* [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5
@ 2024-01-30 14:14 Fiona Ebner
2024-01-30 14:14 ` [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard Fiona Ebner
2024-02-02 18:17 ` [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Thomas Lamprecht
0 siblings, 2 replies; 3+ messages in thread
From: Fiona Ebner @ 2024-01-30 14:14 UTC (permalink / raw)
To: pve-devel
Most notable fixes from a Proxmox VE perspective are:
* "virtio-net: correctly copy vnet header when flushing TX"
To prevent a stack overflow that could lead to leaking parts of the
QEMU process's memory.
* "hw/pflash: implement update buffer for block writes"
To prevent an edge case for half-completed writes. This potentially
affected EFI disks.
* Fixes to i386 emulation and ARM emulation.
No changes for patches were necessary (all are just automatic context
changes).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 2 +-
...race-with-clients-disconnecting-earl.patch | 10 +-
...ial-deadlock-when-draining-during-tr.patch | 2 +-
...-graph-lock-Disable-locking-for-now.patch} | 0
...cel-async-DMA-operation-before-reset.patch | 100 ----------------
...workaround-snapshot-performance-reg.patch} | 0
...orkaround-Windows-not-handling-name.patch} | 0
...w-ide-ahci-fix-legacy-software-reset.patch | 107 ------------------
...-ui-vnc-clipboard-fix-inflate_buffer.patch | 34 ------
...oContext-locking-in-qmp_block_resize.patch | 36 ------
...k-file-change-locking-default-to-off.patch | 6 +-
...djust-network-script-path-to-etc-kvm.patch | 4 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 2 +-
...return-success-on-info-without-snaps.patch | 2 +-
...dd-add-osize-and-read-from-to-stdin-.patch | 12 +-
...E-Up-qemu-img-dd-add-isize-parameter.patch | 14 +--
...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 10 +-
...-add-l-option-for-loading-a-snapshot.patch | 14 +--
...async-for-background-state-snapshots.patch | 10 +-
...-Add-dummy-id-command-line-parameter.patch | 8 +-
...le-posix-make-locking-optiono-on-cre.patch | 18 +--
...3-PVE-monitor-disable-oob-capability.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 4 +-
...ckup-Proxmox-backup-patches-for-QEMU.patch | 2 +-
...k-driver-to-map-backup-archives-into.patch | 4 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 2 +-
...accept-NULL-qiov-in-bdrv_pad_request.patch | 2 +-
...apshots-hold-the-BQL-during-setup-ca.patch | 8 +-
debian/patches/series | 10 +-
qemu | 2 +-
30 files changed, 74 insertions(+), 355 deletions(-)
rename debian/patches/extra/{0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch => 0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch} (100%)
delete mode 100644 debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
rename debian/patches/extra/{0007-migration-states-workaround-snapshot-performance-reg.patch => 0006-migration-states-workaround-snapshot-performance-reg.patch} (100%)
rename debian/patches/extra/{0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch => 0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch} (100%)
delete mode 100644 debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
delete mode 100644 debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
delete mode 100644 debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 1f149e9..c9c63b5 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -360,7 +360,7 @@ index da5fb31089..32f0f9858a 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 2b1d493d6e..903392cb8f 100644
+index bca1a0c372..a5cea82139 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2145,6 +2145,15 @@
diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
index 5ed0d76..cd9797a 100644
--- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
+++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
@@ -104,7 +104,7 @@ index dc352f9e9d..56e1307014 100644
* Is @mon is using readline?
* Note: not all HMP monitors use readline, e.g., gdbserver has a
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index 6eee450fe4..c15bf1e1fc 100644
+index a239945e8d..589c9524f8 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -165,6 +165,8 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
@@ -135,7 +135,7 @@ index 6eee450fe4..c15bf1e1fc 100644
qobject_unref(rsp);
}
-@@ -478,6 +490,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
+@@ -461,6 +473,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
switch (event) {
case CHR_EVENT_OPENED:
@@ -144,7 +144,7 @@ index 6eee450fe4..c15bf1e1fc 100644
monitor_qmp_caps_reset(mon);
data = qmp_greeting(mon);
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index 555528b6bb..3baa508b4b 100644
+index 176b549473..790bb7d1da 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
@@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
@@ -180,13 +180,13 @@ index 555528b6bb..3baa508b4b 100644
aio_co_wake(data->co);
}
-@@ -231,6 +243,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
+@@ -253,6 +265,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
.ret = &ret,
.errp = &err,
.co = qemu_coroutine_self(),
+ .conn_nr = monitor_get_connection_nr(cur_mon),
};
- aio_bh_schedule_oneshot(qemu_get_aio_context(), do_qmp_dispatch_bh,
+ aio_bh_schedule_oneshot(iohandler_get_aio_context(), do_qmp_dispatch_bh,
&data);
diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c
index afa477aae6..d3ff124bf3 100644
diff --git a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
index 018f0c9..7705d72 100644
--- a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+++ b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
@@ -55,7 +55,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 07971c0218..6a74afe564 100644
+index c3508acbb1..289347af58 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -444,7 +444,7 @@ static void ide_trim_bh_cb(void *opaque)
diff --git a/debian/patches/extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch b/debian/patches/extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
similarity index 100%
rename from debian/patches/extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch
rename to debian/patches/extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
diff --git a/debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch b/debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
deleted file mode 100644
index ef1a649..0000000
--- a/debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Thu, 24 Aug 2023 11:22:21 +0200
-Subject: [PATCH] hw/ide: reset: cancel async DMA operation before reseting
- state
-
-If there is a pending DMA operation during ide_bus_reset(), the fact
-that the IDEstate is already reset before the operation is canceled
-can be problematic. In particular, ide_dma_cb() might be called and
-then use the reset IDEstate which contains the signature after the
-reset. When used to construct the IO operation this leads to
-ide_get_sector() returning 0 and nsector being 1. This is particularly
-bad, because a write command will thus destroy the first sector which
-often contains a partition table or similar.
-
-Traces showing the unsolicited write happening with IDEstate
-0x5595af6949d0 being used after reset:
-
-> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 0x00000300
-> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
-> ide_reset IDEstate 0x5595af6949d0
-> ide_reset IDEstate 0x5595af694da8
-> ide_bus_reset_aio aio_cancel
-> dma_aio_cancel dbs=0x7f64600089a0
-> dma_blk_cb dbs=0x7f64600089a0 ret=0
-> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
-> ahci_populate_sglist ahci(0x5595af6923f0)[0]
-> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 prepared=512
-> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
-> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
-> dma_blk_cb dbs=0x7f6420802010 ret=0
-
-> (gdb) p *qiov
-> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 0x0,
-> iov_len = 512}}, {__pad = "\001\000\000\000\000\000\000\000\000\000\000",
-> size = 512}}}
-> (gdb) bt
-> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, flags=0,
-> cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
-> at ../block/block-backend.c:1682
-> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized out>)
-> at ../softmmu/dma-helpers.c:179
-> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
-> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
-> io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
-> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
-> cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
-> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
-> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
-> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
-> cb=cb@entry=0x5595acd40b30 <ide_dma_cb>, opaque=opaque@entry=0x5595af6949d0)
-> at ../softmmu/dma-helpers.c:280
-> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized out>)
-> at ../hw/ide/core.c:953
-> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
-> at ../softmmu/dma-helpers.c:107
-> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
-> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
-> at ../block/block-backend.c:1527
-> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
-> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at ../block/block-backend.c:1594
-> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
-> i1=<optimized out>) at ../util/coroutine-ucontext.c:177
-
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/ide/core.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 6a74afe564..289347af58 100644
---- a/hw/ide/core.c
-+++ b/hw/ide/core.c
-@@ -2515,19 +2515,19 @@ static void ide_dummy_transfer_stop(IDEState *s)
-
- void ide_bus_reset(IDEBus *bus)
- {
-- bus->unit = 0;
-- bus->cmd = 0;
-- ide_reset(&bus->ifs[0]);
-- ide_reset(&bus->ifs[1]);
-- ide_clear_hob(bus);
--
-- /* pending async DMA */
-+ /* pending async DMA - needs the IDEState before it is reset */
- if (bus->dma->aiocb) {
- trace_ide_bus_reset_aio();
- blk_aio_cancel(bus->dma->aiocb);
- bus->dma->aiocb = NULL;
- }
-
-+ bus->unit = 0;
-+ bus->cmd = 0;
-+ ide_reset(&bus->ifs[0]);
-+ ide_reset(&bus->ifs[1]);
-+ ide_clear_hob(bus);
-+
- /* reset dma provider too */
- if (bus->dma->ops->reset) {
- bus->dma->ops->reset(bus->dma);
diff --git a/debian/patches/extra/0007-migration-states-workaround-snapshot-performance-reg.patch b/debian/patches/extra/0006-migration-states-workaround-snapshot-performance-reg.patch
similarity index 100%
rename from debian/patches/extra/0007-migration-states-workaround-snapshot-performance-reg.patch
rename to debian/patches/extra/0006-migration-states-workaround-snapshot-performance-reg.patch
diff --git a/debian/patches/extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch b/debian/patches/extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
similarity index 100%
rename from debian/patches/extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
rename to debian/patches/extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
diff --git a/debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch b/debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
deleted file mode 100644
index f070818..0000000
--- a/debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Niklas Cassel <niklas.cassel@wdc.com>
-Date: Wed, 8 Nov 2023 23:26:57 +0100
-Subject: [PATCH] hw/ide/ahci: fix legacy software reset
-
-Legacy software contains a standard mechanism for generating a reset to a
-Serial ATA device - setting the SRST (software reset) bit in the Device
-Control register.
-
-Serial ATA has a more robust mechanism called COMRESET, also referred to
-as port reset. A port reset is the preferred mechanism for error
-recovery and should be used in place of software reset.
-
-Commit e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
-improved the handling of PxCI, such that PxCI gets cleared after handling
-a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
-receiving anything - even a FIS that failed to parse, which should NOT
-clear PxCI, so that you can see which command slot that caused an error).
-
-However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
-enough, we also need to clear PxCI when receiving a SRST in the Device
-Control register.
-
-A legacy software reset is performed by the host sending two H2D FISes,
-the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
-
-The first H2D FIS will not get a D2H reply, and requires the FIS to have
-the C bit set to one, such that the HBA itself will clear the bit in PxCI.
-
-The second H2D FIS will get a D2H reply once the diagnostic is completed.
-The clearing of the bit in PxCI for this command should ideally be done
-in ahci_init_d2h() (if it was a legacy software reset that caused the
-reset (a COMRESET does not use a command slot)). However, since the reset
-value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
-that way we can avoid complex logic in ahci_init_d2h().
-
-This fixes an issue for FreeBSD where the device would fail to reset.
-The problem was not noticed in Linux, because Linux uses a COMRESET
-instead of a legacy software reset by default.
-
-Fixes: e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
-Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
-Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
-(picked from https://lists.nongnu.org/archive/html/qemu-devel/2023-11/msg02277.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/ide/ahci.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
-index d0a774bc17..1718b7e902 100644
---- a/hw/ide/ahci.c
-+++ b/hw/ide/ahci.c
-@@ -623,9 +623,13 @@ static void ahci_init_d2h(AHCIDevice *ad)
- return;
- }
-
-+ /*
-+ * For simplicity, do not call ahci_clear_cmd_issue() for this
-+ * ahci_write_fis_d2h(). (The reset value for PxCI is 0.)
-+ */
- if (ahci_write_fis_d2h(ad, true)) {
- ad->init_d2h_sent = true;
-- /* We're emulating receiving the first Reg H2D Fis from the device;
-+ /* We're emulating receiving the first Reg D2H FIS from the device;
- * Update the SIG register, but otherwise proceed as normal. */
- pr->sig = ((uint32_t)ide_state->hcyl << 24) |
- (ide_state->lcyl << 16) |
-@@ -663,6 +667,7 @@ static void ahci_reset_port(AHCIState *s, int port)
- pr->scr_act = 0;
- pr->tfdata = 0x7F;
- pr->sig = 0xFFFFFFFF;
-+ pr->cmd_issue = 0;
- d->busy_slot = -1;
- d->init_d2h_sent = false;
-
-@@ -1243,10 +1248,30 @@ static void handle_reg_h2d_fis(AHCIState *s, int port,
- case STATE_RUN:
- if (cmd_fis[15] & ATA_SRST) {
- s->dev[port].port_state = STATE_RESET;
-+ /*
-+ * When setting SRST in the first H2D FIS in the reset sequence,
-+ * the device does not send a D2H FIS. Host software thus has to
-+ * set the "Clear Busy upon R_OK" bit such that PxCI (and BUSY)
-+ * gets cleared. See AHCI 1.3.1, section 10.4.1 Software Reset.
-+ */
-+ if (opts & AHCI_CMD_CLR_BUSY) {
-+ ahci_clear_cmd_issue(ad, slot);
-+ }
- }
- break;
- case STATE_RESET:
- if (!(cmd_fis[15] & ATA_SRST)) {
-+ /*
-+ * When clearing SRST in the second H2D FIS in the reset
-+ * sequence, the device will execute diagnostics. When this is
-+ * done, the device will send a D2H FIS with the good status.
-+ * See SATA 3.5a Gold, section 11.4 Software reset protocol.
-+ *
-+ * This D2H FIS is the first D2H FIS received from the device,
-+ * and is received regardless if the reset was performed by a
-+ * COMRESET or by setting and clearing the SRST bit. Therefore,
-+ * the logic for this is found in ahci_init_d2h() and not here.
-+ */
- ahci_reset_port(s, port);
- }
- break;
diff --git a/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch b/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
deleted file mode 100644
index 4711fa0..0000000
--- a/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Wed, 22 Nov 2023 13:17:25 +0100
-Subject: [PATCH] ui/vnc-clipboard: fix inflate_buffer
-
-Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
-inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
-required, because it can happen that stream.avail_in becomes zero
-before coming across a return value of Z_STREAM_END.
-
-This fixes the host->guest direction with noNVC.
-
-Reported-by: Friedrich Weber <f.weber@proxmox.com>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- ui/vnc-clipboard.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
-index c759be3438..124b6fbd9c 100644
---- a/ui/vnc-clipboard.c
-+++ b/ui/vnc-clipboard.c
-@@ -69,6 +69,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size)
- }
- }
-
-+ *size = stream.total_out;
-+ inflateEnd(&stream);
-+
-+ return out;
-+
- err_end:
- inflateEnd(&stream);
- err:
diff --git a/debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch b/debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
deleted file mode 100644
index a79fa80..0000000
--- a/debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 8 Dec 2023 13:43:52 +0100
-Subject: [PATCH] block: Fix AioContext locking in qmp_block_resize()
-
-The AioContext must be unlocked before calling blk_co_unref(), because
-it takes the AioContext lock internally in blk_unref_bh(), which is
-scheduled in the main thread. If we don't unlock, the AioContext is
-locked twice and nested event loops such as in bdrv_graph_wrlock() will
-deadlock.
-
-Cc: qemu-stable@nongnu.org
-Fixes: https://issues.redhat.com/browse/RHEL-15965
-Fixes: 0c7d204f50c382c6baac8c94bd57af4a022b3888
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-12/msg01102.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index e6eba61484..c28462a633 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -2361,8 +2361,9 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
-
- bdrv_co_lock(bs);
- bdrv_drained_end(bs);
-- blk_co_unref(blk);
- bdrv_co_unlock(bs);
-+
-+ blk_co_unref(blk);
- }
-
- void qmp_block_stream(const char *job_id, const char *device,
diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
index 3d8785c..30dd2d4 100644
--- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
+++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index aa89789737..0db366a851 100644
+index 7f540b03ed..ca551baa42 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -564,7 +564,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -563,7 +563,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@@ -26,7 +26,7 @@ index aa89789737..0db366a851 100644
},
{
.name = "pr-manager",
-@@ -664,7 +664,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -663,7 +663,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
diff --git a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
index acd23d4..f7c9754 100644
--- a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
+++ b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
-index 1448d00afb..d1601d32c1 100644
+index 685ec58318..22edf4ee96 100644
--- a/include/net/net.h
+++ b/include/net/net.h
-@@ -258,8 +258,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
+@@ -260,8 +260,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
int net_hub_id_for_client(NetClientState *nc, int *id);
NetClientState *net_hub_port_find(int hub_id);
diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
index 297e250..4955ba3 100644
--- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
+++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
@@ -10,7 +10,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index e0771a1043..1018ccc0b8 100644
+index 0893b794e9..6d650a58b9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2243,9 +2243,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
diff --git a/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch b/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
index fb505e5..3bdb7ee 100644
--- a/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
+++ b/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
@@ -9,7 +9,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 27f48051b0..bb287d8538 100644
+index 78433f3746..25d427edd1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3062,7 +3062,8 @@ static int img_info(int argc, char **argv)
diff --git a/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch b/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
index 5b88664..5255268 100644
--- a/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
+++ b/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
@@ -54,10 +54,10 @@ index 1b1dab5b17..d1616c045a 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index bb287d8538..09c0340d16 100644
+index 25d427edd1..220e6ec577 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4888,10 +4888,12 @@ static int img_bitmap(int argc, char **argv)
+@@ -4899,10 +4899,12 @@ static int img_bitmap(int argc, char **argv)
#define C_IF 04
#define C_OF 010
#define C_SKIP 020
@@ -70,7 +70,7 @@ index bb287d8538..09c0340d16 100644
};
struct DdIo {
-@@ -4967,6 +4969,19 @@ static int img_dd_skip(const char *arg,
+@@ -4978,6 +4980,19 @@ static int img_dd_skip(const char *arg,
return 0;
}
@@ -90,7 +90,7 @@ index bb287d8538..09c0340d16 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -5007,6 +5022,7 @@ static int img_dd(int argc, char **argv)
+@@ -5018,6 +5033,7 @@ static int img_dd(int argc, char **argv)
{ "if", img_dd_if, C_IF },
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
@@ -98,7 +98,7 @@ index bb287d8538..09c0340d16 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5082,91 +5098,112 @@ static int img_dd(int argc, char **argv)
+@@ -5093,91 +5109,112 @@ static int img_dd(int argc, char **argv)
arg = NULL;
}
@@ -275,7 +275,7 @@ index bb287d8538..09c0340d16 100644
}
if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
-@@ -5183,20 +5220,43 @@ static int img_dd(int argc, char **argv)
+@@ -5194,20 +5231,43 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
for (out_pos = 0; in_pos < size; ) {
diff --git a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch
index 0325fe9..d68e2aa 100644
--- a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch
+++ b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch
@@ -16,10 +16,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 09c0340d16..556535d9d5 100644
+index 220e6ec577..58bf9b43d1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4889,11 +4889,13 @@ static int img_bitmap(int argc, char **argv)
+@@ -4900,11 +4900,13 @@ static int img_bitmap(int argc, char **argv)
#define C_OF 010
#define C_SKIP 020
#define C_OSIZE 040
@@ -33,7 +33,7 @@ index 09c0340d16..556535d9d5 100644
};
struct DdIo {
-@@ -4982,6 +4984,19 @@ static int img_dd_osize(const char *arg,
+@@ -4993,6 +4995,19 @@ static int img_dd_osize(const char *arg,
return 0;
}
@@ -53,7 +53,7 @@ index 09c0340d16..556535d9d5 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4996,12 +5011,14 @@ static int img_dd(int argc, char **argv)
+@@ -5007,12 +5022,14 @@ static int img_dd(int argc, char **argv)
int c, i;
const char *out_fmt = "raw";
const char *fmt = NULL;
@@ -69,7 +69,7 @@ index 09c0340d16..556535d9d5 100644
};
struct DdIo in = {
.bsz = 512, /* Block size is by default 512 bytes */
-@@ -5023,6 +5040,7 @@ static int img_dd(int argc, char **argv)
+@@ -5034,6 +5051,7 @@ static int img_dd(int argc, char **argv)
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ "osize", img_dd_osize, C_OSIZE },
@@ -77,7 +77,7 @@ index 09c0340d16..556535d9d5 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5219,9 +5237,10 @@ static int img_dd(int argc, char **argv)
+@@ -5230,9 +5248,10 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
@@ -90,7 +90,7 @@ index 09c0340d16..556535d9d5 100644
if (blk1) {
in_ret = blk_pread(blk1, in_pos, bytes, in.buf, 0);
if (in_ret == 0) {
-@@ -5230,6 +5249,9 @@ static int img_dd(int argc, char **argv)
+@@ -5241,6 +5260,9 @@ static int img_dd(int argc, char **argv)
} else {
in_ret = read(STDIN_FILENO, in.buf, bytes);
if (in_ret == 0) {
diff --git a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch
index 5cca59a..5131d98 100644
--- a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch
+++ b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch
@@ -65,10 +65,10 @@ index d1616c045a..b5b0bb4467 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 556535d9d5..289c78febb 100644
+index 58bf9b43d1..9d414d639b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -5013,7 +5013,7 @@ static int img_dd(int argc, char **argv)
+@@ -5024,7 +5024,7 @@ static int img_dd(int argc, char **argv)
const char *fmt = NULL;
int64_t size = 0, readsize = 0;
int64_t out_pos, in_pos;
@@ -77,7 +77,7 @@ index 556535d9d5..289c78febb 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -5051,7 +5051,7 @@ static int img_dd(int argc, char **argv)
+@@ -5062,7 +5062,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -86,7 +86,7 @@ index 556535d9d5..289c78febb 100644
if (c == EOF) {
break;
}
-@@ -5071,6 +5071,9 @@ static int img_dd(int argc, char **argv)
+@@ -5082,6 +5082,9 @@ static int img_dd(int argc, char **argv)
case 'h':
help();
break;
@@ -96,7 +96,7 @@ index 556535d9d5..289c78febb 100644
case 'U':
force_share = true;
break;
-@@ -5201,13 +5204,15 @@ static int img_dd(int argc, char **argv)
+@@ -5212,13 +5215,15 @@ static int img_dd(int argc, char **argv)
size - in.bsz * in.offset, &error_abort);
}
diff --git a/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch b/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
index d649d24..a956795 100644
--- a/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
+++ b/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
@@ -46,10 +46,10 @@ index b5b0bb4467..36f97e1f19 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 289c78febb..da543d05cb 100644
+index 9d414d639b..e13a12137b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -5005,6 +5005,7 @@ static int img_dd(int argc, char **argv)
+@@ -5016,6 +5016,7 @@ static int img_dd(int argc, char **argv)
BlockDriver *drv = NULL, *proto_drv = NULL;
BlockBackend *blk1 = NULL, *blk2 = NULL;
QemuOpts *opts = NULL;
@@ -57,7 +57,7 @@ index 289c78febb..da543d05cb 100644
QemuOptsList *create_opts = NULL;
Error *local_err = NULL;
bool image_opts = false;
-@@ -5014,6 +5015,7 @@ static int img_dd(int argc, char **argv)
+@@ -5025,6 +5026,7 @@ static int img_dd(int argc, char **argv)
int64_t size = 0, readsize = 0;
int64_t out_pos, in_pos;
bool force_share = false, skip_create = false;
@@ -65,7 +65,7 @@ index 289c78febb..da543d05cb 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -5051,7 +5053,7 @@ static int img_dd(int argc, char **argv)
+@@ -5062,7 +5064,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -74,7 +74,7 @@ index 289c78febb..da543d05cb 100644
if (c == EOF) {
break;
}
-@@ -5074,6 +5076,19 @@ static int img_dd(int argc, char **argv)
+@@ -5085,6 +5087,19 @@ static int img_dd(int argc, char **argv)
case 'n':
skip_create = true;
break;
@@ -94,7 +94,7 @@ index 289c78febb..da543d05cb 100644
case 'U':
force_share = true;
break;
-@@ -5133,11 +5148,24 @@ static int img_dd(int argc, char **argv)
+@@ -5144,11 +5159,24 @@ static int img_dd(int argc, char **argv)
if (dd.flags & C_IF) {
blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
force_share);
@@ -120,7 +120,7 @@ index 289c78febb..da543d05cb 100644
}
if (dd.flags & C_OSIZE) {
-@@ -5292,6 +5320,7 @@ static int img_dd(int argc, char **argv)
+@@ -5303,6 +5331,7 @@ static int img_dd(int argc, char **argv)
out:
g_free(arg);
qemu_opts_del(opts);
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index 976f73f..d80d1a1 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -800,10 +800,10 @@ index cda2effa81..94a58bb0bf 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index b56f6b2fb2..c8c78c92d4 100644
+index 8073f5edf5..dc1ececc9c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4479,6 +4479,18 @@ SRST
+@@ -4483,6 +4483,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@@ -823,7 +823,7 @@ index b56f6b2fb2..c8c78c92d4 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index b0b96f67fa..f3251de3e7 100644
+index c9e9ede237..3f2681aded 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -164,6 +164,7 @@ static const char *accelerators;
@@ -834,7 +834,7 @@ index b0b96f67fa..f3251de3e7 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static int display_remote;
-@@ -2643,6 +2644,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2647,6 +2648,12 @@ void qmp_x_exit_preconfig(Error **errp)
if (loadvm) {
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
@@ -847,7 +847,7 @@ index b0b96f67fa..f3251de3e7 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3190,6 +3197,9 @@ void qemu_init(int argc, char **argv)
+@@ -3194,6 +3201,9 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
diff --git a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
index 5327c11..fee97e0 100644
--- a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
+++ b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
@@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index c8c78c92d4..20ca2cdba7 100644
+index dc1ececc9c..848d2dfdd1 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1197,6 +1197,9 @@ legacy PC, they are not recommended for modern configurations.
@@ -28,10 +28,10 @@ index c8c78c92d4..20ca2cdba7 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index f3251de3e7..1b63ffd33d 100644
+index 3f2681aded..1a3b9cc4b8 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -2679,6 +2679,7 @@ void qemu_init(int argc, char **argv)
+@@ -2683,6 +2683,7 @@ void qemu_init(int argc, char **argv)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@@ -39,7 +39,7 @@ index f3251de3e7..1b63ffd33d 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3302,6 +3303,13 @@ void qemu_init(int argc, char **argv)
+@@ -3306,6 +3307,13 @@ void qemu_init(int argc, char **argv)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
diff --git a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
index 766c4f9..f48fe4f 100644
--- a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
+++ b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 0db366a851..46f1ee38ae 100644
+index ca551baa42..8b3b83e9d4 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2870,6 +2870,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2873,6 +2873,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@@ -24,7 +24,7 @@ index 0db366a851..46f1ee38ae 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2910,19 +2911,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2913,19 +2914,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@@ -59,7 +59,7 @@ index 0db366a851..46f1ee38ae 100644
}
/* Clear the file by truncating it to 0 */
-@@ -2976,13 +2980,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2979,13 +2983,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@@ -82,7 +82,7 @@ index 0db366a851..46f1ee38ae 100644
}
out_close:
-@@ -3006,6 +3012,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3009,6 +3015,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@@ -90,7 +90,7 @@ index 0db366a851..46f1ee38ae 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -3028,6 +3035,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3031,6 +3038,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
return -EINVAL;
}
@@ -109,7 +109,7 @@ index 0db366a851..46f1ee38ae 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -3039,6 +3058,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3042,6 +3061,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@@ -119,10 +119,10 @@ index 0db366a851..46f1ee38ae 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 903392cb8f..125aa89858 100644
+index a5cea82139..bb471c078d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4876,7 +4876,8 @@
+@@ -4880,7 +4880,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
diff --git a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
index e2f16af..e3c7ba1 100644
--- a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
+++ b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
@@ -18,10 +18,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index c15bf1e1fc..04fe25c62c 100644
+index 589c9524f8..2505dd658a 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
-@@ -553,8 +553,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
+@@ -536,8 +536,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
qemu_chr_fe_set_echo(&mon->common.chr, true);
/* Note: we run QMP monitor in I/O thread when @chr supports that */
diff --git a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
index 5ec00c1..27a801a 100644
--- a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
+++ b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
@@ -72,7 +72,7 @@ index fbb61f18e4..7da3c519ba 100644
##
# @query-machines:
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index 1b63ffd33d..20ba2c5c87 100644
+index 1a3b9cc4b8..e9b5f62cc3 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -1597,6 +1597,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
@@ -95,7 +95,7 @@ index 1b63ffd33d..20ba2c5c87 100644
g_slist_free(machines);
if (local_err) {
error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3244,12 +3250,31 @@ void qemu_init(int argc, char **argv)
+@@ -3248,12 +3254,31 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_machine:
{
bool help;
diff --git a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
index 3829068..2014c9c 100644
--- a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
@@ -1709,7 +1709,7 @@ index 0000000000..d84d807654
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 125aa89858..331c8336d1 100644
+index bb471c078d..1b8462a51b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -839,6 +839,235 @@
diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index 5657376..0927c4d 100644
--- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -403,7 +403,7 @@ index c3330310d9..cbfc9a43fb 100644
summary_info += {'libdaxctl support': libdaxctl}
summary_info += {'libudev': libudev}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 331c8336d1..a818d5f90f 100644
+index 1b8462a51b..d67a6d448a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3396,6 +3396,7 @@
@@ -432,7 +432,7 @@ index 331c8336d1..a818d5f90f 100644
##
# @BlockdevOptionsNVMe:
#
-@@ -4886,6 +4898,7 @@
+@@ -4890,6 +4902,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
diff --git a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index f6cd3c3..09c42e5 100644
--- a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -186,7 +186,7 @@ index d84d807654..9c8b88d075 100644
ret->pbs_masterkey = true;
ret->backup_max_workers = true;
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index a818d5f90f..48eb47c6ea 100644
+index d67a6d448a..09de550c95 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -991,6 +991,11 @@
diff --git a/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch b/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
index 0e43de5..851851f 100644
--- a/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
+++ b/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
@@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+)
diff --git a/block/io.c b/block/io.c
-index 055fcf7438..63f7b3ad3e 100644
+index 83d1b1dfdc..24a3c84c93 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1710,6 +1710,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
diff --git a/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch b/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch
index a7f6e4d..3fa7ef7 100644
--- a/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch
+++ b/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch
@@ -140,10 +140,10 @@ index 86c2256a2b..8423e0c9f9 100644
if (ret) {
return ret;
diff --git a/migration/ram.c b/migration/ram.c
-index 9040d66e61..01532c9fc9 100644
+index 6e1514f69f..6a1aec7031 100644
--- a/migration/ram.c
+++ b/migration/ram.c
-@@ -2895,8 +2895,16 @@ static void migration_bitmap_clear_discarded_pages(RAMState *rs)
+@@ -2896,8 +2896,16 @@ static void migration_bitmap_clear_discarded_pages(RAMState *rs)
static void ram_init_bitmaps(RAMState *rs)
{
@@ -162,7 +162,7 @@ index 9040d66e61..01532c9fc9 100644
qemu_mutex_lock_ramlist();
WITH_RCU_READ_LOCK_GUARD() {
-@@ -2908,7 +2916,9 @@ static void ram_init_bitmaps(RAMState *rs)
+@@ -2909,7 +2917,9 @@ static void ram_init_bitmaps(RAMState *rs)
}
}
qemu_mutex_unlock_ramlist();
@@ -174,7 +174,7 @@ index 9040d66e61..01532c9fc9 100644
/*
* After an eventual first bitmap sync, fixup the initial bitmap
diff --git a/migration/savevm.c b/migration/savevm.c
-index a2cb8855e2..ea8b30a630 100644
+index d60c4f487a..3c015722f7 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1625,10 +1625,8 @@ static int qemu_savevm_state(QEMUFile *f, Error **errp)
diff --git a/debian/patches/series b/debian/patches/series
index b3da8bb..c37e3b9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,13 +2,9 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-migration-block-dirty-bitmap-fix-loading-bitmap-when.patch
-extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
-extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch
-extra/0007-migration-states-workaround-snapshot-performance-reg.patch
-extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
-extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
-extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
-extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
+extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
+extra/0006-migration-states-workaround-snapshot-performance-reg.patch
+extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
diff --git a/qemu b/qemu
index 78385bc..20a1b34 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit 78385bc738108a9b5b20e639520dc60425ca2a5a
+Subproject commit 20a1b341a0af1fef84cec9e521d33da0e8d9ecf3
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard
2024-01-30 14:14 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Fiona Ebner
@ 2024-01-30 14:14 ` Fiona Ebner
2024-02-02 18:17 ` [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Fiona Ebner @ 2024-01-30 14:14 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...sgx_epc_get_section-stub-is-reachabl.patch | 34 ++++++++
...k-type-as-not-available-when-there-i.patch | 86 +++++++++++++++++++
debian/patches/series | 2 +
3 files changed, 122 insertions(+)
create mode 100644 debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
create mode 100644 debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
diff --git a/debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch b/debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
new file mode 100644
index 0000000..194635f
--- /dev/null
+++ b/debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 1 Feb 2022 20:09:41 +0100
+Subject: [PATCH] target/i386: the sgx_epc_get_section stub is reachable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
+should not assert, instead it should just return true just like
+the "real" sgx_epc_get_section does when SGX is disabled.
+
+Reported-by: Vladimír Beneš <vbenes@redhat.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-ID: <20220201190941.106001-1-pbonzini@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 219615740425d9683588207b40a365e6741691a6)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/i386/sgx-stub.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
+index 26833eb233..16b1dfd90b 100644
+--- a/hw/i386/sgx-stub.c
++++ b/hw/i386/sgx-stub.c
+@@ -34,5 +34,5 @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
+
+ bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
+ {
+- g_assert_not_reached();
++ return true;
+ }
diff --git a/debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch b/debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
new file mode 100644
index 0000000..4b09063
--- /dev/null
+++ b/debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
@@ -0,0 +1,86 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner@proxmox.com>
+Date: Wed, 24 Jan 2024 11:57:48 +0100
+Subject: [PATCH] ui/clipboard: mark type as not available when there is no
+ data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT
+message with len=0. In qemu_clipboard_set_data(), the clipboard info
+will be updated setting data to NULL (because g_memdup(data, size)
+returns NULL when size is 0). If the client does not set the
+VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then
+the 'request' callback for the clipboard peer is not initialized.
+Later, because data is NULL, qemu_clipboard_request() can be reached
+via vdagent_chr_write() and vdagent_clipboard_recv_request() and
+there, the clipboard owner's 'request' callback will be attempted to
+be called, but that is a NULL pointer.
+
+In particular, this can happen when using the KRDC (22.12.3) VNC
+client.
+
+Another scenario leading to the same issue is with two clients (say
+noVNC and KRDC):
+
+The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and
+initializes its cbpeer.
+
+The KRDC client does not, but triggers a vnc_client_cut_text() (note
+it's not the _ext variant)). There, a new clipboard info with it as
+the 'owner' is created and via qemu_clipboard_set_data() is called,
+which in turn calls qemu_clipboard_update() with that info.
+
+In qemu_clipboard_update(), the notifier for the noVNC client will be
+called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the
+noVNC client. The 'owner' in that clipboard info is the clipboard peer
+for the KRDC client, which did not initialize the 'request' function.
+That sounds correct to me, it is the owner of that clipboard info.
+
+Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set
+the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it
+passes), that clipboard info is passed to qemu_clipboard_request() and
+the original segfault still happens.
+
+Fix the issue by handling updates with size 0 differently. In
+particular, mark in the clipboard info that the type is not available.
+
+While at it, switch to g_memdup2(), because g_memdup() is deprecated.
+
+Cc: qemu-stable@nongnu.org
+Fixes: CVE-2023-6683
+Reported-by: Markus Frank <m.frank@proxmox.com>
+Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Tested-by: Markus Frank <m.frank@proxmox.com>
+(picked from https://lists.nongnu.org/archive/html/qemu-stable/2024-01/msg00228.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ ui/clipboard.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/ui/clipboard.c b/ui/clipboard.c
+index 3d14bffaf8..b3f6fa3c9e 100644
+--- a/ui/clipboard.c
++++ b/ui/clipboard.c
+@@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
+ }
+
+ g_free(info->types[type].data);
+- info->types[type].data = g_memdup(data, size);
+- info->types[type].size = size;
+- info->types[type].available = true;
++ if (size) {
++ info->types[type].data = g_memdup2(data, size);
++ info->types[type].size = size;
++ info->types[type].available = true;
++ } else {
++ info->types[type].data = NULL;
++ info->types[type].size = 0;
++ info->types[type].available = false;
++ }
+
+ if (update) {
+ qemu_clipboard_update(info);
diff --git a/debian/patches/series b/debian/patches/series
index c37e3b9..381ff8c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,6 +5,8 @@ extra/0004-migration-block-dirty-bitmap-fix-loading-bitmap-when.patch
extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
extra/0006-migration-states-workaround-snapshot-performance-reg.patch
extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
+extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5
2024-01-30 14:14 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Fiona Ebner
2024-01-30 14:14 ` [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard Fiona Ebner
@ 2024-02-02 18:17 ` Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2024-02-02 18:17 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 30/01/2024 um 15:14 schrieb Fiona Ebner:
> Most notable fixes from a Proxmox VE perspective are:
>
> * "virtio-net: correctly copy vnet header when flushing TX"
> To prevent a stack overflow that could lead to leaking parts of the
> QEMU process's memory.
> * "hw/pflash: implement update buffer for block writes"
> To prevent an edge case for half-completed writes. This potentially
> affected EFI disks.
> * Fixes to i386 emulation and ARM emulation.
>
> No changes for patches were necessary (all are just automatic context
> changes).
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> ...d-support-for-sync-bitmap-mode-never.patch | 2 +-
> ...race-with-clients-disconnecting-earl.patch | 10 +-
> ...ial-deadlock-when-draining-during-tr.patch | 2 +-
> ...-graph-lock-Disable-locking-for-now.patch} | 0
> ...cel-async-DMA-operation-before-reset.patch | 100 ----------------
> ...workaround-snapshot-performance-reg.patch} | 0
> ...orkaround-Windows-not-handling-name.patch} | 0
> ...w-ide-ahci-fix-legacy-software-reset.patch | 107 ------------------
> ...-ui-vnc-clipboard-fix-inflate_buffer.patch | 34 ------
> ...oContext-locking-in-qmp_block_resize.patch | 36 ------
> ...k-file-change-locking-default-to-off.patch | 6 +-
> ...djust-network-script-path-to-etc-kvm.patch | 4 +-
> ...he-CPU-model-to-kvm64-32-instead-of-.patch | 2 +-
> ...return-success-on-info-without-snaps.patch | 2 +-
> ...dd-add-osize-and-read-from-to-stdin-.patch | 12 +-
> ...E-Up-qemu-img-dd-add-isize-parameter.patch | 14 +--
> ...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 10 +-
> ...-add-l-option-for-loading-a-snapshot.patch | 14 +--
> ...async-for-background-state-snapshots.patch | 10 +-
> ...-Add-dummy-id-command-line-parameter.patch | 8 +-
> ...le-posix-make-locking-optiono-on-cre.patch | 18 +--
> ...3-PVE-monitor-disable-oob-capability.patch | 4 +-
> ...E-Allow-version-code-in-machine-type.patch | 4 +-
> ...ckup-Proxmox-backup-patches-for-QEMU.patch | 2 +-
> ...k-driver-to-map-backup-archives-into.patch | 4 +-
> ...igrate-dirty-bitmap-state-via-savevm.patch | 2 +-
> ...accept-NULL-qiov-in-bdrv_pad_request.patch | 2 +-
> ...apshots-hold-the-BQL-during-setup-ca.patch | 8 +-
> debian/patches/series | 10 +-
> qemu | 2 +-
> 30 files changed, 74 insertions(+), 355 deletions(-)
> rename debian/patches/extra/{0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch => 0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch} (100%)
> delete mode 100644 debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
> rename debian/patches/extra/{0007-migration-states-workaround-snapshot-performance-reg.patch => 0006-migration-states-workaround-snapshot-performance-reg.patch} (100%)
> rename debian/patches/extra/{0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch => 0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch} (100%)
> delete mode 100644 debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
> delete mode 100644 debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
> delete mode 100644 debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
>
>
applied series, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-02 18:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-30 14:14 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Fiona Ebner
2024-01-30 14:14 ` [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard Fiona Ebner
2024-02-02 18:17 ` [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal