co_wrappers instead. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2185688 +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Reviewed-by: Eric Blake +Reviewed-by: Stefan Hajnoczi +Message-Id: <20230504115750.54437-5-kwolf@redhat.com> +Signed-off-by: Kevin Wolf +(cherry-picked from commit 0c7d204f50c382c6baac8c94bd57af4a022b3888) +Signed-off-by: Fiona Ebner +--- + blockdev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/blockdev.c b/blockdev.c +index 2c1752a403..e464daea58 100644 +--- a/blockdev.c ++++ b/blockdev.c +@@ -2440,7 +2440,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name, + return; + } + +- blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp); ++ blk = blk_co_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp); + if (!blk) { + return; + } +@@ -2455,7 +2455,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name, + + bdrv_co_lock(bs); + bdrv_drained_end(bs); +- blk_unref(blk); ++ blk_co_unref(blk); + bdrv_co_unlock(bs); + } + diff --git a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch new file mode 100644 index 0000000..e4d9946 --- /dev/null +++ b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Richard Henderson +Date: Fri, 5 May 2023 21:40:49 +0100 +Subject: [PATCH] accel/tcg: Fix atomic_mmu_lookup for reads +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A copy-paste bug had us looking at the victim cache for writes. + +Cc: qemu-stable@nongnu.org +Reported-by: Peter Maydell +Signed-off-by: Richard Henderson +Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops") +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Peter Maydell +Message-Id: <20230505204049.352469-1-richard.henderson@linaro.org> +(cherry-picked from commit 8c313254e61ed47a1bf4a2db714b25cdd94fbcce) +Signed-off-by: Fiona Ebner +--- + accel/tcg/cputlb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c +index e984a98dc4..145fba45b2 100644 +--- a/accel/tcg/cputlb.c ++++ b/accel/tcg/cputlb.c +@@ -1830,7 +1830,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr, + } else /* if (prot & PAGE_READ) */ { + tlb_addr = tlbe->addr_read; + if (!tlb_hit(tlb_addr, addr)) { +- if (!VICTIM_TLB_HIT(addr_write, addr)) { ++ if (!VICTIM_TLB_HIT(addr_read, addr)) { + tlb_fill(env_cpu(env), addr, size, + MMU_DATA_LOAD, mmu_idx, retaddr); + index = tlb_index(env, mmu_idx, addr); diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch index 524cdb4..8c76070 100644 --- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch +++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch @@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/core/machine.c b/hw/core/machine.c -index cd13b8b0a3..cb1d334bcb 100644 +index 5060119952..9d1c358c12 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c -@@ -141,7 +141,8 @@ GlobalProperty hw_compat_4_0[] = { +@@ -142,7 +142,8 @@ GlobalProperty hw_compat_4_0[] = { { "virtio-vga", "edid", "false" }, { "virtio-gpu-device", "edid", "false" }, { "virtio-device", "use-started", "false" }, diff --git a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch index b356f34..fd0c8e6 100644 --- a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch +++ b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch @@ -33,7 +33,7 @@ index 253fe49fa2..744b698a82 100644 softmmu_ss.add(files('block-ram-registrar.c')) diff --git a/meson.build b/meson.build -index c44d05a13f..b9bc31b01c 100644 +index d964e741e7..603cdb97bb 100644 --- a/meson.build +++ b/meson.build @@ -1527,6 +1527,8 @@ keyutils = dependency('libkeyutils', required: false, @@ -45,7 +45,7 @@ index c44d05a13f..b9bc31b01c 100644 # libselinux selinux = dependency('libselinux', required: get_option('selinux'), -@@ -3645,6 +3647,9 @@ if have_tools +@@ -3646,6 +3648,9 @@ if have_tools dependencies: [blockdev, qemuutil, gnutls, selinux], install: true) diff --git a/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch b/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch index add2222..268f13b 100644 --- a/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch +++ b/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch @@ -48,10 +48,10 @@ index f580f95395..5bcebb934b 100644 softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c')) softmmu_ss.add(files('block-ram-registrar.c')) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index 2846083546..947d4f3df0 100644 +index ca2599de44..d50e99df26 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1027,3 +1027,36 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target, +@@ -1029,3 +1029,36 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target, qmp_blockdev_change_medium(device, NULL, target, arg, true, force, !!read_only, read_only_mode, errp); } @@ -89,7 +89,7 @@ index 2846083546..947d4f3df0 100644 + hmp_handle_error(mon, error); +} diff --git a/blockdev.c b/blockdev.c -index 47c70eeb91..3b95f54b64 100644 +index 9a010f3a86..b9505c95d3 100644 --- a/blockdev.c +++ b/blockdev.c @@ -37,6 +37,7 @@ @@ -187,7 +187,7 @@ index c012bad741..2e504db706 100644 void hmp_device_add(Monitor *mon, const QDict *qdict); void hmp_device_del(Monitor *mon, const QDict *qdict); diff --git a/meson.build b/meson.build -index b9bc31b01c..b12ef9f8d4 100644 +index 603cdb97bb..d307d8eabf 100644 --- a/meson.build +++ b/meson.build @@ -1528,6 +1528,7 @@ keyutils = dependency('libkeyutils', required: false, @@ -510,7 +510,7 @@ index 0000000000..1dda8b7d8f +#endif /* PROXMOX_BACKUP_CLIENT_H */ diff --git a/pve-backup.c b/pve-backup.c new file mode 100644 -index 0000000000..bb51c030bd +index 0000000000..389d6c84a0 --- /dev/null +++ b/pve-backup.c @@ -0,0 +1,938 @@ @@ -1328,7 +1328,7 @@ index 0000000000..bb51c030bd + l = g_list_next(l); + + if (di->target) { -+ bdrv_unref(di->target); ++ bdrv_co_unref(di->target); + } + + if (di->targetfile[0]) { diff --git a/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch index 2d29a8d..4ee6100 100644 --- a/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch +++ b/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch @@ -12,10 +12,10 @@ Signed-off-by: Thomas Lamprecht create mode 100644 pbs-restore.c diff --git a/meson.build b/meson.build -index b12ef9f8d4..8ec21bba90 100644 +index d307d8eabf..afd105001e 100644 --- a/meson.build +++ b/meson.build -@@ -3651,6 +3651,10 @@ if have_tools +@@ -3652,6 +3652,10 @@ if have_tools vma = executable('vma', files('vma.c', 'vma-reader.c') + genh, dependencies: [authz, block, crypto, io, qom], install: true) diff --git a/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch b/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch index f28236a..082241a 100644 --- a/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch +++ b/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch @@ -29,10 +29,10 @@ Signed-off-by: Thomas Lamprecht 6 files changed, 143 insertions(+), 23 deletions(-) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index 947d4f3df0..bcba630f12 100644 +index d50e99df26..cda5de792b 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1054,6 +1054,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict) +@@ -1056,6 +1056,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict) NULL, // PBS fingerprint NULL, // PBS backup-id false, 0, // PBS backup-time @@ -132,7 +132,7 @@ index 1dda8b7d8f..8cbf645b2c 100644 diff --git a/pve-backup.c b/pve-backup.c -index bb51c030bd..cfdeb50f23 100644 +index 389d6c84a0..c4cbff7fb1 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -7,6 +7,7 @@ @@ -378,7 +378,7 @@ index bb51c030bd..cfdeb50f23 100644 + } + if (di->target) { - bdrv_unref(di->target); + bdrv_co_unref(di->target); } @@ -852,6 +931,7 @@ UuidInfo *qmp_backup( const char *fingerprint, diff --git a/debian/patches/pve/0032-PVE-various-PBS-fixes.patch b/debian/patches/pve/0032-PVE-various-PBS-fixes.patch index f4711cd..a5d7a02 100644 --- a/debian/patches/pve/0032-PVE-various-PBS-fixes.patch +++ b/debian/patches/pve/0032-PVE-various-PBS-fixes.patch @@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner 3 files changed, 52 insertions(+), 12 deletions(-) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index bcba630f12..6a6ed6d0e7 100644 +index cda5de792b..ecbebd39ac 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1054,7 +1054,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict) +@@ -1056,7 +1056,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict) NULL, // PBS fingerprint NULL, // PBS backup-id false, 0, // PBS backup-time @@ -36,7 +36,7 @@ index bcba630f12..6a6ed6d0e7 100644 NULL, NULL, devlist, qdict_haskey(qdict, "speed"), speed, &error); diff --git a/pve-backup.c b/pve-backup.c -index cfdeb50f23..f1eacbcaf6 100644 +index c4cbff7fb1..95f742e1d1 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -10,6 +10,7 @@ diff --git a/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch index c78dbd7..d7868e1 100644 --- a/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch +++ b/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch @@ -319,7 +319,7 @@ index 0000000000..43e69ada46 + +block_init(bdrv_pbs_init); diff --git a/configure b/configure -index 800b5850f4..37e12a3dce 100755 +index a62a3e6be9..1ac0feb46b 100755 --- a/configure +++ b/configure @@ -288,6 +288,7 @@ linux_user="" @@ -330,7 +330,7 @@ index 800b5850f4..37e12a3dce 100755 plugins="$default_feature" meson="" ninja="" -@@ -872,6 +873,10 @@ for opt do +@@ -873,6 +874,10 @@ for opt do ;; --with-coroutine=*) coroutine="$optarg" ;; @@ -341,7 +341,7 @@ index 800b5850f4..37e12a3dce 100755 --with-git=*) git="$optarg" ;; --with-git-submodules=*) -@@ -1048,6 +1053,7 @@ cat << EOF +@@ -1049,6 +1054,7 @@ cat << EOF debug-info debugging information safe-stack SafeStack Stack Smash Protection. Depends on clang/llvm and requires coroutine backend ucontext. @@ -349,7 +349,7 @@ index 800b5850f4..37e12a3dce 100755 NOTE: The object files are built at the place where configure is launched EOF -@@ -2385,6 +2391,9 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak +@@ -2386,6 +2392,9 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak if test "$modules" = "yes"; then echo "CONFIG_MODULES=y" >> $config_host_mak fi @@ -360,10 +360,10 @@ index 800b5850f4..37e12a3dce 100755 # XXX: suppress that if [ "$bsd" = "yes" ] ; then diff --git a/meson.build b/meson.build -index 8ec21bba90..419bea5cf4 100644 +index afd105001e..d01ee5d489 100644 --- a/meson.build +++ b/meson.build -@@ -4035,7 +4035,7 @@ summary_info += {'bzip2 support': libbzip2} +@@ -4037,7 +4037,7 @@ summary_info += {'bzip2 support': libbzip2} summary_info += {'lzfse support': liblzfse} summary_info += {'zstd support': zstd} summary_info += {'NUMA host support': numa} diff --git a/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch b/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch index 0ceb595..60ba5dd 100644 --- a/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch +++ b/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch @@ -16,7 +16,7 @@ Signed-off-by: Stefan Reiter 2 files changed, 38 insertions(+) diff --git a/pve-backup.c b/pve-backup.c -index f1eacbcaf6..c6fee40a67 100644 +index 95f742e1d1..9eb8645e63 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -1054,3 +1054,12 @@ BackupStatus *qmp_query_backup(Error **errp) diff --git a/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch b/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch index 418ae1c..cd76e86 100644 --- a/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch +++ b/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch @@ -69,7 +69,7 @@ index 087161a967..9a67e544ce 100644 info->zero_bytes, zero_per); diff --git a/pve-backup.c b/pve-backup.c -index c6fee40a67..d4abe6e703 100644 +index 9eb8645e63..2db35f90e0 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -48,6 +48,7 @@ static struct PVEBackupState { diff --git a/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch index 7f8fe9e..98e02a0 100644 --- a/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch +++ b/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch @@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build -index 419bea5cf4..c39c6054ee 100644 +index d01ee5d489..6129c3ce0c 100644 --- a/meson.build +++ b/meson.build @@ -1528,6 +1528,7 @@ keyutils = dependency('libkeyutils', required: false, @@ -25,7 +25,7 @@ index 419bea5cf4..c39c6054ee 100644 libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true) # libselinux -@@ -3143,6 +3144,7 @@ if have_block +@@ -3144,6 +3145,7 @@ if have_block # os-posix.c contains POSIX-specific functions used by qemu-storage-daemon, # os-win32.c does not blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c')) diff --git a/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch b/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch index 616b170..3a6b4d3 100644 --- a/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch +++ b/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch @@ -20,7 +20,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 50 insertions(+), 113 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index d4abe6e703..214c839c0b 100644 +index 2db35f90e0..b4bc2de76e 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -54,6 +54,7 @@ static struct PVEBackupState { @@ -271,7 +271,7 @@ index d4abe6e703..214c839c0b 100644 - } - if (di->target) { - bdrv_unref(di->target); + bdrv_co_unref(di->target); } @@ -1021,9 +952,15 @@ UuidInfo *qmp_backup( block_on_coroutine_fn(pvebackup_co_prepare, &task); diff --git a/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch b/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch index 7cd670e..7f2f945 100644 --- a/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch +++ b/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch @@ -57,7 +57,7 @@ Signed-off-by: Fiona Ebner 2 files changed, 138 insertions(+), 79 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index 214c839c0b..1d233dac93 100644 +index b4bc2de76e..6d6d7708b6 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -35,7 +35,9 @@ const char *PBS_BITMAP_NAME = "pbs-incremental-dirty-bitmap"; diff --git a/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch index b678e74..2c86cb2 100644 --- a/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch +++ b/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch @@ -175,7 +175,7 @@ index 0000000000..887e998b9e + NULL); +} diff --git a/pve-backup.c b/pve-backup.c -index 1d233dac93..5c9c153e31 100644 +index 6d6d7708b6..e9264e5025 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -1110,6 +1110,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp) diff --git a/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch b/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch index 810a801..21ca3a5 100644 --- a/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch +++ b/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch @@ -35,10 +35,10 @@ Signed-off-by: Fiona Ebner 5 files changed, 79 insertions(+), 182 deletions(-) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index 6a6ed6d0e7..bcf5849196 100644 +index ecbebd39ac..56f39b14d4 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1028,7 +1028,7 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target, +@@ -1030,7 +1030,7 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target, !!read_only, read_only_mode, errp); } @@ -47,7 +47,7 @@ index 6a6ed6d0e7..bcf5849196 100644 { Error *error = NULL; -@@ -1037,7 +1037,7 @@ void hmp_backup_cancel(Monitor *mon, const QDict *qdict) +@@ -1039,7 +1039,7 @@ void hmp_backup_cancel(Monitor *mon, const QDict *qdict) hmp_handle_error(mon, error); } @@ -119,7 +119,7 @@ index 4ce7bc0b5e..0923037dec 100644 static void proxmox_backup_schedule_wake(void *data) { CoCtxData *waker = (CoCtxData *)data; diff --git a/pve-backup.c b/pve-backup.c -index 5c9c153e31..378e4a9a63 100644 +index e9264e5025..4536650b24 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -356,7 +356,7 @@ static void job_cancel_bh(void *opaque) { diff --git a/debian/patches/pve/0044-PBS-add-master-key-support.patch b/debian/patches/pve/0044-PBS-add-master-key-support.patch index 7a7db33..cdcf7db 100644 --- a/debian/patches/pve/0044-PBS-add-master-key-support.patch +++ b/debian/patches/pve/0044-PBS-add-master-key-support.patch @@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner 3 files changed, 11 insertions(+) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index bcf5849196..fb881056e9 100644 +index 56f39b14d4..f852c70611 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1051,6 +1051,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict) +@@ -1053,6 +1053,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict) NULL, // PBS password NULL, // PBS keyfile NULL, // PBS key_password @@ -33,7 +33,7 @@ index bcf5849196..fb881056e9 100644 NULL, // PBS backup-id false, 0, // PBS backup-time diff --git a/pve-backup.c b/pve-backup.c -index 378e4a9a63..504c11657a 100644 +index 4536650b24..0d8bf1c332 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -531,6 +531,7 @@ UuidInfo coroutine_fn *qmp_backup( diff --git a/debian/patches/pve/0052-pbs-namespace-support.patch b/debian/patches/pve/0052-pbs-namespace-support.patch index 958fb5f..d8d730b 100644 --- a/debian/patches/pve/0052-pbs-namespace-support.patch +++ b/debian/patches/pve/0052-pbs-namespace-support.patch @@ -15,10 +15,10 @@ Signed-off-by: Fiona Ebner 5 files changed, 47 insertions(+), 9 deletions(-) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index fb881056e9..25ac598980 100644 +index f852c70611..ac23f21eef 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1053,6 +1053,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict) +@@ -1055,6 +1055,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict) NULL, // PBS key_password NULL, // PBS master_keyfile NULL, // PBS fingerprint @@ -172,7 +172,7 @@ index 2f834cf42e..f03d9bab8d 100644 fprintf(stderr, "restore failed: %s\n", pbs_error); return -1; diff --git a/pve-backup.c b/pve-backup.c -index 504c11657a..809ff6d134 100644 +index 0d8bf1c332..8a4ecba394 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -12,6 +12,8 @@ diff --git a/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch b/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch index 1b3e9ec..03f6a06 100644 --- a/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch +++ b/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch @@ -21,7 +21,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index 809ff6d134..221e45ed0e 100644 +index 8a4ecba394..5eba2abde0 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -505,6 +505,11 @@ static void create_backup_jobs_bh(void *opaque) { diff --git a/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch b/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch index 0e66858..7addf09 100644 --- a/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch +++ b/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch @@ -23,7 +23,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index 221e45ed0e..a20fa38ee8 100644 +index 5eba2abde0..99a91f88b2 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -318,6 +318,13 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque) diff --git a/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch b/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch index 5a9da14..f386f72 100644 --- a/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch +++ b/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch @@ -39,7 +39,7 @@ Signed-off-by: Fiona Ebner 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/pve-backup.c b/pve-backup.c -index a20fa38ee8..3509f46ed8 100644 +index 99a91f88b2..04c8ce0a3d 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -356,12 +356,41 @@ static void pvebackup_complete_cb(void *opaque, int ret) diff --git a/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch b/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch index 43efd1d..1aece72 100644 --- a/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch +++ b/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch @@ -31,10 +31,10 @@ Signed-off-by: Fiona Ebner 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index 25ac598980..74e43a757f 100644 +index ac23f21eef..636509b83e 100644 --- a/block/monitor/block-hmp-cmds.c +++ b/block/monitor/block-hmp-cmds.c -@@ -1061,7 +1061,9 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict) +@@ -1063,7 +1063,9 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict) false, false, // PBS encrypt true, dir ? BACKUP_FORMAT_DIR : BACKUP_FORMAT_VMA, NULL, NULL, @@ -46,7 +46,7 @@ index 25ac598980..74e43a757f 100644 hmp_handle_error(mon, error); } diff --git a/pve-backup.c b/pve-backup.c -index 3509f46ed8..a343d63586 100644 +index 04c8ce0a3d..56da408001 100644 --- a/pve-backup.c +++ b/pve-backup.c @@ -57,6 +57,7 @@ static struct PVEBackupState { diff --git a/debian/patches/series b/debian/patches/series index 175ec2d..90d7943 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,6 +4,20 @@ extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch +extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch +extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch +extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch +extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch +extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch +extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch +extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch +extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch +extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch +extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch +extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch +extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch +extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch +extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch