* [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2
@ 2024-11-25 11:00 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
No issues encountered during initial smoke testing of migration,
snapshot, backup functionality, SPICE, drive-mirror, with a selection
of different VM configs and guests.
Fiona Ebner (4):
update submodule and patches to QEMU 9.1.2
async snapshot: code cleanup: use error_setg() helper
async snapshot: improve error handling for 'savevm-start' QMP command
stable fixes for QEMU 9.1.2
...d-support-for-sync-bitmap-mode-never.patch | 54 +--
...-support-for-conditional-and-always-.patch | 10 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 14 +-
...ial-deadlock-when-draining-during-tr.patch | 2 +-
...workaround-Windows-not-handling-name.patch | 4 +-
...e-write-use-uint64_t-for-timeout-in-.patch | 35 --
...o-net-Add-queues-before-loading-them.patch | 81 ++++
...ock-copy-before-write-fix-permission.patch | 55 ---
...ix-size-check-in-dhclient-workaround.patch | 36 ++
...e-write-support-unligned-snapshot-di.patch | 48 ---
...e-write-create-block_copy-bitmap-in-.patch | 373 ------------------
...-backup-add-discard-source-parameter.patch | 277 -------------
...e-de-initialization-of-vhost-user-de.patch | 92 -----
...Use-float_status-copy-in-sme_fmopa_s.patch | 43 --
...-Use-FPST_F16-for-SME-FMOPA-widening.patch | 62 ---
...ion-and-honor-bootindex-again-for-le.patch | 60 ---
...5a-bump-instruction-limit-in-scripts.patch | 48 ---
...15-block-copy-Fix-missing-graph-lock.patch | 38 --
...-do-not-operate-on-sources-from-fina.patch | 93 -----
...ix-the-use-of-an-uninitialized-irqfd.patch | 77 ----
...net-Ensure-queue-index-fits-with-RSS.patch | 35 --
...etwork-stall-at-the-host-side-waitin.patch | 338 ----------------
...t-nic-model-help-output-as-documente.patch | 70 ----
...net-nic-model-for-non-help-arguments.patch | 32 --
...-assert-for-128-bit-tile-accesses-wh.patch | 57 ---
...arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch | 59 ---
...-shifts-by-1-in-tszimm_shr-and-tszim.patch | 62 ---
...e-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch | 41 --
...e-denormals-correctly-for-FMOPA-wide.patch | 164 --------
...el_iommu-fix-FRCD-construction-macro.patch | 39 --
...386-Do-not-apply-REX-to-MMX-operands.patch | 33 --
...rash-by-resetting-local_err-in-modul.patch | 42 --
...-Plumb-in-new-args-to-nbd_client_add.patch | 164 --------
...024-7409-Cap-default-max-connections.patch | 172 --------
...024-7409-Drop-non-negotiating-client.patch | 123 ------
...024-7409-Close-stray-clients-at-serv.patch | 161 --------
...c-fix-crash-when-no-console-attached.patch | 47 ---
...024-7409-Avoid-use-after-free-when-c.patch | 89 -----
...fix-memory-leak-in-dirty_memory_exte.patch | 134 -------
...st-allow-adding-overlapping-requests.patch | 104 -----
...k-file-change-locking-default-to-off.patch | 6 +-
...djust-network-script-path-to-etc-kvm.patch | 4 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...erfs-no-default-logfile-if-daemonize.patch | 8 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
...PVE-Up-glusterfs-allow-partial-reads.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 8 +-
.../0014-PVE-qapi-modify-query-machines.patch | 12 +-
.../0015-PVE-qapi-modify-spice-query.patch | 4 +-
...nnel-implementation-for-savevm-async.patch | 2 +-
...async-for-background-state-snapshots.patch | 92 ++---
...add-optional-buffer-size-to-QEMUFile.patch | 53 ++-
...add-the-zeroinit-block-driver-filter.patch | 8 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...t-target-i386-disable-LINT0-after-re.patch | 2 +-
...le-posix-make-locking-optiono-on-cre.patch | 20 +-
...3-PVE-monitor-disable-oob-capability.patch | 4 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 65 ++-
...VE-Backup-add-vma-backup-format-code.patch | 14 +-
...-Backup-add-backup-dump-block-driver.patch | 4 +-
...ckup-Proxmox-backup-patches-for-QEMU.patch | 48 +--
...estore-new-command-to-restore-from-p.patch | 8 +-
...k-driver-to-map-backup-archives-into.patch | 29 +-
...ct-stderr-to-journal-when-daemonized.patch | 10 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 32 +-
...dirty-bitmap-migrate-other-bitmaps-e.patch | 15 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
.../0038-block-add-alloc-track-driver.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 2 +-
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 2 +-
...k-rbd-implement-bdrv_co_block_status.patch | 4 +-
...rror-out-when-auto-remove-is-not-set.patch | 2 +-
...d-seemingly-superfluous-child-permis.patch | 2 +-
...e-allow-specifying-minimum-cluster-s.patch | 4 +-
...um-cluster-size-to-performance-optio.patch | 6 +-
.../0046-PVE-backup-add-fleecing-option.patch | 6 +-
...ve-error-when-copy-before-write-fail.patch | 2 +-
...up-fixup-error-handling-for-fleecing.patch | 2 +-
...r-out-setting-up-snapshot-access-for.patch | 2 +-
...device-name-in-device-info-structure.patch | 2 +-
...de-device-name-in-error-when-setting.patch | 2 +-
debian/patches/series | 35 +-
qemu | 2 +-
87 files changed, 433 insertions(+), 3618 deletions(-)
delete mode 100644 debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
create mode 100644 debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
delete mode 100644 debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
create mode 100644 debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
delete mode 100644 debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
delete mode 100644 debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
delete mode 100644 debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
delete mode 100644 debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
delete mode 100644 debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
delete mode 100644 debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
delete mode 100644 debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
delete mode 100644 debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
delete mode 100644 debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
delete mode 100644 debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
delete mode 100644 debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
delete mode 100644 debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
delete mode 100644 debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
delete mode 100644 debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
delete mode 100644 debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
delete mode 100644 debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
delete mode 100644 debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
delete mode 100644 debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
delete mode 100644 debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
delete mode 100644 debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
delete mode 100644 debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
delete mode 100644 debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
delete mode 100644 debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
delete mode 100644 debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
delete mode 100644 debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
delete mode 100644 debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
delete mode 100644 debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
delete mode 100644 debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
delete mode 100644 debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
delete mode 100644 debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
delete mode 100644 debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 1/4] update submodule and patches to QEMU 9.1.2
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper Fiona Ebner
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Notable changes, most interestingly the two build system changes:
* avoid making 'migration' target depend on 'libproxmox_backup_qemu':
Having pbs-state.c be part of the 'migration_files' makes the
'migration' target depend on 'libproxmox_backup_qemu'. Adding the
dependency to 'migration' and 'libmigration' would not be enough
however, because pbs-state.c depends on savevm.c (for
register_savevm_live()), and savevm.c is not itself part of the
'migration_files' and would need to be moved too. Otherwise, linking
the 'test-xbzrle' unit test is broken. Instead, don't declare
pbs-state.c to be part of the 'migration_files'.
* meson: pbs-restore + vma: add qemuutil dependency explicitly
Both pbs-restore and vma use "qemu/osdep.h" so the dependency is
present. Being explicit is required after commit 414b180d42 ("meson:
Pass objects and dependencies to declare_dependency()").
* QAPI docs "Notes:" to ".. note::" conversion following commit
d461c27973 ("qapi: convert "Note" sections to plain rST").
* Removal of QERR_* macros following commit
a95921f171 ("qapi: Inline and remove QERR_DEVICE_HAS_NO_MEDIUM
definition") and friends.
* Signature change for .save_setup callbacks following commit
01c3ac681b ("migration: Add Error** argument to .save_setup()
handler").
* Removal of separate .bdrv_file_open callbacks following commit
44b424dc4a ("block: remove separate bdrv_file_open callback")
* Adapt dirty bitmap migration error handling following commit
dd03167725 ("migration: Add Error** argument to
add_bitmaps_to_list()")
* Adapt savevm async to removed block migration following commit
eef0bae3a7 ("migration: Remove block migration")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 54 +--
...-support-for-conditional-and-always-.patch | 10 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 14 +-
...ial-deadlock-when-draining-during-tr.patch | 2 +-
...workaround-Windows-not-handling-name.patch | 4 +-
...e-write-use-uint64_t-for-timeout-in-.patch | 35 --
...ock-copy-before-write-fix-permission.patch | 55 ---
...e-write-support-unligned-snapshot-di.patch | 48 ---
...e-write-create-block_copy-bitmap-in-.patch | 373 ------------------
...-backup-add-discard-source-parameter.patch | 277 -------------
...e-de-initialization-of-vhost-user-de.patch | 92 -----
...Use-float_status-copy-in-sme_fmopa_s.patch | 43 --
...-Use-FPST_F16-for-SME-FMOPA-widening.patch | 62 ---
...ion-and-honor-bootindex-again-for-le.patch | 60 ---
...5a-bump-instruction-limit-in-scripts.patch | 48 ---
...15-block-copy-Fix-missing-graph-lock.patch | 38 --
...-do-not-operate-on-sources-from-fina.patch | 93 -----
...ix-the-use-of-an-uninitialized-irqfd.patch | 77 ----
| 35 --
...etwork-stall-at-the-host-side-waitin.patch | 338 ----------------
...t-nic-model-help-output-as-documente.patch | 70 ----
...net-nic-model-for-non-help-arguments.patch | 32 --
...-assert-for-128-bit-tile-accesses-wh.patch | 57 ---
...arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch | 59 ---
...-shifts-by-1-in-tszimm_shr-and-tszim.patch | 62 ---
...e-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch | 41 --
...e-denormals-correctly-for-FMOPA-wide.patch | 164 --------
...el_iommu-fix-FRCD-construction-macro.patch | 39 --
...386-Do-not-apply-REX-to-MMX-operands.patch | 33 --
...rash-by-resetting-local_err-in-modul.patch | 42 --
...-Plumb-in-new-args-to-nbd_client_add.patch | 164 --------
...024-7409-Cap-default-max-connections.patch | 172 --------
...024-7409-Drop-non-negotiating-client.patch | 123 ------
...024-7409-Close-stray-clients-at-serv.patch | 161 --------
...c-fix-crash-when-no-console-attached.patch | 47 ---
...024-7409-Avoid-use-after-free-when-c.patch | 89 -----
...fix-memory-leak-in-dirty_memory_exte.patch | 134 -------
...st-allow-adding-overlapping-requests.patch | 104 -----
...k-file-change-locking-default-to-off.patch | 6 +-
...djust-network-script-path-to-etc-kvm.patch | 4 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...erfs-no-default-logfile-if-daemonize.patch | 8 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
...PVE-Up-glusterfs-allow-partial-reads.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 8 +-
.../0014-PVE-qapi-modify-query-machines.patch | 12 +-
.../0015-PVE-qapi-modify-spice-query.patch | 4 +-
...nnel-implementation-for-savevm-async.patch | 2 +-
...async-for-background-state-snapshots.patch | 63 ++-
...add-optional-buffer-size-to-QEMUFile.patch | 51 +--
...add-the-zeroinit-block-driver-filter.patch | 8 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...t-target-i386-disable-LINT0-after-re.patch | 2 +-
...le-posix-make-locking-optiono-on-cre.patch | 20 +-
...3-PVE-monitor-disable-oob-capability.patch | 4 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 65 ++-
...VE-Backup-add-vma-backup-format-code.patch | 14 +-
...-Backup-add-backup-dump-block-driver.patch | 4 +-
...ckup-Proxmox-backup-patches-for-QEMU.patch | 48 +--
...estore-new-command-to-restore-from-p.patch | 8 +-
...k-driver-to-map-backup-archives-into.patch | 29 +-
...ct-stderr-to-journal-when-daemonized.patch | 10 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 32 +-
...dirty-bitmap-migrate-other-bitmaps-e.patch | 15 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
.../0038-block-add-alloc-track-driver.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 2 +-
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 2 +-
...k-rbd-implement-bdrv_co_block_status.patch | 4 +-
...rror-out-when-auto-remove-is-not-set.patch | 2 +-
...d-seemingly-superfluous-child-permis.patch | 2 +-
...e-allow-specifying-minimum-cluster-s.patch | 4 +-
...um-cluster-size-to-performance-optio.patch | 6 +-
.../0046-PVE-backup-add-fleecing-option.patch | 6 +-
...ve-error-when-copy-before-write-fail.patch | 2 +-
...up-fixup-error-handling-for-fleecing.patch | 2 +-
...r-out-setting-up-snapshot-access-for.patch | 2 +-
...device-name-in-device-info-structure.patch | 2 +-
...de-device-name-in-error-when-setting.patch | 2 +-
debian/patches/series | 33 --
qemu | 2 +-
85 files changed, 294 insertions(+), 3607 deletions(-)
delete mode 100644 debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
delete mode 100644 debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
delete mode 100644 debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
delete mode 100644 debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
delete mode 100644 debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
delete mode 100644 debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
delete mode 100644 debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
delete mode 100644 debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
delete mode 100644 debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
delete mode 100644 debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
delete mode 100644 debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
delete mode 100644 debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
delete mode 100644 debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
delete mode 100644 debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
delete mode 100644 debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
delete mode 100644 debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
delete mode 100644 debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
delete mode 100644 debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
delete mode 100644 debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
delete mode 100644 debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
delete mode 100644 debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
delete mode 100644 debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
delete mode 100644 debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
delete mode 100644 debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
delete mode 100644 debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
delete mode 100644 debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
delete mode 100644 debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
delete mode 100644 debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
delete mode 100644 debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
delete mode 100644 debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
delete mode 100644 debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
delete mode 100644 debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
delete mode 100644 debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 0532896..ddf26e4 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -27,7 +27,7 @@ Signed-off-by: Ma Haocong <mahaocong@didichuxing.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-[FE: rebased for 8.2.2]
+[FE: rebased for 9.1.2]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
block/mirror.c | 99 ++++++++++++++++++++------
@@ -38,7 +38,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
5 files changed, 142 insertions(+), 28 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 1bdce3b657..0c5c72df2e 100644
+index 61f0a717b7..83a88562c5 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -51,7 +51,7 @@ typedef struct MirrorBlockJob {
@@ -59,7 +59,7 @@ index 1bdce3b657..0c5c72df2e 100644
BdrvDirtyBitmap *dirty_bitmap;
BdrvDirtyBitmapIter *dbi;
uint8_t *buf;
-@@ -722,7 +724,8 @@ static int mirror_exit_common(Job *job)
+@@ -723,7 +725,8 @@ static int mirror_exit_common(Job *job)
&error_abort);
if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
@@ -69,7 +69,7 @@ index 1bdce3b657..0c5c72df2e 100644
BlockDriverState *unfiltered_target = bdrv_skip_filters(target_bs);
if (bdrv_cow_bs(unfiltered_target) != backing) {
-@@ -819,6 +822,16 @@ static void mirror_abort(Job *job)
+@@ -824,6 +827,16 @@ static void mirror_abort(Job *job)
assert(ret == 0);
}
@@ -86,7 +86,7 @@ index 1bdce3b657..0c5c72df2e 100644
static void coroutine_fn mirror_throttle(MirrorBlockJob *s)
{
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-@@ -1015,7 +1028,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
+@@ -1020,7 +1033,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
mirror_free_init(s);
s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
@@ -96,7 +96,7 @@ index 1bdce3b657..0c5c72df2e 100644
ret = mirror_dirty_init(s);
if (ret < 0 || job_is_cancelled(&s->common.job)) {
goto immediate_exit;
-@@ -1304,6 +1318,7 @@ static const BlockJobDriver mirror_job_driver = {
+@@ -1309,6 +1323,7 @@ static const BlockJobDriver mirror_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -104,7 +104,7 @@ index 1bdce3b657..0c5c72df2e 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = mirror_cancel,
-@@ -1322,6 +1337,7 @@ static const BlockJobDriver commit_active_job_driver = {
+@@ -1327,6 +1342,7 @@ static const BlockJobDriver commit_active_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -112,7 +112,7 @@ index 1bdce3b657..0c5c72df2e 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = commit_active_cancel,
-@@ -1714,7 +1730,10 @@ static BlockJob *mirror_start_job(
+@@ -1719,7 +1735,10 @@ static BlockJob *mirror_start_job(
BlockCompletionFunc *cb,
void *opaque,
const BlockJobDriver *driver,
@@ -123,8 +123,8 @@ index 1bdce3b657..0c5c72df2e 100644
+ BlockDriverState *base,
bool auto_complete, const char *filter_node_name,
bool is_mirror, MirrorCopyMode copy_mode,
- Error **errp)
-@@ -1728,10 +1747,39 @@ static BlockJob *mirror_start_job(
+ bool base_ro,
+@@ -1734,10 +1753,39 @@ static BlockJob *mirror_start_job(
GLOBAL_STATE_CODE();
@@ -166,7 +166,7 @@ index 1bdce3b657..0c5c72df2e 100644
assert(is_power_of_2(granularity));
if (buf_size < 0) {
-@@ -1871,7 +1919,9 @@ static BlockJob *mirror_start_job(
+@@ -1878,7 +1926,9 @@ static BlockJob *mirror_start_job(
s->replaces = g_strdup(replaces);
s->on_source_error = on_source_error;
s->on_target_error = on_target_error;
@@ -177,7 +177,7 @@ index 1bdce3b657..0c5c72df2e 100644
s->backing_mode = backing_mode;
s->zero_target = zero_target;
qatomic_set(&s->copy_mode, copy_mode);
-@@ -1897,6 +1947,18 @@ static BlockJob *mirror_start_job(
+@@ -1904,6 +1954,18 @@ static BlockJob *mirror_start_job(
*/
bdrv_disable_dirty_bitmap(s->dirty_bitmap);
@@ -196,7 +196,7 @@ index 1bdce3b657..0c5c72df2e 100644
bdrv_graph_wrlock();
ret = block_job_add_bdrv(&s->common, "source", bs, 0,
BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
-@@ -1979,6 +2041,9 @@ fail:
+@@ -1986,6 +2048,9 @@ fail:
if (s->dirty_bitmap) {
bdrv_release_dirty_bitmap(s->dirty_bitmap);
}
@@ -206,7 +206,7 @@ index 1bdce3b657..0c5c72df2e 100644
job_early_fail(&s->common.job);
}
-@@ -2001,35 +2066,28 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+@@ -2008,35 +2073,28 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
@@ -241,13 +241,13 @@ index 1bdce3b657..0c5c72df2e 100644
speed, granularity, buf_size, backing_mode, zero_target,
on_source_error, on_target_error, unmap, NULL, NULL,
- &mirror_job_driver, is_none_mode, base, false,
-- filter_node_name, true, copy_mode, errp);
+- filter_node_name, true, copy_mode, false, errp);
+ &mirror_job_driver, mode, bitmap, bitmap_mode, base,
-+ false, filter_node_name, true, copy_mode, errp);
++ false, filter_node_name, true, copy_mode, false, errp);
}
BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
-@@ -2056,7 +2114,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
+@@ -2063,7 +2121,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN, false,
on_error, on_error, true, cb, opaque,
@@ -255,13 +255,13 @@ index 1bdce3b657..0c5c72df2e 100644
+ &commit_active_job_driver, MIRROR_SYNC_MODE_FULL,
+ NULL, 0, base, auto_complete,
filter_node_name, false, MIRROR_COPY_MODE_BACKGROUND,
- errp);
+ base_read_only, errp);
if (!job) {
diff --git a/blockdev.c b/blockdev.c
-index 4c33c3f5f0..f3e508a6a7 100644
+index 835064ed03..9b10e3917c 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2776,6 +2776,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2778,6 +2778,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
BlockDriverState *target,
const char *replaces,
enum MirrorSyncMode sync,
@@ -271,7 +271,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
BlockMirrorBackingMode backing_mode,
bool zero_target,
bool has_speed, int64_t speed,
-@@ -2794,6 +2797,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2796,6 +2799,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
{
BlockDriverState *unfiltered_bs;
int job_flags = JOB_DEFAULT;
@@ -279,7 +279,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
GLOBAL_STATE_CODE();
GRAPH_RDLOCK_GUARD_MAINLOOP();
-@@ -2848,6 +2852,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2850,6 +2854,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
@@ -309,7 +309,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
if (!replaces) {
/* We want to mirror from @bs, but keep implicit filters on top */
unfiltered_bs = bdrv_skip_implicit_filters(bs);
-@@ -2889,8 +2916,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2891,8 +2918,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
* and will allow to check whether the node still exist at mirror completion
*/
mirror_start(job_id, bs, target,
@@ -320,7 +320,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
on_source_error, on_target_error, unmap, filter_node_name,
copy_mode, errp);
}
-@@ -3034,6 +3061,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
+@@ -3036,6 +3063,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
blockdev_mirror_common(arg->job_id, bs, target_bs,
arg->replaces, arg->sync,
@@ -329,7 +329,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
backing_mode, zero_target,
arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
-@@ -3053,6 +3082,8 @@ void qmp_blockdev_mirror(const char *job_id,
+@@ -3055,6 +3084,8 @@ void qmp_blockdev_mirror(const char *job_id,
const char *device, const char *target,
const char *replaces,
MirrorSyncMode sync,
@@ -338,7 +338,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
bool has_speed, int64_t speed,
bool has_granularity, uint32_t granularity,
bool has_buf_size, int64_t buf_size,
-@@ -3093,7 +3124,8 @@ void qmp_blockdev_mirror(const char *job_id,
+@@ -3095,7 +3126,8 @@ void qmp_blockdev_mirror(const char *job_id,
}
blockdev_mirror_common(job_id, bs, target_bs,
@@ -364,7 +364,7 @@ index eb2d92a226..f0c642b194 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index b179d65520..905da8be72 100644
+index aa40d44f1d..c2a337cc04 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2174,6 +2174,15 @@
diff --git a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
index 8a1b5d8..7bce3ec 100644
--- a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
+++ b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
@@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 0c5c72df2e..37fee3fa25 100644
+index 83a88562c5..fc439ea936 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -693,8 +693,6 @@ static int mirror_exit_common(Job *job)
+@@ -694,8 +694,6 @@ static int mirror_exit_common(Job *job)
bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs);
}
@@ -36,7 +36,7 @@ index 0c5c72df2e..37fee3fa25 100644
/* Make sure that the source BDS doesn't go away during bdrv_replace_node,
* before we can call bdrv_drained_end */
bdrv_ref(src);
-@@ -800,6 +798,18 @@ static int mirror_exit_common(Job *job)
+@@ -805,6 +803,18 @@ static int mirror_exit_common(Job *job)
bdrv_drained_end(target_bs);
bdrv_unref(target_bs);
@@ -55,7 +55,7 @@ index 0c5c72df2e..37fee3fa25 100644
bs_opaque->job = NULL;
bdrv_drained_end(src);
-@@ -1757,10 +1767,6 @@ static BlockJob *mirror_start_job(
+@@ -1763,10 +1773,6 @@ static BlockJob *mirror_start_job(
" sync mode",
MirrorSyncMode_str(sync_mode));
return NULL;
@@ -66,7 +66,7 @@ index 0c5c72df2e..37fee3fa25 100644
}
} else if (bitmap) {
error_setg(errp,
-@@ -1777,6 +1783,12 @@ static BlockJob *mirror_start_job(
+@@ -1783,6 +1789,12 @@ static BlockJob *mirror_start_job(
return NULL;
}
granularity = bdrv_dirty_bitmap_granularity(bitmap);
diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
index d1e0fb0..d82c415 100644
--- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
+++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 3 insertions(+)
diff --git a/blockdev.c b/blockdev.c
-index f3e508a6a7..37b8437f3e 100644
+index 9b10e3917c..c3fa897289 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2873,6 +2873,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2875,6 +2875,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
return;
}
diff --git a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
index 33e6923..dee6c7e 100644
--- a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
+++ b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 37fee3fa25..6b3cce1007 100644
+index fc439ea936..cde5d710fd 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -804,8 +804,8 @@ static int mirror_exit_common(Job *job)
+@@ -809,8 +809,8 @@ static int mirror_exit_common(Job *job)
job->ret == 0 && ret == 0)) {
/* Success; synchronize copy back to sync. */
bdrv_clear_dirty_bitmap(s->sync_bitmap, NULL);
@@ -30,7 +30,7 @@ index 37fee3fa25..6b3cce1007 100644
}
}
bdrv_release_dirty_bitmap(s->dirty_bitmap);
-@@ -1964,11 +1964,8 @@ static BlockJob *mirror_start_job(
+@@ -1971,11 +1971,8 @@ static BlockJob *mirror_start_job(
}
if (s->sync_mode == MIRROR_SYNC_MODE_BITMAP) {
diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
index 9f68e4f..f0165d5 100644
--- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
+++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
@@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
3 files changed, 70 insertions(+), 59 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 6b3cce1007..2f1223852b 100644
+index cde5d710fd..e20f50e5fb 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -1757,31 +1757,13 @@ static BlockJob *mirror_start_job(
+@@ -1763,31 +1763,13 @@ static BlockJob *mirror_start_job(
GLOBAL_STATE_CODE();
@@ -62,10 +62,10 @@ index 6b3cce1007..2f1223852b 100644
if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
diff --git a/blockdev.c b/blockdev.c
-index 37b8437f3e..ed8198f351 100644
+index c3fa897289..9cbd166674 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2852,7 +2852,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2854,7 +2854,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
index 45e7f87..e0be888 100644
--- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
+++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
@@ -48,7 +48,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
-index 965f5d5450..e04bd059b6 100644
+index c3740ec616..7f38ce6b8b 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -16,6 +16,7 @@ extern QemuOptsList qemu_mon_opts;
@@ -60,7 +60,7 @@ index 965f5d5450..e04bd059b6 100644
void monitor_init_globals(void);
void monitor_init_globals_core(void);
diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h
-index 252de85681..8db28f9272 100644
+index cb628f681d..93dbd62fc2 100644
--- a/monitor/monitor-internal.h
+++ b/monitor/monitor-internal.h
@@ -151,6 +151,13 @@ typedef struct {
@@ -78,10 +78,10 @@ index 252de85681..8db28f9272 100644
/**
diff --git a/monitor/monitor.c b/monitor/monitor.c
-index 01ede1babd..5681bca346 100644
+index db52a9c7ef..2d63959351 100644
--- a/monitor/monitor.c
+++ b/monitor/monitor.c
-@@ -117,6 +117,21 @@ bool monitor_cur_is_qmp(void)
+@@ -116,6 +116,21 @@ bool monitor_cur_is_qmp(void)
return cur_mon && monitor_is_qmp(cur_mon);
}
@@ -104,7 +104,7 @@ index 01ede1babd..5681bca346 100644
* Is @mon is using readline?
* Note: not all HMP monitors use readline, e.g., gdbserver has a
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index a239945e8d..589c9524f8 100644
+index 5e538f34c0..eb181d5979 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -165,6 +165,8 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
@@ -189,7 +189,7 @@ index 176b549473..790bb7d1da 100644
aio_bh_schedule_oneshot(iohandler_get_aio_context(), do_qmp_dispatch_bh,
&data);
diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c
-index afa477aae6..d3ff124bf3 100644
+index 1894cdfe1f..d74d0459f0 100644
--- a/stubs/monitor-core.c
+++ b/stubs/monitor-core.c
@@ -12,6 +12,11 @@ Monitor *monitor_set_cur(Coroutine *co, Monitor *mon)
@@ -201,6 +201,6 @@ index afa477aae6..d3ff124bf3 100644
+ return -1;
+}
+
- void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
+ void qapi_event_emit(QAPIEvent event, QDict *qdict)
{
}
diff --git a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
index 502c9d2..b97684d 100644
--- a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+++ b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
@@ -55,7 +55,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
-index e8cb2dac92..3b21acf651 100644
+index 08d9218455..20d8c0cf66 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -456,7 +456,7 @@ static void ide_trim_bh_cb(void *opaque)
diff --git a/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch b/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
index 22eb1e7..99b9499 100644
--- a/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+++ b/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
@@ -24,10 +24,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index 53f804ac16..9b1b9f0412 100644
+index 5d4bd2b710..67194bb705 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
-@@ -347,13 +347,9 @@ Aml *aml_pci_device_dsm(void)
+@@ -346,13 +346,9 @@ Aml *aml_pci_device_dsm(void)
{
Aml *params = aml_local(0);
Aml *pkg = aml_package(2);
diff --git a/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch b/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
deleted file mode 100644
index a8bdd85..0000000
--- a/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Mon, 29 Apr 2024 15:41:11 +0200
-Subject: [PATCH] block/copy-before-write: use uint64_t for timeout in
- nanoseconds
-
-rather than the uint32_t for which the maximum is slightly more than 4
-seconds and larger values would overflow. The QAPI interface allows
-specifying the number of seconds, so only values 0 to 4 are safe right
-now, other values lead to a much lower timeout than a user expects.
-
-The block_copy() call where this is used already takes a uint64_t for
-the timeout, so no change required there.
-
-Fixes: 6db7fd1ca9 ("block/copy-before-write: implement cbw-timeout option")
-Reported-by: Friedrich Weber <f.weber@proxmox.com>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Tested-by: Friedrich Weber <f.weber@proxmox.com>
----
- block/copy-before-write.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 8aba27a71d..026fa9840f 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -43,7 +43,7 @@ typedef struct BDRVCopyBeforeWriteState {
- BlockCopyState *bcs;
- BdrvChild *target;
- OnCbwError on_cbw_error;
-- uint32_t cbw_timeout_ns;
-+ uint64_t cbw_timeout_ns;
-
- /*
- * @lock: protects access to @access_bitmap, @done_bitmap and
diff --git a/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch b/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
deleted file mode 100644
index 6a759a4..0000000
--- a/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:22 +0200
-Subject: [PATCH] block/copy-before-write: fix permission
-
-In case when source node does not have any parents, the condition still
-works as required: backup job do create the parent by
-
- block_job_create -> block_job_add_bdrv -> bdrv_root_attach_child
-
-Still, in this case checking @perm variable doesn't work, as backup job
-creates the root blk with empty permissions (as it rely on CBW filter
-to require correct permissions and don't want to create extra
-conflicts).
-
-So, we should not check @perm.
-
-The hack may be dropped entirely when transactional insertion of
-filter (when we don't try to recalculate permissions in intermediate
-state, when filter does conflict with original parent of the source
-node) merged (old big series
-"[PATCH v5 00/45] Transactional block-graph modifying API"[1] and it's
-current in-flight part is "[PATCH v8 0/7] blockdev-replace"[2])
-
-[1] https://patchew.org/QEMU/20220330212902.590099-1-vsementsov@openvz.org/
-[2] https://patchew.org/QEMU/20231017184444.932733-1-vsementsov@yandex-team.ru/
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/copy-before-write.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 026fa9840f..5a9456d426 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -364,9 +364,13 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
- perm, shared, nperm, nshared);
-
- if (!QLIST_EMPTY(&bs->parents)) {
-- if (perm & BLK_PERM_WRITE) {
-- *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
-- }
-+ /*
-+ * Note, that source child may be shared with backup job. Backup job
-+ * does create own blk parent on copy-before-write node, so this
-+ * works even if source node does not have any parents before backup
-+ * start
-+ */
-+ *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
- *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
- }
- }
diff --git a/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch b/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
deleted file mode 100644
index f651c58..0000000
--- a/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:23 +0200
-Subject: [PATCH] block/copy-before-write: support unligned snapshot-discard
-
-First thing that crashes on unligned access here is
-bdrv_reset_dirty_bitmap(). Correct way is to align-down the
-snapshot-discard request.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/copy-before-write.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 5a9456d426..c0e70669a2 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -325,14 +325,24 @@ static int coroutine_fn GRAPH_RDLOCK
- cbw_co_pdiscard_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes)
- {
- BDRVCopyBeforeWriteState *s = bs->opaque;
-+ uint32_t cluster_size = block_copy_cluster_size(s->bcs);
-+ int64_t aligned_offset = QEMU_ALIGN_UP(offset, cluster_size);
-+ int64_t aligned_end = QEMU_ALIGN_DOWN(offset + bytes, cluster_size);
-+ int64_t aligned_bytes;
-+
-+ if (aligned_end <= aligned_offset) {
-+ return 0;
-+ }
-+ aligned_bytes = aligned_end - aligned_offset;
-
- WITH_QEMU_LOCK_GUARD(&s->lock) {
-- bdrv_reset_dirty_bitmap(s->access_bitmap, offset, bytes);
-+ bdrv_reset_dirty_bitmap(s->access_bitmap, aligned_offset,
-+ aligned_bytes);
- }
-
-- block_copy_reset(s->bcs, offset, bytes);
-+ block_copy_reset(s->bcs, aligned_offset, aligned_bytes);
-
-- return bdrv_co_pdiscard(s->target, offset, bytes);
-+ return bdrv_co_pdiscard(s->target, aligned_offset, aligned_bytes);
- }
-
- static void GRAPH_RDLOCK cbw_refresh_filename(BlockDriverState *bs)
diff --git a/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch b/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
deleted file mode 100644
index 7cd24d0..0000000
--- a/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
+++ /dev/null
@@ -1,373 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:24 +0200
-Subject: [PATCH] block/copy-before-write: create block_copy bitmap in filter
- node
-
-Currently block_copy creates copy_bitmap in source node. But that is in
-bad relation with .independent_close=true of copy-before-write filter:
-source node may be detached and removed before .bdrv_close() handler
-called, which should call block_copy_state_free(), which in turn should
-remove copy_bitmap.
-
-That's all not ideal: it would be better if internal bitmap of
-block-copy object is not attached to any node. But that is not possible
-now.
-
-The simplest solution is just create copy_bitmap in filter node, where
-anyway two other bitmaps are created.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/block-copy.c | 3 +-
- block/copy-before-write.c | 2 +-
- include/block/block-copy.h | 1 +
- tests/qemu-iotests/257.out | 112 ++++++++++++++++++-------------------
- 4 files changed, 60 insertions(+), 58 deletions(-)
-
-diff --git a/block/block-copy.c b/block/block-copy.c
-index 9ee3dd7ef5..8fca2c3698 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -351,6 +351,7 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
- }
-
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
-+ BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
- Error **errp)
- {
-@@ -367,7 +368,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- return NULL;
- }
-
-- copy_bitmap = bdrv_create_dirty_bitmap(source->bs, cluster_size, NULL,
-+ copy_bitmap = bdrv_create_dirty_bitmap(copy_bitmap_bs, cluster_size, NULL,
- errp);
- if (!copy_bitmap) {
- return NULL;
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index c0e70669a2..94db31512d 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -468,7 +468,7 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
- ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
- bs->file->bs->supported_zero_flags);
-
-- s->bcs = block_copy_state_new(bs->file, s->target, bitmap, errp);
-+ s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp);
- if (!s->bcs) {
- error_prepend(errp, "Cannot create block-copy-state: ");
- return -EINVAL;
-diff --git a/include/block/block-copy.h b/include/block/block-copy.h
-index 0700953ab8..8b41643bfa 100644
---- a/include/block/block-copy.h
-+++ b/include/block/block-copy.h
-@@ -25,6 +25,7 @@ typedef struct BlockCopyState BlockCopyState;
- typedef struct BlockCopyCallState BlockCopyCallState;
-
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
-+ BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
- Error **errp);
-
-diff --git a/tests/qemu-iotests/257.out b/tests/qemu-iotests/257.out
-index aa76131ca9..c33dd7f3a9 100644
---- a/tests/qemu-iotests/257.out
-+++ b/tests/qemu-iotests/257.out
-@@ -120,16 +120,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -596,16 +596,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -865,16 +865,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -1341,16 +1341,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -1610,16 +1610,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -2086,16 +2086,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -2355,16 +2355,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -2831,16 +2831,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -3100,16 +3100,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -3576,16 +3576,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -3845,16 +3845,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -4321,16 +4321,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -4590,16 +4590,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -5066,16 +5066,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
diff --git a/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch b/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
deleted file mode 100644
index e11a37d..0000000
--- a/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
+++ /dev/null
@@ -1,277 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:25 +0200
-Subject: [PATCH] qapi: blockdev-backup: add discard-source parameter
-
-Add a parameter that enables discard-after-copy. That is mostly useful
-in "push backup with fleecing" scheme, when source is snapshot-access
-format driver node, based on copy-before-write filter snapshot-access
-API:
-
-[guest] [snapshot-access] ~~ blockdev-backup ~~> [backup target]
- | |
- | root | file
- v v
-[copy-before-write]
- | |
- | file | target
- v v
-[active disk] [temp.img]
-
-In this case discard-after-copy does two things:
-
- - discard data in temp.img to save disk space
- - avoid further copy-before-write operation in discarded area
-
-Note that we have to declare WRITE permission on source in
-copy-before-write filter, for discard to work. Still we can't take it
-unconditionally, as it will break normal backup from RO source. So, we
-have to add a parameter and pass it thorough bdrv_open flags.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/backup.c | 5 +++--
- block/block-copy.c | 9 +++++++++
- block/copy-before-write.c | 15 +++++++++++++--
- block/copy-before-write.h | 1 +
- block/replication.c | 4 ++--
- blockdev.c | 2 +-
- include/block/block-common.h | 2 ++
- include/block/block-copy.h | 1 +
- include/block/block_int-global-state.h | 2 +-
- qapi/block-core.json | 4 ++++
- 10 files changed, 37 insertions(+), 8 deletions(-)
-
-diff --git a/block/backup.c b/block/backup.c
-index ec29d6b810..3dd2e229d2 100644
---- a/block/backup.c
-+++ b/block/backup.c
-@@ -356,7 +356,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- BlockDriverState *target, int64_t speed,
- MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
- BitmapSyncMode bitmap_mode,
-- bool compress,
-+ bool compress, bool discard_source,
- const char *filter_node_name,
- BackupPerf *perf,
- BlockdevOnError on_source_error,
-@@ -457,7 +457,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- goto error;
- }
-
-- cbw = bdrv_cbw_append(bs, target, filter_node_name, &bcs, errp);
-+ cbw = bdrv_cbw_append(bs, target, filter_node_name, discard_source,
-+ &bcs, errp);
- if (!cbw) {
- goto error;
- }
-diff --git a/block/block-copy.c b/block/block-copy.c
-index 8fca2c3698..7e3b378528 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -137,6 +137,7 @@ typedef struct BlockCopyState {
- CoMutex lock;
- int64_t in_flight_bytes;
- BlockCopyMethod method;
-+ bool discard_source;
- BlockReqList reqs;
- QLIST_HEAD(, BlockCopyCallState) calls;
- /*
-@@ -353,6 +354,7 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
-+ bool discard_source,
- Error **errp)
- {
- ERRP_GUARD();
-@@ -418,6 +420,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- cluster_size),
- };
-
-+ s->discard_source = discard_source;
- block_copy_set_copy_opts(s, false, false);
-
- ratelimit_init(&s->rate_limit);
-@@ -589,6 +592,12 @@ static coroutine_fn int block_copy_task_entry(AioTask *task)
- co_put_to_shres(s->mem, t->req.bytes);
- block_copy_task_end(t, ret);
-
-+ if (s->discard_source && ret == 0) {
-+ int64_t nbytes =
-+ MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset;
-+ bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
-+ }
-+
- return ret;
- }
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 94db31512d..853e01a1eb 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -44,6 +44,7 @@ typedef struct BDRVCopyBeforeWriteState {
- BdrvChild *target;
- OnCbwError on_cbw_error;
- uint64_t cbw_timeout_ns;
-+ bool discard_source;
-
- /*
- * @lock: protects access to @access_bitmap, @done_bitmap and
-@@ -357,6 +358,8 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
- uint64_t perm, uint64_t shared,
- uint64_t *nperm, uint64_t *nshared)
- {
-+ BDRVCopyBeforeWriteState *s = bs->opaque;
-+
- if (!(role & BDRV_CHILD_FILTERED)) {
- /*
- * Target child
-@@ -381,6 +384,10 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
- * start
- */
- *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
-+ if (s->discard_source) {
-+ *nperm = *nperm | BLK_PERM_WRITE;
-+ }
-+
- *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
- }
- }
-@@ -468,7 +475,9 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
- ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
- bs->file->bs->supported_zero_flags);
-
-- s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp);
-+ s->discard_source = flags & BDRV_O_CBW_DISCARD_SOURCE;
-+ s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap,
-+ flags & BDRV_O_CBW_DISCARD_SOURCE, errp);
- if (!s->bcs) {
- error_prepend(errp, "Cannot create block-copy-state: ");
- return -EINVAL;
-@@ -535,12 +544,14 @@ static BlockDriver bdrv_cbw_filter = {
- BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
- BlockDriverState *target,
- const char *filter_node_name,
-+ bool discard_source,
- BlockCopyState **bcs,
- Error **errp)
- {
- BDRVCopyBeforeWriteState *state;
- BlockDriverState *top;
- QDict *opts;
-+ int flags = BDRV_O_RDWR | (discard_source ? BDRV_O_CBW_DISCARD_SOURCE : 0);
-
- assert(source->total_sectors == target->total_sectors);
- GLOBAL_STATE_CODE();
-@@ -553,7 +564,7 @@ BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
- qdict_put_str(opts, "file", bdrv_get_node_name(source));
- qdict_put_str(opts, "target", bdrv_get_node_name(target));
-
-- top = bdrv_insert_node(source, opts, BDRV_O_RDWR, errp);
-+ top = bdrv_insert_node(source, opts, flags, errp);
- if (!top) {
- return NULL;
- }
-diff --git a/block/copy-before-write.h b/block/copy-before-write.h
-index 6e72bb25e9..01af0cd3c4 100644
---- a/block/copy-before-write.h
-+++ b/block/copy-before-write.h
-@@ -39,6 +39,7 @@
- BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
- BlockDriverState *target,
- const char *filter_node_name,
-+ bool discard_source,
- BlockCopyState **bcs,
- Error **errp);
- void bdrv_cbw_drop(BlockDriverState *bs);
-diff --git a/block/replication.c b/block/replication.c
-index ca6bd0a720..0415a5e8b7 100644
---- a/block/replication.c
-+++ b/block/replication.c
-@@ -582,8 +582,8 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-
- s->backup_job = backup_job_create(
- NULL, s->secondary_disk->bs, s->hidden_disk->bs,
-- 0, MIRROR_SYNC_MODE_NONE, NULL, 0, false, NULL,
-- &perf,
-+ 0, MIRROR_SYNC_MODE_NONE, NULL, 0, false, false,
-+ NULL, &perf,
- BLOCKDEV_ON_ERROR_REPORT,
- BLOCKDEV_ON_ERROR_REPORT, JOB_INTERNAL,
- backup_job_completed, bs, NULL, &local_err);
-diff --git a/blockdev.c b/blockdev.c
-index 057601dcf0..4c33c3f5f0 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -2726,7 +2726,7 @@ static BlockJob *do_backup_common(BackupCommon *backup,
-
- job = backup_job_create(backup->job_id, bs, target_bs, backup->speed,
- backup->sync, bmap, backup->bitmap_mode,
-- backup->compress,
-+ backup->compress, backup->discard_source,
- backup->filter_node_name,
- &perf,
- backup->on_source_error,
-diff --git a/include/block/block-common.h b/include/block/block-common.h
-index a846023a09..338fe5ff7a 100644
---- a/include/block/block-common.h
-+++ b/include/block/block-common.h
-@@ -243,6 +243,8 @@ typedef enum {
- read-write fails */
- #define BDRV_O_IO_URING 0x40000 /* use io_uring instead of the thread pool */
-
-+#define BDRV_O_CBW_DISCARD_SOURCE 0x80000 /* for copy-before-write filter */
-+
- #define BDRV_O_CACHE_MASK (BDRV_O_NOCACHE | BDRV_O_NO_FLUSH)
-
-
-diff --git a/include/block/block-copy.h b/include/block/block-copy.h
-index 8b41643bfa..bdc703bacd 100644
---- a/include/block/block-copy.h
-+++ b/include/block/block-copy.h
-@@ -27,6 +27,7 @@ typedef struct BlockCopyCallState BlockCopyCallState;
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
-+ bool discard_source,
- Error **errp);
-
- /* Function should be called prior any actual copy request */
-diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
-index d2201e27f4..eb2d92a226 100644
---- a/include/block/block_int-global-state.h
-+++ b/include/block/block_int-global-state.h
-@@ -193,7 +193,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- MirrorSyncMode sync_mode,
- BdrvDirtyBitmap *sync_bitmap,
- BitmapSyncMode bitmap_mode,
-- bool compress,
-+ bool compress, bool discard_source,
- const char *filter_node_name,
- BackupPerf *perf,
- BlockdevOnError on_source_error,
-diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 4b18e01b85..b179d65520 100644
---- a/qapi/block-core.json
-+++ b/qapi/block-core.json
-@@ -1610,6 +1610,9 @@
- # node specified by @drive. If this option is not given, a node
- # name is autogenerated. (Since: 4.2)
- #
-+# @discard-source: Discard blocks on source which are already copied
-+# to the target. (Since 9.0)
-+#
- # @x-perf: Performance options. (Since 6.0)
- #
- # Features:
-@@ -1631,6 +1634,7 @@
- '*on-target-error': 'BlockdevOnError',
- '*auto-finalize': 'bool', '*auto-dismiss': 'bool',
- '*filter-node-name': 'str',
-+ '*discard-source': 'bool',
- '*x-perf': { 'type': 'BackupPerf',
- 'features': [ 'unstable' ] } } }
-
diff --git a/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch b/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
deleted file mode 100644
index c5a3e92..0000000
--- a/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Huth <thuth@redhat.com>
-Date: Tue, 18 Jun 2024 14:19:58 +0200
-Subject: [PATCH] hw/virtio: Fix the de-initialization of vhost-user devices
-
-The unrealize functions of the various vhost-user devices are
-calling the corresponding vhost_*_set_status() functions with a
-status of 0 to shut down the device correctly.
-
-Now these vhost_*_set_status() functions all follow this scheme:
-
- bool should_start = virtio_device_should_start(vdev, status);
-
- if (vhost_dev_is_started(&vvc->vhost_dev) == should_start) {
- return;
- }
-
- if (should_start) {
- /* ... do the initialization stuff ... */
- } else {
- /* ... do the cleanup stuff ... */
- }
-
-The problem here is virtio_device_should_start(vdev, 0) currently
-always returns "true" since it internally only looks at vdev->started
-instead of looking at the "status" parameter. Thus once the device
-got started once, virtio_device_should_start() always returns true
-and thus the vhost_*_set_status() functions return early, without
-ever doing any clean-up when being called with status == 0. This
-causes e.g. problems when trying to hot-plug and hot-unplug a vhost
-user devices multiple times since the de-initialization step is
-completely skipped during the unplug operation.
-
-This bug has been introduced in commit 9f6bcfd99f ("hw/virtio: move
-vm_running check to virtio_device_started") which replaced
-
- should_start = status & VIRTIO_CONFIG_S_DRIVER_OK;
-
-with
-
- should_start = virtio_device_started(vdev, status);
-
-which later got replaced by virtio_device_should_start(). This blocked
-the possibility to set should_start to false in case the status flag
-VIRTIO_CONFIG_S_DRIVER_OK was not set.
-
-Fix it by adjusting the virtio_device_should_start() function to
-only consider the status flag instead of vdev->started. Since this
-function is only used in the various vhost_*_set_status() functions
-for exactly the same purpose, it should be fine to fix it in this
-central place there without any risk to change the behavior of other
-code.
-
-Fixes: 9f6bcfd99f ("hw/virtio: move vm_running check to virtio_device_started")
-Buglink: https://issues.redhat.com/browse/RHEL-40708
-Signed-off-by: Thomas Huth <thuth@redhat.com>
-Message-Id: <20240618121958.88673-1-thuth@redhat.com>
-Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit d72479b11797c28893e1e3fc565497a9cae5ca16)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/hw/virtio/virtio.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
-index 7d5ffdc145..2eafad17b8 100644
---- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -470,9 +470,9 @@ static inline bool virtio_device_started(VirtIODevice *vdev, uint8_t status)
- * @vdev - the VirtIO device
- * @status - the devices status bits
- *
-- * This is similar to virtio_device_started() but also encapsulates a
-- * check on the VM status which would prevent a device starting
-- * anyway.
-+ * This is similar to virtio_device_started() but ignores vdev->started
-+ * and also encapsulates a check on the VM status which would prevent a
-+ * device from starting anyway.
- */
- static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status)
- {
-@@ -480,7 +480,7 @@ static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status
- return false;
- }
-
-- return virtio_device_started(vdev, status);
-+ return status & VIRTIO_CONFIG_S_DRIVER_OK;
- }
-
- static inline void virtio_set_started(VirtIODevice *vdev, bool started)
diff --git a/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch b/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
deleted file mode 100644
index 3ca2147..0000000
--- a/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniyal Khan <danikhan632@gmail.com>
-Date: Wed, 17 Jul 2024 16:01:47 +1000
-Subject: [PATCH] target/arm: Use float_status copy in sme_fmopa_s
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We made a copy above because the fp exception flags
-are not propagated back to the FPST register, but
-then failed to use the copy.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 558e956c719 ("target/arm: Implement FMOPA, FMOPS (non-widening)")
-Signed-off-by: Daniyal Khan <danikhan632@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20240717060149.204788-2-richard.henderson@linaro.org
-[rth: Split from a larger patch]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-(cherry picked from commit 31d93fedf41c24b0badb38cd9317590d1ef74e37)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/sme_helper.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
-index e2e0575039..5a6dd76489 100644
---- a/target/arm/tcg/sme_helper.c
-+++ b/target/arm/tcg/sme_helper.c
-@@ -916,7 +916,7 @@ void HELPER(sme_fmopa_s)(void *vza, void *vzn, void *vzm, void *vpn,
- if (pb & 1) {
- uint32_t *a = vza_row + H1_4(col);
- uint32_t *m = vzm + H1_4(col);
-- *a = float32_muladd(n, *m, *a, 0, vst);
-+ *a = float32_muladd(n, *m, *a, 0, &fpst);
- }
- col += 4;
- pb >>= 4;
diff --git a/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch b/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
deleted file mode 100644
index 56f24fc..0000000
--- a/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Wed, 17 Jul 2024 16:01:48 +1000
-Subject: [PATCH] target/arm: Use FPST_F16 for SME FMOPA (widening)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This operation has float16 inputs and thus must use
-the FZ16 control not the FZ control.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
-Reported-by: Daniyal Khan <danikhan632@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20240717060149.204788-3-richard.henderson@linaro.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2374
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-(cherry picked from commit 207d30b5fdb5b45a36f26eefcf52fe2c1714dd4f)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/translate-sme.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
-index 46c7fce8b4..185a8a917b 100644
---- a/target/arm/tcg/translate-sme.c
-+++ b/target/arm/tcg/translate-sme.c
-@@ -304,6 +304,7 @@ static bool do_outprod(DisasContext *s, arg_op *a, MemOp esz,
- }
-
- static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
-+ ARMFPStatusFlavour e_fpst,
- gen_helper_gvec_5_ptr *fn)
- {
- int svl = streaming_vec_reg_size(s);
-@@ -319,15 +320,18 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
- zm = vec_full_reg_ptr(s, a->zm);
- pn = pred_full_reg_ptr(s, a->pn);
- pm = pred_full_reg_ptr(s, a->pm);
-- fpst = fpstatus_ptr(FPST_FPCR);
-+ fpst = fpstatus_ptr(e_fpst);
-
- fn(za, zn, zm, pn, pm, fpst, tcg_constant_i32(desc));
- return true;
- }
-
--TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_h)
--TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_s)
--TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, MO_64, gen_helper_sme_fmopa_d)
-+TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a,
-+ MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h)
-+TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a,
-+ MO_32, FPST_FPCR, gen_helper_sme_fmopa_s)
-+TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a,
-+ MO_64, FPST_FPCR, gen_helper_sme_fmopa_d)
-
- /* TODO: FEAT_EBF16 */
- TRANS_FEAT(BFMOPA, aa64_sme, do_outprod, a, MO_32, gen_helper_sme_bfmopa)
diff --git a/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch b/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
deleted file mode 100644
index 6fad4dc..0000000
--- a/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Wed, 10 Jul 2024 17:25:29 +0200
-Subject: [PATCH] scsi: fix regression and honor bootindex again for legacy
- drives
-
-Commit 3089637461 ("scsi: Don't ignore most usb-storage properties")
-removed the call to object_property_set_int() and thus the 'set'
-method for the bootindex property was also not called anymore. Here
-that method is device_set_bootindex() (as configured by
-scsi_dev_instance_init() -> device_add_bootindex_property()) which as
-a side effect registers the device via add_boot_device_path().
-
-As reported by a downstream user [0], the bootindex property did not
-have the desired effect anymore for legacy drives. Fix the regression
-by explicitly calling the add_boot_device_path() function after
-checking that the bootindex is not yet used (to avoid
-add_boot_device_path() calling exit()).
-
-[0]: https://forum.proxmox.com/threads/149772/post-679433
-
-Cc: qemu-stable@nongnu.org
-Fixes: 3089637461 ("scsi: Don't ignore most usb-storage properties")
-Suggested-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Link: https://lore.kernel.org/r/20240710152529.1737407-1-f.ebner@proxmox.com
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 57a8a80d1a5b28797b21d30bfc60601945820e51)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/scsi/scsi-bus.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
-index 9e40b0c920..53eff5dd3d 100644
---- a/hw/scsi/scsi-bus.c
-+++ b/hw/scsi/scsi-bus.c
-@@ -384,6 +384,7 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
- DeviceState *dev;
- SCSIDevice *s;
- DriveInfo *dinfo;
-+ Error *local_err = NULL;
-
- if (blk_is_sg(blk)) {
- driver = "scsi-generic";
-@@ -403,6 +404,14 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
- s = SCSI_DEVICE(dev);
- s->conf = *conf;
-
-+ check_boot_index(conf->bootindex, &local_err);
-+ if (local_err) {
-+ object_unparent(OBJECT(dev));
-+ error_propagate(errp, local_err);
-+ return NULL;
-+ }
-+ add_boot_device_path(conf->bootindex, dev, NULL);
-+
- qdev_prop_set_uint32(dev, "scsi-id", unit);
- if (object_property_find(OBJECT(dev), "removable")) {
- qdev_prop_set_bit(dev, "removable", removable);
diff --git a/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch b/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
deleted file mode 100644
index e118289..0000000
--- a/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Mon, 15 Jul 2024 15:14:03 +0200
-Subject: [PATCH] hw/scsi/lsi53c895a: bump instruction limit in scripts
- processing to fix regression
-
-Commit 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts
-processing") reduced the maximum allowed instruction count by
-a factor of 100 all the way down to 100.
-
-This causes the "Check Point R81.20 Gaia" appliance [0] to fail to
-boot after fully finishing the installation via the appliance's web
-interface (there is already one reboot before that).
-
-With a limit of 150, the appliance still fails to boot, while with a
-limit of 200, it works. Bump to 500 to fix the regression and be on
-the safe side.
-
-Originally reported in the Proxmox community forum[1].
-
-[0]: https://support.checkpoint.com/results/download/124397
-[1]: https://forum.proxmox.com/threads/149772/post-683459
-
-Cc: qemu-stable@nongnu.org
-Fixes: 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts processing")
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Acked-by: Sven Schnelle <svens@stackframe.org>
-Link: https://lore.kernel.org/r/20240715131403.223239-1-f.ebner@proxmox.com
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit a4975023fb13cf229bd59c9ceec1b8cbdc5b9a20)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/scsi/lsi53c895a.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
-index eb9828dd5e..f1935e5328 100644
---- a/hw/scsi/lsi53c895a.c
-+++ b/hw/scsi/lsi53c895a.c
-@@ -188,7 +188,7 @@ static const char *names[] = {
- #define LSI_TAG_VALID (1 << 16)
-
- /* Maximum instructions to process. */
--#define LSI_MAX_INSN 100
-+#define LSI_MAX_INSN 500
-
- typedef struct lsi_request {
- SCSIRequest *req;
diff --git a/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch b/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
deleted file mode 100644
index dc1d2c1..0000000
--- a/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 27 Jun 2024 20:12:44 +0200
-Subject: [PATCH] block-copy: Fix missing graph lock
-
-The graph lock needs to be held when calling bdrv_co_pdiscard(). Fix
-block_copy_task_entry() to take it for the call.
-
-WITH_GRAPH_RDLOCK_GUARD() was implemented in a weak way because of
-limitations in clang's Thread Safety Analysis at the time, so that it
-only asserts that the lock is held (which allows calling functions that
-require the lock), but we never deal with the unlocking (so even after
-the scope of the guard, the compiler assumes that the lock is still
-held). This is why the compiler didn't catch this locking error.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-(picked from https://lore.kernel.org/qemu-devel/20240627181245.281403-2-kwolf@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/block-copy.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/block/block-copy.c b/block/block-copy.c
-index 7e3b378528..cc618e4561 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -595,7 +595,9 @@ static coroutine_fn int block_copy_task_entry(AioTask *task)
- if (s->discard_source && ret == 0) {
- int64_t nbytes =
- MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset;
-- bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
-+ WITH_GRAPH_RDLOCK_GUARD() {
-+ bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
-+ }
- }
-
- return ret;
diff --git a/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch b/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
deleted file mode 100644
index 088af84..0000000
--- a/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sergey Dyasli <sergey.dyasli@nutanix.com>
-Date: Fri, 12 Jul 2024 09:26:59 +0000
-Subject: [PATCH] Revert "qemu-char: do not operate on sources from finalize
- callbacks"
-
-This reverts commit 2b316774f60291f57ca9ecb6a9f0712c532cae34.
-
-After 038b4217884c ("Revert "chardev: use a child source for qio input
-source"") we've been observing the "iwp->src == NULL" assertion
-triggering periodically during the initial capabilities querying by
-libvirtd. One of possible backtraces:
-
-Thread 1 (Thread 0x7f16cd4f0700 (LWP 43858)):
-0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
-1 0x00007f16c6c21e65 in __GI_abort () at abort.c:79
-2 0x00007f16c6c21d39 in __assert_fail_base at assert.c:92
-3 0x00007f16c6c46e86 in __GI___assert_fail (assertion=assertion@entry=0x562e9bcdaadd "iwp->src == NULL", file=file@entry=0x562e9bcdaac8 "../chardev/char-io.c", line=line@entry=99, function=function@entry=0x562e9bcdab10 <__PRETTY_FUNCTION__.20549> "io_watch_poll_finalize") at assert.c:101
-4 0x0000562e9ba20c2c in io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:99
-5 io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:88
-6 0x00007f16c904aae0 in g_source_unref_internal () from /lib64/libglib-2.0.so.0
-7 0x00007f16c904baf9 in g_source_destroy_internal () from /lib64/libglib-2.0.so.0
-8 0x0000562e9ba20db0 in io_remove_watch_poll (source=0x562e9d6720b0) at ../chardev/char-io.c:147
-9 remove_fd_in_watch (chr=chr@entry=0x562e9d5f3800) at ../chardev/char-io.c:153
-10 0x0000562e9ba23ffb in update_ioc_handlers (s=0x562e9d5f3800) at ../chardev/char-socket.c:592
-11 0x0000562e9ba2072f in qemu_chr_fe_set_handlers_full at ../chardev/char-fe.c:279
-12 0x0000562e9ba207a9 in qemu_chr_fe_set_handlers at ../chardev/char-fe.c:304
-13 0x0000562e9ba2ca75 in monitor_qmp_setup_handlers_bh (opaque=0x562e9d4c2c60) at ../monitor/qmp.c:509
-14 0x0000562e9bb6222e in aio_bh_poll (ctx=ctx@entry=0x562e9d4c2f20) at ../util/async.c:216
-15 0x0000562e9bb4de0a in aio_poll (ctx=0x562e9d4c2f20, blocking=blocking@entry=true) at ../util/aio-posix.c:722
-16 0x0000562e9b99dfaa in iothread_run (opaque=0x562e9d4c26f0) at ../iothread.c:63
-17 0x0000562e9bb505a4 in qemu_thread_start (args=0x562e9d4c7ea0) at ../util/qemu-thread-posix.c:543
-18 0x00007f16c70081ca in start_thread (arg=<optimized out>) at pthread_create.c:479
-19 0x00007f16c6c398d3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
-
-io_remove_watch_poll(), which makes sure that iwp->src is NULL, calls
-g_source_destroy() which finds that iwp->src is not NULL in the finalize
-callback. This can only happen if another thread has managed to trigger
-io_watch_poll_prepare() callback in the meantime.
-
-Move iwp->src destruction back to the finalize callback to prevent the
-described race, and also remove the stale comment. The deadlock glib bug
-was fixed back in 2010 by b35820285668 ("gmain: move finalization of
-GSource outside of context lock").
-
-Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Sergey Dyasli <sergey.dyasli@nutanix.com>
-Link: https://lore.kernel.org/r/20240712092659.216206-1-sergey.dyasli@nutanix.com
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit e0bf95443ee9326d44031373420cf9f3513ee255)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- chardev/char-io.c | 19 +++++--------------
- 1 file changed, 5 insertions(+), 14 deletions(-)
-
-diff --git a/chardev/char-io.c b/chardev/char-io.c
-index dab77b112e..3be17b51ca 100644
---- a/chardev/char-io.c
-+++ b/chardev/char-io.c
-@@ -87,16 +87,12 @@ static gboolean io_watch_poll_dispatch(GSource *source, GSourceFunc callback,
-
- static void io_watch_poll_finalize(GSource *source)
- {
-- /*
-- * Due to a glib bug, removing the last reference to a source
-- * inside a finalize callback causes recursive locking (and a
-- * deadlock). This is not a problem inside other callbacks,
-- * including dispatch callbacks, so we call io_remove_watch_poll
-- * to remove this source. At this point, iwp->src must
-- * be NULL, or we would leak it.
-- */
- IOWatchPoll *iwp = io_watch_poll_from_source(source);
-- assert(iwp->src == NULL);
-+ if (iwp->src) {
-+ g_source_destroy(iwp->src);
-+ g_source_unref(iwp->src);
-+ iwp->src = NULL;
-+ }
- }
-
- static GSourceFuncs io_watch_poll_funcs = {
-@@ -139,11 +135,6 @@ static void io_remove_watch_poll(GSource *source)
- IOWatchPoll *iwp;
-
- iwp = io_watch_poll_from_source(source);
-- if (iwp->src) {
-- g_source_destroy(iwp->src);
-- g_source_unref(iwp->src);
-- iwp->src = NULL;
-- }
- g_source_destroy(&iwp->parent);
- }
-
diff --git a/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch b/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
deleted file mode 100644
index 055d7c0..0000000
--- a/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Cindy Lu <lulu@redhat.com>
-Date: Tue, 6 Aug 2024 17:37:12 +0800
-Subject: [PATCH] virtio-pci: Fix the use of an uninitialized irqfd
-
-The crash was reported in MAC OS and NixOS, here is the link for this bug
-https://gitlab.com/qemu-project/qemu/-/issues/2334
-https://gitlab.com/qemu-project/qemu/-/issues/2321
-
-In this bug, they are using the virtio_input device. The guest notifier was
-not supported for this device, The function virtio_pci_set_guest_notifiers()
-was not called, and the vector_irqfd was not initialized.
-
-So the fix is adding the check for vector_irqfd in virtio_pci_get_notifier()
-
-The function virtio_pci_get_notifier() can be used in various devices.
-It could also be called when VIRTIO_CONFIG_S_DRIVER_OK is not set. In this situation,
-the vector_irqfd being NULL is acceptable. We can allow the device continue to boot
-
-If the vector_irqfd still hasn't been initialized after VIRTIO_CONFIG_S_DRIVER_OK
-is set, it means that the function set_guest_notifiers was not called before the
-driver started. This indicates that the device is not using the notifier.
-At this point, we will let the check fail.
-
-This fix is verified in vyatta,MacOS,NixOS,fedora system.
-
-The bt tree for this bug is:
-Thread 6 "CPU 0/KVM" received signal SIGSEGV, Segmentation fault.
-[Switching to Thread 0x7c817be006c0 (LWP 1269146)]
-kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
-817 if (irqfd->users == 0) {
-(gdb) thread apply all bt
-...
-Thread 6 (Thread 0x7c817be006c0 (LWP 1269146) "CPU 0/KVM"):
-0 kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
-1 kvm_virtio_pci_vector_use_one () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:893
-2 0x00005983657045e2 in memory_region_write_accessor () at ../qemu-9.0.0/system/memory.c:497
-3 0x0000598365704ba6 in access_with_adjusted_size () at ../qemu-9.0.0/system/memory.c:573
-4 0x0000598365705059 in memory_region_dispatch_write () at ../qemu-9.0.0/system/memory.c:1528
-5 0x00005983659b8e1f in flatview_write_continue_step.isra.0 () at ../qemu-9.0.0/system/physmem.c:2713
-6 0x000059836570ba7d in flatview_write_continue () at ../qemu-9.0.0/system/physmem.c:2743
-7 flatview_write () at ../qemu-9.0.0/system/physmem.c:2774
-8 0x000059836570bb76 in address_space_write () at ../qemu-9.0.0/system/physmem.c:2894
-9 0x0000598365763afe in address_space_rw () at ../qemu-9.0.0/system/physmem.c:2904
-10 kvm_cpu_exec () at ../qemu-9.0.0/accel/kvm/kvm-all.c:2917
-11 0x000059836576656e in kvm_vcpu_thread_fn () at ../qemu-9.0.0/accel/kvm/kvm-accel-ops.c:50
-12 0x0000598365926ca8 in qemu_thread_start () at ../qemu-9.0.0/util/qemu-thread-posix.c:541
-13 0x00007c8185bcd1cf in ??? () at /usr/lib/libc.so.6
-14 0x00007c8185c4e504 in clone () at /usr/lib/libc.so.6
-
-Fixes: 2ce6cff94d ("virtio-pci: fix use of a released vector")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Cindy Lu <lulu@redhat.com>
-Message-Id: <20240806093715.65105-1-lulu@redhat.com>
-Acked-by: Jason Wang <jasowang@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit a8e63ff289d137197ad7a701a587cc432872d798)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/virtio/virtio-pci.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index e04218a9fb..389bab003f 100644
---- a/hw/virtio/virtio-pci.c
-+++ b/hw/virtio/virtio-pci.c
-@@ -860,6 +860,9 @@ static int virtio_pci_get_notifier(VirtIOPCIProxy *proxy, int queue_no,
- VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- VirtQueue *vq;
-
-+ if (!proxy->vector_irqfd && vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)
-+ return -1;
-+
- if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
- *n = virtio_config_get_guest_notifier(vdev);
- *vector = vdev->config_vector;
diff --git a/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch b/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
deleted file mode 100644
index 1dcb129..0000000
--- a/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Akihiko Odaki <akihiko.odaki@daynix.com>
-Date: Mon, 1 Jul 2024 20:58:04 +0900
-Subject: [PATCH] virtio-net: Ensure queue index fits with RSS
-
-Ensure the queue index points to a valid queue when software RSS
-enabled. The new calculation matches with the behavior of Linux's TAP
-device with the RSS eBPF program.
-
-Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
-Reported-by: Zhibin Hu <huzhibin5@huawei.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit f1595ceb9aad36a6c1da95bcb77ab9509b38822d)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/net/virtio-net.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index 3644bfd91b..f48588638d 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1949,7 +1949,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
- if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
- int index = virtio_net_process_rss(nc, buf, size);
- if (index >= 0) {
-- NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
-+ NetClientState *nc2 =
-+ qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
- return virtio_net_receive_rcu(nc2, buf, size, true);
- }
- }
diff --git a/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch b/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
deleted file mode 100644
index b8f67d4..0000000
--- a/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
+++ /dev/null
@@ -1,338 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: thomas <east.moutain.yang@gmail.com>
-Date: Fri, 12 Jul 2024 11:10:53 +0800
-Subject: [PATCH] virtio-net: Fix network stall at the host side waiting for
- kick
-
-Patch 06b12970174 ("virtio-net: fix network stall under load")
-added double-check to test whether the available buffer size
-can satisfy the request or not, in case the guest has added
-some buffers to the avail ring simultaneously after the first
-check. It will be lucky if the available buffer size becomes
-okay after the double-check, then the host can send the packet
-to the guest. If the buffer size still can't satisfy the request,
-even if the guest has added some buffers, viritio-net would
-stall at the host side forever.
-
-The patch enables notification and checks whether the guest has
-added some buffers since last check of available buffers when
-the available buffers are insufficient. If no buffer is added,
-return false, else recheck the available buffers in the loop.
-If the available buffers are sufficient, disable notification
-and return true.
-
-Changes:
-1. Change the return type of virtqueue_get_avail_bytes() from void
- to int, it returns an opaque that represents the shadow_avail_idx
- of the virtqueue on success, else -1 on error.
-2. Add a new API: virtio_queue_enable_notification_and_check(),
- it takes an opaque as input arg which is returned from
- virtqueue_get_avail_bytes(). It enables notification firstly,
- then checks whether the guest has added some buffers since
- last check of available buffers or not by virtio_queue_poll(),
- return ture if yes.
-
-The patch also reverts patch "06b12970174".
-
-The case below can reproduce the stall.
-
- Guest 0
- +--------+
- | iperf |
- ---------------> | server |
- Host | +--------+
- +--------+ | ...
- | iperf |----
- | client |---- Guest n
- +--------+ | +--------+
- | | iperf |
- ---------------> | server |
- +--------+
-
-Boot many guests from qemu with virtio network:
- qemu ... -netdev tap,id=net_x \
- -device virtio-net-pci-non-transitional,\
- iommu_platform=on,mac=xx:xx:xx:xx:xx:xx,netdev=net_x
-
-Each guest acts as iperf server with commands below:
- iperf3 -s -D -i 10 -p 8001
- iperf3 -s -D -i 10 -p 8002
-
-The host as iperf client:
- iperf3 -c guest_IP -p 8001 -i 30 -w 256k -P 20 -t 40000
- iperf3 -c guest_IP -p 8002 -i 30 -w 256k -P 20 -t 40000
-
-After some time, the host loses connection to the guest,
-the guest can send packet to the host, but can't receive
-packet from the host.
-
-It's more likely to happen if SWIOTLB is enabled in the guest,
-allocating and freeing bounce buffer takes some CPU ticks,
-copying from/to bounce buffer takes more CPU ticks, compared
-with that there is no bounce buffer in the guest.
-Once the rate of producing packets from the host approximates
-the rate of receiveing packets in the guest, the guest would
-loop in NAPI.
-
- receive packets ---
- | |
- v |
- free buf virtnet_poll
- | |
- v |
- add buf to avail ring ---
- |
- | need kick the host?
- | NAPI continues
- v
- receive packets ---
- | |
- v |
- free buf virtnet_poll
- | |
- v |
- add buf to avail ring ---
- |
- v
- ... ...
-
-On the other hand, the host fetches free buf from avail
-ring, if the buf in the avail ring is not enough, the
-host notifies the guest the event by writing the avail
-idx read from avail ring to the event idx of used ring,
-then the host goes to sleep, waiting for the kick signal
-from the guest.
-
-Once the guest finds the host is waiting for kick singal
-(in virtqueue_kick_prepare_split()), it kicks the host.
-
-The host may stall forever at the sequences below:
-
- Host Guest
- ------------ -----------
- fetch buf, send packet receive packet ---
- ... ... |
- fetch buf, send packet add buf |
- ... add buf virtnet_poll
- buf not enough avail idx-> add buf |
- read avail idx add buf |
- add buf ---
- receive packet ---
- write event idx ... |
- wait for kick add buf virtnet_poll
- ... |
- ---
- no more packet, exit NAPI
-
-In the first loop of NAPI above, indicated in the range of
-virtnet_poll above, the host is sending packets while the
-guest is receiving packets and adding buffers.
- step 1: The buf is not enough, for example, a big packet
- needs 5 buf, but the available buf count is 3.
- The host read current avail idx.
- step 2: The guest adds some buf, then checks whether the
- host is waiting for kick signal, not at this time.
- The used ring is not empty, the guest continues
- the second loop of NAPI.
- step 3: The host writes the avail idx read from avail
- ring to used ring as event idx via
- virtio_queue_set_notification(q->rx_vq, 1).
- step 4: At the end of the second loop of NAPI, recheck
- whether kick is needed, as the event idx in the
- used ring written by the host is beyound the
- range of kick condition, the guest will not
- send kick signal to the host.
-
-Fixes: 06b12970174 ("virtio-net: fix network stall under load")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Wencheng Yang <east.moutain.yang@gmail.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit f937309fbdbb48c354220a3e7110c202ae4aa7fa)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/net/virtio-net.c | 28 ++++++++++-------
- hw/virtio/virtio.c | 64 +++++++++++++++++++++++++++++++++++---
- include/hw/virtio/virtio.h | 21 +++++++++++--
- 3 files changed, 94 insertions(+), 19 deletions(-)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f48588638d..d4b979d343 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1680,24 +1680,28 @@ static bool virtio_net_can_receive(NetClientState *nc)
-
- static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
- {
-+ int opaque;
-+ unsigned int in_bytes;
- VirtIONet *n = q->n;
-- if (virtio_queue_empty(q->rx_vq) ||
-- (n->mergeable_rx_bufs &&
-- !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
-- virtio_queue_set_notification(q->rx_vq, 1);
--
-- /* To avoid a race condition where the guest has made some buffers
-- * available after the above check but before notification was
-- * enabled, check for available buffers again.
-- */
-- if (virtio_queue_empty(q->rx_vq) ||
-- (n->mergeable_rx_bufs &&
-- !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
-+
-+ while (virtio_queue_empty(q->rx_vq) || n->mergeable_rx_bufs) {
-+ opaque = virtqueue_get_avail_bytes(q->rx_vq, &in_bytes, NULL,
-+ bufsize, 0);
-+ /* Buffer is enough, disable notifiaction */
-+ if (bufsize <= in_bytes) {
-+ break;
-+ }
-+
-+ if (virtio_queue_enable_notification_and_check(q->rx_vq, opaque)) {
-+ /* Guest has added some buffers, try again */
-+ continue;
-+ } else {
- return 0;
- }
- }
-
- virtio_queue_set_notification(q->rx_vq, 0);
-+
- return 1;
- }
-
-diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index fd2dfe3a6b..08fba6b2d8 100644
---- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -743,6 +743,60 @@ int virtio_queue_empty(VirtQueue *vq)
- }
- }
-
-+static bool virtio_queue_split_poll(VirtQueue *vq, unsigned shadow_idx)
-+{
-+ if (unlikely(!vq->vring.avail)) {
-+ return false;
-+ }
-+
-+ return (uint16_t)shadow_idx != vring_avail_idx(vq);
-+}
-+
-+static bool virtio_queue_packed_poll(VirtQueue *vq, unsigned shadow_idx)
-+{
-+ VRingPackedDesc desc;
-+ VRingMemoryRegionCaches *caches;
-+
-+ if (unlikely(!vq->vring.desc)) {
-+ return false;
-+ }
-+
-+ caches = vring_get_region_caches(vq);
-+ if (!caches) {
-+ return false;
-+ }
-+
-+ vring_packed_desc_read(vq->vdev, &desc, &caches->desc,
-+ shadow_idx, true);
-+
-+ return is_desc_avail(desc.flags, vq->shadow_avail_wrap_counter);
-+}
-+
-+static bool virtio_queue_poll(VirtQueue *vq, unsigned shadow_idx)
-+{
-+ if (virtio_device_disabled(vq->vdev)) {
-+ return false;
-+ }
-+
-+ if (virtio_vdev_has_feature(vq->vdev, VIRTIO_F_RING_PACKED)) {
-+ return virtio_queue_packed_poll(vq, shadow_idx);
-+ } else {
-+ return virtio_queue_split_poll(vq, shadow_idx);
-+ }
-+}
-+
-+bool virtio_queue_enable_notification_and_check(VirtQueue *vq,
-+ int opaque)
-+{
-+ virtio_queue_set_notification(vq, 1);
-+
-+ if (opaque >= 0) {
-+ return virtio_queue_poll(vq, (unsigned)opaque);
-+ } else {
-+ return false;
-+ }
-+}
-+
- static void virtqueue_unmap_sg(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len)
- {
-@@ -1330,9 +1384,9 @@ err:
- goto done;
- }
-
--void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-- unsigned int *out_bytes,
-- unsigned max_in_bytes, unsigned max_out_bytes)
-+int virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-+ unsigned int *out_bytes, unsigned max_in_bytes,
-+ unsigned max_out_bytes)
- {
- uint16_t desc_size;
- VRingMemoryRegionCaches *caches;
-@@ -1365,7 +1419,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
- caches);
- }
-
-- return;
-+ return (int)vq->shadow_avail_idx;
- err:
- if (in_bytes) {
- *in_bytes = 0;
-@@ -1373,6 +1427,8 @@ err:
- if (out_bytes) {
- *out_bytes = 0;
- }
-+
-+ return -1;
- }
-
- int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
-diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
-index 2eafad17b8..8b4da92889 100644
---- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -271,9 +271,13 @@ void qemu_put_virtqueue_element(VirtIODevice *vdev, QEMUFile *f,
- VirtQueueElement *elem);
- int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
- unsigned int out_bytes);
--void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-- unsigned int *out_bytes,
-- unsigned max_in_bytes, unsigned max_out_bytes);
-+/**
-+ * Return <0 on error or an opaque >=0 to pass to
-+ * virtio_queue_enable_notification_and_check on success.
-+ */
-+int virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-+ unsigned int *out_bytes, unsigned max_in_bytes,
-+ unsigned max_out_bytes);
-
- void virtio_notify_irqfd(VirtIODevice *vdev, VirtQueue *vq);
- void virtio_notify(VirtIODevice *vdev, VirtQueue *vq);
-@@ -307,6 +311,17 @@ int virtio_queue_ready(VirtQueue *vq);
-
- int virtio_queue_empty(VirtQueue *vq);
-
-+/**
-+ * Enable notification and check whether guest has added some
-+ * buffers since last call to virtqueue_get_avail_bytes.
-+ *
-+ * @opaque: value returned from virtqueue_get_avail_bytes
-+ */
-+bool virtio_queue_enable_notification_and_check(VirtQueue *vq,
-+ int opaque);
-+
-+void virtio_queue_set_shadow_avail_idx(VirtQueue *vq, uint16_t idx);
-+
- /* Host binding interface. */
-
- uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr);
diff --git a/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch b/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
deleted file mode 100644
index c99b7a5..0000000
--- a/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw@amazon.co.uk>
-Date: Tue, 9 Jul 2024 13:34:44 +0100
-Subject: [PATCH] net: Reinstate '-net nic, model=help' output as documented in
- man page
-
-While refactoring the NIC initialization code, I broke '-net nic,model=help'
-which no longer outputs a list of available NIC models.
-
-Fixes: 2cdeca04adab ("net: report list of available models according to platform")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit 64f75f57f9d2c8c12ac6d9355fa5d3a2af5879ca)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- net/net.c | 25 ++++++++++++++++++++++---
- 1 file changed, 22 insertions(+), 3 deletions(-)
-
-diff --git a/net/net.c b/net/net.c
-index a2f0c828bb..e6ca2529bb 100644
---- a/net/net.c
-+++ b/net/net.c
-@@ -1150,6 +1150,21 @@ NICInfo *qemu_find_nic_info(const char *typename, bool match_default,
- return NULL;
- }
-
-+static bool is_nic_model_help_option(const char *model)
-+{
-+ if (model && is_help_option(model)) {
-+ /*
-+ * Trigger the help output by instantiating the hash table which
-+ * will gather tha available models as they get registered.
-+ */
-+ if (!nic_model_help) {
-+ nic_model_help = g_hash_table_new_full(g_str_hash, g_str_equal,
-+ g_free, NULL);
-+ }
-+ return true;
-+ }
-+ return false;
-+}
-
- /* "I have created a device. Please configure it if you can" */
- bool qemu_configure_nic_device(DeviceState *dev, bool match_default,
-@@ -1733,6 +1748,12 @@ void net_check_clients(void)
-
- static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)
- {
-+ const char *model = qemu_opt_get_del(opts, "model");
-+
-+ if (is_nic_model_help_option(model)) {
-+ return 0;
-+ }
-+
- return net_client_init(opts, false, errp);
- }
-
-@@ -1789,9 +1810,7 @@ static int net_param_nic(void *dummy, QemuOpts *opts, Error **errp)
- memset(ni, 0, sizeof(*ni));
- ni->model = qemu_opt_get_del(opts, "model");
-
-- if (!nic_model_help && !g_strcmp0(ni->model, "help")) {
-- nic_model_help = g_hash_table_new_full(g_str_hash, g_str_equal,
-- g_free, NULL);
-+ if (is_nic_model_help_option(ni->model)) {
- return 0;
- }
-
diff --git a/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch b/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
deleted file mode 100644
index 3ab2407..0000000
--- a/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw@amazon.co.uk>
-Date: Tue, 6 Aug 2024 18:21:37 +0100
-Subject: [PATCH] net: Fix '-net nic,model=' for non-help arguments
-
-Oops, don't *delete* the model option when checking for 'help'.
-
-Fixes: 64f75f57f9d2 ("net: Reinstate '-net nic, model=help' output as documented in man page")
-Reported-by: Hans <sungdgdhtryrt@gmail.com>
-Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit fa62cb989a9146c82f8f172715042852f5d36200)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- net/net.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/net/net.c b/net/net.c
-index e6ca2529bb..897bb936cf 100644
---- a/net/net.c
-+++ b/net/net.c
-@@ -1748,7 +1748,7 @@ void net_check_clients(void)
-
- static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)
- {
-- const char *model = qemu_opt_get_del(opts, "model");
-+ const char *model = qemu_opt_get(opts, "model");
-
- if (is_nic_model_help_option(model)) {
- return 0;
diff --git a/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch b/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
deleted file mode 100644
index 9667ef4..0000000
--- a/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:54 +0100
-Subject: [PATCH] target/arm: Don't assert for 128-bit tile accesses when SVL
- is 128
-
-For an instruction which accesses a 128-bit element tile when
-the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]),
-we will assert in get_tile_rowcol():
-
-qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion `len > 0' failed.
-
-This happens because we calculate
- len = ctz32(streaming_vec_reg_size(s)) - esz;$
-but if the SVL and the element size are the same len is 0, and
-the deposit operation asserts.
-
-In this case the ZA storage contains exactly one 128 bit
-element ZA tile, and the horizontal or vertical slice is just
-that tile. This means that regardless of the index value in
-the Ws register, we always access that tile. (In pseudocode terms,
-we calculate (index + offset) MOD 1, which is 0.)
-
-Special case the len == 0 case to avoid hitting the assertion
-in tcg_gen_deposit_z_i32().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-2-peter.maydell@linaro.org
-(cherry picked from commit 56f1c0db928aae0b83fd91c89ddb226b137e2b21)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/translate-sme.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
-index 185a8a917b..a50a419af2 100644
---- a/target/arm/tcg/translate-sme.c
-+++ b/target/arm/tcg/translate-sme.c
-@@ -49,7 +49,15 @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs,
- /* Prepare a power-of-two modulo via extraction of @len bits. */
- len = ctz32(streaming_vec_reg_size(s)) - esz;
-
-- if (vertical) {
-+ if (!len) {
-+ /*
-+ * SVL is 128 and the element size is 128. There is exactly
-+ * one 128x128 tile in the ZA storage, and so we calculate
-+ * (Rs + imm) MOD 1, which is always 0. We need to special case
-+ * this because TCG doesn't allow deposit ops with len 0.
-+ */
-+ tcg_gen_movi_i32(tmp, 0);
-+ } else if (vertical) {
- /*
- * Compute the byte offset of the index within the tile:
- * (index % (svl / size)) * size
diff --git a/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch b/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
deleted file mode 100644
index cd60b30..0000000
--- a/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:55 +0100
-Subject: [PATCH] target/arm: Fix UMOPA/UMOPS of 16-bit values
-
-The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or
-16 bit elements and accumulate the products into a 64-bit element.
-In the Arm ARM pseudocode, this is done with the usual
-infinite-precision signed arithmetic. However our implementation
-doesn't quite get it right, because in the DEF_IMOP_64() macro we do:
- sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0);
-
-where NTYPE and MTYPE are uint16_t or int16_t. In the uint16_t case,
-the C usual arithmetic conversions mean the values are converted to
-"int" type and the multiply is done as a 32-bit multiply. This means
-that if the inputs are, for example, 0xffff and 0xffff then the
-result is 0xFFFE0001 as an int, which is then promoted to uint64_t
-for the accumulation into sum; this promotion incorrectly sign
-extends the multiply.
-
-Avoid the incorrect sign extension by casting to int64_t before
-the multiply, so we do the multiply as 64-bit signed arithmetic,
-which is a type large enough that the multiply can never
-overflow into the sign bit.
-
-(The equivalent 8-bit operations in DEF_IMOP_32() are fine, because
-the 8-bit multiplies can never overflow into the sign bit of a
-32-bit integer.)
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2372
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-3-peter.maydell@linaro.org
-(cherry picked from commit ea3f5a90f036734522e9af3bffd77e69e9f47355)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/sme_helper.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
-index 5a6dd76489..f9001f5213 100644
---- a/target/arm/tcg/sme_helper.c
-+++ b/target/arm/tcg/sme_helper.c
-@@ -1146,10 +1146,10 @@ static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \
- uint64_t sum = 0; \
- /* Apply P to N as a mask, making the inactive elements 0. */ \
- n &= expand_pred_h(p); \
-- sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); \
-- sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16); \
-- sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32); \
-- sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48); \
-+ sum += (int64_t)(NTYPE)(n >> 0) * (MTYPE)(m >> 0); \
-+ sum += (int64_t)(NTYPE)(n >> 16) * (MTYPE)(m >> 16); \
-+ sum += (int64_t)(NTYPE)(n >> 32) * (MTYPE)(m >> 32); \
-+ sum += (int64_t)(NTYPE)(n >> 48) * (MTYPE)(m >> 48); \
- return neg ? a - sum : a + sum; \
- }
-
diff --git a/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch b/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
deleted file mode 100644
index 52ca765..0000000
--- a/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:56 +0100
-Subject: [PATCH] target/arm: Avoid shifts by -1 in tszimm_shr() and
- tszimm_shl()
-
-The function tszimm_esz() returns a shift amount, or possibly -1 in
-certain cases that correspond to unallocated encodings in the
-instruction set. We catch these later in the trans_ functions
-(generally with an "a-esz < 0" check), but before we do the
-decodetree-generated code will also call tszimm_shr() or tszimm_sl(),
-which will use the tszimm_esz() return value as a shift count without
-checking that it is not negative, which is undefined behaviour.
-
-Avoid the UB by checking the return value in tszimm_shr() and
-tszimm_shl().
-
-Cc: qemu-stable@nongnu.org
-Resolves: Coverity CID 1547617, 1547694
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-4-peter.maydell@linaro.org
-(cherry picked from commit 76916dfa89e8900639c1055c07a295c06628a0bc)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/translate-sve.c | 18 ++++++++++++++++--
- 1 file changed, 16 insertions(+), 2 deletions(-)
-
-diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
-index ada05aa530..466a19c25a 100644
---- a/target/arm/tcg/translate-sve.c
-+++ b/target/arm/tcg/translate-sve.c
-@@ -50,13 +50,27 @@ static int tszimm_esz(DisasContext *s, int x)
-
- static int tszimm_shr(DisasContext *s, int x)
- {
-- return (16 << tszimm_esz(s, x)) - x;
-+ /*
-+ * We won't use the tszimm_shr() value if tszimm_esz() returns -1 (the
-+ * trans function will check for esz < 0), so we can return any
-+ * value we like from here in that case as long as we avoid UB.
-+ */
-+ int esz = tszimm_esz(s, x);
-+ if (esz < 0) {
-+ return esz;
-+ }
-+ return (16 << esz) - x;
- }
-
- /* See e.g. LSL (immediate, predicated). */
- static int tszimm_shl(DisasContext *s, int x)
- {
-- return x - (8 << tszimm_esz(s, x));
-+ /* As with tszimm_shr(), value will be unused if esz < 0 */
-+ int esz = tszimm_esz(s, x);
-+ if (esz < 0) {
-+ return esz;
-+ }
-+ return x - (8 << esz);
- }
-
- /* The SH bit is in bit 8. Extract the low 8 and shift. */
diff --git a/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch b/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
deleted file mode 100644
index bc8bd39..0000000
--- a/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:57 +0100
-Subject: [PATCH] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is
- not enabled
-
-When determining the current vector length, the SMCR_EL2.LEN and
-SVCR_EL2.LEN settings should only be considered if EL2 is enabled
-(compare the pseudocode CurrentSVL and CurrentNSVL which call
-EL2Enabled()).
-
-We were checking against ARM_FEATURE_EL2 rather than calling
-arm_is_el2_enabled(), which meant that we would look at
-SMCR_EL2/SVCR_EL2 when in Secure EL1 or Secure EL0 even if Secure EL2
-was not enabled.
-
-Use the correct check in sve_vqm1_for_el_sm().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-5-peter.maydell@linaro.org
-(cherry picked from commit f573ac059ed060234fcef4299fae9e500d357c33)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/helper.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index a620481d7c..42044ae14b 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -7191,7 +7191,7 @@ uint32_t sve_vqm1_for_el_sm(CPUARMState *env, int el, bool sm)
- if (el <= 1 && !el_is_in_host(env, el)) {
- len = MIN(len, 0xf & (uint32_t)cr[1]);
- }
-- if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) {
-+ if (el <= 2 && arm_is_el2_enabled(env)) {
- len = MIN(len, 0xf & (uint32_t)cr[2]);
- }
- if (arm_feature(env, ARM_FEATURE_EL3)) {
diff --git a/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch b/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
deleted file mode 100644
index b1a55e8..0000000
--- a/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Thu, 1 Aug 2024 10:15:03 +0100
-Subject: [PATCH] target/arm: Handle denormals correctly for FMOPA (widening)
-
-The FMOPA (widening) SME instruction takes pairs of half-precision
-floating point values, widens them to single-precision, does a
-two-way dot product and accumulates the results into a
-single-precision destination. We don't quite correctly handle the
-FPCR bits FZ and FZ16 which control flushing of denormal inputs and
-outputs. This is because at the moment we pass a single float_status
-value to the helper function, which then uses that configuration for
-all the fp operations it does. However, because the inputs to this
-operation are float16 and the outputs are float32 we need to use the
-fp_status_f16 for the float16 input widening but the normal fp_status
-for everything else. Otherwise we will apply the flushing control
-FPCR.FZ16 to the 32-bit output rather than the FPCR.FZ control, and
-incorrectly flush a denormal output to zero when we should not (or
-vice-versa).
-
-(In commit 207d30b5fdb5b we tried to fix the FZ handling but
-didn't get it right, switching from "use FPCR.FZ for everything" to
-"use FPCR.FZ16 for everything".)
-
-Pass the CPU env to the sme_fmopa_h helper instead of an fp_status
-pointer, and have the helper pass an extra fp_status into the
-f16_dotadd() function so that we can use the right status for the
-right parts of this operation.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 207d30b5fdb5 ("target/arm: Use FPST_F16 for SME FMOPA (widening)")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2373
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-(cherry picked from commit 55f9f4ee018c5ccea81d8c8c586756d7711ae46f)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/helper-sme.h | 2 +-
- target/arm/tcg/sme_helper.c | 39 +++++++++++++++++++++++-----------
- target/arm/tcg/translate-sme.c | 25 ++++++++++++++++++++--
- 3 files changed, 51 insertions(+), 15 deletions(-)
-
-diff --git a/target/arm/tcg/helper-sme.h b/target/arm/tcg/helper-sme.h
-index 27eef49a11..d22bf9d21b 100644
---- a/target/arm/tcg/helper-sme.h
-+++ b/target/arm/tcg/helper-sme.h
-@@ -121,7 +121,7 @@ DEF_HELPER_FLAGS_5(sme_addha_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
- DEF_HELPER_FLAGS_5(sme_addva_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
-
- DEF_HELPER_FLAGS_7(sme_fmopa_h, TCG_CALL_NO_RWG,
-- void, ptr, ptr, ptr, ptr, ptr, ptr, i32)
-+ void, ptr, ptr, ptr, ptr, ptr, env, i32)
- DEF_HELPER_FLAGS_7(sme_fmopa_s, TCG_CALL_NO_RWG,
- void, ptr, ptr, ptr, ptr, ptr, ptr, i32)
- DEF_HELPER_FLAGS_7(sme_fmopa_d, TCG_CALL_NO_RWG,
-diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
-index f9001f5213..3906bb51c0 100644
---- a/target/arm/tcg/sme_helper.c
-+++ b/target/arm/tcg/sme_helper.c
-@@ -976,12 +976,23 @@ static inline uint32_t f16mop_adj_pair(uint32_t pair, uint32_t pg, uint32_t neg)
- }
-
- static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2,
-- float_status *s_std, float_status *s_odd)
-+ float_status *s_f16, float_status *s_std,
-+ float_status *s_odd)
- {
-- float64 e1r = float16_to_float64(e1 & 0xffff, true, s_std);
-- float64 e1c = float16_to_float64(e1 >> 16, true, s_std);
-- float64 e2r = float16_to_float64(e2 & 0xffff, true, s_std);
-- float64 e2c = float16_to_float64(e2 >> 16, true, s_std);
-+ /*
-+ * We need three different float_status for different parts of this
-+ * operation:
-+ * - the input conversion of the float16 values must use the
-+ * f16-specific float_status, so that the FPCR.FZ16 control is applied
-+ * - operations on float32 including the final accumulation must use
-+ * the normal float_status, so that FPCR.FZ is applied
-+ * - we have pre-set-up copy of s_std which is set to round-to-odd,
-+ * for the multiply (see below)
-+ */
-+ float64 e1r = float16_to_float64(e1 & 0xffff, true, s_f16);
-+ float64 e1c = float16_to_float64(e1 >> 16, true, s_f16);
-+ float64 e2r = float16_to_float64(e2 & 0xffff, true, s_f16);
-+ float64 e2c = float16_to_float64(e2 >> 16, true, s_f16);
- float64 t64;
- float32 t32;
-
-@@ -1003,20 +1014,23 @@ static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2,
- }
-
- void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn,
-- void *vpm, void *vst, uint32_t desc)
-+ void *vpm, CPUARMState *env, uint32_t desc)
- {
- intptr_t row, col, oprsz = simd_maxsz(desc);
- uint32_t neg = simd_data(desc) * 0x80008000u;
- uint16_t *pn = vpn, *pm = vpm;
-- float_status fpst_odd, fpst_std;
-+ float_status fpst_odd, fpst_std, fpst_f16;
-
- /*
-- * Make a copy of float_status because this operation does not
-- * update the cumulative fp exception status. It also produces
-- * default nans. Make a second copy with round-to-odd -- see above.
-+ * Make copies of fp_status and fp_status_f16, because this operation
-+ * does not update the cumulative fp exception status. It also
-+ * produces default NaNs. We also need a second copy of fp_status with
-+ * round-to-odd -- see above.
- */
-- fpst_std = *(float_status *)vst;
-+ fpst_f16 = env->vfp.fp_status_f16;
-+ fpst_std = env->vfp.fp_status;
- set_default_nan_mode(true, &fpst_std);
-+ set_default_nan_mode(true, &fpst_f16);
- fpst_odd = fpst_std;
- set_float_rounding_mode(float_round_to_odd, &fpst_odd);
-
-@@ -1036,7 +1050,8 @@ void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn,
- uint32_t m = *(uint32_t *)(vzm + H1_4(col));
-
- m = f16mop_adj_pair(m, pcol, 0);
-- *a = f16_dotadd(*a, n, m, &fpst_std, &fpst_odd);
-+ *a = f16_dotadd(*a, n, m,
-+ &fpst_f16, &fpst_std, &fpst_odd);
- }
- col += 4;
- pcol >>= 4;
-diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
-index a50a419af2..ae42ddef7b 100644
---- a/target/arm/tcg/translate-sme.c
-+++ b/target/arm/tcg/translate-sme.c
-@@ -334,8 +334,29 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
- return true;
- }
-
--TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a,
-- MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h)
-+static bool do_outprod_env(DisasContext *s, arg_op *a, MemOp esz,
-+ gen_helper_gvec_5_ptr *fn)
-+{
-+ int svl = streaming_vec_reg_size(s);
-+ uint32_t desc = simd_desc(svl, svl, a->sub);
-+ TCGv_ptr za, zn, zm, pn, pm;
-+
-+ if (!sme_smza_enabled_check(s)) {
-+ return true;
-+ }
-+
-+ za = get_tile(s, esz, a->zad);
-+ zn = vec_full_reg_ptr(s, a->zn);
-+ zm = vec_full_reg_ptr(s, a->zm);
-+ pn = pred_full_reg_ptr(s, a->pn);
-+ pm = pred_full_reg_ptr(s, a->pm);
-+
-+ fn(za, zn, zm, pn, pm, tcg_env, tcg_constant_i32(desc));
-+ return true;
-+}
-+
-+TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_env, a,
-+ MO_32, gen_helper_sme_fmopa_h)
- TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a,
- MO_32, FPST_FPCR, gen_helper_sme_fmopa_s)
- TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a,
diff --git a/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch b/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
deleted file mode 100644
index b10cff7..0000000
--- a/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cl=C3=A9ment=20Mathieu--Drif?=
- <clement.mathieu--drif@eviden.com>
-Date: Tue, 9 Jul 2024 14:26:08 +0000
-Subject: [PATCH] intel_iommu: fix FRCD construction macro
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The constant must be unsigned, otherwise the two's complement
-overrides the other fields when a PASID is present.
-
-Fixes: 1b2b12376c8a ("intel-iommu: PASID support")
-Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
-Reviewed-by: Yi Liu <yi.l.liu@intel.com>
-Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
-Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
-Message-Id: <20240709142557.317271-2-clement.mathieu--drif@eviden.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit a3c8d7e38550c3d5a46e6fa94ffadfa625a4861d)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/i386/intel_iommu_internal.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h
-index f8cf99bddf..cbc4030031 100644
---- a/hw/i386/intel_iommu_internal.h
-+++ b/hw/i386/intel_iommu_internal.h
-@@ -267,7 +267,7 @@
- /* For the low 64-bit of 128-bit */
- #define VTD_FRCD_FI(val) ((val) & ~0xfffULL)
- #define VTD_FRCD_PV(val) (((val) & 0xffffULL) << 40)
--#define VTD_FRCD_PP(val) (((val) & 0x1) << 31)
-+#define VTD_FRCD_PP(val) (((val) & 0x1ULL) << 31)
- #define VTD_FRCD_IR_IDX(val) (((val) & 0xffffULL) << 48)
-
- /* DMA Remapping Fault Conditions */
diff --git a/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch b/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
deleted file mode 100644
index 04ce93b..0000000
--- a/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Mon, 12 Aug 2024 12:58:42 +1000
-Subject: [PATCH] target/i386: Do not apply REX to MMX operands
-
-Cc: qemu-stable@nongnu.org
-Fixes: b3e22b2318a ("target/i386: add core of new i386 decoder")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2495
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Link: https://lore.kernel.org/r/20240812025844.58956-2-richard.henderson@linaro.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 416f2b16c02c618c0f233372ebfe343f9ee667d4)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/decode-new.c.inc | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
-index 4209d59ca8..09b8d2314a 100644
---- a/target/i386/tcg/decode-new.c.inc
-+++ b/target/i386/tcg/decode-new.c.inc
-@@ -1271,7 +1271,10 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,
- op->unit = X86_OP_SSE;
- }
- get_reg:
-- op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s);
-+ op->n = ((get_modrm(s, env) >> 3) & 7);
-+ if (op->unit != X86_OP_MMX) {
-+ op->n |= REX_R(s);
-+ }
- break;
-
- case X86_TYPE_E: /* ALU modrm operand */
diff --git a/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch b/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
deleted file mode 100644
index fca8612..0000000
--- a/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Date: Fri, 9 Aug 2024 14:13:40 +0200
-Subject: [PATCH] module: Prevent crash by resetting local_err in
- module_load_qom_all()
-
-Set local_err to NULL after it has been freed in error_report_err(). This
-avoids triggering assert(*errp == NULL) failure in error_setv() when
-local_err is reused in the loop.
-
-Signed-off-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
-Reviewed-by: Denis V. Lunev <den@openvz.org>
-Link: https://lore.kernel.org/r/20240809121340.992049-2-alexander.ivanov@virtuozzo.com
-[Do the same by moving the declaration instead. - Paolo]
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 940d802b24e63650e0eacad3714e2ce171cba17c)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- util/module.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/module.c b/util/module.c
-index 32e263163c..3eb0f06df1 100644
---- a/util/module.c
-+++ b/util/module.c
-@@ -354,13 +354,13 @@ int module_load_qom(const char *type, Error **errp)
- void module_load_qom_all(void)
- {
- const QemuModinfo *modinfo;
-- Error *local_err = NULL;
-
- if (module_loaded_qom_all) {
- return;
- }
-
- for (modinfo = module_info; modinfo->name != NULL; modinfo++) {
-+ Error *local_err = NULL;
- if (!modinfo->objs) {
- continue;
- }
diff --git a/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch b/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
deleted file mode 100644
index 57eb418..0000000
--- a/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 08:50:01 -0500
-Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upcoming patches to fix a CVE need to track an opaque pointer passed
-in by the owner of a client object, as well as request for a time
-limit on how fast negotiation must complete. Prepare for that by
-changing the signature of nbd_client_new() and adding an accessor to
-get at the opaque pointer, although for now the two servers
-(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though
-they pass in a new default timeout value.
-
-Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-11-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit fb1c2aaa981e0a2fa6362c9985f1296b74f055ac)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev-nbd.c | 6 ++++--
- include/block/nbd.h | 11 ++++++++++-
- nbd/server.c | 20 +++++++++++++++++---
- qemu-nbd.c | 4 +++-
- 4 files changed, 34 insertions(+), 7 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 213012435f..267a1de903 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
- nbd_update_server_watch(nbd_server);
-
- qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-- nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz,
-- nbd_blockdev_client_closed);
-+ /* TODO - expose handshake timeout as QMP option */
-+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+ nbd_server->tlscreds, nbd_server->tlsauthz,
-+ nbd_blockdev_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 4e7bd6342f..1d4d65922d 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts;
-
- extern const BlockExportDriver blk_exp_nbd;
-
-+/*
-+ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must
-+ * succeed at NBD_OPT_GO before being forcefully dropped as too slow.
-+ */
-+#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-@@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp);
- NBDExport *nbd_export_find(const char *name);
-
- void nbd_client_new(QIOChannelSocket *sioc,
-+ uint32_t handshake_max_secs,
- QCryptoTLSCreds *tlscreds,
- const char *tlsauthz,
-- void (*close_fn)(NBDClient *, bool));
-+ void (*close_fn)(NBDClient *, bool),
-+ void *owner);
-+void *nbd_client_owner(NBDClient *client);
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
-
-diff --git a/nbd/server.c b/nbd/server.c
-index 892797bb11..e50012499f 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -124,12 +124,14 @@ struct NBDMetaContexts {
- struct NBDClient {
- int refcount; /* atomic */
- void (*close_fn)(NBDClient *client, bool negotiated);
-+ void *owner;
-
- QemuMutex lock;
-
- NBDExport *exp;
- QCryptoTLSCreds *tlscreds;
- char *tlsauthz;
-+ uint32_t handshake_max_secs;
- QIOChannelSocket *sioc; /* The underlying data channel */
- QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */
-
-@@ -3191,6 +3193,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-
- qemu_co_mutex_init(&client->send_lock);
-
-+ /* TODO - utilize client->handshake_max_secs */
- if (nbd_negotiate(client, &local_err)) {
- if (local_err) {
- error_report_err(local_err);
-@@ -3205,14 +3208,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- }
-
- /*
-- * Create a new client listener using the given channel @sioc.
-+ * Create a new client listener using the given channel @sioc and @owner.
- * Begin servicing it in a coroutine. When the connection closes, call
-- * @close_fn with an indication of whether the client completed negotiation.
-+ * @close_fn with an indication of whether the client completed negotiation
-+ * within @handshake_max_secs seconds (0 for unbounded).
- */
- void nbd_client_new(QIOChannelSocket *sioc,
-+ uint32_t handshake_max_secs,
- QCryptoTLSCreds *tlscreds,
- const char *tlsauthz,
-- void (*close_fn)(NBDClient *, bool))
-+ void (*close_fn)(NBDClient *, bool),
-+ void *owner)
- {
- NBDClient *client;
- Coroutine *co;
-@@ -3225,13 +3231,21 @@ void nbd_client_new(QIOChannelSocket *sioc,
- object_ref(OBJECT(client->tlscreds));
- }
- client->tlsauthz = g_strdup(tlsauthz);
-+ client->handshake_max_secs = handshake_max_secs;
- client->sioc = sioc;
- qio_channel_set_delay(QIO_CHANNEL(sioc), false);
- object_ref(OBJECT(client->sioc));
- client->ioc = QIO_CHANNEL(sioc);
- object_ref(OBJECT(client->ioc));
- client->close_fn = close_fn;
-+ client->owner = owner;
-
- co = qemu_coroutine_create(nbd_co_client_start, client);
- qemu_coroutine_enter(co);
- }
-+
-+void *
-+nbd_client_owner(NBDClient *client)
-+{
-+ return client->owner;
-+}
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index d7b3ccab21..48e2fa5858 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -390,7 +390,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-
- nb_fds++;
- nbd_update_server_watch();
-- nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed);
-+ /* TODO - expose handshake timeout as command line option */
-+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+ tlscreds, tlsauthz, nbd_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(void)
diff --git a/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch b/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
deleted file mode 100644
index 5f804f9..0000000
--- a/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Tue, 6 Aug 2024 13:53:00 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Allowing an unlimited number of clients to any web service is a recipe
-for a rudimentary denial of service attack: the client merely needs to
-open lots of sockets without closing them, until qemu no longer has
-any more fds available to allocate.
-
-For qemu-nbd, we default to allowing only 1 connection unless more are
-explicitly asked for (-e or --shared); this was historically picked as
-a nice default (without an explicit -t, a non-persistent qemu-nbd goes
-away after a client disconnects, without needing any additional
-follow-up commands), and we are not going to change that interface now
-(besides, someday we want to point people towards qemu-storage-daemon
-instead of qemu-nbd).
-
-But for qemu proper, and the newer qemu-storage-daemon, the QMP
-nbd-server-start command has historically had a default of unlimited
-number of connections, in part because unlike qemu-nbd it is
-inherently persistent until nbd-server-stop. Allowing multiple client
-sockets is particularly useful for clients that can take advantage of
-MULTI_CONN (creating parallel sockets to increase throughput),
-although known clients that do so (such as libnbd's nbdcopy) typically
-use only 8 or 16 connections (the benefits of scaling diminish once
-more sockets are competing for kernel attention). Picking a number
-large enough for typical use cases, but not unlimited, makes it
-slightly harder for a malicious client to perform a denial of service
-merely by opening lots of connections withot progressing through the
-handshake.
-
-This change does not eliminate CVE-2024-7409 on its own, but reduces
-the chance for fd exhaustion or unlimited memory usage as an attack
-surface. On the other hand, by itself, it makes it more obvious that
-with a finite limit, we have the problem of an unauthenticated client
-holding 100 fds opened as a way to block out a legitimate client from
-being able to connect; thus, later patches will further add timeouts
-to reject clients that are not making progress.
-
-This is an INTENTIONAL change in behavior, and will break any client
-of nbd-server-start that was not passing an explicit max-connections
-parameter, yet expects more than 100 simultaneous connections. We are
-not aware of any such client (as stated above, most clients aware of
-MULTI_CONN get by just fine on 8 or 16 connections, and probably cope
-with later connections failing by relying on the earlier connections;
-libvirt has not yet been passing max-connections, but generally
-creates NBD servers with the intent for a single client for the sake
-of live storage migration; meanwhile, the KubeSAN project anticipates
-a large cluster sharing multiple clients [up to 8 per node, and up to
-100 nodes in a cluster], but it currently uses qemu-nbd with an
-explicit --shared=0 rather than qemu-storage-daemon with
-nbd-server-start).
-
-We considered using a deprecation period (declare that omitting
-max-parameters is deprecated, and make it mandatory in 3 releases -
-then we don't need to pick an arbitrary default); that has zero risk
-of breaking any apps that accidentally depended on more than 100
-connections, and where such breakage might not be noticed under unit
-testing but only under the larger loads of production usage. But it
-does not close the denial-of-service hole until far into the future,
-and requires all apps to change to add the parameter even if 100 was
-good enough. It also has a drawback that any app (like libvirt) that
-is accidentally relying on an unlimited default should seriously
-consider their own CVE now, at which point they are going to change to
-pass explicit max-connections sooner than waiting for 3 qemu releases.
-Finally, if our changed default breaks an app, that app can always
-pass in an explicit max-parameters with a larger value.
-
-It is also intentional that the HMP interface to nbd-server-start is
-not changed to expose max-connections (any client needing to fine-tune
-things should be using QMP).
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-12-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[ericb: Expand commit message to summarize Dan's argument for why we
-break corner-case back-compat behavior without a deprecation period]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit c8a76dbd90c2f48df89b75bef74917f90a59b623)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/monitor/block-hmp-cmds.c | 3 ++-
- blockdev-nbd.c | 8 ++++++++
- include/block/nbd.h | 7 +++++++
- qapi/block-export.json | 4 ++--
- 4 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index d954bec6f1..bdf2eb50b6 100644
---- a/block/monitor/block-hmp-cmds.c
-+++ b/block/monitor/block-hmp-cmds.c
-@@ -402,7 +402,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict)
- goto exit;
- }
-
-- nbd_server_start(addr, NULL, NULL, 0, &local_err);
-+ nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS,
-+ &local_err);
- qapi_free_SocketAddress(addr);
- if (local_err != NULL) {
- goto exit;
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 267a1de903..24ba5382db 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
-
- void nbd_server_start_options(NbdServerOptions *arg, Error **errp)
- {
-+ if (!arg->has_max_connections) {
-+ arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+ }
-+
- nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz,
- arg->max_connections, errp);
- }
-@@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr,
- {
- SocketAddress *addr_flat = socket_address_flatten(addr);
-
-+ if (!has_max_connections) {
-+ max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+ }
-+
- nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp);
- qapi_free_SocketAddress(addr_flat);
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 1d4d65922d..d4f8b21aec 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd;
- */
- #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-
-+/*
-+ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at
-+ * once; must be large enough to allow a MULTI_CONN-aware client like
-+ * nbdcopy to create its typical number of 8-16 sockets.
-+ */
-+#define NBD_DEFAULT_MAX_CONNECTIONS 100
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-diff --git a/qapi/block-export.json b/qapi/block-export.json
-index 3919a2d5b9..f45e4fd481 100644
---- a/qapi/block-export.json
-+++ b/qapi/block-export.json
-@@ -28,7 +28,7 @@
- # @max-connections: The maximum number of connections to allow at the
- # same time, 0 for unlimited. Setting this to 1 also stops the
- # server from advertising multiple client support (since 5.2;
--# default: 0)
-+# default: 100)
- #
- # Since: 4.2
- ##
-@@ -63,7 +63,7 @@
- # @max-connections: The maximum number of connections to allow at the
- # same time, 0 for unlimited. Setting this to 1 also stops the
- # server from advertising multiple client support (since 5.2;
--# default: 0).
-+# default: 100).
- #
- # Errors:
- # - if the server is already running
diff --git a/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch b/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
deleted file mode 100644
index 0b113e5..0000000
--- a/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Aug 2024 16:05:08 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A client that opens a socket but does not negotiate is merely hogging
-qemu's resources (an open fd and a small amount of memory); and a
-malicious client that can access the port where NBD is listening can
-attempt a denial of service attack by intentionally opening and
-abandoning lots of unfinished connections. The previous patch put a
-default bound on the number of such ongoing connections, but once that
-limit is hit, no more clients can connect (including legitimate ones).
-The solution is to insist that clients complete handshake within a
-reasonable time limit, defaulting to 10 seconds. A client that has
-not successfully completed NBD_OPT_GO by then (including the case of
-where the client didn't know TLS credentials to even reach the point
-of NBD_OPT_GO) is wasting our time and does not deserve to stay
-connected. Later patches will allow fine-tuning the limit away from
-the default value (including disabling it for doing integration
-testing of the handshake process itself).
-
-Note that this patch in isolation actually makes it more likely to see
-qemu SEGV after nbd-server-stop, as any client socket still connected
-when the server shuts down will now be closed after 10 seconds rather
-than at the client's whims. That will be addressed in the next patch.
-
-For a demo of this patch in action:
-$ qemu-nbd -f raw -r -t -e 10 file &
-$ nbdsh --opt-mode -c '
-H = list()
-for i in range(20):
- print(i)
- H.insert(i, nbd.NBD())
- H[i].set_opt_mode(True)
- H[i].connect_uri("nbd://localhost")
-'
-$ kill $!
-
-where later connections get to start progressing once earlier ones are
-forcefully dropped for taking too long, rather than hanging.
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-13-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: rebase to changes earlier in series, reduce scope of timer]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit b9b72cb3ce15b693148bd09cef7e50110566d8a0)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- nbd/server.c | 28 +++++++++++++++++++++++++++-
- nbd/trace-events | 1 +
- 2 files changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index e50012499f..39285cc971 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -3186,22 +3186,48 @@ static void nbd_client_receive_next_request(NBDClient *client)
- }
- }
-
-+static void nbd_handshake_timer_cb(void *opaque)
-+{
-+ QIOChannel *ioc = opaque;
-+
-+ trace_nbd_handshake_timer_cb();
-+ qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
-+}
-+
- static coroutine_fn void nbd_co_client_start(void *opaque)
- {
- NBDClient *client = opaque;
- Error *local_err = NULL;
-+ QEMUTimer *handshake_timer = NULL;
-
- qemu_co_mutex_init(&client->send_lock);
-
-- /* TODO - utilize client->handshake_max_secs */
-+ /*
-+ * Create a timer to bound the time spent in negotiation. If the
-+ * timer expires, it is likely nbd_negotiate will fail because the
-+ * socket was shutdown.
-+ */
-+ if (client->handshake_max_secs > 0) {
-+ handshake_timer = aio_timer_new(qemu_get_aio_context(),
-+ QEMU_CLOCK_REALTIME,
-+ SCALE_NS,
-+ nbd_handshake_timer_cb,
-+ client->sioc);
-+ timer_mod(handshake_timer,
-+ qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
-+ client->handshake_max_secs * NANOSECONDS_PER_SECOND);
-+ }
-+
- if (nbd_negotiate(client, &local_err)) {
- if (local_err) {
- error_report_err(local_err);
- }
-+ timer_free(handshake_timer);
- client_close(client, false);
- return;
- }
-
-+ timer_free(handshake_timer);
- WITH_QEMU_LOCK_GUARD(&client->lock) {
- nbd_client_receive_next_request(client);
- }
-diff --git a/nbd/trace-events b/nbd/trace-events
-index 00ae3216a1..cbd0a4ab7e 100644
---- a/nbd/trace-events
-+++ b/nbd/trace-events
-@@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload
- nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64
- nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32
- nbd_trip(void) "Reading request"
-+nbd_handshake_timer_cb(void) "client took too long to negotiate"
-
- # client-connection.c
- nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64
diff --git a/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch b/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
deleted file mode 100644
index 1d16a52..0000000
--- a/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 12:23:13 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A malicious client can attempt to connect to an NBD server, and then
-intentionally delay progress in the handshake, including if it does
-not know the TLS secrets. Although the previous two patches reduce
-this behavior by capping the default max-connections parameter and
-killing slow clients, they did not eliminate the possibility of a
-client waiting to close the socket until after the QMP nbd-server-stop
-command is executed, at which point qemu would SEGV when trying to
-dereference the NULL nbd_server global which is no longer present.
-This amounts to a denial of service attack. Worse, if another NBD
-server is started before the malicious client disconnects, I cannot
-rule out additional adverse effects when the old client interferes
-with the connection count of the new server (although the most likely
-is a crash due to an assertion failure when checking
-nbd_server->connections > 0).
-
-For environments without this patch, the CVE can be mitigated by
-ensuring (such as via a firewall) that only trusted clients can
-connect to an NBD server. Note that using frameworks like libvirt
-that ensure that TLS is used and that nbd-server-stop is not executed
-while any trusted clients are still connected will only help if there
-is also no possibility for an untrusted client to open a connection
-but then stall on the NBD handshake.
-
-Given the previous patches, it would be possible to guarantee that no
-clients remain connected by having nbd-server-stop sleep for longer
-than the default handshake deadline before finally freeing the global
-nbd_server object, but that could make QMP non-responsive for a long
-time. So intead, this patch fixes the problem by tracking all client
-sockets opened while the server is running, and forcefully closing any
-such sockets remaining without a completed handshake at the time of
-nbd-server-stop, then waiting until the coroutines servicing those
-sockets notice the state change. nbd-server-stop now has a second
-AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the
-blk_exp_close_all_type() that disconnects all clients that completed
-handshakes), but forced socket shutdown is enough to progress the
-coroutines and quickly tear down all clients before the server is
-freed, thus finally fixing the CVE.
-
-This patch relies heavily on the fact that nbd/server.c guarantees
-that it only calls nbd_blockdev_client_closed() from the main loop
-(see the assertion in nbd_client_put() and the hoops used in
-nbd_client_put_nonzero() to achieve that); if we did not have that
-guarantee, we would also need a mutex protecting our accesses of the
-list of connections to survive re-entrancy from independent iothreads.
-
-Although I did not actually try to test old builds, it looks like this
-problem has existed since at least commit 862172f45c (v2.12.0, 2017) -
-even back when that patch started using a QIONetListener to handle
-listening on multiple sockets, nbd_server_free() was already unaware
-that the nbd_blockdev_client_closed callback can be reached later by a
-client thread that has not completed handshakes (and therefore the
-client's socket never got added to the list closed in
-nbd_export_close_all), despite that patch intentionally tearing down
-the QIONetListener to prevent new clients.
-
-Reported-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Fixes: CVE-2024-7409
-CC: qemu-stable@nongnu.org
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-14-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 3e7ef738c8462c45043a1d39f702a0990406a3b3)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++-
- 1 file changed, 34 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 24ba5382db..f73409ae49 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -21,12 +21,18 @@
- #include "io/channel-socket.h"
- #include "io/net-listener.h"
-
-+typedef struct NBDConn {
-+ QIOChannelSocket *cioc;
-+ QLIST_ENTRY(NBDConn) next;
-+} NBDConn;
-+
- typedef struct NBDServerData {
- QIONetListener *listener;
- QCryptoTLSCreds *tlscreds;
- char *tlsauthz;
- uint32_t max_connections;
- uint32_t connections;
-+ QLIST_HEAD(, NBDConn) conns;
- } NBDServerData;
-
- static NBDServerData *nbd_server;
-@@ -51,6 +57,14 @@ int nbd_server_max_connections(void)
-
- static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- {
-+ NBDConn *conn = nbd_client_owner(client);
-+
-+ assert(qemu_in_main_thread() && nbd_server);
-+
-+ object_unref(OBJECT(conn->cioc));
-+ QLIST_REMOVE(conn, next);
-+ g_free(conn);
-+
- nbd_client_put(client);
- assert(nbd_server->connections > 0);
- nbd_server->connections--;
-@@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
- gpointer opaque)
- {
-+ NBDConn *conn = g_new0(NBDConn, 1);
-+
-+ assert(qemu_in_main_thread() && nbd_server);
- nbd_server->connections++;
-+ object_ref(OBJECT(cioc));
-+ conn->cioc = cioc;
-+ QLIST_INSERT_HEAD(&nbd_server->conns, conn, next);
- nbd_update_server_watch(nbd_server);
-
- qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
- /* TODO - expose handshake timeout as QMP option */
- nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
- nbd_server->tlscreds, nbd_server->tlsauthz,
-- nbd_blockdev_client_closed, NULL);
-+ nbd_blockdev_client_closed, conn);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-@@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s)
-
- static void nbd_server_free(NBDServerData *server)
- {
-+ NBDConn *conn, *tmp;
-+
- if (!server) {
- return;
- }
-
-+ /*
-+ * Forcefully close the listener socket, and any clients that have
-+ * not yet disconnected on their own.
-+ */
- qio_net_listener_disconnect(server->listener);
- object_unref(OBJECT(server->listener));
-+ QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
-+ qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
-+ NULL);
-+ }
-+
-+ AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0);
-+
- if (server->tlscreds) {
- object_unref(OBJECT(server->tlscreds));
- }
diff --git a/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch b/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
deleted file mode 100644
index 65b5be0..0000000
--- a/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Tue, 20 Aug 2024 17:11:12 +0400
-Subject: [PATCH] vnc: fix crash when no console attached
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since commit e99441a3793b5 ("ui/curses: Do not use console_select()")
-qemu_text_console_put_keysym() no longer checks for NULL console
-argument, which leads to a later crash:
-
-Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
-0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332
-332 } else if (s->echo && (keysym == '\r' || keysym == '\n')) {
-(gdb) bt
- #0 0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332
- #1 0x00005555559e18e5 in qemu_text_console_put_keysym (s=<optimized out>, keysym=<optimized out>) at ../ui/console.c:303
- #2 0x00005555559f2e88 in do_key_event (vs=vs@entry=0x5555579045c0, down=down@entry=1, keycode=keycode@entry=60, sym=sym@entry=65471) at ../ui/vnc.c:2034
- #3 0x00005555559f845c in ext_key_event (vs=0x5555579045c0, down=1, sym=65471, keycode=<optimized out>) at ../ui/vnc.c:2070
- #4 protocol_client_msg (vs=0x5555579045c0, data=<optimized out>, len=<optimized out>) at ../ui/vnc.c:2514
- #5 0x00005555559f515c in vnc_client_read (vs=0x5555579045c0) at ../ui/vnc.c:1607
-
-Fixes: e99441a3793b5 ("ui/curses: Do not use console_select()")
-Fixes: https://issues.redhat.com/browse/RHEL-50529
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-(picked from https://lore.kernel.org/qemu-devel/20240820131112.1267954-1-marcandre.lureau@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- ui/vnc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index b3fd78022b..953ea38318 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -1935,7 +1935,7 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym)
- }
-
- qkbd_state_key_event(vs->vd->kbd, qcode, down);
-- if (!qemu_console_is_graphic(vs->vd->dcl.con)) {
-+ if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) {
- QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con);
- bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
- bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
diff --git a/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch b/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
deleted file mode 100644
index d40a438..0000000
--- a/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 22 Aug 2024 09:35:29 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Avoid use-after-free when closing
- server
-
-Commit 3e7ef738 plugged the use-after-free of the global nbd_server
-object, but overlooked a use-after-free of nbd_server->listener.
-Although this race is harder to hit, notice that our shutdown path
-first drops the reference count of nbd_server->listener, then triggers
-actions that can result in a pending client reaching the
-nbd_blockdev_client_closed() callback, which in turn calls
-qio_net_listener_set_client_func on a potentially stale object.
-
-If we know we don't want any more clients to connect, and have already
-told the listener socket to shut down, then we should not be trying to
-update the listener socket's associated function.
-
-Reproducer:
-
-> #!/usr/bin/python3
->
-> import os
-> from threading import Thread
->
-> def start_stop():
-> while 1:
-> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-start",
-+"arguments":{"addr":{"type":"unix","data":{"path":"/tmp/nbd-sock"}}}}\'')
-> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-stop"}\'')
->
-> def nbd_list():
-> while 1:
-> os.system('/path/to/build/qemu-nbd -L -k /tmp/nbd-sock')
->
-> def test():
-> sst = Thread(target=start_stop)
-> sst.start()
-> nlt = Thread(target=nbd_list)
-> nlt.start()
->
-> sst.join()
-> nlt.join()
->
-> test()
-
-Fixes: CVE-2024-7409
-Fixes: 3e7ef738c8 ("nbd/server: CVE-2024-7409: Close stray clients at server-stop")
-CC: qemu-stable@nongnu.org
-Reported-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240822143617.800419-2-eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit 3874f5f73c441c52f1c699c848d463b0eda01e4c)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev-nbd.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index f73409ae49..b36f41b7c5 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -92,10 +92,13 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-
- static void nbd_update_server_watch(NBDServerData *s)
- {
-- if (!s->max_connections || s->connections < s->max_connections) {
-- qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, NULL);
-- } else {
-- qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
-+ if (s->listener) {
-+ if (!s->max_connections || s->connections < s->max_connections) {
-+ qio_net_listener_set_client_func(s->listener, nbd_accept, NULL,
-+ NULL);
-+ } else {
-+ qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
-+ }
- }
- }
-
-@@ -113,6 +116,7 @@ static void nbd_server_free(NBDServerData *server)
- */
- qio_net_listener_disconnect(server->listener);
- object_unref(OBJECT(server->listener));
-+ server->listener = NULL;
- QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
- qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
- NULL);
diff --git a/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch b/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
deleted file mode 100644
index a185744..0000000
--- a/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: David Hildenbrand <david@redhat.com>
-Date: Wed, 28 Aug 2024 11:07:43 +0200
-Subject: [PATCH] softmmu/physmem: fix memory leak in dirty_memory_extend()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As reported by Peter, we might be leaking memory when removing the
-highest RAMBlock (in the weird ram_addr_t space), and adding a new one.
-
-We will fail to realize that we already allocated bitmaps for more
-dirty memory blocks, and effectively discard the pointers to them.
-
-Fix it by getting rid of last_ram_page() and by remembering the number
-of dirty memory blocks that have been allocated already.
-
-While at it, let's use "unsigned int" for the number of blocks, which
-should be sufficient until we reach ~32 exabytes.
-
-Looks like this leak was introduced as we switched from using a single
-bitmap_zero_extend() to allocating multiple bitmaps:
-bitmap_zero_extend() relies on g_renew() which should have taken care of
-this.
-
-Resolves: https://lkml.kernel.org/r/CAFEAcA-k7a+VObGAfCFNygQNfCKL=AfX6A4kScq=VSSK0peqPg@mail.gmail.com
-Reported-by: Peter Maydell <peter.maydell@linaro.org>
-Fixes: 5b82b703b69a ("memory: RCU ram_list.dirty_memory[] for safe RAM hotplug")
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Peter Xu <peterx@redhat.com>
-Tested-by: Peter Maydell <peter.maydell@linaro.org>
-Cc: qemu-stable@nongnu.org
-Cc: Stefan Hajnoczi <stefanha@redhat.com>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Peter Xu <peterx@redhat.com>
-Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>
-Signed-off-by: David Hildenbrand <david@redhat.com>
-(picked from https://lore.kernel.org/qemu-devel/20240828090743.128647-1-david@redhat.com/)
-[FE: backport - remove not-yet-existing variable in context of hunk touching ram_block_add()]
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/exec/ramlist.h | 1 +
- system/physmem.c | 35 +++++++++--------------------------
- 2 files changed, 10 insertions(+), 26 deletions(-)
-
-diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h
-index 2ad2a81acc..d9cfe530be 100644
---- a/include/exec/ramlist.h
-+++ b/include/exec/ramlist.h
-@@ -50,6 +50,7 @@ typedef struct RAMList {
- /* RCU-enabled, writes protected by the ramlist lock. */
- QLIST_HEAD(, RAMBlock) blocks;
- DirtyMemoryBlocks *dirty_memory[DIRTY_MEMORY_NUM];
-+ unsigned int num_dirty_blocks;
- uint32_t version;
- QLIST_HEAD(, RAMBlockNotifier) ramblock_notifiers;
- } RAMList;
-diff --git a/system/physmem.c b/system/physmem.c
-index a4fe3d2bf8..78f7db1121 100644
---- a/system/physmem.c
-+++ b/system/physmem.c
-@@ -1497,18 +1497,6 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
- return offset;
- }
-
--static unsigned long last_ram_page(void)
--{
-- RAMBlock *block;
-- ram_addr_t last = 0;
--
-- RCU_READ_LOCK_GUARD();
-- RAMBLOCK_FOREACH(block) {
-- last = MAX(last, block->offset + block->max_length);
-- }
-- return last >> TARGET_PAGE_BITS;
--}
--
- static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
- {
- int ret;
-@@ -1762,13 +1750,11 @@ void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length)
- }
-
- /* Called with ram_list.mutex held */
--static void dirty_memory_extend(ram_addr_t old_ram_size,
-- ram_addr_t new_ram_size)
-+static void dirty_memory_extend(ram_addr_t new_ram_size)
- {
-- ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
-- DIRTY_MEMORY_BLOCK_SIZE);
-- ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
-- DIRTY_MEMORY_BLOCK_SIZE);
-+ unsigned int old_num_blocks = ram_list.num_dirty_blocks;
-+ unsigned int new_num_blocks = DIV_ROUND_UP(new_ram_size,
-+ DIRTY_MEMORY_BLOCK_SIZE);
- int i;
-
- /* Only need to extend if block count increased */
-@@ -1800,6 +1786,8 @@ static void dirty_memory_extend(ram_addr_t old_ram_size,
- g_free_rcu(old_blocks, rcu);
- }
- }
-+
-+ ram_list.num_dirty_blocks = new_num_blocks;
- }
-
- static void ram_block_add(RAMBlock *new_block, Error **errp)
-@@ -1808,11 +1796,9 @@ static void ram_block_add(RAMBlock *new_block, Error **errp)
- const bool shared = qemu_ram_is_shared(new_block);
- RAMBlock *block;
- RAMBlock *last_block = NULL;
-- ram_addr_t old_ram_size, new_ram_size;
-+ ram_addr_t ram_size;
- Error *err = NULL;
-
-- old_ram_size = last_ram_page();
--
- qemu_mutex_lock_ramlist();
- new_block->offset = find_ram_offset(new_block->max_length);
-
-@@ -1840,11 +1826,8 @@ static void ram_block_add(RAMBlock *new_block, Error **errp)
- }
- }
-
-- new_ram_size = MAX(old_ram_size,
-- (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
-- if (new_ram_size > old_ram_size) {
-- dirty_memory_extend(old_ram_size, new_ram_size);
-- }
-+ ram_size = (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS;
-+ dirty_memory_extend(ram_size);
- /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
- * QLIST (which has an RCU-friendly variant) does not have insertion at
- * tail, so save the last element in last_block.
diff --git a/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch b/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
deleted file mode 100644
index 3a9e131..0000000
--- a/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Thu, 7 Nov 2024 17:51:13 +0100
-Subject: [PATCH] block/reqlist: allow adding overlapping requests
-
-Allow overlapping request by removing the assert that made it
-impossible. There are only two callers:
-
-1. block_copy_task_create()
-
-It already asserts the very same condition before calling
-reqlist_init_req().
-
-2. cbw_snapshot_read_lock()
-
-There is no need to have read requests be non-overlapping in
-copy-before-write when used for snapshot-access. In fact, there was no
-protection against two callers of cbw_snapshot_read_lock() calling
-reqlist_init_req() with overlapping ranges and this could lead to an
-assertion failure [1].
-
-In particular, with the reproducer script below [0], two
-cbw_co_snapshot_block_status() callers could race, with the second
-calling reqlist_init_req() before the first one finishes and removes
-its conflicting request.
-
-[0]:
-
-> #!/bin/bash -e
-> dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=1024
-> ./qemu-img create /tmp/fleecing.raw -f raw 1G
-> (
-> ./qemu-system-x86_64 --qmp stdio \
-> --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw \
-> --blockdev raw,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.raw \
-> <<EOF
-> {"execute": "qmp_capabilities"}
-> {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write", "file": "node0", "target": "node1", "node-name": "node3" } }
-> {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access", "file": "node3", "node-name": "snap0" } }
-> {"execute": "nbd-server-start", "arguments": {"addr": { "type": "unix", "data": { "path": "/tmp/nbd.socket" } } } }
-> {"execute": "block-export-add", "arguments": {"id": "exp0", "node-name": "snap0", "type": "nbd", "name": "exp0"}}
-> EOF
-> ) &
-> sleep 5
-> while true; do
-> ./qemu-nbd -d /dev/nbd0
-> ./qemu-nbd -c /dev/nbd0 nbd:unix:/tmp/nbd.socket:exportname=exp0 -f raw -r
-> nbdinfo --map 'nbd+unix:///exp0?socket=/tmp/nbd.socket'
-> done
-
-[1]:
-
-> #5 0x000071e5f0088eb2 in __GI___assert_fail (...) at ./assert/assert.c:101
-> #6 0x0000615285438017 in reqlist_init_req (...) at ../block/reqlist.c:23
-> #7 0x00006152853e2d98 in cbw_snapshot_read_lock (...) at ../block/copy-before-write.c:237
-> #8 0x00006152853e3068 in cbw_co_snapshot_block_status (...) at ../block/copy-before-write.c:304
-> #9 0x00006152853f4d22 in bdrv_co_snapshot_block_status (...) at ../block/io.c:3726
-> #10 0x000061528543a63e in snapshot_access_co_block_status (...) at ../block/snapshot-access.c:48
-> #11 0x00006152853f1a0a in bdrv_co_do_block_status (...) at ../block/io.c:2474
-> #12 0x00006152853f2016 in bdrv_co_common_block_status_above (...) at ../block/io.c:2652
-> #13 0x00006152853f22cf in bdrv_co_block_status_above (...) at ../block/io.c:2732
-> #14 0x00006152853d9a86 in blk_co_block_status_above (...) at ../block/block-backend.c:1473
-> #15 0x000061528538da6c in blockstatus_to_extents (...) at ../nbd/server.c:2374
-> #16 0x000061528538deb1 in nbd_co_send_block_status (...) at ../nbd/server.c:2481
-> #17 0x000061528538f424 in nbd_handle_request (...) at ../nbd/server.c:2978
-> #18 0x000061528538f906 in nbd_trip (...) at ../nbd/server.c:3121
-> #19 0x00006152855a7caf in coroutine_trampoline (...) at ../util/coroutine-ucontext.c:175
-
-Cc: qemu-stable@nongnu.org
-Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
----
- block/copy-before-write.c | 3 ++-
- block/reqlist.c | 2 --
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 8aba27a71d..3698b3bc60 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -65,7 +65,8 @@ typedef struct BDRVCopyBeforeWriteState {
-
- /*
- * @frozen_read_reqs: current read requests for fleecing user in bs->file
-- * node. These areas must not be rewritten by guest.
-+ * node. These areas must not be rewritten by guest. There can be multiple
-+ * overlapping read requests.
- */
- BlockReqList frozen_read_reqs;
-
-diff --git a/block/reqlist.c b/block/reqlist.c
-index 08cb57cfa4..098e807378 100644
---- a/block/reqlist.c
-+++ b/block/reqlist.c
-@@ -20,8 +20,6 @@
- void reqlist_init_req(BlockReqList *reqs, BlockReq *req, int64_t offset,
- int64_t bytes)
- {
-- assert(!reqlist_find_conflict(reqs, offset, bytes));
--
- *req = (BlockReq) {
- .offset = offset,
- .bytes = bytes,
diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
index f68e0df..0e5a7d3 100644
--- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
+++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 35684f7e21..43bc0bd520 100644
+index ff928b5e85..99e5bea1cc 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -563,7 +563,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -564,7 +564,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@@ -26,7 +26,7 @@ index 35684f7e21..43bc0bd520 100644
},
{
.name = "pr-manager",
-@@ -663,7 +663,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -664,7 +664,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
diff --git a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
index 62bbda8..69efd94 100644
--- a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
+++ b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
-index b1f9b35fcc..096c0d52e4 100644
+index c8f679761b..35a1338e40 100644
--- a/include/net/net.h
+++ b/include/net/net.h
-@@ -317,8 +317,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
+@@ -309,8 +309,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
int net_hub_id_for_client(NetClientState *nc, int *id);
NetClientState *net_hub_port_find(int hub_id);
diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
index 71236cf..74d94eb 100644
--- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
+++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index 6b05738079..d82869900a 100644
+index fa027cc206..da7ef0cbe6 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
-@@ -2291,9 +2291,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
+@@ -2418,9 +2418,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define CPU_RESOLVING_TYPE TYPE_X86_CPU
#ifdef TARGET_X86_64
diff --git a/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch b/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
index cb94976..6d4cc69 100644
--- a/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
+++ b/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/block/gluster.c b/block/gluster.c
-index cc74af06dc..3ba9bbfa5e 100644
+index f8b415f381..02bde39d94 100644
--- a/block/gluster.c
+++ b/block/gluster.c
-@@ -43,7 +43,7 @@
+@@ -42,7 +42,7 @@
#define GLUSTER_DEBUG_DEFAULT 4
#define GLUSTER_DEBUG_MAX 9
#define GLUSTER_OPT_LOGFILE "logfile"
@@ -21,7 +21,7 @@ index cc74af06dc..3ba9bbfa5e 100644
/*
* Several versions of GlusterFS (3.12? -> 6.0.1) fail when the transfer size
* is greater or equal to 1024 MiB, so we are limiting the transfer size to 512
-@@ -425,6 +425,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
+@@ -421,6 +421,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
int old_errno;
SocketAddressList *server;
uint64_t port;
@@ -29,7 +29,7 @@ index cc74af06dc..3ba9bbfa5e 100644
glfs = glfs_find_preopened(gconf->volume);
if (glfs) {
-@@ -467,9 +468,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
+@@ -463,9 +464,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
}
}
diff --git a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
index 8881ab8..3b31de2 100644
--- a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
+++ b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
@@ -18,7 +18,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+)
diff --git a/block/rbd.c b/block/rbd.c
-index 84bb2fa5d7..63f60d41be 100644
+index 9c0fd0cb3f..101ee59d6e 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -963,6 +963,8 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
diff --git a/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch b/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch
index 56f56f6..ddcaa1f 100644
--- a/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch
+++ b/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/block/gluster.c b/block/gluster.c
-index 3ba9bbfa5e..34936eb855 100644
+index 02bde39d94..36c00088cc 100644
--- a/block/gluster.c
+++ b/block/gluster.c
-@@ -58,6 +58,7 @@ typedef struct GlusterAIOCB {
+@@ -57,6 +57,7 @@ typedef struct GlusterAIOCB {
int ret;
Coroutine *coroutine;
AioContext *aio_context;
@@ -27,7 +27,7 @@ index 3ba9bbfa5e..34936eb855 100644
} GlusterAIOCB;
typedef struct BDRVGlusterState {
-@@ -753,8 +754,10 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret,
+@@ -749,8 +750,10 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret,
acb->ret = 0; /* Success */
} else if (ret < 0) {
acb->ret = -errno; /* Read/Write failed */
@@ -39,7 +39,7 @@ index 3ba9bbfa5e..34936eb855 100644
}
aio_co_schedule(acb->aio_context, acb->coroutine);
-@@ -1023,6 +1026,7 @@ static coroutine_fn int qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs,
+@@ -1019,6 +1022,7 @@ static coroutine_fn int qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs,
acb.ret = 0;
acb.coroutine = qemu_coroutine_self();
acb.aio_context = bdrv_get_aio_context(bs);
@@ -47,7 +47,7 @@ index 3ba9bbfa5e..34936eb855 100644
ret = glfs_zerofill_async(s->fd, offset, bytes, gluster_finish_aiocb, &acb);
if (ret < 0) {
-@@ -1203,9 +1207,11 @@ static coroutine_fn int qemu_gluster_co_rw(BlockDriverState *bs,
+@@ -1199,9 +1203,11 @@ static coroutine_fn int qemu_gluster_co_rw(BlockDriverState *bs,
acb.aio_context = bdrv_get_aio_context(bs);
if (write) {
@@ -59,7 +59,7 @@ index 3ba9bbfa5e..34936eb855 100644
ret = glfs_preadv_async(s->fd, qiov->iov, qiov->niov, offset, 0,
gluster_finish_aiocb, &acb);
}
-@@ -1268,6 +1274,7 @@ static coroutine_fn int qemu_gluster_co_flush_to_disk(BlockDriverState *bs)
+@@ -1264,6 +1270,7 @@ static coroutine_fn int qemu_gluster_co_flush_to_disk(BlockDriverState *bs)
acb.ret = 0;
acb.coroutine = qemu_coroutine_self();
acb.aio_context = bdrv_get_aio_context(bs);
@@ -67,7 +67,7 @@ index 3ba9bbfa5e..34936eb855 100644
ret = glfs_fsync_async(s->fd, gluster_finish_aiocb, &acb);
if (ret < 0) {
-@@ -1316,6 +1323,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
+@@ -1312,6 +1319,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
acb.ret = 0;
acb.coroutine = qemu_coroutine_self();
acb.aio_context = bdrv_get_aio_context(bs);
diff --git a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
index 4fc6215..6face40 100644
--- a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
+++ b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
@@ -18,10 +18,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
4 files changed, 82 insertions(+), 4 deletions(-)
diff --git a/hw/core/machine-hmp-cmds.c b/hw/core/machine-hmp-cmds.c
-index a6ff6a4875..e7f74d1c63 100644
+index 8701f00cc7..3b4c5ef403 100644
--- a/hw/core/machine-hmp-cmds.c
+++ b/hw/core/machine-hmp-cmds.c
-@@ -175,7 +175,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
+@@ -179,7 +179,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
return;
}
@@ -103,10 +103,10 @@ index 609e39a821..8cb6dfcac3 100644
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
diff --git a/qapi/machine.json b/qapi/machine.json
-index e8b60641f2..2054cdc70d 100644
+index d4317435e7..db8ed2e357 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -1079,9 +1079,29 @@
+@@ -1164,9 +1164,29 @@
# @actual: the logical size of the VM in bytes Formula used:
# logical_vm_size = vm_ram_size - balloon_size
#
diff --git a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
index 255faf5..274665d 100644
--- a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
+++ b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
@@ -13,10 +13,10 @@ Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c
-index 4b72009cd3..314351cdff 100644
+index 130217da8f..52a6d74820 100644
--- a/hw/core/machine-qmp-cmds.c
+++ b/hw/core/machine-qmp-cmds.c
-@@ -90,6 +90,12 @@ MachineInfoList *qmp_query_machines(Error **errp)
+@@ -90,6 +90,12 @@ MachineInfoList *qmp_query_machines(bool has_compat_props, bool compat_props,
info->numa_mem_supported = mc->numa_mem_supported;
info->deprecated = !!mc->deprecation_reason;
info->acpi = !!object_class_property_find(OBJECT_CLASS(mc), "acpi");
@@ -30,10 +30,10 @@ index 4b72009cd3..314351cdff 100644
info->default_cpu_type = g_strdup(mc->default_cpu_type);
}
diff --git a/qapi/machine.json b/qapi/machine.json
-index 2054cdc70d..a024d5b05d 100644
+index db8ed2e357..0c703316f5 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -146,6 +146,8 @@
+@@ -168,6 +168,8 @@
#
# @is-default: whether the machine is default
#
@@ -42,7 +42,7 @@ index 2054cdc70d..a024d5b05d 100644
# @cpu-max: maximum number of CPUs supported by the machine type
# (since 1.5)
#
-@@ -170,7 +172,7 @@
+@@ -200,7 +202,7 @@
##
{ 'struct': 'MachineInfo',
'data': { 'name': 'str', '*alias': 'str',
@@ -50,4 +50,4 @@ index 2054cdc70d..a024d5b05d 100644
+ '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
- '*default-ram-id': 'str', 'acpi': 'bool' } }
+ '*default-ram-id': 'str', 'acpi': 'bool',
diff --git a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
index b1aff6a..ade3910 100644
--- a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
+++ b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
@@ -14,10 +14,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2 files changed, 7 insertions(+)
diff --git a/qapi/ui.json b/qapi/ui.json
-index f610bce118..6ea26a9acb 100644
+index 8c8464faac..cebda37f8f 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
-@@ -314,11 +314,14 @@
+@@ -312,11 +312,14 @@
#
# @channels: a list of @SpiceChannel for each active spice channel
#
diff --git a/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch b/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch
index 875fe26..fb825fa 100644
--- a/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch
+++ b/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch
@@ -271,7 +271,7 @@ index 0000000000..17ae2cb261
+
+#endif /* QIO_CHANNEL_SAVEVM_ASYNC_H */
diff --git a/migration/meson.build b/migration/meson.build
-index 1eeb915ff6..95d1cf2250 100644
+index 5ce2acb41e..020127d901 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -13,6 +13,7 @@ system_ss.add(files(
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index b0e75e9..f1053f4 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -37,20 +37,20 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
include/migration/snapshot.h | 2 +
include/monitor/hmp.h | 3 +
migration/meson.build | 1 +
- migration/savevm-async.c | 545 +++++++++++++++++++++++++++++++++++
+ migration/savevm-async.c | 540 +++++++++++++++++++++++++++++++++++
monitor/hmp-cmds.c | 38 +++
qapi/migration.json | 34 +++
qapi/misc.json | 18 ++
qemu-options.hx | 12 +
system/vl.c | 10 +
- 11 files changed, 693 insertions(+)
+ 11 files changed, 688 insertions(+)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index ad1b1306e3..d5ab880492 100644
+index c59cd6637b..d1a7b99add 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -525,6 +525,19 @@ SRST
+@@ -512,6 +512,19 @@ SRST
Show current migration parameters.
ERST
@@ -71,10 +71,10 @@ index ad1b1306e3..d5ab880492 100644
.name = "balloon",
.args_type = "",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 2e2a3bcf98..7506de251c 100644
+index 06746f0afc..0c7c6f2c16 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
-@@ -1862,3 +1862,20 @@ SRST
+@@ -1859,3 +1859,20 @@ SRST
List event channels in the guest
ERST
#endif
@@ -107,7 +107,7 @@ index 9e4dcaaa75..2581730d74 100644
+
#endif
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
-index 13f9a2dedb..7a7def7530 100644
+index ae116d9804..2596cc2426 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -28,6 +28,7 @@ void hmp_info_status(Monitor *mon, const QDict *qdict);
@@ -118,7 +118,7 @@ index 13f9a2dedb..7a7def7530 100644
void hmp_info_migrate(Monitor *mon, const QDict *qdict);
void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict);
void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict);
-@@ -94,6 +95,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict);
+@@ -92,6 +93,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict);
void hmp_mouse_move(Monitor *mon, const QDict *qdict);
void hmp_mouse_button(Monitor *mon, const QDict *qdict);
void hmp_mouse_set(Monitor *mon, const QDict *qdict);
@@ -128,10 +128,10 @@ index 13f9a2dedb..7a7def7530 100644
void coroutine_fn hmp_screendump(Monitor *mon, const QDict *qdict);
void hmp_chardev_add(Monitor *mon, const QDict *qdict);
diff --git a/migration/meson.build b/migration/meson.build
-index 95d1cf2250..800f12a60d 100644
+index 020127d901..4b0c4f0f51 100644
--- a/migration/meson.build
+++ b/migration/meson.build
-@@ -28,6 +28,7 @@ system_ss.add(files(
+@@ -27,6 +27,7 @@ system_ss.add(files(
'options.c',
'postcopy-ram.c',
'savevm.c',
@@ -141,10 +141,10 @@ index 95d1cf2250..800f12a60d 100644
'threadinfo.c',
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
new file mode 100644
-index 0000000000..1af32604c7
+index 0000000000..4f1ef0ebd8
--- /dev/null
+++ b/migration/savevm-async.c
-@@ -0,0 +1,545 @@
+@@ -0,0 +1,540 @@
+#include "qemu/osdep.h"
+#include "migration/channel-savevm-async.h"
+#include "migration/migration.h"
@@ -489,13 +489,8 @@ index 0000000000..1af32604c7
+ }
+
+ if (migration_is_running()) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, QERR_MIGRATION_ACTIVE);
-+ return;
-+ }
-+
-+ if (migrate_block()) {
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "Block migration and snapshots are incompatible");
++ "There's a migration process in progress");
+ return;
+ }
+
@@ -558,7 +553,7 @@ index 0000000000..1af32604c7
+ snap_state.finalize_bh = qemu_bh_new(process_savevm_finalize, &snap_state);
+ snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL);
+ qemu_savevm_state_header(snap_state.file);
-+ qemu_savevm_state_setup(snap_state.file);
++ qemu_savevm_state_setup(snap_state.file, &local_err);
+
+ /* Async processing from here on out happens in iohandler context, so let
+ * the target bdrv have its home there.
@@ -691,21 +686,21 @@ index 0000000000..1af32604c7
+ return ret;
+}
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 871898ac46..ef4634e5c1 100644
+index f601d06ab8..874084565f 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -22,6 +22,7 @@
- #include "monitor/monitor-internal.h"
+@@ -24,6 +24,7 @@
#include "qapi/error.h"
#include "qapi/qapi-commands-control.h"
+ #include "qapi/qapi-commands-machine.h"
+#include "qapi/qapi-commands-migration.h"
#include "qapi/qapi-commands-misc.h"
#include "qapi/qmp/qdict.h"
#include "qemu/cutils.h"
-@@ -443,3 +444,40 @@ void hmp_info_mtree(Monitor *mon, const QDict *qdict)
-
- mtree_info(flatview, dispatch_tree, owner, disabled);
+@@ -434,3 +435,40 @@ void hmp_dumpdtb(Monitor *mon, const QDict *qdict)
+ monitor_printf(mon, "dtb dumped to %s", filename);
}
+ #endif
+
+void hmp_savevm_start(Monitor *mon, const QDict *qdict)
+{
@@ -744,10 +739,10 @@ index 871898ac46..ef4634e5c1 100644
+ }
+}
diff --git a/qapi/migration.json b/qapi/migration.json
-index 8c65b90328..ed20d066cd 100644
+index 7324571e92..d6e94a7c41 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
-@@ -297,6 +297,40 @@
+@@ -276,6 +276,40 @@
'*dirty-limit-throttle-time-per-round': 'uint64',
'*dirty-limit-ring-full-time': 'uint64'} }
@@ -789,7 +784,7 @@ index 8c65b90328..ed20d066cd 100644
# @query-migrate:
#
diff --git a/qapi/misc.json b/qapi/misc.json
-index ec30e5c570..3c68633f68 100644
+index 559b66f201..7959e89c1e 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -454,6 +454,24 @@
@@ -818,10 +813,10 @@ index ec30e5c570..3c68633f68 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index 8ce85d4559..511ab9415e 100644
+index d94e2cbbae..07730f9e65 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4610,6 +4610,18 @@ SRST
+@@ -4805,6 +4805,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@@ -841,10 +836,10 @@ index 8ce85d4559..511ab9415e 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/system/vl.c b/system/vl.c
-index c644222982..2738ab7c91 100644
+index 01b8b8e77a..d6bbdc906e 100644
--- a/system/vl.c
+++ b/system/vl.c
-@@ -163,6 +163,7 @@ static const char *accelerators;
+@@ -164,6 +164,7 @@ static const char *accelerators;
static bool have_custom_ram_size;
static const char *ram_memdev_id;
static QDict *machine_opts_dict;
@@ -852,7 +847,7 @@ index c644222982..2738ab7c91 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static int display_remote;
-@@ -2712,6 +2713,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2727,6 +2728,12 @@ void qmp_x_exit_preconfig(Error **errp)
RunState state = autostart ? RUN_STATE_RUNNING : runstate_get();
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
load_snapshot_resume(state);
@@ -865,7 +860,7 @@ index c644222982..2738ab7c91 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3259,6 +3266,9 @@ void qemu_init(int argc, char **argv)
+@@ -3275,6 +3282,9 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
index 92bc9f2..176ce0a 100644
--- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -13,16 +13,16 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
[FE: adapt to removal of QEMUFileOps]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
- migration/qemu-file.c | 50 +++++++++++++++++++++++++++-------------
+ migration/qemu-file.c | 48 +++++++++++++++++++++++++++-------------
migration/qemu-file.h | 2 ++
- migration/savevm-async.c | 5 ++--
- 3 files changed, 39 insertions(+), 18 deletions(-)
+ migration/savevm-async.c | 5 +++--
+ 3 files changed, 38 insertions(+), 17 deletions(-)
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
-index a10882d47f..19c1de0472 100644
+index b6d2f588bd..754dc0b3f7 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
-@@ -35,8 +35,8 @@
+@@ -34,8 +34,8 @@
#include "rdma.h"
#include "io/channel-file.h"
@@ -33,7 +33,7 @@ index a10882d47f..19c1de0472 100644
struct QEMUFile {
QIOChannel *ioc;
-@@ -44,7 +44,8 @@ struct QEMUFile {
+@@ -43,7 +43,8 @@ struct QEMUFile {
int buf_index;
int buf_size; /* 0 when writing */
@@ -43,7 +43,7 @@ index a10882d47f..19c1de0472 100644
DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
struct iovec iov[MAX_IOV_SIZE];
-@@ -101,7 +102,9 @@ int qemu_file_shutdown(QEMUFile *f)
+@@ -100,7 +101,9 @@ int qemu_file_shutdown(QEMUFile *f)
return 0;
}
@@ -54,7 +54,7 @@ index a10882d47f..19c1de0472 100644
{
QEMUFile *f;
-@@ -110,6 +113,8 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
+@@ -109,6 +112,8 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
object_ref(ioc);
f->ioc = ioc;
f->is_writable = is_writable;
@@ -63,7 +63,7 @@ index a10882d47f..19c1de0472 100644
return f;
}
-@@ -120,17 +125,27 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
+@@ -119,17 +124,27 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
*/
QEMUFile *qemu_file_get_return_path(QEMUFile *f)
{
@@ -94,7 +94,7 @@ index a10882d47f..19c1de0472 100644
}
/*
-@@ -328,7 +343,7 @@ static ssize_t coroutine_mixed_fn qemu_fill_buffer(QEMUFile *f)
+@@ -327,7 +342,7 @@ static ssize_t coroutine_mixed_fn qemu_fill_buffer(QEMUFile *f)
do {
len = qio_channel_read(f->ioc,
(char *)f->buf + pending,
@@ -103,7 +103,7 @@ index a10882d47f..19c1de0472 100644
&local_error);
if (len == QIO_CHANNEL_ERR_BLOCK) {
if (qemu_in_coroutine()) {
-@@ -368,6 +383,9 @@ int qemu_fclose(QEMUFile *f)
+@@ -367,6 +382,9 @@ int qemu_fclose(QEMUFile *f)
ret = ret2;
}
g_clear_pointer(&f->ioc, object_unref);
@@ -113,7 +113,7 @@ index a10882d47f..19c1de0472 100644
error_free(f->last_error_obj);
g_free(f);
trace_qemu_file_fclose();
-@@ -416,7 +434,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
+@@ -415,7 +433,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
{
if (!add_to_iovec(f, f->buf + f->buf_index, len, false)) {
f->buf_index += len;
@@ -122,7 +122,7 @@ index a10882d47f..19c1de0472 100644
qemu_fflush(f);
}
}
-@@ -441,7 +459,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
+@@ -440,7 +458,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
}
while (size > 0) {
@@ -131,7 +131,7 @@ index a10882d47f..19c1de0472 100644
if (l > size) {
l = size;
}
-@@ -587,8 +605,8 @@ size_t coroutine_mixed_fn qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t si
+@@ -586,8 +604,8 @@ size_t coroutine_mixed_fn qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t si
size_t index;
assert(!qemu_file_is_writable(f));
@@ -142,7 +142,7 @@ index a10882d47f..19c1de0472 100644
/* The 1st byte to read from */
index = f->buf_index + offset;
-@@ -638,7 +656,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
+@@ -637,7 +655,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
size_t res;
uint8_t *src;
@@ -151,7 +151,7 @@ index a10882d47f..19c1de0472 100644
if (res == 0) {
return done;
}
-@@ -672,7 +690,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
+@@ -671,7 +689,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
*/
size_t coroutine_mixed_fn qemu_get_buffer_in_place(QEMUFile *f, uint8_t **buf, size_t size)
{
@@ -160,7 +160,7 @@ index a10882d47f..19c1de0472 100644
size_t res;
uint8_t *src = NULL;
-@@ -697,7 +715,7 @@ int coroutine_mixed_fn qemu_peek_byte(QEMUFile *f, int offset)
+@@ -696,7 +714,7 @@ int coroutine_mixed_fn qemu_peek_byte(QEMUFile *f, int offset)
int index = f->buf_index + offset;
assert(!qemu_file_is_writable(f));
@@ -169,17 +169,8 @@ index a10882d47f..19c1de0472 100644
if (index >= f->buf_size) {
qemu_fill_buffer(f);
-@@ -811,7 +829,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
- ssize_t qemu_put_compression_data(QEMUFile *f, z_stream *stream,
- const uint8_t *p, size_t size)
- {
-- ssize_t blen = IO_BUF_SIZE - f->buf_index - sizeof(int32_t);
-+ ssize_t blen = f->buf_allocated_size - f->buf_index - sizeof(int32_t);
-
- if (blen < compressBound(size)) {
- return -1;
diff --git a/migration/qemu-file.h b/migration/qemu-file.h
-index 32fd4a34fd..36a0cd8cc8 100644
+index 11c2120edd..edf3c5d147 100644
--- a/migration/qemu-file.h
+++ b/migration/qemu-file.h
@@ -30,7 +30,9 @@
@@ -193,10 +184,10 @@ index 32fd4a34fd..36a0cd8cc8 100644
/*
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
-index 1af32604c7..be2035cd2e 100644
+index 4f1ef0ebd8..84e10b2c4c 100644
--- a/migration/savevm-async.c
+++ b/migration/savevm-async.c
-@@ -386,7 +386,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
+@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target,
&snap_state.bs_pos));
@@ -205,7 +196,7 @@ index 1af32604c7..be2035cd2e 100644
if (!snap_state.file) {
error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
-@@ -510,7 +510,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
+@@ -505,7 +505,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
blk_op_block_all(be, blocker);
/* restore the VM state */
diff --git a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
index 7464ca5..360f54e 100644
--- a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
+++ b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
@@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 block/zeroinit.c
diff --git a/block/meson.build b/block/meson.build
-index e1f03fd773..b530e117b5 100644
+index f1262ec2ba..6a60b5d6b9 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -39,6 +39,7 @@ block_ss.add(files(
@@ -23,12 +23,12 @@ index e1f03fd773..b530e117b5 100644
'throttle-groups.c',
'write-threshold.c',
+ 'zeroinit.c',
- ), zstd, zlib, gnutls)
+ ), zstd, zlib)
system_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
diff --git a/block/zeroinit.c b/block/zeroinit.c
new file mode 100644
-index 0000000000..7998c9332d
+index 0000000000..2b2b194ccf
--- /dev/null
+++ b/block/zeroinit.c
@@ -0,0 +1,207 @@
@@ -212,7 +212,7 @@ index 0000000000..7998c9332d
+ .instance_size = sizeof(BDRVZeroinitState),
+
+ .bdrv_parse_filename = zeroinit_parse_filename,
-+ .bdrv_file_open = zeroinit_open,
++ .bdrv_open = zeroinit_open,
+ .bdrv_close = zeroinit_close,
+ .bdrv_co_getlength = zeroinit_co_getlength,
+ .bdrv_child_perm = bdrv_default_perms,
diff --git a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
index bc472b0..d69cfab 100644
--- a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
+++ b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index 511ab9415e..92e301d545 100644
+index 07730f9e65..7fdc944965 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -1237,6 +1237,9 @@ legacy PC, they are not recommended for modern configurations.
+@@ -1239,6 +1239,9 @@ legacy PC, they are not recommended for modern configurations.
ERST
@@ -28,10 +28,10 @@ index 511ab9415e..92e301d545 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/system/vl.c b/system/vl.c
-index 2738ab7c91..20ebf2c920 100644
+index d6bbdc906e..200468a753 100644
--- a/system/vl.c
+++ b/system/vl.c
-@@ -2748,6 +2748,7 @@ void qemu_init(int argc, char **argv)
+@@ -2764,6 +2764,7 @@ void qemu_init(int argc, char **argv)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@@ -39,7 +39,7 @@ index 2738ab7c91..20ebf2c920 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3371,6 +3372,13 @@ void qemu_init(int argc, char **argv)
+@@ -3387,6 +3388,13 @@ void qemu_init(int argc, char **argv)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
diff --git a/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch b/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
index 9845cf2..016810d 100644
--- a/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
+++ b/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
@@ -11,7 +11,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 9 insertions(+)
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
-index d8fc1e2815..789694b8b3 100644
+index c13cdd7994..fd5808cdc0 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -263,6 +263,15 @@ static void apic_reset_common(DeviceState *dev)
diff --git a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
index 8b7439c..ec053d8 100644
--- a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
+++ b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 46 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 43bc0bd520..60e98c87f1 100644
+index 99e5bea1cc..6a4f6a25e6 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2876,6 +2876,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2884,6 +2884,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@@ -24,7 +24,7 @@ index 43bc0bd520..60e98c87f1 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2916,19 +2917,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2924,19 +2925,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@@ -59,7 +59,7 @@ index 43bc0bd520..60e98c87f1 100644
}
/* Clear the file by truncating it to 0 */
-@@ -2982,13 +2986,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2990,13 +2994,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@@ -82,7 +82,7 @@ index 43bc0bd520..60e98c87f1 100644
}
out_close:
-@@ -3012,6 +3018,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3020,6 +3026,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@@ -90,7 +90,7 @@ index 43bc0bd520..60e98c87f1 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -3034,6 +3041,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3042,6 +3049,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
return -EINVAL;
}
@@ -109,7 +109,7 @@ index 43bc0bd520..60e98c87f1 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -3045,6 +3064,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3053,6 +3072,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@@ -119,10 +119,10 @@ index 43bc0bd520..60e98c87f1 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 905da8be72..3db587a6e4 100644
+index c2a337cc04..1cb6f04db3 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4956,6 +4956,10 @@
+@@ -4959,6 +4959,10 @@
# @extent-size-hint: Extent size hint to add to the image file; 0 for
# not adding an extent size hint (default: 1 MB, since 5.1)
#
@@ -133,7 +133,7 @@ index 905da8be72..3db587a6e4 100644
# Since: 2.12
##
{ 'struct': 'BlockdevCreateOptionsFile',
-@@ -4963,7 +4967,8 @@
+@@ -4966,7 +4970,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
diff --git a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
index e3c7ba1..c7e00c9 100644
--- a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
+++ b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
@@ -18,10 +18,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index 589c9524f8..2505dd658a 100644
+index eb181d5979..20fc0d20a6 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
-@@ -536,8 +536,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
+@@ -534,8 +534,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
qemu_chr_fe_set_echo(&mon->common.chr, true);
/* Note: we run QMP monitor in I/O thread when @chr supports that */
diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
index a7630d2..74bc24e 100644
--- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
+++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
@@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 4273de16a0..83f1fc0293 100644
+index 27dcda0248..7a13e9f014 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -162,7 +162,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -173,7 +173,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
diff --git a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
index eb27304..70c1d15 100644
--- a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
+++ b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
@@ -16,15 +16,15 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/core/machine-qmp-cmds.c | 5 +++++
include/hw/boards.h | 2 ++
- qapi/machine.json | 4 +++-
- system/vl.c | 25 +++++++++++++++++++++++++
- 4 files changed, 35 insertions(+), 1 deletion(-)
+ qapi/machine.json | 3 +++
+ system/vl.c | 24 ++++++++++++++++++++++++
+ 4 files changed, 34 insertions(+)
diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c
-index 314351cdff..628a3537c5 100644
+index 52a6d74820..362128842d 100644
--- a/hw/core/machine-qmp-cmds.c
+++ b/hw/core/machine-qmp-cmds.c
-@@ -94,6 +94,11 @@ MachineInfoList *qmp_query_machines(Error **errp)
+@@ -94,6 +94,11 @@ MachineInfoList *qmp_query_machines(bool has_compat_props, bool compat_props,
if (strcmp(mc->name, MACHINE_GET_CLASS(current_machine)->name) == 0) {
info->has_is_current = true;
info->is_current = true;
@@ -37,10 +37,10 @@ index 314351cdff..628a3537c5 100644
if (mc->default_cpu_type) {
diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 8b8f6d5c00..dd6d0a1447 100644
+index 48ff6d8b93..5cddeb7fcb 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
-@@ -246,6 +246,8 @@ struct MachineClass {
+@@ -252,6 +252,8 @@ struct MachineClass {
const char *desc;
const char *deprecation_reason;
@@ -50,52 +50,51 @@ index 8b8f6d5c00..dd6d0a1447 100644
void (*reset)(MachineState *state, ShutdownCause reason);
void (*wakeup)(MachineState *state);
diff --git a/qapi/machine.json b/qapi/machine.json
-index a024d5b05d..1d69bffaa0 100644
+index 0c703316f5..dc46a3e93f 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -168,6 +168,8 @@
+@@ -190,6 +190,8 @@
#
# @acpi: machine type supports ACPI (since 8.0)
#
+# @pve-version: custom PVE version suffix specified as 'machine+pveN'
+#
- # Since: 1.2
- ##
- { 'struct': 'MachineInfo',
-@@ -175,7 +177,7 @@
- '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
+ # @compat-props: The machine type's compatibility properties. Only
+ # present when query-machines argument @compat-props is true.
+ # (since 9.1)
+@@ -206,6 +208,7 @@
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
-- '*default-ram-id': 'str', 'acpi': 'bool' } }
-+ '*default-ram-id': 'str', 'acpi': 'bool', '*pve-version': 'str' } }
+ '*default-ram-id': 'str', 'acpi': 'bool',
++ '*pve-version': 'str',
+ '*compat-props': { 'type': ['CompatProperty'],
+ 'features': ['unstable'] } } }
- ##
- # @query-machines:
diff --git a/system/vl.c b/system/vl.c
-index 20ebf2c920..4d39e32097 100644
+index 200468a753..0dbdba6421 100644
--- a/system/vl.c
+++ b/system/vl.c
-@@ -1659,6 +1659,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
- static MachineClass *select_machine(QDict *qdict, Error **errp)
+@@ -1675,6 +1675,7 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
{
+ ERRP_GUARD();
const char *machine_type = qdict_get_try_str(qdict, "type");
+ const char *pvever = qdict_get_try_str(qdict, "pvever");
- GSList *machines = object_class_get_list(TYPE_MACHINE, false);
- MachineClass *machine_class;
- Error *local_err = NULL;
-@@ -1676,6 +1677,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
- }
- }
+ g_autoptr(GSList) machines = object_class_get_list(TYPE_MACHINE, false);
+ MachineClass *machine_class = NULL;
-+ if (machine_class) {
+@@ -1694,7 +1695,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
+ if (!machine_class) {
+ error_append_hint(errp,
+ "Use -machine help to list supported machines\n");
++ } else {
+ machine_class->pve_version = g_strdup(pvever);
+ qdict_del(qdict, "pvever");
-+ }
+ }
+
- g_slist_free(machines);
- if (local_err) {
- error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3313,12 +3319,31 @@ void qemu_init(int argc, char **argv)
+ return machine_class;
+ }
+
+@@ -3329,12 +3334,31 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_machine:
{
bool help;
diff --git a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
index d6d7767..0f197ba 100644
--- a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
+++ b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
@@ -26,12 +26,12 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 vma.h
diff --git a/block/meson.build b/block/meson.build
-index b530e117b5..b245daa98e 100644
+index 6a60b5d6b9..652c8cbdb7 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -42,6 +42,8 @@ block_ss.add(files(
'zeroinit.c',
- ), zstd, zlib, gnutls)
+ ), zstd, zlib)
+block_ss.add(files('../vma-writer.c'), libuuid)
+
@@ -39,10 +39,10 @@ index b530e117b5..b245daa98e 100644
system_ss.add(files('block-ram-registrar.c'))
diff --git a/meson.build b/meson.build
-index 91a0aa64c6..620cc594b2 100644
+index aa7ea85d0b..7eee5b4249 100644
--- a/meson.build
+++ b/meson.build
-@@ -1922,6 +1922,8 @@ endif
+@@ -2012,6 +2012,8 @@ endif
has_gettid = cc.has_function('gettid')
@@ -51,12 +51,12 @@ index 91a0aa64c6..620cc594b2 100644
# libselinux
selinux = dependency('libselinux',
required: get_option('selinux'),
-@@ -4023,6 +4025,9 @@ if have_tools
- dependencies: [blockdev, qemuutil, gnutls, selinux],
+@@ -4097,6 +4099,9 @@ if have_tools
+ dependencies: [blockdev, qemuutil, selinux],
install: true)
+ vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
-+ dependencies: [authz, block, crypto, io, qom], install: true)
++ dependencies: [authz, block, crypto, io, qemuutil, qom], install: true)
+
subdir('storage-daemon')
diff --git a/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch b/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch
index 722a22f..39bb0c3 100644
--- a/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch
+++ b/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch
@@ -247,7 +247,7 @@ index eba5b11493..1963e47ab9 100644
if (perf->max_chunk && perf->max_chunk < cluster_size) {
error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup "
diff --git a/block/meson.build b/block/meson.build
-index b245daa98e..e99914eaa4 100644
+index 652c8cbdb7..e1cf5a2e65 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -4,6 +4,7 @@ block_ss.add(files(
@@ -259,7 +259,7 @@ index b245daa98e..e99914eaa4 100644
'blklogwrites.c',
'blkverify.c',
diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h
-index 761276127e..b3e6697613 100644
+index ebb4e56a50..e717a74e5f 100644
--- a/include/block/block_int-common.h
+++ b/include/block/block_int-common.h
@@ -26,6 +26,7 @@
diff --git a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
index 4cc9c97..7ed6dd2 100644
--- a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
@@ -104,11 +104,11 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 pve-backup.c
diff --git a/block/meson.build b/block/meson.build
-index e99914eaa4..6bba803f94 100644
+index e1cf5a2e65..2367e1ac1b 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -44,6 +44,11 @@ block_ss.add(files(
- ), zstd, zlib, gnutls)
+ ), zstd, zlib)
block_ss.add(files('../vma-writer.c'), libuuid)
+block_ss.add(files(
@@ -167,7 +167,7 @@ index bdf2eb50b6..439a7a14c8 100644
+ hmp_handle_error(mon, error);
+}
diff --git a/blockdev.c b/blockdev.c
-index ed8198f351..1054a69279 100644
+index 9cbd166674..8080c47fa6 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -37,6 +37,7 @@
@@ -179,10 +179,10 @@ index ed8198f351..1054a69279 100644
#include "monitor/monitor.h"
#include "qemu/error-report.h"
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index d5ab880492..6c97248d1b 100644
+index d1a7b99add..af588145ff 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -471,6 +471,20 @@ SRST
+@@ -458,6 +458,20 @@ SRST
Show the current VM UUID.
ERST
@@ -204,7 +204,7 @@ index d5ab880492..6c97248d1b 100644
{
.name = "usernet",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 7506de251c..d5f9c28194 100644
+index 0c7c6f2c16..bf8315f226 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -101,6 +101,35 @@ ERST
@@ -244,7 +244,7 @@ index 7506de251c..d5f9c28194 100644
{
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
-index 7a7def7530..cba7afe70c 100644
+index 2596cc2426..9dda91d65a 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -32,6 +32,7 @@ void hmp_info_savevm(Monitor *mon, const QDict *qdict);
@@ -255,7 +255,7 @@ index 7a7def7530..cba7afe70c 100644
void hmp_info_cpus(Monitor *mon, const QDict *qdict);
void hmp_info_vnc(Monitor *mon, const QDict *qdict);
void hmp_info_spice(Monitor *mon, const QDict *qdict);
-@@ -84,6 +85,8 @@ void hmp_change_vnc(Monitor *mon, const char *device, const char *target,
+@@ -82,6 +83,8 @@ void hmp_change_vnc(Monitor *mon, const char *device, const char *target,
void hmp_change_medium(Monitor *mon, const char *device, const char *target,
const char *arg, const char *read_only, bool force,
Error **errp);
@@ -265,10 +265,10 @@ index 7a7def7530..cba7afe70c 100644
void hmp_device_add(Monitor *mon, const QDict *qdict);
void hmp_device_del(Monitor *mon, const QDict *qdict);
diff --git a/meson.build b/meson.build
-index 620cc594b2..d16b97cf3c 100644
+index 7eee5b4249..979c452f74 100644
--- a/meson.build
+++ b/meson.build
-@@ -1923,6 +1923,7 @@ endif
+@@ -2013,6 +2013,7 @@ endif
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -277,18 +277,18 @@ index 620cc594b2..d16b97cf3c 100644
# libselinux
selinux = dependency('libselinux',
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index ef4634e5c1..6e25279f42 100644
+index 874084565f..bedeb81f8c 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -21,6 +21,7 @@
+@@ -22,6 +22,7 @@
#include "qemu/help_option.h"
#include "monitor/monitor-internal.h"
#include "qapi/error.h"
+#include "qapi/qapi-commands-block-core.h"
#include "qapi/qapi-commands-control.h"
+ #include "qapi/qapi-commands-machine.h"
#include "qapi/qapi-commands-migration.h"
- #include "qapi/qapi-commands-misc.h"
-@@ -144,6 +145,77 @@ void hmp_sync_profile(Monitor *mon, const QDict *qdict)
+@@ -119,6 +120,77 @@ void hmp_sync_profile(Monitor *mon, const QDict *qdict)
}
}
@@ -586,7 +586,7 @@ index 0000000000..8cbf645b2c
+#endif /* PROXMOX_BACKUP_CLIENT_H */
diff --git a/pve-backup.c b/pve-backup.c
new file mode 100644
-index 0000000000..c755bf302b
+index 0000000000..9f83ecb310
--- /dev/null
+++ b/pve-backup.c
@@ -0,0 +1,1092 @@
@@ -1194,7 +1194,7 @@ index 0000000000..c755bf302b
+ }
+ BlockDriverState *bs = blk_bs(blk);
+ if (!bdrv_co_is_inserted(bs)) {
-+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, *d);
++ error_setg(errp, "Device '%s' has no medium", *d);
+ goto err;
+ }
+ PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1);
@@ -1683,7 +1683,7 @@ index 0000000000..c755bf302b
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 3db587a6e4..d05fffce1d 100644
+index 1cb6f04db3..ac83c3495d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -851,6 +851,239 @@
@@ -1825,7 +1825,7 @@ index 3db587a6e4..d05fffce1d 100644
+#
+# Cancel the current executing backup process.
+#
-+# Notes: This command succeeds even if there is no backup process running.
++# .. note:: This command succeeds even if there is no backup process running.
+#
+##
+{ 'command': 'backup-cancel', 'coroutine': true }
@@ -1927,7 +1927,7 @@ index 3db587a6e4..d05fffce1d 100644
# @BlockDeviceTimedStats:
#
diff --git a/qapi/common.json b/qapi/common.json
-index 7558ce5430..6e3d800373 100644
+index 7558ce5430..5c00bddeb7 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -200,3 +200,17 @@
@@ -1944,12 +1944,12 @@ index 7558ce5430..6e3d800373 100644
+#
+# Since: 0.14.0
+#
-+# Notes: If no UUID was specified for the guest, a null UUID is
++# .. note:: If no UUID was specified for the guest, a null UUID is
+# returned.
+##
+{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
diff --git a/qapi/machine.json b/qapi/machine.json
-index 1d69bffaa0..731d8d2f60 100644
+index dc46a3e93f..bd58d58fc5 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -4,6 +4,8 @@
@@ -1961,7 +1961,7 @@ index 1d69bffaa0..731d8d2f60 100644
##
# = Machines
##
-@@ -237,20 +239,6 @@
+@@ -303,20 +305,6 @@
##
{ 'command': 'query-target', 'returns': 'TargetInfo' }
@@ -1974,8 +1974,8 @@ index 1d69bffaa0..731d8d2f60 100644
-#
-# Since: 0.14
-#
--# Notes: If no UUID was specified for the guest, a null UUID is
--# returned.
+-# .. note:: If no UUID was specified for the guest, the nil UUID (all
+-# zeroes) is returned.
-##
-{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
-
diff --git a/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
index bde2cb2..5d6f956 100644
--- a/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
+++ b/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
@@ -14,15 +14,15 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
create mode 100644 pbs-restore.c
diff --git a/meson.build b/meson.build
-index d16b97cf3c..6de51c34cb 100644
+index 979c452f74..426f382178 100644
--- a/meson.build
+++ b/meson.build
-@@ -4029,6 +4029,10 @@ if have_tools
+@@ -4103,6 +4103,10 @@ if have_tools
vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
- dependencies: [authz, block, crypto, io, qom], install: true)
+ dependencies: [authz, block, crypto, io, qemuutil, qom], install: true)
+ pbs_restore = executable('pbs-restore', files('pbs-restore.c') + genh,
-+ dependencies: [authz, block, crypto, io, qom,
++ dependencies: [authz, block, crypto, io, qemuutil, qom,
+ libproxmox_backup_qemu], install: true)
+
subdir('storage-daemon')
diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index 02efb58..95b82a2 100644
--- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -15,15 +15,15 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
block/meson.build | 2 +
- block/pbs.c | 313 +++++++++++++++++++++++++++++++++++++++++++
+ block/pbs.c | 306 +++++++++++++++++++++++++++++++++++++++++++
meson.build | 2 +-
qapi/block-core.json | 29 ++++
qapi/pragma.json | 1 +
- 5 files changed, 346 insertions(+), 1 deletion(-)
+ 5 files changed, 339 insertions(+), 1 deletion(-)
create mode 100644 block/pbs.c
diff --git a/block/meson.build b/block/meson.build
-index 6bba803f94..1945e04eeb 100644
+index 2367e1ac1b..e178047ec9 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -49,6 +49,8 @@ block_ss.add(files(
@@ -37,10 +37,10 @@ index 6bba803f94..1945e04eeb 100644
system_ss.add(files('block-ram-registrar.c'))
diff --git a/block/pbs.c b/block/pbs.c
new file mode 100644
-index 0000000000..aee66c2e93
+index 0000000000..2d5e28ce8f
--- /dev/null
+++ b/block/pbs.c
-@@ -0,0 +1,313 @@
+@@ -0,0 +1,306 @@
+/*
+ * Proxmox Backup Server read-only block driver
+ */
@@ -223,12 +223,6 @@ index 0000000000..aee66c2e93
+ return 0;
+}
+
-+static int pbs_file_open(BlockDriverState *bs, QDict *options, int flags,
-+ Error **errp)
-+{
-+ return pbs_open(bs, options, flags, errp);
-+}
-+
+static void pbs_close(BlockDriverState *bs) {
+ BDRVPBSState *s = bs->opaque;
+ g_free(s->repository);
@@ -336,7 +330,6 @@ index 0000000000..aee66c2e93
+
+ .bdrv_parse_filename = pbs_parse_filename,
+
-+ .bdrv_file_open = pbs_file_open,
+ .bdrv_open = pbs_open,
+ .bdrv_close = pbs_close,
+ .bdrv_co_getlength = pbs_co_getlength,
@@ -355,12 +348,12 @@ index 0000000000..aee66c2e93
+
+block_init(bdrv_pbs_init);
diff --git a/meson.build b/meson.build
-index 6de51c34cb..3bc039f60f 100644
+index 426f382178..7e6130cfdf 100644
--- a/meson.build
+++ b/meson.build
-@@ -4477,7 +4477,7 @@ summary_info += {'bzip2 support': libbzip2}
- summary_info += {'lzfse support': liblzfse}
- summary_info += {'zstd support': zstd}
+@@ -4559,7 +4559,7 @@ summary_info += {'zstd support': zstd}
+ summary_info += {'Query Processing Library support': qpl}
+ summary_info += {'UADK Library support': uadk}
summary_info += {'NUMA host support': numa}
-summary_info += {'capstone': capstone}
+summary_info += {'PBS bdrv support': config_host.has_key('CONFIG_PBS_BDRV')}
@@ -368,7 +361,7 @@ index 6de51c34cb..3bc039f60f 100644
summary_info += {'libdaxctl support': libdaxctl}
summary_info += {'libudev': libudev}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index d05fffce1d..e7cf3d94f3 100644
+index ac83c3495d..fe0eefcea6 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3457,6 +3457,7 @@
@@ -413,7 +406,7 @@ index d05fffce1d..e7cf3d94f3 100644
##
# @BlockdevOptionsNVMe:
#
-@@ -4977,6 +5005,7 @@
+@@ -4978,6 +5006,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
diff --git a/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch
index f564373..a4b4cdf 100644
--- a/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch
+++ b/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/meson.build b/meson.build
-index 3bc039f60f..067e8956a7 100644
+index 7e6130cfdf..984f858bdc 100644
--- a/meson.build
+++ b/meson.build
-@@ -1923,6 +1923,7 @@ endif
+@@ -2013,6 +2013,7 @@ endif
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -25,7 +25,7 @@ index 3bc039f60f..067e8956a7 100644
libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true)
# libselinux
-@@ -3530,7 +3531,7 @@ if have_block
+@@ -3597,7 +3598,7 @@ if have_block
if host_os == 'windows'
system_ss.add(files('os-win32.c'))
else
@@ -35,7 +35,7 @@ index 3bc039f60f..067e8956a7 100644
endif
diff --git a/os-posix.c b/os-posix.c
-index a4284e2c07..197a2120fd 100644
+index 43f9a43f3f..a47e46d1c2 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -29,6 +29,8 @@
@@ -47,7 +47,7 @@ index a4284e2c07..197a2120fd 100644
#include "qemu/error-report.h"
#include "qemu/log.h"
-@@ -302,9 +304,10 @@ void os_setup_post(void)
+@@ -306,9 +308,10 @@ void os_setup_post(void)
dup2(fd, 0);
dup2(fd, 1);
diff --git a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index 388bd04..6377a09 100644
--- a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -26,10 +26,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 migration/pbs-state.c
diff --git a/include/migration/misc.h b/include/migration/misc.h
-index c9e200f4eb..12c99ebc69 100644
+index bfadc5613b..e2e51fcf6b 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
-@@ -117,4 +117,7 @@ bool migration_in_bg_snapshot(void);
+@@ -111,4 +111,7 @@ bool migration_in_bg_snapshot(void);
/* migration/block-dirty-bitmap.c */
void dirty_bitmap_mig_init(void);
@@ -38,25 +38,31 @@ index c9e200f4eb..12c99ebc69 100644
+
#endif
diff --git a/migration/meson.build b/migration/meson.build
-index 800f12a60d..35a4306183 100644
+index 4b0c4f0f51..d039797132 100644
--- a/migration/meson.build
+++ b/migration/meson.build
-@@ -7,7 +7,9 @@ migration_files = files(
- 'vmstate.c',
+@@ -8,6 +8,7 @@ migration_files = files(
'qemu-file.c',
'yank_functions.c',
-+ 'pbs-state.c',
)
+system_ss.add(libproxmox_backup_qemu)
system_ss.add(files(
'block-dirty-bitmap.c',
+@@ -25,6 +26,7 @@ system_ss.add(files(
+ 'multifd-zlib.c',
+ 'multifd-zero-page.c',
+ 'options.c',
++ 'pbs-state.c',
+ 'postcopy-ram.c',
+ 'savevm.c',
+ 'savevm-async.c',
diff --git a/migration/migration.c b/migration/migration.c
-index 86bf76e925..b8d7e471a4 100644
+index ae2be31557..fab4c20ee4 100644
--- a/migration/migration.c
+++ b/migration/migration.c
-@@ -239,6 +239,7 @@ void migration_object_init(void)
- blk_mig_init();
+@@ -263,6 +263,7 @@ void migration_object_init(void)
+
ram_mig_init();
dirty_bitmap_mig_init();
+ pbs_state_mig_init();
@@ -65,7 +71,7 @@ index 86bf76e925..b8d7e471a4 100644
typedef struct {
diff --git a/migration/pbs-state.c b/migration/pbs-state.c
new file mode 100644
-index 0000000000..887e998b9e
+index 0000000000..a97187e4d7
--- /dev/null
+++ b/migration/pbs-state.c
@@ -0,0 +1,104 @@
@@ -114,7 +120,7 @@ index 0000000000..887e998b9e
+}
+
+/* serialize PBS state and send to target via f, called on source */
-+static int pbs_state_save_setup(QEMUFile *f, void *opaque)
++static int pbs_state_save_setup(QEMUFile *f, void *opaque, Error **errp)
+{
+ size_t buf_size;
+ uint8_t *buf = proxmox_export_state(&buf_size);
@@ -174,7 +180,7 @@ index 0000000000..887e998b9e
+ NULL);
+}
diff --git a/pve-backup.c b/pve-backup.c
-index c755bf302b..5ebb6a3947 100644
+index 9f83ecb310..57477f7f2a 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -1085,6 +1085,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
@@ -186,7 +192,7 @@ index c755bf302b..5ebb6a3947 100644
ret->pbs_masterkey = true;
ret->backup_max_workers = true;
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index e7cf3d94f3..282e2e8a8c 100644
+index fe0eefcea6..521a1914e8 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1004,6 +1004,11 @@
diff --git a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
index 4a5b701..066ad77 100644
--- a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
+++ b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
@@ -15,18 +15,21 @@ transferred.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- migration/block-dirty-bitmap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ migration/block-dirty-bitmap.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
-index 2708abf3d7..fb17c01308 100644
+index a7d55048c2..77346a5fa2 100644
--- a/migration/block-dirty-bitmap.c
+++ b/migration/block-dirty-bitmap.c
-@@ -540,7 +540,7 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
+@@ -539,7 +539,10 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
+ }
- if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, &local_err)) {
- error_report_err(local_err);
+ if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, errp)) {
- return -1;
++ if (errp != NULL) {
++ error_report_err(*errp);
++ }
+ continue;
}
diff --git a/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch b/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch
index c78bc03..0dc48df 100644
--- a/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch
+++ b/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch
@@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 30 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
-index 2ff14b7472..46f275fbf7 100644
+index 979bf90cb7..961714a4be 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1392,12 +1392,42 @@ static char *get_initiator_name(QemuOpts *opts)
diff --git a/debian/patches/pve/0038-block-add-alloc-track-driver.patch b/debian/patches/pve/0038-block-add-alloc-track-driver.patch
index d302c8e..a398c56 100644
--- a/debian/patches/pve/0038-block-add-alloc-track-driver.patch
+++ b/debian/patches/pve/0038-block-add-alloc-track-driver.patch
@@ -42,7 +42,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
diff --git a/block/alloc-track.c b/block/alloc-track.c
new file mode 100644
-index 0000000000..b9f8ea9137
+index 0000000000..b4a9851144
--- /dev/null
+++ b/block/alloc-track.c
@@ -0,0 +1,366 @@
@@ -386,7 +386,7 @@ index 0000000000..b9f8ea9137
+ .format_name = "alloc-track",
+ .instance_size = sizeof(BDRVAllocTrackState),
+
-+ .bdrv_file_open = track_open,
++ .bdrv_open = track_open,
+ .bdrv_close = track_close,
+ .bdrv_co_getlength = track_co_getlength,
+ .bdrv_child_perm = track_child_perm,
@@ -413,7 +413,7 @@ index 0000000000..b9f8ea9137
+
+block_init(bdrv_alloc_track_init);
diff --git a/block/meson.build b/block/meson.build
-index 1945e04eeb..2873f3a25a 100644
+index e178047ec9..7ef7250d31 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -2,6 +2,7 @@ block_ss.add(genh)
diff --git a/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch b/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
index f99f717..c773c6c 100644
--- a/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
+++ b/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 40 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index 63f60d41be..367db42dce 100644
+index 101ee59d6e..4ad3b1a7b1 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1515,7 +1515,6 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
diff --git a/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch b/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
index 5ae0bff..dfe5895 100644
--- a/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
+++ b/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
@@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index 367db42dce..347b121626 100644
+index 4ad3b1a7b1..e341745255 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1474,11 +1474,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
diff --git a/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch b/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
index 38966fe..596649e 100644
--- a/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
+++ b/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
@@ -24,7 +24,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 112 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index 347b121626..e61b359b97 100644
+index e341745255..436d3d7811 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -108,12 +108,6 @@ typedef struct RBDTask {
@@ -152,7 +152,7 @@ index 347b121626..e61b359b97 100644
static int64_t coroutine_fn qemu_rbd_co_getlength(BlockDriverState *bs)
{
BDRVRBDState *s = bs->opaque;
-@@ -1800,7 +1689,6 @@ static BlockDriver bdrv_rbd = {
+@@ -1801,7 +1690,6 @@ static BlockDriver bdrv_rbd = {
#ifdef LIBRBD_SUPPORTS_WRITE_ZEROES
.bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes,
#endif
diff --git a/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch b/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
index 812026d..c0e323a 100644
--- a/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
+++ b/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
@@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/block/alloc-track.c b/block/alloc-track.c
-index b9f8ea9137..f3ed2935c4 100644
+index b4a9851144..fc7d58a5d0 100644
--- a/block/alloc-track.c
+++ b/block/alloc-track.c
@@ -34,7 +34,6 @@ typedef struct {
diff --git a/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch b/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
index 295319c..5e1683b 100644
--- a/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
+++ b/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
@@ -20,7 +20,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 26 deletions(-)
diff --git a/block/alloc-track.c b/block/alloc-track.c
-index f3ed2935c4..29138dcc49 100644
+index fc7d58a5d0..b56425b7f0 100644
--- a/block/alloc-track.c
+++ b/block/alloc-track.c
@@ -25,15 +25,9 @@
diff --git a/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch b/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
index 0b9717c..3c13f8c 100644
--- a/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
+++ b/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
@@ -108,10 +108,10 @@ index bdc703bacd..77857c6c68 100644
/* Function should be called prior any actual copy request */
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 282e2e8a8c..9caf04cbe9 100644
+index 521a1914e8..171846deb1 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4926,12 +4926,18 @@
+@@ -4927,12 +4927,18 @@
# @on-cbw-error parameter will decide how this failure is handled.
# Default 0. (Since 7.1)
#
diff --git a/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch b/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
index 267dead..e0ab0b3 100644
--- a/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
+++ b/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
@@ -68,10 +68,10 @@ index 01af0cd3c4..dc6cafe7fa 100644
Error **errp);
void bdrv_cbw_drop(BlockDriverState *bs);
diff --git a/blockdev.c b/blockdev.c
-index 1054a69279..cbe224387b 100644
+index 8080c47fa6..3f67eb413d 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2654,6 +2654,9 @@ static BlockJob *do_backup_common(BackupCommon *backup,
+@@ -2656,6 +2656,9 @@ static BlockJob *do_backup_common(BackupCommon *backup,
if (backup->x_perf->has_max_chunk) {
perf.max_chunk = backup->x_perf->max_chunk;
}
@@ -82,7 +82,7 @@ index 1054a69279..cbe224387b 100644
if ((backup->sync == MIRROR_SYNC_MODE_BITMAP) ||
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 9caf04cbe9..df934647ed 100644
+index 171846deb1..653df22046 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1790,11 +1790,16 @@
diff --git a/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch b/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch
index 2f63bc0..3a70297 100644
--- a/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch
+++ b/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch
@@ -80,7 +80,7 @@ index 439a7a14c8..d0e7771dcc 100644
hmp_handle_error(mon, error);
diff --git a/pve-backup.c b/pve-backup.c
-index 5ebb6a3947..a747d12d3d 100644
+index 57477f7f2a..0f098000dd 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -7,9 +7,11 @@
@@ -252,7 +252,7 @@ index 5ebb6a3947..a747d12d3d 100644
+ }
+ BlockDriverState *fleecing_bs = blk_bs(fleecing_blk);
+ if (!bdrv_co_is_inserted(fleecing_bs)) {
-+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, fleecing_devid);
++ error_setg(errp, "Device '%s' has no medium", fleecing_devid);
+ goto err;
+ }
+ /*
@@ -294,7 +294,7 @@ index 5ebb6a3947..a747d12d3d 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index df934647ed..ff441d4258 100644
+index 653df22046..9f25c398ec 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -948,6 +948,10 @@
diff --git a/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch b/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
index a57cebd..a7e8986 100644
--- a/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
+++ b/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
@@ -96,7 +96,7 @@ index dc6cafe7fa..a27d2d7d9f 100644
#endif /* COPY_BEFORE_WRITE_H */
diff --git a/pve-backup.c b/pve-backup.c
-index a747d12d3d..4e730aa3da 100644
+index 0f098000dd..75da1dc051 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -374,6 +374,15 @@ static void pvebackup_complete_cb(void *opaque, int ret)
diff --git a/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch b/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch
index dc5e3f1..9a8ac00 100644
--- a/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch
+++ b/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch
@@ -18,7 +18,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 25 insertions(+), 13 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 4e730aa3da..c4178758b3 100644
+index 75da1dc051..167f0b5c3f 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -357,22 +357,23 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque)
diff --git a/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch b/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
index 81ac557..7cac5cb 100644
--- a/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
+++ b/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
@@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 58 insertions(+), 37 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index c4178758b3..051ebffe48 100644
+index 167f0b5c3f..f136d004c4 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -525,6 +525,62 @@ static int coroutine_fn pvebackup_co_add_config(
diff --git a/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch b/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch
index 5ad62ca..a854b32 100644
--- a/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch
+++ b/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch
@@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 051ebffe48..33c23e53c2 100644
+index f136d004c4..8ccb281c8c 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -94,6 +94,7 @@ typedef struct PVEBackupDevInfo {
diff --git a/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch b/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch
index dc9c883..bf79355 100644
--- a/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch
+++ b/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch
@@ -10,7 +10,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 33c23e53c2..d931746453 100644
+index 8ccb281c8c..255465676c 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -626,7 +626,8 @@ static void create_backup_jobs_bh(void *opaque) {
diff --git a/debian/patches/series b/debian/patches/series
index 93c97bf..3b57a3a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,39 +2,6 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
-extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
-extra/0006-block-copy-before-write-fix-permission.patch
-extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
-extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
-extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
-extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
-extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
-extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
-extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
-extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
-extra/0015-block-copy-Fix-missing-graph-lock.patch
-extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
-extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
-extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
-extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
-extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
-extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
-extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
-extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
-extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
-extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
-extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
-extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
-extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
-extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
-extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
-extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
-extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
-extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
-extra/0034-vnc-fix-crash-when-no-console-attached.patch
-extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
-extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
-extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
diff --git a/qemu b/qemu
index 5ebde3b..508081a 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit 5ebde3b5c00e15f560f73055fac4ab31c0cac6d2
+Subproject commit 508081a49b0d624930ca479b8a27bccdc50bdfb2
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command Fiona Ebner
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...async-for-background-state-snapshots.patch | 23 ++++++++-----------
...add-optional-buffer-size-to-QEMUFile.patch | 8 +++----
2 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index f1053f4..1fe4648 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -37,13 +37,13 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
include/migration/snapshot.h | 2 +
include/monitor/hmp.h | 3 +
migration/meson.build | 1 +
- migration/savevm-async.c | 540 +++++++++++++++++++++++++++++++++++
+ migration/savevm-async.c | 537 +++++++++++++++++++++++++++++++++++
monitor/hmp-cmds.c | 38 +++
qapi/migration.json | 34 +++
qapi/misc.json | 18 ++
qemu-options.hx | 12 +
system/vl.c | 10 +
- 11 files changed, 688 insertions(+)
+ 11 files changed, 685 insertions(+)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
@@ -141,10 +141,10 @@ index 020127d901..4b0c4f0f51 100644
'threadinfo.c',
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
new file mode 100644
-index 0000000000..4f1ef0ebd8
+index 0000000000..59bb0b57d9
--- /dev/null
+++ b/migration/savevm-async.c
-@@ -0,0 +1,540 @@
+@@ -0,0 +1,537 @@
+#include "qemu/osdep.h"
+#include "migration/channel-savevm-async.h"
+#include "migration/migration.h"
@@ -292,7 +292,7 @@ index 0000000000..4f1ef0ebd8
+ DPRINTF("save_snapshot_error: %s\n", msg);
+
+ if (!snap_state.error) {
-+ error_set(&snap_state.error, ERROR_CLASS_GENERIC_ERROR, "%s", msg);
++ error_setg(&snap_state.error, "%s", msg);
+ }
+
+ g_free (msg);
@@ -483,14 +483,12 @@ index 0000000000..4f1ef0ebd8
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH;
+
+ if (snap_state.state != SAVE_STATE_DONE) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "VM snapshot already started\n");
++ error_setg(errp, "VM snapshot already started\n");
+ return;
+ }
+
+ if (migration_is_running()) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "There's a migration process in progress");
++ error_setg(errp, "There's a migration process in progress");
+ return;
+ }
+
@@ -522,7 +520,7 @@ index 0000000000..4f1ef0ebd8
+ qdict_put_str(options, "driver", "raw");
+ snap_state.target = blk_new_open(statefile, NULL, options, bdrv_oflags, &local_err);
+ if (!snap_state.target) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
++ error_setg(errp, "failed to open '%s'", statefile);
+ goto restart;
+ }
+
@@ -531,7 +529,7 @@ index 0000000000..4f1ef0ebd8
+ snap_state.file = qemu_file_new_output(ioc);
+
+ if (!snap_state.file) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
++ error_setg(errp, "failed to open '%s'", statefile);
+ goto restart;
+ }
+
@@ -608,8 +606,7 @@ index 0000000000..4f1ef0ebd8
+void qmp_savevm_end(Error **errp)
+{
+ if (snap_state.state == SAVE_STATE_DONE) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "VM snapshot not started\n");
++ error_setg(errp, "VM snapshot not started\n");
+ return;
+ }
+
diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
index 176ce0a..cd2e2d2 100644
--- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -184,10 +184,10 @@ index 11c2120edd..edf3c5d147 100644
/*
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
-index 4f1ef0ebd8..84e10b2c4c 100644
+index 59bb0b57d9..9a4dd1e4f5 100644
--- a/migration/savevm-async.c
+++ b/migration/savevm-async.c
-@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
+@@ -379,7 +379,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target,
&snap_state.bs_pos));
@@ -195,8 +195,8 @@ index 4f1ef0ebd8..84e10b2c4c 100644
+ snap_state.file = qemu_file_new_output_sized(ioc, 4 * 1024 * 1024);
if (!snap_state.file) {
- error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
-@@ -505,7 +505,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
+ error_setg(errp, "failed to open '%s'", statefile);
+@@ -502,7 +502,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
blk_op_block_all(be, blocker);
/* restore the VM state */
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2 Fiona Ebner
2024-12-11 15:58 ` [pve-devel] applied-series: [PATCH qemu 0/4] " Thomas Lamprecht
4 siblings, 0 replies; 6+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Return values for qemu_savevm_state_setup() and blk_set_aio_context()
now get checked.
Move the qemu_coroutine_create() call to after the new early return
to avoid a potential memory leak.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...async-for-background-state-snapshots.patch | 26 ++++++++++++++-----
...add-optional-buffer-size-to-QEMUFile.patch | 6 ++---
2 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index 1fe4648..4e9c6bf 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -37,13 +37,13 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
include/migration/snapshot.h | 2 +
include/monitor/hmp.h | 3 +
migration/meson.build | 1 +
- migration/savevm-async.c | 537 +++++++++++++++++++++++++++++++++++
+ migration/savevm-async.c | 549 +++++++++++++++++++++++++++++++++++
monitor/hmp-cmds.c | 38 +++
qapi/migration.json | 34 +++
qapi/misc.json | 18 ++
qemu-options.hx | 12 +
system/vl.c | 10 +
- 11 files changed, 685 insertions(+)
+ 11 files changed, 697 insertions(+)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
@@ -141,10 +141,10 @@ index 020127d901..4b0c4f0f51 100644
'threadinfo.c',
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
new file mode 100644
-index 0000000000..59bb0b57d9
+index 0000000000..4c90209188
--- /dev/null
+++ b/migration/savevm-async.c
-@@ -0,0 +1,537 @@
+@@ -0,0 +1,549 @@
+#include "qemu/osdep.h"
+#include "migration/channel-savevm-async.h"
+#include "migration/migration.h"
@@ -167,6 +167,7 @@ index 0000000000..59bb0b57d9
+#include "qapi/qapi-commands-misc.h"
+#include "qapi/qapi-commands-block.h"
+#include "qemu/cutils.h"
++#include "qemu/error-report.h"
+#include "qemu/timer.h"
+#include "qemu/main-loop.h"
+#include "qemu/rcu.h"
@@ -479,6 +480,7 @@ index 0000000000..59bb0b57d9
+ Error *local_err = NULL;
+ MigrationState *ms = migrate_get_current();
+ AioContext *iohandler_ctx = iohandler_get_aio_context();
++ int ret = 0;
+
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH;
+
@@ -549,15 +551,25 @@ index 0000000000..59bb0b57d9
+
+ snap_state.state = SAVE_STATE_ACTIVE;
+ snap_state.finalize_bh = qemu_bh_new(process_savevm_finalize, &snap_state);
-+ snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL);
+ qemu_savevm_state_header(snap_state.file);
-+ qemu_savevm_state_setup(snap_state.file, &local_err);
++ ret = qemu_savevm_state_setup(snap_state.file, &local_err);
++ if (ret != 0) {
++ error_setg_errno(errp, -ret, "savevm state setup failed: %s",
++ local_err ? error_get_pretty(local_err) : "unknown error");
++ return;
++ }
+
+ /* Async processing from here on out happens in iohandler context, so let
+ * the target bdrv have its home there.
+ */
-+ blk_set_aio_context(snap_state.target, iohandler_ctx, &local_err);
++ ret = blk_set_aio_context(snap_state.target, iohandler_ctx, &local_err);
++ if (ret != 0) {
++ warn_report("failed to set iohandler context for VM state target: %s %s",
++ local_err ? error_get_pretty(local_err) : "unknown error",
++ strerror(-ret));
++ }
+
++ snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL);
+ aio_co_schedule(iohandler_ctx, snap_state.co);
+
+ return;
diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
index cd2e2d2..67d6ba8 100644
--- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -184,10 +184,10 @@ index 11c2120edd..edf3c5d147 100644
/*
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
-index 59bb0b57d9..9a4dd1e4f5 100644
+index 4c90209188..eb562d3dcf 100644
--- a/migration/savevm-async.c
+++ b/migration/savevm-async.c
-@@ -379,7 +379,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
+@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target,
&snap_state.bs_pos));
@@ -196,7 +196,7 @@ index 59bb0b57d9..9a4dd1e4f5 100644
if (!snap_state.file) {
error_setg(errp, "failed to open '%s'", statefile);
-@@ -502,7 +502,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
+@@ -514,7 +514,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
blk_op_block_all(be, blocker);
/* restore the VM state */
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
` (2 preceding siblings ...)
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-12-11 15:58 ` [pve-devel] applied-series: [PATCH qemu 0/4] " Thomas Lamprecht
4 siblings, 0 replies; 6+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Pick up to stable fixes for virtio-net, one fixing multiqueue
initialization and one fixing potential out-of-bounds access (in the
work_around_broken_dhclient() hack that luckily seems to be
unreachable when 'vhost=on' is used for the device, which Proxmox VE
does except when running a non-native VM arch or if the vhost device
is not available).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...o-net-Add-queues-before-loading-them.patch | 81 +++++++++++++++++++
...ix-size-check-in-dhclient-workaround.patch | 36 +++++++++
debian/patches/series | 2 +
3 files changed, 119 insertions(+)
create mode 100644 debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
create mode 100644 debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
diff --git a/debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch b/debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
new file mode 100644
index 0000000..7369a49
--- /dev/null
+++ b/debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
@@ -0,0 +1,81 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Tue, 22 Oct 2024 15:49:01 +0900
+Subject: [PATCH] virtio-net: Add queues before loading them
+
+Call virtio_net_set_multiqueue() to add queues before loading their
+states. Otherwise the loaded queues will not have handlers and elements
+in them will not be processed.
+
+Cc: qemu-stable@nongnu.org
+Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
+Reported-by: Laurent Vivier <lvivier@redhat.com>
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+(picked from https://lore.kernel.org/qemu-devel/20241022-load-v1-1-99df0bff7939@daynix.com/)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/net/virtio-net.c | 10 ++++++++++
+ hw/virtio/virtio.c | 7 +++++++
+ include/hw/virtio/virtio.h | 2 ++
+ 3 files changed, 19 insertions(+)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index ed33a32877..90d05f94d4 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -3032,6 +3032,15 @@ static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
+ virtio_net_set_queue_pairs(n);
+ }
+
++static int virtio_net_pre_load_queues(VirtIODevice *vdev)
++{
++ virtio_net_set_multiqueue(VIRTIO_NET(vdev),
++ virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_RSS) ||
++ virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MQ));
++
++ return 0;
++}
++
+ static int virtio_net_post_load_device(void *opaque, int version_id)
+ {
+ VirtIONet *n = opaque;
+@@ -4010,6 +4019,7 @@ static void virtio_net_class_init(ObjectClass *klass, void *data)
+ vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
+ vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
+ vdc->legacy_features |= (0x1 << VIRTIO_NET_F_GSO);
++ vdc->pre_load_queues = virtio_net_pre_load_queues;
+ vdc->post_load = virtio_net_post_load_virtio;
+ vdc->vmsd = &vmstate_virtio_net_device;
+ vdc->primary_unplug_pending = primary_unplug_pending;
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 9e10cbc058..10f24a58dd 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3251,6 +3251,13 @@ virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
+ config_len--;
+ }
+
++ if (vdc->pre_load_queues) {
++ ret = vdc->pre_load_queues(vdev);
++ if (ret) {
++ return ret;
++ }
++ }
++
+ num = qemu_get_be32(f);
+
+ if (num > VIRTIO_QUEUE_MAX) {
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index 0fcbc5c0c6..953dfca27c 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -210,6 +210,8 @@ struct VirtioDeviceClass {
+ void (*guest_notifier_mask)(VirtIODevice *vdev, int n, bool mask);
+ int (*start_ioeventfd)(VirtIODevice *vdev);
+ void (*stop_ioeventfd)(VirtIODevice *vdev);
++ /* Called before loading queues. Useful to add queues before loading. */
++ int (*pre_load_queues)(VirtIODevice *vdev);
+ /* Saving and loading of a device; trying to deprecate save/load
+ * use vmsd for new devices.
+ */
diff --git a/debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch b/debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
new file mode 100644
index 0000000..29df2c1
--- /dev/null
+++ b/debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Fri, 22 Nov 2024 14:03:08 +0900
+Subject: [PATCH] virtio-net: Fix size check in dhclient workaround
+
+work_around_broken_dhclient() accesses IP and UDP headers to detect
+relevant packets and to calculate checksums, but it didn't check if
+the packet has size sufficient to accommodate them, causing out-of-bound
+access hazards. Fix this by correcting the size requirement.
+
+Fixes: 1d41b0c1ec66 ("Work around dhclient brokenness")
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+(picked from https://lore.kernel.org/qemu-devel/20241122-queue-v3-2-f2ff03b8dbfd@daynix.com/#t)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/net/virtio-net.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 90d05f94d4..c1fe457359 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1692,8 +1692,11 @@ static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
+ static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
+ uint8_t *buf, size_t size)
+ {
++ size_t csum_size = ETH_HLEN + sizeof(struct ip_header) +
++ sizeof(struct udp_header);
++
+ if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
+- (size > 27 && size < 1500) && /* normal sized MTU */
++ (size >= csum_size && size < 1500) && /* normal sized MTU */
+ (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
+ (buf[23] == 17) && /* ip.protocol == UDP */
+ (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
diff --git a/debian/patches/series b/debian/patches/series
index 3b57a3a..0b48878 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,8 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+extra/0005-virtio-net-Add-queues-before-loading-them.patch
+extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied-series: [PATCH qemu 0/4] QEMU 9.1.2
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
` (3 preceding siblings ...)
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2 Fiona Ebner
@ 2024-12-11 15:58 ` Thomas Lamprecht
4 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2024-12-11 15:58 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 25.11.24 um 12:00 schrieb Fiona Ebner:> No issues encountered during initial smoke testing of migration,
> snapshot, backup functionality, SPICE, drive-mirror, with a selection
> of different VM configs and guests.
>
> Fiona Ebner (4):
> update submodule and patches to QEMU 9.1.2
> async snapshot: code cleanup: use error_setg() helper
> async snapshot: improve error handling for 'savevm-start' QMP command
> stable fixes for QEMU 9.1.2
>
applied series, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-12-11 15:59 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2 Fiona Ebner
2024-12-11 15:58 ` [pve-devel] applied-series: [PATCH qemu 0/4] " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal