* [pve-devel] [PATCH-SERIES qemu] update to 7.0.0
@ 2022-06-27 11:05 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
Clean rebase and didn't run into any obvious issues when testing (I
did when testing the release candidates, but those issues got
addressed before the release :)). Still, more testing is always
appreciated!
Fabian Ebner (4):
update submodule and patches to 7.0.0
d/rules: drop outdated configure flags
d/rules: adapt to changed opensbi riscv filenames in 7.0.0
cherry-pick upstream fixes for 7.0.0
...d-support-for-sync-bitmap-mode-never.patch | 90 ++--
...-support-for-conditional-and-always-.patch | 14 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 12 +-
...k-gluster-correctly-set-max_pdiscard.patch | 47 ++
...support-for-flag-argument-with-value.patch | 55 --
...003-block-vmdk-Fix-reopening-bs-file.patch | 129 +++++
...-set-expire_password-and-allow-VNC-d.patch | 477 ------------------
...balanced-plugged-counter-in-laio_io_.patch | 44 ++
...erflow-in-snprintf-string-formatting.patch | 100 ++++
...Update-BSC-only-if-want_zero-is-true.patch | 43 --
...Fix-disabling-MPX-on-cpu-host-with-M.patch | 48 ++
...lete-reconnect-delay-timer-when-done.patch | 40 --
...ontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 121 +++++
...sert-there-are-no-timers-when-closed.patch | 34 --
...outine-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 123 +++++
...-nbd-Move-s-ioc-on-AioContext-change.patch | 90 ----
...ame-qemu_coroutine_inc-dec_pool_size.patch | 90 ++++
...U-crash-when-started-with-SLIC-table.patch | 89 ----
...outine-Revert-to-constant-batch-size.patch | 121 +++++
...-not-consult-nonexistent-host-leaves.patch | 117 +++++
...-map-leaking-on-error-during-receive.patch | 38 --
...rrect-calls-of-log_global_start-stop.patch | 86 ----
...ctrl-and-event-handler-functions-in-.patch | 108 ++++
...acpi-fix-OEM-ID-OEM-Table-ID-padding.patch | 59 ---
...t-waste-CPU-polling-the-event-virtqu.patch | 91 ++++
...k-descriptor-chain-in-private-at-SVQ.patch | 102 ++++
...ch-the-virqueue-element-in-case-of-e.patch | 55 --
...Fix-device-s-used-descriptor-dequeue.patch | 62 +++
...t-user-remove-VirtQ-notifier-restore.patch | 98 ----
...ex-calculus-at-vhost_vdpa_get_vring_.patch | 39 ++
...host-user-fix-VirtQ-notifier-cleanup.patch | 149 ------
...ex-calculus-at-vhost_vdpa_svqs_start.patch | 35 ++
...ondition-for-iommu_platform-not-supp.patch | 101 ----
...rrectly-set-max_pdiscard-which-is-in.patch | 38 --
...virtio-Replace-g_memdup-by-g_memdup2.patch | 74 +++
.../0019-ui-vnc.c-Fixed-a-deadlock-bug.patch | 72 ---
...Fix-element-in-vhost_svq_add-failure.patch | 47 ++
...er-fix-race-condition-in-qxl_cursor-.patch | 37 --
...teger-overflow-in-cursor_alloc-CVE-2.patch | 83 ---
...k-file-change-locking-default-to-off.patch | 6 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...ui-spice-default-to-pve-certificates.patch | 2 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
.../0007-PVE-Up-qmp-add-get_link_status.patch | 6 +-
...return-success-on-info-without-snaps.patch | 4 +-
...dd-add-osize-and-read-from-to-stdin-.patch | 16 +-
...E-Up-qemu-img-dd-add-isize-parameter.patch | 12 +-
...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 10 +-
.../0014-PVE-qapi-modify-query-machines.patch | 6 +-
.../0015-PVE-qapi-modify-spice-query.patch | 6 +-
...async-for-background-state-snapshots.patch | 30 +-
...add-optional-buffer-size-to-QEMUFile.patch | 28 +-
...add-the-zeroinit-block-driver-filter.patch | 4 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...le-posix-make-locking-optiono-on-cre.patch | 18 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 18 +-
...e-bcs-bitmap-initialization-to-job-c.patch | 4 +-
...VE-Backup-add-vma-backup-format-code.patch | 32 +-
...-Backup-add-backup-dump-block-driver.patch | 28 +-
...ckup-proxmox-backup-patches-for-qemu.patch | 42 +-
...estore-new-command-to-restore-from-p.patch | 4 +-
...irty-bitmap-tracking-for-incremental.patch | 6 +-
.../pve/0031-PVE-various-PBS-fixes.patch | 4 +-
...k-driver-to-map-backup-archives-into.patch | 54 +-
...dd-query_proxmox_support-QMP-command.patch | 2 +-
...E-add-query-pbs-bitmap-info-QMP-call.patch | 4 +-
...ct-stderr-to-journal-when-daemonized.patch | 8 +-
...d-sequential-job-transaction-support.patch | 10 +-
...-block-on-finishing-and-cleanup-crea.patch | 2 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 8 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
...routine-QMP-for-backup-cancel_backup.patch | 6 +-
.../pve/0043-PBS-add-master-key-support.patch | 4 +-
...PVE-block-stream-increase-chunk-size.patch | 2 +-
...accept-NULL-qiov-in-bdrv_pad_request.patch | 4 +-
.../0047-block-add-alloc-track-driver.patch | 2 +-
...valid-QAPI-names-for-backwards-compa.patch | 6 +-
...-add-l-option-for-loading-a-snapshot.patch | 18 +-
.../pve/0051-vma-allow-partial-restore.patch | 14 +-
.../pve/0052-pbs-namespace-support.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 80 +++
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 35 ++
...-rbd-implement-bdrv_co_block_status.patch} | 6 +-
...-jobs-correctly-cancel-in-error-sce.patch} | 0
...sure-jobs-in-di_list-are-referenced.patch} | 0
...-segfault-issues-upon-backup-cancel.patch} | 0
...upport-64KiB-unaligned-input-images.patch} | 6 +-
...-triggering-assertion-in-error-case.patch} | 4 +-
...k-alloc-track-avoid-premature-break.patch} | 0
debian/patches/series | 52 +-
debian/rules | 6 +-
qemu | 2 +-
97 files changed, 1949 insertions(+), 1990 deletions(-)
create mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
delete mode 100644 debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
create mode 100644 debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
delete mode 100644 debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
create mode 100644 debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
create mode 100644 debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
delete mode 100644 debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
create mode 100644 debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
delete mode 100644 debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
create mode 100644 debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
delete mode 100644 debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
create mode 100644 debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
delete mode 100644 debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
create mode 100644 debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
delete mode 100644 debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
create mode 100644 debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
create mode 100644 debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
delete mode 100644 debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
delete mode 100644 debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
create mode 100644 debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
delete mode 100644 debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
create mode 100644 debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
create mode 100644 debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
delete mode 100644 debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
create mode 100644 debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
delete mode 100644 debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
create mode 100644 debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
delete mode 100644 debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
create mode 100644 debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
delete mode 100644 debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
delete mode 100644 debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
create mode 100644 debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
delete mode 100644 debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
create mode 100644 debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
delete mode 100644 debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
delete mode 100644 debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
create mode 100644 debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
create mode 100644 debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
rename debian/patches/pve/{0053-Revert-block-rbd-implement-bdrv_co_block_status.patch => 0055-Revert-block-rbd-implement-bdrv_co_block_status.patch} (97%)
rename debian/patches/pve/{0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch => 0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch} (100%)
rename debian/patches/pve/{0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch => 0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch} (100%)
rename debian/patches/pve/{0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch => 0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch} (100%)
rename debian/patches/pve/{0057-vma-create-support-64KiB-unaligned-input-images.patch => 0059-vma-create-support-64KiB-unaligned-input-images.patch} (92%)
rename debian/patches/pve/{0058-vma-create-avoid-triggering-assertion-in-error-case.patch => 0060-vma-create-avoid-triggering-assertion-in-error-case.patch} (88%)
rename debian/patches/pve/{0059-block-alloc-track-avoid-premature-break.patch => 0061-block-alloc-track-avoid-premature-break.patch} (100%)
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 1/4] update submodule and patches to 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags Fabian Ebner
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
Only very minor changes needed:
* Most patches in extra (or some version of them) are part of 7.0.0.
* aio_set_fd_handler got an extra parameter, but can just pass NULL
like we did for the related 'poll' parameter. See QEMU commit
826cc32423db2a99d184dbf4f507c737d7e7a4ae for more.
* Add include for qemu/memalign.h in vma.c and vma-writer.c.
* Add reverts for fixups of already reverted 0347a8fd4c ("block/rbd:
implement bdrv_co_block_status") that came in with 7.0.0. Those
fixups are not enough, see Proxmox bugzilla #4047.
* Two trivial context changes for bitmap-mirror patches.
* block_int.h got split up into multiple headers.
* Some context changes in configure and meson.build.
* Used the oppurtunity to squash fixup of bdrv_backuo_dump_create typo
in a later patch into the patch introducing the function (had to
move code to new header during rebase).
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 90 ++--
...-support-for-conditional-and-always-.patch | 14 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 12 +-
...rectly-set-max_pdiscard-which-is-in.patch} | 0
...support-for-flag-argument-with-value.patch | 55 --
...-set-expire_password-and-allow-VNC-d.patch | 477 ------------------
...Update-BSC-only-if-want_zero-is-true.patch | 43 --
...lete-reconnect-delay-timer-when-done.patch | 40 --
...sert-there-are-no-timers-when-closed.patch | 34 --
...-nbd-Move-s-ioc-on-AioContext-change.patch | 90 ----
...U-crash-when-started-with-SLIC-table.patch | 89 ----
...-map-leaking-on-error-during-receive.patch | 38 --
...rrect-calls-of-log_global_start-stop.patch | 86 ----
...acpi-fix-OEM-ID-OEM-Table-ID-padding.patch | 59 ---
...ch-the-virqueue-element-in-case-of-e.patch | 55 --
...t-user-remove-VirtQ-notifier-restore.patch | 98 ----
...host-user-fix-VirtQ-notifier-cleanup.patch | 149 ------
...ondition-for-iommu_platform-not-supp.patch | 101 ----
.../0019-ui-vnc.c-Fixed-a-deadlock-bug.patch | 72 ---
...er-fix-race-condition-in-qxl_cursor-.patch | 37 --
...teger-overflow-in-cursor_alloc-CVE-2.patch | 83 ---
...k-file-change-locking-default-to-off.patch | 6 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...ui-spice-default-to-pve-certificates.patch | 2 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
.../0007-PVE-Up-qmp-add-get_link_status.patch | 6 +-
...return-success-on-info-without-snaps.patch | 4 +-
...dd-add-osize-and-read-from-to-stdin-.patch | 16 +-
...E-Up-qemu-img-dd-add-isize-parameter.patch | 12 +-
...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 10 +-
.../0014-PVE-qapi-modify-query-machines.patch | 6 +-
.../0015-PVE-qapi-modify-spice-query.patch | 6 +-
...async-for-background-state-snapshots.patch | 30 +-
...add-optional-buffer-size-to-QEMUFile.patch | 28 +-
...add-the-zeroinit-block-driver-filter.patch | 4 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...le-posix-make-locking-optiono-on-cre.patch | 18 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 18 +-
...e-bcs-bitmap-initialization-to-job-c.patch | 4 +-
...VE-Backup-add-vma-backup-format-code.patch | 32 +-
...-Backup-add-backup-dump-block-driver.patch | 28 +-
...ckup-proxmox-backup-patches-for-qemu.patch | 42 +-
...estore-new-command-to-restore-from-p.patch | 4 +-
...irty-bitmap-tracking-for-incremental.patch | 6 +-
.../pve/0031-PVE-various-PBS-fixes.patch | 4 +-
...k-driver-to-map-backup-archives-into.patch | 54 +-
...dd-query_proxmox_support-QMP-command.patch | 2 +-
...E-add-query-pbs-bitmap-info-QMP-call.patch | 4 +-
...ct-stderr-to-journal-when-daemonized.patch | 8 +-
...d-sequential-job-transaction-support.patch | 10 +-
...-block-on-finishing-and-cleanup-crea.patch | 2 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 8 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
...routine-QMP-for-backup-cancel_backup.patch | 6 +-
.../pve/0043-PBS-add-master-key-support.patch | 4 +-
...PVE-block-stream-increase-chunk-size.patch | 2 +-
...accept-NULL-qiov-in-bdrv_pad_request.patch | 4 +-
.../0047-block-add-alloc-track-driver.patch | 2 +-
...valid-QAPI-names-for-backwards-compa.patch | 6 +-
...-add-l-option-for-loading-a-snapshot.patch | 18 +-
.../pve/0051-vma-allow-partial-restore.patch | 14 +-
.../pve/0052-pbs-namespace-support.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 80 +++
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 35 ++
...-rbd-implement-bdrv_co_block_status.patch} | 6 +-
...-jobs-correctly-cancel-in-error-sce.patch} | 0
...sure-jobs-in-di_list-are-referenced.patch} | 0
...-segfault-issues-upon-backup-cancel.patch} | 0
...upport-64KiB-unaligned-input-images.patch} | 6 +-
...-triggering-assertion-in-error-case.patch} | 4 +-
...k-alloc-track-avoid-premature-break.patch} | 0
debian/patches/series | 35 +-
qemu | 2 +-
78 files changed, 432 insertions(+), 1948 deletions(-)
rename debian/patches/extra/{0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch => 0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch} (100%)
delete mode 100644 debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
delete mode 100644 debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
delete mode 100644 debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
delete mode 100644 debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
delete mode 100644 debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
delete mode 100644 debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
delete mode 100644 debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
delete mode 100644 debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
delete mode 100644 debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
delete mode 100644 debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
delete mode 100644 debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
delete mode 100644 debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
delete mode 100644 debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
delete mode 100644 debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
delete mode 100644 debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
delete mode 100644 debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
delete mode 100644 debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
create mode 100644 debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
create mode 100644 debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
rename debian/patches/pve/{0053-Revert-block-rbd-implement-bdrv_co_block_status.patch => 0055-Revert-block-rbd-implement-bdrv_co_block_status.patch} (97%)
rename debian/patches/pve/{0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch => 0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch} (100%)
rename debian/patches/pve/{0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch => 0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch} (100%)
rename debian/patches/pve/{0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch => 0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch} (100%)
rename debian/patches/pve/{0057-vma-create-support-64KiB-unaligned-input-images.patch => 0059-vma-create-support-64KiB-unaligned-input-images.patch} (92%)
rename debian/patches/pve/{0058-vma-create-avoid-triggering-assertion-in-error-case.patch => 0060-vma-create-avoid-triggering-assertion-in-error-case.patch} (88%)
rename debian/patches/pve/{0059-block-alloc-track-avoid-premature-break.patch => 0061-block-alloc-track-avoid-premature-break.patch} (100%)
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 61ce22a..5301cf0 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -28,18 +28,18 @@ Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- block/mirror.c | 98 +++++++++++++++++++++++++-------
- blockdev.c | 39 ++++++++++++-
- include/block/block_int.h | 4 +-
- qapi/block-core.json | 29 ++++++++--
- tests/unit/test-block-iothread.c | 4 +-
+ block/mirror.c | 98 +++++++++++++++++++++-----
+ blockdev.c | 39 +++++++++-
+ include/block/block_int-global-state.h | 4 +-
+ qapi/block-core.json | 29 ++++++--
+ tests/unit/test-block-iothread.c | 4 +-
5 files changed, 145 insertions(+), 29 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index efec2c7674..f7804638f9 100644
+index d8ecb9efa2..d95a7d7940 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -50,7 +50,7 @@ typedef struct MirrorBlockJob {
+@@ -51,7 +51,7 @@ typedef struct MirrorBlockJob {
BlockDriverState *to_replace;
/* Used to block operations on the drive-mirror-replace target */
Error *replace_blocker;
@@ -48,7 +48,7 @@ index efec2c7674..f7804638f9 100644
BlockMirrorBackingMode backing_mode;
/* Whether the target image requires explicit zero-initialization */
bool zero_target;
-@@ -64,6 +64,8 @@ typedef struct MirrorBlockJob {
+@@ -65,6 +65,8 @@ typedef struct MirrorBlockJob {
size_t buf_size;
int64_t bdev_length;
unsigned long *cow_bitmap;
@@ -57,7 +57,7 @@ index efec2c7674..f7804638f9 100644
BdrvDirtyBitmap *dirty_bitmap;
BdrvDirtyBitmapIter *dbi;
uint8_t *buf;
-@@ -695,7 +697,8 @@ static int mirror_exit_common(Job *job)
+@@ -696,7 +698,8 @@ static int mirror_exit_common(Job *job)
bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing,
&error_abort);
if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
@@ -67,7 +67,7 @@ index efec2c7674..f7804638f9 100644
BlockDriverState *unfiltered_target = bdrv_skip_filters(target_bs);
if (bdrv_cow_bs(unfiltered_target) != backing) {
-@@ -800,6 +803,16 @@ static void mirror_abort(Job *job)
+@@ -794,6 +797,16 @@ static void mirror_abort(Job *job)
assert(ret == 0);
}
@@ -84,7 +84,7 @@ index efec2c7674..f7804638f9 100644
static void coroutine_fn mirror_throttle(MirrorBlockJob *s)
{
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-@@ -979,7 +992,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
+@@ -973,7 +986,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
mirror_free_init(s);
s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
@@ -94,7 +94,7 @@ index efec2c7674..f7804638f9 100644
ret = mirror_dirty_init(s);
if (ret < 0 || job_is_cancelled(&s->common.job)) {
goto immediate_exit;
-@@ -1221,6 +1235,7 @@ static const BlockJobDriver mirror_job_driver = {
+@@ -1212,6 +1226,7 @@ static const BlockJobDriver mirror_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -102,7 +102,7 @@ index efec2c7674..f7804638f9 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = mirror_cancel,
-@@ -1237,6 +1252,7 @@ static const BlockJobDriver commit_active_job_driver = {
+@@ -1228,6 +1243,7 @@ static const BlockJobDriver commit_active_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -110,7 +110,7 @@ index efec2c7674..f7804638f9 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = commit_active_cancel,
-@@ -1602,7 +1618,10 @@ static BlockJob *mirror_start_job(
+@@ -1593,7 +1609,10 @@ static BlockJob *mirror_start_job(
BlockCompletionFunc *cb,
void *opaque,
const BlockJobDriver *driver,
@@ -122,11 +122,12 @@ index efec2c7674..f7804638f9 100644
bool auto_complete, const char *filter_node_name,
bool is_mirror, MirrorCopyMode copy_mode,
Error **errp)
-@@ -1614,10 +1633,39 @@ static BlockJob *mirror_start_job(
+@@ -1605,10 +1624,39 @@ static BlockJob *mirror_start_job(
uint64_t target_perms, target_shared_perms;
int ret;
- if (granularity == 0) {
+- granularity = bdrv_get_default_bitmap_granularity(target);
+ if (sync_mode == MIRROR_SYNC_MODE_INCREMENTAL) {
+ error_setg(errp, "Sync mode '%s' not supported",
+ MirrorSyncMode_str(sync_mode));
@@ -147,8 +148,8 @@ index efec2c7674..f7804638f9 100644
+ "sync mode '%s' is not compatible with bitmaps",
+ MirrorSyncMode_str(sync_mode));
+ return NULL;
-+ }
-+
+ }
+
+ if (bitmap) {
+ if (granularity) {
+ error_setg(errp, "granularity (%d)"
@@ -158,13 +159,12 @@ index efec2c7674..f7804638f9 100644
+ }
+ granularity = bdrv_dirty_bitmap_granularity(bitmap);
+ } else if (granularity == 0) {
- granularity = bdrv_get_default_bitmap_granularity(target);
- }
--
++ granularity = bdrv_get_default_bitmap_granularity(target);
++ }
assert(is_power_of_2(granularity));
if (buf_size < 0) {
-@@ -1755,7 +1803,9 @@ static BlockJob *mirror_start_job(
+@@ -1740,7 +1788,9 @@ static BlockJob *mirror_start_job(
s->replaces = g_strdup(replaces);
s->on_source_error = on_source_error;
s->on_target_error = on_target_error;
@@ -175,7 +175,7 @@ index efec2c7674..f7804638f9 100644
s->backing_mode = backing_mode;
s->zero_target = zero_target;
s->copy_mode = copy_mode;
-@@ -1776,6 +1826,18 @@ static BlockJob *mirror_start_job(
+@@ -1761,6 +1811,18 @@ static BlockJob *mirror_start_job(
bdrv_disable_dirty_bitmap(s->dirty_bitmap);
}
@@ -194,7 +194,7 @@ index efec2c7674..f7804638f9 100644
ret = block_job_add_bdrv(&s->common, "source", bs, 0,
BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
BLK_PERM_CONSISTENT_READ,
-@@ -1853,6 +1915,9 @@ fail:
+@@ -1838,6 +1900,9 @@ fail:
if (s->dirty_bitmap) {
bdrv_release_dirty_bitmap(s->dirty_bitmap);
}
@@ -204,7 +204,7 @@ index efec2c7674..f7804638f9 100644
job_early_fail(&s->common.job);
}
-@@ -1870,29 +1935,23 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+@@ -1855,31 +1920,25 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
@@ -221,6 +221,8 @@ index efec2c7674..f7804638f9 100644
- bool is_none_mode;
BlockDriverState *base;
+ GLOBAL_STATE_CODE();
+
- if ((mode == MIRROR_SYNC_MODE_INCREMENTAL) ||
- (mode == MIRROR_SYNC_MODE_BITMAP)) {
- error_setg(errp, "Sync mode '%s' not supported",
@@ -239,7 +241,7 @@ index efec2c7674..f7804638f9 100644
}
BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
-@@ -1917,7 +1976,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
+@@ -1906,7 +1965,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN, false,
on_error, on_error, true, cb, opaque,
@@ -250,10 +252,10 @@ index efec2c7674..f7804638f9 100644
errp);
if (!job) {
diff --git a/blockdev.c b/blockdev.c
-index b35072644e..9940116fe0 100644
+index e46e831212..fa601838a3 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2956,6 +2956,10 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2951,6 +2951,10 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
BlockDriverState *target,
bool has_replaces, const char *replaces,
enum MirrorSyncMode sync,
@@ -264,7 +266,7 @@ index b35072644e..9940116fe0 100644
BlockMirrorBackingMode backing_mode,
bool zero_target,
bool has_speed, int64_t speed,
-@@ -2975,6 +2979,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2970,6 +2974,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
{
BlockDriverState *unfiltered_bs;
int job_flags = JOB_DEFAULT;
@@ -272,7 +274,7 @@ index b35072644e..9940116fe0 100644
if (!has_speed) {
speed = 0;
-@@ -3029,6 +3034,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3024,6 +3029,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
@@ -302,7 +304,7 @@ index b35072644e..9940116fe0 100644
if (!has_replaces) {
/* We want to mirror from @bs, but keep implicit filters on top */
unfiltered_bs = bdrv_skip_implicit_filters(bs);
-@@ -3075,8 +3103,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3070,8 +3098,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
* and will allow to check whether the node still exist at mirror completion
*/
mirror_start(job_id, bs, target,
@@ -313,7 +315,7 @@ index b35072644e..9940116fe0 100644
on_source_error, on_target_error, unmap, filter_node_name,
copy_mode, errp);
}
-@@ -3221,6 +3249,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
+@@ -3216,6 +3244,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
blockdev_mirror_common(arg->has_job_id ? arg->job_id : NULL, bs, target_bs,
arg->has_replaces, arg->replaces, arg->sync,
@@ -322,7 +324,7 @@ index b35072644e..9940116fe0 100644
backing_mode, zero_target,
arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
-@@ -3242,6 +3272,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
+@@ -3237,6 +3267,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
const char *device, const char *target,
bool has_replaces, const char *replaces,
MirrorSyncMode sync,
@@ -331,7 +333,7 @@ index b35072644e..9940116fe0 100644
bool has_speed, int64_t speed,
bool has_granularity, uint32_t granularity,
bool has_buf_size, int64_t buf_size,
-@@ -3291,7 +3323,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
+@@ -3286,7 +3318,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
}
blockdev_mirror_common(has_job_id ? job_id : NULL, bs, target_bs,
@@ -341,11 +343,11 @@ index b35072644e..9940116fe0 100644
zero_target, has_speed, speed,
has_granularity, granularity,
has_buf_size, buf_size,
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index f4c75e8ba9..ee0aeb1414 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
-@@ -1287,7 +1287,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
+index 0f21b0570b..e7f901d048 100644
+--- a/include/block/block_int-global-state.h
++++ b/include/block/block_int-global-state.h
+@@ -148,7 +148,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
@@ -357,10 +359,10 @@ index f4c75e8ba9..ee0aeb1414 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 1d3dd9cb48..da5dca1e3b 100644
+index beeb91952a..fb25c2b245 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -1995,10 +1995,19 @@
+@@ -1993,10 +1993,19 @@
# (all the disk, only the sectors allocated in the topmost image, or
# only new I/O).
#
@@ -381,7 +383,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
#
# @buf-size: maximum amount of data in flight from source to
# target (since 1.4).
-@@ -2036,7 +2045,9 @@
+@@ -2034,7 +2043,9 @@
{ 'struct': 'DriveMirror',
'data': { '*job-id': 'str', 'device': 'str', 'target': 'str',
'*format': 'str', '*node-name': 'str', '*replaces': 'str',
@@ -392,7 +394,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
'*speed': 'int', '*granularity': 'uint32',
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
'*on-target-error': 'BlockdevOnError',
-@@ -2308,10 +2319,19 @@
+@@ -2306,10 +2317,19 @@
# (all the disk, only the sectors allocated in the topmost image, or
# only new I/O).
#
@@ -413,7 +415,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
#
# @buf-size: maximum amount of data in flight from source to
# target
-@@ -2360,7 +2380,8 @@
+@@ -2358,7 +2378,8 @@
{ 'command': 'blockdev-mirror',
'data': { '*job-id': 'str', 'device': 'str', 'target': 'str',
'*replaces': 'str',
@@ -424,7 +426,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
'*on-target-error': 'BlockdevOnError',
diff --git a/tests/unit/test-block-iothread.c b/tests/unit/test-block-iothread.c
-index aea660aeed..22b9770a3e 100644
+index 94718c9319..7977ac14f4 100644
--- a/tests/unit/test-block-iothread.c
+++ b/tests/unit/test-block-iothread.c
@@ -626,8 +626,8 @@ static void test_propagate_mirror(void)
diff --git a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
index 441198e..d30b46d 100644
--- a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
+++ b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
@@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index f7804638f9..4f5f74e2cf 100644
+index d95a7d7940..2c79ee41af 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -672,8 +672,6 @@ static int mirror_exit_common(Job *job)
+@@ -673,8 +673,6 @@ static int mirror_exit_common(Job *job)
bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs);
}
@@ -36,9 +36,9 @@ index f7804638f9..4f5f74e2cf 100644
/* Make sure that the source BDS doesn't go away during bdrv_replace_node,
* before we can call bdrv_drained_end */
bdrv_ref(src);
-@@ -781,6 +779,18 @@ static int mirror_exit_common(Job *job)
- blk_set_perm(bjob->blk, 0, BLK_PERM_ALL, &error_abort);
- blk_insert_bs(bjob->blk, mirror_top_bs, &error_abort);
+@@ -775,6 +773,18 @@ static int mirror_exit_common(Job *job)
+ block_job_remove_all_bdrv(bjob);
+ bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
+ if (s->sync_bitmap) {
+ if (s->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS ||
@@ -55,7 +55,7 @@ index f7804638f9..4f5f74e2cf 100644
bs_opaque->job = NULL;
bdrv_drained_end(src);
-@@ -1643,10 +1653,6 @@ static BlockJob *mirror_start_job(
+@@ -1634,10 +1644,6 @@ static BlockJob *mirror_start_job(
" sync mode",
MirrorSyncMode_str(sync_mode));
return NULL;
@@ -66,7 +66,7 @@ index f7804638f9..4f5f74e2cf 100644
}
} else if (bitmap) {
error_setg(errp,
-@@ -1663,6 +1669,12 @@ static BlockJob *mirror_start_job(
+@@ -1654,6 +1660,12 @@ static BlockJob *mirror_start_job(
return NULL;
}
granularity = bdrv_dirty_bitmap_granularity(bitmap);
diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
index de15507..ffd3efe 100644
--- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
+++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 3 insertions(+)
diff --git a/blockdev.c b/blockdev.c
-index 9940116fe0..b113e57d68 100644
+index fa601838a3..93fd0a61a4 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3055,6 +3055,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3050,6 +3050,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
return;
}
diff --git a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
index 872496a..c86ceca 100644
--- a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
+++ b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 4f5f74e2cf..7024f3bbf0 100644
+index 2c79ee41af..e04a3ea6f4 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -785,8 +785,8 @@ static int mirror_exit_common(Job *job)
+@@ -779,8 +779,8 @@ static int mirror_exit_common(Job *job)
job->ret == 0 && ret == 0)) {
/* Success; synchronize copy back to sync. */
bdrv_clear_dirty_bitmap(s->sync_bitmap, NULL);
@@ -30,7 +30,7 @@ index 4f5f74e2cf..7024f3bbf0 100644
}
}
bdrv_release_dirty_bitmap(s->dirty_bitmap);
-@@ -1843,11 +1843,8 @@ static BlockJob *mirror_start_job(
+@@ -1828,11 +1828,8 @@ static BlockJob *mirror_start_job(
}
if (s->sync_mode == MIRROR_SYNC_MODE_BITMAP) {
diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
index ca9d5ee..4d4747b 100644
--- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
+++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
@@ -19,10 +19,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 70 insertions(+), 59 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 7024f3bbf0..6211ff22fc 100644
+index e04a3ea6f4..4feec2a002 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -1643,31 +1643,13 @@ static BlockJob *mirror_start_job(
+@@ -1634,31 +1634,13 @@ static BlockJob *mirror_start_job(
uint64_t target_perms, target_shared_perms;
int ret;
@@ -60,10 +60,10 @@ index 7024f3bbf0..6211ff22fc 100644
if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
diff --git a/blockdev.c b/blockdev.c
-index b113e57d68..4be0863050 100644
+index 93fd0a61a4..1af5a1fcb2 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3034,7 +3034,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3029,7 +3029,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
index 1836dff..9d8322c 100644
--- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
+++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
@@ -48,7 +48,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
-index 12d395d62d..b182943324 100644
+index cc4cc6c6ad..82f649d9ab 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -16,6 +16,7 @@ extern QemuOptsList qemu_mon_opts;
@@ -60,10 +60,10 @@ index 12d395d62d..b182943324 100644
void monitor_init_globals(void);
void monitor_init_globals_core(void);
diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h
-index 3da3f86c6a..9953e0cd2d 100644
+index caa2e90ef2..e1596f79ab 100644
--- a/monitor/monitor-internal.h
+++ b/monitor/monitor-internal.h
-@@ -151,6 +151,13 @@ typedef struct {
+@@ -152,6 +152,13 @@ typedef struct {
QemuMutex qmp_queue_lock;
/* Input queue that holds all the parsed QMP requests */
GQueue *qmp_requests;
@@ -144,10 +144,10 @@ index 092c527b6f..6b8cfcf6d8 100644
monitor_qmp_caps_reset(mon);
data = qmp_greeting(mon);
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index d378bccac7..fb8936e7cd 100644
+index 0990873ec8..e605003771 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
-@@ -118,16 +118,28 @@ typedef struct QmpDispatchBH {
+@@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
QObject **ret;
Error **errp;
Coroutine *co;
@@ -180,7 +180,7 @@ index d378bccac7..fb8936e7cd 100644
aio_co_wake(data->co);
}
-@@ -232,6 +244,7 @@ QDict *qmp_dispatch(const QmpCommandList *cmds, QObject *request,
+@@ -231,6 +243,7 @@ QDict *qmp_dispatch(const QmpCommandList *cmds, QObject *request,
.ret = &ret,
.errp = &err,
.co = qemu_coroutine_self(),
diff --git a/debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
similarity index 100%
rename from debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
rename to debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
diff --git a/debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch b/debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
deleted file mode 100644
index 4606c6a..0000000
--- a/debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Reiter <s.reiter@proxmox.com>
-Date: Wed, 1 Sep 2021 16:51:04 +0200
-Subject: [PATCH] monitor/hmp: add support for flag argument with value
-
-Adds support for the "-xS" parameter type, where "-x" denotes a flag
-name and the "S" suffix indicates that this flag is supposed to take an
-arbitrary string parameter.
-
-These parameters are always optional, the entry in the qdict will be
-omitted if the flag is not given.
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- monitor/hmp.c | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/monitor/hmp.c b/monitor/hmp.c
-index b20737e63c..b29dbb1833 100644
---- a/monitor/hmp.c
-+++ b/monitor/hmp.c
-@@ -981,6 +981,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
- {
- const char *tmp = p;
- int skip_key = 0;
-+ int ret;
- /* option */
-
- c = *typestr++;
-@@ -1003,8 +1004,22 @@ static QDict *monitor_parse_arguments(Monitor *mon,
- }
- if (skip_key) {
- p = tmp;
-+ } else if (*typestr == 'S') {
-+ /* has option with string value */
-+ typestr++;
-+ tmp = p++;
-+ while (qemu_isspace(*p)) {
-+ p++;
-+ }
-+ ret = get_str(buf, sizeof(buf), &p);
-+ if (ret < 0) {
-+ monitor_printf(mon, "%s: value expected for -%c\n",
-+ cmd->name, *tmp);
-+ goto fail;
-+ }
-+ qdict_put_str(qdict, key, buf);
- } else {
-- /* has option */
-+ /* has boolean option */
- p++;
- qdict_put_bool(qdict, key, true);
- }
diff --git a/debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch b/debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
deleted file mode 100644
index 6ea0549..0000000
--- a/debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
+++ /dev/null
@@ -1,477 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Reiter <s.reiter@proxmox.com>
-Date: Wed, 25 Aug 2021 11:14:13 +0200
-Subject: [PATCH] monitor: refactor set/expire_password and allow VNC display
- id
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It is possible to specify more than one VNC server on the command line,
-either with an explicit ID or the auto-generated ones à la "default",
-"vnc2", "vnc3", ...
-
-It is not possible to change the password on one of these extra VNC
-displays though. Fix this by adding a "display" parameter to the
-"set_password" and "expire_password" QMP and HMP commands.
-
-For HMP, the display is specified using the "-d" value flag.
-
-For QMP, the schema is updated to explicitly express the supported
-variants of the commands with protocol-discriminated unions.
-
-Suggested-by: Eric Blake <eblake@redhat.com>
-Suggested-by: Markus Armbruster <armbru@redhat.com>
-Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- hmp-commands.hx | 24 ++++---
- monitor/hmp-cmds.c | 57 +++++++++++++++-
- monitor/qmp-cmds.c | 62 ++++++-----------
- qapi/ui.json | 165 ++++++++++++++++++++++++++++++++++++++-------
- 4 files changed, 231 insertions(+), 77 deletions(-)
-
-diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 70a9136ac2..5efb47fc32 100644
---- a/hmp-commands.hx
-+++ b/hmp-commands.hx
-@@ -1514,33 +1514,35 @@ ERST
-
- {
- .name = "set_password",
-- .args_type = "protocol:s,password:s,connected:s?",
-- .params = "protocol password action-if-connected",
-+ .args_type = "protocol:s,password:s,display:-dS,connected:s?",
-+ .params = "protocol password [-d display] [action-if-connected]",
- .help = "set spice/vnc password",
- .cmd = hmp_set_password,
- },
-
- SRST
--``set_password [ vnc | spice ] password [ action-if-connected ]``
-- Change spice/vnc password. *action-if-connected* specifies what
-- should happen in case a connection is established: *fail* makes the
-- password change fail. *disconnect* changes the password and
-+``set_password [ vnc | spice ] password [ -d display ] [ action-if-connected ]``
-+ Change spice/vnc password. *display* can be used with 'vnc' to specify
-+ which display to set the password on. *action-if-connected* specifies
-+ what should happen in case a connection is established: *fail* makes
-+ the password change fail. *disconnect* changes the password and
- disconnects the client. *keep* changes the password and keeps the
- connection up. *keep* is the default.
- ERST
-
- {
- .name = "expire_password",
-- .args_type = "protocol:s,time:s",
-- .params = "protocol time",
-+ .args_type = "protocol:s,time:s,display:-dS",
-+ .params = "protocol time [-d display]",
- .help = "set spice/vnc password expire-time",
- .cmd = hmp_expire_password,
- },
-
- SRST
--``expire_password [ vnc | spice ]`` *expire-time*
-- Specify when a password for spice/vnc becomes
-- invalid. *expire-time* accepts:
-+``expire_password [ vnc | spice ] expire-time [ -d display ]``
-+ Specify when a password for spice/vnc becomes invalid.
-+ *display* behaves the same as in ``set_password``.
-+ *expire-time* accepts:
-
- ``now``
- Invalidate password instantly.
-diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 9c91bf93e9..2e91ccb738 100644
---- a/monitor/hmp-cmds.c
-+++ b/monitor/hmp-cmds.c
-@@ -1384,10 +1384,41 @@ void hmp_set_password(Monitor *mon, const QDict *qdict)
- {
- const char *protocol = qdict_get_str(qdict, "protocol");
- const char *password = qdict_get_str(qdict, "password");
-+ const char *display = qdict_get_try_str(qdict, "display");
- const char *connected = qdict_get_try_str(qdict, "connected");
- Error *err = NULL;
-+ DisplayProtocol proto;
-
-- qmp_set_password(protocol, password, !!connected, connected, &err);
-+ SetPasswordOptions opts = {
-+ .password = g_strdup(password),
-+ .u.vnc.display = NULL,
-+ };
-+
-+ proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
-+ DISPLAY_PROTOCOL_VNC, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ opts.protocol = proto;
-+
-+ if (proto == DISPLAY_PROTOCOL_VNC) {
-+ opts.u.vnc.has_display = !!display;
-+ opts.u.vnc.display = g_strdup(display);
-+ } else if (proto == DISPLAY_PROTOCOL_SPICE) {
-+ opts.u.spice.has_connected = !!connected;
-+ opts.u.spice.connected =
-+ qapi_enum_parse(&SetPasswordAction_lookup, connected,
-+ SET_PASSWORD_ACTION_KEEP, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ }
-+
-+ qmp_set_password(&opts, &err);
-+ g_free(opts.password);
-+ g_free(opts.u.vnc.display);
- hmp_handle_error(mon, err);
- }
-
-@@ -1395,9 +1426,31 @@ void hmp_expire_password(Monitor *mon, const QDict *qdict)
- {
- const char *protocol = qdict_get_str(qdict, "protocol");
- const char *whenstr = qdict_get_str(qdict, "time");
-+ const char *display = qdict_get_try_str(qdict, "display");
- Error *err = NULL;
-+ DisplayProtocol proto;
-
-- qmp_expire_password(protocol, whenstr, &err);
-+ ExpirePasswordOptions opts = {
-+ .time = g_strdup(whenstr),
-+ .u.vnc.display = NULL,
-+ };
-+
-+ proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
-+ DISPLAY_PROTOCOL_VNC, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ opts.protocol = proto;
-+
-+ if (proto == DISPLAY_PROTOCOL_VNC) {
-+ opts.u.vnc.has_display = !!display;
-+ opts.u.vnc.display = g_strdup(display);
-+ }
-+
-+ qmp_expire_password(&opts, &err);
-+ g_free(opts.time);
-+ g_free(opts.u.vnc.display);
- hmp_handle_error(mon, err);
- }
-
-diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c
-index 343353e27a..729ca7cceb 100644
---- a/monitor/qmp-cmds.c
-+++ b/monitor/qmp-cmds.c
-@@ -167,45 +167,30 @@ void qmp_system_wakeup(Error **errp)
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER, errp);
- }
-
--void qmp_set_password(const char *protocol, const char *password,
-- bool has_connected, const char *connected, Error **errp)
-+void qmp_set_password(SetPasswordOptions *opts, Error **errp)
- {
-- int disconnect_if_connected = 0;
-- int fail_if_connected = 0;
-- int rc;
-+ bool disconnect_if_connected = false;
-+ bool fail_if_connected = false;
-+ int rc = 0;
-
-- if (has_connected) {
-- if (strcmp(connected, "fail") == 0) {
-- fail_if_connected = 1;
-- } else if (strcmp(connected, "disconnect") == 0) {
-- disconnect_if_connected = 1;
-- } else if (strcmp(connected, "keep") == 0) {
-- /* nothing */
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER, "connected");
-- return;
-- }
-- }
--
-- if (strcmp(protocol, "spice") == 0) {
-+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
- if (!qemu_using_spice(errp)) {
- return;
- }
-- rc = qemu_spice.set_passwd(password, fail_if_connected,
-+ if (opts->u.spice.has_connected) {
-+ fail_if_connected =
-+ opts->u.spice.connected == SET_PASSWORD_ACTION_FAIL;
-+ disconnect_if_connected =
-+ opts->u.spice.connected == SET_PASSWORD_ACTION_DISCONNECT;
-+ }
-+ rc = qemu_spice.set_passwd(opts->password, fail_if_connected,
- disconnect_if_connected);
-- } else if (strcmp(protocol, "vnc") == 0) {
-- if (fail_if_connected || disconnect_if_connected) {
-- /* vnc supports "connected=keep" only */
-- error_setg(errp, QERR_INVALID_PARAMETER, "connected");
-- return;
-- }
-+ } else if (opts->protocol == DISPLAY_PROTOCOL_VNC) {
- /* Note that setting an empty password will not disable login through
- * this interface. */
-- rc = vnc_display_password(NULL, password);
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "protocol",
-- "'vnc' or 'spice'");
-- return;
-+ rc = vnc_display_password(
-+ opts->u.vnc.has_display ? opts->u.vnc.display : NULL,
-+ opts->password);
- }
-
- if (rc != 0) {
-@@ -213,11 +198,11 @@ void qmp_set_password(const char *protocol, const char *password,
- }
- }
-
--void qmp_expire_password(const char *protocol, const char *whenstr,
-- Error **errp)
-+void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)
- {
- time_t when;
- int rc;
-+ const char* whenstr = opts->time;
-
- if (strcmp(whenstr, "now") == 0) {
- when = 0;
-@@ -229,17 +214,14 @@ void qmp_expire_password(const char *protocol, const char *whenstr,
- when = strtoull(whenstr, NULL, 10);
- }
-
-- if (strcmp(protocol, "spice") == 0) {
-+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
- if (!qemu_using_spice(errp)) {
- return;
- }
- rc = qemu_spice.set_pw_expire(when);
-- } else if (strcmp(protocol, "vnc") == 0) {
-- rc = vnc_display_pw_expire(NULL, when);
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "protocol",
-- "'vnc' or 'spice'");
-- return;
-+ } else if (opts->protocol == DISPLAY_PROTOCOL_VNC) {
-+ rc = vnc_display_pw_expire(
-+ opts->u.vnc.has_display ? opts->u.vnc.display : NULL, when);
- }
-
- if (rc != 0) {
-diff --git a/qapi/ui.json b/qapi/ui.json
-index d7567ac866..4244c62c30 100644
---- a/qapi/ui.json
-+++ b/qapi/ui.json
-@@ -9,22 +9,23 @@
- { 'include': 'common.json' }
- { 'include': 'sockets.json' }
-
-+##
-+# @DisplayProtocol:
-+#
-+# Display protocols which support changing password options.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'DisplayProtocol',
-+ 'data': [ { 'name': 'vnc', 'if': 'CONFIG_VNC' },
-+ { 'name': 'spice', 'if': 'CONFIG_SPICE' } ] }
-+
- ##
- # @set_password:
- #
- # Sets the password of a remote display session.
- #
--# @protocol: - 'vnc' to modify the VNC server password
--# - 'spice' to modify the Spice server password
--#
--# @password: the new password
--#
--# @connected: how to handle existing clients when changing the
--# password. If nothing is specified, defaults to 'keep'
--# 'fail' to fail the command if clients are connected
--# 'disconnect' to disconnect existing clients
--# 'keep' to maintain existing clients
--#
- # Returns: - Nothing on success
- # - If Spice is not enabled, DeviceNotFound
- #
-@@ -37,16 +38,123 @@
- # <- { "return": {} }
- #
- ##
--{ 'command': 'set_password',
-- 'data': {'protocol': 'str', 'password': 'str', '*connected': 'str'} }
-+{ 'command': 'set_password', 'boxed': true, 'data': 'SetPasswordOptions' }
-+
-+##
-+# @SetPasswordOptions:
-+#
-+# Data required to set a new password on a display server protocol.
-+#
-+# @protocol: - 'vnc' to modify the VNC server password
-+# - 'spice' to modify the Spice server password
-+#
-+# @password: the new password
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'union': 'SetPasswordOptions',
-+ 'base': { 'protocol': 'DisplayProtocol',
-+ 'password': 'str' },
-+ 'discriminator': 'protocol',
-+ 'data': { 'vnc': 'SetPasswordOptionsVnc',
-+ 'spice': 'SetPasswordOptionsSpice' } }
-+
-+##
-+# @SetPasswordAction:
-+#
-+# An action to take on changing a password on a connection with active clients.
-+#
-+# @fail: fail the command if clients are connected
-+#
-+# @disconnect: disconnect existing clients
-+#
-+# @keep: maintain existing clients
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'SetPasswordAction',
-+ 'data': [ 'fail', 'disconnect', 'keep' ] }
-+
-+##
-+# @SetPasswordActionVnc:
-+#
-+# See @SetPasswordAction. VNC only supports the keep action. 'connection'
-+# should just be omitted for VNC, this is kept for backwards compatibility.
-+#
-+# @keep: maintain existing clients
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'SetPasswordActionVnc',
-+ 'data': [ 'keep' ] }
-+
-+##
-+# @SetPasswordOptionsSpice:
-+#
-+# Options for set_password specific to the VNC procotol.
-+#
-+# @connected: How to handle existing clients when changing the
-+# password. If nothing is specified, defaults to 'keep'.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'struct': 'SetPasswordOptionsSpice',
-+ 'data': { '*connected': 'SetPasswordAction' } }
-+
-+##
-+# @SetPasswordOptionsVnc:
-+#
-+# Options for set_password specific to the VNC procotol.
-+#
-+# @display: The id of the display where the password should be changed.
-+# Defaults to the first.
-+#
-+# @connected: How to handle existing clients when changing the
-+# password.
-+#
-+# Features:
-+# @deprecated: For VNC, @connected will always be 'keep', parameter should be
-+# omitted.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'struct': 'SetPasswordOptionsVnc',
-+ 'data': { '*display': 'str',
-+ '*connected': { 'type': 'SetPasswordActionVnc',
-+ 'features': ['deprecated'] } } }
-
- ##
- # @expire_password:
- #
- # Expire the password of a remote display server.
- #
--# @protocol: the name of the remote display protocol 'vnc' or 'spice'
-+# Returns: - Nothing on success
-+# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
- #
-+# Since: 0.14
-+#
-+# Example:
-+#
-+# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
-+# "time": "+60" } }
-+# <- { "return": {} }
-+#
-+##
-+{ 'command': 'expire_password', 'boxed': true, 'data': 'ExpirePasswordOptions' }
-+
-+##
-+# @ExpirePasswordOptions:
-+#
-+# Data required to set password expiration on a display server protocol.
-+#
-+# @protocol: - 'vnc' to modify the VNC server expiration
-+# - 'spice' to modify the Spice server expiration
-+
- # @time: when to expire the password.
- #
- # - 'now' to expire the password immediately
-@@ -54,24 +162,33 @@
- # - '+INT' where INT is the number of seconds from now (integer)
- # - 'INT' where INT is the absolute time in seconds
- #
--# Returns: - Nothing on success
--# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
--#
--# Since: 0.14
--#
- # Notes: Time is relative to the server and currently there is no way to
- # coordinate server time with client time. It is not recommended to
- # use the absolute time version of the @time parameter unless you're
- # sure you are on the same machine as the QEMU instance.
- #
--# Example:
-+# Since: 6.2
- #
--# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
--# "time": "+60" } }
--# <- { "return": {} }
-+##
-+{ 'union': 'ExpirePasswordOptions',
-+ 'base': { 'protocol': 'DisplayProtocol',
-+ 'time': 'str' },
-+ 'discriminator': 'protocol',
-+ 'data': { 'vnc': 'ExpirePasswordOptionsVnc' } }
-+
-+##
-+# @ExpirePasswordOptionsVnc:
-+#
-+# Options for expire_password specific to the VNC procotol.
-+#
-+# @display: The id of the display where the expiration should be changed.
-+# Defaults to the first.
-+#
-+# Since: 6.2
- #
- ##
--{ 'command': 'expire_password', 'data': {'protocol': 'str', 'time': 'str'} }
-+{ 'struct': 'ExpirePasswordOptionsVnc',
-+ 'data': { '*display': 'str' } }
-
- ##
- # @screendump:
diff --git a/debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch b/debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
deleted file mode 100644
index 99abfc3..0000000
--- a/debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Tue, 18 Jan 2022 17:59:59 +0100
-Subject: [PATCH] block/io: Update BSC only if want_zero is true
-
-We update the block-status cache whenever we get new information from a
-bdrv_co_block_status() call to the block driver. However, if we have
-passed want_zero=false to that call, it may flag areas containing zeroes
-as data, and so we would update the block-status cache with wrong
-information.
-
-Therefore, we should not update the cache with want_zero=false.
-
-Reported-by: Nir Soffer <nsoffer@redhat.com>
-Fixes: 0bc329fbb00 ("block: block-status cache for data regions")
-Reviewed-by: Nir Soffer <nsoffer@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Message-Id: <20220118170000.49423-2-hreitz@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
----
- block/io.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/block/io.c b/block/io.c
-index bb0a254def..4e4cb556c5 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -2497,8 +2497,12 @@ static int coroutine_fn bdrv_co_block_status(BlockDriverState *bs,
- * non-protocol nodes, and then it is never used. However, filling
- * the cache requires an RCU update, so double check here to avoid
- * such an update if possible.
-+ *
-+ * Check want_zero, because we only want to update the cache when we
-+ * have accurate information about what is zero and what is data.
- */
-- if (ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
-+ if (want_zero &&
-+ ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
- QLIST_EMPTY(&bs->children))
- {
- /*
diff --git a/debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch b/debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
deleted file mode 100644
index ade6a06..0000000
--- a/debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:52 +0100
-Subject: [PATCH] block/nbd: Delete reconnect delay timer when done
-
-We start the reconnect delay timer to cancel the reconnection attempt
-after a while. Once nbd_co_do_establish_connection() has returned, this
-attempt is over, and we no longer need the timer.
-
-Delete it before returning from nbd_reconnect_attempt(), so that it does
-not persist beyond the I/O request that was paused for reconnecting; we
-do not want it to fire in a drained section, because all sort of things
-can happen in such a section (e.g. the AioContext might be changed, and
-we do not want the timer to fire in the wrong context; or the BDS might
-even be deleted, and so the timer CB would access already-freed data).
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/nbd.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index 5ef462db1b..b8e5a9b4cc 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -353,6 +353,13 @@ static coroutine_fn void nbd_reconnect_attempt(BDRVNBDState *s)
- }
-
- nbd_co_do_establish_connection(s->bs, NULL);
-+
-+ /*
-+ * The reconnect attempt is done (maybe successfully, maybe not), so
-+ * we no longer need this timer. Delete it so it will not outlive
-+ * this I/O request (so draining removes all timers).
-+ */
-+ reconnect_delay_timer_del(s);
- }
-
- static coroutine_fn int nbd_receive_replies(BDRVNBDState *s, uint64_t handle)
diff --git a/debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch b/debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
deleted file mode 100644
index 07550c3..0000000
--- a/debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:54 +0100
-Subject: [PATCH] block/nbd: Assert there are no timers when closed
-
-Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
-they will access freed data when they fire.
-
-This patch is separate from the patches that actually fix the issue
-(HEAD^^ and HEAD^) so that you can run the associated regression iotest
-(281) on a configuration that reproducibly exposes the bug.
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-[FE: backport (open_timer doesn't exist yet in 6.2.0)]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/nbd.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index b8e5a9b4cc..aab20125d8 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
-
- yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
-
-+ /* Must not leave timers behind that would access freed data */
-+ assert(!s->reconnect_delay_timer);
-+
- object_unref(OBJECT(s->tlscreds));
- qapi_free_SocketAddress(s->saddr);
- s->saddr = NULL;
diff --git a/debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch b/debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
deleted file mode 100644
index 6b431c6..0000000
--- a/debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:57 +0100
-Subject: [PATCH] block/nbd: Move s->ioc on AioContext change
-
-s->ioc must always be attached to the NBD node's AioContext. If that
-context changes, s->ioc must be attached to the new context.
-
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2033626
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-[FE: backport (open_timer doesn't exist yet in 6.2.0)]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/nbd.c | 41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index aab20125d8..a3896c7f5f 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -2003,6 +2003,38 @@ static void nbd_cancel_in_flight(BlockDriverState *bs)
- nbd_co_establish_connection_cancel(s->conn);
- }
-
-+static void nbd_attach_aio_context(BlockDriverState *bs,
-+ AioContext *new_context)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ /*
-+ * The reconnect_delay_timer is scheduled in I/O paths when the
-+ * connection is lost, to cancel the reconnection attempt after a
-+ * given time. Once this attempt is done (successfully or not),
-+ * nbd_reconnect_attempt() ensures the timer is deleted before the
-+ * respective I/O request is resumed.
-+ * Since the AioContext can only be changed when a node is drained,
-+ * the reconnect_delay_timer cannot be active here.
-+ */
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_attach_aio_context(s->ioc, new_context);
-+ }
-+}
-+
-+static void nbd_detach_aio_context(BlockDriverState *bs)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_detach_aio_context(s->ioc);
-+ }
-+}
-+
- static BlockDriver bdrv_nbd = {
- .format_name = "nbd",
- .protocol_name = "nbd",
-@@ -2026,6 +2058,9 @@ static BlockDriver bdrv_nbd = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_tcp = {
-@@ -2051,6 +2086,9 @@ static BlockDriver bdrv_nbd_tcp = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_unix = {
-@@ -2076,6 +2114,9 @@ static BlockDriver bdrv_nbd_unix = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static void bdrv_nbd_init(void)
diff --git a/debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch b/debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
deleted file mode 100644
index bb8cf86..0000000
--- a/debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:17 -0500
-Subject: [PATCH] acpi: fix QEMU crash when started with SLIC table
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-if QEMU is started with used provided SLIC table blob,
-
- -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
-it will assert with:
-
- hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
-
-and following backtrace:
-
- ...
- build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
- acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
- build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
- ...
-
-which happens due to acpi_table_begin() expecting NULL terminated
-oem_id and oem_table_id strings, which is normally the case, but
-in case of user provided SLIC table, oem_id points to table's blob
-directly and as result oem_id became longer than expected.
-
-Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
-return NULL terminated strings.
-
-PS:
-After [1] refactoring, oem_id semantics became inconsistent, where
-NULL terminated string was coming from machine and old way pointer
-into byte array coming from -acpitable option. That used to work
-since build_header() wasn't expecting NULL terminated string and
-blindly copied the 1st 6 bytes only.
-
-However commit [2] broke that by replacing build_header() with
-acpi_table_begin(), which was expecting NULL terminated string
-and was checking oem_id size.
-
-1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-2)
-Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-2-imammedo@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Denis Lisov <dennis.lissov@gmail.com>
-Tested-by: Alexander Tsoy <alexander@tsoy.me>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8cdb99af45365727ac17f45239a9b8c1d5155c6d)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/acpi/core.c | 4 ++--
- hw/i386/acpi-build.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index 1e004d0078..3e811bf03c 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
- struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
-
- if (memcmp(hdr->sig, "SLIC", 4) == 0) {
-- oem->id = hdr->oem_id;
-- oem->table_id = hdr->oem_table_id;
-+ oem->id = g_strndup(hdr->oem_id, 6);
-+ oem->table_id = g_strndup(hdr->oem_table_id, 8);
- return 0;
- }
- }
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index a99c6e4fe3..570f82997b 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
-
- /* Cleanup memory that's no longer used. */
- g_array_free(table_offsets, true);
-+ g_free(slic_oem.id);
-+ g_free(slic_oem.table_id);
- }
-
- static void acpi_ram_update(MemoryRegion *mr, GArray *data)
diff --git a/debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch b/debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
deleted file mode 100644
index 02e7bab..0000000
--- a/debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Tue, 8 Mar 2022 10:42:51 +0800
-Subject: [PATCH] virtio-net: fix map leaking on error during receive
-
-Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
-tries to fix the use after free of the sg by caching the virtqueue
-elements in an array and unmap them at once after receiving the
-packets, But it forgot to unmap the cached elements on error which
-will lead to leaking of mapping and other unexpected results.
-
-Fixing this by detaching the cached elements on error. This addresses
-CVE-2022-26353.
-
-Reported-by: Victor Tom <vv474172261@gmail.com>
-Cc: qemu-stable@nongnu.org
-Fixes: CVE-2022-26353
-Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit abe300d9d894f7138e1af7c8e9c88c04bfe98b37)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/net/virtio-net.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f2014d5ea0..e1f4748831 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1862,6 +1862,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
-
- err:
- for (j = 0; j < i; j++) {
-+ virtqueue_detach_element(q->rx_vq, elems[j], lens[j]);
- g_free(elems[j]);
- }
-
diff --git a/debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch b/debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
deleted file mode 100644
index b1e97e5..0000000
--- a/debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Xu <peterx@redhat.com>
-Date: Tue, 30 Nov 2021 16:00:28 +0800
-Subject: [PATCH] memory: Fix incorrect calls of log_global_start/stop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We should only call the log_global_start/stop when the global dirty track
-bitmask changes from zero<->non-zero.
-
-No real issue reported for this yet probably because no immediate user to
-enable both dirty rate measurement and migration at the same time. However
-it'll be good to be prepared for it.
-
-Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask")
-Cc: qemu-stable@nongnu.org
-Cc: Hyman Huang <huangy81@chinatelecom.cn>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Cc: Juan Quintela <quintela@redhat.com>
-Cc: David Hildenbrand <david@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Message-Id: <20211130080028.6474-1-peterx@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-(cherry picked from commit 7b0538ed3a22ce30817f818449d10701fb0821f9)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- softmmu/memory.c | 27 ++++++++++++++-------------
- 1 file changed, 14 insertions(+), 13 deletions(-)
-
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index 7340e19ff5..81d4bf1454 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -2773,6 +2773,8 @@ static VMChangeStateEntry *vmstate_change;
-
- void memory_global_dirty_log_start(unsigned int flags)
- {
-+ unsigned int old_flags = global_dirty_tracking;
-+
- if (vmstate_change) {
- qemu_del_vm_change_state_handler(vmstate_change);
- vmstate_change = NULL;
-@@ -2781,15 +2783,14 @@ void memory_global_dirty_log_start(unsigned int flags)
- assert(flags && !(flags & (~GLOBAL_DIRTY_MASK)));
- assert(!(global_dirty_tracking & flags));
- global_dirty_tracking |= flags;
--
- trace_global_dirty_changed(global_dirty_tracking);
-
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
--
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
-+ if (!old_flags) {
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ }
- }
-
- static void memory_global_dirty_log_do_stop(unsigned int flags)
-@@ -2800,12 +2801,12 @@ static void memory_global_dirty_log_do_stop(unsigned int flags)
-
- trace_global_dirty_changed(global_dirty_tracking);
-
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
--
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ if (!global_dirty_tracking) {
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ }
- }
-
- static void memory_vm_change_state_handler(void *opaque, bool running,
diff --git a/debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch b/debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
deleted file mode 100644
index 3696302..0000000
--- a/debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:31 -0500
-Subject: [PATCH] acpi: fix OEM ID/OEM Table ID padding
-
-Commit [2] broke original '\0' padding of OEM ID and OEM Table ID
-fields in headers of ACPI tables. While it doesn't have impact on
-default values since QEMU uses 6 and 8 characters long values
-respectively, it broke usecase where IDs are provided on QEMU CLI.
-It shouldn't affect guest (but may cause licensing verification
-issues in guest OS).
-One of the broken usecases is user supplied SLIC table with IDs
-shorter than max possible length, where [2] mangles IDs with extra
-spaces in RSDT and FADT tables whereas guest OS expects those to
-mirror the respective values of the used SLIC table.
-
-Fix it by replacing whitespace padding with '\0' padding in
-accordance with [1] and expectations of guest OS
-
-1) ACPI spec, v2.0b
- 17.2 AML Grammar Definition
- ...
- //OEM ID of up to 6 characters. If the OEM ID is
- //shorter than 6 characters, it can be terminated
- //with a NULL character.
-
-2)
-Fixes: 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/707
-Reported-by: Dmitry V. Orekhov <dima.orekhov@gmail.com>
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Cc: qemu-stable@nongnu.org
-Message-Id: <20220112130332.1648664-4-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Ani Sinha <ani@anisinha.ca>
-Tested-by: Dmitry V. Orekhov dima.orekhov@gmail.com
-(cherry picked from commit 748c030f360a940fe0c9382c8ca1649096c3a80d)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/acpi/aml-build.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
-index b3b3310df3..65148d5b9d 100644
---- a/hw/acpi/aml-build.c
-+++ b/hw/acpi/aml-build.c
-@@ -1724,9 +1724,9 @@ void acpi_table_begin(AcpiTable *desc, GArray *array)
- build_append_int_noprefix(array, 0, 4); /* Length */
- build_append_int_noprefix(array, desc->rev, 1); /* Revision */
- build_append_int_noprefix(array, 0, 1); /* Checksum */
-- build_append_padded_str(array, desc->oem_id, 6, ' '); /* OEMID */
-+ build_append_padded_str(array, desc->oem_id, 6, '\0'); /* OEMID */
- /* OEM Table ID */
-- build_append_padded_str(array, desc->oem_table_id, 8, ' ');
-+ build_append_padded_str(array, desc->oem_table_id, 8, '\0');
- build_append_int_noprefix(array, 1, 4); /* OEM Revision */
- g_array_append_vals(array, ACPI_BUILD_APPNAME8, 4); /* Creator ID */
- build_append_int_noprefix(array, 1, 4); /* Creator Revision */
diff --git a/debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch b/debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
deleted file mode 100644
index 35482c8..0000000
--- a/debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefano Garzarella <sgarzare@redhat.com>
-Date: Mon, 28 Feb 2022 10:50:58 +0100
-Subject: [PATCH] vhost-vsock: detach the virqueue element in case of error
-
-In vhost_vsock_common_send_transport_reset(), if an element popped from
-the virtqueue is invalid, we should call virtqueue_detach_element() to
-detach it from the virtqueue before freeing its memory.
-
-Fixes: fc0b9b0e1c ("vhost-vsock: add virtio sockets device")
-Fixes: CVE-2022-26354
-Cc: qemu-stable@nongnu.org
-Reported-by: VictorV <vv474172261@gmail.com>
-Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
-Message-Id: <20220228095058.27899-1-sgarzare@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8d1b247f3748ac4078524130c6d7ae42b6140aaf)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-vsock-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
-index 3f3771274e..ed706681ac 100644
---- a/hw/virtio/vhost-vsock-common.c
-+++ b/hw/virtio/vhost-vsock-common.c
-@@ -153,19 +153,23 @@ static void vhost_vsock_common_send_transport_reset(VHostVSockCommon *vvc)
- if (elem->out_num) {
- error_report("invalid vhost-vsock event virtqueue element with "
- "out buffers");
-- goto out;
-+ goto err;
- }
-
- if (iov_from_buf(elem->in_sg, elem->in_num, 0,
- &event, sizeof(event)) != sizeof(event)) {
- error_report("vhost-vsock event virtqueue element is too short");
-- goto out;
-+ goto err;
- }
-
- virtqueue_push(vq, elem, sizeof(event));
- virtio_notify(VIRTIO_DEVICE(vvc), vq);
-
--out:
-+ g_free(elem);
-+ return;
-+
-+err:
-+ virtqueue_detach_element(vq, elem, 0);
- g_free(elem);
- }
-
diff --git a/debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch b/debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
deleted file mode 100644
index d6d0877..0000000
--- a/debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xueming Li <xuemingl@nvidia.com>
-Date: Mon, 7 Feb 2022 15:19:28 +0800
-Subject: [PATCH] vhost-user: remove VirtQ notifier restore
-
-Notifier set when vhost-user backend asks qemu to mmap an FD and
-offset. When vhost-user backend restart or getting killed, VQ notifier
-FD and mmap addresses become invalid. After backend restart, MR contains
-the invalid address will be restored and fail on notifier access.
-
-On the other hand, qemu should munmap the notifier, release underlying
-hardware resources to enable backend restart and allocate hardware
-notifier resources correctly.
-
-Qemu shouldn't reference and use resources of disconnected backend.
-
-This patch removes VQ notifier restore, uses the default vhost-user
-notifier to avoid invalid address access.
-
-After backend restart, the backend should ask qemu to install a hardware
-notifier if needed.
-
-Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Xueming Li <xuemingl@nvidia.com>
-Message-Id: <20220207071929.527149-2-xuemingl@nvidia.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit e867144b73b3c5009266b6df07d5ff44acfb82c3)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-user.c | 19 +------------------
- include/hw/virtio/vhost-user.h | 1 -
- 2 files changed, 1 insertion(+), 19 deletions(-)
-
-diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
-index bf6e50223c..c671719e9b 100644
---- a/hw/virtio/vhost-user.c
-+++ b/hw/virtio/vhost-user.c
-@@ -1143,19 +1143,6 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
- }
-
--static void vhost_user_host_notifier_restore(struct vhost_dev *dev,
-- int queue_idx)
--{
-- struct vhost_user *u = dev->opaque;
-- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
-- VirtIODevice *vdev = dev->vdev;
--
-- if (n->addr && !n->set) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, true);
-- n->set = true;
-- }
--}
--
- static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
- int queue_idx)
- {
-@@ -1163,17 +1150,14 @@ static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
- VirtIODevice *vdev = dev->vdev;
-
-- if (n->addr && n->set) {
-+ if (n->addr) {
- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-- n->set = false;
- }
- }
-
- static int vhost_user_set_vring_base(struct vhost_dev *dev,
- struct vhost_vring_state *ring)
- {
-- vhost_user_host_notifier_restore(dev, ring->index);
--
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_BASE, ring);
- }
-
-@@ -1538,7 +1522,6 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
- }
-
- n->addr = addr;
-- n->set = true;
-
- return 0;
- }
-diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
-index a9abca3288..f6012b2078 100644
---- a/include/hw/virtio/vhost-user.h
-+++ b/include/hw/virtio/vhost-user.h
-@@ -14,7 +14,6 @@
- typedef struct VhostUserHostNotifier {
- MemoryRegion mr;
- void *addr;
-- bool set;
- } VhostUserHostNotifier;
-
- typedef struct VhostUserState {
diff --git a/debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch b/debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
deleted file mode 100644
index 25a9644..0000000
--- a/debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xueming Li <xuemingl@nvidia.com>
-Date: Mon, 7 Feb 2022 15:19:29 +0800
-Subject: [PATCH] vhost-user: fix VirtQ notifier cleanup
-
-When vhost-user device cleanup, remove notifier MR and munmaps notifier
-address in the event-handling thread, VM CPU thread writing the notifier
-in concurrent fails with an error of accessing invalid address. It
-happens because MR is still being referenced and accessed in another
-thread while the underlying notifier mmap address is being freed and
-becomes invalid.
-
-This patch calls RCU and munmap notifiers in the callback after the
-memory flatview update finish.
-
-Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Xueming Li <xuemingl@nvidia.com>
-Message-Id: <20220207071929.527149-3-xuemingl@nvidia.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 0b0af4d62f7002b31cd7b2762b26d2fcb76bb2ba)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-user.c | 48 ++++++++++++++++++++--------------
- include/hw/virtio/vhost-user.h | 2 ++
- 2 files changed, 31 insertions(+), 19 deletions(-)
-
-diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
-index c671719e9b..ed5f9a5471 100644
---- a/hw/virtio/vhost-user.c
-+++ b/hw/virtio/vhost-user.c
-@@ -25,6 +25,7 @@
- #include "migration/migration.h"
- #include "migration/postcopy-ram.h"
- #include "trace.h"
-+#include "exec/ramblock.h"
-
- #include <sys/ioctl.h>
- #include <sys/socket.h>
-@@ -1143,15 +1144,26 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
- }
-
--static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
-- int queue_idx)
-+static void vhost_user_host_notifier_free(VhostUserHostNotifier *n)
- {
-- struct vhost_user *u = dev->opaque;
-- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
-- VirtIODevice *vdev = dev->vdev;
-+ assert(n && n->unmap_addr);
-+ munmap(n->unmap_addr, qemu_real_host_page_size);
-+ n->unmap_addr = NULL;
-+}
-+
-+static void vhost_user_host_notifier_remove(VhostUserState *user,
-+ VirtIODevice *vdev, int queue_idx)
-+{
-+ VhostUserHostNotifier *n = &user->notifier[queue_idx];
-
- if (n->addr) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-+ if (vdev) {
-+ virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-+ }
-+ assert(!n->unmap_addr);
-+ n->unmap_addr = n->addr;
-+ n->addr = NULL;
-+ call_rcu(n, vhost_user_host_notifier_free, rcu);
- }
- }
-
-@@ -1190,8 +1202,9 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
- .payload.state = *ring,
- .hdr.size = sizeof(msg.payload.state),
- };
-+ struct vhost_user *u = dev->opaque;
-
-- vhost_user_host_notifier_remove(dev, ring->index);
-+ vhost_user_host_notifier_remove(u->user, dev->vdev, ring->index);
-
- if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
- return -1;
-@@ -1486,12 +1499,7 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
-
- n = &user->notifier[queue_idx];
-
-- if (n->addr) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-- object_unparent(OBJECT(&n->mr));
-- munmap(n->addr, page_size);
-- n->addr = NULL;
-- }
-+ vhost_user_host_notifier_remove(user, vdev, queue_idx);
-
- if (area->u64 & VHOST_USER_VRING_NOFD_MASK) {
- return 0;
-@@ -1510,9 +1518,12 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
-
- name = g_strdup_printf("vhost-user/host-notifier@%p mmaps[%d]",
- user, queue_idx);
-- if (!n->mr.ram) /* Don't init again after suspend. */
-+ if (!n->mr.ram) { /* Don't init again after suspend. */
- memory_region_init_ram_device_ptr(&n->mr, OBJECT(vdev), name,
- page_size, addr);
-+ } else {
-+ n->mr.ram_block->host = addr;
-+ }
- g_free(name);
-
- if (virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, true)) {
-@@ -2460,17 +2471,16 @@ bool vhost_user_init(VhostUserState *user, CharBackend *chr, Error **errp)
- void vhost_user_cleanup(VhostUserState *user)
- {
- int i;
-+ VhostUserHostNotifier *n;
-
- if (!user->chr) {
- return;
- }
- memory_region_transaction_begin();
- for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
-- if (user->notifier[i].addr) {
-- object_unparent(OBJECT(&user->notifier[i].mr));
-- munmap(user->notifier[i].addr, qemu_real_host_page_size);
-- user->notifier[i].addr = NULL;
-- }
-+ n = &user->notifier[i];
-+ vhost_user_host_notifier_remove(user, NULL, i);
-+ object_unparent(OBJECT(&n->mr));
- }
- memory_region_transaction_commit();
- user->chr = NULL;
-diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
-index f6012b2078..e44a41bb70 100644
---- a/include/hw/virtio/vhost-user.h
-+++ b/include/hw/virtio/vhost-user.h
-@@ -12,8 +12,10 @@
- #include "hw/virtio/virtio.h"
-
- typedef struct VhostUserHostNotifier {
-+ struct rcu_head rcu;
- MemoryRegion mr;
- void *addr;
-+ void *unmap_addr;
- } VhostUserHostNotifier;
-
- typedef struct VhostUserState {
diff --git a/debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch b/debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
deleted file mode 100644
index a1b56e1..0000000
--- a/debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Halil Pasic <pasic@linux.ibm.com>
-Date: Mon, 7 Feb 2022 12:28:57 +0100
-Subject: [PATCH] virtio: fix the condition for iommu_platform not supported
-
-The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
-unsupported") claims to fail the device hotplug when iommu_platform
-is requested, but not supported by the (vhost) device. On the first
-glance the condition for detecting that situation looks perfect, but
-because a certain peculiarity of virtio_platform it ain't.
-
-In fact the aforementioned commit introduces a regression. It breaks
-virtio-fs support for Secure Execution, and most likely also for AMD SEV
-or any other confidential guest scenario that relies encrypted guest
-memory. The same also applies to any other vhost device that does not
-support _F_ACCESS_PLATFORM.
-
-The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates
-"device can not access all of the guest RAM" and "iova != gpa, thus
-device needs to translate iova".
-
-Confidential guest technologies currently rely on the device/hypervisor
-offering _F_ACCESS_PLATFORM, so that, after the feature has been
-negotiated, the guest grants access to the portions of memory the
-device needs to see. So in for confidential guests, generally,
-_F_ACCESS_PLATFORM is about the restricted access to memory, but not
-about the addresses used being something else than guest physical
-addresses.
-
-This is the very reason for which commit f7ef7e6e3b ("vhost: correctly
-turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the
-vhost device that does not need it, because on the vhost interface it
-only means "I/O address translation is needed".
-
-This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on
-VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the
-situation when _F_ACCESS_PLATFORM is requested, but no I/O translation
-by the device, and thus no device capability is needed. In this
-situation claiming that the device does not support iommu_plattform=on
-is counter-productive. So let us stop doing that!
-
-Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
-Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com>
-Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
-unsupported")
-Acked-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Cc: Kevin Wolf <kwolf@redhat.com>
-Cc: qemu-stable@nongnu.org
-
-Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Acked-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/virtio-bus.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
-index d23db98c56..0f69d1c742 100644
---- a/hw/virtio/virtio-bus.c
-+++ b/hw/virtio/virtio-bus.c
-@@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
- bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
-+ bool vdev_has_iommu;
- Error *local_err = NULL;
-
- DPRINTF("%s: plug device.\n", qbus->name);
-@@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- return;
- }
-
-- if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
-- error_setg(errp, "iommu_platform=true is not supported by the device");
-- return;
-- }
--
- if (klass->device_plugged != NULL) {
- klass->device_plugged(qbus->parent, &local_err);
- }
-@@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- return;
- }
-
-+ vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
- if (klass->get_dma_as != NULL && has_iommu) {
- virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM);
- vdev->dma_as = klass->get_dma_as(qbus->parent);
-+ if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
-+ error_setg(errp,
-+ "iommu_platform=true is not supported by the device");
-+ return;
-+ }
- } else {
- vdev->dma_as = &address_space_memory;
- }
diff --git a/debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch b/debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
deleted file mode 100644
index 722ab2c..0000000
--- a/debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Rao Lei <lei.rao@intel.com>
-Date: Fri, 6 May 2022 14:38:36 +0200
-Subject: [PATCH] ui/vnc.c: Fixed a deadlock bug.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The GDB statck is as follows:
-(gdb) bt
-0 __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52
-1 0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80
-2 0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60)
- at ../util/qemu-thread-posix.c:80
-3 0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60
-4 0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138
-5 0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209
-6 0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 <clipboard_notifiers>, data=0x56211dd1bbf0) at ../util/notify.c:39
-7 0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50
-8 0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD)
- at ../ui/clipboard.c:41
-9 0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19
-10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358
-11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611
-12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649
-13 0x000056211a5b976c in qio_channel_fd_source_dispatch
- (source=0x56211ce50a00, callback=0x56211a0d4d71 <vnc_client_io>, user_data=0x56211df14200) at ../io/channel-watch.c:84
-14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
-15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232
-16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255
-17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531
-18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726
-19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50
-
-From the call trace, we can see it is a deadlock bug.
-vnc_disconnect_finish will acquire the output_mutex.
-But, the output_mutex will be acquired again in vnc_clipboard_send.
-Repeated locking will cause deadlock. So, I move
-qemu_clipboard_peer_unregister() behind vnc_unlock_output();
-
-Fixes: 0bf41cab93e ("ui/vnc: clipboard support")
-Signed-off-by: Lei Rao <lei.rao@intel.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220105020808.597325-1-lei.rao@intel.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry-picked from commit 1dbbe6f172810026c51dc84ed927a3cc23017949)
-[FE: trivial backport for 6.2]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- ui/vnc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index af02522e84..b253e85c65 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -1354,12 +1354,12 @@ void vnc_disconnect_finish(VncState *vs)
- /* last client gone */
- vnc_update_server_surface(vs->vd);
- }
-+ vnc_unlock_output(vs);
-+
- if (vs->cbpeer.update.notify) {
- qemu_clipboard_peer_unregister(&vs->cbpeer);
- }
-
-- vnc_unlock_output(vs);
--
- qemu_mutex_destroy(&vs->output_mutex);
- if (vs->bh != NULL) {
- qemu_bh_delete(vs->bh);
diff --git a/debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch b/debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
deleted file mode 100644
index cac949b..0000000
--- a/debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mauro Matteo Cascella <mcascell@redhat.com>
-Date: Thu, 7 Apr 2022 10:11:06 +0200
-Subject: [PATCH] display/qxl-render: fix race condition in qxl_cursor
- (CVE-2021-4207)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Avoid fetching 'width' and 'height' a second time to prevent possible
-race condition. Refer to security advisory
-https://starlabs.sg/advisories/22-4207/ for more information.
-
-Fixes: CVE-2021-4207
-Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220407081106.343235-1-mcascell@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/display/qxl-render.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index d28849b121..237ed293ba 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -266,7 +266,7 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
- }
- break;
- case SPICE_CURSOR_TYPE_ALPHA:
-- size = sizeof(uint32_t) * cursor->header.width * cursor->header.height;
-+ size = sizeof(uint32_t) * c->width * c->height;
- qxl_unpack_chunks(c->data, size, qxl, &cursor->chunk, group_id);
- if (qxl->debug > 2) {
- cursor_print_ascii_art(c, "qxl/alpha");
diff --git a/debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch b/debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
deleted file mode 100644
index 7c295f9..0000000
--- a/debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mauro Matteo Cascella <mcascell@redhat.com>
-Date: Thu, 7 Apr 2022 10:17:12 +0200
-Subject: [PATCH] ui/cursor: fix integer overflow in cursor_alloc
- (CVE-2021-4206)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Prevent potential integer overflow by limiting 'width' and 'height' to
-512x512. Also change 'datasize' type to size_t. Refer to security
-advisory https://starlabs.sg/advisories/22-4206/ for more information.
-
-Fixes: CVE-2021-4206
-Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220407081712.345609-1-mcascell@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit fa892e9abb728e76afcf27323ab29c57fb0fe7aa)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/display/qxl-render.c | 7 +++++++
- hw/display/vmware_vga.c | 2 ++
- ui/cursor.c | 8 +++++++-
- 3 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index 237ed293ba..ca217004bf 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -247,6 +247,13 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
- size_t size;
-
- c = cursor_alloc(cursor->header.width, cursor->header.height);
-+
-+ if (!c) {
-+ qxl_set_guest_bug(qxl, "%s: cursor %ux%u alloc error", __func__,
-+ cursor->header.width, cursor->header.height);
-+ goto fail;
-+ }
-+
- c->hot_x = cursor->header.hot_spot_x;
- c->hot_y = cursor->header.hot_spot_y;
- switch (cursor->header.type) {
-diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
-index e2969a6c81..2b81d6122f 100644
---- a/hw/display/vmware_vga.c
-+++ b/hw/display/vmware_vga.c
-@@ -509,6 +509,8 @@ static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
- int i, pixels;
-
- qc = cursor_alloc(c->width, c->height);
-+ assert(qc != NULL);
-+
- qc->hot_x = c->hot_x;
- qc->hot_y = c->hot_y;
- switch (c->bpp) {
-diff --git a/ui/cursor.c b/ui/cursor.c
-index 1d62ddd4d0..835f0802f9 100644
---- a/ui/cursor.c
-+++ b/ui/cursor.c
-@@ -46,6 +46,8 @@ static QEMUCursor *cursor_parse_xpm(const char *xpm[])
-
- /* parse pixel data */
- c = cursor_alloc(width, height);
-+ assert(c != NULL);
-+
- for (pixel = 0, y = 0; y < height; y++, line++) {
- for (x = 0; x < height; x++, pixel++) {
- idx = xpm[line][x];
-@@ -91,7 +93,11 @@ QEMUCursor *cursor_builtin_left_ptr(void)
- QEMUCursor *cursor_alloc(int width, int height)
- {
- QEMUCursor *c;
-- int datasize = width * height * sizeof(uint32_t);
-+ size_t datasize = width * height * sizeof(uint32_t);
-+
-+ if (width > 512 || height > 512) {
-+ return NULL;
-+ }
-
- c = g_malloc0(sizeof(QEMUCursor) + datasize);
- c->width = width;
diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
index ae9a483..700afed 100644
--- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
+++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index b283093e5b..821405fd02 100644
+index 39a3d6dbe6..e5bf5d59bf 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -552,7 +552,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -554,7 +554,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@@ -26,7 +26,7 @@ index b283093e5b..821405fd02 100644
},
{
.name = "pr-manager",
-@@ -652,7 +652,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -654,7 +654,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
index 051e997..6a19ef0 100644
--- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
+++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index 04f2b790c9..19fdbb981c 100644
+index 982c532353..5395e7e471 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
-@@ -2039,9 +2039,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
+@@ -2087,9 +2087,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define CPU_RESOLVING_TYPE TYPE_X86_CPU
#ifdef TARGET_X86_64
diff --git a/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch b/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch
index 0e41fd1..39aedf0 100644
--- a/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch
+++ b/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch
@@ -9,7 +9,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c
-index 31974b8d6c..a3acdbd682 100644
+index c3ac20ad43..37774f1c0a 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -689,32 +689,35 @@ static void qemu_spice_init(void)
diff --git a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
index e378405..ce4366d 100644
--- a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
+++ b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
@@ -18,7 +18,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+)
diff --git a/block/rbd.c b/block/rbd.c
-index def96292e0..a4b8fb482c 100644
+index 6caf35cbba..0cec24c86d 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -820,6 +820,8 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
diff --git a/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch b/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch
index ac54142..d6b5440 100644
--- a/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch
+++ b/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch
@@ -49,7 +49,7 @@ index f0d14dbfc1..6d476c47ef 100644
{
NetClientState *nc;
diff --git a/qapi/net.json b/qapi/net.json
-index 7fab2e7cd8..74c9a6109e 100644
+index b92f3f5fb4..52c7e1f82b 100644
--- a/qapi/net.json
+++ b/qapi/net.json
@@ -35,6 +35,21 @@
@@ -75,10 +75,10 @@ index 7fab2e7cd8..74c9a6109e 100644
# @netdev_add:
#
diff --git a/qapi/pragma.json b/qapi/pragma.json
-index 3bc0335d1f..7c91ea3685 100644
+index e6a021c19c..41139d8645 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
-@@ -22,6 +22,7 @@
+@@ -25,6 +25,7 @@
'system_reset',
'system_wakeup' ],
'command-returns-exceptions': [
diff --git a/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch b/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
index 58f04c8..0d67cd2 100644
--- a/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
+++ b/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
-index f036a1d428..080ad9bca7 100644
+index 1caddfb23a..2782e181c0 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -2989,7 +2989,8 @@ static int img_info(int argc, char **argv)
+@@ -3005,7 +3005,8 @@ static int img_info(int argc, char **argv)
list = collect_image_info_list(image_opts, filename, fmt, chain,
force_share);
if (!list) {
diff --git a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
index 26ccf4f..7163f0f 100644
--- a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
+++ b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
@@ -37,7 +37,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 119 insertions(+), 72 deletions(-)
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index 72bcdcfbfa..0b2999f3ab 100644
+index 1b1dab5b17..d1616c045a 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
@@ -53,10 +53,10 @@ index 72bcdcfbfa..0b2999f3ab 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 080ad9bca7..1f457d9e80 100644
+index 2782e181c0..8cd43b3601 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4805,10 +4805,12 @@ static int img_bitmap(int argc, char **argv)
+@@ -4821,10 +4821,12 @@ static int img_bitmap(int argc, char **argv)
#define C_IF 04
#define C_OF 010
#define C_SKIP 020
@@ -69,7 +69,7 @@ index 080ad9bca7..1f457d9e80 100644
};
struct DdIo {
-@@ -4884,6 +4886,19 @@ static int img_dd_skip(const char *arg,
+@@ -4900,6 +4902,19 @@ static int img_dd_skip(const char *arg,
return 0;
}
@@ -89,7 +89,7 @@ index 080ad9bca7..1f457d9e80 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4924,6 +4939,7 @@ static int img_dd(int argc, char **argv)
+@@ -4940,6 +4955,7 @@ static int img_dd(int argc, char **argv)
{ "if", img_dd_if, C_IF },
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
@@ -97,7 +97,7 @@ index 080ad9bca7..1f457d9e80 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -4999,91 +5015,112 @@ static int img_dd(int argc, char **argv)
+@@ -5015,91 +5031,112 @@ static int img_dd(int argc, char **argv)
arg = NULL;
}
@@ -274,7 +274,7 @@ index 080ad9bca7..1f457d9e80 100644
}
if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
-@@ -5101,11 +5138,17 @@ static int img_dd(int argc, char **argv)
+@@ -5117,11 +5154,17 @@ static int img_dd(int argc, char **argv)
for (out_pos = 0; in_pos < size; block_count++) {
int in_ret, out_ret;
@@ -296,7 +296,7 @@ index 080ad9bca7..1f457d9e80 100644
}
if (in_ret < 0) {
error_report("error while reading from input image file: %s",
-@@ -5115,9 +5158,13 @@ static int img_dd(int argc, char **argv)
+@@ -5131,9 +5174,13 @@ static int img_dd(int argc, char **argv)
}
in_pos += in_ret;
diff --git a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch
index 3e4434f..29df3de 100644
--- a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch
+++ b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch
@@ -15,10 +15,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 1f457d9e80..d9e8a8c4d4 100644
+index 8cd43b3601..67033b2d2c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4806,11 +4806,13 @@ static int img_bitmap(int argc, char **argv)
+@@ -4822,11 +4822,13 @@ static int img_bitmap(int argc, char **argv)
#define C_OF 010
#define C_SKIP 020
#define C_OSIZE 040
@@ -32,7 +32,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
};
struct DdIo {
-@@ -4899,6 +4901,19 @@ static int img_dd_osize(const char *arg,
+@@ -4915,6 +4917,19 @@ static int img_dd_osize(const char *arg,
return 0;
}
@@ -52,7 +52,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4913,12 +4928,14 @@ static int img_dd(int argc, char **argv)
+@@ -4929,12 +4944,14 @@ static int img_dd(int argc, char **argv)
int c, i;
const char *out_fmt = "raw";
const char *fmt = NULL;
@@ -68,7 +68,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
};
struct DdIo in = {
.bsz = 512, /* Block size is by default 512 bytes */
-@@ -4940,6 +4957,7 @@ static int img_dd(int argc, char **argv)
+@@ -4956,6 +4973,7 @@ static int img_dd(int argc, char **argv)
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ "osize", img_dd_osize, C_OSIZE },
@@ -76,7 +76,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5136,14 +5154,18 @@ static int img_dd(int argc, char **argv)
+@@ -5152,14 +5170,18 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
diff --git a/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch b/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch
index f086107..39991dd 100644
--- a/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch
+++ b/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch
@@ -13,7 +13,7 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
3 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
-index d663dd92bd..a49badb158 100644
+index 8885ea11cf..33979b7430 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -208,6 +208,10 @@ Parameters to convert subcommand:
@@ -49,7 +49,7 @@ index d663dd92bd..a49badb158 100644
Give information about the disk image *FILENAME*. Use it in
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index 0b2999f3ab..f3b2b1b4de 100644
+index d1616c045a..b5b0bb4467 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
@@ -65,10 +65,10 @@ index 0b2999f3ab..f3b2b1b4de 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index d9e8a8c4d4..015d6d2ce4 100644
+index 67033b2d2c..35c2bdc95c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4930,7 +4930,7 @@ static int img_dd(int argc, char **argv)
+@@ -4946,7 +4946,7 @@ static int img_dd(int argc, char **argv)
const char *fmt = NULL;
int64_t size = 0, readsize = 0;
int64_t block_count = 0, out_pos, in_pos;
@@ -77,7 +77,7 @@ index d9e8a8c4d4..015d6d2ce4 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -4968,7 +4968,7 @@ static int img_dd(int argc, char **argv)
+@@ -4984,7 +4984,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -86,7 +86,7 @@ index d9e8a8c4d4..015d6d2ce4 100644
if (c == EOF) {
break;
}
-@@ -4988,6 +4988,9 @@ static int img_dd(int argc, char **argv)
+@@ -5004,6 +5004,9 @@ static int img_dd(int argc, char **argv)
case 'h':
help();
break;
@@ -96,7 +96,7 @@ index d9e8a8c4d4..015d6d2ce4 100644
case 'U':
force_share = true;
break;
-@@ -5118,13 +5121,15 @@ static int img_dd(int argc, char **argv)
+@@ -5134,13 +5137,15 @@ static int img_dd(int argc, char **argv)
size - in.bsz * in.offset, &error_abort);
}
diff --git a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
index 88a9785..a52235f 100644
--- a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
+++ b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 81 insertions(+), 4 deletions(-)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
-index 9a4f491b54..1faa16234e 100644
+index 163d244eb4..389907f1f8 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
-@@ -812,8 +812,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
+@@ -813,8 +813,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
{
VirtIOBalloon *dev = opaque;
@@ -58,10 +58,10 @@ index 9a4f491b54..1faa16234e 100644
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 2e91ccb738..e9fa9af6bd 100644
+index 634968498b..5482dd0569 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -696,7 +696,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
+@@ -708,7 +708,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
return;
}
@@ -99,7 +99,7 @@ index 2e91ccb738..e9fa9af6bd 100644
qapi_free_BalloonInfo(info);
}
diff --git a/qapi/machine.json b/qapi/machine.json
-index 067e3f5378..91f3be6f44 100644
+index d25a481ce4..3627172aed 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1018,10 +1018,30 @@
diff --git a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
index a7dfb1d..8c7d776 100644
--- a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
+++ b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
@@ -30,10 +30,10 @@ index 4f4ab30f8c..76fff60a6b 100644
info->default_cpu_type = g_strdup(mc->default_cpu_type);
info->has_default_cpu_type = true;
diff --git a/qapi/machine.json b/qapi/machine.json
-index 91f3be6f44..0905618e25 100644
+index 3627172aed..ca133e68ce 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -141,6 +141,8 @@
+@@ -139,6 +139,8 @@
#
# @is-default: whether the machine is default
#
@@ -42,7 +42,7 @@ index 91f3be6f44..0905618e25 100644
# @cpu-max: maximum number of CPUs supported by the machine type
# (since 1.5)
#
-@@ -162,7 +164,7 @@
+@@ -160,7 +162,7 @@
##
{ 'struct': 'MachineInfo',
'data': { 'name': 'str', '*alias': 'str',
diff --git a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
index 538a0c0..3f7fd62 100644
--- a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
+++ b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
@@ -12,10 +12,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 8 insertions(+)
diff --git a/qapi/ui.json b/qapi/ui.json
-index 4244c62c30..f946fbd8c1 100644
+index 13a8bb82aa..4c34436ba7 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
-@@ -333,11 +333,14 @@
+@@ -300,11 +300,14 @@
#
# @channels: a list of @SpiceChannel for each active spice channel
#
@@ -31,7 +31,7 @@ index 4244c62c30..f946fbd8c1 100644
'if': 'CONFIG_SPICE' }
diff --git a/ui/spice-core.c b/ui/spice-core.c
-index a3acdbd682..756776778d 100644
+index 37774f1c0a..367f77f2b4 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -534,6 +534,11 @@ static SpiceInfo *qmp_query_spice_real(Error **errp)
diff --git a/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
index 365e481..0197289 100644
--- a/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -39,10 +39,10 @@ Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index 407a1da800..245f8acc55 100644
+index adfa085a9b..925e680e5a 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -536,6 +536,19 @@ SRST
+@@ -538,6 +538,19 @@ SRST
Show current migration parameters.
ERST
@@ -63,7 +63,7 @@ index 407a1da800..245f8acc55 100644
.name = "balloon",
.args_type = "",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 5efb47fc32..1ad13b668b 100644
+index 8476277aa9..7f0ac498c4 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1746,3 +1746,36 @@ ERST
@@ -138,7 +138,7 @@ index 96d014826a..3a39ba41b5 100644
void hmp_screendump(Monitor *mon, const QDict *qdict);
void hmp_chardev_add(Monitor *mon, const QDict *qdict);
diff --git a/migration/meson.build b/migration/meson.build
-index f8714dcb15..ea9aedeefc 100644
+index 8b5ca5c047..1e2aec8486 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -23,6 +23,7 @@ softmmu_ss.add(files(
@@ -754,10 +754,10 @@ index 0000000000..79a0cda906
+ return ret;
+}
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index e9fa9af6bd..5000ce39d1 100644
+index 5482dd0569..c64b959738 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -1903,6 +1903,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
+@@ -1906,6 +1906,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, err);
}
@@ -822,10 +822,10 @@ index e9fa9af6bd..5000ce39d1 100644
{
IOThreadInfoList *info_list = qmp_query_iothreads(NULL);
diff --git a/qapi/migration.json b/qapi/migration.json
-index bbfd48cf0b..45686390a2 100644
+index 27d7b28158..31d6cc902e 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
-@@ -247,6 +247,40 @@
+@@ -258,6 +258,40 @@
'*compression': 'CompressionStats',
'*socket-address': ['SocketAddress'] } }
@@ -867,7 +867,7 @@ index bbfd48cf0b..45686390a2 100644
# @query-migrate:
#
diff --git a/qapi/misc.json b/qapi/misc.json
-index 358548abe1..25b3febc52 100644
+index b83cc39029..1e5dd7db29 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -435,6 +435,38 @@
@@ -910,10 +910,10 @@ index 358548abe1..25b3febc52 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index ae2c6dbbfc..423144abeb 100644
+index 34e9b32a5c..aeade4ef80 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4171,6 +4171,18 @@ SRST
+@@ -4254,6 +4254,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@@ -933,10 +933,10 @@ index ae2c6dbbfc..423144abeb 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index 620a1f1367..fd82efb8b3 100644
+index 6f646531a0..a3f2a3818c 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -156,6 +156,7 @@ static const char *incoming;
+@@ -157,6 +157,7 @@ static const char *incoming;
static const char *loadvm;
static const char *accelerators;
static QDict *machine_opts_dict;
@@ -944,7 +944,7 @@ index 620a1f1367..fd82efb8b3 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static ram_addr_t maxram_size;
-@@ -2743,6 +2744,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2749,6 +2750,12 @@ void qmp_x_exit_preconfig(Error **errp)
if (loadvm) {
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
@@ -957,7 +957,7 @@ index 620a1f1367..fd82efb8b3 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3284,6 +3291,9 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3289,6 +3296,9 @@ void qemu_init(int argc, char **argv, char **envp)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
diff --git a/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch
index 0bbaed4..e64ebbe 100644
--- a/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 28 insertions(+), 15 deletions(-)
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
-index 6338d8e2ff..6697a93a7e 100644
+index 1479cddad9..21a3355ae2 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
-@@ -30,8 +30,8 @@
+@@ -31,8 +31,8 @@
#include "trace.h"
#include "qapi/error.h"
@@ -31,7 +31,7 @@ index 6338d8e2ff..6697a93a7e 100644
struct QEMUFile {
const QEMUFileOps *ops;
-@@ -45,7 +45,8 @@ struct QEMUFile {
+@@ -46,7 +46,8 @@ struct QEMUFile {
when reading */
int buf_index;
int buf_size; /* 0 when writing */
@@ -41,7 +41,7 @@ index 6338d8e2ff..6697a93a7e 100644
DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
struct iovec iov[MAX_IOV_SIZE];
-@@ -103,7 +104,7 @@ bool qemu_file_mode_is_not_valid(const char *mode)
+@@ -104,7 +105,7 @@ bool qemu_file_mode_is_not_valid(const char *mode)
return false;
}
@@ -50,7 +50,7 @@ index 6338d8e2ff..6697a93a7e 100644
{
QEMUFile *f;
-@@ -112,9 +113,17 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops, bool has_ioc)
+@@ -113,9 +114,17 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops, bool has_ioc)
f->opaque = opaque;
f->ops = ops;
f->has_ioc = has_ioc;
@@ -68,7 +68,7 @@ index 6338d8e2ff..6697a93a7e 100644
void qemu_file_set_hooks(QEMUFile *f, const QEMUFileHooks *hooks)
{
-@@ -349,7 +358,7 @@ static ssize_t qemu_fill_buffer(QEMUFile *f)
+@@ -350,7 +359,7 @@ static ssize_t qemu_fill_buffer(QEMUFile *f)
}
len = f->ops->get_buffer(f->opaque, f->buf + pending, f->pos,
@@ -77,7 +77,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (len > 0) {
f->buf_size += len;
f->pos += len;
-@@ -389,6 +398,9 @@ int qemu_fclose(QEMUFile *f)
+@@ -390,6 +399,9 @@ int qemu_fclose(QEMUFile *f)
ret = ret2;
}
}
@@ -87,7 +87,7 @@ index 6338d8e2ff..6697a93a7e 100644
/* If any error was spotted before closing, we should report it
* instead of the close() return value.
*/
-@@ -443,7 +455,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
+@@ -444,7 +456,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
{
if (!add_to_iovec(f, f->buf + f->buf_index, len, false)) {
f->buf_index += len;
@@ -96,7 +96,7 @@ index 6338d8e2ff..6697a93a7e 100644
qemu_fflush(f);
}
}
-@@ -469,7 +481,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
+@@ -470,7 +482,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
}
while (size > 0) {
@@ -105,7 +105,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (l > size) {
l = size;
}
-@@ -516,8 +528,8 @@ size_t qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t size, size_t offset)
+@@ -517,8 +529,8 @@ size_t qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t size, size_t offset)
size_t index;
assert(!qemu_file_is_writable(f));
@@ -116,7 +116,7 @@ index 6338d8e2ff..6697a93a7e 100644
/* The 1st byte to read from */
index = f->buf_index + offset;
-@@ -567,7 +579,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
+@@ -568,7 +580,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
size_t res;
uint8_t *src;
@@ -125,7 +125,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (res == 0) {
return done;
}
-@@ -601,7 +613,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
+@@ -602,7 +614,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
*/
size_t qemu_get_buffer_in_place(QEMUFile *f, uint8_t **buf, size_t size)
{
@@ -134,7 +134,7 @@ index 6338d8e2ff..6697a93a7e 100644
size_t res;
uint8_t *src = NULL;
-@@ -626,7 +638,7 @@ int qemu_peek_byte(QEMUFile *f, int offset)
+@@ -627,7 +639,7 @@ int qemu_peek_byte(QEMUFile *f, int offset)
int index = f->buf_index + offset;
assert(!qemu_file_is_writable(f));
@@ -143,7 +143,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (index >= f->buf_size) {
qemu_fill_buffer(f);
-@@ -778,7 +790,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
+@@ -779,7 +791,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
ssize_t qemu_put_compression_data(QEMUFile *f, z_stream *stream,
const uint8_t *p, size_t size)
{
diff --git a/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch b/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch
index 9a17710..a0cc957 100644
--- a/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch
+++ b/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch
@@ -13,10 +13,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
create mode 100644 block/zeroinit.c
diff --git a/block/meson.build b/block/meson.build
-index deb73ca389..c9d1fdca7d 100644
+index 0b2a60c99b..9451fc3ccd 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -41,6 +41,7 @@ block_ss.add(files(
+@@ -43,6 +43,7 @@ block_ss.add(files(
'vmdk.c',
'vpc.c',
'write-threshold.c',
diff --git a/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch
index be8407b..488a70c 100644
--- a/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch
+++ b/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index 423144abeb..4879471aeb 100644
+index aeade4ef80..a26f0b0400 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -1019,6 +1019,9 @@ DEFHEADING()
+@@ -1075,6 +1075,9 @@ DEFHEADING()
DEFHEADING(Block device options:)
@@ -28,10 +28,10 @@ index 423144abeb..4879471aeb 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index fd82efb8b3..eb05e5a000 100644
+index a3f2a3818c..4208142685 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -2779,6 +2779,7 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -2785,6 +2785,7 @@ void qemu_init(int argc, char **argv, char **envp)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@@ -39,7 +39,7 @@ index fd82efb8b3..eb05e5a000 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3421,6 +3422,13 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3420,6 +3421,13 @@ void qemu_init(int argc, char **argv, char **envp)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
diff --git a/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
index 1d758aa..99299d3 100644
--- a/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
+++ b/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 821405fd02..e3b6c3c524 100644
+index e5bf5d59bf..b013668dce 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2465,6 +2465,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2461,6 +2461,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@@ -24,7 +24,7 @@ index 821405fd02..e3b6c3c524 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2505,19 +2506,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2501,19 +2502,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@@ -59,7 +59,7 @@ index 821405fd02..e3b6c3c524 100644
}
/* Clear the file by truncating it to 0 */
-@@ -2571,13 +2575,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2567,13 +2571,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@@ -82,7 +82,7 @@ index 821405fd02..e3b6c3c524 100644
}
out_close:
-@@ -2602,6 +2608,7 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2598,6 +2604,7 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@@ -90,7 +90,7 @@ index 821405fd02..e3b6c3c524 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -2624,6 +2631,18 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2620,6 +2627,18 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
return -EINVAL;
}
@@ -109,7 +109,7 @@ index 821405fd02..e3b6c3c524 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -2635,6 +2654,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2631,6 +2650,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@@ -119,10 +119,10 @@ index 821405fd02..e3b6c3c524 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 1d3dd9cb48..3f81d6a5c0 100644
+index fb25c2b245..564b6b43f7 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4445,7 +4445,8 @@
+@@ -4484,7 +4484,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
diff --git a/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
index 867084d..61528fd 100644
--- a/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
+++ b/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
@@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 53a99abc56..ad2cb2592e 100644
+index 1e23fdc14b..8a50445ee8 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -113,7 +113,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -118,7 +118,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
diff --git a/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch
index 5656e1f..a0ca907 100644
--- a/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch
+++ b/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch
@@ -36,10 +36,10 @@ index 76fff60a6b..ec9201fb9a 100644
if (mc->default_cpu_type) {
diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 9c1c190104..51e04bde62 100644
+index c92ac8815c..572d911ed4 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
-@@ -227,6 +227,8 @@ struct MachineClass {
+@@ -230,6 +230,8 @@ struct MachineClass {
const char *desc;
const char *deprecation_reason;
@@ -49,10 +49,10 @@ index 9c1c190104..51e04bde62 100644
void (*reset)(MachineState *state);
void (*wakeup)(MachineState *state);
diff --git a/qapi/machine.json b/qapi/machine.json
-index 0905618e25..a05c46e253 100644
+index ca133e68ce..39ba204b52 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -160,6 +160,8 @@
+@@ -158,6 +158,8 @@
#
# @default-ram-id: the default ID of initial RAM memory backend (since 5.2)
#
@@ -61,7 +61,7 @@ index 0905618e25..a05c46e253 100644
# Since: 1.2
##
{ 'struct': 'MachineInfo',
-@@ -167,7 +169,7 @@
+@@ -165,7 +167,7 @@
'*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
@@ -71,10 +71,10 @@ index 0905618e25..a05c46e253 100644
##
# @query-machines:
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index eb05e5a000..f306d21d63 100644
+index 4208142685..37d85f1b96 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -1655,6 +1655,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
+@@ -1659,6 +1659,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
static MachineClass *select_machine(QDict *qdict, Error **errp)
{
const char *optarg = qdict_get_try_str(qdict, "type");
@@ -82,7 +82,7 @@ index eb05e5a000..f306d21d63 100644
GSList *machines = object_class_get_list(TYPE_MACHINE, false);
MachineClass *machine_class;
Error *local_err = NULL;
-@@ -1672,6 +1673,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
+@@ -1676,6 +1677,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
}
}
@@ -94,7 +94,7 @@ index eb05e5a000..f306d21d63 100644
g_slist_free(machines);
if (local_err) {
error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3363,12 +3369,31 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3362,12 +3368,31 @@ void qemu_init(int argc, char **argv, char **envp)
case QEMU_OPTION_machine:
{
bool help;
diff --git a/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch b/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch
index 5d2679c..8621cdf 100644
--- a/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch
+++ b/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch
@@ -25,7 +25,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/block/backup.c b/block/backup.c
-index 21d5983779..47e218857d 100644
+index 5cfd0b999c..07b899035c 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -239,8 +239,8 @@ static void backup_init_bcs_bitmap(BackupBlockJob *job)
@@ -48,7 +48,7 @@ index 21d5983779..47e218857d 100644
if (s->sync_mode == MIRROR_SYNC_MODE_TOP) {
int64_t offset = 0;
int64_t count;
-@@ -493,6 +491,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -494,6 +492,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
&error_abort);
diff --git a/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch
index b37b17c..ced8e74 100644
--- a/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch
+++ b/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch
@@ -10,20 +10,20 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
block/meson.build | 2 +
meson.build | 5 +
vma-reader.c | 860 ++++++++++++++++++++++++++++++++++++++++++++++
- vma-writer.c | 790 ++++++++++++++++++++++++++++++++++++++++++
- vma.c | 849 +++++++++++++++++++++++++++++++++++++++++++++
+ vma-writer.c | 791 ++++++++++++++++++++++++++++++++++++++++++
+ vma.c | 850 +++++++++++++++++++++++++++++++++++++++++++++
vma.h | 150 ++++++++
- 6 files changed, 2656 insertions(+)
+ 6 files changed, 2658 insertions(+)
create mode 100644 vma-reader.c
create mode 100644 vma-writer.c
create mode 100644 vma.c
create mode 100644 vma.h
diff --git a/block/meson.build b/block/meson.build
-index c9d1fdca7d..72081a9974 100644
+index 9451fc3ccd..819eb80951 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -44,6 +44,8 @@ block_ss.add(files(
+@@ -46,6 +46,8 @@ block_ss.add(files(
'zeroinit.c',
), zstd, zlib, gnutls)
@@ -31,12 +31,12 @@ index c9d1fdca7d..72081a9974 100644
+
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
- block_ss.add(when: 'CONFIG_QCOW1', if_true: files('qcow.c'))
+ if get_option('qcow1').allowed()
diff --git a/meson.build b/meson.build
-index 96de1a6ef9..54c23b9567 100644
+index 861de93c4f..96a91b95e4 100644
--- a/meson.build
+++ b/meson.build
-@@ -1202,6 +1202,8 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1267,6 +1267,8 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
@@ -45,7 +45,7 @@ index 96de1a6ef9..54c23b9567 100644
# libselinux
selinux = dependency('libselinux',
required: get_option('selinux'),
-@@ -3070,6 +3072,9 @@ if have_tools
+@@ -3359,6 +3361,9 @@ if have_tools
dependencies: [blockdev, qemuutil, gnutls, selinux],
install: true)
@@ -923,10 +923,10 @@ index 0000000000..4f4ee2b47b
+
diff --git a/vma-writer.c b/vma-writer.c
new file mode 100644
-index 0000000000..11d8321ffd
+index 0000000000..df4b20793d
--- /dev/null
+++ b/vma-writer.c
-@@ -0,0 +1,790 @@
+@@ -0,0 +1,791 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
@@ -950,6 +950,7 @@ index 0000000000..11d8321ffd
+#include "qemu/main-loop.h"
+#include "qemu/coroutine.h"
+#include "qemu/cutils.h"
++#include "qemu/memalign.h"
+
+#define DEBUG_VMA 0
+
@@ -1133,9 +1134,9 @@ index 0000000000..11d8321ffd
+ assert(qemu_in_coroutine());
+ AioContext *ctx = qemu_get_current_aio_context();
+ aio_set_fd_handler(ctx, fd, false, NULL, (IOHandler *)qemu_coroutine_enter,
-+ NULL, qemu_coroutine_self());
++ NULL, NULL, qemu_coroutine_self());
+ qemu_coroutine_yield();
-+ aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL);
++ aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL, NULL);
+}
+
+static ssize_t coroutine_fn
@@ -1719,10 +1720,10 @@ index 0000000000..11d8321ffd
+}
diff --git a/vma.c b/vma.c
new file mode 100644
-index 0000000000..89440733b1
+index 0000000000..91612d50a2
--- /dev/null
+++ b/vma.c
-@@ -0,0 +1,849 @@
+@@ -0,0 +1,850 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
@@ -1745,6 +1746,7 @@ index 0000000000..89440733b1
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "qemu/cutils.h"
++#include "qemu/memalign.h"
+#include "qapi/qmp/qdict.h"
+#include "sysemu/block-backend.h"
+
diff --git a/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch b/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch
index 4b57124..ea3bb84 100644
--- a/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch
+++ b/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch
@@ -10,11 +10,11 @@ Subject: [PATCH] PVE-Backup: add backup-dump block driver
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- block/backup-dump.c | 168 ++++++++++++++++++++++++++++++++++++++
- block/backup.c | 30 ++-----
- block/meson.build | 1 +
- include/block/block_int.h | 35 ++++++++
- job.c | 3 +-
+ block/backup-dump.c | 168 +++++++++++++++++++++++++++++++
+ block/backup.c | 30 ++----
+ block/meson.build | 1 +
+ include/block/block_int-common.h | 35 +++++++
+ job.c | 3 +-
5 files changed, 214 insertions(+), 23 deletions(-)
create mode 100644 block/backup-dump.c
@@ -193,7 +193,7 @@ index 0000000000..93d7f46950
+ return bs;
+}
diff --git a/block/backup.c b/block/backup.c
-index 47e218857d..4d8fad70c4 100644
+index 07b899035c..7b5d02f580 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -29,28 +29,6 @@
@@ -225,7 +225,7 @@ index 47e218857d..4d8fad70c4 100644
static const BlockJobDriver backup_job_driver;
static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret)
-@@ -455,6 +433,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -456,6 +434,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
}
cluster_size = block_copy_cluster_size(bcs);
@@ -241,7 +241,7 @@ index 47e218857d..4d8fad70c4 100644
if (perf->max_chunk && perf->max_chunk < cluster_size) {
error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup "
diff --git a/block/meson.build b/block/meson.build
-index 72081a9974..7883df047c 100644
+index 819eb80951..067708b7c0 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -4,6 +4,7 @@ block_ss.add(files(
@@ -252,10 +252,10 @@ index 72081a9974..7883df047c 100644
'copy-before-write.c',
'blkdebug.c',
'blklogwrites.c',
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index f4c75e8ba9..169dc43d59 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
+diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h
+index 8947abab76..f272d0d8dc 100644
+--- a/include/block/block_int-common.h
++++ b/include/block/block_int-common.h
@@ -26,6 +26,7 @@
#include "block/accounting.h"
@@ -270,7 +270,7 @@ index f4c75e8ba9..169dc43d59 100644
+typedef int BackupDumpFunc(void *opaque, uint64_t offset, uint64_t bytes, const void *buf);
+
-+BlockDriverState *bdrv_backuo_dump_create(
++BlockDriverState *bdrv_backup_dump_create(
+ int dump_cb_block_size,
+ uint64_t byte_size,
+ BackupDumpFunc *dump_cb,
@@ -306,7 +306,7 @@ index f4c75e8ba9..169dc43d59 100644
BDRV_TRACKED_READ,
BDRV_TRACKED_WRITE,
diff --git a/job.c b/job.c
-index dbfa67bb0a..af25dd5b98 100644
+index 075c6f3a20..e5699ad200 100644
--- a/job.c
+++ b/job.c
@@ -276,7 +276,8 @@ static bool job_started(Job *job)
diff --git a/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch b/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch
index c081345..faa9483 100644
--- a/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch
+++ b/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch
@@ -15,7 +15,6 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
blockdev.c | 1 +
hmp-commands-info.hx | 14 +
hmp-commands.hx | 29 +
- include/block/block_int.h | 2 +-
include/monitor/hmp.h | 3 +
meson.build | 1 +
monitor/hmp-cmds.c | 44 ++
@@ -25,16 +24,16 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
qapi/block-core.json | 109 ++++
qapi/common.json | 13 +
qapi/machine.json | 15 +-
- 15 files changed, 1449 insertions(+), 14 deletions(-)
+ 14 files changed, 1448 insertions(+), 13 deletions(-)
create mode 100644 proxmox-backup-client.c
create mode 100644 proxmox-backup-client.h
create mode 100644 pve-backup.c
diff --git a/block/meson.build b/block/meson.build
-index 7883df047c..9d3dd5b7c3 100644
+index 067708b7c0..42aac96dbb 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -46,6 +46,11 @@ block_ss.add(files(
+@@ -48,6 +48,11 @@ block_ss.add(files(
), zstd, zlib, gnutls)
block_ss.add(files('../vma-writer.c'), libuuid)
@@ -47,7 +46,7 @@ index 7883df047c..9d3dd5b7c3 100644
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 2ac4aedfff..f6668ab01d 100644
+index bfb3c043a0..89ca64444d 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1015,3 +1015,36 @@ void hmp_info_snapshots(Monitor *mon, const QDict *qdict)
@@ -88,7 +87,7 @@ index 2ac4aedfff..f6668ab01d 100644
+ hmp_handle_error(mon, error);
+}
diff --git a/blockdev.c b/blockdev.c
-index b35072644e..c0bc3db33e 100644
+index 1af5a1fcb2..9916a72334 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -36,6 +36,7 @@
@@ -100,10 +99,10 @@ index b35072644e..c0bc3db33e 100644
#include "monitor/monitor.h"
#include "qemu/error-report.h"
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index 245f8acc55..3e7f2421eb 100644
+index 925e680e5a..d9b787d2c6 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -482,6 +482,20 @@ SRST
+@@ -484,6 +484,20 @@ SRST
Show the current VM UUID.
ERST
@@ -125,7 +124,7 @@ index 245f8acc55..3e7f2421eb 100644
{
.name = "usernet",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 1ad13b668b..d4bb00216e 100644
+index 7f0ac498c4..994445f301 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -99,6 +99,35 @@ ERST
@@ -164,19 +163,6 @@ index 1ad13b668b..d4bb00216e 100644
ERST
{
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index 169dc43d59..92f90c43eb 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
-@@ -67,7 +67,7 @@
-
- typedef int BackupDumpFunc(void *opaque, uint64_t offset, uint64_t bytes, const void *buf);
-
--BlockDriverState *bdrv_backuo_dump_create(
-+BlockDriverState *bdrv_backup_dump_create(
- int dump_cb_block_size,
- uint64_t byte_size,
- BackupDumpFunc *dump_cb,
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index 3a39ba41b5..d269b4c99c 100644
--- a/include/monitor/hmp.h
@@ -199,10 +185,10 @@ index 3a39ba41b5..d269b4c99c 100644
void hmp_device_add(Monitor *mon, const QDict *qdict);
void hmp_device_del(Monitor *mon, const QDict *qdict);
diff --git a/meson.build b/meson.build
-index 54c23b9567..37dab249cc 100644
+index 96a91b95e4..76fcb23299 100644
--- a/meson.build
+++ b/meson.build
-@@ -1203,6 +1203,7 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1268,6 +1268,7 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -211,7 +197,7 @@ index 54c23b9567..37dab249cc 100644
# libselinux
selinux = dependency('libselinux',
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 5000ce39d1..b2687eae3a 100644
+index c64b959738..ef654221c4 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -195,6 +195,50 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
@@ -1478,7 +1464,7 @@ index 0000000000..88f5ee133f
+ return info;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 3f81d6a5c0..551ee28275 100644
+index 564b6b43f7..ffcc25367b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -744,6 +744,115 @@
@@ -1619,7 +1605,7 @@ index 412cc4f5ae..3e7a77ea66 100644
+##
+{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
diff --git a/qapi/machine.json b/qapi/machine.json
-index a05c46e253..e2cec7922f 100644
+index 39ba204b52..091aafeff7 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -4,6 +4,8 @@
@@ -1631,7 +1617,7 @@ index a05c46e253..e2cec7922f 100644
##
# = Machines
##
-@@ -229,19 +231,6 @@
+@@ -227,19 +229,6 @@
##
{ 'command': 'query-target', 'returns': 'TargetInfo' }
diff --git a/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
index 132d390..f1c77cb 100644
--- a/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
+++ b/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
@@ -12,10 +12,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
create mode 100644 pbs-restore.c
diff --git a/meson.build b/meson.build
-index 37dab249cc..1a4dfab4e2 100644
+index 76fcb23299..9476ccbe07 100644
--- a/meson.build
+++ b/meson.build
-@@ -3076,6 +3076,10 @@ if have_tools
+@@ -3365,6 +3365,10 @@ if have_tools
vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
dependencies: [authz, block, crypto, io, qom], install: true)
diff --git a/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch b/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
index 4c45d91..012c0b3 100644
--- a/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
@@ -29,7 +29,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 142 insertions(+), 23 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index f6668ab01d..3c06734e6d 100644
+index 89ca64444d..45da74d7a0 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1042,6 +1042,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
@@ -41,7 +41,7 @@ index f6668ab01d..3c06734e6d 100644
false, NULL, false, NULL, !!devlist,
devlist, qdict_haskey(qdict, "speed"), speed, &error);
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index b2687eae3a..cfd7a60f32 100644
+index ef654221c4..c5c74ac1dc 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -221,19 +221,42 @@ void hmp_info_backup(Monitor *mon, const QDict *qdict)
@@ -405,7 +405,7 @@ index 88f5ee133f..1c49cd178d 100644
qemu_mutex_unlock(&backup_state.stat.lock);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 551ee28275..b9d6f52f0c 100644
+index ffcc25367b..b332d8a8da 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -757,8 +757,13 @@
diff --git a/debian/patches/pve/0031-PVE-various-PBS-fixes.patch b/debian/patches/pve/0031-PVE-various-PBS-fixes.patch
index d3a7334..e5ebc18 100644
--- a/debian/patches/pve/0031-PVE-various-PBS-fixes.patch
+++ b/debian/patches/pve/0031-PVE-various-PBS-fixes.patch
@@ -19,7 +19,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 54 insertions(+), 13 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 3c06734e6d..4481b60a5c 100644
+index 45da74d7a0..ea7b665aa2 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1042,7 +1042,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
@@ -194,7 +194,7 @@ index 1c49cd178d..c15abefdda 100644
.format = format,
.has_config_file = has_config_file,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index b9d6f52f0c..5d8e2eb303 100644
+index b332d8a8da..abef91062a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -822,6 +822,10 @@
diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index b3ea6b5..3b08ed1 100644
--- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -19,10 +19,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
create mode 100644 block/pbs.c
diff --git a/block/meson.build b/block/meson.build
-index 9d3dd5b7c3..8c758c0218 100644
+index 42aac96dbb..f94cc0cd25 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -51,6 +51,9 @@ block_ss.add(files(
+@@ -53,6 +53,9 @@ block_ss.add(files(
'../pve-backup.c',
), libproxmox_backup_qemu)
@@ -315,20 +315,20 @@ index 0000000000..0b05ea9080
+
+block_init(bdrv_pbs_init);
diff --git a/configure b/configure
-index 48c21775f3..eda4e9225a 100755
+index 7c08c18358..08d164b4f5 100755
--- a/configure
+++ b/configure
-@@ -356,6 +356,7 @@ vdi=${default_feature:-yes}
- vvfat=${default_feature:-yes}
- qed=${default_feature:-yes}
- parallels=${default_feature:-yes}
+@@ -325,6 +325,7 @@ trace_file="trace"
+ opengl="$default_feature"
+ coroutine=""
+ tls_priority="NORMAL"
+pbs_bdrv="yes"
- debug_mutex="no"
plugins="$default_feature"
- rng_none="no"
-@@ -1126,6 +1127,10 @@ for opt do
+ secret_keyring="$default_feature"
+ meson=""
+@@ -991,6 +992,10 @@ for opt do
;;
- --enable-parallels) parallels="yes"
+ --disable-pvrdma) pvrdma="no"
;;
+ --disable-pbs-bdrv) pbs_bdrv="no"
+ ;;
@@ -337,15 +337,15 @@ index 48c21775f3..eda4e9225a 100755
--disable-vhost-user) vhost_user="no"
;;
--enable-vhost-user) vhost_user="yes"
-@@ -1465,6 +1470,7 @@ cat << EOF
- vvfat vvfat image format support
- qed qed image format support
- parallels parallels image format support
+@@ -1265,6 +1270,7 @@ cat << EOF
+ vhost-user vhost-user backend support
+ vhost-vdpa vhost-vdpa kernel backend support
+ opengl opengl support
+ pbs-bdrv Proxmox backup server read-only block driver support
- crypto-afalg Linux AF_ALG crypto backend driver
- debug-mutex mutex debugging support
- rng-none dummy RNG, avoid using /dev/(u)random and getrandom()
-@@ -3534,6 +3540,9 @@ if test "$xen" = "enabled" ; then
+ gio libgio support
+
+ NOTE: The object files are built at the place where configure is launched
+@@ -2848,6 +2854,9 @@ if test "$xen" = "enabled" ; then
echo "XEN_CFLAGS=$xen_cflags" >> $config_host_mak
echo "XEN_LIBS=$xen_libs" >> $config_host_mak
fi
@@ -356,22 +356,22 @@ index 48c21775f3..eda4e9225a 100755
echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
fi
diff --git a/meson.build b/meson.build
-index 1a4dfab4e2..85b3c63199 100644
+index 9476ccbe07..d3783a83e4 100644
--- a/meson.build
+++ b/meson.build
-@@ -3448,6 +3448,7 @@ summary_info += {'lzfse support': liblzfse}
+@@ -3743,6 +3743,7 @@ summary_info += {'bzip2 support': libbzip2}
+ summary_info += {'lzfse support': liblzfse}
summary_info += {'zstd support': zstd}
- summary_info += {'NUMA host support': config_host.has_key('CONFIG_NUMA')}
- summary_info += {'libxml2': libxml2}
+ summary_info += {'NUMA host support': numa}
+summary_info += {'PBS bdrv support': config_host.has_key('CONFIG_PBS_BDRV')}
summary_info += {'capstone': capstone_opt == 'internal' ? capstone_opt : capstone}
summary_info += {'libpmem support': libpmem}
summary_info += {'libdaxctl support': libdaxctl}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 5d8e2eb303..777863e33b 100644
+index abef91062a..68591cb343 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -3053,6 +3053,7 @@
+@@ -3073,6 +3073,7 @@
'luks', 'nbd', 'nfs', 'null-aio', 'null-co', 'nvme', 'parallels',
'preallocate', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'rbd',
{ 'name': 'replication', 'if': 'CONFIG_REPLICATION' },
@@ -379,7 +379,7 @@ index 5d8e2eb303..777863e33b 100644
'ssh', 'throttle', 'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
##
-@@ -3125,6 +3126,17 @@
+@@ -3145,6 +3146,17 @@
{ 'struct': 'BlockdevOptionsNull',
'data': { '*size': 'int', '*latency-ns': 'uint64', '*read-zeroes': 'bool' } }
@@ -397,7 +397,7 @@ index 5d8e2eb303..777863e33b 100644
##
# @BlockdevOptionsNVMe:
#
-@@ -4367,6 +4379,7 @@
+@@ -4405,6 +4417,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
diff --git a/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch b/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch
index 3df9eb6..0f1f0c6 100644
--- a/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch
+++ b/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch
@@ -33,7 +33,7 @@ index c15abefdda..4684789813 100644
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 777863e33b..cfd980b70f 100644
+index 68591cb343..7d25aa4fa1 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -867,6 +867,35 @@
diff --git a/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch b/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch
index 54b268f..d3ba75c 100644
--- a/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch
+++ b/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch
@@ -15,7 +15,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 159 insertions(+), 42 deletions(-)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index cfd7a60f32..b613190a3c 100644
+index c5c74ac1dc..df273f41fb 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -198,6 +198,7 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
@@ -359,7 +359,7 @@ index 4684789813..f90abaa50a 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index cfd980b70f..8833060385 100644
+index 7d25aa4fa1..69571d86eb 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -875,6 +875,8 @@
diff --git a/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch
index 9085387..89727a4 100644
--- a/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch
+++ b/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
-index 85b3c63199..31ba7d70d6 100644
+index d3783a83e4..715245ba20 100644
--- a/meson.build
+++ b/meson.build
-@@ -1203,6 +1203,7 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1268,6 +1268,7 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -25,7 +25,7 @@ index 85b3c63199..31ba7d70d6 100644
libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true)
# libselinux
-@@ -2571,6 +2572,7 @@ if have_block
+@@ -2861,6 +2862,7 @@ if have_block
# os-posix.c contains POSIX-specific functions used by qemu-storage-daemon,
# os-win32.c does not
blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
@@ -34,7 +34,7 @@ index 85b3c63199..31ba7d70d6 100644
endif
diff --git a/os-posix.c b/os-posix.c
-index ae6c9f2a5e..36807806bf 100644
+index 24692c8593..d1bc5ac12d 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -28,6 +28,8 @@
diff --git a/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch b/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch
index 3a56d3c..b85b914 100644
--- a/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch
+++ b/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch
@@ -11,10 +11,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 43 insertions(+)
diff --git a/include/qemu/job.h b/include/qemu/job.h
-index 6e67b6977f..60376c99ee 100644
+index c105b31076..5096679571 100644
--- a/include/qemu/job.h
+++ b/include/qemu/job.h
-@@ -294,6 +294,18 @@ typedef enum JobCreateFlags {
+@@ -316,6 +316,18 @@ typedef enum JobCreateFlags {
*/
JobTxn *job_txn_new(void);
@@ -34,7 +34,7 @@ index 6e67b6977f..60376c99ee 100644
* Release a reference that was previously acquired with job_txn_add_job or
* job_txn_new. If it's the last reference to the object, it will be freed.
diff --git a/job.c b/job.c
-index af25dd5b98..d0d152e697 100644
+index e5699ad200..34c9758349 100644
--- a/job.c
+++ b/job.c
@@ -72,6 +72,8 @@ struct JobTxn {
@@ -72,7 +72,7 @@ index af25dd5b98..d0d152e697 100644
static void job_txn_ref(JobTxn *txn)
{
txn->refcnt++;
-@@ -888,6 +909,9 @@ static void job_completed_txn_success(Job *job)
+@@ -897,6 +918,9 @@ static void job_completed_txn_success(Job *job)
*/
QLIST_FOREACH(other_job, &txn->jobs, txn_list) {
if (!job_is_completed(other_job)) {
@@ -82,7 +82,7 @@ index af25dd5b98..d0d152e697 100644
return;
}
assert(other_job->ret == 0);
-@@ -1082,6 +1106,13 @@ int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
+@@ -1093,6 +1117,13 @@ int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
return -EBUSY;
}
diff --git a/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch b/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
index 0367445..51a2b53 100644
--- a/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
+++ b/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
@@ -481,7 +481,7 @@ index 63c686463f..6f05796fad 100644
qemu_mutex_unlock(&backup_state.stat.lock);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 8833060385..6a67adf923 100644
+index 69571d86eb..e6c3687bea 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -774,12 +774,15 @@
diff --git a/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index 2463eb6..36c6d96 100644
--- a/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -36,7 +36,7 @@ index 465906710d..4f0aeceb6f 100644
+
#endif
diff --git a/migration/meson.build b/migration/meson.build
-index ea9aedeefc..c27dc9bd97 100644
+index 1e2aec8486..259e863a43 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -7,8 +7,10 @@ migration_files = files(
@@ -51,10 +51,10 @@ index ea9aedeefc..c27dc9bd97 100644
softmmu_ss.add(files(
'block-dirty-bitmap.c',
diff --git a/migration/migration.c b/migration/migration.c
-index abaf6f9e3d..d925fd7488 100644
+index 695f0f2900..6e17f8e91c 100644
--- a/migration/migration.c
+++ b/migration/migration.c
-@@ -213,6 +213,7 @@ void migration_object_init(void)
+@@ -214,6 +214,7 @@ void migration_object_init(void)
blk_mig_init();
ram_mig_init();
dirty_bitmap_mig_init();
@@ -187,7 +187,7 @@ index 6f05796fad..5fa3cc1352 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 6a67adf923..c99ddf8628 100644
+index e6c3687bea..05382a1069 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -883,6 +883,11 @@
diff --git a/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch b/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch
index ae11626..c30bb2b 100644
--- a/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch
+++ b/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch
@@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 30 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
-index 57aa07a40d..a8902b84d5 100644
+index 51f2a5eeaa..f11591ac94 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1386,12 +1386,42 @@ static char *get_initiator_name(QemuOpts *opts)
diff --git a/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch b/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
index fc78bfb..3de10a6 100644
--- a/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
+++ b/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
@@ -32,7 +32,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 files changed, 77 insertions(+), 196 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 4481b60a5c..c9849a5b29 100644
+index ea7b665aa2..ef45552e3b 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1016,7 +1016,7 @@ void hmp_info_snapshots(Monitor *mon, const QDict *qdict)
@@ -54,7 +54,7 @@ index 4481b60a5c..c9849a5b29 100644
Error *error = NULL;
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index d4bb00216e..4e21911fa6 100644
+index 994445f301..aaea875970 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -109,6 +109,7 @@ ERST
@@ -575,7 +575,7 @@ index 5fa3cc1352..323014744c 100644
BackupStatus *qmp_query_backup(Error **errp)
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index c99ddf8628..829dc7b8e9 100644
+index 05382a1069..f0399bf249 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -846,7 +846,7 @@
diff --git a/debian/patches/pve/0043-PBS-add-master-key-support.patch b/debian/patches/pve/0043-PBS-add-master-key-support.patch
index eeaf6ba..356cfd9 100644
--- a/debian/patches/pve/0043-PBS-add-master-key-support.patch
+++ b/debian/patches/pve/0043-PBS-add-master-key-support.patch
@@ -19,7 +19,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 11 insertions(+)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index c9849a5b29..52ddbf95ad 100644
+index ef45552e3b..4c799f00d9 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
@@ -58,7 +58,7 @@ index 323014744c..9f6c04a512 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 829dc7b8e9..d089328a1f 100644
+index f0399bf249..13e03ca154 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -817,6 +817,8 @@
diff --git a/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch b/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch
index fe0ec25..09e8d31 100644
--- a/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch
+++ b/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch
@@ -11,7 +11,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/stream.c b/block/stream.c
-index e45113aed6..c3c0c5febe 100644
+index 694709bd25..e09bd5c4ef 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -28,7 +28,7 @@ enum {
diff --git a/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch b/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
index 49f0f9d..d1d30b1 100644
--- a/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
+++ b/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+)
diff --git a/block/io.c b/block/io.c
-index 4e4cb556c5..04061f1e68 100644
+index 3280144a17..cd7ba08768 100644
--- a/block/io.c
+++ b/block/io.c
-@@ -1765,6 +1765,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
+@@ -1794,6 +1794,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
{
int ret;
diff --git a/debian/patches/pve/0047-block-add-alloc-track-driver.patch b/debian/patches/pve/0047-block-add-alloc-track-driver.patch
index 71790d8..1cf88ab 100644
--- a/debian/patches/pve/0047-block-add-alloc-track-driver.patch
+++ b/debian/patches/pve/0047-block-add-alloc-track-driver.patch
@@ -389,7 +389,7 @@ index 0000000000..6b50fbe537
+
+block_init(bdrv_alloc_track_init);
diff --git a/block/meson.build b/block/meson.build
-index 8c758c0218..45b72e10f1 100644
+index f94cc0cd25..1716febb1d 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -2,6 +2,7 @@ block_ss.add(genh)
diff --git a/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch b/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch
index ced1323..0496b93 100644
--- a/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch
+++ b/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/qapi/pragma.json b/qapi/pragma.json
-index 7c91ea3685..c3888d654c 100644
+index 41139d8645..a581acf7d4 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
-@@ -12,6 +12,7 @@
+@@ -15,6 +15,7 @@
'device_add',
'device_del',
'expire_password',
@@ -21,7 +21,7 @@ index 7c91ea3685..c3888d654c 100644
'migrate_cancel',
'netdev_add',
'netdev_del',
-@@ -60,6 +61,8 @@
+@@ -63,6 +64,8 @@
'SysEmuTarget', # query-cpu-fast, query-target
'UuidInfo', # query-uuid
'VncClientInfo', # query-vnc, query-vnc-servers, ...
diff --git a/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch b/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
index 62c1711..9b7c51e 100644
--- a/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
+++ b/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
@@ -12,7 +12,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
-index a49badb158..1039aec01c 100644
+index 33979b7430..68e9c80788 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -492,10 +492,10 @@ Command description:
@@ -30,7 +30,7 @@ index a49badb158..1039aec01c 100644
The data is by default read and written using blocks of 512 bytes but can be
modified by specifying *BLOCK_SIZE*. If count=\ *BLOCKS* is specified
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index f3b2b1b4de..e77ed9347f 100644
+index b5b0bb4467..36f97e1f19 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
@@ -46,10 +46,10 @@ index f3b2b1b4de..e77ed9347f 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 015d6d2ce4..7031195e32 100644
+index 35c2bdc95c..6e93bbd425 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4922,6 +4922,7 @@ static int img_dd(int argc, char **argv)
+@@ -4938,6 +4938,7 @@ static int img_dd(int argc, char **argv)
BlockDriver *drv = NULL, *proto_drv = NULL;
BlockBackend *blk1 = NULL, *blk2 = NULL;
QemuOpts *opts = NULL;
@@ -57,7 +57,7 @@ index 015d6d2ce4..7031195e32 100644
QemuOptsList *create_opts = NULL;
Error *local_err = NULL;
bool image_opts = false;
-@@ -4931,6 +4932,7 @@ static int img_dd(int argc, char **argv)
+@@ -4947,6 +4948,7 @@ static int img_dd(int argc, char **argv)
int64_t size = 0, readsize = 0;
int64_t block_count = 0, out_pos, in_pos;
bool force_share = false, skip_create = false;
@@ -65,7 +65,7 @@ index 015d6d2ce4..7031195e32 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -4968,7 +4970,7 @@ static int img_dd(int argc, char **argv)
+@@ -4984,7 +4986,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -74,7 +74,7 @@ index 015d6d2ce4..7031195e32 100644
if (c == EOF) {
break;
}
-@@ -4991,6 +4993,19 @@ static int img_dd(int argc, char **argv)
+@@ -5007,6 +5009,19 @@ static int img_dd(int argc, char **argv)
case 'n':
skip_create = true;
break;
@@ -94,7 +94,7 @@ index 015d6d2ce4..7031195e32 100644
case 'U':
force_share = true;
break;
-@@ -5050,11 +5065,24 @@ static int img_dd(int argc, char **argv)
+@@ -5066,11 +5081,24 @@ static int img_dd(int argc, char **argv)
if (dd.flags & C_IF) {
blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
force_share);
@@ -120,7 +120,7 @@ index 015d6d2ce4..7031195e32 100644
}
if (dd.flags & C_OSIZE) {
-@@ -5203,6 +5231,7 @@ static int img_dd(int argc, char **argv)
+@@ -5219,6 +5247,7 @@ static int img_dd(int argc, char **argv)
out:
g_free(arg);
qemu_opts_del(opts);
diff --git a/debian/patches/pve/0051-vma-allow-partial-restore.patch b/debian/patches/pve/0051-vma-allow-partial-restore.patch
index 670eb68..ede4d67 100644
--- a/debian/patches/pve/0051-vma-allow-partial-restore.patch
+++ b/debian/patches/pve/0051-vma-allow-partial-restore.patch
@@ -166,10 +166,10 @@ index 4f4ee2b47b..844d95a5ba 100644
}
diff --git a/vma.c b/vma.c
-index 89440733b1..21e765a469 100644
+index 91612d50a2..e1a750ff50 100644
--- a/vma.c
+++ b/vma.c
-@@ -138,6 +138,7 @@ typedef struct RestoreMap {
+@@ -139,6 +139,7 @@ typedef struct RestoreMap {
char *throttling_group;
char *cache;
bool write_zero;
@@ -177,7 +177,7 @@ index 89440733b1..21e765a469 100644
} RestoreMap;
static bool try_parse_option(char **line, const char *optname, char **out, const char *inbuf) {
-@@ -245,47 +246,61 @@ static int extract_content(int argc, char **argv)
+@@ -246,47 +247,61 @@ static int extract_content(int argc, char **argv)
char *bps = NULL;
char *group = NULL;
char *cache = NULL;
@@ -265,7 +265,7 @@ index 89440733b1..21e765a469 100644
if (!devname) {
g_error("read map failed - no dev name specified ('%s')",
inbuf);
-@@ -299,6 +314,7 @@ static int extract_content(int argc, char **argv)
+@@ -300,6 +315,7 @@ static int extract_content(int argc, char **argv)
map->throttling_group = group;
map->cache = cache;
map->write_zero = write_zero;
@@ -273,7 +273,7 @@ index 89440733b1..21e765a469 100644
g_hash_table_insert(devmap, map->devname, map);
-@@ -328,6 +344,7 @@ static int extract_content(int argc, char **argv)
+@@ -329,6 +345,7 @@ static int extract_content(int argc, char **argv)
const char *cache = NULL;
int flags = BDRV_O_RDWR;
bool write_zero = true;
@@ -281,7 +281,7 @@ index 89440733b1..21e765a469 100644
BlockBackend *blk = NULL;
-@@ -343,6 +360,7 @@ static int extract_content(int argc, char **argv)
+@@ -344,6 +361,7 @@ static int extract_content(int argc, char **argv)
throttling_group = map->throttling_group;
cache = map->cache;
write_zero = map->write_zero;
@@ -289,7 +289,7 @@ index 89440733b1..21e765a469 100644
} else {
devfn = g_strdup_printf("%s/tmp-disk-%s.raw",
dirname, di->devname);
-@@ -361,57 +379,60 @@ static int extract_content(int argc, char **argv)
+@@ -362,57 +380,60 @@ static int extract_content(int argc, char **argv)
write_zero = false;
}
diff --git a/debian/patches/pve/0052-pbs-namespace-support.patch b/debian/patches/pve/0052-pbs-namespace-support.patch
index 8d97602..67bda69 100644
--- a/debian/patches/pve/0052-pbs-namespace-support.patch
+++ b/debian/patches/pve/0052-pbs-namespace-support.patch
@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 52ddbf95ad..69c868887a 100644
+index 4c799f00d9..0502f42be6 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1041,6 +1041,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
@@ -202,7 +202,7 @@ index 9f6c04a512..f6a5f8c785 100644
backup_time,
dump_cb_block_size,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index d089328a1f..705f0c97ba 100644
+index 13e03ca154..89875f309c 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -821,6 +821,8 @@
@@ -222,7 +222,7 @@ index d089328a1f..705f0c97ba 100644
'*backup-id': 'str',
'*backup-time': 'int',
'*use-dirty-bitmap': 'bool',
-@@ -3236,7 +3239,7 @@
+@@ -3256,7 +3259,7 @@
{ 'struct': 'BlockdevOptionsPbs',
'data': { 'repository': 'str', 'snapshot': 'str', 'archive': 'str',
'*keyfile': 'str', '*password': 'str', '*fingerprint': 'str',
diff --git a/debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch b/debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
new file mode 100644
index 0000000..4fd82ac
--- /dev/null
+++ b/debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
@@ -0,0 +1,80 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Thu, 23 Jun 2022 14:00:05 +0200
+Subject: [PATCH] Revert "block/rbd: workaround for ceph issue #53784"
+
+This reverts commit fc176116cdea816ceb8dd969080b2b95f58edbc0 in
+preparation to revert 0347a8fd4c3faaedf119be04c197804be40a384b.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 42 ++----------------------------------------
+ 1 file changed, 2 insertions(+), 40 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 0cec24c86d..0a9b97aa5e 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1324,7 +1324,6 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ int status, r;
+ RBDDiffIterateReq req = { .offs = offset };
+ uint64_t features, flags;
+- uint64_t head = 0;
+
+ assert(offset + bytes <= s->image_size);
+
+@@ -1352,43 +1351,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ return status;
+ }
+
+-#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
+- /*
+- * librbd had a bug until early 2022 that affected all versions of ceph that
+- * supported fast-diff. This bug results in reporting of incorrect offsets
+- * if the offset parameter to rbd_diff_iterate2 is not object aligned.
+- * Work around this bug by rounding down the offset to object boundaries.
+- * This is OK because we call rbd_diff_iterate2 with whole_object = true.
+- * However, this workaround only works for non cloned images with default
+- * striping.
+- *
+- * See: https://tracker.ceph.com/issues/53784
+- */
+-
+- /* check if RBD image has non-default striping enabled */
+- if (features & RBD_FEATURE_STRIPINGV2) {
+- return status;
+- }
+-
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+- /*
+- * check if RBD image is a clone (= has a parent).
+- *
+- * rbd_get_parent_info is deprecated from Nautilus onwards, but the
+- * replacement rbd_get_parent is not present in Luminous and Mimic.
+- */
+- if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
+- return status;
+- }
+-#pragma GCC diagnostic pop
+-
+- head = req.offs & (s->object_size - 1);
+- req.offs -= head;
+- bytes += head;
+-#endif
+-
+- r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
++ r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
+ qemu_rbd_diff_iterate_cb, &req);
+ if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
+ return status;
+@@ -1407,8 +1370,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
+ }
+
+- assert(req.bytes > head);
+- *pnum = req.bytes - head;
++ *pnum = req.bytes;
+ return status;
+ }
+
diff --git a/debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch b/debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
new file mode 100644
index 0000000..6624c1d
--- /dev/null
+++ b/debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Thu, 23 Jun 2022 14:00:07 +0200
+Subject: [PATCH] Revert "block/rbd: fix handling of holes in
+ .bdrv_co_block_status"
+
+This reverts commit 9e302f64bb407a9bb097b626da97228c2654cfee in
+preparation to revert 0347a8fd4c3faaedf119be04c197804be40a384b.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 0a9b97aa5e..1c585d23e9 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1283,11 +1283,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
+ RBDDiffIterateReq *req = opaque;
+
+ assert(req->offs + req->bytes <= offs);
+-
+- /* treat a hole like an unallocated area and bail out */
+- if (!exists) {
+- return 0;
+- }
++ /*
++ * we do not diff against a snapshot so we should never receive a callback
++ * for a hole.
++ */
++ assert(exists);
+
+ if (!req->exists && offs > req->offs) {
+ /*
diff --git a/debian/patches/pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch b/debian/patches/pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
similarity index 97%
rename from debian/patches/pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
rename to debian/patches/pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
index d3c6a71..13e71b7 100644
--- a/debian/patches/pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
+++ b/debian/patches/pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
@@ -23,7 +23,7 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 112 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index a4b8fb482c..3393b06a4e 100644
+index 1c585d23e9..1704767041 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -97,12 +97,6 @@ typedef struct RBDTask {
@@ -39,7 +39,7 @@ index a4b8fb482c..3393b06a4e 100644
static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
BlockdevOptionsRbd *opts, bool cache,
const char *keypairs, const char *secretid,
-@@ -1267,111 +1261,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
+@@ -1269,111 +1263,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
return spec_info;
}
@@ -151,7 +151,7 @@ index a4b8fb482c..3393b06a4e 100644
static int64_t qemu_rbd_getlength(BlockDriverState *bs)
{
BDRVRBDState *s = bs->opaque;
-@@ -1607,7 +1496,6 @@ static BlockDriver bdrv_rbd = {
+@@ -1609,7 +1498,6 @@ static BlockDriver bdrv_rbd = {
#ifdef LIBRBD_SUPPORTS_WRITE_ZEROES
.bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes,
#endif
diff --git a/debian/patches/pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch b/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
similarity index 100%
rename from debian/patches/pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
rename to debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
diff --git a/debian/patches/pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch b/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
similarity index 100%
rename from debian/patches/pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
rename to debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
diff --git a/debian/patches/pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch b/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
similarity index 100%
rename from debian/patches/pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
rename to debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
diff --git a/debian/patches/pve/0057-vma-create-support-64KiB-unaligned-input-images.patch b/debian/patches/pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
similarity index 92%
rename from debian/patches/pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
rename to debian/patches/pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
index 7d9a07d..3097cf6 100644
--- a/debian/patches/pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
+++ b/debian/patches/pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
@@ -25,10 +25,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/vma.c b/vma.c
-index 21e765a469..6d02b29047 100644
+index e1a750ff50..b1137e27a7 100644
--- a/vma.c
+++ b/vma.c
-@@ -548,7 +548,7 @@ static void coroutine_fn backup_run(void *opaque)
+@@ -549,7 +549,7 @@ static void coroutine_fn backup_run(void *opaque)
struct iovec iov;
QEMUIOVector qiov;
@@ -37,7 +37,7 @@ index 21e765a469..6d02b29047 100644
int ret = 0;
unsigned char *buf = blk_blockalign(job->target, VMA_CLUSTER_SIZE);
-@@ -562,8 +562,16 @@ static void coroutine_fn backup_run(void *opaque)
+@@ -563,8 +563,16 @@ static void coroutine_fn backup_run(void *opaque)
iov.iov_len = VMA_CLUSTER_SIZE;
qemu_iovec_init_external(&qiov, &iov, 1);
diff --git a/debian/patches/pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch b/debian/patches/pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
similarity index 88%
rename from debian/patches/pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
rename to debian/patches/pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
index 586f2ba..c7961ae 100644
--- a/debian/patches/pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
+++ b/debian/patches/pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
@@ -11,10 +11,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 2 insertions(+)
diff --git a/vma-writer.c b/vma-writer.c
-index 11d8321ffd..29567cba68 100644
+index df4b20793d..ac7da237d0 100644
--- a/vma-writer.c
+++ b/vma-writer.c
-@@ -310,6 +310,8 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
+@@ -311,6 +311,8 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
}
if (vmaw->fd < 0) {
diff --git a/debian/patches/pve/0059-block-alloc-track-avoid-premature-break.patch b/debian/patches/pve/0061-block-alloc-track-avoid-premature-break.patch
similarity index 100%
rename from debian/patches/pve/0059-block-alloc-track-avoid-premature-break.patch
rename to debian/patches/pve/0061-block-alloc-track-avoid-premature-break.patch
diff --git a/debian/patches/series b/debian/patches/series
index dc51355..6fa7ca8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,22 +1,5 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
-extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
-extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
-extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
-extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
-extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
-extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
-extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
-extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
-extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
-extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
-extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
-extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
-extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
-extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
-extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
-extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
-extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -75,10 +58,12 @@ pve/0049-PVE-savevm-async-register-yank-before-migration_inco.patch
pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
pve/0051-vma-allow-partial-restore.patch
pve/0052-pbs-namespace-support.patch
-pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
-pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
-pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
-pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
-pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
-pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
-pve/0059-block-alloc-track-avoid-premature-break.patch
+pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
+pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
+pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
+pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
+pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
+pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
+pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
+pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
+pve/0061-block-alloc-track-avoid-premature-break.patch
diff --git a/qemu b/qemu
index 44f28df..823a3f1 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit 44f28df24767cf9dca1ddc9b23157737c4cbb645
+Subproject commit 823a3f11fb8f04c3c3cc0f95f968fef1bfc6534f
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0 Fabian Ebner
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
See QEMU commits 9e8be4c546ce8469ca9702715bf8f198d604b685 and
a5730b8bd3675f484ed0eacea052452048eeb35d for more information.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
debian/rules | 2 --
1 file changed, 2 deletions(-)
diff --git a/debian/rules b/debian/rules
index 6814f42..5e03193 100755
--- a/debian/rules
+++ b/debian/rules
@@ -58,7 +58,6 @@ ${BUILDDIR}/config.status: configure
--disable-guest-agent-msi \
--disable-libnfs \
--disable-libssh \
- --disable-libxml2 \
--disable-sdl \
--disable-smartcard \
--disable-strip \
@@ -80,7 +79,6 @@ ${BUILDDIR}/config.status: configure
--enable-virglrenderer \
--enable-virtfs \
--enable-virtiofsd \
- --enable-xfsctl \
--enable-zstd
build: build-stamp
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0 Fabian Ebner
2022-06-30 11:16 ` [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0 Wolfgang Bumiller
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
debian/rules | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/debian/rules b/debian/rules
index 5e03193..6192fe7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -132,8 +132,8 @@ install: build
# remove Alpha files
rm $(destdir)/usr/share/kvm/palcode-clipper
# remove RISC-V files
- rm $(destdir)/usr/share/kvm/opensbi-riscv32-generic-fw_dynamic.elf
- rm $(destdir)/usr/share/kvm/opensbi-riscv64-generic-fw_dynamic.elf
+ rm $(destdir)/usr/share/kvm/opensbi-riscv32-generic-fw_dynamic.bin
+ rm $(destdir)/usr/share/kvm/opensbi-riscv64-generic-fw_dynamic.bin
# Remove things we don't package at all, would be a "kvm-dev" package
rm -Rf $(destdir)/usr/include/linux/
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
` (2 preceding siblings ...)
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0 Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-30 11:16 ` [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0 Wolfgang Bumiller
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
coming in via qemu-stable (except for the vdmk fix, which was tagged
for-7.0 on the qemu-devel list, but didn't make it into the release).
Also took the chance to switch the gluster fix to the version that
made it into upstream.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
...rrectly-set-max_pdiscard-which-is-in.patch | 38 ------
...k-gluster-correctly-set-max_pdiscard.patch | 47 +++++++
...003-block-vmdk-Fix-reopening-bs-file.patch | 129 ++++++++++++++++++
...balanced-plugged-counter-in-laio_io_.patch | 44 ++++++
...erflow-in-snprintf-string-formatting.patch | 100 ++++++++++++++
...Fix-disabling-MPX-on-cpu-host-with-M.patch | 48 +++++++
...ontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 121 ++++++++++++++++
...outine-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 123 +++++++++++++++++
...ame-qemu_coroutine_inc-dec_pool_size.patch | 90 ++++++++++++
...outine-Revert-to-constant-batch-size.patch | 121 ++++++++++++++++
...-not-consult-nonexistent-host-leaves.patch | 117 ++++++++++++++++
...ctrl-and-event-handler-functions-in-.patch | 108 +++++++++++++++
...t-waste-CPU-polling-the-event-virtqu.patch | 91 ++++++++++++
...k-descriptor-chain-in-private-at-SVQ.patch | 102 ++++++++++++++
...Fix-device-s-used-descriptor-dequeue.patch | 62 +++++++++
...ex-calculus-at-vhost_vdpa_get_vring_.patch | 39 ++++++
...ex-calculus-at-vhost_vdpa_svqs_start.patch | 35 +++++
...virtio-Replace-g_memdup-by-g_memdup2.patch | 74 ++++++++++
...Fix-element-in-vhost_svq_add-failure.patch | 47 +++++++
debian/patches/series | 19 ++-
20 files changed, 1516 insertions(+), 39 deletions(-)
delete mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
create mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
create mode 100644 debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
create mode 100644 debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
create mode 100644 debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
create mode 100644 debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
create mode 100644 debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
create mode 100644 debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
create mode 100644 debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
create mode 100644 debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
create mode 100644 debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
create mode 100644 debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
create mode 100644 debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
create mode 100644 debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
create mode 100644 debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
create mode 100644 debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
create mode 100644 debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
create mode 100644 debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
create mode 100644 debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
diff --git a/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
deleted file mode 100644
index 91676e4..0000000
--- a/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Fri, 6 May 2022 14:38:35 +0200
-Subject: [PATCH] block/gluster: correctly set max_pdiscard which is int64_t
-
-Previously, max_pdiscard would be zero in the following assertion:
-qemu-system-x86_64: ../block/io.c:3166: bdrv_co_pdiscard: Assertion
-`max_pdiscard >= bs->bl.request_alignment' failed.
-
-Fixes: 0c8022876f ("block: use int64_t instead of int in driver discard handlers")
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/gluster.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/block/gluster.c b/block/gluster.c
-index 398976bc66..592e71b22a 100644
---- a/block/gluster.c
-+++ b/block/gluster.c
-@@ -891,7 +891,7 @@ out:
- static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
- {
- bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
-- bs->bl.max_pdiscard = SIZE_MAX;
-+ bs->bl.max_pdiscard = INT64_MAX;
- }
-
- static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
-@@ -1304,7 +1304,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
- GlusterAIOCB acb;
- BDRVGlusterState *s = bs->opaque;
-
-- assert(bytes <= SIZE_MAX); /* rely on max_pdiscard */
-+ assert(bytes <= INT64_MAX); /* rely on max_pdiscard */
-
- acb.size = 0;
- acb.ret = 0;
diff --git a/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
new file mode 100644
index 0000000..c0b8ee0
--- /dev/null
+++ b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Fri, 20 May 2022 09:59:22 +0200
+Subject: [PATCH] block/gluster: correctly set max_pdiscard
+
+On 64-bit platforms, assigning SIZE_MAX to the int64_t max_pdiscard
+results in a negative value, and the following assertion would trigger
+down the line (it's not the same max_pdiscard, but computed from the
+other one):
+qemu-system-x86_64: ../block/io.c:3166: bdrv_co_pdiscard: Assertion
+`max_pdiscard >= bs->bl.request_alignment' failed.
+
+On 32-bit platforms, it's fine to keep using SIZE_MAX.
+
+The assertion in qemu_gluster_co_pdiscard() is checking that the value
+of 'bytes' can safely be passed to glfs_discard_async(), which takes a
+size_t for the argument in question, so it is kept as is. And since
+max_pdiscard is still <= SIZE_MAX, relying on max_pdiscard is still
+fine.
+
+Fixes: 0c8022876f ("block: use int64_t instead of int in driver discard handlers")
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Message-Id: <20220520075922.43972-1-f.ebner@proxmox.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 9b38fc56c054c7de65fa3bf7cdd82b32654f6b7d)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/gluster.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/block/gluster.c b/block/gluster.c
+index 80b75cb96c..1079b6186b 100644
+--- a/block/gluster.c
++++ b/block/gluster.c
+@@ -901,7 +901,7 @@ out:
+ static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
+ {
+ bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
+- bs->bl.max_pdiscard = SIZE_MAX;
++ bs->bl.max_pdiscard = MIN(SIZE_MAX, INT64_MAX);
+ }
+
+ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
diff --git a/debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch b/debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
new file mode 100644
index 0000000..65c43de
--- /dev/null
+++ b/debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
@@ -0,0 +1,129 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hanna Reitz <hreitz@redhat.com>
+Date: Mon, 14 Mar 2022 17:27:18 +0100
+Subject: [PATCH] block/vmdk: Fix reopening bs->file
+
+VMDK disk data is stored in extents, which may or may not be separate
+from bs->file. VmdkExtent.file points to where they are stored. Each
+that is stored in bs->file will simply reuse the exact pointer value of
+bs->file.
+
+(That is why vmdk_free_extents() will unref VmdkExtent.file (e->file)
+only if e->file != bs->file.)
+
+Reopen operations can change bs->file (they will replace the whole
+BdrvChild object, not just the BDS stored in that BdrvChild), and then
+we will need to change all .file pointers of all such VmdkExtents to
+point to the new BdrvChild.
+
+In vmdk_reopen_prepare(), we have to check which VmdkExtents are
+affected, and in vmdk_reopen_commit(), we can modify them. We have to
+split this because:
+- The new BdrvChild is created only after prepare, so we can change
+ VmdkExtent.file only in commit
+- In commit, there no longer is any (valid) reference to the old
+ BdrvChild object, so there would be nothing to compare VmdkExtent.file
+ against to see whether it was equal to bs->file before reopening
+ (There is BDRVReopenState.old_file_bs, but the old bs->file
+ BdrvChild's .bs pointer will be NULL-ed when the new BdrvChild is
+ created, and so we cannot compare VmdkExtent.file->bs against
+ BDRVReopenState.old_file_bs)
+
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+Message-Id: <20220314162719.65384-2-hreitz@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 6d17e2879854d7d0e623c06a9286085e97bf3545)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/vmdk.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 55 insertions(+), 1 deletion(-)
+
+diff --git a/block/vmdk.c b/block/vmdk.c
+index 37c0946066..38e5ab3806 100644
+--- a/block/vmdk.c
++++ b/block/vmdk.c
+@@ -178,6 +178,10 @@ typedef struct BDRVVmdkState {
+ char *create_type;
+ } BDRVVmdkState;
+
++typedef struct BDRVVmdkReopenState {
++ bool *extents_using_bs_file;
++} BDRVVmdkReopenState;
++
+ typedef struct VmdkMetaData {
+ unsigned int l1_index;
+ unsigned int l2_index;
+@@ -400,15 +404,63 @@ static int vmdk_is_cid_valid(BlockDriverState *bs)
+ return 1;
+ }
+
+-/* We have nothing to do for VMDK reopen, stubs just return success */
+ static int vmdk_reopen_prepare(BDRVReopenState *state,
+ BlockReopenQueue *queue, Error **errp)
+ {
++ BDRVVmdkState *s;
++ BDRVVmdkReopenState *rs;
++ int i;
++
+ assert(state != NULL);
+ assert(state->bs != NULL);
++ assert(state->opaque == NULL);
++
++ s = state->bs->opaque;
++
++ rs = g_new0(BDRVVmdkReopenState, 1);
++ state->opaque = rs;
++
++ /*
++ * Check whether there are any extents stored in bs->file; if bs->file
++ * changes, we will need to update their .file pointers to follow suit
++ */
++ rs->extents_using_bs_file = g_new(bool, s->num_extents);
++ for (i = 0; i < s->num_extents; i++) {
++ rs->extents_using_bs_file[i] = s->extents[i].file == state->bs->file;
++ }
++
+ return 0;
+ }
+
++static void vmdk_reopen_clean(BDRVReopenState *state)
++{
++ BDRVVmdkReopenState *rs = state->opaque;
++
++ g_free(rs->extents_using_bs_file);
++ g_free(rs);
++ state->opaque = NULL;
++}
++
++static void vmdk_reopen_commit(BDRVReopenState *state)
++{
++ BDRVVmdkState *s = state->bs->opaque;
++ BDRVVmdkReopenState *rs = state->opaque;
++ int i;
++
++ for (i = 0; i < s->num_extents; i++) {
++ if (rs->extents_using_bs_file[i]) {
++ s->extents[i].file = state->bs->file;
++ }
++ }
++
++ vmdk_reopen_clean(state);
++}
++
++static void vmdk_reopen_abort(BDRVReopenState *state)
++{
++ vmdk_reopen_clean(state);
++}
++
+ static int vmdk_parent_open(BlockDriverState *bs)
+ {
+ char *p_name;
+@@ -3072,6 +3124,8 @@ static BlockDriver bdrv_vmdk = {
+ .bdrv_open = vmdk_open,
+ .bdrv_co_check = vmdk_co_check,
+ .bdrv_reopen_prepare = vmdk_reopen_prepare,
++ .bdrv_reopen_commit = vmdk_reopen_commit,
++ .bdrv_reopen_abort = vmdk_reopen_abort,
+ .bdrv_child_perm = bdrv_default_perms,
+ .bdrv_co_preadv = vmdk_co_preadv,
+ .bdrv_co_pwritev = vmdk_co_pwritev,
diff --git a/debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch b/debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
new file mode 100644
index 0000000..cf130ac
--- /dev/null
+++ b/debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Thu, 9 Jun 2022 17:47:11 +0100
+Subject: [PATCH] linux-aio: fix unbalanced plugged counter in laio_io_unplug()
+
+Every laio_io_plug() call has a matching laio_io_unplug() call. There is
+a plugged counter that tracks the number of levels of plugging and
+allows for nesting.
+
+The plugged counter must reflect the balance between laio_io_plug() and
+laio_io_unplug() calls accurately. Otherwise I/O stalls occur since
+io_submit(2) calls are skipped while plugged.
+
+Reported-by: Nikolay Tenev <nt@storpool.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Message-id: 20220609164712.1539045-2-stefanha@redhat.com
+Cc: Stefano Garzarella <sgarzare@redhat.com>
+Fixes: 68d7946648 ("linux-aio: add `dev_max_batch` parameter to laio_io_unplug()")
+[Stefano Garzarella suggested adding a Fixes tag.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry-picked from commit f387cac5af030a58ac5a0dacf64cab5e5a4fe5c7)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/linux-aio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/block/linux-aio.c b/block/linux-aio.c
+index 4c423fcccf..6078da7e42 100644
+--- a/block/linux-aio.c
++++ b/block/linux-aio.c
+@@ -363,8 +363,10 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
+ uint64_t dev_max_batch)
+ {
+ assert(s->io_q.plugged);
++ s->io_q.plugged--;
++
+ if (s->io_q.in_queue >= laio_max_batch(s, dev_max_batch) ||
+- (--s->io_q.plugged == 0 &&
++ (!s->io_q.plugged &&
+ !s->io_q.blocked && !QSIMPLEQ_EMPTY(&s->io_q.pending))) {
+ ioq_submit(s);
+ }
diff --git a/debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch b/debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
new file mode 100644
index 0000000..3f2dfa9
--- /dev/null
+++ b/debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
@@ -0,0 +1,100 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Claudio Fontana <cfontana@suse.de>
+Date: Tue, 31 May 2022 13:47:07 +0200
+Subject: [PATCH] pci: fix overflow in snprintf string formatting
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+the code in pcibus_get_fw_dev_path contained the potential for a
+stack buffer overflow of 1 byte, potentially writing to the stack an
+extra NUL byte.
+
+This overflow could happen if the PCI slot is >= 0x10000000,
+and the PCI function is >= 0x10000000, due to the size parameter
+of snprintf being incorrectly calculated in the call:
+
+ if (PCI_FUNC(d->devfn))
+ snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+
+since the off obtained from a previous call to snprintf is added
+instead of subtracted from the total available size of the buffer.
+
+Without the accurate size guard from snprintf, we end up writing in the
+worst case:
+
+name (32) + "@" (1) + SLOT (8) + "," (1) + FUNC (8) + term NUL (1) = 51 bytes
+
+In order to provide something more robust, replace all of the code in
+pcibus_get_fw_dev_path with a single call to g_strdup_printf,
+so there is no need to rely on manual calculations.
+
+Found by compiling QEMU with FORTIFY_SOURCE=3 as the error:
+
+*** buffer overflow detected ***: terminated
+
+Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
+[Switching to Thread 0x7ffff642c380 (LWP 121307)]
+0x00007ffff71ff55c in __pthread_kill_implementation () from /lib64/libc.so.6
+(gdb) bt
+ #0 0x00007ffff71ff55c in __pthread_kill_implementation () at /lib64/libc.so.6
+ #1 0x00007ffff71ac6f6 in raise () at /lib64/libc.so.6
+ #2 0x00007ffff7195814 in abort () at /lib64/libc.so.6
+ #3 0x00007ffff71f279e in __libc_message () at /lib64/libc.so.6
+ #4 0x00007ffff729767a in __fortify_fail () at /lib64/libc.so.6
+ #5 0x00007ffff7295c36 in () at /lib64/libc.so.6
+ #6 0x00007ffff72957f5 in __snprintf_chk () at /lib64/libc.so.6
+ #7 0x0000555555b1c1fd in pcibus_get_fw_dev_path ()
+ #8 0x0000555555f2bde4 in qdev_get_fw_dev_path_helper.constprop ()
+ #9 0x0000555555f2bd86 in qdev_get_fw_dev_path_helper.constprop ()
+ #10 0x00005555559a6e5d in get_boot_device_path ()
+ #11 0x00005555559a712c in get_boot_devices_list ()
+ #12 0x0000555555b1a3d0 in fw_cfg_machine_reset ()
+ #13 0x0000555555bf4c2d in pc_machine_reset ()
+ #14 0x0000555555c66988 in qemu_system_reset ()
+ #15 0x0000555555a6dff6 in qdev_machine_creation_done ()
+ #16 0x0000555555c79186 in qmp_x_exit_preconfig.part ()
+ #17 0x0000555555c7b459 in qemu_init ()
+ #18 0x0000555555960a29 in main ()
+
+Found-by: Dario Faggioli <Dario Faggioli <dfaggioli@suse.com>
+Found-by: Martin Liška <martin.liska@suse.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Claudio Fontana <cfontana@suse.de>
+Message-Id: <20220531114707.18830-1-cfontana@suse.de>
+Reviewed-by: Ani Sinha <ani@anisinha.ca>
+(cherry-picked from commit 36f18c6989a3d1ff1d7a0e50b0868ef3958299b4)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/pci/pci.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index dae9119bfe..c69b412434 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -2625,15 +2625,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
+ static char *pcibus_get_fw_dev_path(DeviceState *dev)
+ {
+ PCIDevice *d = (PCIDevice *)dev;
+- char path[50], name[33];
+- int off;
+-
+- off = snprintf(path, sizeof(path), "%s@%x",
+- pci_dev_fw_name(dev, name, sizeof name),
+- PCI_SLOT(d->devfn));
+- if (PCI_FUNC(d->devfn))
+- snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+- return g_strdup(path);
++ char name[33];
++ int has_func = !!PCI_FUNC(d->devfn);
++
++ return g_strdup_printf("%s@%x%s%.*x",
++ pci_dev_fw_name(dev, name, sizeof(name)),
++ PCI_SLOT(d->devfn),
++ has_func ? "," : "",
++ has_func,
++ PCI_FUNC(d->devfn));
+ }
+
+ static char *pcibus_get_dev_path(DeviceState *dev)
diff --git a/debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch b/debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
new file mode 100644
index 0000000..d393ed1
--- /dev/null
+++ b/debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
+Date: Mon, 23 May 2022 18:26:58 +0200
+Subject: [PATCH] target/i386/kvm: Fix disabling MPX on "-cpu host" with
+ MPX-capable host
+
+Since KVM commit 5f76f6f5ff96 ("KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled")
+it is not possible to disable MPX on a "-cpu host" just by adding "-mpx"
+there if the host CPU does indeed support MPX.
+QEMU will fail to set MSR_IA32_VMX_TRUE_{EXIT,ENTRY}_CTLS MSRs in this case
+and so trigger an assertion failure.
+
+Instead, besides "-mpx" one has to explicitly add also
+"-vmx-exit-clear-bndcfgs" and "-vmx-entry-load-bndcfgs" to QEMU command
+line to make it work, which is a bit convoluted.
+
+Make the MPX-related bits in FEAT_VMX_{EXIT,ENTRY}_CTLS dependent on MPX
+being actually enabled so such workarounds are no longer necessary.
+
+Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
+Message-Id: <51aa2125c76363204cc23c27165e778097c33f0b.1653323077.git.maciej.szmigiero@oracle.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 267b5e7e378afd260004cb37a66a6fcd641e3b53)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ target/i386/cpu.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index cb6b5467d0..6e6945139b 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1327,6 +1327,14 @@ static FeatureDep feature_dependencies[] = {
+ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_INVPCID },
+ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_INVPCID },
+ },
++ {
++ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_MPX },
++ .to = { FEAT_VMX_EXIT_CTLS, VMX_VM_EXIT_CLEAR_BNDCFGS },
++ },
++ {
++ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_MPX },
++ .to = { FEAT_VMX_ENTRY_CTLS, VMX_VM_ENTRY_LOAD_BNDCFGS },
++ },
+ {
+ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_RDSEED },
+ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_RDSEED_EXITING },
diff --git a/debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..6c4d523
--- /dev/null
+++ b/debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Mon, 7 Mar 2022 15:38:51 +0000
+Subject: [PATCH] coroutine-ucontext: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-2-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 34145a307d849d0b6734d0222a7aa0bb9eef7407)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ util/coroutine-ucontext.c | 38 ++++++++++++++++++++++++--------------
+ 1 file changed, 24 insertions(+), 14 deletions(-)
+
+diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
+index 904b375192..127d5a13c8 100644
+--- a/util/coroutine-ucontext.c
++++ b/util/coroutine-ucontext.c
+@@ -25,6 +25,7 @@
+ #include "qemu/osdep.h"
+ #include <ucontext.h>
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+
+ #ifdef CONFIG_VALGRIND_H
+ #include <valgrind/valgrind.h>
+@@ -66,8 +67,8 @@ typedef struct {
+ /**
+ * Per-thread coroutine bookkeeping
+ */
+-static __thread CoroutineUContext leader;
+-static __thread Coroutine *current;
++QEMU_DEFINE_STATIC_CO_TLS(Coroutine *, current);
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineUContext, leader);
+
+ /*
+ * va_args to makecontext() must be type 'int', so passing
+@@ -97,14 +98,15 @@ static inline __attribute__((always_inline))
+ void finish_switch_fiber(void *fake_stack_save)
+ {
+ #ifdef CONFIG_ASAN
++ CoroutineUContext *leaderp = get_ptr_leader();
+ const void *bottom_old;
+ size_t size_old;
+
+ __sanitizer_finish_switch_fiber(fake_stack_save, &bottom_old, &size_old);
+
+- if (!leader.stack) {
+- leader.stack = (void *)bottom_old;
+- leader.stack_size = size_old;
++ if (!leaderp->stack) {
++ leaderp->stack = (void *)bottom_old;
++ leaderp->stack_size = size_old;
+ }
+ #endif
+ #ifdef CONFIG_TSAN
+@@ -161,8 +163,10 @@ static void coroutine_trampoline(int i0, int i1)
+
+ /* Initialize longjmp environment and switch back the caller */
+ if (!sigsetjmp(self->env, 0)) {
+- start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save, leader.stack,
+- leader.stack_size);
++ CoroutineUContext *leaderp = get_ptr_leader();
++
++ start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save,
++ leaderp->stack, leaderp->stack_size);
+ start_switch_fiber_tsan(&fake_stack_save, self, true); /* true=caller */
+ siglongjmp(*(sigjmp_buf *)co->entry_arg, 1);
+ }
+@@ -297,7 +301,7 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+ int ret;
+ void *fake_stack_save = NULL;
+
+- current = to_;
++ set_current(to_);
+
+ ret = sigsetjmp(from->env, 0);
+ if (ret == 0) {
+@@ -315,18 +319,24 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+
+ Coroutine *qemu_coroutine_self(void)
+ {
+- if (!current) {
+- current = &leader.base;
++ Coroutine *self = get_current();
++ CoroutineUContext *leaderp = get_ptr_leader();
++
++ if (!self) {
++ self = &leaderp->base;
++ set_current(self);
+ }
+ #ifdef CONFIG_TSAN
+- if (!leader.tsan_co_fiber) {
+- leader.tsan_co_fiber = __tsan_get_current_fiber();
++ if (!leaderp->tsan_co_fiber) {
++ leaderp->tsan_co_fiber = __tsan_get_current_fiber();
+ }
+ #endif
+- return current;
++ return self;
+ }
+
+ bool qemu_in_coroutine(void)
+ {
+- return current && current->caller;
++ Coroutine *self = get_current();
++
++ return self && self->caller;
+ }
diff --git a/debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..b5c4d3b
--- /dev/null
+++ b/debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,123 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Mon, 7 Mar 2022 15:38:52 +0000
+Subject: [PATCH] coroutine: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+The alloc_pool QSLIST needs a typedef so the return value of
+get_ptr_alloc_pool() can be stored in a local variable.
+
+One example of why this code is necessary: a coroutine that yields
+before calling qemu_coroutine_create() to create another coroutine is
+affected by the TLS issue.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-3-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit ac387a08a9c9f6b36757da912f0339c25f421f90)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ util/qemu-coroutine.c | 41 ++++++++++++++++++++++++-----------------
+ 1 file changed, 24 insertions(+), 17 deletions(-)
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index c03b2422ff..f3e8300c8d 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -18,6 +18,7 @@
+ #include "qemu/atomic.h"
+ #include "qemu/coroutine.h"
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+ #include "block/aio.h"
+
+ /** Initial batch size is 64, and is increased on demand */
+@@ -29,17 +30,20 @@ enum {
+ static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
+ static unsigned int pool_batch_size = POOL_INITIAL_BATCH_SIZE;
+ static unsigned int release_pool_size;
+-static __thread QSLIST_HEAD(, Coroutine) alloc_pool = QSLIST_HEAD_INITIALIZER(pool);
+-static __thread unsigned int alloc_pool_size;
+-static __thread Notifier coroutine_pool_cleanup_notifier;
++
++typedef QSLIST_HEAD(, Coroutine) CoroutineQSList;
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineQSList, alloc_pool);
++QEMU_DEFINE_STATIC_CO_TLS(unsigned int, alloc_pool_size);
++QEMU_DEFINE_STATIC_CO_TLS(Notifier, coroutine_pool_cleanup_notifier);
+
+ static void coroutine_pool_cleanup(Notifier *n, void *value)
+ {
+ Coroutine *co;
+ Coroutine *tmp;
++ CoroutineQSList *alloc_pool = get_ptr_alloc_pool();
+
+- QSLIST_FOREACH_SAFE(co, &alloc_pool, pool_next, tmp) {
+- QSLIST_REMOVE_HEAD(&alloc_pool, pool_next);
++ QSLIST_FOREACH_SAFE(co, alloc_pool, pool_next, tmp) {
++ QSLIST_REMOVE_HEAD(alloc_pool, pool_next);
+ qemu_coroutine_delete(co);
+ }
+ }
+@@ -49,27 +53,30 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
+ Coroutine *co = NULL;
+
+ if (CONFIG_COROUTINE_POOL) {
+- co = QSLIST_FIRST(&alloc_pool);
++ CoroutineQSList *alloc_pool = get_ptr_alloc_pool();
++
++ co = QSLIST_FIRST(alloc_pool);
+ if (!co) {
+ if (release_pool_size > qatomic_read(&pool_batch_size)) {
+ /* Slow path; a good place to register the destructor, too. */
+- if (!coroutine_pool_cleanup_notifier.notify) {
+- coroutine_pool_cleanup_notifier.notify = coroutine_pool_cleanup;
+- qemu_thread_atexit_add(&coroutine_pool_cleanup_notifier);
++ Notifier *notifier = get_ptr_coroutine_pool_cleanup_notifier();
++ if (!notifier->notify) {
++ notifier->notify = coroutine_pool_cleanup;
++ qemu_thread_atexit_add(notifier);
+ }
+
+ /* This is not exact; there could be a little skew between
+ * release_pool_size and the actual size of release_pool. But
+ * it is just a heuristic, it does not need to be perfect.
+ */
+- alloc_pool_size = qatomic_xchg(&release_pool_size, 0);
+- QSLIST_MOVE_ATOMIC(&alloc_pool, &release_pool);
+- co = QSLIST_FIRST(&alloc_pool);
++ set_alloc_pool_size(qatomic_xchg(&release_pool_size, 0));
++ QSLIST_MOVE_ATOMIC(alloc_pool, &release_pool);
++ co = QSLIST_FIRST(alloc_pool);
+ }
+ }
+ if (co) {
+- QSLIST_REMOVE_HEAD(&alloc_pool, pool_next);
+- alloc_pool_size--;
++ QSLIST_REMOVE_HEAD(alloc_pool, pool_next);
++ set_alloc_pool_size(get_alloc_pool_size() - 1);
+ }
+ }
+
+@@ -93,9 +100,9 @@ static void coroutine_delete(Coroutine *co)
+ qatomic_inc(&release_pool_size);
+ return;
+ }
+- if (alloc_pool_size < qatomic_read(&pool_batch_size)) {
+- QSLIST_INSERT_HEAD(&alloc_pool, co, pool_next);
+- alloc_pool_size++;
++ if (get_alloc_pool_size() < qatomic_read(&pool_batch_size)) {
++ QSLIST_INSERT_HEAD(get_ptr_alloc_pool(), co, pool_next);
++ set_alloc_pool_size(get_alloc_pool_size() + 1);
+ return;
+ }
+ }
diff --git a/debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch b/debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
new file mode 100644
index 0000000..9459471
--- /dev/null
+++ b/debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
@@ -0,0 +1,90 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Tue, 10 May 2022 17:10:19 +0200
+Subject: [PATCH] coroutine: Rename qemu_coroutine_inc/dec_pool_size()
+
+It's true that these functions currently affect the batch size in which
+coroutines are reused (i.e. moved from the global release pool to the
+allocation pool of a specific thread), but this is a bug and will be
+fixed in a separate patch.
+
+In fact, the comment in the header file already just promises that it
+influences the pool size, so reflect this in the name of the functions.
+As a nice side effect, the shorter function name makes some line
+wrapping unnecessary.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220510151020.105528-2-kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 98e3ab35054b946f7c2aba5408822532b0920b53)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/block/virtio-blk.c | 6 ++----
+ include/qemu/coroutine.h | 6 +++---
+ util/qemu-coroutine.c | 4 ++--
+ 3 files changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
+index 540c38f829..6a1cc41877 100644
+--- a/hw/block/virtio-blk.c
++++ b/hw/block/virtio-blk.c
+@@ -1215,8 +1215,7 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
+ for (i = 0; i < conf->num_queues; i++) {
+ virtio_add_queue(vdev, conf->queue_size, virtio_blk_handle_output);
+ }
+- qemu_coroutine_increase_pool_batch_size(conf->num_queues * conf->queue_size
+- / 2);
++ qemu_coroutine_inc_pool_size(conf->num_queues * conf->queue_size / 2);
+ virtio_blk_data_plane_create(vdev, conf, &s->dataplane, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+@@ -1253,8 +1252,7 @@ static void virtio_blk_device_unrealize(DeviceState *dev)
+ for (i = 0; i < conf->num_queues; i++) {
+ virtio_del_queue(vdev, i);
+ }
+- qemu_coroutine_decrease_pool_batch_size(conf->num_queues * conf->queue_size
+- / 2);
++ qemu_coroutine_dec_pool_size(conf->num_queues * conf->queue_size / 2);
+ qemu_del_vm_change_state_handler(s->change);
+ blockdev_mark_auto_del(s->blk);
+ virtio_cleanup(vdev);
+diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
+index c828a95ee0..5b621d1295 100644
+--- a/include/qemu/coroutine.h
++++ b/include/qemu/coroutine.h
+@@ -334,12 +334,12 @@ void coroutine_fn yield_until_fd_readable(int fd);
+ /**
+ * Increase coroutine pool size
+ */
+-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size);
++void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size);
+
+ /**
+- * Devcrease coroutine pool size
++ * Decrease coroutine pool size
+ */
+-void qemu_coroutine_decrease_pool_batch_size(unsigned int additional_pool_size);
++void qemu_coroutine_dec_pool_size(unsigned int additional_pool_size);
+
+ #include "qemu/lockable.h"
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index f3e8300c8d..ea23929a74 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -212,12 +212,12 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
+ return co->ctx;
+ }
+
+-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size)
++void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
+ {
+ qatomic_add(&pool_batch_size, additional_pool_size);
+ }
+
+-void qemu_coroutine_decrease_pool_batch_size(unsigned int removing_pool_size)
++void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
+ {
+ qatomic_sub(&pool_batch_size, removing_pool_size);
+ }
diff --git a/debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch b/debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
new file mode 100644
index 0000000..711ffe0
--- /dev/null
+++ b/debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Tue, 10 May 2022 17:10:20 +0200
+Subject: [PATCH] coroutine: Revert to constant batch size
+
+Commit 4c41c69e changed the way the coroutine pool is sized because for
+virtio-blk devices with a large queue size and heavy I/O, it was just
+too small and caused coroutines to be deleted and reallocated soon
+afterwards. The change made the size dynamic based on the number of
+queues and the queue size of virtio-blk devices.
+
+There are two important numbers here: Slightly simplified, when a
+coroutine terminates, it is generally stored in the global release pool
+up to a certain pool size, and if the pool is full, it is freed.
+Conversely, when allocating a new coroutine, the coroutines in the
+release pool are reused if the pool already has reached a certain
+minimum size (the batch size), otherwise we allocate new coroutines.
+
+The problem after commit 4c41c69e is that it not only increases the
+maximum pool size (which is the intended effect), but also the batch
+size for reusing coroutines (which is a bug). It means that in cases
+with many devices and/or a large queue size (which defaults to the
+number of vcpus for virtio-blk-pci), many thousand coroutines could be
+sitting in the release pool without being reused.
+
+This is not only a waste of memory and allocations, but it actually
+makes the QEMU process likely to hit the vm.max_map_count limit on Linux
+because each coroutine requires two mappings (its stack and the guard
+page for the stack), causing it to abort() in qemu_alloc_stack() because
+when the limit is hit, mprotect() starts to fail with ENOMEM.
+
+In order to fix the problem, change the batch size back to 64 to avoid
+uselessly accumulating coroutines in the release pool, but keep the
+dynamic maximum pool size so that coroutines aren't freed too early
+in heavy I/O scenarios.
+
+Note that this fix doesn't strictly make it impossible to hit the limit,
+but this would only happen if most of the coroutines are actually in use
+at the same time, not just sitting in a pool. This is the same behaviour
+as we already had before commit 4c41c69e. Fully preventing this would
+require allowing qemu_coroutine_create() to return an error, but it
+doesn't seem to be a scenario that people hit in practice.
+
+Cc: qemu-stable@nongnu.org
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2079938
+Fixes: 4c41c69e05fe28c0f95f8abd2ebf407e95a4f04b
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220510151020.105528-3-kwolf@redhat.com>
+Tested-by: Hiroki Narukawa <hnarukaw@yahoo-corp.jp>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 9ec7a59b5aad4b736871c378d30f5ef5ec51cb52)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ util/qemu-coroutine.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index ea23929a74..4a8bd63ef0 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -21,14 +21,20 @@
+ #include "qemu/coroutine-tls.h"
+ #include "block/aio.h"
+
+-/** Initial batch size is 64, and is increased on demand */
++/**
++ * The minimal batch size is always 64, coroutines from the release_pool are
++ * reused as soon as there are 64 coroutines in it. The maximum pool size starts
++ * with 64 and is increased on demand so that coroutines are not deleted even if
++ * they are not immediately reused.
++ */
+ enum {
+- POOL_INITIAL_BATCH_SIZE = 64,
++ POOL_MIN_BATCH_SIZE = 64,
++ POOL_INITIAL_MAX_SIZE = 64,
+ };
+
+ /** Free list to speed up creation */
+ static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
+-static unsigned int pool_batch_size = POOL_INITIAL_BATCH_SIZE;
++static unsigned int pool_max_size = POOL_INITIAL_MAX_SIZE;
+ static unsigned int release_pool_size;
+
+ typedef QSLIST_HEAD(, Coroutine) CoroutineQSList;
+@@ -57,7 +63,7 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
+
+ co = QSLIST_FIRST(alloc_pool);
+ if (!co) {
+- if (release_pool_size > qatomic_read(&pool_batch_size)) {
++ if (release_pool_size > POOL_MIN_BATCH_SIZE) {
+ /* Slow path; a good place to register the destructor, too. */
+ Notifier *notifier = get_ptr_coroutine_pool_cleanup_notifier();
+ if (!notifier->notify) {
+@@ -95,12 +101,12 @@ static void coroutine_delete(Coroutine *co)
+ co->caller = NULL;
+
+ if (CONFIG_COROUTINE_POOL) {
+- if (release_pool_size < qatomic_read(&pool_batch_size) * 2) {
++ if (release_pool_size < qatomic_read(&pool_max_size) * 2) {
+ QSLIST_INSERT_HEAD_ATOMIC(&release_pool, co, pool_next);
+ qatomic_inc(&release_pool_size);
+ return;
+ }
+- if (get_alloc_pool_size() < qatomic_read(&pool_batch_size)) {
++ if (get_alloc_pool_size() < qatomic_read(&pool_max_size)) {
+ QSLIST_INSERT_HEAD(get_ptr_alloc_pool(), co, pool_next);
+ set_alloc_pool_size(get_alloc_pool_size() + 1);
+ return;
+@@ -214,10 +220,10 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
+
+ void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
+ {
+- qatomic_add(&pool_batch_size, additional_pool_size);
++ qatomic_add(&pool_max_size, additional_pool_size);
+ }
+
+ void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
+ {
+- qatomic_sub(&pool_batch_size, removing_pool_size);
++ qatomic_sub(&pool_max_size, removing_pool_size);
+ }
diff --git a/debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch b/debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
new file mode 100644
index 0000000..cf535bb
--- /dev/null
+++ b/debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
@@ -0,0 +1,117 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 29 Apr 2022 21:16:28 +0200
+Subject: [PATCH] target/i386: do not consult nonexistent host leaves
+
+When cache_info_passthrough is requested, QEMU passes the host values
+of the cache information CPUID leaves down to the guest. However,
+it blindly assumes that the CPUID leaf exists on the host, and this
+cannot be guaranteed: for example, KVM has recently started to
+synthesize AMD leaves up to 0x80000021 in order to provide accurate
+CPU bug information to guests.
+
+Querying a nonexistent host leaf fills the output arguments of
+host_cpuid with data that (albeit deterministic) is nonsensical
+as cache information, namely the data in the highest Intel CPUID
+leaf. If said highest leaf is not ECX-dependent, this can even
+cause an infinite loop when kvm_arch_init_vcpu prepares the input
+to KVM_SET_CPUID2. The infinite loop is only terminated by an
+abort() when the array gets full.
+
+Reported-by: Maxim Levitsky <mlevitsk@redhat.com>
+Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 798d8ec0dacd4cc0034298d94f430c14f23e2919)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ target/i386/cpu.c | 41 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 36 insertions(+), 5 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 6e6945139b..c79e151887 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -5030,6 +5030,37 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ return r;
+ }
+
++static void x86_cpu_get_cache_cpuid(uint32_t func, uint32_t index,
++ uint32_t *eax, uint32_t *ebx,
++ uint32_t *ecx, uint32_t *edx)
++{
++ uint32_t level, unused;
++
++ /* Only return valid host leaves. */
++ switch (func) {
++ case 2:
++ case 4:
++ host_cpuid(0, 0, &level, &unused, &unused, &unused);
++ break;
++ case 0x80000005:
++ case 0x80000006:
++ case 0x8000001d:
++ host_cpuid(0x80000000, 0, &level, &unused, &unused, &unused);
++ break;
++ default:
++ return;
++ }
++
++ if (func > level) {
++ *eax = 0;
++ *ebx = 0;
++ *ecx = 0;
++ *edx = 0;
++ } else {
++ host_cpuid(func, index, eax, ebx, ecx, edx);
++ }
++}
++
+ /*
+ * Only for builtin_x86_defs models initialized with x86_register_cpudef_types.
+ */
+@@ -5288,7 +5319,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 2:
+ /* cache info: needed for Pentium Pro compatibility */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, 0, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, 0, eax, ebx, ecx, edx);
+ break;
+ } else if (cpu->vendor_cpuid_only && IS_AMD_CPU(env)) {
+ *eax = *ebx = *ecx = *edx = 0;
+@@ -5308,7 +5339,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 4:
+ /* cache info: needed for Core compatibility */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, count, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, count, eax, ebx, ecx, edx);
+ /* QEMU gives out its own APIC IDs, never pass down bits 31..26. */
+ *eax &= ~0xFC000000;
+ if ((*eax & 31) && cs->nr_cores > 1) {
+@@ -5710,7 +5741,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 0x80000005:
+ /* cache info (L1 cache) */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, 0, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, 0, eax, ebx, ecx, edx);
+ break;
+ }
+ *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) |
+@@ -5723,7 +5754,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 0x80000006:
+ /* cache info (L2 cache) */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, 0, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, 0, eax, ebx, ecx, edx);
+ break;
+ }
+ *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) |
+@@ -5783,7 +5814,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 0x8000001D:
+ *eax = 0;
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, count, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, count, eax, ebx, ecx, edx);
+ break;
+ }
+ switch (count) {
diff --git a/debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch b/debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
new file mode 100644
index 0000000..92a57cf
--- /dev/null
+++ b/debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
@@ -0,0 +1,108 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:36 +0100
+Subject: [PATCH] virtio-scsi: fix ctrl and event handler functions in
+ dataplane mode
+
+Commit f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare
+virtio_scsi_handle_cmd for dataplane") prepared the virtio-scsi cmd
+virtqueue handler function to be used in both the dataplane and
+non-datpalane code paths.
+
+It failed to convert the ctrl and event virtqueue handler functions,
+which are not designed to be called from the dataplane code path but
+will be since the ioeventfd is set up for those virtqueues when
+dataplane starts.
+
+Convert the ctrl and event virtqueue handler functions now so they
+operate correctly when called from the dataplane code path. Avoid code
+duplication by extracting this code into a helper function.
+
+Fixes: f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare virtio_scsi_handle_cmd for dataplane")
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-2-stefanha@redhat.com
+[Fixed s/by used/be used/ typo pointed out by Michael Tokarev
+<mjt@tls.msk.ru>.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry-picked from commit 2f743ef6366c2df4ef51ef3ae318138cdc0125ab)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/scsi/virtio-scsi.c | 42 +++++++++++++++++++++++++++---------------
+ 1 file changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 34a968ecfb..417fbc71d6 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -472,16 +472,32 @@ bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
+ return progress;
+ }
+
++/*
++ * If dataplane is configured but not yet started, do so now and return true on
++ * success.
++ *
++ * Dataplane is started by the core virtio code but virtqueue handler functions
++ * can also be invoked when a guest kicks before DRIVER_OK, so this helper
++ * function helps us deal with manually starting ioeventfd in that case.
++ */
++static bool virtio_scsi_defer_to_dataplane(VirtIOSCSI *s)
++{
++ if (!s->ctx || s->dataplane_started) {
++ return false;
++ }
++
++ virtio_device_start_ioeventfd(&s->parent_obj.parent_obj);
++ return !s->dataplane_fenced;
++}
++
+ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ {
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+
+- if (s->ctx) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_ctrl_vq(s, vq);
+ virtio_scsi_release(s);
+@@ -720,12 +736,10 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
+ /* use non-QOM casts in the data path */
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+
+- if (s->ctx && !s->dataplane_started) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_cmd_vq(s, vq);
+ virtio_scsi_release(s);
+@@ -855,12 +869,10 @@ static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
+ {
+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+
+- if (s->ctx) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_event_vq(s, vq);
+ virtio_scsi_release(s);
diff --git a/debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch b/debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
new file mode 100644
index 0000000..238d456
--- /dev/null
+++ b/debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
@@ -0,0 +1,91 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:37 +0100
+Subject: [PATCH] virtio-scsi: don't waste CPU polling the event virtqueue
+
+The virtio-scsi event virtqueue is not emptied by its handler function.
+This is typical for rx virtqueues where the device uses buffers when
+some event occurs (e.g. a packet is received, an error condition
+happens, etc).
+
+Polling non-empty virtqueues wastes CPU cycles. We are not waiting for
+new buffers to become available, we are waiting for an event to occur,
+so it's a misuse of CPU resources to poll for buffers.
+
+Introduce the new virtio_queue_aio_attach_host_notifier_no_poll() API,
+which is identical to virtio_queue_aio_attach_host_notifier() except
+that it does not poll the virtqueue.
+
+Before this patch the following command-line consumed 100% CPU in the
+IOThread polling and calling virtio_scsi_handle_event():
+
+ $ qemu-system-x86_64 -M accel=kvm -m 1G -cpu host \
+ --object iothread,id=iothread0 \
+ --device virtio-scsi-pci,iothread=iothread0 \
+ --blockdev file,filename=test.img,aio=native,cache.direct=on,node-name=drive0 \
+ --device scsi-hd,drive=drive0
+
+After this patch CPU is no longer wasted.
+
+Reported-by: Nir Soffer <nsoffer@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Tested-by: Nir Soffer <nsoffer@redhat.com>
+Message-id: 20220427143541.119567-3-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry-picked from commit 38738f7dbbda90fbc161757b7f4be35b52205552)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/scsi/virtio-scsi-dataplane.c | 2 +-
+ hw/virtio/virtio.c | 13 +++++++++++++
+ include/hw/virtio/virtio.h | 1 +
+ 3 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/hw/scsi/virtio-scsi-dataplane.c b/hw/scsi/virtio-scsi-dataplane.c
+index 29575cbaf6..8bb6e6acfc 100644
+--- a/hw/scsi/virtio-scsi-dataplane.c
++++ b/hw/scsi/virtio-scsi-dataplane.c
+@@ -138,7 +138,7 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
+
+ aio_context_acquire(s->ctx);
+ virtio_queue_aio_attach_host_notifier(vs->ctrl_vq, s->ctx);
+- virtio_queue_aio_attach_host_notifier(vs->event_vq, s->ctx);
++ virtio_queue_aio_attach_host_notifier_no_poll(vs->event_vq, s->ctx);
+
+ for (i = 0; i < vs->conf.num_queues; i++) {
+ virtio_queue_aio_attach_host_notifier(vs->cmd_vqs[i], s->ctx);
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 9d637e043e..67a873f54a 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3534,6 +3534,19 @@ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ virtio_queue_host_notifier_aio_poll_end);
+ }
+
++/*
++ * Same as virtio_queue_aio_attach_host_notifier() but without polling. Use
++ * this for rx virtqueues and similar cases where the virtqueue handler
++ * function does not pop all elements. When the virtqueue is left non-empty
++ * polling consumes CPU cycles and should not be used.
++ */
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx)
++{
++ aio_set_event_notifier(ctx, &vq->host_notifier, true,
++ virtio_queue_host_notifier_read,
++ NULL, NULL);
++}
++
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ {
+ aio_set_event_notifier(ctx, &vq->host_notifier, true, NULL, NULL, NULL);
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index b31c4507f5..b62a35fdca 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -317,6 +317,7 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
+ void virtio_queue_set_host_notifier_enabled(VirtQueue *vq, bool enabled);
+ void virtio_queue_host_notifier_read(EventNotifier *n);
+ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx);
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx);
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
+ VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
+ VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
diff --git a/debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch b/debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
new file mode 100644
index 0000000..2f52fd3
--- /dev/null
+++ b/debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
@@ -0,0 +1,102 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:42 +0200
+Subject: [PATCH] vhost: Track descriptor chain in private at SVQ
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The device could have access to modify them, and it definitely have
+access when we implement packed vq. Harden SVQ maintaining a private
+copy of the descriptor chain. Other fields like buffer addresses are
+already maintained sepparatedly.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-2-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 495fe3a78749c39c0e772c4e1a55d6cb8a7e5292)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 12 +++++++-----
+ hw/virtio/vhost-shadow-virtqueue.h | 6 ++++++
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index b232803d1b..3155801f50 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -138,6 +138,7 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ for (n = 0; n < num; n++) {
+ if (more_descs || (n + 1 < num)) {
+ descs[i].flags = flags | cpu_to_le16(VRING_DESC_F_NEXT);
++ descs[i].next = cpu_to_le16(svq->desc_next[i]);
+ } else {
+ descs[i].flags = flags;
+ }
+@@ -145,10 +146,10 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ descs[i].len = cpu_to_le32(iovec[n].iov_len);
+
+ last = i;
+- i = cpu_to_le16(descs[i].next);
++ i = cpu_to_le16(svq->desc_next[i]);
+ }
+
+- svq->free_head = le16_to_cpu(descs[last].next);
++ svq->free_head = le16_to_cpu(svq->desc_next[last]);
+ }
+
+ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+@@ -336,7 +337,6 @@ static void vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
+ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ uint32_t *len)
+ {
+- vring_desc_t *descs = svq->vring.desc;
+ const vring_used_t *used = svq->vring.used;
+ vring_used_elem_t used_elem;
+ uint16_t last_used;
+@@ -365,7 +365,7 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- descs[used_elem.id].next = svq->free_head;
++ svq->desc_next[used_elem.id] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
+@@ -540,8 +540,9 @@ void vhost_svq_start(VhostShadowVirtqueue *svq, VirtIODevice *vdev,
+ svq->vring.used = qemu_memalign(qemu_real_host_page_size, device_size);
+ memset(svq->vring.used, 0, device_size);
+ svq->ring_id_maps = g_new0(VirtQueueElement *, svq->vring.num);
++ svq->desc_next = g_new0(uint16_t, svq->vring.num);
+ for (unsigned i = 0; i < svq->vring.num - 1; i++) {
+- svq->vring.desc[i].next = cpu_to_le16(i + 1);
++ svq->desc_next[i] = cpu_to_le16(i + 1);
+ }
+ }
+
+@@ -574,6 +575,7 @@ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+ virtqueue_detach_element(svq->vq, next_avail_elem, 0);
+ }
+ svq->vq = NULL;
++ g_free(svq->desc_next);
+ g_free(svq->ring_id_maps);
+ qemu_vfree(svq->vring.desc);
+ qemu_vfree(svq->vring.used);
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index e5e24c536d..c132c994e9 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -53,6 +53,12 @@ typedef struct VhostShadowVirtqueue {
+ /* Next VirtQueue element that guest made available */
+ VirtQueueElement *next_guest_avail_elem;
+
++ /*
++ * Backup next field for each descriptor so we can recover securely, not
++ * needing to trust the device access.
++ */
++ uint16_t *desc_next;
++
+ /* Next head to expose to the device */
+ uint16_t shadow_avail_idx;
+
diff --git a/debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch b/debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
new file mode 100644
index 0000000..497bcec
--- /dev/null
+++ b/debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
@@ -0,0 +1,62 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:43 +0200
+Subject: [PATCH] vhost: Fix device's used descriptor dequeue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Only the first one of them were properly enqueued back.
+
+Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-3-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 81abfa5724c9a6502d7a1d3a67c55f2a303a1170)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 3155801f50..31fc50907d 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -334,12 +334,22 @@ static void vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
+ svq->vring.avail->flags |= cpu_to_le16(VRING_AVAIL_F_NO_INTERRUPT);
+ }
+
++static uint16_t vhost_svq_last_desc_of_chain(const VhostShadowVirtqueue *svq,
++ uint16_t num, uint16_t i)
++{
++ for (uint16_t j = 0; j < (num - 1); ++j) {
++ i = le16_to_cpu(svq->desc_next[i]);
++ }
++
++ return i;
++}
++
+ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ uint32_t *len)
+ {
+ const vring_used_t *used = svq->vring.used;
+ vring_used_elem_t used_elem;
+- uint16_t last_used;
++ uint16_t last_used, last_used_chain, num;
+
+ if (!vhost_svq_more_used(svq)) {
+ return NULL;
+@@ -365,7 +375,10 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- svq->desc_next[used_elem.id] = svq->free_head;
++ num = svq->ring_id_maps[used_elem.id]->in_num +
++ svq->ring_id_maps[used_elem.id]->out_num;
++ last_used_chain = vhost_svq_last_desc_of_chain(svq, num, used_elem.id);
++ svq->desc_next[last_used_chain] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
diff --git a/debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch b/debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
new file mode 100644
index 0000000..6f33164
--- /dev/null
+++ b/debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
@@ -0,0 +1,39 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:44 +0200
+Subject: [PATCH] vdpa: Fix bad index calculus at vhost_vdpa_get_vring_base
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: 6d0b222666 ("vdpa: Adapt vhost_vdpa_get_vring_base to SVQ")
+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-4-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 639036477ef890958415967e753ca2cbb348c16c)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-vdpa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 8adf7c0b92..8555a84f87 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1170,11 +1170,11 @@ static int vhost_vdpa_get_vring_base(struct vhost_dev *dev,
+ struct vhost_vring_state *ring)
+ {
+ struct vhost_vdpa *v = dev->opaque;
++ int vdpa_idx = ring->index - dev->vq_index;
+ int ret;
+
+ if (v->shadow_vqs_enabled) {
+- VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs,
+- ring->index);
++ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, vdpa_idx);
+
+ /*
+ * Setting base as last used idx, so destination will see as available
diff --git a/debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch b/debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
new file mode 100644
index 0000000..8c74f0c
--- /dev/null
+++ b/debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:45 +0200
+Subject: [PATCH] vdpa: Fix index calculus at vhost_vdpa_svqs_start
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With the introduction of MQ the index of the vq needs to be calculated
+with the device model vq_index.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20220512175747.142058-5-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 1c82fdfef8a227518ffecae9d419bcada995c202)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-vdpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 8555a84f87..aa43cfa7d9 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1016,7 +1016,7 @@ static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)
+ VirtQueue *vq = virtio_get_queue(dev->vdev, dev->vq_index + i);
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+ struct vhost_vring_addr addr = {
+- .index = i,
++ .index = dev->vq_index + i,
+ };
+ int r;
+ bool ok = vhost_vdpa_svq_setup(dev, svq, i, &err);
diff --git a/debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch b/debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
new file mode 100644
index 0000000..12ea0ad
--- /dev/null
+++ b/debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
@@ -0,0 +1,74 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 12 May 2022 19:57:46 +0200
+Subject: [PATCH] hw/virtio: Replace g_memdup() by g_memdup2()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
+
+ The old API took the size of the memory to duplicate as a guint,
+ whereas most memory functions take memory sizes as a gsize. This
+ made it easy to accidentally pass a gsize to g_memdup(). For large
+ values, that would lead to a silent truncation of the size from 64
+ to 32 bits, and result in a heap area being returned which is
+ significantly smaller than what the caller expects. This can likely
+ be exploited in various modules to cause a heap buffer overflow.
+
+Replace g_memdup() by the safer g_memdup2() wrapper.
+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Acked-by: Eugenio Pérez <eperezma@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-Id: <20220512175747.142058-6-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit d792199de55ca5cb5334016884039c740290b5c7)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/net/virtio-net.c | 3 ++-
+ hw/virtio/virtio-crypto.c | 6 +++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 1067e72b39..e4748a7e6c 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1443,7 +1443,8 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ }
+
+ iov_cnt = elem->out_num;
+- iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
++ iov2 = iov = g_memdup2(elem->out_sg,
++ sizeof(struct iovec) * elem->out_num);
+ s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
+ iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
+ if (s != sizeof(ctrl)) {
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index dcd80b904d..0e31e3cc04 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -242,7 +242,7 @@ static void virtio_crypto_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ }
+
+ out_num = elem->out_num;
+- out_iov_copy = g_memdup(elem->out_sg, sizeof(out_iov[0]) * out_num);
++ out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num);
+ out_iov = out_iov_copy;
+
+ in_num = elem->in_num;
+@@ -605,11 +605,11 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request)
+ }
+
+ out_num = elem->out_num;
+- out_iov_copy = g_memdup(elem->out_sg, sizeof(out_iov[0]) * out_num);
++ out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num);
+ out_iov = out_iov_copy;
+
+ in_num = elem->in_num;
+- in_iov_copy = g_memdup(elem->in_sg, sizeof(in_iov[0]) * in_num);
++ in_iov_copy = g_memdup2(elem->in_sg, sizeof(in_iov[0]) * in_num);
+ in_iov = in_iov_copy;
+
+ if (unlikely(iov_to_buf(out_iov, out_num, 0, &req, sizeof(req))
diff --git a/debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch b/debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
new file mode 100644
index 0000000..daa5bca
--- /dev/null
+++ b/debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:47 +0200
+Subject: [PATCH] vhost: Fix element in vhost_svq_add failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Coverity rightly reports that is not free in that case.
+
+Fixes: Coverity CID 1487559
+Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-7-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 5181db132b587754dda3a520eec923b87a65bbb7)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 31fc50907d..06d0bb39d9 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -199,11 +199,19 @@ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+ return true;
+ }
+
++/**
++ * Add an element to a SVQ.
++ *
++ * The caller must check that there is enough slots for the new element. It
++ * takes ownership of the element: In case of failure, it is free and the SVQ
++ * is considered broken.
++ */
+ static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ {
+ unsigned qemu_head;
+ bool ok = vhost_svq_add_split(svq, elem, &qemu_head);
+ if (unlikely(!ok)) {
++ g_free(elem);
+ return false;
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 6fa7ca8..3850a52 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,22 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
+extra/0002-block-gluster-correctly-set-max_pdiscard.patch
+extra/0003-block-vmdk-Fix-reopening-bs-file.patch
+extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
+extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
+extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
+extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
+extra/0010-coroutine-Revert-to-constant-batch-size.patch
+extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
+extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
+extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
+extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
+extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
+extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
+extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
+extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
+extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
` (3 preceding siblings ...)
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0 Fabian Ebner
@ 2022-06-30 11:16 ` Wolfgang Bumiller
4 siblings, 0 replies; 6+ messages in thread
From: Wolfgang Bumiller @ 2022-06-30 11:16 UTC (permalink / raw)
To: Fabian Ebner; +Cc: pve-devel
applied & bumped, thanks
On Mon, Jun 27, 2022 at 01:05:39PM +0200, Fabian Ebner wrote:
> Clean rebase and didn't run into any obvious issues when testing (I
> did when testing the release candidates, but those issues got
> addressed before the release :)). Still, more testing is always
> appreciated!
>
> Fabian Ebner (4):
> update submodule and patches to 7.0.0
> d/rules: drop outdated configure flags
> d/rules: adapt to changed opensbi riscv filenames in 7.0.0
> cherry-pick upstream fixes for 7.0.0
>
> ...d-support-for-sync-bitmap-mode-never.patch | 90 ++--
> ...-support-for-conditional-and-always-.patch | 14 +-
> ...check-for-bitmap-mode-without-bitmap.patch | 4 +-
> ...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
> .../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
> ...race-with-clients-disconnecting-earl.patch | 12 +-
> ...k-gluster-correctly-set-max_pdiscard.patch | 47 ++
> ...support-for-flag-argument-with-value.patch | 55 --
> ...003-block-vmdk-Fix-reopening-bs-file.patch | 129 +++++
> ...-set-expire_password-and-allow-VNC-d.patch | 477 ------------------
> ...balanced-plugged-counter-in-laio_io_.patch | 44 ++
> ...erflow-in-snprintf-string-formatting.patch | 100 ++++
> ...Update-BSC-only-if-want_zero-is-true.patch | 43 --
> ...Fix-disabling-MPX-on-cpu-host-with-M.patch | 48 ++
> ...lete-reconnect-delay-timer-when-done.patch | 40 --
> ...ontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 121 +++++
> ...sert-there-are-no-timers-when-closed.patch | 34 --
> ...outine-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 123 +++++
> ...-nbd-Move-s-ioc-on-AioContext-change.patch | 90 ----
> ...ame-qemu_coroutine_inc-dec_pool_size.patch | 90 ++++
> ...U-crash-when-started-with-SLIC-table.patch | 89 ----
> ...outine-Revert-to-constant-batch-size.patch | 121 +++++
> ...-not-consult-nonexistent-host-leaves.patch | 117 +++++
> ...-map-leaking-on-error-during-receive.patch | 38 --
> ...rrect-calls-of-log_global_start-stop.patch | 86 ----
> ...ctrl-and-event-handler-functions-in-.patch | 108 ++++
> ...acpi-fix-OEM-ID-OEM-Table-ID-padding.patch | 59 ---
> ...t-waste-CPU-polling-the-event-virtqu.patch | 91 ++++
> ...k-descriptor-chain-in-private-at-SVQ.patch | 102 ++++
> ...ch-the-virqueue-element-in-case-of-e.patch | 55 --
> ...Fix-device-s-used-descriptor-dequeue.patch | 62 +++
> ...t-user-remove-VirtQ-notifier-restore.patch | 98 ----
> ...ex-calculus-at-vhost_vdpa_get_vring_.patch | 39 ++
> ...host-user-fix-VirtQ-notifier-cleanup.patch | 149 ------
> ...ex-calculus-at-vhost_vdpa_svqs_start.patch | 35 ++
> ...ondition-for-iommu_platform-not-supp.patch | 101 ----
> ...rrectly-set-max_pdiscard-which-is-in.patch | 38 --
> ...virtio-Replace-g_memdup-by-g_memdup2.patch | 74 +++
> .../0019-ui-vnc.c-Fixed-a-deadlock-bug.patch | 72 ---
> ...Fix-element-in-vhost_svq_add-failure.patch | 47 ++
> ...er-fix-race-condition-in-qxl_cursor-.patch | 37 --
> ...teger-overflow-in-cursor_alloc-CVE-2.patch | 83 ---
> ...k-file-change-locking-default-to-off.patch | 6 +-
> ...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
> ...ui-spice-default-to-pve-certificates.patch | 2 +-
> ...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
> .../0007-PVE-Up-qmp-add-get_link_status.patch | 6 +-
> ...return-success-on-info-without-snaps.patch | 4 +-
> ...dd-add-osize-and-read-from-to-stdin-.patch | 16 +-
> ...E-Up-qemu-img-dd-add-isize-parameter.patch | 12 +-
> ...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 14 +-
> ...virtio-balloon-improve-query-balloon.patch | 10 +-
> .../0014-PVE-qapi-modify-query-machines.patch | 6 +-
> .../0015-PVE-qapi-modify-spice-query.patch | 6 +-
> ...async-for-background-state-snapshots.patch | 30 +-
> ...add-optional-buffer-size-to-QEMUFile.patch | 28 +-
> ...add-the-zeroinit-block-driver-filter.patch | 4 +-
> ...-Add-dummy-id-command-line-parameter.patch | 10 +-
> ...le-posix-make-locking-optiono-on-cre.patch | 18 +-
> ...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
> ...E-Allow-version-code-in-machine-type.patch | 18 +-
> ...e-bcs-bitmap-initialization-to-job-c.patch | 4 +-
> ...VE-Backup-add-vma-backup-format-code.patch | 32 +-
> ...-Backup-add-backup-dump-block-driver.patch | 28 +-
> ...ckup-proxmox-backup-patches-for-qemu.patch | 42 +-
> ...estore-new-command-to-restore-from-p.patch | 4 +-
> ...irty-bitmap-tracking-for-incremental.patch | 6 +-
> .../pve/0031-PVE-various-PBS-fixes.patch | 4 +-
> ...k-driver-to-map-backup-archives-into.patch | 54 +-
> ...dd-query_proxmox_support-QMP-command.patch | 2 +-
> ...E-add-query-pbs-bitmap-info-QMP-call.patch | 4 +-
> ...ct-stderr-to-journal-when-daemonized.patch | 8 +-
> ...d-sequential-job-transaction-support.patch | 10 +-
> ...-block-on-finishing-and-cleanup-crea.patch | 2 +-
> ...igrate-dirty-bitmap-state-via-savevm.patch | 8 +-
> ...all-back-to-open-iscsi-initiatorname.patch | 2 +-
> ...routine-QMP-for-backup-cancel_backup.patch | 6 +-
> .../pve/0043-PBS-add-master-key-support.patch | 4 +-
> ...PVE-block-stream-increase-chunk-size.patch | 2 +-
> ...accept-NULL-qiov-in-bdrv_pad_request.patch | 4 +-
> .../0047-block-add-alloc-track-driver.patch | 2 +-
> ...valid-QAPI-names-for-backwards-compa.patch | 6 +-
> ...-add-l-option-for-loading-a-snapshot.patch | 18 +-
> .../pve/0051-vma-allow-partial-restore.patch | 14 +-
> .../pve/0052-pbs-namespace-support.patch | 6 +-
> ...-rbd-workaround-for-ceph-issue-53784.patch | 80 +++
> ...-fix-handling-of-holes-in-.bdrv_co_b.patch | 35 ++
> ...-rbd-implement-bdrv_co_block_status.patch} | 6 +-
> ...-jobs-correctly-cancel-in-error-sce.patch} | 0
> ...sure-jobs-in-di_list-are-referenced.patch} | 0
> ...-segfault-issues-upon-backup-cancel.patch} | 0
> ...upport-64KiB-unaligned-input-images.patch} | 6 +-
> ...-triggering-assertion-in-error-case.patch} | 4 +-
> ...k-alloc-track-avoid-premature-break.patch} | 0
> debian/patches/series | 52 +-
> debian/rules | 6 +-
> qemu | 2 +-
> 97 files changed, 1949 insertions(+), 1990 deletions(-)
> create mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
> delete mode 100644 debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
> create mode 100644 debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
> delete mode 100644 debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
> create mode 100644 debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
> create mode 100644 debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
> delete mode 100644 debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
> create mode 100644 debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
> delete mode 100644 debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
> create mode 100644 debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
> delete mode 100644 debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
> create mode 100644 debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
> delete mode 100644 debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
> create mode 100644 debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
> delete mode 100644 debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
> create mode 100644 debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
> create mode 100644 debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
> delete mode 100644 debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
> delete mode 100644 debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
> create mode 100644 debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
> delete mode 100644 debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
> create mode 100644 debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
> create mode 100644 debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
> delete mode 100644 debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
> create mode 100644 debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
> delete mode 100644 debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
> create mode 100644 debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
> delete mode 100644 debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
> create mode 100644 debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
> delete mode 100644 debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
> delete mode 100644 debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
> create mode 100644 debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
> delete mode 100644 debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
> create mode 100644 debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
> delete mode 100644 debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
> delete mode 100644 debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
> create mode 100644 debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
> create mode 100644 debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
> rename debian/patches/pve/{0053-Revert-block-rbd-implement-bdrv_co_block_status.patch => 0055-Revert-block-rbd-implement-bdrv_co_block_status.patch} (97%)
> rename debian/patches/pve/{0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch => 0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch} (100%)
> rename debian/patches/pve/{0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch => 0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch} (100%)
> rename debian/patches/pve/{0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch => 0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch} (100%)
> rename debian/patches/pve/{0057-vma-create-support-64KiB-unaligned-input-images.patch => 0059-vma-create-support-64KiB-unaligned-input-images.patch} (92%)
> rename debian/patches/pve/{0058-vma-create-avoid-triggering-assertion-in-error-case.patch => 0060-vma-create-avoid-triggering-assertion-in-error-case.patch} (88%)
> rename debian/patches/pve/{0059-block-alloc-track-avoid-premature-break.patch => 0061-block-alloc-track-avoid-premature-break.patch} (100%)
>
> --
> 2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-06-30 11:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0 Fabian Ebner
2022-06-30 11:16 ` [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0 Wolfgang Bumiller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal